A recent internal investigation by the Transportation Security Administration (TSA) and Department of Homeland Security’s (DHS) Office of Inspector General (IG) to test airport screeners and screening technology across the nation discovered numerous security failures at dozens of the nation’s busiest airports.
Undercover investigators posing as legitimate airline passengers for TSA and the IG also managed to smuggle fake explosives and other prohibited weapons through checkpoints in 95 percent of trials, the IG reported.
The series of tests were conducted by DHS “Red Teams” who pose as passengers attempting to deliberately defeat TSA airport screeners and technology.
During the latest covert testing, TSA screeners failed 67 out of 70 tests (or 96 percent of the time) performed by Red Team members who were able to get weapons past TSA airport security checkpoints.
The results aren’t altogether surprising because clandestine Red Team tests like this are supposed to stress the screening process in order to improve it, but such undercover penetration testing since at least 2007 have repeatedly uncovered the same problems. It’s the same concept that’s central to large scale emergency preparedness drills performed by DHS and other federal and state and local agencies to determine where the “stress points” are in the response to catastrophic events.
TSA’s problems in detecting firearms during recent covert penetration testing raises serious concerns given the fact that 2014 was the fifth consecutive year in which TSA screeners discovered record-setting numbers of firearms, 2,212 — more than six firearmsper day — discovered in carry-on bags at airport security checkpoints across the country, This represented a 22 percent increase in firearm discoveries from last year’s total of 1,813, according to TSA.
The successively record-breaking number of passengers trying to slip by TSA screeners with a handgun in a carry-on bag also comes at a time when the threat of homegrown Islamist jihadists is growing.
Of the 2,212 firearms found in carry-on bags in 2014, 83 percent were loaded and dozens had a round chambered. Firearms were intercepted at a total of 224 airports; 19 more airports than last year.
Of the 1,813 firearms TSA screeners found in carry-on bags in 2013, 1,477 (81 percent) were loaded. Firearms were intercepted at a total of 205 airports with Atlanta on top of the list for the most firearms intercepted (111).
Firearms confiscated by TSA screeners at 199 airports in carry-on bags in 2013 was a 16.5 percent increase (257) over the 1,556 firearms — or more than four firearms a day — discovered in 2012. A whopping 78.7 percent (1,215) were loaded and dozens had a round chambered.
The number of handguns confiscated in 2012 was up from the 1,320 handguns discovered by TSA screeners in 2011, which in turn was up from the 1,123 firearms screeners found in 2010.
As in the previous four years, the majority of handguns found in carry-on bags were loaded and many had a bullet chambered.
A record number of firearms discovered in one day was set on June 4, 2014, when 18 firearms were discovered at airports across the country in carry-on bags, breaking the previous record of 13 set in 2013, TSA said.
Among the “artfully concealed” firearms TSA found in 2014 was a disassembled .22 caliber firearm discovered in a carry-on bag at John F. Kennedy International Airport. Various components of the gun were found hidden inside a PlayStation 2 console.
An assault rifle with three loaded magazines was discovered at the Dallas Love Field checkpoint.
A loaded folding-stock rifle with two loaded magazines was discovered in a carry-on bag at Dallas/Fort Worth International Airport.
A 94-year-old man attempted to enter the checkpoint at LaGuardia Airport with a loaded .38 caliber revolver clipped to his belt.
A loaded 380. caliber firearm was discovered strapped to a passenger’s ankle after walking through a metal detector at Cincinnati/Northern Kentucky International Airport.
A loaded 380. caliber firearm was discovered in the rear pocket of a San Antonio International Airport passenger during advanced imaging technology screening.
“We know that the adversary innovates and we have to push ourselves to capacity in order to remain one step ahead,” a TSA official wrote on the agency’s blog in March 2013. “[O]ur testers often make these covert tests as difficult as possible.”
In a 2013 hearing on Capitol Hill, then-TSA administrator John Pistole described the Red Teams as “super terrorists” who know precisely which weaknesses to exploit.
