Administrator Kip Hawley's Final TSA Blog Post

TSA opened up this web dialogue about a year ago to get feedback from the public and engage with them on the issues that they presented. We have learned a great deal from those of you who have posted and I am grateful for your engagement with us. While some of the individual comments are painful to read and/or based on something that is factually wrong, taken as an aggregate there are undeniable, unavoidable themes.

One of those themes is that TSA's security is intellect-free. The broad categories seem to be about doubting the reality of the current threat, perceived vulnerabilities, and experiences that defy common sense.

With this post, I would like to touch on threat and vulnerabilities and focus on how TSA is introducing more 'smart' security at the airport.

Threat information comes in many forms, virtually all of it coming to us with restrictions on how we can use it. The good news is that we get it -- and use it -- to craft our security activities, and we literally do that every day. The bad news is that a condition of getting the really detailed and actionable information is that we cannot fully explain to the public the 'why' behind what we do. Ellen Howe's previous post discusses how we have tried to get out as much as we can on the 'why,' most recently, with the Ad Council.

The point on vulnerabilities is that since there are vulnerabilities in every system, what's important is to identify them and then compensate for those vulnerabilities with other measures. TSA is involved in risk-management - understanding our vulnerabilities, looking at what terrorists may be planning, and devoting our main efforts to reduce the risk of attacks with catastrophic consequences.

You might look at it like mapping out a spectrum of attacks causing catastrophic consequences, then overlaying it with vulnerabilities, and then circling in red the vulnerabilities associated with high-consequence attack scenarios where we know terrorists are plotting. We look for compensating measures across the spectrum to protect against vulnerabilities or plotting of which we are unaware. But first of all, we take action to close down any vulnerabilities circled in red. When we see an intersection of threat, vulnerability and consequence, TSA takes action as we have with liquids and shoes even though we know that they will not be popular. We are more likely to consider convenience issues in other areas of the spectrum and devote considerable effort in working with our airport and airline colleagues to make things work with the least possible inconvenience. There are technology answers -- but we have to close the gap until the technology answer works and is deployed.

Part of the problem with the 'common sense' theme is that our rhetoric of smarter, flexible, unpredictable, stay-ahead-of-the-terrorist strategy can clash with your personal experience. Some measures are in place now and others rolling out that will sharply reduce that disconnect. I will mention a few examples in each of our key areas: people, technology, and process.

First off with our people, TSA is about two-thirds of the way through retraining our entire airport workforce, from Federal Security Director to front-line Officer. (Headquarters elements are also included.) This training is worthy of its own post but it is two full days in length and covers the gamut from human factors to updated information on terrorist weapons and tactics. It is all about being smart about how we do our security job and how to think in terms of identifying real - and sophisticated - threats and less about running through a checklist.

Secondly, we are also about two-thirds through a major deployment of much more sophisticated carry-on bag scanners, AT-X-ray. About 600 of the new, smarter AT's are deployed already with another 300 more in the next few months. These are the machines that will be able to detect threat liquids (or powders, gels, etc.) automatically and will allow TSA to change the baggie requirement and clear up many of the head-scratching moments you now endure. (Probably about a year away.)

Finally, I have spoken about wanting to break up the rigidity of checkpoint screening and mentioned a goal of changing it up, spreading it out, and calming it down. With a re-trained workforce that has better technology, we can make the existing process calmer. There are opportunities also to make process changes that will make things smoother. For instance, where we have rigid and predictable criteria for extra screening (like last minute travel changes and one-way tickets), we can get more security value by using less obvious criteria like randomness or behavior and make things less congested at the checkpoint.

While this forum will continue to hear from our vigorous critics, I hope that in addition to the words of the indefatigable Blogger Bob and his colleagues, you will see that TSA has backed them up with actions in the year that the EoS Blog has been in business.

Our on-line presence is much clearer, deeper, and more accessible - and improvements will continue. Black Diamond, laptop bags, clearer signage, better explanations of the “why”, are all examples of actions taken by TSA that were helped by this blog discussion. You've helped us prioritize your pain points and we do, in fact, work to reduce those.

The security needs in aviation (and surface transportation) are significant and on-going. Real security risk mitigation can only happen when all parties - including the public - are active, positive participants. The men and women of TSA are amazing in their commitment to protect you and it has been an honor to serve with them. I hope that, going forward, your personal experience with our people, bolstered by better technology and process, will bring us together in support of our common objective - untroubled transportation to our chosen destination and a safe, smooth return home.

