[House Report 113-275] [From the U.S. Government Publishing Office] 113th Congress Report HOUSE OF REPRESENTATIVES 1st Session 113-275 ====================================================================== TRANSPORTATION SECURITY ACQUISITION REFORM ACT _______ November 21, 2013.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. McCaul, from the Committee on Homeland Security, submitted the following R E P O R T [To accompany H.R. 2719] [Including cost estimate of the Congressional Budget Office] The Committee on Homeland Security, to whom was referred the bill (H.R. 2719) to require the Transportation Security Administration to implement best practices and improve transparency with regard to technology acquisition programs, and for other purposes, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page Purpose and Summary.............................................. 6 Background and Need for Legislation.............................. 6 Hearings......................................................... 8 Committee Consideration.......................................... 9 Committee Votes.................................................. 12 Committee Oversight Findings..................................... 12 New Budget Authority, Entitlement Authority, and Tax Expenditures 12 Congressional Budget Office Estimate............................. 12 Statement of General Performance Goals and Objectives............ 13 Duplicative Federal Programs..................................... 13 Congressional Earmarks, Limited Tax Benefits, and Limited Tariff Benefits....................................................... 13 Federal Mandates Statement....................................... 14 Preemption Clarification......................................... 14 Disclosure of Directed Rule Makings.............................. 14 Advisory Committee Statement..................................... 14 Applicability to Legislative Branch.............................. 14 Section-by-Section Analysis of the Legislation................... 14 Changes in Existing Law Made by the Bill, as Reported............ 29 The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``Transportation Security Acquisition Reform Act''. SEC. 2. FINDINGS. Congress finds the following: (1) The Transportation Security Administration (in this Act referred to as ``TSA'') does not consistently implement Department of Homeland Security policies and Government best practices for acquisition and procurement. (2) TSA has not developed a multiyear technology investment plan. As a result, TSA has underutilized innovation opportunities within the private sector, including from small businesses. (3) Due in part to the deficiencies referred to in paragraphs (1) and (2), TSA has faced challenges in meeting key performance requirements for several major acquisitions and procurements, resulting in reduced security effectiveness and wasted expenditures. SEC. 3. TRANSPORTATION SECURITY ADMINISTRATION ACQUISITION REFORM. (a) In General.--Title XVI of the Homeland Security Act of 2002 (116 Stat. 2312) is amended to read as follows: ``TITLE XVI--TRANSPORTATION SECURITY ``Subtitle A--General Provisions ``SEC. 1601. DEFINITIONS. ``In this title: ``(1) Administration.--The term `Administration' means the Transportation Security Administration. ``(2) Administrator.--The term `Administrator' means the Administrator of the Transportation Security Administration. ``(3) Security-related technology.--The term `security- related technology' means any technology that assists the Administration in the prevention of, or defense against, threats to United States transportation systems, including threats to people, property, and information. ``Subtitle B--Transportation Security Administration Acquisition Improvements ``SEC. 1611. MULTIYEAR TECHNOLOGY INVESTMENT PLAN. ``(a) In General.--The Administrator-- ``(1) not later than 180 days after the date of enactment of the Transportation Security Acquisition Reform Act, shall develop and transmit to Congress a strategic multiyear technology investment plan, which may include a classified addendum to report sensitive transportation security risks, technology vulnerabilities, or other sensitive security information; and ``(2) to the extent possible, shall publish such plan in an unclassified format within the public domain. ``(b) Consultation.--The Administrator shall develop the multiyear technology investment plan in consultation with the Under Secretary for Management, the Chief Information Officer, and the Under Secretary for Science and Technology. ``(c) Approval.--The Secretary must have approved the multiyear technology investment plan before it is published under subsection (a)(2). ``(d) Contents of Plan.--The multiyear technology investment plan shall include the following: ``(1) An analysis of transportation security risks and the associated technology gaps, including consideration of the most recent Quadrennial Homeland Security Review under section 707. ``(2) A set of transportation security-related technology acquisition needs that-- ``(A) is prioritized based on risk and gaps identified under paragraph (1); and ``(B) includes planned technology programs and projects with defined objectives, goals, and measures. ``(3) An analysis of current trends in domestic and international passenger travel. ``(4) An identification of currently deployed security- related technologies that are at or near the end of their lifecycle. ``(5) An identification of test, evaluation, modeling, and simulation capabilities that will be required to support the acquisition of the security-related technologies to meet those needs. ``(6) An identification of opportunities for public-private partnerships, small and disadvantaged company participation, intragovernment collaboration, university centers of excellence, and national laboratory technology transfer. ``(7) An identification of the Administration's acquisition workforce needs that will be required for the management of planned security-related technology acquisitions, including consideration of leveraging acquisition expertise of other Federal agencies. ``(8) An identification of the security resources, including information security resources, that will be required to protect security-related technology from physical or cyber theft, diversion, sabotage, or attack. ``(9) An identification of initiatives to streamline the Administration's acquisition process and provide greater predictability and clarity to small, medium, and large businesses, including the timeline for testing and evaluation. ``(e) Leveraging the Private Sector.--To the extent possible, and in a manner that is consistent with fair and equitable practices, the plan shall-- ``(1) leverage emerging technology trends and research and development investment trends within the public and private sectors; ``(2) incorporate feedback and input received from the private sector through requests for information, industry days, and other innovative means consistent with the Federal Acquisition Regulation; and ``(3) leverage market research conducted by the Under Secretary for Science and Technology to identify technologies that exist or are in development that, with or without adaptation, could be utilized to meet mission needs. ``(f) Disclosure.--The Administrator shall include with the plan required under this section a list of any nongovernment persons that contributed to the writing of the plan. ``(g) Update and Report.--Once every 2 years after the initial strategic plan is transmitted to Congress, the Administrator shall transmit to Congress an update of the plan and a report on the extent to which each security-related technology acquired by the Administration since the last issuance or update of the plan is consistent with the planned technology programs and projects identified under subsection (d)(2) for that technology. ``SEC. 1612. ACQUISITION JUSTIFICATION AND REPORTS. ``(a) Acquisition Justification.--Before the Administration implements any security-related technology acquisition, the Administrator shall, in accordance with the Department's policies and directives, conduct a comprehensive analysis to determine whether the acquisition is justified. The analysis shall include, but may not be limited to, the following: ``(1) An identification of the type and level of risk to transportation security that would be addressed by such technology acquisition. ``(2) An assessment of how the proposed acquisition aligns to the multiyear technology investment plan developed under section 1611. ``(3) A comparison of the total expected lifecycle cost against the total expected quantitative and qualitative benefits to transportation security. ``(4) An analysis of alternative security solutions to determine if the proposed technology acquisition is the most effective and cost-efficient solution based on cost-benefit considerations. ``(5) An evaluation of the privacy and civil liberties implications of the proposed acquisition, and a determination that the proposed acquisition is consistent with fair information practice principles issued by the Privacy Officer of the Department. To the extent practicable, the evaluation shall include consultation with organizations that advocate for the protection of privacy and civil liberties. ``(6) Confirmation that there are no significant risks to human health and safety posed by the proposed acquisition. ``(b) Reports and Certification to Congress.-- ``(1) In general.--Not later than the end of the 30-day period preceding the award by the Administration of a contract for any security-related technology acquisition exceeding $30,000,000, the Administrator shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate the results of the comprehensive acquisition analysis required under this section and a certification by the Administrator that the security benefits justify the contract cost. ``(2) Extension due to imminent terrorist threat.--If there is a known or suspected imminent threat to transportation security, the Administrator may reduce the 30-day period under paragraph (1) to 5 days in order to rapidly respond. ``(3) Notice to congress.--The Administrator shall provide immediate notice of such imminent threat to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate. ``SEC. 1613. ACQUISITION BASELINE ESTABLISHMENT AND REPORTS. ``(a) Baseline Requirements.-- ``(1) In general.--Before the Administration implements any security-related technology acquisition, the appropriate acquisition official of the Department shall establish and document a set of formal baseline requirements. ``(2) Contents.--The baseline requirements shall-- ``(A) include the estimated costs (including lifecycle costs), schedule, and performance milestones for the planned duration of the acquisition; and ``(B) identify the acquisition risks and a plan for mitigating these risks. ``(3) Feasibility.--In establishing the performance milestones under paragraph (2), the appropriate acquisition official of the Department shall, to the extent possible and in consultation with the Under Secretary for Science and Technology, ensure that achieving these milestones is technologically feasible. ``(4) Test and evaluation plan.--The Administrator, in consultation with the Under Secretary for Science and Technology, shall develop a test and evaluation plan that, at a minimum, describes-- ``(A) the activities that will be required to assess acquired technologies against the performance milestones established under paragraph (2); ``(B) the necessary and cost-effective combination of laboratory testing, field testing, modeling, simulation, and supporting analysis to ensure that such technologies meet the Administration's mission needs; and ``(C) an efficient schedule to ensure that test and evaluation activities are completed without undue delay. ``(5) Verification and validation.--The appropriate acquisition official of the Department-- ``(A) subject to subparagraph (B), shall utilize independent reviewers to verify and validate the performance milestones and cost estimates developed under paragraph (2) for a security-related technology that pursuant to section 1611(d)(2) has been identified as a high priority need in the most recent multiyear technology investment plan; and ``(B) shall ensure that the utilization of independent reviewers does not unduly delay the schedule of any acquisition. ``(6) Streamlining access for interested vendors.--The Administrator shall establish a streamlined process for an interested vendor of a security-related technology to request and receive appropriate access to the baseline requirements and test and evaluation plans that are necessary for the vendor to participate in the acquisitions process for such technology. ``(b) Review of Baseline Requirements and Deviation; Report to Congress.-- ``(1) Review.-- ``(A) In general.--The appropriate acquisition official of the Department shall review and assess each implemented acquisition to determine if the acquisition is meeting the baseline requirements established under subsection (a). ``(B) Test and evaluation assessment.--The review shall include an assessment of whether the planned testing and evaluation activities have been completed and the results of such testing and evaluation demonstrate that the performance milestones are technologically feasible. ``(2) Report.-- ``(A) In general.--The Administrator shall report to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate the results of any assessment that finds that-- ``(i) the actual or planned costs exceed the baseline costs by more than 10 percent; ``(ii) the actual or planned schedule for delivery has been delayed by more than 180 days; or ``(iii) there is a failure to meet any performance milestone that directly impacts security effectiveness. ``(B) Cause.--The report shall include the cause for such excessive costs, delay, or failure, and a plan for corrective action. ``(C) Timeliness.