TSA's successes and challenges of risk-based security

Archived Content

Please note that older content is archived for public record. This page may contain information that is outdated and may not reflect current policy or programs.

If you have questions about policies or procedures, please contact the TSA Contact Center.

Members of the news media may contact TSA Public Affairs.

Chris McLaughlin and Stephen Sadler, Assistant Administrators
Statement of Chris McLaughlin and Stephen Sadler, Assistant Administrators, Transportation Security Administration, U.S. Department of Homeland Security before the United States House of Representatives Committee on Oversight and Government Reform
Monday, March 26, 2012

Good afternoon Chairman Issa, Chairman Mica, Ranking Member Cummings and Ranking Member Rahall, and distinguished Members of the Committees. Thank you for the opportunity to testify today about the Transportation Security Administration’s (TSA) successes and challenges in developing and implementing a comprehensive risk-based approach to secure our Nation’s transportation systems.

TSA employs risk-based, intelligence-driven operations to prevent terrorist attacks and to reduce the vulnerability of the Nation’s transportation system to terrorism.  TSA protects the Nation’s transportation systems to ensure freedom of movement for people and commerce. TSA’s security measures create a multi-layered system of transportation security that mitigates risk. We continue to evolve our security approach by examining the procedures and technologies we use, how specific security procedures are carried out, and how screening is conducted.

Risk-Based Security Improves the Travel Experience

Last Fall, TSA began developing a strategy for enhanced use of intelligence and other information to enable more risk-based security (RBS) in all facets of transportation, including passenger screening, air cargo, and surface transportation. At its core, the concept of RBS demonstrates a progression of the work TSA has been doing throughout its first decade of service to the American people. RBS is an acknowledgment that risk is inherent in virtually everything we do.  Our objective is to mitigate risk in a way that effectively balances security measures with privacy and civil liberty concerns while both promoting the safe movement of people and commerce and guarding against a deliberate attack against our transportation systems.

RBS in the passenger screening context allows our dedicated Transportation Security Officers (TSOs) to focus more attention on those travelers we believe are more likely to pose a risk to our transportation network – including those on terrorist watch lists – while providing expedited screening, and perhaps a better travel experience, to those we consider pose less risk.

Through various RBS initiatives, TSA is moving away from a one-size-fits-all security model and closer to its goal of providing the most effective transportation security in the most efficient way possible. While a one-size-fits-all approach has been effective over the past decade, two key enablers – technology and intelligence – are allowing TSA to move toward a RBS model.

TSA Pre✓™ Program

Perhaps the most widely known risk-based security enhancement we are putting in place is TSA Pre✓™.  Since first implementing this idea last Fall, the program has been expanded to twelve airports and over 500,000 passengers around the country have experienced expedited security screening through TSA Pre✓™.  The feedback we’ve received is consistently positive.

Under TSA Pre✓™, travelers volunteer information about themselves prior to flying. By changing procedures for those travelers we know more about, through information they voluntarily provide, and combining that information with our multi-layered system of aviation security, TSA can better focus our limited resources on higher-risk and unknown passengers. This new screening system holds great potential to strengthen security while significantly enhancing the travel experience, whenever possible, for passengers.

TSA pre-screens TSA Pre✓™ passengers each time they fly through participating airports. If the indicator embedded in their boarding pass reflects eligibility for expedited screening, the passenger is able to use the Preü™ lane.  Currently, eligible participants include certain frequent flyers from American Airlines and Delta Air Lines as well as existing members of U.S. Customs and Border Protection’s (CBP) trusted traveler programs, such as Global Entry, who are U.S. citizens and are flying domestically on participating airlines.  TSA is actively working with other major air carriers such as United Airlines, US Airways, Jet Blue, Hawaiian Airlines, and Alaska Airlines to expand both the number of participating airlines and the number of airports where expedited screening through TSA Preü™ is provided.  In February 2012, Secretary Napolitano and TSA Administrator Pistole announced the goal to have TTSA Pre✓™ rolled out and operating at 35 of the busiest domestic airports by the end of 2012.

TSA Pre✓™ travelers are able to divest fewer items, which may include leaving on their shoes, jacket, and light outerwear, and may enjoy other modifications to the standard screening process. As always, TSA will continue to incorporate random and unpredictable security measures throughout the security process. At no point are TSA Pre✓™ travelers guaranteed expedited screening.

Earlier this month, we expanded the TSA Pre✓™ population to include active duty U.S. Armed Forces members with a Common Access Card (CAC) traveling out of Ronald Reagan Washington National Airport. Service members will undergo the standard TSA Secure Flight pre-screening and if we are able to verify the service member is in good standing with the Department of Defense, by scanning their CAC card at the airport, they will receive TSA Pre✓™ screening benefits, such as no longer removing their shoes or light jacket and allowing them to keep their laptop in its case and their 3-1-1 compliant bag in a carry-on.

