[Senate Hearing 106-1136] [From the U.S. Government Publishing Office] S. Hrg. 106-1136 OVERSIGHT HEARING ON AVIATION SECURITY ======================================================================= HEARING before the SUBCOMMITTEE ON AVIATION OF THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED SIXTH CONGRESS SECOND SESSION __________ APRIL 6, 2000 __________ Printed for the use of the Committee on Commerce, Science, and Transportation 79-942 U.S. GOVERNMENT PRINTING OFFICE WASHINGTON : 2003 ____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512�091800 Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001 SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED SIXTH CONGRESS SECOND SESSION JOHN McCAIN, Arizona, Chairman TED STEVENS, Alaska ERNEST F. HOLLINGS, South Carolina CONRAD BURNS, Montana DANIEL K. INOUYE, Hawaii SLADE GORTON, Washington JOHN D. ROCKEFELLER IV, West TRENT LOTT, Mississippi Virginia KAY BAILEY HUTCHISON, Texas JOHN F. KERRY, Massachusetts OLYMPIA J. SNOWE, Maine JOHN B. BREAUX, Louisiana JOHN ASHCROFT, Missouri RICHARD H. BRYAN, Nevada BILL FRIST, Tennessee BYRON L. DORGAN, North Dakota SPENCER ABRAHAM, Michigan RON WYDEN, Oregon SAM BROWNBACK, Kansas MAX CLELAND, Georgia Mark Buse, Republican Staff Director Martha P. Allbright, Republican General Counsel Kevin D. Kayes, Democratic Staff Director Moses Boyd, Democratic Chief Counsel ------ SUBCOMMITTEE ON AVIATION SLADE GORTON, Washington, Chairman TED STEVENS, Alaska JOHN D. ROCKEFELLER IV, West CONRAD BURNS, Montana Virginia TRENT LOTT, Mississippi ERNEST F. HOLLINGS, South Carolina KAY BAILEY HUTCHISON, Texas DANIEL K. INOUYE, Hawaii JOHN ASHCROFT, Missouri RICHARD H. BRYAN, Nevada BILL FRIST, Tennessee JOHN B. BREAUX, Louisiana OLYMPIA J. SNOWE, Maine BYRON L. DORGAN, North Dakota SAM BROWNBACK, Kansas RON WYDEN, Oregon SPENCER ABRAHAM, Michigan MAX CLELAND, Georgia C O N T E N T S ---------- Page Hearing held on April 6, 2000.................................... 1 Prepared Statement of Senator Bryan.............................. 5 Prepared Statement of Senator Gorton............................. 6 Prepared Statement Senator Hollings.............................. 4 Statement of Senator Hutchison................................... 1 Prepared statement........................................... 2 Prepared Statement of Senator McCain............................. 3 Witnesses Dillingham, Gerald, Associate Director, Transportation and Telecommunications Issues, Resources, Community, and Economic Development Division, U.S. General Accounting Office........... 7 Prepared statement........................................... 9 Doubrava, Richard J., Managing Director of Security, Air Transport Association.......................................... 33 Prepared statement........................................... 34 Flynn, Hon. Cathal, Associate Administrator for Civil Aviation Security, Federal Aviation Administration...................... 16 Prepared statement........................................... 18 Stefani, Alexis M., Assistant Inspector General for Auditing, Office of the Inspector General, U.S. Department of Transportation................................................. 22 Prepared statement........................................... 24 Appendix American Association of Airport Executives and the Airports Council International, North America, joint prepared statement. 49 Response to written questions submitted by Hon. Slade Gorton to: Gerald Dillingham............................................ 51 Admiral Cathal Flynn......................................... 53 Alexis M. Stefani............................................ 65 Response to written questions submitted by Hon. John McCain to: Richard J. Doubrava.......................................... 52 Admiral Cathal Flynn......................................... 60 Alexis M. Stefani............................................ 66 OVERSIGHT HEARING ON AVIATION SECURITY ---------- THURSDAY, APRIL 6, 2000 U.S. Senate, Subcommittee on Aviation, Committee on Commerce, Science, and Transportation, Washington, DC. The Subcommittee met, pursuant to notice, at 10:15 a.m. in room SR-253, Russell Senate Office Building, Hon. Kay Bailey Hutchison, Chairman of the Subcommittee, presiding. OPENING STATEMENT OF HON. KAY BAILEY HUTCHISON, U.S. SENATOR FROM TEXAS Senator Hutchison. Let me first say that I have statements for the record from several members of the Committee, including the Chairman, Senator McCain, and the Ranking Member, Senator Hollings. Others have given opening statements, and I will keep the record open for any members of the Committee who wish to make opening statements. Let me start by saying that I appreciate Senator Gorton for his cooperation in allowing me to hold this hearing today. Approximately 500 million passengers pass through U.S. airports every year. Protecting their safety is an incredible challenge to the men and women of the aviation industry. The Federal Government, through the Federal Association Administration (FAA), and the industry together must do everything within our power to protect the public from the menace of terrorism and other security threats. In 1996, soon after the tragedy of the TWA Flight 800, I proposed new requirements to improve security at the nation's airports. Congress adopted these requirements as part of the Federal Aviation Reauthorization Act of 1996, which was a major accomplishment of this Committee, its chairman, and the chairman of the Subcommittee. This legislation attempted to improve the hiring process and enhance the professionalism of airport security screeners. The Act also directed the FAA to upgrade security technology with regard to baggage screening and explosive detection. In my view, the FAA has been slow to implement some of these vital security improvements. The FAA does not plan to finalize the regulation to improve training requirements for screeners and certification for screening companies until May 2001. Five years is too long to wait. Technology upgrades have also been slow in coming, even though the upgraded technology is readily available and is deployed in many airports. The traveling public should not have to wait another year before these simple improvements are implemented. The FAA must modernize its procedure for background checks of prospective security-related employees. An FAA background check currently takes 90 days. That is too long. Under the current procedures, the FAA is required to perform these checks only in certain areas. I think we need to look at these areas and tighten them so that we can close the gap. I plan to introduce legislation, the Airport Security Improvement Act, which would direct FAA to require criminal background checks of all applicants for positions with security responsibilities, including security screeners. The bill will also require that these checks be performed expeditiously. My legislation will direct the FAA to improve training requirements for security screeners by September 30 of this year. The FAA should require a minimum of 40 hours of classroom instruction and 40 hours of practical, on-the-job training before an individual is deemed qualified to provide security screening services. This standard would be a substantial increase over the 8 hours of classroom training currently required for most screening positions in the United States. The 40-hour requirement is the prevailing standard in most of the industrialized world. Finally, my bill will require the FAA to work with air carriers and airport operators to strengthen procedures to eliminate unauthorized access to aircraft. Employees who fail to follow access procedures should be disciplined. I understand that the FAA is currently working on improving access standards to all major security areas in each airport, and I hope the bill will encourage them to do it in a timely fashion. So I thank all of you for coming today. Congress has asked the GAO to do a study of the 1996 Act and its implementation, and for that reason I will call first on Mr. Gerald Dillingham, the Associate Director of Transportation and Telecommunications Issues at the U.S. General Accounting Office in Washington, D.C. Thank you for being here, Mr. Dillingham. [The prepared statement of Senator Hutchison follows:] Prepared Statement of Hon. Kay Bailey Hutchison, U.S. Senator from Texas Before we start, I would like to thank Chairman Gorton for his cooperation. Without his strong support, we would not be holding this hearing on this critically important issue. Approximately 500 million passengers will pass through U.S. airports this year. Protecting their safety is an incredible challenge to the men and women of the aviation industry. The Federal Government, through the Federal Aviation Administration and Industry together, must do everything within our power to protect the public from the menace of terrorism and other security threats. In 1996, soon after the tragedy of TWA Flight 800, I proposed new requirements to improve security at the nation's airports. Congress adopted these requirements as part of the Federal Aviation Reauthorization Act of 1996. This legislation attempted to improve the hiring process and enhance the