--The report required under this section shall be provided to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate no later than 30 days after identifying such excessive costs, delay, or failure. ``SEC. 1614. INVENTORY UTILIZATION. ``(a) In General.--Before the procurement of additional quantities of equipment to fulfill a mission need, the Administrator shall, to the extent practicable, utilize any existing units in the Administration's inventory to meet that need. ``(b) Tracking of Inventory.-- ``(1) Location.--The Administrator shall establish a process for tracking the location of security-related equipment in such inventory. ``(2) Utilization.--The Administrator shall-- ``(A) establish a process for tracking the utilization status of security-related technology in such inventory; and ``(B) implement internal controls to ensure accurate data on security-related technology utilization. ``(3) Quantity.--The Administrator shall establish a process for tracking the quantity of security-related equipment in such inventory. ``(c) Logistics Management.-- ``(1) In general.--The Administrator shall establish logistics principles for managing inventory in an effective and efficient manner. ``(2) Limitation on just-in-time logistics.--The Administrator may not use just-in-time logistics if doing so would-- ``(A) inhibit necessary planning for large-scale delivery of equipment to airports or other facilities; or ``(B) unduly diminish surge capacity for response to a terrorist threat. ``SEC. 1615. SMALL BUSINESS CONTRACTING GOALS. ``Not later than 90 days after the date of enactment of the Transportation Security Acquisition Reform Act, and annually thereafter, the Administrator shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report that includes the following: ``(1) A restatement of the Administration's published goals for contracting with small businesses, including small and disadvantaged businesses, and the Administration's performance record with respect to meeting those goals during the preceding fiscal year. ``(2) If such goals were not met, or the Administration's performance was below the published goals of the Department, an itemized list of challenges, including deviations from the Administration's subcontracting plans and the extent to which contract bundling was a factor, that contributed to the level of performance during the preceding fiscal year. ``(3) An action plan, with benchmarks, for addressing each of the challenges identified in paragraph (2), prepared after consultation with the Secretary of Defense and the heads of Federal departments and agencies that achieved their published goals for prime contracting with small and minority owned businesses, including small and disadvantaged businesses, in prior fiscal years, to identify policies and procedures that could be incorporated at the Administration in furtherance of achieving the Administration's published goal for such contracting. ``(4) The status of implementing such action plan that was developed in the preceding fiscal year in accordance with paragraph (3). ``SEC. 1616. CONSISTENCY WITH THE FEDERAL ACQUISITION REGULATION AND DEPARTMENTAL POLICIES AND DIRECTIVES. ``The Administrator shall execute responsibilities set forth in this subtitle in a manner consistent with, and not duplicative of, the Federal Acquisition Regulation and the Department's policies and directives.''. (b) Clerical Amendment.--The table of contents in section 1(b) of such Act is amended by striking the items relating to title XVI and inserting the following: ``TITLE XVI--TRANSPORTATION SECURITY ``Subtitle A--General Provisions ``Sec. 1601. Definitions. ``Subtitle B--Transportation Security Administration Acquisition Improvements ``Sec. 1611. Multiyear technology investment plan. ``Sec. 1612. Acquisition justification and reports. ``Sec. 1613. Acquisition baseline establishment and reports. ``Sec. 1614. Inventory utilization. ``Sec. 1615. Small business contracting goals. ``Sec. 1616. Consistency with the Federal Acquisition Regulation and departmental policies and directives.''. (c) Prior Amendments Not Affected.--This section shall not be construed to affect any amendment made by title XVI of such Act as in effect before the date of enactment of this Act. SEC. 4. GOVERNMENT ACCOUNTABILITY OFFICE REPORTS. (a) Implementation of Previous Recommendations.--Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall assess and report to Congress on implementation by the Transportation Security Administration of recommendations regarding the acquisition of technology that were made by the Government Accountability Office before the date of enactment of this Act. (b) Implementation of Subtitle B of Title XVI.--Not later than 1 year after the date of enactment of this Act and 3 years thereafter, the Comptroller General of the United States shall evaluate and report to Congress the Transportation Security Administration's progress in implementing subtitle B of title XVI of the Homeland Security Act of 2002 (116 Stat. 2312), as amended by this Act (including provisions added to such subtitle after the date of enactment of this Act), including any efficiencies, cost savings, or delays that have resulted from such implementation. SEC. 5. REPORT ON FEASIBILITY OF INVENTORY TRACKING. Not later than 90 days after the date of enactment of this Act, the Administrator of the Transportation Security Administration shall report to Congress on the feasibility of tracking transportation security-related technology of the Administration through automated information and data capture technologies. SEC. 6. GOVERNMENT ACCOUNTABILITY OFFICE REVIEW OF TSA'S TEST AND EVALUATION PROCESS. Not later than 1 year after the date of the enactment of this Act, the Comptroller General of the United States shall evaluate and report to Congress on the Transportation Security Administration's testing and evaluation activities related to security-related technologies. The report shall include-- (1) information on the extent to which -- (A) the execution of such testing and evaluation activities is aligned, temporally and otherwise, with the Administration's acquisition needs, planned procurements, and acquistions for technology programs and projects; and (B) the extent to which security-related technologies that have been tested, evaluated, and certified for use by the Administration are not procured by the Administration, including information about why that occurs; and (2) recommendations to-- (A) improve the efficiency and efficacy of such testing and evaluation activities; and (B) better align such testing and evaluation with the acquisitions process. SEC. 7. NO ADDITIONAL AUTHORIZATION OF APPROPRIATIONS. No additional funds are authorized to be appropriated to carry out this Act and the amendments made by this Act, and this Act and such amendments shall be carried out using amounts otherwise available for such purpose. Purpose and Summary The purpose of H.R. 2719 is to require the Transportation Security Administration to implement best practices and improve transparency with regard to technology acquisition programs, and for other purposes. Background and Need for Legislation The Department of Homeland Security (DHS), through the Transportation Security Administration (TSA), is responsible for the prevention of, and defense against threats to United States transportation systems. Such threats come in many forms and include threats to people, property, and information. The events of September 11, 2001 demonstrated that malevolent actions against U.S. transportation systems can have profound impacts on national security and economic vitality. It is therefore critical that TSA provide comprehensive, effective, and efficient security measures to address a broad spectrum of evolving threats. The Committee believes that this set of transportation security measures needs to be risked-based and implemented in a systematic, layered approach. Such a systematic approach includes the appropriate combination of security personnel, defensive barriers, and security-related technologies. The focus of this legislation is to provide a legislative framework for TSA's acquisition of security-related technologies in the context of systematic risk-based security. The TSA expends significant funds each year developing, purchasing, and maintaining transportation security-related technologies. For example, in Fiscal Year 2012, TSA spent more than $550 million on its explosives detection screening technologies and held over $3 billion in equipment inventories, deployed across all major U.S. airports and multiple storage locations. Due to the high cost of security technologies, and because they are an integral part of the traveling public's experience at checkpoints, much study has been devoted to this equipment and how it is deployed. Since being established, the Committee on Homeland Security has conducted extensive oversight on TSA acquisition challenges and received testimony and numerous briefings from TSA, DHS, the Government Accountability Office (GAO), the DHS Inspector General (DHS IG), and the private sector. Both GAO and DHS IG have reported that TSA is not effectively implementing Government best practices and DHS policy for acquiring new security capabilities. This has resulted in acquisitions that have failed to meet security performance objectives and/or wasted Federal funds. Additionally, the private sector has criticized TSA for failing to accurately communicate technology needs and long-term investment plans, making it difficult for industry to plan ahead and invest in the next generation of security- related technologies. H.R. 2719, the Transportation Security Acquisition Reform Act, is bipartisan legislation developed from valuable input from stakeholders and subject matter experts across Government and industry. The Act introduces greater transparency and accountability for TSA spending decisions through a series of legislated reforms. The Act formally documents Congressional findings resulting from the Committee's extensive oversight on this topic. Furthermore, the Act codifies acquisition best- practices that the Committee believes will result in more effective and efficient security-related technology acquisitions at TSA. The Act, which amends the Homeland Security Act of 2002 (Pub. L. 107-296), requires TSA to develop and share with the public, for the first time, a strategic, multi-year technology investment plan. The Act also requires TSA to share key information with Congress on technology acquisitions, including cost overruns, delays, or technical failures. Furthermore, the Act establishes principles for managing equipment in inventory to eliminate expensive storage of unusable or outdated technologies. Finally, in response to TSAs persistent failure to meet its small business contracting goals, the Act requires TSA to report on its goals for contracting with small businesses and directs the administration to consult with the Department of Defense and other agencies that meet their small business contracting goals. To inform continuing Congressional oversight, the Act requires that the Government Accountability Office conduct an initial and follow-on assessment of TSA's implementation of the provisions of this legislation. The Committee has received letters of support for H.R. 2719 from: The U.S. Travel Association; Airports Council International-North America; the Security Industry Manufacturers Coalition; the General Aviation Manufacturers Association; and the Security Industry Association. Hearings No hearings were held on H.R. 2719. However, the Committee held oversight hearings relating to programs contained within H.R. 2719, these hearings are listed below. 112th Congress On September 22, 2011, the Subcommittee on Transportation Security held a hearing entitled ``TSA Reform: Exploring Innovations in Technology Procurement to Stimulate Job Growth.'' The Subcommittee received testimony from Ms. Elaine C. Duke, President, Elaine Duke & Associates, LLC; Mr. Michael P. Jackson, President, Firebreak Partners, LLC; and Mr. Stephen M. Lord, Director, Homeland Security and Justice Issues, Government Accountability Office. On October 13, 2011, the Subcommittee on Transportation Security continued its hearing from September, receiving testimony from Mr. Marc A. Pearl, President and CEO, Homeland Security and Defense Business Council; Mr. Scott Boylan, Vice President and General Counsel, Safran Morpho Detection; and Mr. Guy Ben-Ari, Deputy Director, Defense-Industrial Initiatives Group, Fellow, International Security Program, Center for Strategic and International Studies. On November 3, 2011, the Subcommittee on Transportation Security held a hearing entitled ``TSA Reform: Exploring Innovations in Technology Procurement to Stimulate Job Growth, Part III.'' The Subcommittee received testimony from Dr. Nick Nayak, Chief Procurement Officer, Department of Homeland Security; Mr. Robin E. Kane, Assistant Administrator, Security Technology, Transportation Security Administration, Department of Homeland Security; Mr. Paul Benda, Chief of Staff, Director, Homeland Security Advanced Research Projects Agency, Department of Homeland Security, accompanied by Dr. Susan Hallowell, Director, Transportation Security Laboratory; and Mr. Charles K. Edwards, Acting Inspector General, Department of Homeland Security. On December 8, 2011, the Subcommittee on Transportation Security held a hearing entitled ``A Review of Passenger Screening Technology at U.S. Airports.'' The Subcommittee received testimony from Hon. John S. Pistole, Administrator, Transportation Security Administration, U.S. Department of Homeland Security; Ms. Gale D. Rossides, Deputy Administrator, Transportation Security Administration, U.S. Department of Homeland Security; Mr. Robin E. Kane, Assistant Administrator for Security Technology, Transportation Security Administration, U.S. Department of Homeland Security; Hon. Caryn Wagner, Under Secretary, Office of Intelligence and Analysis, U.S. Department of Homeland Security; Dr. Tara O'Toole, Under Secretary, Science and Technology Directorate, U.S. Department of Homeland Security; Dr. Cedric Sims, Executive Director, Office of Program Accountability and Risk Management, Management Directorate, Department of Homeland Security; Mr. Charles K. Edwards, Acting Inspector General, Office of Inspector General, U.S. Department of Homeland Security; Ms. Anne Richards, Assistant Inspector General for Audits, Office of Inspector General, U.S. Department of Homeland Security; and Mr. Stephen M. Lord, Director, Homeland Security and Justice Issues, Government Accountability Office. On June 19, 2012, the Subcommittee on Transportation Security held a hearing entitled, ``Is TSA's Planned Purchase of CAT/BPSS a Wise Use of Taxpayer Dollars?'' The Subcommittee received testimony from Mr. Kelly Hoggan, Assistant Administrator, Office of Security Capabilities, Transportation Security Administration and Mr. Steven M. Lord, Director, Homeland Security and Justice Issues, Government Accountability Office. On November 15, 2012, the Subcommittee on Transportation Security held a hearing entitled ``TSA's Recent Scanner Shuffle: Real Strategy or Wasteful Smokescreen?'' The Subcommittee received testimony from Mr. Jonathan Cantor, Acting Chief Privacy Officer, U.S. Department of Homeland Security; and Mr. John Sanders, Assistant Administrator, Office of Security Capabilities, Transportation Security Administration, Department of Homeland Security. 