“[Testers] know exactly what our protocols are. They can create and devise and conceal items that … not even the best terrorists would be able to do,” Pistole told lawmakers.
So, if insiders or terrorists who’ve managed to get employed by TSA with access to sensitive processes and security protocols, “then you’ve got one helluva a serious problem,” a DHS counterterrorism official told Homeland Security Today on background.
Homeland Security Today reported in November 2007 that investigators for Congress’ investigative arm, the Government Accountability Office (GAO), repeatedly were able to smuggle liquid bomb and other explosives components through dozens of TSA airport screening checkpoints that, once on board a plane, could have been assembled in as little as ten minutes. If successfully detonated, they could potentially have caused a “catastrophic” explosion, two senior GAO officials told lawmakers at the time.
Because of the obvious security concerns, GAO officials who testified before the House Committee on Oversight and Government Reform could not say which airports they slipped by screeners, but John Cooney, assistant director of GAO Forensic Audits and Special Investigations, assured the Committee “we got through!”
GAO’s undercover investigators actually got past TSA screeners with their liquid bomb-making components 19 times in 2007, and in 2006, they got past screeners 21 times with incendiary devices and bomb detonators that could have “caused not insignificant explosions.”
Counterterrorism authorities say the types of bomb-making components GAO investigators smuggled past security screeners can still be smuggled past TSA screeners at many of the nation’s airports. And every week, TSA reports having found “artfully concealed prohibited items … at checkpoints.”
In one of the latest tests, an undercover agent was initially detained after setting off a magnetometer alarm, but TSA screeners still failed to detect the fake explosive taped to the tester’s back during a pat down.
But this isn’t a recent problem
During the 2007 undercover tests, GAO investigators, including Cooney, got past screeners with liquid bomb-making components 19 times that year. In 2006, they got past screeners 21 times with incendiary devices and bomb detonators that could have “caused not insignificant explosions.”
GAO demonstrated the power of the explosives they managed to sneak onboard planes in videos which showed the explosive power of the components GAO’s investigators got by TSA screeners and onto passenger airliners.
But then TSA chief Edmond “Kip” Hawley said it was his understanding “that what was in [the GAO videos] was not what was brought through the checkpoint [by GAO].”
“And the reason that’s significant,” Hawley said, “is that you would have to have assembled the bomb past the checkpoint and there are measures in place between the checkpoint and the aircraft that would make it more difficult for somebody to therefore get there. So, as I said, you can get through a piece of it, like, for instance, you can get a piece through a checkpoint, perhaps, but there are other barriers on the way. And I just want to make clear that it was not a completed IED that went through and got on the aircraft.”
GAO’s Cooney disagreed. He told the Committee “after we got through the checkpoint, we did not construct the device, [but] we brought all the components onto the aircraft. That is not to say that we could not have constructed it on the aircraft. We could simply have gone to the lavatory on the aircraft once the plane was airborne and constructed the device there. So, we did bring all the components onto the aircraft.”
Later during the hearing, Hawley said again that it was his understanding that the potential bomb components shown being exploded in GAO’s videos were not the same bomb components GAO’s investigators sneaked past screeners.
“They were the same as in the video,” Cooney also said. Gregory D. Kutz, managing director of GAO Forensic Audits and Special Investigations said “Cooney is one of the ones who actually did the testing so he had first-hand knowledge of what was brought on the plane because he’s one of the ones who had it in his bags and on his person.”
In a joint statement, Kutz and Cooney assured “our tests clearly demonstrate that a terrorist group, using publicly available information and few resources, could cause severe damage to an airplane and threaten the safety of passengers by bringing prohibited IED and IID [improvised incendiary device] components through security checkpoints.”
Continuing, Kutz and Cooney testified that “given our degree of success, we are confident that our investigators would have been able to evade transportation security officers at additional airports had we decided to test them. We understand the challenges TSA faces in balancing security risks with the efficient movement of passengers; however, from a strict security standpoint, current policies allowing substantial carry-on luggage and related items through TSA checkpoints increases the risk of a terrorist successfully bringing an IED, an IID, or both onto an aircraft undetected. Even if current carry-on luggage policies are left unchanged, our testing shows that risks can be reduced through improvements in human capital, improved processes, and continued advances in technology.”