professionalism of airport security screeners. The Act also directed the FAA to upgrade security technology with regard to baggage screening and explosive detection. In my view, the FAA has been slow to implement these vital security improvements. The FAA does not plan to finalize the regulation to improve training requirements for screeners and certification for screening companies until May 2001. Five years is too long to wait. Technology upgrades have also been slow in coming, even though the upgraded technology is readily available. The traveling public should not have to wait yet another year before these improvements are implemented. The FAA must modernize its procedure for background checks of prospective security-related employees. An FAA background check currently takes 90 days. That is too long. Under current procedures, the FAA is required to perform these checks only when an applicant has a gap in employment history of 12 months or longer, or if preliminary investigation reveals discrepancies in an applicant's resume. But 43% of violent felons serve an average of only seven months. This gap should be closed. I plan to introduce legislation, The Airport Security Improvement Act, which would direct FAA to require criminal background checks for all applicants for positions with security responsibilities, including security screeners. The bill will also require that these checks be performed expeditiously. My legislation will also direct FAA to improve training requirements for security screeners by September 30 of this year. FAA should require a minimum of 40 hours of classroom instruction and 40 hours of practical on-the-job training before an individual is deemed qualified to provide security screening services. This standard would be a substantial increase over the 8 hours of classroom training currently required for most screening positions in the U.S. The 40 hour requirement is the prevailing standard in most of the industrialized world. Finally, my bill would require FAA to work with air carriers and airport operators to strengthen procedures to eliminate unauthorized access to aircraft. Employees who fail to follow access procedures should be suspended or terminated. I understand that FAA is currently working on improving access standards. I hope that this bill will encourage them to do so in a timely fashion. We are privileged to have with us today a distinguished panel of witnesses who are well-versed in the area of airport security. I want to welcome them to the hearing and I am looking forward to their testimony. [The prepared statements of Senators McCain, Hollings, Bryan, and Gorton follow:] Prepared Statement of Hon. John McCain, U.S. Senator from Arizona Thank you, Senator Hutchison. Your longstanding interest in aviation security is to be commended, and I appreciate your calling for this hearing. I think it will become clear from the testimony we will hear this morning that there remains much work to be done in the area of aviation security. Whether it is the vulnerability of computer systems, the inadequacies of airport access controls, or the poor performance of some airport screeners, there are a variety of issues that must be addressed. I do not mean to be an alarmist because lapses in domestic aviation security have not yet led to a major incident. But an honest assessment of the overall security picture is sobering. It doesn't take a formal audit of the aviation security system to get the impression that all is not right. Just this week, it was reported that an Orlando-bound Delta Express flight from Long Island had to be diverted to a Virginia airport after a passenger found a loaded handgun in the plane's bathroom. Although that incident is out of the ordinary, it is troubling nonetheless. I am certainly aware that aviation security is a complex and difficult undertaking, and any system involving humans is going to have flaws. Furthermore, it can be too easy to grow complacent when there hasn't been a deadly terrorist incident involving a U.S. air carrier since Pan Am Flight 103 over Lockerbie, Scotland. But given the threats facing our nation today, another major security-related tragedy may be inevitable. Every effort must be made to increase awareness and performance. You can be sure that Osama bin Laden and others like him will continue to target Americans and American interests. To raise the bar on aviation safety, it will take the best efforts of many different groups and individuals, including the Congress. Although the recent FAA reauthorization bill contained a few provisions intended to improve security, there is always more that can be done. That is why Senator Hutchison is to be applauded for proposing legislation to address some of the problems in this area. I want to work with her to develop this bill and I look forward to helping her move it through the Committee. One of the key issues addressed in Senator Hutchison's proposal involves criminal history checks of prospective airline and airport employees who would have unescorted access to secure airport areas. There may be an unexpected loophole, however, with respect to individuals who are given access to secure areas. An incident at a local airport brought this potential problem to light. Recently, Dulles Airport police arrested an FAA safety inspector who was doing his job on the tarmac at the airport. While that incident raises several questions regarding federal and local cooperation on security matters, it has uncovered another issue of concern. The investigation of this matter has revealed that at least one FAA inspector attained his current position despite the fact that he had been charged with distribution of marijuana in the past. If we are going to set limits on private sector individuals who have access to secure airport areas, FAA employees must be held to similar standards. It would be sadly ironic if we raise the bar on the private sector, but then have lesser requirements for federal inspectors. Fortunately, the Inspector General is working with the Justice Department to investigate this situation more thoroughly and to determine if there may be a problem with other FAA inspectors. I will continue to follow this matter closely, and will pursue any remedies that may be necessary. Aviation security, like aviation safety, requires tremendous vigilance. We cannot let our efforts fall off for a moment. If we do, there may be dire consequences. Terrorists will definitely exploit our vulnerabilities, and they rarely telegraph their intentions. If there are flaws in the current system, I hope that we can all work together to fix the situation. Progress has been disappointingly slow in the past. Aviation security must remain a top priority for federal and aviation industry officials. I thank our witnesses for participating today and look forward to having their input on this critical subject matter. Prepared Statement of Hon. Ernest F. Hollings, U.S. Senator from South Carolina Good morning and thank you, Senator Hutchison, for chairing this important hearing. We all know that aviation security is an essential part of our overall air transportation system, however, it is something which we often take for granted. Thus, I am pleased that we are here today. Terrorism is an ever evolving threat, and to meet its challenge we must also change. I just returned from the Middle East and we talked a lot about security threats. Today, we know that the threat of terrorism has changed. First, it is no longer only a threat from abroad. We have terrorists living in the United States and people crossing over our borders to do harm. Oklahoma City and Pan Am 103 will live with us forever. We are also vulnerable to people like Ramzi Yousef who was convicted of masterminding the bombing of the World Trade Center. At the time he was apprehended, he was planning to blow up 11 U.S. airliners over the Pacific Ocean. The second change in terrorism is that it is common to find independent operators, either individuals or small groups, i.e. Ted Kaczynski. In light of this, aviation security is more critical than ever. In terms of the actual screening of passengers, the pre-boarding security screeners are a Maginot line between safety and those with ill intent. Although they are hard working and often dedicated, the turnover rate at most airports is over 100%. At one airport in particular, it was recently over 400%. A seasoned screener pool is essential to effective screening. However, nowadays it is very difficult to find a screener with more than a couple of months of experience at these airports. Consequently, the Department of Transportation Inspector General's office (DOT IG) and the General Accounting Office (GAO) have expressed concerns about screener performance. In the Federal Aviation Reauthorization Act of 1996, Congress mandated that the FAA conduct a study to determine whether the air carriers should relinquish their responsibility of administering security measures, with respect to passengers, service, flight crew, and cargo, over to the federal or state governments, either directly or through the airports. In the view of DOT, air carriers should retain their role in screening, and improve their participation