House Democrats on Tuesday introduced legislation aimed at codifying existing procedures at the Transportation Security Administration (TSA) for covert testing and require the agency to track its progress on closing out vulnerabilities uncovered by the testing.
The Covert Testing and Risk Mitigation Improvement Act is co-sponsored by Rep. Elijah Cummings (D-Md.), chairman of the Oversight and Reform Committee, and Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee.
The new bill is in response to continued concerns from government auditors, the Government Accountability Office (GAO) and the Department of Homeland Security Office of Inspector General (IG), that TSA continues to face security gaps uncovered by covert testing.
The bill contains two major provisions, one would “codify procedures for covert testing and vulnerability mitigation recommended by GAO and two, require TSA to track and report its progress in resolving security vulnerabilities identified through these covert tests as part of its annual budget submission,” Cummings said during a hearing his committee hosted on vulnerabilities in TSA’s security operations.
“We need a laser focus on closing security gaps through which our enemies could attack us and my legislation is intended to direct the attention of both TSA and the Congress to this critical task,” he said.
Charles Johnson, managing director for GAO’s Homeland Security and Justice Team, said that overall TSA has improved its covert testing program, but has only closed two of the audit agency’s nine recommendations. GAO is assessing whether TSA has taken sufficient steps to close two more of the recommendations, he said.
TSA testing had been split between two offices–Inspection and Security Operations–and Johnson said that while the former office redesigned its processes to produce quality data, the Security office “has not been able to ensure the quality of its tests and the covertness of its tests in particular.”
TSA Administrator David Pekoske, who is doubling as the acting Deputy Secretary of Homeland Security, told the panel he has consolidated the agency’s covert testing programs and instituted a “new covert testing effort to regularly assess the effectiveness of checkpoint screening over time, referred to as Index testing.” He also said that he has instituted quarterly senior level meetings to track progress related to covert testing.
“This more rigorous approach to vulnerability assessment afforded by Index testing will ensure we are implementing not only the most effective vulnerability mitigations, but also provide clarity on the return on our security dollars,” Pekoske said.
Johnson said during his remarks that TSA has lacked established “timeframes and milestones” to achieve its corrective actions to close gaps in its security vulnerability process and monitor progress.
Donald Bumgardner, deputy assistant IG for Audits at DHS, told the committee that TSA has implemented some of his office’s security-related recommendations over the years but that 39 haven’t been implemented. These open recommendations are related to the testing of screening equipment, technological enhancements, vetting and screening of PreCheck travelers, developing a cross-cutting risk-based strategy, and developing budget requests based on risk.
Cummings said “urgent warnings from independent auditors about security vulnerabilities at the Transportation Security Administration have been languishing for years without being resolved.”