Nearly 14 years since the Transportation Security Administration (TSA) was established, the Department of Homeland Security’s (DHS) Inspector General (IG) told a congressional committee hearing Wednesday “we remain deeply concerned about its ability to execute its important mission."
"Since 2004, we have published more than 115 audit and inspection reports about TSA’s programs and operations, [and] have issued hundreds of recommendations to attempt to improve TSA’s efficiency and effectiveness,” Department of Homeland Security IG John Roth said at a House Committee on Oversight and Government Reform Wednesday morning.
Since July 2013 alone, Roth noted, the IG has issued 13 audit reports exposing TSA’s vulnerabilities and challenges, especially passenger and baggage screening, access controls to secured areas, workforce integrity and TSA’s operations.
This week, Homeland Security Today reported, an IG audit report stated US airline passengers appear to have been in potential jeopardy to terrorist attacks for nearly a decade because TSA hasn’t properly managed the maintenance of its airport screening equipment.
Consequently, the IG stated, TSA may have to be using other screening measures that “may be less effective at detecting dangerous items.”
Roth acknowledged to the committee that “TSA’s mission—to protect the nation’s transportation systems to ensure freedom of movement for people and commerce—is incredibly difficult … it is a massive operation, with a budget of more than $7.2 billion in Fiscal Year 2015. Each day, TSA screens about 1.8 million passengers and about 3 million carry-on bags at 450 airports nationwide.”
However, he emphasized, “we face a classic asymmetric threat in attempting to secure our transportation security,” and “TSA cannot afford to miss a single, genuine threat without potentially catastrophic consequences … a terrorist only needs to get it right once.”
Roth said, “TSA’s 50,000 transportation security officers (TSO) spend long hours performing tedious tasks that require constant vigilance,” and that “complacency can be a huge detriment to TSA’s ability to carry out its mission. Ensuring consistency across DHS’s largest workforce would challenge even the best organization.”
Roth outlined a number of problematic issues, such as the results of a series of covert penetration testing of TSA’s ability to stop undercover IG agents from bringing simulated explosives and weapons through checkpoints, as well as testing whether we could enter secured areas through other means.
“Although the results of those tests are classified, we identified vulnerabilities caused by human and technology-based failures,” Roth told the committee.
The IG’s office also has audited and reported on TSA’s acquisitions, the results of which revealed that, “TSA faces significant challenges in contracting for goods and services. Despite spending billions on aviation security technology, our testing of certain systems has revealed no resulting improvement.”
In addition, Roth told lawmakers, “We have examined the performance of TSA’s workforce, which is largely a function of who is hired and how they are trained and managed. Our audits have repeatedly found that human error—often a simple failure to follow protocol—poses significant vulnerabilities.”
Roth’s office also investigated “how TSA plans for, buys, deploys and maintains its equipment, and found challenges at every step in the process. These weaknesses have a real and negative impact on transportation security as well.”
While Roth said TSA needs to be applauded for its “efforts to use risk-based passenger screening because it allows TSA to focus on high- or unknown-risk passengers instead of known, vetted passengers who pose less risk to aviation security … we have deep concerns about some of TSA’s decisions about this risk. For example, we recently assessed the PreCheck initiative, which is used at about 125 airports to identify low-risk passengers for expedited airport checkpoint screening.”
“Since 2012,” Roth reported, “TSA has massively increased the use of PreCheck, allowing expedited screening for nearly half of the flying public. TSA did so in four ways:”
- Granted PreCheck eligibility to other federal government-vetted or known flying populations, such as those in the CBP Trusted Traveler Program;
- Established and increased the PreCheck application program, which requires individualized security threat assessment vetting;
- Implemented risk assessment rules; and
- Used “managed inclusion” for the general public, allowing random passengers access to PreCheck lanes without having assessed their risk.
As a result of the IG’s inspection, we concluded that the first two methods are sound approaches to increasing the PreCheck population, but the latter two create security vulnerabilities. Based on our review, we believe TSA needs to modify the initiative’s vetting and screening processes. We also determined that PreCheck communication and coordination need improvement.”
TSA did not concur with the majority of the IG’s 17 recommendations, which Roth told the committee his office believes “represents TSA’s failure to understand the gravity of the situation.”
“As an example of PreCheck’s vulnerabilities,” Roth explained, “we recently reported that, through risk assessment rules, a felon was granted expedited screening through PreCheck. The traveler was a former member of a domestic terrorist group and, while a member, was involved in numerous felonious criminal activities that led to arrest and conviction. After serving a multiple-year sentence, the traveler was released from prison.”