in the security process. In this regard, they must improve security screener performance. Fortunately FAA, whose mission is to protect the traveling public and ensure the integrity of the civil aviation system, has worked to find a solution. It is attempting to raise the performance bar for the screener companies by requiring certification. Screeners will be tested and their employers will be dependent on their performance. Good equipment is essential to pre-boarding screeners and airline employees screening checked baggage. I look forward to hearing about the innovations in detection and increase in deployment. I am particularly interested in the explosive detection system and how we may need to increase screening. In light of my recent travel to the Middle East--I'm interested in knowing how the FAA, the Department of State and the Department of Transportation coordinate their security efforts. I also hope that we will have the opportunity to touch on the transport of hazardous material today. In FAIR-21, which was signed by President Clinton yesterday, more money is provided for safety inspectors. We all agree that the tragic crash of ValuJet in the Florida Everglades should never be repeated. Surely, increased vigilance and awareness are essential. Finally, a good strong working relationship among the FAA, the airports, and the air carriers is essential to aviation security. Recently, an FAA inspector was arrested at Dulles Airport while completing his duties. This incident indicates that better coordination is needed among the FAA, the air carriers, and the airports. Security is a team effort. It is my understanding that negotiations are ongoing to prevent the reoccurrence of this type of mishap. The issues which we will address today are ones which we have addressed in the past, but they are far from resolved. I look forward to hearing from our expert witnesses. Prepared Statement of Hon. Richard H. Bryan, U.S. Senator from Nevada The maintenance of our aviation security systems in the United States is of extreme importance. We are here today to discuss the current status of our security screening equipment that is relied upon at each of our airports as the last line of defense in preventing weapons or explosives from being used to harm the public on our commercial airlines. Madame Chairwoman, I would like to thank you for addressing this very important issue which concerns the safety of so many people each and every day. In 1988, the world witnessed the devastating affects of terrorism as Pan Am Flight 103 became the target of terrorism that claimed the life of 259 passengers and an additional 11 people on the ground. This tragedy was not the result of a weapon, but a small amount of Semtex, an extremely powerful explosive, that was hidden in a cassette recorder packed in a suitcase. For the past twelve years since this accident, the Administration and Congress have changed the focus from guns to explosives to ensure that future tragedies are averted. Many of the steps that both the Administration and Congress have pursued include: Passage of the Aviation Security Improvement Act (ASIA) of 1990 which required the FAA to begin an accelerated 18-month research and development effort to find an effective explosive detection system (EDS); following the TWA Flight 800 disaster, the creation of the Commission on Aviation Safety and Security in 1996 which developed 20 specific recommendations for improving security including the CAPS (The Computer-Assisted Passenger Screening System) for passenger profiling; the 1996 FAA Act which directed the FAA to improve screener performance, including certifying screening companies; and most recently, the FAA proposed a Notice of Proposed rulemaking that would require certification of screening companies. Each one of these actions has been a step in the right direction, but in my mind there are still problems that need to be addressed. Technologically, many advancements have been made that will contribute to our goal of maintaining passenger safety, such as the development and implementation of a new generation of x-ray machines that are able to pick up explosive devices, and the use of various Explosive Detection Systems (EDS). However, our screening practices in the United States still remain far behind that of our European counterparts. The average annual screener turnover rates in the U.S. exceed 100% per year in most major airports and up to 400% per year at one airport in particular. It is apparent that we in the U.S., who are striving to achieve the highest level of security, are not requiring the necessary training and experience to carry out such a vital role. Currently, the average wage for screeners in the U.S. averages $5.75 per hour and some do not receive fringe benefits. As a point of contrast, the European screener personnel receive significantly more training and higher salaries than screeners in the U.S. and receive comprehensive benefits. Many screeners in Europe also have more screening experience on average than their U.S. counterparts. As a result screeners in many European countries have been able to detect more than twice as many test objects as screeners in the U.S. Madam chairman, this is an obvious problem that needs to be addressed. We may advance years ahead in technological equipment, but without properly trained and experienced personal, such equipment is useless. I believe that the recent proposed rulemaking by the FAA will make a positive contribution to the current screening practices through the mandatory certification of screening companies who will be held to a specific set of standards. However, the FAA has declined to require the certification of individual screeners believing that they do not have the statutory authority under Title 49 of the FAA Reauthorization Act of 1996. Currently, the air carriers have the responsibility to conduct screening, and the proposed rulemaking will set standards that they must adhere to and would make the carriers accountable for any failures. This is a step forward, but I also believe that the FAA must specifically address the issue of turnover in the final rulemaking that is directly linked to the experience that the screeners use in this vital security role. Better training combined with better wages and benefits will ultimately provide better screening security. In addition to screening, we must also ensure security procedures are followed in our nations airports. On November 18, 1999, the Department of Transportation Inspector General released the Airport Access Control report. This report was the result of physically testing various airports in the U.S. for laps is security in both sterile (areas in which people must first pass through screening) and non- sterile areas (pre-screening areas such as ticketing). Frankly, the results were shocking:Of the 173 attempts to penetrate both non-sterile and sterile areas of the airport, 117 (68 percent) were successful. Once penetration was established in secure areas, the inspectors boarded aircraft operated by 35 different air carriers 117 times. For the 117 aircraft boarded as a result of penetrating into secure areas: --In 43 (37%) boardings, no air carrier personnel were onboard to ensure security of the aircraft as required by security programs. --In 43 (37%) boardings, employees (flight crews, maintenance staff, food service workers, and other vendor personnel) were onboard but did not challenge as required. --In 13 (11%) boardings, air carrier personnel were present and challenged the inspectors inside the aircraft more than 3 minutes after the boarding (FAA uses 3 minutes as the threshold for determining whether an aircraft was successfully penetrated). --In only 18 (15%) boardings, air carrier personnel were present and properly challenged the inspectors inside the aircraft within 3 minutes. --In 12 instances, the inspectors were seated and ready for departure at the time the test was concluded. Madam Chairman, I am happy to be here today to see how far we have come with many of our aviation security issues, but I still feel there is much work to be done to ensure safety in the future. Prepared Statement of Hon. Slade Gorton, U.S. Senator from Washington Thank you, Senator Hutchison. I appreciate your chairing of this hearing. I know that aviation security has long been an interest of yours, and I applaud your continuing efforts on this subject. Since a terrorist's bomb brought down Pan Am Flight 103 over Scotland, the U.S. has been acutely aware of the modern threats to civil aviation. Prior to that tragic incident, hijackings were the primary concern. Now we are focused on more sophisticated and potentially catastrophic threats. The Cold War may be over but the United States still has enemies. While we have been relatively fortunate in avoiding terrorism on our own soil, we cannot let our guard down. In fact, it was just last December in my home State of Washington where an individual was arrested at the Canadian border with more than 100 pounds of bomb- making supplies and a sophisticated detonating device. Although that incident has not been linked to aviation, the threats to the U.S. are real and close to home. There is little doubt