Using publicly available information easily found on the Internet, the GAO investigators identified two types of devices thata terrorist could use to cause severe damage to an airplane and threaten the safety of passengers.
The first device was an IED made up of two parts – a liquid explosive and a low-yield detonator. Although the detonator itself could function as an IED, investigators determined that it could also be used to set off a liquid explosive and cause even more damage. In addition, the second device was an IID created by combining commonly available products (one of which is a liquid) that TSA prohibits in carry-on luggage.
Investigators obtained the components for these devices at local stores and over the Internet for less than $150. Tests GAO performed at a national laboratory in July, in addition to prior tests in February 2006 that GAO performed in partnership with a law enforcement organization in the Washington, DC, metro area, clearly demonstrated that a terrorist using these devices could cause severe damage to an airplane.
While Hawley tended to downplay the seriousness of the blast of the bombs GAO investigators managed to get on board passenger planes, Kutz and Cooney were insistent that the bombs did indeed have the potential to cause a “catastrophic” effect that could possibly bring down an airliner.
They explained GAO investigators were able to devise methods to conceal the components for these explosives from TSA security officers, keeping in mind TSA policies related to liquids and other items, including prohibited items. By using concealment methods for the components, two GAO investigators demonstrated that it is possible to bring the components for several IEDs and one IID through TSA checkpoints and onto airline flights without being challenged by TSA officers.
Although in most cases, TSA security officers “appeared to follow TSA procedures and used technology appropriately,” GAO nevertheless “uncovered weaknesses in TSA screening procedures and other vulnerabilities as a result of these tests.”
“For example,” GAO reported, “although transportation security officers generally enforced TSA’s policies, investigators were able to bring a liquid component of the IID undetected through checkpoints by taking advantage of weaknesses identified in these policies. These weaknesses were identified based on a review of public information.
TSA determined that specific details regarding these weaknesses are sensitive security information and therefore were not detailed in Kutz and Cooney’s testimony. Further, GAO did not notice any difference between the performance of private screeners and transportation security officers during its tests.
Similarly, this reporter has repeatedly passed through screening checkpoints at several airports with liquids not in the required 1-quart zip-top bag in both carry-on luggage as well as on my person. Moreover, when going through security at JFK Airport a few months ago upon return from Nice, France, a variety of liquids of more than the allowable 3-ounces per container – and also not in a 1-quart zip-top bag – that were in a carry-on bag were never questioned. My travel companion also had identical liquids in identical containers that also weren’t in a 1-quart bagin a carry-on piece of luggage, and he, too, passed through security challenged.
GAO’s findings are “a scathing indictment of TSA’s passenger screening program,” said then Rep. Ed Markey, a senior member of the House Committee on Homeland Security, in an emailed statement. “Coming just months after a report detailing major problems with TSA’s screening for cargo containers carried on passenger planes, this new report added to the clarion call for action. [DHS] officials need to come up with much better answers about what’s going on here and how they’re going to fix an obviously broken system.”
GAO’s Kutz and Cooney stated, “put generally, we suggested [to TSA that], among other things, TSA establish, depending on airport capacity, one or more special passenger screening lines to screen individuals based on riskand individuals with special needs; introduce more aggressive, visible, and unpredictable deterrent measures into the passenger screening process at airports nationwide, to potentially include the implementation of enhanced individual search procedures (e.g., pat-downs and hand-wand screening) to detect concealed components; and continue to develop and deploy new technology to be used at passenger screening checkpoints that would be able to better detect concealed components.”
Hawley conceded that without the deployment of technology to detect liquids carried on a person, the ability of some people to pass through checkpoints carrying liquids concealed on their bodies will remain a gap in security. However, he indicated that in those instances when flyers are found with liquids in disallowed amounts or not in a zip-lock bag who are allowed through security, it’s because screeners are trained to think for themselves and to make decisions about who does and doesn’t pose a legitimate threat.