Thank you for your interest and participation,

Kip

Yet Another ID Post...With Some Answers to Your Questions

The ID topic has elicited lots of emotion. Many posters feel very strongly on this topic and I respect that discussion and their positions. This is a case where taking steps for aviation security touch other, related controversies that are larger societal/political issues. To the extent that there are legal issues relating to TSA’s actions, they will be resolved elsewhere.

I would like to move on to other topics since we are not going to solve the several complex issues here and we do have lots of other security issues to discuss.

The essential point is that validating a passenger’s identity matters a great deal from a security point of view. Our intelligence, military, and law enforcement colleagues -- at great risk to themselves -- develop sensitive information about potential attacks and the people behind them. They get that information to us so that TSA can do its part and keep those people off aircraft. It is our obligation to protect passengers and crew using the best information that we can get. That is what we are doing.

We will leave this open for further discussion and then move on with our next post. But before we move on, I wanted to provide answers to some of your questions.

Q: If requiring ID is truly instrumental in keeping the flying public safe, why did it take the TSA until June of 2008 to institute that policy?

A: Building blocks.

TSA put up a national security baseline in 2002. This involved creating the organization, staffing, buying and installing equipment -- and the very familiar magnetometer/x-ray checkpoint. No-Fly and Selectee lists were established and given to airlines for them to match versus their ticketed passengers. Airlines continued the pre-9/11 practice of hiring contractors locally to check ID’s. That created a basic physical screening process at the checkpoint (TSA operated) and a basic person screening process through the airlines.

In 2006 and 2007 TSA strengthened the person screening process by adding a new layer (behavior) and improving the watchlist matching. Along with the Terrorist Screening Center (TSC), TSA scrubbed the No-Fly and selectee lists and essentially cut them in half. (CIA and FBI are the major players nominating people to the Watchlists, TSC maintains a consolidated, accurate, government-wide watchlist, and TSA operationally makes sure No-Flys don’t fly.) The system is vulnerable to people evading watchlists if they use a fake identity with the airline and then show a fake ID at the checkpoint. This vulnerability was called out by many on-line posters (and noticed by us) and we took a major step last year to upgrade the ID checks by integrating the checking of ID’s with the rest of TSA’s security. That is why you now have TSA officers, with lights and loupes examining ID’s throughout the system.

The ID requirements we’re talking about here, are the next building blocks to be added. First, to require identity verification and better define the hierarchy of good ID’s -- hence the ‘gold standard.’

We know that terrorists use fake ID's to evade security scrutiny. While I recognize that there are very valid philosophical issues and debates around ID’s, for TSA, this issue is about closing vulnerabilities and stopping attacks.

There is considerable operational complexity to resolving the identity of a person without an ID real-time at the checkpoint. It is getting done now but is still clunky at times. We will get better over the coming months. In answer to the question, all of the building blocks mentioned above, needed to be in place. They are now and aviation is safer as a result

Q: What will TSA do if a majority of the states refuse to issue REAL ID cards to their respective citizens?

A: We would attempt to verify identity with other means, it would just take longer.

Q: If TSA believes that 1) checking ID increases safety to the flying public and 2) the no-fly list is there to catch terrorists, then why are the TSOs that check IDs at the airport not comparing names to those on the no-fly list?

A: Because those checks are done before the boarding pass is issued. It is done in the background by a combination of the airlines and TSA. The system is automated and close matches are resolved on a one by one basis. For more on issues about passengers who have problems because someone else with their name is on the list, please see DHS Trip.

Q: Since it has been claimed by TSA that the 3-1-1 rule was implemented due to the circumstances surrounding the London bomb plot, what position will TSA take if the defendants are found not-guilty?

A: I can’t comment on the U.K. legal system but “certainty” in a criminal proceeding is very carefully defined. I can tell you from the intelligence and law enforcement information developed in this case that the threat to U.S. aircraft was chilling, lethal and the clock was ticking when they were arrested. Had that plot not been discovered, there may well have been thousands of casualties. Doubt about the reality or efficacy of that threat? Zero.

Kip

Checkpoint Changes Coming

In TSA's checkpoint of the future, passengers will approach the security kiosk, carry-on in hand, and put a biometric on the scanner. While the scanning system clears you after it confirms your identity and flight information, the technology in the kiosk will verify that there are no truly dangerous items on you or in your bag. Total elapsed time: about 1.75 seconds. Version Two will add a Teleporter so that you will not need to get on an airplane.

Your grandchildren will love it.