that aviation makes an attractive target both here and abroad. As with most important aviation initiatives, security is a cooperative effort involving the airlines, the airports, and the Federal Aviation Administration (FAA). The airlines and airports are the ones who bear primary responsibility for keeping passengers and aircraft secure from criminals and terrorists. But the FAA plays the critical role of setting standards and providing oversight. The FAA should also be responsible for developing a comprehensive, strategic plan to guide the efforts of everyone involved. I understand that the DOT Inspector General's office and other experts have been critical of the FAA for not having such a plan. I hope to hear today from the FAA about what the agency is doing with respect to this issue. Cooperation may be an indispensable part of the process, but the airlines, airports, and traveling public look to the FAA for leadership. While the FAA has had varying levels of success with individual programs and projects, it is important that all the separate initiatives be part of an integrated whole. The prepared testimonies of today's witnesses do not present an entirely reassuring picture of the state of aviation security today. While there have been improvements since Congress last took action in 1996, certain aspects of the security effort appear to be falling short. It is vital that any deficiencies in the aviation security system be addressed quickly. Those who would do harm to the U.S. and its interests are not known to be forgiving of vulnerabilities and weaknesses. I thank each of our witnesses for being here and look forward to exploring this critical issue further. STATEMENT OF GERALD DILLINGHAM, ASSOCIATE DIRECTOR, TRANSPORTATION AND TELECOMMUNICATIONS ISSUES, RESOURCES, COMMUNITY, AND ECONOMIC DEVELOPMENT DIVISION, U.S. GENERAL ACCOUNTING OFFICE Mr. Dillingham. Thank you, Madam Chair, for the opportunity to be here this morning to discuss some of the aviation security work that we have done for this Committee and other committees of the Congress. This morning, I am going to focus on two security areas, air traffic control, and pre-board passenger screening. With regard to ATC security, 2 years ago we completed a study of several critical ATC security areas, including physical security at ATC facilities, and the security of current and future ATC systems. Our overall conclusion was that FAA was ineffective in all of the critical areas included in our review. For example, we found that a significant proportion of the Nation's ATC facilities did not meet FAA's own standards for physical security. We also found that FAA had not performed the necessary analysis to determine security weaknesses for a significant proportion of the current ATC systems. We also found the beginnings of similar problems with the computer-based systems that would be a part of the soon-to-be- modernized ATC system. The good news is that as a result of our report, the agency has begun to address these problems. The not-so-good news is that serious problems remain. Just 4 months ago, we reported that FAA allowed unvetted personnel, including dozens of foreign nationals, access to critical ATC computer codes to make and review Y2K fixes. With regard to screener performance, Madam Chair, because of the sensitive nature of the data about the effectiveness of pre-board passenger screening, we cannot provide those details in this public forum. Suffice it to say that performance is far from an acceptable level in what some have called the last line of defense for aviation security. Our review also looked at the causes and potential solutions to performance problems. We found that two of the most important causes of performance problems are rapid turn- over rates and the inattention paid to the human factors issues involved in screener work. Turnover exceeds 100 percent a year at most large airports and it has topped 400 percent at one of the busiest airports in the nation. For example, at one airport we visited, nearly 1,000 screeners had been trained during the course of 1 year. At the end of that year, only 140 were left. The effect of this kind of turnover is to have fewer experienced screeners at the checkpoints. It also has the effect of lessening the potential impact of the sophisticated and expensive screening equipment that the Federal Government is funding and deploying at the Nation's airports. We believe that the main reasons for these kinds of turnover rates are low wages and the few benefits that screeners receive, and maybe equally important are the human factor elements of the job itself. FAA now has several initiatives underway to address screener performance problems. These initiatives include establishing a screening company certification program, and installing a system called TIP, for automated monitoring of screener performance. Additionally, FAA is establishing goals for improving performance in accordance with the Government Performance and Results Act. FAA is also developing a battery of tests that can be used by screening companies to improve the selection and training of screener candidates. Unfortunately, none of these initiatives has been fully implemented, and most are behind schedule. For example, the screening company certification program is 2 years behind schedule, and will not begin implementation until 2002, and partially as a result of these delays FAA is also falling short in meeting its screener improvement goals. Another aspect of our work is a search for potential practices or lessons learned for improving performance. In our visits to several other countries, we found that in most countries screeners are required to have more extensive qualifications, meet higher training standards, screeners are paid more, and benefits are provided. Organizationally, these countries generally place the responsibility for screening with airports or the Government, instead of air carriers, as in the United States. The question, of course, is, does it make a difference? The answer is, maybe. The five countries we visited had significantly lower screener turnover and may have better screener performance. I say may have, because there is very little evidence that we had to examine about this particular issue, but the one example that we do have is a joint screener test between the United States and a European country, where the European screeners detected over twice as many test objects as the American screeners. We recognize that screener performance problems do not fall solely on the shoulders of FAA. The responsibility for certain conditions, such as rapid turnover, more appropriately rests with the air carriers and the screening companies. Nevertheless, Madam Chair, FAA does have a leadership responsibility not only for improving screener performance but also for improving the overall state of aviation security. In our view, the actions that FAA has currently underway are steps in the right direction and, when fully implemented, may provide the needed improvement. However, Madam Chair, it is critical that the Congress maintain vigilant oversight over FAA's efforts to ensure that it fully implements these initiatives in a timely fashion. Thank you. [The prepared statement of Mr. Dillingham follows:] Prepared Statement of Gerald Dillingham, Associate Director, Transportation and Telecommunications Issues, Resources, Community, and Economic Development Division, U.S. General Accounting Office Mr. Chairman and Members of the Subcommittee: We appreciate the opportunity to be here today to discuss the security of the nation's air transport system. The air transport system is vital to our nation's prosperity, and protecting this system from terrorist attacks or other dangerous acts remains an important national issue. Events over the past decade have shown that the threat of terrorism against the United States is an ever-present danger and, coupled with the fact that aviation is an attractive target for terrorists, indicate that the security of the air transport system remains at risk. Protecting this system demands a high level of vigilance because a single lapse in aviation security can result in hundreds of deaths, destroy equipment worth hundreds of millions of dollars, and have immeasurable negative impacts on the economy and the public's confidence in air travel. Our testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems--and the information within--are the crucial link for providing information to air traffic controllers and aircraft flight crews to ensure the safe and expeditious movement of aircraft. Screening checkpoints and the screeners who operate them provide the means to ensure that passengers and others do not bring dangerous items aboard aircraft. Our testimony is based on issued reports on computer security and on work that we have under way on checkpoint screeners that we are conducting at this Subcommittee's request. Our report on checkpoint screeners will be issued shortly. In summary, Mr. Chairman, our work has identified security problems in both the air traffic control computer systems and in the performance of checkpoint screeners: A report we issued in 1998 detailed weaknesses in critical