113th Congress The Subcommittee on Transportation Security held a hearing on May 8, 2013, entitled ``TSA Procurement Reform: Saving Taxpayer Dollars Through Smarter Spending Practices.'' The Subcommittee received testimony from Ms. Karen Shelton Waters, Assistant Administrator, Office of Acquisition, Transportation Security Administration, U.S. Department of Homeland Security; Mr. Paul Benda, Director, Advanced Research Projects Agency, Science & Technology Directorate, U.S. Department of Homeland Security; Mr. Stephen M. Lord, Director, Forensic Audits and Investigative Services, U.S. Government Accountability Office; and Mr. Charles K. Edwards, Deputy Inspector General, U.S. Department of Homeland Security. The Subcommittee on Transportation Security held a hearing on July 17, 2013, entitled ``Stakeholder Perspectives on TSA Acquisition Reform.'' The Subcommittee received testimony from Mr. Marc Pearl, President & CEO, Homeland Security & Defense Business Council; Ms. Shene Commodore, Government Contracts & Business Manager, Intertek, testifying on behalf of the Security Industry Association; and Mr. Dolan P. Falconer, Jr., Co-Founder, Chairman & General Manager, Scan Tech Holdings. Committee Consideration The Committee on Homeland Security met on October 29, 2013, to consider H.R. 2719, and ordered the measure to be reported to the House with a favorable recommendation, amended, by voice vote. The Committee took the following actions: The following amendments were offered: An Amendment in the Nature of a Substitute to H.R. 2719 offered by Mr. Hudson (#1); was AGREED TO, as amended, by voice vote. A unanimous consent request by Mr. McCaul to consider the Amendment in the Nature of a Substitute as base text for purposes of amendment was not objected to. An amendment to the Amendment in the Nature of a Substitute to H.R. 2719 offered by Ms. Loretta Sanchez of California (#1A); was AGREED TO by voice vote. Page 14, line 18, before the period insert the following: ``, prepared after consultation with the Secretary of Defense and the heads of Federal departments and agencies that achieved their published goals for prime contracting with small and minority owned businesses, including small and disadvantaged businesses, in prior fiscal years, to identify policies and procedures that could be incorporated at the Administration in furtherance of achieving the Administration's published goal for such contracting''. An amendment to the Amendment in the Nature of a Substitute to H.R. 2719 offered by Mr. Chaffetz (#1B); was AGREED TO by voice vote. Page 7, after line 23, insert the following: ``(6) Confirmation that there are no significant risks to human health and safety posed by the proposed acquisition. An en bloc amendment to the Amendment in the Nature of a Substitute to H.R. 2719 offered by Ms. Jackson Lee (#1C); was AGREED TO by voice vote. Consisting of the following amendments: Page 7, line 23, after the period insert ``To the extent practicable, the evaluation shall include consultation with organizations that advocate for the protection of privacy and civil liberties.''. Page 15, line 15, in the section heading strike ``Report'' and insert ``Reports''. Page 15, after line 15, insert a new subsection entitled ``(a) Implementation of Previous Recommendations.'' Page 16, after line 5, insert a new section entitled ``Sec. _. Report on Feasibility of Inventory Tracking.'' An en bloc amendment to the Amendment in the Nature of a Substitute to H.R. 2719 offered by Mr. Richmond (#1D); was AGREED TO by voice vote. Consisting of the following amendments: Page 13, strike lines 7 through 10 and insert a new subsection entitled ``(b) Tracking of Inventory.''; Page 16, after line 5, insert a new section entitled ``Sec. _. Government Accountability Office Review of TSA's Test and Evaluation Process.'' An amendment to the Amendment in the Nature of a Substitute to H.R. 2719 offered by Mr. Barber (#1E); was AGREED TO by voice vote. Page 16, line 5, before the period insert the following: ``, including any efficiencies, cost savings, or delays that have resulted from such implementation''. An amendment to the Amendment in the Nature of a Substitute to H.R. 2719 offered by Mr. O'Rourke (#1F); was AGREED TO by voice vote. Page 14, line 14 after ``challenges'' insert `` , including deviations from the Administration's subcontracting plans and the extent to which contract bundling was a factor.''. Subcommittee Consideration The Subcommittee on Transportation Security met on July 24, 2013, to consider H.R. 2719, and ordered the measure to be forwarded to the Full Committee with a favorable recommendation, amended, by voice vote. The Subcommittee took the following actions: The following amendments were offered: An Amendment in the Nature of a Substitute offered by Mr. Hudson (#1); was AGREED TO by voice vote. A unanimous consent request by Mr. Hudson to consider the Amendment in the Nature of a Substitute as base text for purposes of amendment was not objected to. An en bloc amendment to the Amendment in the Nature of a Substitute offered by Mr. Richmond (#1A); was AGREED TO by voice vote. Consisting of the following amendments: Page 5, strike ``and'' after the first semicolon at line 3, strike the period at line 7 and insert ``; and'', and after line 7 insert the following: ``(3) leverage market research conducted by the Under Secretary for Science and Technology to identify technologies that exist or are in development that, with or without adaptation, could be utilized to meet mission needs.'' Page 9, after line 2, insert a new paragraph entitled ``(6) Streamlining Access For Interested Vendors.'' An amendment to the Amendment in the Nature of a Substitute offered by Mrs. Brooks of Indiana (#1B); was AGREED TO by voice vote. Page 4, after line 5, insert the following (and redesignate the subsequent paragraphs accordingly): ``(3) An analysis of current trends in domestic and international passenger travel. (4) An identification of currently deployed security-related technologies that are at or near the end of their lifecycle. An en bloc amendment to the Amendment in the Nature of a Substitute offered by Mr. Swalwell of California (#1C); was AGREED TO by voice vote. Consisting of the following amendments: Page 4, after line 20, insert the following: ``(6) An identification of the security resources, including information security resources, that will be required to protect security-related technology from physical of cyber thefts, diversion, sabotage, or attack.'' A unanimous consent request by Mr. Richmond to consider and adopt the following amendments was not objected to. An amendment to the Amendment in the Nature of a Substitute filed for consideration on the amendment roster by Ms. Jackson Lee (#1D); was ADOPTED by a unanimous consent request by Mr. Richmond. Page 5, line 12, after ``Update' insert ``and Airport''. Page 5 line 14, before the period insert ``and a report on the extent to which each security-related technology acquired by the Administration since the last issuance or update of the plan is consistent with the acquisition roadmap required under subsection (d)(2) for that technology''. An amendment to the Amendment in the Nature of a Substitute filed for consideration on the amendment roster by Ms. Jackson Lee (#1E); was ADOPTED by a unanimous consent request by Mr. Richmond. Page 6, beginning at line 11, strike ``A determination that the means of achieving such expected benefit to transportation security'' and insert ``An evaluation of the privacy and civil liberties implications of the proposed acquisition, and a determination that the proposed acquisition''. An amendment to the Amendment in the Nature of a Substitute filed for consideration on the amendment roster by Ms. Jackson Lee (#1F); was ADOPTED by a unanimous consent request by Mr. Richmond. Page 8, beginning at line 23, strike paragraph (5) and insert a new paragraph entitled ``(5) Verification and Validation.'' Committee Votes Clause 3(b) of rule XIII of the Rules of the House of Representatives requires the Committee to list the recorded votes on the motion to report legislation and amendments thereto. No recorded votes were requested during Committee consideration. Committee Oversight Findings Pursuant to clause 3(c)(1) of rule XIII of the Rules of the House of Representatives, the Committee has held oversight hearings and made findings that are reflected in this report. New Budget Authority, Entitlement Authority, and Tax Expenditures In compliance with clause 3(c)(2) of rule XIII of the Rules of the House of Representatives, the Committee finds that H.R. 2719, the Transportation Security Acquisition Reform Act, would result in no new or increased budget authority, entitlement authority, or tax expenditures or revenues. Congressional Budget Office Estimate The Committee adopts as its own the cost estimate prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974. November 21, 2013. Hon. Michael McCaul, Chairman, Committee on Homeland Security, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 2719, the Transportation Security Acquisition Reform Act. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Megan Carroll. Sincerely, Douglas W. Elmendorf. Enclosure. H.R. 2719--Transportation Security Acquisition Reform Act Based on information from the Department of Homeland Security (DHS) and the Government Accountability Office (GAO), CBO estimates that implementing H.R. 2719 would have no significant cost. Enacting H.R. 2719 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply. H.R. 2719 would specify procedures for the Transportation Security Administration (TSA) to follow when planning, making, and evaluating acquisitions of security-related technology. The bill would require the agency to develop a multiyear investment plan to be transmitted to the Congress and updated every two years. The bill also would specify analyses and reports that TSA must complete to justify certain investments, evaluate the performance of technology acquired under the bill, and enhance its capacity to monitor and utilize existing inventories of security-related equipment. In addition, H.R. 2719 would direct GAO to review and report on issues related to TSA's policies for procuring security-related technology. According to DHS, the bill's requirements are largely consistent with existing DHS procurement policies that already apply to TSA. The legislation would not affect TSA's underlying mission or responsibilities, and CBO estimates that meeting new procedural requirements specified by H.R. 2719 would not impose any new significant costs on the agency. We also estimate that any increased costs to GAO to complete reports required under H.R. 2719 would be negligible, assuming the availability of appropriated funds. H.R. 2719 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would not affect the budgets of state, local, or tribal governments. The CBO staff contact for this estimate is Megan Carroll. This estimate was approved by Theresa Gullo, Deputy Assistant Director for Budget Analysis. Statement of General Performance Goals and Objectives Pursuant to clause 3(c)(4) of rule XIII of the Rules of the House of Representatives, H.R. 2719 contains the following general performance goals, and objectives, including outcome related goals and objectives authorized. The performance goals and objectives of H.R. 2719 are based on the development of a strategic multi-year technology investment plan to aid in the prevention of, and defense against threats to U.S. transportation systems. Upon establishing the multi-year investment plan, H.R. 2719 then requires TSA to make an objective and measurable determination that planned security-related technology acquisitions are appropriately justified. Once a specific technology acquisition has been appropriately justified, H.R. 2719 requires that TSA establish baseline goals and objectives, including the establishment of cost, schedule, and performance requirements of the acquisition. During acquisition of a justified security- related technology, H.R. 2719 requires the Department to track and measure actual progress against the baseline goals and objectives, and report and respond to significant deviations. H.R. 2719 furthermore requires TSA to establish goals and objectives for inventory management and small business contracting. The reports to Congress from DHS, TSA, and GAO that are required by