In addition to active duty members of the United States Army, Navy, Air Force, Marine Corps and Coast Guard, this evaluation will also include active drilling members of the U.S. National Guard and reservists.  U.S. service members are entrusted to protect and defend our Nation and its citizens with their lives.  In treating them as trusted travelers, TSA is recognizing that these members pose little risk to aviation security. This evaluation is being conducted in compliance with the “Risk-Based Security Screening for Members of the Armed Forces Act,” signed into law by the President on January 3, 2012. (Pub. L. No. 112-86.)

Streamlining the Process for Inbound International Passengers

TSA Pre✓™ is being extended to any U.S. citizen who is a member of one of the trusted traveler programs operated by CBP.

To further expedite the screening process, CBP currently operates 14 international aviation preclearance locations. Each of these locations has been or is scheduled to be evaluated by TSA to confirm that preclearance airports are performing checkpoint screening procedures of passengers and accessible property comparable to those of domestic airports and are providing an equivalent level of protection. All precleared flights arriving from the 14 preclearance airports are permitted to deplane passengers directly into the sterile area of U.S. airports. Connecting passengers’ checked baggage intended for connecting domestic flights must still be screened by TSA upon arrival in the United States, until the screening technology and protocols at the preclearance airports are comparable to TSA domestic checked baggage requirements.

In addition, under the Beyond the Borders (BTB) initiative, in accordance with a joint declaration signed by President Obama and Canadian Prime Minister Stephen Harper on February 4, 2011, TSA has been working with Transport Canada (TC) towards mutual recognition of the two countries’ checked baggage screening systems. Canada’s eight preclearance airports (Calgary, Edmonton, Halifax, Montréal, Ottawa, Toronto, Vancouver, and Winnipeg) have initiated the process to deploy TSA-certified explosives detection system (EDS) equipment as the primary checked baggage screening equipment.  The deployment of TSA- certified EDS partnered with comparable implementation of TSA policies and procedures will make it unnecessary to rescreen checked bags from these Canadian airports when the passengers connect in the United States to other flights.

AIT is a Critical Component of RBS

Advanced Imaging Technology (AIT) is a critical component of TSA’s multi-layered system of transportation security that mitigates risk, facilitates the flow of legitimate commerce and protects individual privacy. Consistent with recent Department of Homeland Security (DHS) Office of Inspector General and Government Accountability Office recommendations, TSA is implementing an action plan to increase the level of available AIT screening capacity across the nation’s aviation system. Where AIT is deployed and relied upon, TSA has established a utilization target consistent with the recommendation by OIG, and is meeting or exceeding that target.

Based upon recommendations in the audits, TSA has revised training and staffing availability to operate the equipment and resolve anomalies. TSA developed and implemented an AIT instructor certification curriculum for Security Training Instructors (STI) assigned at the airports.  These STIs are responsible for delivering AIT training as airports receive the technology. A full training curriculum package, including training kits and training aids, has been distributed to all AIT airports and allows each airport to train as many operators as required. Airports that have not received AIT units will receive the training kit and aids when the equipment is installed.  In addition, introduction of Automated Target Recognition (ATR) functionality eliminated the need for a remote Image Operator in all new machines, and in all existing machines using millimeter-wave technology. As a result of this reduced training length and certification of local STIs, TSA does not consider training to be a constraint in achieving our AIT utilization goal.

In support of the increasing number of AIT units deployed with ATR, TSA is developing a new training kit specifically designed to support AIT ATR training and testing.  TSA is also working to increase the number of AIT testing scenarios for the Aviation Screening Assessment Program (ASAP) from 6 to10.  In coordination with the Johns Hopkins University Applied Physics Laboratory, TSA has been conducting a preliminary assessment to develop and validate additional testing stimulants and scenarios for use with the AIT ATR equipment. The intent is to incorporate new scenarios and stimulants appropriate for use with AIT ATR into ASAP’s national level testing framework.
TSA has begun rolling out a Tactical Communications course for its front line workforce which is designed to specifically help them develop their communications skills.  Training for all airport Supervisors and Security Managers is on target to be completed by June 2012, and all officers must complete the training by December 2012.

These advancements are representative of the types of improvements that have resulted from TSA’s desire to improve the AIT program and openness to outside recommendations regarding it.

TWIC Secures Maritime Transportation System

The Transportation Worker Identification Credential (TWIC) is an important security measure to ensure that individuals who pose a security threat do not gain unescorted access to secure areas of the Nation’s maritime transportation system. Prior to the TWIC program, there was no standard identity verification or background check policy for entrance to a port, which created opportunities for fraud and risk.  Today, facility owner/operators have one standard identification document to look for that confirms the holder’s identity, and verifies that he or she successfully passed a thorough security threat assessment.  TWIC cards contain security features that make the card highly resistant to counterfeiting and difficult to use by anyone other than the authorized holder. When biometric verification becomes a requirement and readers are in widespread use, we will enhance security at the ports even further.

The TWIC program is a fee-funded, joint effort of TSA and the United States Coast Guard (USCG).  TSA establishes TWIC enrollment sites, conducts identity verification and risk- based security threat assessments (STAs), and provides a tamper-resistant biometric credential to eligible maritime workers requiring unescorted access to secure areas of port facilities and vessels regulated under the Maritime Transportation Security Act of 2002 (MTSA), Pub. L. No. 107-295.  The USCG regulates facility and vessel security standards, approves security plans, and conducts enforcement.

