Washington, DC - Rep. Elijah E. Cummings, the Chairman of the Committee on Oversight and Reform, Rep. Bennie G. Thompson, the Chairman of the Committee on Homeland Security, and all Oversight Committee Democrats introduced the Covert Testing and Risk Mitigation Improvement Act of 2019 to establish standards for the covert testing processes the Transportation Security Administration (TSA) uses to evaluate its aviation security operations.
The Oversight Committee held a hearing this week to examine aviation security vulnerabilities at TSA that have languished for years.
“Nearly 20 years since the terrible attacks of Sept. 11, 2001, security vulnerabilities at the Transportation Security Administration (TSA) have languished-in some cases for years-without being resolved," said Chairman Cummings. “I look forward to working with Chairman Thompson to move the Covert Testing and Risk Mitigation Improvement Act, which would establish standards for covert testing and require TSA to track and report its progress in resolving vulnerabilities."
“This legislation will ensure that the security testing of our airport checkpoints is done correctly with proper follow-through," said Chairman Thompson. “For too long, TSA has not been properly introducing fixes for clear security gaps that could potentially save lives. I urge the House to quickly pass this legislation so we can be sure TSA is operating as effectively - and safely - as possible."
The bill would codify procedures recommended by the Government Accountability Office (GAO), establish standards for TSA’s covert testing, and require TSA to track and report its progress in resolving security vulnerabilities identified through these covert tests. Specifically, the bill would require TSA to:
* Implement an internal, risk-informed covert testing process that can yield statistically valid results and implement at least three such tests every year;
* Establish a process to determine root causes of vulnerabilities identified through covert tests;
* Track the progress of agency efforts to mitigate vulnerabilities; and
* Report the status of vulnerabilities to the Congress as part of TSA’s annual budget submission.
In April 2019, GAO issued a declassified study at the request of Chairman Cummings, Senator Tammy Duckworth, and other Members of Congress, finding that TSA failed to take timely action to resolve long-standing vulnerabilities identified through covert testing. Specifically, GAO found:
* Of the “nine security vulnerabilities identified through covert tests" by TSA since 2015, “none had been formally resolved" as of September 2018.
* After vulnerabilities were identified, it sometimes took “TSA officials overseeing the process up to 7 months to assign an office responsible to begin mitigation efforts."
* TSA “has not established time frames and milestones for this process or established procedures to ensure milestones are met."
* TSA is “not using a risk-informed approach" to guide its covert tests, and therefore “TSA has limited assurance that Security Operations is targeting the most likely threats."
The bill would also require GAO to conduct a review in three years to assess the effectiveness of the processes that TSA implements to conduct covert tests and resolve security vulnerabilities identified as a result of such tests.