this Act will allow the Congress to hold the Department accountable for the success or failure of transportation security-related technology acquisitions. Duplicative Federal Programs The Committee finds that H.R. 2719 does not contain any provision that establishes or reauthorizes a program known to be duplicative of another Federal program. Congressional Earmarks, Limited Tax Benefits, and Limited Tariff Benefits In compliance with rule XXI of the Rules of the House of Representatives, this bill, as reported, contains no Congressional earmarks, limited tax benefits, or limited tariff benefits as defined in clause 9(e), 9(f), or 9(g) of rule XXI. Federal Mandates Statement The Committee adopts as its own the estimate of Federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandates Reform Act. Preemption Clarification In compliance with section 423 of the Congressional Budget Act of 1974, requiring the report of any Committee on a bill or joint resolution to include a statement on the extent to which the bill or joint resolution is intended to preempt State, local, or Tribal law, the Committee finds that H.R. 2719 does not preempt any State, local, or Tribal law. Disclosure of Directed Rule Makings The Committee estimates that H.R. 2719 would require no directed rule makings. Advisory Committee Statement No advisory committees within the meaning of section 5(b) of the Federal Advisory Committee Act were created by this legislation. Applicability to Legislative Branch The Committee finds that the legislation does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act. Section-by-Section Analysis of the Legislation Section 1. Short title This section provides that the bill may be cited as the ``Transportation Security Acquisition Reform Act.'' Sec. 2. Findings This section states three specific findings resulting from extensive Congressional oversight. These findings are described as follows: 1. Congress finds that TSA has not consistently implemented DHS policies and Government best practices for acquisition. Applicable DHS policies include MD-102, HSAM-3007, and related DHS acquisition guidebooks. Government acquisition best practices are compiled and published at http:// www.acquisition.gov. Information received in numerous Committee hearings and briefings supports this finding. For example, in January 2012, GAO reported that TSA did not fully follow DHS acquisition policies when acquiring Advanced Imaging Technology (AIT), which resulted in DHS approving AIT deployment without full knowledge of TSA's revised technical specifications. Further, in April 2012, GAO found that TSA's methods for developing life cycle cost estimates for the Electronic Baggage Screening Program did not fully adhere to best practices for developing these estimates. 2. Congress also finds that TSA has not developed a multi- year technology investment plan and has underutilized opportunities to work collaboratively with the private sector. Stakeholders have consistently urged TSA to develop and share a multi-year investment plan to improve transparency and insight into future spending plans. To address this gap in planning, Congress directed TSA through the Consolidated and Further Continuing Appropriations Act of 2013 to provide a five-year investment plan that includes projected funding levels for the next five fiscal years for all passenger screening technology acquisitions. In addition, during the hearing entitled: ``TSA Reform: Exploring Innovations in Technology Procurement to Stimulate Job Growth, Part II,'' Mr. Marc Pearl testified that the Homeland Security & Defense Business Council strongly believes that TSA must strive to develop a mid- to long-term strategic acquisition plan and consider the possibility of multi-year budget plans. Further, a strategic acquisition plan would provide all interested companies with an insightful blueprint for Government's future needs, and give them the necessary time to align and focus financial and personnel resources towards addressing the highest priority needs. 3. Lastly, Congress finds that TSA has faced challenges meeting key performance requirements for acquisitions and procurements, resulting in reduced security effectiveness and wasted expenditures. This issue was highlighted at the hearing entitled: ``TSA Procurement Reform: Saving Taxpayer Dollars Through Smarter Spending Practices.'' GAO witness, Mr. Stephen Lord, stated that GAO's prior work has found that realistic acquisition program baselines with stable requirements for cost, schedule, and performance are among the factors that are important to successful acquisitions delivering capabilities within cost and schedule. Further, program performance metrics for cost and schedule can provide useful indicators of the health of acquisition programs. Since its creation, TSA has completed several acquisitions that either did not result in the security benefits originally promised or were not implemented effectively. For example, in 2006, TSA spent $29.6 million on 207 explosives trace portal (puffer) machines. The puffer machines represented the first deployment of a checkpoint technology whose development had been initiated by TSA. However, it turned out the machines had been inadequately tested and failed to work in dirty, humid airport environments. The machines were ultimately removed from service. In addition, in 2010, GAO reported that TSA had revised its explosive detection system (EDS) requirements to better address current threats, but only some of the EDS machines in TSA's fleet were configured to detect explosives at the required levels established in 2005. The remaining EDS machines were configured to detect explosives at 1998 levels. While TSA maintained that it was working toward phasing in the new requirements, some machines were in fact operating at pre-9/11 levels, resulting in a potential security vulnerability. Further, as part of the FAA Modernization and Reform Act of 2012 (Pub. L. 112-95), in January 2012, Congress mandated that all Advanced Imaging Technology (AIT) used to screen passengers had to be equipped with Automatic Target Recognition (ATR) software. ATR displays a computer generated, generic human image, which relieves certain passenger privacy concerns. While millimeter wave AIT machines have been equipped with ATR, ATR software for the backscatter units was never successfully tested. Subsequently, TSA ended its contract, the maker of the backscatter AITs and backscatter units were removed from airports. Each backscatter AIT machine cost TSA, and in turn, U.S. taxpayers $150,000. TSA had a total inventory of 246 backscatter AIT machines, at a total cost of $36.9 million. While the contractor removed and stored all of the units at their own expense, TSA remained at a loss due to the fact that it was not able to utilize the machines for their entire life cycle. Based on these findings, the Committee believes that TSA, in collaboration with the Department and stakeholders, would greatly benefit from a reform of its security-related technology acquisition policies, procedures, practices, and culture. The Committee strongly encourages the Administration to identify, adopt, and implement a comprehensive set of acquisition reforms that will ultimately lead to more effective and efficient procurements. It is the belief of the Committee, supported by GAO recommendations, that TSA would most benefit from a legislative framework that is based on widely-accepted acquisition best-practices. As such, the legislative language in the following sections describes an acquisition framework that the Committee believes to be necessary for TSA to address the findings identified in this section. This framework is based in part on acquisition reforms legislated for the U.S. Coast Guard under 124 STAT. 2942; Pub. L. 111-281. The Coast Guard, through formal briefings with Committee Staff, indicated that such a legislative framework has resulted in more effective and efficient Coast Guard procurements. The Committee plans to continue to conduct oversight and monitor TSA's progress on acquisition reform. The Committee will consider additional acquisition reform legislation should such continuing oversight identify additional opportunities for improvement. Sec. 3. Transportation Security Administration acquisition reform This section amends Title XVI of the Homeland Security Act of 2002 (116 Stat. 2312). 1601. Definitions In this subsection, the terms ``Administration'' and ``Administrator'' are defined in the context of the Department of Homeland Security's Transportation Security Administration (TSA). The term ``security-related technology'' is defined to clarify the scope of acquisitions that are covered under this legislation. It is the Committee's intent that the acquisition of any and all security-related technologies that meet this definition are subject to this legislation. It is the Committee's intent that security-related acquisitions that do not involve technology solutions, such as the procurement of personnel services, would not be subject to this legislation. However, since this legislation provides a framework that is based on widely-accepted acquisition best-practices, the Committee encourages the Department and TSA to apply these best-practices, where applicable, to the acquisition of all goods and services. 1611. Multi-year technology investment plan (a) In general This subsection requires the Administrator to develop and report on a multi-year, strategic technology investment plan. The plan is intended to guide the overall direction of security-related technology acquisitions, and unclassified information shared with the public. A classified addendum for sensitive transportation security risks, technology vulnerability, etc. may be included. This report is due to Congress no later than 180 days after enactment of this Act and every 2 years thereafter. (b) Consultation This subsection requires the Administrator to consult with three Department officials during the development of the plan. Consultation with the Undersecretary for Management, who also serves as the Chief Acquisition Officer for the Department, enables TSA to achieve consistency with the Department's acquisition policies, directives, and procedures relevant to acquisition planning. Consultation with the Chief Information Officer will enable TSA to achieve consistency with the acquisition policies, directives and procedures for the acquisition of information technology and relevant cyber- security assurance. Consultation with the Undersecretary for Science and Technology (S&T) is consistent with the roles and responsibilities of the Undersecretary as defined in Section 300 of the Homeland Security Act of 2002. Specifically, consultation with the Undersecretary for S&T will help ensure that technology innovation, technology management best- practices and test & evaluation aspects are being fully considered during the technology acquisition planning phase. (c) Approval This subsection requires that the Administrator seek the formal approval of the Secretary prior to publication of its report. It is the Committee's expectation that the Secretary, acting through the Chief Acquisition Officer, will require multiple DHS Components to produce similar multi-year technology investment plans. As such, the Committee encourages the Secretary to actively integrate these multi-year plans together to identify opportunities for cross-component leveraging, elimination of duplicative efforts, and systems integration. Furthermore, the multi-year plan will likely identify budgetary needs and gaps for out-year planned acquisitions, and the Secretary will need to integrate and prioritize these needs and gaps into the OMB budget planning process. (d) Contents of the plan In this subsection, the contents of the multi-year technology investment plan are prescribed. The contents prescribed herein are the minimum contents and it is the Committee's expectation that TSA will include additional content as necessary to enable effective multi-year planning. While the timeline of the plan is not specified in the legislation, the Committee strongly encourages TSA to cover near-term (e.g. 1-3 years), mid-term (e.g. 3-7 years), and long-term (e.g. 8 years and beyond) aspects in the plan. Based on significant testimony from stakeholders, GAO, and the DHS IG, the Committee believes that such a multi-year technology investment plan will enable the private sector to better plan and invest in their internal research and development activities. The multi-year plan is to include an analysis of transportation security risks and gaps. It is the Committee's intent that the plan is strategic in nature and derived from transportation security risks, needs, and gaps as currently known and projected into the future. The risk and gap analysis is to draw upon other relevant analyses conducted by the Federal Government, including the Quadrennial Homeland Security Review (QHSR). The multi-year plan is to include a prioritized set of planned technology programs and projects with clearly defined objectives, goals, and measures. These programs and projects should be derived from the risk and gap analysis in order to achieve an effective risk-based transportation security system. It is the Committee's expectation that adequate detail will be provided in these objectives, goals and measures to enable any interested technology vendor to plan well in advance. The Committee expects that near-term aspects of the plan will include activity-level details, whereas longer-term aspects will be more general in nature. The Committee notes that the requirements in this bill, including multi-year planning, only apply to TSA, and other departments and agencies that are listed herein. The Committee specifically directs that if TSA identifies a security gap onboard an aircraft and plans to procure a technology that would address such gap, nothing in this bill affects the responsibilities of the Federal