In the Coast Guard Authorization Act of 2010, Pub. L. No. 111-281, Congress limited the applicability of the transportation security card to those mariners who were allowed unescorted access to a secure area designated in a vessel security plan (46 U.S.C. § 70105). The identity verification and threat assessment requirements of the TWIC program support DHS’s multi- layered approach to protecting the nation’s transportation systems and significantly enhance security at ports across the Nation. Over two million workers including longshoremen, truckers, port employees and others have applied to obtain a TWIC as of March 2012.

The SAFE Port Act of 2006, Pub. L. No. 109-347, milestones for implementing the TWIC enrollment sites, conducting STAs, and issuing TWICs were met during the October 2007 to April 2009 initial rollout of the program.  On April 15, 2009, the requirement for all unescorted workers in secure areas and all mariners to possess a valid TWIC was implemented nationwide by USCG regulation. Since April 2009, TSA has enrolled approximately 25,000 workers per month. On October 20, 2011, TSA enrolled the program’s two millionth worker.

On May 31, 2011, TSA completed the data collection phase of the TWIC reader pilot program that was required by Section 104 of the SAFE Port Act and Section 802 of the Coast Guard Authorization Act of 2010.  During this period, data was gathered from pilot sites including ports, facilities, and vessel operations regarding reader performance and reliability as well as throughput data at vehicle and pedestrian access points, which is critical to evaluating the impact of reader use on facility and vessel operations.

TSA completed the final analysis of data collected from participating ports, facilities, and vessel operations and drafted a final report which was approved by the Secretary of Homeland Security and transmitted to Congress on February 27, 2012. The TWIC Reader Pilot report found that while the operational and technological difficulties were wide-ranging, the Reader Pilot successfully examined the impacts to business. Although current infrastructure was key to installation costs and time, the Reader Pilot also noted that reader performance varied widely and there were problems with the durability of the card stock and ability of the cards to be read by the various readers that were used throughout the pilot. TSA will publish lessons learned from the pilot to assist ports and facility operators with their reader and reader system decisions. The submission of the TWIC Reader Pilot report completed all actions required by TSA under the SAFE Port Act.  The USCG is responsible for the TWIC reader regulation. A Notice of Proposed Rulemaking will be published to obtain stakeholder feedback, followed by the final rule.

SPOT Adds Additional Mobile Layer of Security

In addition to relying upon the best available technology to enable TSA to identify potential threats to the Nation’s transportation system, the Screening of Passengers by Observation Techniques (SPOT) program uses behavior observation and analysis to identify potentially high-risk individuals who may pose a threat to transportation security. This is accomplished by detecting behaviors and activities that deviate from an established environmental baseline. Individuals whose behaviors meet or exceed predetermined thresholds are referred for additional screening or law enforcement intervention.

Since its inception in 2004, SPOT has proven to be an effective mobile layer of security. To date, 331,258 SPOT referrals have resulted in 27,342 Law Enforcement referrals which led to the arrest of more than 2,273 individuals for various reasons such as fraudulent documents, narcotics trafficking, outstanding warrants, and immigration violations. At the current time, TSA is authorized to deploy over 3,100 behavior detection officers at over 170 airports.

SPOT is a scientifically validated behavior-based security program. In April 2011, the DHS Science &Technology (S&T) Division completed a research study that examined the extent to which SPOT indicators led to correct screening decisions at the security checkpoint. The study revealed that SPOT was significantly more effective at identifying High Risk Passengers (HRP) than random selection protocols.  This study represents the most thorough analysis of any behavioral screening program to date; no other counter-terrorism or similar security program is known to have been subjected to such a rigorous, systematic evaluation of its screening accuracy.

TSA continues to work with DHS S&T and the broader research community to define and prioritize the research required to further increase the effectiveness and efficiency of TSA’s behavior-based screening process.  This continued emphasis on research includes the collection of operational video to support a number of research studies to include fatigue, reliability, and indicator refinement.

TSA is exploring the use of enhanced behavior detection to identify risk. Through the Assessor Proof of Concept (PoC) at Boston Logan International Airport (BOS) and Detroit Metropolitan Wayne County Airport (DTW), TSA is testing the ability of “Assessors” to perform real-time risk assessments through engagement and observation at the screening checkpoint. The current concept of operations (CONOPS) requires Assessors to perform document review and interviews with all transiting passengers, while observing for suspicious signs and behavioral anomalies.  Based on the results of this engagement and observation, Assessors direct passengers to either standard or secondary screening.

TSA is collecting data that is consistent with the SPOT Validation study to evaluate the effect of this pilot on both TSA efficiencies and security effectiveness. The goal of this pilot is to develop behavior detection procedures that enhance security from its current level while maintaining program efficiencies and improving passenger satisfaction. Preliminary data from the pilots reveal an improvement in security posture over a baseline period.


Thank you for the opportunity to appear before you today to discuss the successes and challenges facing TSA in developing and implementing a comprehensive risk-based approach to secure our Nation’s transportation systems.