Technology is a wonderful thing but it's not an overnight process - it must be invented, funded, built, tested, bought, and deployed. Unfortunately, the security technology field has not sufficiently fired the imagination of scientists or the private capital markets to the point where truly breakthrough technology will soon transform the checkpoint experience. Yet the current security threat environment requires that we get smarter and more nimble, now.

We have some significant changes in store for the checkpoint starting this spring. I would like your thoughts and I hope TSA will earn your support in our common mission. Please take a look at our Checkpoint Evolution micro-site.

TSA has taken a fresh look at our checkpoint operations to see if we can improve security and the passenger experience with what we have today. We took what we know from the intelligence and security communities, we listened to our employees, we learned from passengers (including on this blog), we evaluated readily deployable technology, and have come up with changes that we have begun piloting.

There are three elements to what we are calling Checkpoint Evolution: people, process, and technology.

People. The threat environment makes it clear that we need to add layers of security to be effective against adaptive terrorists. This means adding a capability to detect a potential problem even if they are not carrying anything prohibited - in other words, more focus on people, not just things. That means deploying more officers specially trained in behavior detection and document checking to identify people that intend to do harm, not just waiting to find their prohibited item in a carry-on bag.

Process. We're making improvements to the checkpoint process, including better signs to tell you what's going on at the checkpoint and why, and what you need to do at various stages. There will be areas to divest - or prepare - for screening and also an area to get everything back together after you're done. You have seen some pilots with our Diamond Select and Family lanes and we will continue to make improvements.

Technology. We don't have the end-all-be-all machine yet, but there are some technologies we will be installing in many airports throughout the year that are an improvement to what currently exists, including multi-view x-ray for carry-on bags and whole body imaging for passengers. The deployment of these machines will represent the first significant addition to the checkpoint since metal detectors and X-ray machines were introduced in the 1970s.

Our enemies have the advantage of picking their time, place, and method of attack. Those advantages are more pronounced if our defenses are rigid and predictable - they could use our standard operating procedures and technology against us.

We do have some advantages. First, airports are our turf; we have the home field advantage and can set the rules. Keeping an element of randomness and calming the checkpoint are critical.

Second, TSA's officers have experienced more passengers and bags than anyone else on earth and that knowledge is priceless. They know what doesn't seem right. In a calmer checkpoint environment, hostile intent stands out from the behavior of regular passengers just trying to navigate the system. Behavior detection officers and document checkers will use their training and skills to identify people and things that stand out from the norm and give them added scrutiny.

Third, the advantage we need to bolster most is the fact that the numbers are overwhelmingly in our favor - two million people a day fly, every one of them with a vested interest in assuring the safety of our system. We know the overwhelming majority of passengers pose no threat, so we want to improve your checkpoint experience and get your help in making those who do pose a threat stand out.

In short, we are seeking to reduce our weaknesses while improving our strengths until the futuristic checkpoint with seamless security screening becomes a reality.

Please visit our Checkpoint Evolution Web site to find out more, and share your feedback. If we partner together, we can make flying safer and a lot easier - right now. Thank you for your participation and partnership with TSA in keeping travel safe.

Kip

A Few Thoughts on Consistency and Where We're Going...by Kip Hawley

Thanks for participating in the Evolution of Security blog. In the coming weeks we will ask for your opinions about some issues we have now in discussion -- balancing intrusions into personal space (pat-downs, imaging) with better detection, devoting dedicated lanes to 'speedsters' frequent flyers and how to manage who goes to that lane -- are two examples. We will also continue to go where you take us with the issues you raise. I would like to address one of those issues now: 'why do I get different results at different airports?'

There are two main issues: a) process consistency, where we want to have the same result everywhere; and, b) purposeful variation so as not to offer a static target.

Let me say up front that we have sometimes confused the issue ourselves, seemingly excusing unwanted results with 'well we do it differently on purpose' answers. While I understand the frustration of not having a completely identical process every time, I cannot say that you will ever be able to go through completely on autopilot. Here's my perspective...

Let's take process consistency first. Imagine we were a manufacturing business and that we wanted to crank out identical, high quality widgets. That's hard to do even when you use precision equipment and consistent materials. If TSA were a manufacturer, we would be processing over 700 million unique transactions a year, using over 40,000 different people, at over 400 locations. And, rather than combating maintenance woes (although we do) and the standard banes of manufacturing quality, our enemy is active, intelligent, malicious, patient, and adaptive.

Because TSA started from scratch, we used very defined 'standard operating procedures' in order to get the new organization up and running. Over time, that detailed process control started to work against us. It had the effect of making the job checklist-oriented. ('If I follow the SOP, then I am doing my job.') The tighter we squeezed to demand tighter adherence to the SOP, the more we squeezed individual initiative and thinking out of it.