Aviation Administration to ensure that safety standards are adhered to prior to the deployment of a security technology onboard any aircraft. The multi-year plan is to include an analysis of current trends in domestic or international passenger travel. These trends are especially important as specific passenger facilities may need to grow or shrink in the future depending on demand. A projection of such growth or shrinkage is necessary to adequately plan for the quantities and deployment locations of security-related equipment. The multi-year plan is to include an identification of currently deployed security-related technologies that are becoming outdated. The Committee strongly encourages TSA to timely identify such equipment and to make risk-informed decisions as to whether the equipment should be sustained, refreshed, or retired. The multi-year plan is to include an identification of test, evaluation, modeling, and simulation capabilities for supporting the technology programs and projects described under paragraph (a). The Committee believes that an early identification of these capabilities will help ensure that such capabilities are made available during the planned acquisitions. The Committee encourages TSA to look collectively at needed capabilities including those at TSA, DHS Transportation Security Laboratory, and third-party capabilities at universities, national laboratories, and independent private test facilities. The multi-year plan is to include an identification of opportunities for partnerships and collaboration with third parties. Given the significant interdependence between the public and private sectors in transportation security, the Committee strongly encourages the TSA to seek out and implement innovative opportunities for such partnerships and collaborations. The multi-year plan is to include an identification of acquisition workforce needs. The Committee believes that TSA and DHS need to continue to work closely together to improve the quality of TSA's professional acquisition workforce. The Committee also believes that TSA and DHS would greatly benefit by learning from, and in some cases directly utilizing, acquisition professionals from other parts of the Federal Government that have such expertise. While several branches of the Federal Government have acquisition expertise, the Committee notes that private sector stakeholders have cited the Department of Defense and the National Aeronautics and Space Administration (NASA) as having extensive expertise that could be appropriately leveraged. The multi-year plan is to include an identification of security resources required to protect security-related technology from physical or cyber theft, diversion, sabotage or attack. Acquired equipment will need to be properly protected, whether it is deployed at a facility or stored in a warehouse. The Committee believes that it is critically important to identify how such equipment will be secured and what security resources will be required. Security resources would include the appropriate combination of physical security, personnel security, information security, and other technical security means. The Committee strongly encourages TSA to use due diligence with regard to assessing and addressing cyber- security aspects of all its acquired equipment. The multi-year plan is to include an identification of initiatives to streamline the acquisitions process and provide predictability and clarity for the private sector. The Committee understands that acquisition is not an exact science and requires the continuous evaluation and improvement of the underlying processes. The Committee also believes that such acquisition processes need to be sufficiently rigorous in order to lead to effective procurements. That said, such processes could become overly constraining and overly burdensome and become inefficient from a mission delivery perspective. The Committee therefore strongly encourages TSA, in collaboration with DHS and the private sector, to evaluate and appropriately streamline its acquisition processes. (e) Leveraging the private sector This subsection prescribes the elements of the multi-year plan for leveraging the private sector. Private sector leveraging is to be done to the greatest extent possible, as long as it does not create any unfair or inequitable advantage to specific vendors or specific segments of the private sector. The Committee's intent is that ``private sector'' encompasses small, medium, and large businesses, both for-profit, and non- profit. The Committee believes that TSA has underutilized private sector leveraging and has been overly conservative in its interpretation of the Federal Acquisition Regulations (FAR) in this regard. Specifically, the Committee encourages TSA to conduct additional market research through proactive and extensive industry engagement. The Committee also encourages TSA, in collaboration with DHS, to educate its acquisition workforce on the private sector engagement that is possible within the context of the FAR. The Committee notes that such a ``FAR myth-busting campaign'' has been highly effective at NASA, resulting in increased technological innovation through public-private partnering. The plan is to leverage emerging trends within the private and public sectors. Security technologies often advance rapidly, and the Committee believes that it is essential that TSA understand these trends in order to acquire the latest and most appropriate security solutions. The Committee encourages TSA to look at security technologies from other Government agencies and a broad cross-section of industry. Specifically, the Committee encourages TSA to consider security-related technologies that were developed for other security purposes but could be applied to transportation security. The plan is to incorporate feedback and input received from the private sector through a variety of communications mechanisms. The bill includes a requirement that TSA utilize innovative means for incorporating feedback and input from the private sector. The Committee notes that such innovative means could include social media, webinars, and workshops. The Committee strongly encourages TSA to proactively identify the range of technology solutions that could potentially be offered by the private sector well before committing to a specific vendor's proposed solution. The plan is to leverage market research conducted by the Undersecretary for Science and Technology. The Committee believes that the DHS Science and Technology Directorate, particularly within its Homeland Security Advanced Research Projects Agency (HSARPA), and within its national laboratory network, have significant technical expertise on emerging security-related technologies. The Committee encourages TSA to leverage S&T's expertise and objectively consider these potential emerging technologies well before committing to a specific technology solution. (f) Disclosure This subsection requires that all non-government persons involved in writing the plan are disclosed. The Committee believes that TSA needs to be fully transparent and identify all third-parties in order to avoid any appearance of conflicts-of-interest. (g) Update and report This subsection requires that the multi-year plan be updated and transmitted every two years. The subsection also requires that TSA include a report on whether or not recently acquired security-related technologies were consistent with the last issuance of the plan. The Committee believes that it is important that TSA implement the multi-year plan that it develops. The Committee also recognizes that plans can change due to unforeseen circumstances, and encourages TSA to actively update and republish the plan regularly as needed. 1612. Acquisition justification and reports (a) Acquisition justification This subsection requires that TSA conduct an analysis prior to implementing an acquisition to demonstrate the justification of the acquisition. While the bill does not specify a timeline for such an analysis, the Committee encourages TSA to conduct this analysis as early as possible in the acquisition planning cycle. And while the bill does not specify the level of detail of the analysis, the Committee expects that TSA would tailor the level of detail based on the risk and complexity of the planned acquisition. Specifically, higher risk and/or higher complexity acquisitions are expected to require more justification analysis detail. The Committee strongly encourages TSA to collaborate with DHS and develop a scalable acquisition justification process that is both effective and efficient. The justification analysis is to include an identification of the type and level of risk to transportation security that a technology acquisition would address. The Committee strongly encourages that this risk analysis be conducted in the context of the multi-year plan and is based on an overall risk-based security systems architecture. The justification analysis is to include an assessment of how the acquisition aligns with the multi-year technology investment plan. The Committee believes that it is very important that TSA implement the multi-year plan that it develops. Recognizing that unforeseen circumstances may require a deviation from the plan, the Committee expects TSA to document the reason for such deviation so that the plan can be appropriately updated and communicated. The justification analysis is to include a comparison of lifecycle costs against total expected benefits to transportation security. The Committee believes, based on GAO testimony, that this ``cost-benefit'' analysis is of critical importance. Such cost-benefit analysis enables TSA to make objective decisions on whether or not to proceed with a planned acquisition. While the details of the cost-benefit analysis and lifecycle cost estimations are not prescribed in the bill, the Committee strongly encourages TSA to utilize best practices, such as those published by the GAO, when implementing this section of the bill. The justification analysis is to identify alternative security solutions to determine if such alternatives would result in a preferred mission outcome. Based on GAO testimony, the Committee believes that this ``analysis-of-alternatives'' (AOA), is of critical importance. Such an AOA enables TSA to make objective decisions on whether or not a specific technology solution is the best approach towards achieving risk-based security outcomes. When conducting this AOA, the Committee expects TSA to consider both technical and non- technical means for addressing security gaps. The Committee believes that sometimes a security gap can be addressed with administrative means instead of through a security-related technology, and such alternative approaches need to be considered prior to committing to a specific acquisition. The justification is to include an evaluation of the privacy and civil liberties implications of the proposed acquisition and a determination that the proposed acquisition is consistent with Fair Information Practice Principles (FIPPs). The bill also requires that the evaluation include consultation with organizations that advocate for the protection of privacy and civil liberties to the extent practicable. The Committee strongly encourages TSA to collaborate with the DHS Privacy Officer and establish a process to ensure that privacy and civil liberties issues are addressed well in advance of deploying a security-related technology. Using TSA's Advanced Imaging Technology (AIT) as an example, the Committee notes that a lack of attention to privacy issues can lead to cost, schedule, and performance deficiencies during such acquisitions. The justification is to include confirmation that there are no significant risks to human health and safety posed by the proposed technology acquisition. This provision is derived from the Committee's oversight observations that TSA did not adequately consider, evaluate, and communicate the human health aspects of x-ray-based AIT machines. The Committee notes that TSA must follow applicable Federal rules and standards for health and safety as issued by other agencies such as the Environmental Protection Agency and the Occupational Safety and Health Administration. The Committee also notes that contractors developing technologies are also required to follow such applicable rules and standards. The Committee's intent of this provision is to direct TSA to include in its acquisition process a confirmation that applicable human and safety risks have been adequately addressed. The Committee strongly encourages TSA, in consultation with technology vendors and other Federal agencies, to identify any applicable health and safety risks, and develop a plan to mitigate and communicate risks, as appropriate. The Committee also strongly encourages TSA to consider and appropriately monitor health and safety risks throughout the full lifecycle of deployed equipment. (b) Reports and certification to Congress This subsection requires that TSA submit the results of its acquisition analysis to the relevant House and Senate committees for all planned acquisition contracts that exceed $30 million. This report is due at least 30 days prior to placing said contract, but the Committee encourages TSA to submit notification as early as possible in the acquisition planning process. Furthermore, the Administrator is to provide to the relevant House and Senate committees a certification that the security benefits justify the contract cost. The Committee expects this certification to derive from the cost- benefit analysis required under this section. The purpose of this subsection is to provide transparency to the American public and enable effective Congressional oversight. The $30 million threshold was based on the Committee's analysis of historical TSA acquisitions and a determination that high-risk and/or high-complexity acquisitions tend to fall above this threshold. Furthermore, this threshold provides a reasonable balance between Congressional oversight needs and potentially burdensome reporting requirements. While the bill does not require TSA to notify Congress of acquisitions below this threshold, the Committee encourages TSA to provide Congressional notification of any acquisition, regardless of cost, if such notification would improve transparency to Congress, the American public, or the private sector. The Committee notes that TSA may continue to place contracts after providing notification and that this bill does not require formal Congressional approval for TSA to proceed. The Committee recognizes that the Congressional reporting requirements, while essential for increasing the transparency for the tax-paying public, could potentially lead to unintended consequences such as slowing down major acquisition programs. To address this concern, the Committee has held detailed discussions with both DHS and TSA, and the reporting thresholds and requirements herein will compliment, rather than duplicate, existing reporting processes within DHS and TSA. The Committee also believes that the legislative language offers sufficient flexibility so that TSA can tailor its Congressional reports to minimize additional administrative burdens. The Committee strongly encourages TSA to implement these new reporting requirements in a manner that does not unduly delay acquisition implementation. The Committee is committed to continue working with TSA to ensure that Congressional reporting remains mutually beneficial, timely, and value-added. The reporting requirement includes the ability for the Administrator to reduce the 30 day notification period to 5 days should there be an imminent threat. The relevant House and Senate Committees are to receive immediate notice of such an imminent threat. It is the Committee's intent that a Member and/or Staff briefing, or appropriate written communication, would serve as an effective form of notification in the event of an imminent threat. 