Both GAO and Hawley agreed that the only way to accurately detect for liquids – and other potentially prohibited materials – carried on every person going through security is to use technology like backscatter x-ray, which TSA has been testing and has requested Congress appropriate funding for in its FY 2008 budget. TSA also has requested funds to buy and deploy liquid explosives detection technology.
Backscatter x-rays detect objects on a person or in baggage by reflecting an x-ray beam from the x-ray source to a detector on the near side of what is being screened, thereby creating a photographic-like image devoid of the confusing lines, densities, patterns and overlapping shadows that traditional x-ray scanning machines create.
Based on insider information regarding backscatter technology made available to Homeland Security Today, this technology can easily detect det cord, blasting caps, etc. in a bag or concealed under a person’s clothing. Backscatter imaging can also detect a Glock 17 inside a briefcase which, if surrounded by many other items, might not necessarily be outlined by traditional penetrating x-ray scanning, as confidential imaging provided to Homeland Security Today revealed. The problem is compounded if the few metal components of a gun are broken down and the plastic pieces are carried on your person, authorities said. Screeners would have to be carefully trained to identify the metal parts. Officials have raised questions in recent years though whether all screeners are that well trained.
Also, because it can detect organic materials, backscatter x-raying can discern C-4 hidden in a video camcorder, inside a PDA, etc.
High-throughput personnel backscatter screening systems easily deployable at airports and can handle hundreds of persons per hour.
Then, in the fall of 2009, the threat of jihadi suicide bombers detonating explosives they’ve hidden inside their bodies revealed inadequate capabilities for detecting such threats. The concerns arose following the August 28 detonation of between 100 grams to one pound of explosives 23-year-old Al Qaeda suicide bomber Abdullah Hassan Tali’ Al Asiri had hidden in his rectum.
That Al Asiri exploded a bomb concealed on his person and defeated layers of Saudi security isn’t disputed. He had intended to kill Prince Mohammed bin Nayef, the Saudi Deputy Interior Minister in charge of Saudi Arabia’s counterterrorism efforts. The prince sustained only a minor injury from the blast.
But whether the bomb Al Asiri had secreted on him was concealed in his rectum or not, the fact is the notion that jihadist suicide bombers can hide a bomb rectally or surgically implanted in their bodies isn’t a new jihadist strategy. Homeland Security Today revealed in its August 2008 investigative report, Making Black Magic, that determined jihadists had begun to experiment with all sorts of innovative – bizarre even – ways to secret suicide bombs, including hiding potentially powerful explosives inside their bodies – a method of attack jihadists continue to discuss ways of carrying out.
Not the only serious problems in security
Last month, DHS IG John Roth provided a litany of TSA and airport security issues without going into substantive detail in testimony before the House Committee on Oversight and Government Reform.
“Unfortunately, although nearly 14 years have passed since TSA’s inception, we remain deeply concerned about its ability to execute its important mission. Since 2004, we have published more than 115 audit and inspection reports about TSA’s programs and operations,” and “have issued hundreds of recommendations to attempt to improve TSA’s efficiency and effectiveness.”
In his May 13 testimony, Roth pointed out that, “We have conducted a series of penetration tests – essentially testing TSA’s ability to stop us from bringing simulated explosives and weapons through checkpoints, as well as testing whether we could enter secured areas through other means. Although the results of these tests are classified, we identified vulnerabilities caused by human and technology-based failures.”
In addition, Roth stated, “We have examined the performance of TSA’s workforce, which is largely a function of who is hired and how they are trained and managed. Our audits have repeatedly found that human error – often a simple failure to follow protocol – poses significnact vulnerabilities.”
The latest testing of screeners and technology comes on the heels of the IG disclosing last month that — prior to reports that several thousand Secured Identification Display Area (SIDA) badges used by employees to gain access to secure areas at airports have been reported missing, lost or stolen in recent years – the IG had reported it had discovered “numerous vulnerabilities” affecting controlled access to secured airport areas “critical to the safety of passengers and aircraft — despite TSA’s efforts to ensure only cleared individuals enter secure areas.”