While we had great people as TSO's, we were putting them in situations where they had to do things 'because it's SOP' whether or not it made sense. It was not helpful for public credibility or for keeping our people sharp.

Since nobody would care that we followed the SOP precisely if there was a successful attack, and since our enemy can observe our SOP and plan ways to beat it -- we needed something more.

This is the purposeful variation part. The idea is to have a menu of different security measures that TSOs add randomly to the standard process.

Everybody goes through the magnetometer and puts carry-ons through the x-ray and if there is an alarm, it is resolved. However, given the limits of technology and simple human fallibility, vulnerabilities inevitably exist. We are covering those vulnerabilities by adding, truly at random, additional measures. For example, in the last couple of months, I have had two versions of a quick pat-down. My computer was swabbed for an explosives check, as were my shoes even though I didn't alarm going through (Yes, I go through security just like everyone else). We also have new handheld liquid and solid explosives detection devices deployed as well as a variety of other measures. You may, and should, see what I mean in an upcoming trip.

I should also add that we have recently added other layers of security to address the same vulnerabilities that I have been discussing -- behavior detection, document checking, K-9 teams, undercover air marshals, etc.

So, our theory of how to achieve process consistency from a quality control perspective is to train well and set outcome goals that encourage individual initiative and judgment. We think that for a distributed workforce that sees endless variety in passenger situations and faces an adaptive enemy -- that is the way to go. This means that, yes, you will see some differences trip to trip on some judgment things that are not on purpose. That is the price for a thinking, switched-on front-line -- if you want people thinking, then you have to let them make decisions based on their training and experience.

You will also see some different measures applied trip to trip that are purposeful, put there to prevent someone from exploiting a vulnerability.

Thanks for working with us, Kip

More on the Liquid Rules: Why We Do the Things We Do (Commenting Disabled)

Last week, there was a post on the ars technica blog by Jon Stokes, Senior Editor and Co-Founder, posing some questions on TSA’s liquids rules similar to other questions we’ve gotten on the blog so far. Kip Hawley wrote the following response, and we wanted to post it here for TSA blog readers to see as well.

Jon,

Thanks for the question on liquids. We have lots of material on our site (tsa.gov) going into the liquids issue so that is available for background, including the video of it blowing up. I'll try here to break the question down into the sub-questions I hear most. I enjoy ars technica, especially that it is thoughtful and issue-oriented and I appreciate having the opportunity to address your question.

Was this a real threat? Yes, there was a very serious plot to blow up planes using liquid explosives in bombs that would have worked to bring down aircraft.

Why don't you just ban all liquids? Because our National Labs and international allies demonstrated to my satisfaction that there is, in fact, a scientific basis for allowing small amounts of liquids on as carry-on. We try to prohibit the minimum possible from a security standpoint. Also, the consequence of banning all liquids is a large increase in the number of checked bags, which creates its own issues.

Why can't multiple people bring on explosives in three-ounce containers and mix them post security? The tough one! Tough because there are parts of the reason that are truly classified but here goes... (read them all before throwing up your hands!)

1. We are involved in risk management. The question to me is: "What do you have to do to make a successful attack so complex that an intelligent enemy would recognize that the odds of success are too low?"


2. Because there are limits to our ability to detect every thing every time at the checkpoint, we use layers of security. For example, I and senior leaders at TSA work every day with the intelligence and law enforcement communities world-wide to get insights in how to make our security better -- frequently adding specific training and sometimes, respecting our obligations to the intell and law enforcement communities (like our remote control toys advisory), communicating directly to the public. Also, we reduce risk by a) adding behavior detection capability, K-9 teams, surge teams and document checking out front; and b) by undercover presence throughout the area behind the checkpoint, as well as better screening of the supply chain of items in the sterile area after the checkpoint.


3. We reduce risk by deciding what we believe is necessary for a completed bomb -- the core of the 100ml (3.4 ounce) limit. Extensive testing began the morning of August 10, 2006 -- the day the liquids plot was made public -- to determine if there is a level at which any liquid brought onboard a plane represents little risk. These were tests by multiple government agencies, National Laboratories and other nations and they assisted in the 3-1-1 formulation. We announced 3-1-1 on September 26, 2006 and that allowed travelers to go on overnight trips without having to check a bag. That is the trade-off: if 3-1-1 is too complicated, you can always just check your bag.