1613. Acquisition baseline establishment and reports (a) Baseline requirements This subsection prescribes the set of baseline acquisition requirements that are set prior to implementing a specific security-related technology acquisition. These requirements are established and documented by the appropriate acquisition official of the Department. The Committee believes that formalization of such requirements should be performed at DHS rather than at TSA in order to achieve more objective outcomes. The Committee furthermore believes that the appropriate acquisition official will depend on the level of risk or complexity of a specific acquisition. As such, the appropriate acquisition official is expected to be the Department's Chief Acquisition Officer, or a designee. While the bill does not specify a timeline for such a baseline establishment, the Committee expects the Department and TSA to establish effective requirements as early as possible in the acquisition planning cycle. And while the bill does not specify the level of detail included in these requirements, the Committee expects that the Department and TSA would tailor the level of detail based on the risk and complexity of the planned acquisition. Specifically, higher risk and/or higher complexity acquisitions are expected to require more detailed requirements. The Committee strongly encourages TSA to collaborate with DHS and develop a scalable acquisition baseline requirements process that is both effective and efficient. The contents of the requirements are to address cost, schedule, and technical performance milestones. Based on extensive GAO testimony, the Committee believes that establishment and tracking of all three aspects is critical for mission success. The Committee strongly encourages DHS and TSA to utilize best practices, such as those published by the GAO, when estimating and establishing cost estimates and other key acquisition parameters. When establishing the baseline requirements, the Department, working with TSA, is also to identify acquisition risks and a plan for mitigating risks. The Committee believes that these risks simultaneously address cost risks, schedule risks, and technical performance risks, in the context of the transportation security objectives. The establishment of the baseline requirements is also to include efforts to ensure that the performance milestones are technologically feasible. This feasibility review is conducted in consultation with the Science and Technology Directorate, whose expertise in technology development brings additional objectivity to the requirements establishment process. The Committee strongly encourages the DHS S&T Directorate to use quantitative metrics, such as technology readiness levels, when assessing technological feasibility. The establishment of the baseline requirements is to include a test and evaluation plan. The plan is conducted in consultation with the Science and Technology Directorate. The minimum contents of the plan are prescribed in the bill and include: The set of activities required for assessing technologies against performance milestones; the appropriate combination of laboratory testing, field testing, modeling, simulation and supporting analysis; and the schedule for such test and evaluation activities. The Committee believes that test and evaluation is a critical aspect of all security-related technology acquisitions. Based on GAO testimony, several of TSA's technology acquisition projects failed to meet objectives due to inadequate test and evaluation; both in planning and in execution. The Committee believes that TSA has responded to GAO's recommendations and is starting to include an extensive set of test and evaluation activities during its major acquisitions. That said, the Committee has observed that TSA's most recent approach to test and evaluation is not very efficient. Specifically, the Committee observes that TSA executes many of its test and evaluation activities, including laboratory tests and field tests in a consecutive fashion. This series approach appears to have significantly extended the time it takes for TSA to accept new technologies and deploy them at checkpoints. The Committee encourages TSA to explore parallel approaches to shorten the test and evaluation schedules, while still retaining an effective technology evaluation against requirements. The Committee strongly encourages TSA, in collaboration with S&T and the private sector, to establish a test and evaluation process that is scalable, effective and efficient. The Committee strongly encourages TSA to share its test and evaluation plan with all stakeholders to increase transparency and improve industry's ability to budget and plan for testing, particularly small businesses that may not have as many resources at their disposal for continuous testing over several years. The establishment of baseline requirements is also to include verification and validation (V&V) activities. The bill requires that V&V activities be managed by the Department in order to lead to more objective outcomes. While the bill does not specify the level of detail included in these V&V activities, the Committee expects that the Department and TSA would tailor the level of detail based on the risk and complexity of the planned acquisition. Although the bill requires that only those acquisitions that are identified as highest priority undergo V&V, the Committee encourages DHS and TSA to consider use of V&V in any acquisition that is of high risk and/or high complexity. The Committee expects independent V&V to be conducted prior to officially establishing the baseline requirements, and to continue during implementation of the acquisition, as appropriate. In that manner, there would be periodic third-party assessment that the acquisition has a set of well-established requirements and that the implemented acquisition is meeting all those requirements. The Committee recognizes that V&V activities may add costs and/or time to the acquisition schedule, so the Committee encourages DHS and TSA to work together to establish a scalable, risk-based V&V process that is both effective and schedule efficient. For this reason, the bill requires that independent V&V not unduly delay the schedule of such security-related acquisitions. The establishment of baseline requirements also requires that TSA establish a streamlined process for the technology vendor community to obtain access to these requirements. The Committee believes that TSA needs to improve its transparency when communicating requirements to technology vendors, so that they can better plan for technology development. The Committee recognizes that some baseline requirements may contain sensitive security information and/or classified information. As such, the Committee expects TSA to establish a process that appropriately manages need-to-know aspects while balancing the need for transparency, open competition, and technology innovation. This is particularly important for small businesses that may not have staff with security clearances. Such companies may have a better product, but they are at a competitive disadvantage to companies that already have cleared staff who can review performance requirements--requirements that oftentimes are not technically ``classified'' but rather deemed ``sensitive'' by TSA. (b) Review of baseline requirements and deviation; reports to Congress This subsection requires that the Department review and assess each technology acquisition during its implementation to determine if the acquisition is meeting the documented baseline requirements. Although the time period is not prescribed in the bill, the Committee expects that acquisitions will be reviewed periodically, with higher risk and/or higher complexity acquisitions reviewed more frequently and in more depth. The Committee strongly encourages that during such reviews, cost, schedule, and performance aspects are assessed. The review of baseline requirements is to include an assessment that planned test and evaluation activities have been completed and the results demonstrate that performance milestones remain technologically feasible. The Committee expects that the outcome of such reviews will result in documented decisions that include: Continuation of the acquisition according to plan; corrective actions; a re-baseline of the acquisition; or a cancellation of the acquisition. The bill requires that TSA report to the appropriate House and Senate committees the result of any assessment that finds a significant deviation from baseline requirements. These significant deviations, referred to as an ``acquisition breach'', occur when TSA identifies that the cost, schedule, or performance thresholds exceed a prescribed threshold. These thresholds (e.g. 10 percent or 180 days) were determined from the Committee's analysis of historical TSA acquisitions and are believed to provide the appropriate balance between transparency, oversight, and efficient acquisition implementation. The Committee notes that these thresholds are similar to those required under law for other departments and agencies within the Federal Government and are consistent with current internal DHS policy. The bill further requires that the report of such an acquisition breach include the cause and corrective actions, and be delivered within 30 days of identifying such a breach. The Committee expects TSA and DHS to be fully transparent in reporting potential or actual breaches. The Committee also expects that such reports be provided through briefings or other appropriate written notifications. 1614. Inventory utilization (a) In general This subsection requires TSA, to the extent practicable, to utilize applicable existing equipment in its inventory prior to procuring additional quantities of that equipment. In some cases, the Committee has observed that TSA stockpiles large quantities of screening equipment in warehouses. In other cases, the Committee has observed that TSA waits until it urgently needs the equipment at a specific checkpoint before placing a procurement contract. This inconsistent inventory management approach makes it difficult for vendors, airport operators, and security personnel to properly plan for the procurement, deployment, and implementation of security-related technologies. Therefore, the Committee strongly encourages TSA, in collaboration with DHS and private sector stakeholders, to establish a risk-based process for inventory management that is both effective and efficient. (b) Tracking of inventory This subsection requires TSA to establish a process for tracking the location, utilization status, and quantity of equipment in inventory, and to implement effective controls for utilizing its inventory. The Committee strongly encourages TSA to leverage and adopt inventory management tools that are based on best-practices. The Committee notes that GAO has published such inventory best practices. And the Committee notes that the Department of Defense has extensive inventory management tools that could be potentially leveraged for TSA's mission. For example, according to a report released by the Department of Homeland Security (DHS) Inspector General (OIG- 913-113), the Department cannot account for radio equipment. The report found that the Department has no reliable way to create an inventory of existing radio systems, and component- level data is often inaccurate and incomplete. Specifically, TSA was unable to provide the name, description, or condition of radios or their batteries. The IG report also found that without significant reforms, significant funds could be wasted on current and future radio procurement programs. (c) Logistics management This subsection requires TSA to establish logistics principles for managing inventory in an effective and efficient manner. In particular, the Committee expects TSA to establish under what circumstances a ``just-in-time-delivery'' would be most appropriate and under what circumstances a ``deliver-to- inventory'' approach would be preferred. For example, the bill limits the use of just-in-time logistics if doing so would inhibit planning for a large-scale deployment or would unduly diminish surge capacity for response to a terrorist threat. The Committee notes that in mid-2012, DHS established a policy that required TSA to deliver equipment directly to the airport destination so that TSA does not need to store units in warehouses. The Committee believes that the implementation of this policy did not adequately consider the fact that airport construction projects are typically multi-year efforts and TSA must order equipment well in advance to align to planned construction schedules. If a construction schedule slips, as they often do, TSA's ordering plan and delivery schedule for the equipment would need to be adjusted since the policy did not make accommodations for temporary warehousing. The Committee notes that during the procurement of Explosive Detection Systems (EDS) in December of 2012, TSA delayed the equipment deliveries within weeks of contractually determined schedules due to changes in airport project schedules. The Committee believes that last minute delivery schedule changes of this nature are extremely disruptive and costly in the short term and could ultimately jeopardize the industrial base and manufacturing supply chain in the long term. The Committee further believes that ``just-in-time'' logistics is not the best approach in all circumstances, particularly for low-volume or specialized equipment with long lead-times and few global customers. The Committee strongly encourages DHS and TSA to use its best judgment on when and where to apply various logistical approaches. The Committee believes that once TSA publishes a set of logistics principles, then their acquisition officials will be better educated on how to balance the use of various logistics options. 