computer security areas, including the physical security at facilities that house air traffic control systems and the management of security for operational computer systems. For example, FAA had not assessed the physical security at a large portion of its air traffic control facilities and had not performed the necessary threat analyses for 87 of its 90 operational air traffic control computer systems in the 5 years prior to our review. FAA has since initiated actions to resolve the problems we identified in these instances; however, in December 1999, we reported that FAA was still not following its own security requirements as it failed to conduct the required background searches on contractor employees reviewing and repairing critical computer system software. FAA and the airline industry have made little progress in improving the effectiveness of airport checkpoint screeners. Screeners are not adequately detecting dangerous objects, and long-standing problems affecting screeners' performance remain, such as the rapid screener turnover and the inattention to screener training. FAA's efforts to address these problems are behind schedule. For example, FAA is 2 years behind schedule in issuing a regulation that would implement a congressionally mandated requirement to certify screening companies and improve the training and testing of screeners. Partially as a consequence of its delays, FAA has not attained its fiscal year 1999 Government Performance and Results Act goals for improving screener performance. Five countries we visited had different screening practices and significantly lower screener turnover and may have better screener performance. One country's screeners detected over twice as many test objects in a joint testing program that it conducted with FAA. The security problems we have found would by themselves be cause for concern. Unfortunately, Mr. Chairman, the problems we have identified are not unique. Problems identified by others, such as the Department of Transportation's Inspector General, point out weaknesses in a number of other key aviation protection measures. Taken together, these problems show the chain of security protecting our aviation system has not one but several weak links. It must be recognized that the responsibility for these problems does not fall on the shoulders of FAA alone. The aviation industry is responsible for undertaking the security measures at airports and many of the problems identified--such as rapid screener turnover--more appropriately rest with it. The fact that there have been no major security incidents in recent years--such as the 1988 bombing of Pan Am Flight 103--could breed an attitude of complacency. Maintaining or improving aviation security in such an environment is more challenging. However, serious vulnerabilities in our aviation security system exist and must be adequately addressed. We expressed concern 2 years ago that the momentum of aviation security improvements must not be lost, and we express that concern again today. Continual congressional oversight will be needed to hold the aviation community accountable for establishing and achieving specific improvement goals and changes. Background Before I discuss these issues in greater detail, it is important to place some perspective on the nation's aviation security system. Providing security to the nation's aviation system is a complex and difficult task because of the size of the U.S. system, the differences among airlines and airports, and the unpredictable nature of terrorism or criminal acts. The U.S. civil aviation system comprises hundreds of commercial airports, thousands of aircraft, and tens of thousands of flights each day that transport over 2 million passengers. FAA has hundreds of facilities throughout the country that monitor and direct the flow of aircraft to ensure they arrive safely at their intended destination. Providing security to such a vast and diverse system can be a daunting challenge. Yet the need for strong aviation security grows every day. The threat of terrorism against the United States remains high and, as evidenced by the 1995 discovery of a plot to bomb as many as 11 U.S. airliners, civil aviation is an attractive target. More recent events such as the December 1999 apprehension at the Canadian border of a suspected terrorist with bomb components, including some small enough to be brought onto an aircraft, reaffirm the need for concern. Other threats such as ``air rage''--those hostile or possibly criminal acts that occur onboard aircraft--are on the increase and could be potentially catastrophic if dangerous objects, such as weapons, were to be involved. In the past month alone, there have been two such incidents in which passengers attacked pilots in the cabins of airborne flights. Finally, a growing threat--computer hackers--has evolved that could threaten the security of aircraft or the entire national airspace system. If hackers are able to penetrate the air traffic control system, they could attack the computer systems used to communicate with and control aircraft, potentially causing significant economic problems and placing aircraft at risk. The threat of terrorist or other acts against aircraft have led to numerous calls for improvements that address the vulnerabilities in the aviation system. During the last decade, two presidential commissions have reviewed and reported on problems with various aspects of aviation security, and two major laws have been enacted that required actions to improve security measures. Additionally, the Congress provided about $1 billion to FAA over the last 4 fiscal years to carry out its civil aviation security program, including over $340 million for the purchase and deployment of security equipment at U.S. airports. ATC Computer Security Securing the air traffic control (ATC) computer systems that provide information to controllers and flight crews is critical to the safe and expeditious movement of aircraft. Failure to adequately protect these systems, as well as the facilities that house them, could cause nationwide disruption of air traffic or even loss of life. Moreover, malicious attacks on computer systems are becoming an increasing threat, and it is essential that FAA ensure the integrity and availability of the ATC computer systems and protect them from unauthorized access. Numerous laws as well as FAA's policy require that these systems be adequately protected. However, as we reported in May 1998, FAA had been ineffective in four critical computer security areas we reviewed.\1\ The first of these areas was physical security at key ATC facilities, such as towers and en route centers, where known weaknesses existed. For example, contractor employees were given unrestricted access to sensitive areas without required background investigations. In addition, at many facilities, the extent of weaknesses was unknown because FAA did not follow its own security policy and did not conduct the required physical security assessments from 1993 to 1998 at a large portion of its ATC facilities. --------------------------------------------------------------------------- \1\ Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety (GAO/AIMD-98-155, May 18, 1998). --------------------------------------------------------------------------- Second, FAA had not ensured the security of operational ATC systems. FAA's policy requires that all ATC systems be assessed for risk, certified that they comply with FAA's requirements, and accredited by FAA management once the appropriate security safeguards have been implemented. However, of 90 operational ATC systems, only 3-- less than 4 percent--were certified and none was accredited. Additionally, security assessments for ATC telecommunications systems were similarly lacking. Eight of nine telecommunications systems were not assessed despite the fact that FAA's 1994 Telecommunications Strategic Plan stated that ``vulnerabilities that can be exploited in aeronautical telecommunications potentially threaten property and public safety.'' Third, FAA was not adequately managing security for new ATC systems. Because FAA had no security architecture, security concept of operations, or security standards, the implementation of security requirements for ATC development efforts were ad hoc and sporadic. Of the six system development efforts we reviewed, only four had security requirements, and of these, only two were based on risk assessments. Without security requirements based on sound risk assessments, FAA lacks assurance that future ATC systems will be protected from attack. Fourth, FAA's management structure was not effectively implementing and enforcing computer security policy. Responsible offices did not adequately implement and enforce security policy, and FAA lacked a central point for enforcing security. In particular, FAA did not have a Chief Information Officer (CIO) reporting directly to the FAA Administrator, a management structure consistent with Clinger-Cohen Act requirements. As a result of our work, FAA has initiated efforts to address all four computer security problem areas. For example, it has inspected the facilities it had not assessed since 1993, and it has established a CIO position with responsibility for developing, implementing, and enforcing the agency's security policy. Nevertheless, weaknesses continue in FAA's efforts to maintain effective computer security. In December 1999, we reported that FAA was still not following its own security requirements.