The Transportation Security Administration (TSA) has developed a required strategy with 12 initiatives to promote innovation in security technology and get more diverse small businesses into the market. A Government Accountability Office (GAO) review has found this strategy includes the required elements, such as the identification of barriers to entering the market that small businesses face. However, the watchdog said TSA must now develop ways to effectively measure how well each is working.
TSA relies heavily on a range of technologies – including explosives detection systems, access control, surveillance and biometrics – to secure the travel of about 2.8 million passengers, and screen 1.4 million checked bags and 5.1 million carry-on bags every day at 440 airports. In fiscal year 2020, TSA obligated more than $1.8 billion in contract awards, of which, nearly $521 million was awarded to small businesses.
TSA places approved systems on qualified products lists, which contain systems that successfully complete its test and evaluation process and are approved by the Department of Homeland Security. Once a system is on a qualified products list, the small business can participate in TSA’s procurement process. However, placement on a qualified products list does not guarantee that the vendor will receive a procurement contract.
The strategy under review, TSA Efforts to Diversify Security Technology, established in January 2020, outlines strategic initiatives to increase small business participation in its marketplace. GAO found the strategy’s initiatives are generally consistent with common practices cited by comparable federal agencies, including vendor outreach and linking small businesses together with bigger contractors.
TSA included in its strategy five barriers that small businesses face in entering its technology security marketplace, which can ultimately contribute to small businesses’ lack of success in obtaining federal contracts. These barriers include:
Identifying security requirements and capability gaps. TSA has historically shared limited information regarding the prioritization and resulting impacts on requirements with industry, making it difficult for small businesses to adapt to changing requirements.
Systems architecture. TSA’s current security equipment is highly complex and proprietary with little data, image or interface standardization. As such, TSA relies solely on the equipment manufacturers and existing contracting mechanisms for software, hardware, or firmware upgrades, or entirely new components (e.g., credential authentication technology) for operational improvements, limiting opportunities for small businesses.
Test and evaluation process. Traditionally, the testing, evaluation, and acquisition process takes time and requires a sizable upfront capital investment for vendors.
Acquisition and procurement strategies. Policies promoting fair and open competition may not allow for consideration of factors that may affect small businesses’ ability to compete, such as not having significant work experience with the federal government.
Resources available to small business innovators. The typical federal procurement and acquisition process can be an extremely expensive endeavor for small business concerns that have not previously worked with federal agencies. As a result, small businesses can find themselves at a disadvantage as they may not have the resources to go through the entire procurement process.
Small business leaders told GAO that they agreed with these five barriers. Of particular concern among small business was the lack of a clear, five-year plan that outlines future technology needs. According to TSA, in response to the Transportation Security Acquisition Reform Act of 2014, the agency produced a five-year technology investment plan that outlines its future procurement needs.25 In the plan, TSA states that it will provide updates regarding its technology investment efforts to stakeholders, including small businesses at industry events and conferences. While TSA has developed its plan, small business owners told GAO that TSA could do a better job informing small businesses in a timely manner of plans to improve existing technologies or develop new ones. Other small businesses recognized that TSA could improve on defining its security requirements up front and providing a realistic plan on how the agency plans to acquire those security technologies. TSA officials stated that two initiatives, scheduled to be implemented in 2021, are designed to provide industry partners additional tools to enhance innovation.
GAO’s review found that while TSA’s strategy includes an implementation plan over a four-year phased approach – outlining activities, milestones, and some output metrics – the plan does not include clear performance measures to assess progress in increasing opportunities for small business to enter TSA’s security technology marketplace.
TSA has made some progress in identifying output-oriented metrics, such as the number of small businesses that participate in TSA-led events and number of solicitations and awards executed, among others. For example, TSA hosts a day-long event called, “Industry Day” which aims to bring together industry partners and TSA experts to discuss operational challenges and best practices on innovative security operations. At these events, TSA collects output metrics, such as the number of small businesses who participated in these events, number of participants who have never contracted with TSA before, and number of participants who submitted proposals in response to TSA solicitations. But GAO said that while the information collected is helpful for TSA to know characteristics of industry partners attending the event, it does not help determine how collaboration with these partners results in their technologies being placed on TSA’s Qualified Products List. Officials from five small businesses GAO met with acknowledged TSA’s Industry Day events were useful opportunities to share information. However, one noted that there was an expectation that the business was already familiar with TSA’s acquisition process and fundamental information on the process was not available.
TSA has also not developed a process to collect data on small businesses’ progress across all its acquisition phases to assess if TSA’s initiatives are effective. Specifically, TSA does not collect data, such as capturing the overall time, costs, and ability to meet security requirements, on small businesses’ progress in moving through this process. As such, TSA does not identify where or when small business experiences challenges along its acquisition process.
On funding, officials from two small businesses GAO interviewed expressed concern regarding TSA’s inability to expand its public-private partnership effort through the DHS Small Business Innovation Research program (SBIR). They stated that small businesses constantly struggle with securing funds to compete with large businesses and that leveraging SBIR could alleviate some of the financial burden small businesses face and incentivize innovation.
Ultimately, GAO said it is too soon to tell whether the 2020 strategy’s efforts will increase small business participation in its security technology marketplace, but has made two recommendations to help TSA meet its mission to do so.
First, TSA should develop outcome-oriented performance measures to help it assess the effectiveness of its strategic initiatives in diversifying its marketplace. Second, TSA should collect data, where appropriate, on small businesses’ progress across its acquisition phases to determine how, where, and when it can better target its strategic initiatives or if other initiatives should be considered. TSA concurred with both recommendations and stated that it plans to develop outcome-oriented performance measures that will be tracked on a quarterly basis. Moreover, TSA plans to collect data and explore new methods to monitor small businesses’ progress along the acquisition lifecycle process. All work is expected to be completed by November 30, 2021.