1615. Small business contracting goals This section requires TSA to submit to the relevant House and Senate committees a report on its small business contracting goals. The report is due 90 days after enactment and annually thereafter. The Congressional intent of this section is to encourage TSA to manage its small business contracting in a manner that could potentially improve technology innovation during the acquisition process. The Committee encourages TSA to implement this section in consultation with the DHS Office of Small and Disadvantaged Business Utilization. The small business goals are required to be restated in the Congressional Report. And TSA's performance towards meeting those goals during the prior fiscal year are to be reported. The Committee believes that the small business goals need to be set so that they are credible, achievable, and lead to the desired outcome of improved innovation. The Committee recognizes that such goals may be set by the Department, or in some cases, by other Government entities. The Committee encourages TSA to strive to meet those goals, even when they are set by others. The Committee also recognizes that small businesses may not have adequate capabilities or expertise to directly deliver large quantities of complex security equipment to meet TSA's mission needs. The Committee believes that small businesses, when they partner with larger business, may increase their likelihood of introducing innovative ideas and technologies into the TSA security system. For that reason, the Committee strongly encourages TSA to track and report on small business subcontracting goals to complement their small business prime contracting goals. If TSA under achieves its stated small business contracting goals for a given year, then the bill requires that TSA report on the challenges that contributed to that underachievement, including whether deviations from the Administration's subcontracting plans or contract bundling were contributing factors. Additionally, the bill requires that TSA develop and report on an action plan for addressing those challenges. The Congressional Report is to include an action plan, with benchmarks, for addressing underachievement, which is to be developed following consultation with other relevant Federal agencies. The Committee recognizes that small business contracting is a complex policy issue, and encourages TSA to implement this section of the bill in a manner that leads to increased innovation while providing fairness of opportunity. 1616. Consistency with the Federal Acquisition Regulation and Departmental policies and directives This section of the bill requires TSA to execute the provisions of Subtitle B in a manner consistent with, and not duplicative of, the Federal Acquisition Regulation (FAR) and DHS policies and directives. In conducting Congressional oversight on security-related technology acquisition at TSA, the Committee extensively researched the acquisition requirements to which TSA is already subject. The Committee notes that DHS and TSA are required by statute to follow the FAR, and the Committee believes that nothing in this bill supersedes nor duplicates applicable sections of the FAR. While TSA is required to follow DHS internal acquisition policy and directives, Congress has found, per Section 2, that TSA has not always consistently implemented these policies and directives. It is therefore the Committee's intent to codify into law, through this bill, those critical acquisition best- practices with which DHS already requires TSA to comply. With the exception of the multi-year technology investment plan, the Committee believes that all the acquisition reforms prescribed in the bill are already a Departmental requirement for TSA, and therefore should not lead to any duplication or inconsistency. As of the writing of this report, the Committee understands that GAO has recommended that DHS broadly implement multi-year technology acquisition plans, and that TSA is in the process of developing such multi-year plans. Therefore, the Committee believes that all provisions of this bill are relatively straightforward for TSA to implement, and strongly encourages TSA to implement these provisions in a streamlined, effective manner. Sec. 4. Government Accountability Office reports This section requires the GAO to evaluate and report on TSA's progress in implementing subtitle B of this bill. The evaluation and report are to include an identification of efficiencies, cost savings, or delays that have resulted from such implementation. The purpose of this section is to gather data and assess TSA's ongoing performance in acquiring security-related technologies. These GAO reports provide important input for continuing Congressional oversight and provide additional transparency for the American public. Sec. 5. Report on feasibility of inventory tracking This section requires TSA to report to Congress on the feasibility of tracking its security-related technologies using automated information and data capture technologies. Sec. 6. Government Accountability Office review of TSA's test and evaluation process This section requires the GAO to evaluate and report to Congress on the Transportation Security Administration's testing and evaluation activities related to security-related technologies. The report is to include information on the extent to which the execution of such testing and evaluation activities is aligned with TSA's acquisition needs, planned procurements, and acquisitions for technology programs and projects; the extent to which security-related technologies that have been tested, evaluated, and certified for use by TSA are not procured by TSA; and recommendations for how TSA can improve the efficiency and efficacy of such testing and evaluation activities and better align such testing and evaluation with the acquisitions process. The Committee has been informed by businesses both large and small that TSA's testing and evaluation process may be overly cumbersome and, as a result, drive participation in the marketplace down. While the Committee encourages a test and evaluation process that produces effective security-related technologies, it recognizes that such a process must be conducted in the most efficient and cost-effective way possible. The failure to do so will result in increased cost to taxpayers due to the lack of competition in the marketplace. The Committee believes this dynamic is especially true for small business that may have innovative security-related technologies capable of improving the passenger screening experience and security but lack the capital necessary to survive a test and evaluation process that may be unnecessarily cumbersome. Sec. 7. No additional authorization of appropriations This section requires the provisions of this bill to be carried out using amounts otherwise available. The Committee believes that the reform provisions in this bill largely already exist in current Department policies and directives. As such, the Committee believes that TSA should appropriately absorb the minimal costs required to improve its acquisition performance, report to Congress, and increase its transparency. The Committee strongly encourages TSA to implement these provisions in a manner that leads to more effective and efficient acquisitions, thereby resulting in long-term Federal Government savings. Changes in Existing Law Made by the Bill, as Reported In compliance with clause 3(e) of rule XIII of the Rules of the House of Representatives, changes in existing law made by the bill, as reported, are shown as follows (existing law proposed to be omitted is enclosed in black brackets, new matter is printed in italic, existing law in which no change is proposed is shown in roman): HOMELAND SECURITY ACT OF 2002 SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) * * * (b) Table of Contents.--The table of contents for this Act is as follows: * * * * * * * [TITLE XVI--CORRECTIONS TO EXISTING LAW RELATING TO AIRLINE TRANSPORTATION SECURITY [Sec. 1601. Retention of security sensitive information authority at Department of Transportation. [Sec. 1602. Increase in civil penalties. [Sec. 1603. Allowing United States citizens and United States nationals as screeners.] TITLE XVI--TRANSPORTATION SECURITY Subtitle A--General Provisions Sec. 1601. Definitions. Subtitle B--Transportation Security Administration Acquisition Improvements Sec. 1611. Multiyear technology investment plan. Sec. 1612. Acquisition justification and reports. Sec. 1613. Acquisition baseline establishment and reports. Sec. 1614. Inventory utilization. Sec. 1615. Small business contracting goals. Sec. 1616. Consistency with the Federal Acquisition Regulation and departmental policies and directives. * * * * * * * [TITLE XVI--CORRECTIONS TO EXISTING LAW RELATING TO AIRLINE TRANSPORTATION SECURITY [SEC. 1601. RETENTION OF SECURITY SENSITIVE INFORMATION AUTHORITY AT DEPARTMENT OF TRANSPORTATION [(a) Section 40119 of title 49, United States Code, is amended-- [(1) in subsection (a)-- [(A) by inserting ``and the Administrator of the Federal Aviation Administration each'' after ``for Security''; and [(B) by striking ``criminal violence and aircraft piracy'' and inserting ``criminal violence, aircraft piracy, and terrorism and to ensure security''; and [(2) in subsection (b)(1)-- [(A) by striking ``, the Under Secretary'' and inserting ``and the establishment of a Department of Homeland Security, the Secretary of Transportation''; [(B) by striking ``carrying out'' and all that follows through ``if the Under Secretary'' and inserting ``ensuring security under this title if the Secretary of Transportation''; and [(C) in subparagraph (C) by striking ``the safety of passengers in transportation'' and inserting ``transportation safety''. [(b) Section 114 of title 49, United States Code, is amended by adding at the end the following: [``(s) Nondisclosure of security activities [``(1) In general.--Notwithstanding section 552 of title 5, the Under Secretary shall prescribe regulations prohibiting the disclosure of information obtained or developed in carrying out security under authority of the Aviation and Transportation Security Act (Public Law 107-71) or under chapter 449 of this title if the Under Secretary decides that disclosing the information would-- [``(A) be an unwarranted invasion of personal privacy; [``(B) reveal a trade secret or privileged or confidential commercial or financial information; or [``(C) be detrimental to the security of transportation. [``(2) Availability of information to congress.-- Paragraph (1) does not authorize information to be withheld from a committee of Congress authorized to have the information. [``(3) Limitation on transferability of duties.-- Except as otherwise provided by law, the Under Secretary may not transfer a duty or power under this subsection to another department, agency, or instrumentality of the United States.''. [SEC. 1602. INCREASE IN CIVIL PENALTIES [Section 46301(a) of title 49, United States Code, is amended by adding at the end the following: [``(8) Aviation security violations.--Notwithstanding paragraphs (1) and (2) of this subsection, the maximum civil penalty for violating chapter 449 or another requirement under this title administered by the Under Secretary of Transportation for Security shall be $10,000; except that the maximum civil penalty shall be $25,000 in the case of a person operating an aircraft for the transportation of passengers or property for compensation (except an individual serving as an airman).''. [SEC. 1603. ALLOWING UNITED STATES CITIZENS AND UNITED STATES NATIONALS AS SCREENERS [Section 44935(e)(2)(A)(ii) of title 49, United States Code, is amended by striking ``citizen of the United States'' and inserting ``citizen of the United States or a national of the United States, as defined in section 1101(a)(22) of the Immigration and Nationality Act (8 U.S.C. 1101(a)(22))''.] TITLE XVI--TRANSPORTATION SECURITY Subtitle A--General Provisions SEC. 1601. DEFINITIONS. In this title: (1) Administration.