\2\ We found FAA used contractor employees to make Year 2000 repairs to mission-critical ATC systems and to review these systems' software without the required background searches being performed. In one case, we found that no background searches were performed on 36 foreign nationals who had access to copies of critical ATC systems' source code. As a result of not following its own security requirements, FAA increased the risk of inappropriate individuals gaining access to, and knowledge of, its facilities, information, and resources. Consequently, the ATC system may now be more susceptible to intrusion and malicious attacks. We are currently following up on the status of FAA's efforts to resolve the computer security problems we identified as part of an ongoing computer security review. --------------------------------------------------------------------------- \2\ Computer Security: FAA Needs to Improve Controls Over Use of Foreign Nationals to Remediate and Review Software (GAO/AIMD-00-55, Dec. 23, 1999). --------------------------------------------------------------------------- Checkpoint Screeners Not only have we found security problems at air traffic control facilities, but more significantly, we have found problems at the screening checkpoints at airports. The screening checkpoints and the screeners who operate them are a key line of defense against the introduction of dangerous objects into the aviation system. All passengers and their baggage must be checked for weapons, explosives, or other dangerous articles that could pose a threat to the safety of an aircraft and those aboard it. FAA and the air carriers share this responsibility. FAA prescribes the screening regulations and establishes the basic standards for the screeners, the equipment, and the procedures to be used, and the air carriers are responsible for screening passengers and their baggage before they are permitted into the secure areas of an airport or onto an aircraft. Air carriers can use their own employees to conduct screening activities, but for the most part, air carriers hire security companies to do the screening. The screeners detect thousands of dangerous objects each year. Over the past 5 years, they detected nearly 10,000 firearms being carried through checkpoints, according to FAA. Nevertheless, the screeners do not identify all threats, and instances occur each year in which weapons are discovered to have passed through a checkpoint. We found a number of cases in which passengers passed through checkpoints on the first flight of their trips and were subsequently found to have loaded guns at screening checkpoints prior to boarding connecting flights. Similarly, we are aware of two instances in which simulated explosive devices used for testing screeners passed through screening checkpoints and were placed aboard aircraft. Concerns have been raised for many years by us and by others about the effectiveness of the screeners and the need to improve their performance. In 1978, the screeners were not detecting 13 percent of the potentially dangerous objects FAA agents carried through checkpoints during tests--a level that was considered ``significant and alarming.'' In 1987, we found that screeners were not detecting 20 percent of the objects during FAA's tests.\3\ Two presidential commissions--established after the bombing of Pan Am Flight 103 in 1988 and the then-unexplained crash of TWA Flight 800 in 1996--as well as numerous reports by GAO and the Department of Transportation's Inspector General have highlighted problems with screening and the need for improvements. To rectify some of these problems, the Federal Aviation Reauthorization Act of 1996 mandated that FAA certify screening companies, improve the training and testing of the screeners, and develop performance standards. However, Mr. Chairman, problems with the screeners' performance remain a serious concern. Data on FAA's test results cannot be released publicly, but our research shows that the screeners' ability to detect objects during the agency's tests is not improving, and in some cases is worsening. --------------------------------------------------------------------------- \3\ Aviation Security: FAA Needs Preboard Passenger Screening Performance Standards (GAO/RCED-87-182, July 24, 1987). --------------------------------------------------------------------------- Screeners' Performance Problems Are Attributed to Rapid Turnover and Inattention to Human Factors There is no single reason why screeners fail to identify dangerous objects. Two conditions--rapid screener turnover and inadequate attention to human factors--are believed to be important causes. The rapid turnover among screeners has been a long-standing problem, having been singled out as a concern in FAA and GAO reports dating back to at least 1979. We reported in 1987 that turnover among screeners was about 100 percent a year at some airports, and today, the turnover is considerably higher.\4\ From May 1998 through April 1999, turnover averaged 126 percent among screeners at 19 large airports, with 5 airports reporting turnover of 200 percent or more and 1 reporting turnover of 416 percent. At one airport we visited, of the 993 screeners trained there over about a 1-year period, only 142, or 14 percent, were still employed at the end of that year. Such rapid turnover can seriously affect the level of experience among the screeners operating a checkpoint. Appendix I lists the turnover rates for screeners at 19 large airports. --------------------------------------------------------------------------- \4\ GAO/RCED-87-182, July 24, 1987. --------------------------------------------------------------------------- Both FAA and the aviation industry attribute the rapid turnover to the low wages the screeners receive, the minimal benefits, and the daily stress of the job. Generally, screeners get paid at or near the minimum wage. We found that some of the screening companies at many of the nation's largest airports paid screeners a starting salary of $6 an hour or less, and at some airports the starting salary was the minimum wage--$5.15 an hour. It is common for the starting wages at airport fast-food restaurants to be higher than the wages the screeners receive. For instance, at one airport we visited, the screeners' wages started as low as $6.25 an hour, whereas the starting wage at one of the airport's fast-food restaurants was $7 an hour. The human factors associated with screening--those work-related issues that are influenced by human capabilities and constraints--have also been noted by FAA as problems affecting performance for over 20 years. Screening duties require repetitive tasks as well as intense monitoring for the very rare event when a dangerous object might be observed. Too little attention has been given to factors such as (1) individuals' aptitudes for effectively performing screening duties, (2) the sufficiency of the training provided to the screeners and how well they comprehend it, and (3) the monotony of the job and the distractions that reduce the screeners' vigilance. As a result, screeners are being placed on the job who do not have the necessary abilities, do not have adequate knowledge to effectively perform the work, and who then find the duties tedious and unstimulating. FAA Is Making Efforts to Address Causes of Screeners' Performance Problems, but Progress Has Been Slow FAA has demonstrated that it is aware of the need to improve the screeners' performance by conducting efforts intended to address the turnover and human factors problems and by establishing goals with which to measure the agency's success in improving performance. The efforts include establishing a threat image projection system to keep screeners alert and to monitor their performance; a screening company certification program; and screener selection tests, computer-based training, and readiness tests. FAA's implementation of these efforts, however, has encountered substantial delays and is behind schedule. I would like to focus on two key efforts, the threat image projection system and the screening company certification program, and then discuss FAA's progress in achieving its goals for improved screener performance. The Threat Image Projection System FAA is deploying an enhancement to the x-ray machines used at the checkpoints called the threat image projection (TIP) system. As screeners routinely scan passengers' carry-on bags, TIP occasionally projects images of dangerous objects like guns and explosives on the x- ray machines' screens. The screeners are expected to spot the objects and signal for the bags to be manually searched. Once prompted, TIP indicates whether an image is of an actual object in a bag or was generated by the system and also records the screeners' responses, providing a measure of their performance while keeping them more alert. By frequently exposing screeners to what dangerous objects