“Airport employees, as well as unauthorized individuals, entering the secure areas of airports, pose a serious potential risk to security,” the IG stated.
Of particular concern, Roth told the House Committee on Oversight and Government Reform, are the problems his office’s audits found with airport badges and access to secure areas. Roth noted that, “In February 2013,” his office had “identified problems with TSA’s Aviation Channeling Services Provider project, which uses vendors to relay airport badge applicants’biographical information and fingerprints to TSA for vetting.”
Roth said, “Because TSA did not properly plan, manage or implement the project, airports nationwide experienced a backlog of background checks. To address the backlog, TSA temporarily allowed airports to issue badges without the required background checks.”
Furthermore, Roth told the committee, “We also used covert testing to determine whether unauthorized and potentially dangerous individuals could gain access to secured airport areas. In addition, during this audit, we identified the extent to which Transportation Security Officers (TSOs), airport employees, aircraft operators and contractors were complying with related federal aviation security requirements.”
While the results of the IG’s covert testing are classified, Roth told lawmakers that what “we can say [is] that we identified significant access control vulnerabilities and recommended improvements.”
“Consequently, at least five airports granted badges to individuals with criminal records, giving them access to secure airport areas,” the IG disclosed. “In response to our findings, TSA agreed to develop a lessons learned report, establish a policy requiring all projects to include a comprehensive plan, communicate customer service expectations to vendors and monitor their performance for accountability, and require inspectors to review badges issued without the required background checks.”
In January, it was revealed that a Federal Aviation Administration (FAA) safety inspector reportedly bypassed security and flew from Atlanta to New York with a gun in his carry-on baggage, which resulted in FAA Administrator Michael P. Huerta suspending the program allowing agency safety inspectors to skip security screening.
Officials said the FAA employee used SIDA badge to avoid TSA screening and gain access to a secure area of Atlanta’s Hartsfield-Jackson International Airport.
The safety inspector did not have SIDA privileges at New York’s LaGuardia Airport, where the firearm was allegedly found in his carry-on baggage during standard TSA screening.
"The FAA will stand down the program while it conducts improved training for all of its inspectors," FAA said in a statement. "The agency also will require inspectors to sign a new agreement that details each inspector’s responsibility under the program and clearly states that any infraction related to a weapon will result in an immediate and permanent suspension of privileges and possible further disciplinary action."
The arrest of the FAA employee occurred just weeks after Sen. Charles Schumer (D-NY) called for tighter security screening for all US airport workers.
"When guns, drugs and even explosives are as easy to carry on board a plane as a neck pillow, then we have to seriously — and immediately — overhaul our airport practices," Schumer said at a press conference. The Senator asked TSA to immediately implement a national requirement that all airline and airport employees go through physical screening before entering secured areas of the airport.
Homeland Security Today also reported that another IG audit disclosed US airline passengers appear to have been in potential jeopardy to terrorist attacks for nearly a decade because TSA hasn’t properly managed the maintenance of its airport screening equipment.
Consequently, the IG stated, TSA may have to be using other screening measures that “may be less effective at detecting dangerous items.”
In February, after several high profile security breaches involving airport personnel smuggling firearms onto commercial flights after bypassing security, lawmakers have discussed ways to bolster access control measures to deter and prevent future incidents, including 100 percent employee screenings, increased random screenings, expanding the list of disqualifying crimes for employees and more frequent criminal history records checks.
HS Secretary reacts to latest disclosures
DHS Secretary Jeh Johnson reportedly was so frustrated by the latest findings regarding guns and explosives which mananged to be smuggled past TSA screeners that he demanded a detailed briefing from top TSA officials.
“Upon learning the initial findings of the Office of Inspector General’s report, Secretary Johnson immediately directed TSA to implement a series of actions, several of which are now in place, to address the issues raised in the report,” DHS said in a statement.
