TSA needs to improve undercover aviation security tests, GAO says
Homeland Security agency urged to document all instances during simulated exercises when screening equipment fails to detect threat items.
The Transportation Security Administration does not systematically record the vulnerabilities that allow undercover inspectors to breach airport security, according to a report released Thursday by the Government Accountability Office.
Comment on this article in The Forum.TSA has been using a covert testing program to evaluate the country's aviation security since 2002. As part of the program, undercover agents from its Office of Inspection attempt to gain access to restricted areas such as runways, or pass potentially explosive devices through passenger and baggage screening. TSA then uses the data collected from these exercises to identify and correct potential vulnerabilities in the system.
"Senior TSA officials, including TSA's Administrator [Kip Hawley], are routinely briefed on the results of covert tests and provided with OI reports that describe the vulnerabilities identified by these tests and recommendations to correct identified vulnerabilities. However…TSA…lacks a systematic process to ensure that OI's recommendations are considered, and does not systematically document its rationale for why it did or did not implement OI's recommendations," the report noted.
Many factors can cause test failures, including security officers who do not follow TSA procedures properly when screening passengers, equipment that overlooks a threat item, and lack of specific guidance on procedures to help officers identify prohibited items.
One part of the test exercise involves an inspector posing as a passenger and checking a bag containing a simulated threat item to test the security officer's ability to properly operate existing baggage screening equipment. Security officers use either an explosive detection system or an explosive trace detection machine to screen the checked bag for explosive materials.
If the security officer fails to identify the item, the inspector immediately identifies himself to stop the checked bag from being loaded onto the aircraft, and the test is considered a failure. But if the problem is faulty screening equipment, the test is considered invalid, and the reasons for failure are not recorded.
"Office of Inspection officials stated that they do not record information on equipment failures because there is a possibility that the threat item was not designed properly and therefore should not have set off the alarm, and identifying a single cause for a test failure is difficult since covert testing failures can be caused by multiple factors," the report stated.
GAO recommended that TSA document all cases of covert testing failures, including equipment malfunctions, and enter them into a database to better identify areas for improvement. DHS and TSA both agreed with those recommendations. The watchdog agency conducted its study from October 2006 to May 2008.
From March 2003 to June 2007, the Office of Inspection made 43 recommendations on how to mitigate vulnerabilities identified through covert tests. The recommendations included providing additional training to security officers and clarifying screening procedures. To date, TSA has implemented 25 of those suggestions.
NEXT STORY: DHS awards $11.7 million for cyber research