look like on screen, TIP will also provide continuous on-the-job training. FAA is behind schedule in deploying this system. It had planned to begin deploying 284 units to 19 large airports in April 1998. But as a result of hardware and software problems, FAA dropped its plans to install the units on existing x-ray machines nationwide. Instead, in mid-2000, it will begin purchasing and deploying 1,380 new x-ray machines already equipped with the TIP system. FAA expects to have the system in place at the largest airports by the end of fiscal year 2001 and at all airports by the end of fiscal 2003. Unfortunately, the delays in the TIP system's deployment have impeded another key initiative to improve the screeners' performance: the certification of screening companies. The Certification of Screening Companies In response to a mandate in the Federal Aviation Reauthorization Act of 1996 and a recommendation from the 1997 White House Commission on Aviation Safety and Security, FAA is creating a program to certify the security companies that staff the screening checkpoints. The agency plans to establish performance standards--an action we recommended in 1987 \5\--that the screening companies will have to meet to earn and retain certification. It will also require that all screeners pass automated readiness tests after training and that all air carriers have TIP units on the x-ray machines at their checkpoints so that the screeners' performance can be measured to ensure FAA's standards are met. FAA believes that the need to meet certification standards will give the security companies a greater incentive to retain their best screeners longer and so will indirectly reduce turnover by raising the screeners' wages and improving training. Most of the air carrier, screening company, and airport representatives we contacted said they believe certification has the potential to improve the screeners' performance. --------------------------------------------------------------------------- \5\ GAO/RCED-87-182, July 24, 1987. --------------------------------------------------------------------------- FAA plans to use data from the TIP system to guide it in setting its performance standards, but because the system will not be at all airports before the end of fiscal year 2003, the agency is having to explore additional ways to set standards. FAA plans to issue the regulation establishing the certification program by May 2001, over 2 years later than its earlier estimated issue date of March 1999. According to FAA, it has needed more time to develop performance standards and to develop and process a very complex regulation. The first certification of screening companies is expected to take place in 2002. FAA's Goals for Screeners' Performance As required by the Government Performance and Results Act, FAA established goals in 1998 for improving screeners' detection of test objects carried through metal detectors and concealed in carry-on baggage. FAA views specific data relating to these goals, as well as other information relating to screeners' detection rates, to be too sensitive to release publicly. However, it can be said that, in part because of the delays in implementing its screener improvement efforts, the agency did not meet its first-year goals for improving screener performance. FAA acknowledged that it did not meet its fiscal year 1999 improvement goal for detecting dangerous objects carried through metal detectors, but it believed that it had nearly met its goal for improving their detection in carry-on baggage. However, we found flaws in FAA's methodology for computing detection rates, and that, in fact, the goal was not met. We have discussed our findings with FAA, and as result of our findings and the delays in its initiatives, the agency is revising its goals. We are encouraged that FAA is currently developing an integrated checkpoint screening management plan to better focus its efforts and meet its goals for improving the screeners' performance. According to FAA officials, the plan, which is still in draft form, will (1) incorporate FAA's goals for improving the screeners' performance and detail how its efforts relate to the achievement of the goals; (2) identify and prioritize checkpoint and human factors problems that need to be resolved; and (3) provide measures for addressing the performance problems, including related milestone and budget information. Moreover, the draft plan will consolidate the responsibility for screening checkpoint improvements under a single program manager, who will oversee and coordinate efforts at FAA headquarters, field locations, and the agency's Technical Center in Atlantic City, New Jersey. FAA expects the plan to be completed in April 2000 and to be continuously updated based on its progress. Screening Practices in Five Other Countries Differ From U.S. Practices To identify screening practices that differ from those in the United States, we visited five countries--Belgium, Canada, France, the Netherlands, and the United Kingdom--viewed by FAA and the aviation industry as having effective screening operations. These countries also have significantly lower screener turnover than the United States-- about 50 percent or lower. We found some significant differences in four areas: screening operations, screeners' qualifications, screeners' pay and benefits, and institutional responsibility for screening. First, screening operations in some countries are more stringent. For example, Belgium, the Netherlands, and the United Kingdom routinely touch or ``pat down'' passengers in response to metal detector alarms. Additionally, all five countries allow only ticketed passengers through the screening checkpoints, thereby allowing the screeners to more thoroughly check fewer people. Some countries also have a greater police or military presence near checkpoints. In the United Kingdom, for example, security forces--often armed with automatic weapons-- patrol at or near checkpoints. At Belgium's main airport, a constant police presence is maintained at one of two glass-enclosed rooms directly behind the checkpoints. Second, the screeners' qualifications are usually more extensive. For example, in contrast to the United States, Belgium requires screeners to be citizens, while France requires screeners to be citizens of a European Union country. In the Netherlands, screeners do not have to be citizens, but they must have been residents of the country for 5 years. Moreover, while FAA requires that screeners in this country have 12 hours of classroom training, Belgium, Canada, France, and the Netherlands require more. France requires 60 hours of training, and Belgium requires at least 40 hours with an additional 16 to 24 hours for each activity, such as x-ray machine operations, the screener will conduct. Third, the screeners receive relatively better pay and benefits in most of these countries. While in the United States screeners receive wages that are at or slightly above minimum wage, screeners in some countries receive wages that they view as being ``middle income.'' In the Netherlands, for example, screeners receive at least the equivalent of about $7.50 per hour. This wage is about 30 percent higher than wages at fast-food restaurants. In Belgium, screeners receive about $14 per hour. Screeners in some countries also receive some benefits, such as health care or vacations, as required under the laws of these countries. Finally, the responsibility for screening in most of these countries is placed with the airport or with the government, not with the air carriers as it is in the United States. In Belgium, France, and the United Kingdom, the responsibility for screening has been placed with the airports, which either hire screening companies to conduct the screening operations or, as at some airports in the United Kingdom, hire screeners or manage the checkpoints themselves. In the Netherlands, the government is responsible for passenger screening and hires a screening company to conduct checkpoint operations, which are overseen by a Dutch police force. Because each country follows its own unique set of screening practices, and because data on screener performance in each country were not available to us, it is difficult to measure the impact of these different practices, either individually or jointly, on improving screeners' performance. Nevertheless, there are indications that in at least one country, the practices may help to improve the screeners' performance. This country conducted a testing program jointly with FAA that showed that the other country's screeners detected over twice as many test objects as did the screeners in the United States. We note that practices similar to those in other countries have been proposed in the United States. The Chicago Department of Aviation, which operates Chicago-O'Hare International Airport, has advocated moving the responsibility for screening to airports, hiring screening companies under a model similar to that used by the General Services Administration to contract for security services, and having universities conduct more extensive and independent screener training programs. In response to a requirement of the Federal Aviation Reauthorization