--The term ``Administration'' means the Transportation Security Administration. (2) Administrator.--The term ``Administrator'' means the Administrator of the Transportation Security Administration. (3) Security-related technology.--The term ``security-related technology'' means any technology that assists the Administration in the prevention of, or defense against, threats to United States transportation systems, including threats to people, property, and information. Subtitle B--Transportation Security Administration Acquisition Improvements SEC. 1611. MULTIYEAR TECHNOLOGY INVESTMENT PLAN. (a) In General.--The Administrator-- (1) not later than 180 days after the date of enactment of the Transportation Security Acquisition Reform Act, shall develop and transmit to Congress a strategic multiyear technology investment plan, which may include a classified addendum to report sensitive transportation security risks, technology vulnerabilities, or other sensitive security information; and (2) to the extent possible, shall publish such plan in an unclassified format within the public domain. (b) Consultation.--The Administrator shall develop the multiyear technology investment plan in consultation with the Under Secretary for Management, the Chief Information Officer, and the Under Secretary for Science and Technology. (c) Approval.--The Secretary must have approved the multiyear technology investment plan before it is published under subsection (a)(2). (d) Contents of Plan.--The multiyear technology investment plan shall include the following: (1) An analysis of transportation security risks and the associated technology gaps, including consideration of the most recent Quadrennial Homeland Security Review under section 707. (2) A set of transportation security-related technology acquisition needs that-- (A) is prioritized based on risk and gaps identified under paragraph (1); and (B) includes planned technology programs and projects with defined objectives, goals, and measures. (3) An analysis of current trends in domestic and international passenger travel. (4) An identification of currently deployed security- related technologies that are at or near the end of their lifecycle. (5) An identification of test, evaluation, modeling, and simulation capabilities that will be required to support the acquisition of the security-related technologies to meet those needs. (6) An identification of opportunities for public- private partnerships, small and disadvantaged company participation, intragovernment collaboration, university centers of excellence, and national laboratory technology transfer. (7) An identification of the Administration's acquisition workforce needs that will be required for the management of planned security-related technology acquisitions, including consideration of leveraging acquisition expertise of other Federal agencies. (8) An identification of the security resources, including information security resources, that will be required to protect security-related technology from physical or cyber theft, diversion, sabotage, or attack. (9) An identification of initiatives to streamline the Administration's acquisition process and provide greater predictability and clarity to small, medium, and large businesses, including the timeline for testing and evaluation. (e) Leveraging the Private Sector.--To the extent possible, and in a manner that is consistent with fair and equitable practices, the plan shall-- (1) leverage emerging technology trends and research and development investment trends within the public and private sectors; (2) incorporate feedback and input received from the private sector through requests for information, industry days, and other innovative means consistent with the Federal Acquisition Regulation; and (3) leverage market research conducted by the Under Secretary for Science and Technology to identify technologies that exist or are in development that, with or without adaptation, could be utilized to meet mission needs. (f) Disclosure.--The Administrator shall include with the plan required under this section a list of any nongovernment persons that contributed to the writing of the plan. (g) Update and Report.--Once every 2 years after the initial strategic plan is transmitted to Congress, the Administrator shall transmit to Congress an update of the plan and a report on the extent to which each security-related technology acquired by the Administration since the last issuance or update of the plan is consistent with the planned technology programs and projects identified under subsection (d)(2) for that technology. SEC. 1612. ACQUISITION JUSTIFICATION AND REPORTS. (a) Acquisition Justification.--Before the Administration implements any security-related technology acquisition, the Administrator shall, in accordance with the Department's policies and directives, conduct a comprehensive analysis to determine whether the acquisition is justified. The analysis shall include, but may not be limited to, the following: (1) An identification of the type and level of risk to transportation security that would be addressed by such technology acquisition. (2) An assessment of how the proposed acquisition aligns to the multiyear technology investment plan developed under section 1611. (3) A comparison of the total expected lifecycle cost against the total expected quantitative and qualitative benefits to transportation security. (4) An analysis of alternative security solutions to determine if the proposed technology acquisition is the most effective and cost-efficient solution based on cost-benefit considerations. (5) An evaluation of the privacy and civil liberties implications of the proposed acquisition, and a determination that the proposed acquisition is consistent with fair information practice principles issued by the Privacy Officer of the Department. To the extent practicable, the evaluation shall include consultation with organizations that advocate for the protection of privacy and civil liberties. (6) Confirmation that there are no significant risks to human health and safety posed by the proposed acquisition. (b) Reports and Certification to Congress.-- (1) In general.--Not later than the end of the 30-day period preceding the award by the Administration of a contract for any security-related technology acquisition exceeding $30,000,000, the Administrator shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate the results of the comprehensive acquisition analysis required under this section and a certification by the Administrator that the security benefits justify the contract cost. (2) Extension due to imminent terrorist threat.--If there is a known or suspected imminent threat to transportation security, the Administrator may reduce the 30-day period under paragraph (1) to 5 days in order to rapidly respond. (3) Notice to congress.--The Administrator shall provide immediate notice of such imminent threat to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate. SEC. 1613. ACQUISITION BASELINE ESTABLISHMENT AND REPORTS. (a) Baseline Requirements.-- (1) In general.--Before the Administration implements any security-related technology acquisition, the appropriate acquisition official of the Department shall establish and document a set of formal baseline requirements. (2) Contents.--The baseline requirements shall-- (A) include the estimated costs (including lifecycle costs), schedule, and performance milestones for the planned duration of the acquisition; and (B) identify the acquisition risks and a plan for mitigating these risks. (3) Feasibility.--In establishing the performance milestones under paragraph (2), the appropriate acquisition official of the Department shall, to the extent possible and in consultation with the Under Secretary for Science and Technology, ensure that achieving these milestones is technologically feasible. (4) Test and evaluation plan.--The Administrator, in consultation with the Under Secretary for Science and Technology, shall develop a test and evaluation plan that, at a minimum, describes-- (A) the activities that will be required to assess acquired technologies against the performance milestones established under paragraph (2); (B) the necessary and cost-effective combination of laboratory testing, field testing, modeling, simulation, and supporting analysis to ensure that such technologies meet the Administration's mission needs; and (C) an efficient schedule to ensure that test and evaluation activities are completed without undue delay. (5) Verification and validation.--The appropriate acquisition official of the Department-- (A) subject to subparagraph (B), shall utilize independent reviewers to verify and validate the performance milestones and cost estimates developed under paragraph (2) for a security-related technology that pursuant to section 1611(d)(2) has been identified as a high priority need in the most recent multiyear technology investment plan; and (B) shall ensure that the utilization of independent reviewers does not unduly delay the schedule of any acquisition. (6) Streamlining access for interested vendors.--The Administrator shall establish a streamlined process for an interested vendor of a security-related technology to request and receive appropriate access to the baseline requirements and test and evaluation plans that are necessary for the vendor to participate in the acquisitions process for such technology. (b) Review of Baseline Requirements and Deviation; Report to Congress.-- (1) Review.-- (A) In general.--The appropriate acquisition official of the Department shall review and assess each implemented acquisition to determine if the acquisition is meeting the baseline requirements established under subsection (a). (B) Test and evaluation assessment.--The review shall include an assessment of whether the planned testing and evaluation activities have been completed and the results of such testing and evaluation demonstrate that the performance milestones are technologically feasible. (2) Report.-- (A) In general.--The Administrator shall report to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate the results of any assessment that finds that-- (i) the actual or planned costs exceed the baseline costs by more than 10 percent; (ii) the actual or planned schedule for delivery has been delayed by more than 180 days; or (iii) there is a failure to meet any performance milestone that directly impacts security effectiveness. (B) Cause.--The report shall include the cause for such excessive costs, delay, or failure, and a plan for corrective action. (C) Timeliness.--The report required under this section shall be provided to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate no later than 30 days after identifying such excessive costs, delay, or failure. SEC. 1614. INVENTORY UTILIZATION. (a) In General.--Before the procurement of additional quantities of equipment to fulfill a mission need, the Administrator shall, to the extent practicable, utilize any existing units in the Administration's inventory to meet that need. (b) Tracking of Inventory.-- (1) Location.--The Administrator shall establish a process for tracking the location of security-related equipment in such inventory. (2) Utilization.--The Administrator shall-- (A) establish a process for tracking the utilization status of security-related technology in such inventory; and (B) implement internal controls to ensure accurate data on security-related technology utilization. (3) Quantity.--The Administrator shall establish a process for tracking the quantity of security-related equipment in such inventory. (c) Logistics Management.-- (1) In general.--The Administrator shall establish logistics principles for managing inventory in an effective and efficient manner. (2) Limitation on just-in-time logistics.--The Administrator may not use just-in-time logistics if doing so would-- (A) inhibit necessary planning for large- scale delivery of equipment to airports or other facilities; or (B) unduly diminish surge capacity for response to a terrorist threat. SEC. 1615. SMALL BUSINESS CONTRACTING GOALS. Not later than 90 days after the date of enactment of the Transportation Security Acquisition Reform Act, and annually thereafter, the Administrator shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report that includes the following: (1) A restatement of the Administration's published goals for contracting with small businesses, including small and disadvantaged businesses, and the Administration's performance record with respect to meeting those goals during the preceding fiscal year. (2) If such goals were not met, or the Administration's performance was below the published goals of the Department, an itemized list of challenges, including deviations from the Administration's subcontracting plans and the extent to which contract bundling was a factor, that contributed to the level of performance during the preceding fiscal year. (3) An action plan, with benchmarks, for addressing each of the challenges identified in paragraph (2), prepared after consultation with the Secretary of Defense and the heads of Federal departments and agencies that achieved their published goals for prime contracting with small and minority owned businesses, including small and disadvantaged businesses, in prior fiscal years, to identify policies and procedures that could be incorporated at the Administration in furtherance of achieving the Administration's published goal for such contracting. (4) The status of implementing such action plan that was developed in the preceding fiscal year in accordance with paragraph (3). SEC. 1616. CONSISTENCY WITH THE FEDERAL ACQUISITION REGULATION AND DEPARTMENTAL POLICIES AND DIRECTIVES. The Administrator shall execute responsibilities set forth in this subtitle in a manner consistent with, and not duplicative of, the Federal Acquisition Regulation and the Department's policies and directives. * * * * * * *