4. The preparation of these bombs is very much more complex than tossing together several bottles-worth of formula and lighting it up. In fact, in recent tests, a National Lab was asked to formulate a test mixture and it took several tries using the best equipment and best scientists for it to even ignite. That was with a bomb prepared in advance in a lab setting. A less skilled person attempting to put it together inside a secure area or a plane is not a good bet. You have to have significant uninterrupted time with space and other requirements that are not easily available in a secured area of an airport. It adds complexity to their preferred model and reduces our risk, having the expert make the bomb and give it to someone else to carry aboard. They are well aware of the Richard Reid factor where he could not even ignite a completed bomb. Simple is truly better for them. Also, bomb-makers are easier for us to identify than so-called clean 'mules.'


5. The container itself adds complexity. A 100ml container limits the effect of, and even the ability of, a detonation. It also forces a more precise mix, and a lot more boost -- which makes it easier to detect from that side. Even creative ways to smuggle liquids in are less effective because, eventually, they still have to mix it right and get it into the right container, etc. There are also issues with what kind of container you use, but let's leave them to puzzle that out further...


6. The baggie gives us two benefits: A) It serves as a visually identifiable, easy way to limit quantity. Even if they wanted to bring multiple bottles to mix, we limit the quantity of their total liquids as well (bottles "hidden" in the carry-on bag stick out). B) The baggie serves to concentrate the vapor - substances used to create liquid explosives are very volatile and emit fumes even through sealed bottles. (We have tested.) We have liquid explosives detectors that take advantage of the vapor concentration factor in the baggie. This way, we do not have to examine what's inside every bottle, regardless of what the label says.


7. The effect of pulling out liquids and aggregating them separately allows our security officers to have a clear look at the liquids -- and, perhaps just as important, it de-clutters the carry-on bag so that we have a clearer view of that as well.


8. With our medical exceptions, they have to talk to one of our Security Officers who can use a variety of methods to tell whether it presents a problem including test strips, and hand-held detectors that are highly effective, even with closed and sealed bottles. With the larger bottles, the other features needed to make it viable would be very apparent.

A few other points, this policy has been adopted in more than 80 countries worldwide and means that there are common rules almost everywhere you fly. The choice is a total ban or this, and we are working very hard at a technology solution that should make this better all around. Think early 2009 for that.

The challenge is to reduce risk on the things we know about (shoe bombs, liquids) while having enough other measures in place to disrupt what we don't know is coming. Any time we fixate on one thing, you have to be concerned about opening up something elsewhere. Balance, flexibility, and unpredictability are key. So is going on offense by being connected to intelligence / law enforcement and being proactive with our surge patrols, undercover activities, etc. AND getting TSA and passengers back on the same side! That last one is what we're trying to do at our checkpoint with our TSOs and online with our blog.

Whatever you think about our policies -- please recognize our Security Officers who train and test every day and will do whatever it takes to make you and your families safe when you fly. They are the best in the world and are on your side; please give them a little recognition when you see them. Thanks for the opportunity to comment,

Kip

Welcome (Commenting Disabled)

Two million travelers come in contact with the Transportation Security Administration every day. It is an intense experience all around -- extremely personal in some senses but also impersonal at the same time.

There is no time to talk, to listen, to engage with each other. There isn’t much opportunity for our Security Officers to explain the ‘why,’ of what we ask you to do at the checkpoint, just the ‘what’ needs to be done to clear security. The result is that the feedback and venting ends up circulating among passengers with no real opportunity for us to learn from you or vice versa. We get feedback verbally and non-verbally at the checkpoint and see a lot in the blogs, again without a real dialogue.

Our ambition is to provide here a forum for a lively, open discussion of TSA issues. While I and senior leadership of TSA will participate in the discussion, we are turning the keyboard over to several hosts who represent what’s best about TSA (its people). Our hosts aren’t responsible for TSA’s policies, nor will they have to defend them -- their job is to engage with you straight-up and take it from there. Our hosts will have access to senior leadership but will have very few editorial constraints. Our postings from the public will be reviewed to remove the destructive but not touch the critical or cranky.

Please be patient and good-humored as we get underway. The opportunity is that we will incorporate what we learn in this forum in our checkpoint process evolution. We will not only give you straight answers to your questions but we will challenge you with new ideas and involve you in upcoming changes.

One of my major goals of 2008 is to get TSA and passengers back on the same side, working together. We need your help to get the checkpoint to be a better environment for us to do our security job and for you to get through quickly and onto your flight. Seems like the way to get that going is for us to open up and hear your feedback...

Thanks for joining us,
Kip Hawley