The Transportation Security Administration (TSA) has published its Open Architecture (OA) Roadmap that defines TSA’s long-term strategy to enhance screening capabilities. The roadmap’s themes and objectives align with the Administrator’s Intent, which was released on July 6.
By TSA’s own admission, its current security screening system is “highly complex with limited data or interface standardization”. TSA says this lack of standardization “presents barriers to TSA achieving the desired security posture” and “hinders its ability to rapidly deploy innovative screening solutions to the field to respond to the evolving threat environment” as well as “increasing the burden on our frontline officers who must perform their critical screening functions with cumbersome procedures, complex training, and varying user interfaces”.
Open Architecture is a technology-design approach for software and hardware that uses widely accepted standards to ensure interoperability across tools and platforms regardless of the technology designer, manufacturer or supplier. This approach increases the number of available partners who can supply improved technology quickly and at a lower cost. It also affords TSA the ability to use strategic industry and international partnerships that allow for the adoption of increasingly interconnected technologies while employing advanced cybersecurity capabilities.
TSA released the roadmap in draft form in February in order to elicit comments from industry.
“Open architecture directly supports TSA’s mission and its workforce, while further protecting the nation’s transportation systems,” said TSA Administrator David Pekoske. “This roadmap outlines how TSA will prioritize agile and flexible technologies that strengthen our ability to quickly develop, test, deploy and maintain new capabilities. All future contracting efforts for TSA’s airport security screening solutions will require vendors to provide equipment or software that comes from a common software framework, is interoperable, can be easily upgraded and is resilient to emerging cybersecurity threats.”
To fully implement capabilities in an integrated, networked transportation security environment, the roadmap states that TSA must improve cybersecurity, using approaches such as the Zero-Trust Model, throughout the design, development, and testing processes to include planned lab and field demonstrations.
TSA has a history of supporting OA concepts dating back to 2010, including working in partnership with industry partners to establish the first security image data standard. During the past five years, TSA has accelerated its efforts related to OA and is well positioned to take the next steps to operationalize mature OA concepts while applying lessons learned from other government efforts and TSA’s innovation experience. TSA further aims to use the best practices of the Department of Defense Modular Open Systems Approach to achieve its goals and objectives.
As passenger volumes increase, the space needed to conduct current screening approaches will not keep pace. Therefore, TSA must use OA principles to find solutions to reduce false alarms, improve officer performance through simplifying the screening process, and establish capabilities for improving overall equipment use (for example, remote screening).
The current acquisition framework largely consists of implementing single unit, mission capable systems, which are self-contained and use vendor proprietary hardware and software. To realize the full benefits of OA, TSA will work within the acquisition framework to tailor acquisition activities and strategies. TSA says tailored acquisitions will enable it to develop, test, deploy, and maintain new capabilities rapidly and efficiently.
The successful implementation of TSA’s OA Roadmap will require coordination across a wide range of partners like government agencies, stakeholder organizations, industry and international partners, national labs, academia, airlines and airports. For example, the One-Stop Security program is a partnership with TSA, U.S. Customs and Border Protection, and several domestic and international partners working towards a security solution alleviating the need to rescreen passengers and luggage when traveling into the United States and abroad.
Success in OA also depends on common and accessible data and interface formats. To this end, TSA will partner with industry stakeholders to identify appropriate standards for adoption. Standardization will improve TSA’s ability to provide consistent training, implement best practices for human factors, share information in real time for backend development and analytical purposes, allow for component level testing, and apply risk-based screening methodologies while optimizing the use of screening solutions. TSA will provide a means to update, maintain, and evolve solutions over time to ensure continued interoperability and an ability to align with industry best practices and innovation. In addition, TSA states in the roadmap that it will be intentional and transparent about adopting standards to promote innovation in the market while avoiding impeding delivery of mission critical capability to the field.
TSA also aims to establish comprehensive and high-quality screening data sets and improved pathways to share data with approved vendors to develop and test solutions. TSA will partner with government, industry, and stakeholder organizations to define appropriate data collection, annotation, storage, and distribution methodologies.
Ultimately, TSA’s OA vision is a connected transportation system of systems in which state-of-the-art solutions are quickly adopted to address emerging threats and enables a dynamic screening environment. TSA says that its current operating models, policies, processes, and resourcing will need to be evaluated to ensure an effective long-term strategy that aligns with internal and external stakeholders. “We understand that the strategy, objectives, and goals outlined in this roadmap are not without challenges,” the document states. “TSA will take advantage of OA capabilities to incrementally evolve existing policies and processes in collaboration with our stakeholders to minimize risk and apply lessons learned.”
Going forward, TSA will communicate major strategy updates to industry and will establish a comprehensive field engagement strategy to ensure adopted solutions are successfully implemented.