On October 29, the Government Accountability Office (GAO) testified on the progress made by the Transportation Security Administration (TSA) in areas mandated by the TSA Modernization Act.
The Act includes provisions intended to enhance security across a broad range of systems and further calls on GAO to review TSA’s progress in these areas. GAO’s testimony also highlighted areas for improvement:
International aviation security. In December 2017, GAO reported that TSA had taken steps to enhance its foreign airport assessments. Since that time, TSA has developed a tool to better track and address foreign airport vulnerabilites. In addition, TSA reviews security directives and emergency amendments it issues to address security concerns.
However, TSA’s review process does not fully define how to coordinate with industry representatives and it has not determined if it is appropriate to incorporate the security measures of many longstanding directives into air carrier security programs in accordance with TSA policy. In October 2019, GAO recommended, and TSA officals agreed, that TSA better define how to coordinate with air carriers when reviewing directives and when to incorporate directives into security programs.
Passenger screening rules. TSA develops screening rules by considering current intelligence and other factors to identify passengers who fall within the scope of the rules for enhanced screening. GAO found that TSA coordinates rules reviews through quarterly meetings and notifies an expanded set of DHS and TSA stakeholders of rule changes as called for by the Act.
TSA tracks some data on rule implementation but does not comprehensively measure rule effectiveness. In its draft report, GAO recommended that TSA explore additional data sources for measuring the effectiveness of its rules. TSA is currently reviewing this recommendation.
Aviation screening technologies. GAO found that TSA does not ensure that screening technologies continue to meet detection requirements after they have been deployed to airports. According to officials, the agency uses certification—a step in the test and evaluation process—to confirm that technologies meet detection requirements before they are deployed to airports, and calibration of the technologies to confirm that technologies are at least minimally operational while in use at airports. While these processes serve important purposes, performance can degrade over time. In its draft report, GAO recommended that TSA implement a process to ensure technologies continue to meet detection requirements after deployment. TSA is currently reviewing this recommendation.
Surface transportation pipeline security. In December 2018, GAO identified some weaknesses and made recommendations to strengthen TSA’s management of key aspects of its pipeline security program. For example, TSA does not have a strategic workforce plan to help ensure it identifies the skills and competencies—such as the required level of cybersecurity expertise—necessary to carry out its pipeline security responsibilities. GAO recommended, and TSA concurred, that TSA develop a strategic workforce plan. As of October 2019, TSA has not yet fully addressed this recommendation.
The House Homeland Security Subcommittee on Transportation and Maritime Security held a hearing on the TSA Modernization Act following the publication of GAO’s report. During this hearing, it was stressed that the leadership gaps and “chaos” in DHS has had a heavy impact on TSA as Administrator Pekoske has been drafted in to support other DHS areas – a problem further compounded by McAleenan’s planned departure. President Trump is yet to select a successor despite a promise made two weeks ago. While McAleenan promised to work to ensure a smooth transition with his successor, he has been winding down his commitment to a role where he sees no future. At the Subcommittee hearing, TSA Acting Deputy Administrator Patricia Cogswell confirmed that she has taken on some of Pekoske’s duties but that the two work closely together to determine direction.
Of the Modernizaton Act, Cogswell told the hearing that 2019 was the “year of implementation” and that as of October 29, TSA had implemented more than 60% of the 180 requirements mandated by the act and 72% of those with specific deadlines.
The completed requirements include a global aviation security review, the creation of an air cargo division, establishing a surface transportation advisory committee, initiating a pilot program to test CT technology for air cargo applications, and executing an automated exit lane technology pilot program.
Looking ahead, Cogswell said TSA is planning a roadmap for mitigating insider risk for all modes of transportation, as well as fulfilling the remaining requirements from the Act.