US legislators want to close TSA security gaps, improve covert testing
The chairmen of two US House committees overseeing aviation security have introduced legislation that would require TSA to implement an improved covert testing program to identify security gaps in its screening process.
The Covert Testing and Risk Mitigation Improvement Act would codify procedures recommended by the Government Accountability Office (GAO), establish standards for the tests and require the agency to track and report progress in resolving vulnerabilities to Congress.
“This legislation will ensure that the security testing of our airport checkpoints is done correctly with proper follow-through,” said House Homeland Security chairman Bennie Thompson (D-Mississippi), who sponsored the legislation along with Oversight and Government Reform Committee chairman Elijah Cummings (D-Maryland).
“For too long, TSA has not been properly introducing fixes for clear security gaps that could potentially save lives. I urge the House to quickly pass this legislation, so we can be sure TSA is operating as effectively—and safely—as possible.”
The legislation follows an April 2019 declassified study issued by the GAO that found TSA has failed to take timely action to resolve longstanding vulnerabilities identified through covert testing. Of the nine security risks identified since 2015, none had been formally resolved as of September 2018, the report found.
The GAO also found TSA “is not using a risk-informed approach” in its covert testing program, meaning the agency has “limited assurance that Security Operations is targeting the most likely threat.” TSA has failed to establish timeframes and milestones for mitigation, as well as procedures to ensure milestones are met.
The bill would require TSA to conduct three risk-informed covert testing projects each year, in addition to implementing a long-term headquarters-based program designed to track changes in overall screening effectiveness over time.
TSA would have 60 days from the time it identifies a vulnerability to determine root causes; 120 days to decide whether to mitigate it; and 180 days to conduct follow-up testing to assess the effectiveness of measures underway toward resolution.
The agency would also be tasked with compiling an annual list of vulnerabilities that have been identified through the tests, as well as key milestones for mitigation, that would be submitted to Congress along with its annual budget request.
Three years following the bill’s enactment, the GAO would submit to Congress a report documenting the effectiveness of TSA’s covert testing projects and its efforts to resolve vulnerabilities.