“The traveler was sufficiently notorious that a TSO recognized the traveler, based on media coverage,” Roth explained. “In scanning the traveler’s boarding pass, the TSO received notification that the traveler was PreCheck eligible. The TSO, aware of the traveler’s disqualifying criminal convictions, notified his supervisor who directed him to take no further action and allow the traveler to proceed through the PreCheck lane.”
Continuing, Roth said, “TSA agreed to modify its standard operating procedures to clarify TSOs’ and supervisory TSOs’ authority in referring passengers with PreCheck boarding passes to standard screening lanes when they believe it is warranted.”
“However,” Roth pointed out to the oversight committee, “TSA disagreed with our recommendation regarding the Secure Flight program. The failure to implement this recommendation perpetuates a security vulnerability.”
Jennifer Grover, director of homeland security and justice issues at the Government Accountability Office, told the committee Wednesday that, “TSA has taken steps to improve oversight of Secure Flight—a passenger prescreening program that matches passenger information against watch lists to assign each passenger a risk category—but could take further action to address screening errors. In September 2014, GAO reported that TSA lacked timely and reliable information on system matching errors—instances where Secure Flight did not identify passengers who were actual matches to watch lists. GAO recommended that TSA systematically document such errors to help TSA determine if actions can be taken to prevent similar errors from occurring.”
Grover said, “DHS concurred and has developed a mechanism to do so, but has not yet shown how it will use this information to improve system performance.”
Earlier this month, Homeland Security Today reported, legislation was introduced in the House that would address serious security vulnerabilities identified by DHS’s Inspector General and Comptroller General about how TSA carries out expedited airport checkpoint screening.
The legislation came on the heels of TSA having drawn fire during another congressional hearing in March over the incident Roth told the House Oversight Committee about Wednesday in which a former member of a domestic terrorist group convicted of murder and other crimes involving explosives “was permitted to travel with expedited screening through the PreCheck process.”
Roth said his office is “pleased … that bipartisan legislation has been introduced to address this issue. The legislation, known as the Securing Expedited Screening Act (HR 2127), would direct TSA to make expedited screening available only to individuals who are vetted PreCheck participants and to people TSA identifies as known-risk and low-risk, such as those enrolled in CBP’s Global Entry program or other DHS trusted traveler programs. We support this legislation and believe it represents an important step forwardin transportation security.”
Continuing, Roth told the committee “there are vulnerabilities in TSA’s screening operations, caused by a combination of technology failures and human error.”
Since 2004, the IG conducted eight covert penetration testing audits on passenger and baggage screening operations. Because these audits involved covert testing and contain classified or Sensitive Security Information, Roth could only discuss the results in general terms at the hearing.
“One penetration testing audit identified vulnerabilities in TSA’s use of Advanced Imaging Technology (AIT) equipment at domestic airports,” Roth said, noting that, “TSA acknowledged that it could improve operation of new passenger screening technologies to prevent individuals with threat objects from entering airport secure areas undetected and agreed to take the necessary steps to increase AIT’s effectiveness.”
“In September 2014, we reported the classified results of our tests of checked baggage screening. We also reported that TSA did not have a process to assess the causes of equipment-based test failures or the capability to independently evaluate whether deployed explosive detection systems were operating at the correct detection standards,” Roth reported, adding that, “According to TSA, since 2009, it had spent $540 million for checked baggage screening equipment and $11 million for training.”
Despite that investment, though, “TSA had not improved checked baggage screening since our 2009 report on the same issue,” Roth stated.
Currently, Roth’s office is “conducting covert testing to evaluate the effectiveness of TSA’s Automated Target Recognition software and checkpoint screener performance in identifying and resolving potential security threats at airport checkpoints.”
“Once that testing is completed and evaluated,” he said, “we will report our results to the [DHS] secretary and Congress.”
Roth went to report problems dealing with access controls to secure areas and workforce integrity, and TSA operations and management oversight.
In conclusion, Roth stated, “TSA has taken some steps to implement our recommendations and address security vulnerabilities. Nevertheless, some problems appear to persist. TSA cannot control all risks to transportation security and unexpected threats will arise that will require TSA to improvise, but other issues are well within TSA’s control. Sound planning and strategies for efficiently acquiring, using and maintaining screening equipment that operates at full capacity to detect dangerous items, for example, would go a long way toward improving overall operations. Better training and better management of TSOs would help mitigate the effects of human error that, although never eliminated, can be reduced. Taken together, TSA’s focus on its management practices and oversight of its technical assets and its workforce would help enhance security, as well as customer service, for air passengers.”