Monday, Johnson stated, “The Inspector General of the Department of Homeland Security has provided me with a classified, preliminary briefing that reflects test results centered largely on a specific manner in which someone may seek to bring prohibited items through Transportation Security Administration screening into the secure area of an airport. It is important to remember that all air travelers are subject to a robust security system that employs multiple layers of detection and protection, many of which are not visible to the traveling public.”
Johnson said, “Red Team testing of the aviation security network has been part of TSA’s mission advancement for 13 years. The numbers in these reports never look good out of context, but they are a critical element in the continual evolution of our aviation security. We take these findings very seriously in our continued effort to test, measure and enhance our capabilities and techniques as threats evolve.”
“The Inspector General’s preliminary test results are classified, and it is not appropriate or prudent to publicly describe these results,” Johnson said. However, “Having said that, I believe it is appropriate to … more fully inform the public of the actions I am directing the TSA to take as part of our effort to continually enhance our security capabilities and techniques.”
“First,” he stated, “I have directed TSA leadership to immediately revise its standard operating procedures for screening to address the specific vulnerabilities identified by the Inspector General’s testing. Second, I have directed TSA to immediately brief the results of testing to the Federal Security Directors at every airport across the United States. Third, I have directed TSA to conduct training for all transportation security officers, in a phased fashion, in airports across the country, and intensive training for all supervisory personnel to address the specific vulnerabilities identified by the Inspector General’s testing.”
“Fourth,” Johnson continued, “I have directed TSA, in phased fashion, to re-test and re-evaluate the screening equipment currently in use at airports across the United States. As a related matter, I personally intend to meet with senior executives of the contractors involved in the development of the equipment at issue to communicate to them the importance of their assistance in our efforts to investigate and remedy the deficiencies highlighted by the Inspector General. Fifth, I am asking the Inspector General and TSA to conduct continued random covert testing to assess the effectiveness of these and other measures to improve airport security.”
And, “Sixth, I am appointing a team of TSA and DHS senior leaders to oversee and ensure timely implementation of these actions. I will remain personally engaged in this effort, and will ask the team to report its progress to me on a bi-weekly basis.”
“Longer term, in the coming months,” he said, “I have directed TSA to ensure that all screening equipment is operating up to the highest possible standards. I have also directed TSA and the Department of Homeland Security Under Secretary for Science and Technology to examine adopting new technologies to address the vulnerabilities identified by the Inspector General’s testing.”
“I continue to have confidence in the TSA workforce. Last fiscal year TSA screened a record number of passengers at airports in the United States, and, at the same time, seized a record number of prohibited items,” Johnson said, “TSA and the Inspector General are constantly testing and adapting the systems we have in place as part of our commitment to aviation security.
“Finally,” he stated, “the President has nominated United States Coast Guard Vice Admiral Pete Neffenger to be the next Administrator of TSA. I urge the Senate to confirm this nomination as quickly as possible.
“In light of recent media reports regarding covert testing by the Department of Homeland Security Office of Inspector General, I am extremely concerned with TSA’s ability to prevent weapons from getting through security and onto planes,” Rep. Bennie G. Thompson (D-Miss.), ranking member of the House Committee on Homeland Security said Monday. “The reported test results are alarming and expose problems with multiple layers of security. While I am pleased that Secretary Johnson acted quickly to mitigate the vulnerabilities identified by the covert tests, I remain troubled about the capabilities of the technology deployed and procedures in place.”
Representative Kathleen Rice, Ranking Member of the House Homeland Security Committee’s Transportation Security Subcommittee, added Monday evening that, “These reported results are more than disappointing, they’re a damning indictment of TSA’s ability to keep weapons and explosives off of planes and keep passengers safe. I recognize that these investigators know TSA protocols and use that knowledge to exploit weaknesses and push the boundaries in order to improve airport security, but we also have to recognize how devastating the consequences would be if terrorists and criminals had even a fraction of the investigators’ success rates."
“Although the final report is not yet complete, I expect that upon its completion, officials from DHS and TSA will be prepared to testify before the Transportation Security Subcommittee to discuss why these aviation security gaps still exist and what actions we need to take to eliminate them.”