Act of 1996, FAA did evaluate options for moving screening responsibilities to airports or the federal government. The agency said that it found no consensus for moving these responsibilities to other parties, and consequently the responsibility for screening remains with the air carriers. Summary Many vulnerable areas in the aviation system need strong protection. Unfortunately, Mr. Chairman, the problems we have identified in two of these areas are not unique. Others such as the Department of Transportation's Inspector General and the National Research Council have identified other problems with the security controls in and around airports, the implementation of security procedures, and the use and effectiveness of new equipment intended to better assist in identifying threats. Taken together, these problems point out that effective security for our nation's aviation system has not yet been achieved. It is often said that a chain is only as strong as its weakest link; in the case of aviation security, there are still many weak links. It must be recognized that these weak links are not the responsibility of FAA alone. The responsibility for certain conditions, such as the rapid screener turnover, more appropriately rests with the air carriers and screening companies. It will, therefore, take the cooperation of the aviation industry to put into place the actions needed to improve security. In closing, Mr. Chairman, the fact that there has been no major security incident in the United States or involving a U.S. airliner in nearly a decade could breed an attitude of complacency in improving aviation security. Improving security in such an environment is more challenging and difficult. Two years ago, in another testimony before the Congress, we expressed a similar concern in stressing that the momentum of aviation security improvements must not be lost. Given the extent of the problems, we must reiterate this concern and believe that continuing congressional oversight in holding FAA and the aviation industry accountable for improving the aviation security will be critical to the full achievement of a safe and secure air transportation system. Mr. Chairman, this concludes my prepared statement. I will be pleased to answer any questions that you or Members of the Subcommittee may have. Appendix I Screener Turnover Rates at 19 Large Airports May 1998-April 1999 ---------------------------------------------------------------------------------------------------------------- Annual turnover City (airport) rate (percentage) ---------------------------------------------------------------------------------------------------------------- Atlanta (Hartsfield Atlanta International) 375 Baltimore (Baltimore-Washington International) 155 Boston (Logan International) 207 Chicago (Chicago-O'Hare International) 200 Dallas-Ft. Worth (Dallas/Ft. Worth International) 156 Denver (Denver International) 193 Detroit (Detroit Metro Wayne County) 79 Honolulu (Honolulu International) 37 Houston (Houston Intercontinental) 237 Los Angeles (Los Angeles International) 88 Miami (Miami International) 64 New York (John F. Kennedy International) 53 Orlando (Orlando International) 100 San Francisco (San Francisco International) 110 San Juan (Luis Munoz Marin International) 70 Seattle (Seattle-Tacoma International) 140 St. Louis (Lambert St. Louis International) 416 Washington (Washington-Dulles International) 90 Washington (Ronald Reagan Washington National) 47 Total 126 ---------------------------------------------------------------------------------------------------------------- Source: FAA. Senator Hutchison. Thank you, Mr. Dillingham. Hon. Cathal Flynn, the Associate Administrator for Civil Aviation Security at the FAA. Admiral Flynn. STATEMENT OF HON. CATHAL FLYNN, ASSOCIATE ADMINISTRATOR FOR CIVIL AVIATION SECURITY, FEDERAL AVIATION ADMINISTRATION Admiral Flynn. Madam Chair, thank you for the opportunity to speak with you today on the issue of aviation security. I would like to briefly summarize some of our recent efforts to enhance the security of our aviation system. The threat to our Nation's aviation community has not diminished. This remains a dangerous world. Although we have made significant progress, Governments, airlines, and airports must continue to work cooperatively to achieve safe and secure air transportation worldwide. Incidents worldwide of unlawful interference with civil aviation--that is, hijackings and sabotage--have decreased over the last 20 years, while the number of flights and enplanements has increased very substantially. But, as was graphically demonstrated by the recent hijacking of an Air India aircraft in which one passenger was murdered, the threat remains very real. We are focusing our efforts on the screening of passengers and cargo in order to ensure that unlawful or dangerous weapons, explosives, or other dangerous substances are not carried on aircraft. In response to both the White House Commission on Aviation Safety and Security, and to direction and guidance from this Committee in the 1996 FAA Reauthorization Act, we have developed a draft rule to improve screening efforts. We published the Notice of Proposed Rulemaking in early January. We have held two public listening sessions in Washington and San Francisco, and a third is being conducted today in Fort Worth. The public comment period will end on May 4, and we expect the rule to become final within a year subsequent to that. The proposed rule would require the certification of all screening companies, specifies training requirements for screeners, and establishes requirements for the use of screening equipment. It would require screeners to use threat image projection (TIP), or TIP-equipped x-ray systems and explosives detection systems (EDS). A TIP system electronically inserts images of possible threats, like guns, knives, explosive devices, on x-ray or explosives detection system monitors. Its purpose is to provide training, keep screeners alert, and very importantly, to be able to measure performance accurately. We believe high scores in detecting TIP images will equate to a high probability of detecting real bombs. We will continue to closely monitor TIP's capabilities in the operational environment, making necessary adjustments as we gain more experience with this technology. Screeners must be given the best tools available to do the job, and must be trained to use them properly. Foremost among the tools are explosives detection systems. EDS installation and utilization remain among our greatest concerns. These systems have proven their effectiveness in detecting the amounts and types of explosives likely to be placed in checked baggage or small packages carried as cargo or baggage on commercial passenger aircraft. Similarly, explosives trace detection devices have been shown to be effective in discovering even the smallest amounts of explosives in carry-on bags and articles. Until we have the technology to screen all checked bags with explosive detection systems, without causing intolerable delays in processing passengers, we must continue to focus intelligently on a smaller segment of bags. The successful CAPPS program--CAPPS stands for computer-assisted passenger prescreening system--allows us to focus on a manageable population of passengers. CAPPS is a computerized system that essentially selects passengers whose checked baggage will be subject to further security measures. The system uses parameters developed within the counterterrorism, intelligence and law enforcement communities which have been found by the Justice Department to be nondiscriminatory and to meet Fourth Amendment standards. Another area of increasing importance is air cargo. Cargo screening is improving steadily. We have strengthened the cargo security standards for all passenger air carriers and air freight forwarders by narrowing the definition of a known shipper and focusing security resources on unknown shippers. In September 1999, changes to United States and foreign air carrier security programs, and indirect air carrier--that is freight forwarder--security programs became effective. In addition, on-board couriers are now required to declare themselves to the air carrier, thus assuring that their bags will be properly secured. Access control is another important issue of concern. The DOT Inspector General and GAO audits have properly noted industry's problems in performing FAA-required access control measures and background checks of their employees. More needs to be done by FAA and the airports in these areas. We are working with airport operators and air carriers to implement and strengthen existing controls to eliminate access control weaknesses. A particularly intensive round of access control tests started on February 7, 2000, and will continue at some frequency indefinitely. Performance has improved. Now, there are many other aspects of our security program, from the high tech million-dollar explosives detection systems, to Federal Air Marshals, who fly on a high number of our flights armed, to protect against hijackings. There are also less dramatic things, such as the explosive detection canine program. Following direction in the Reauthorization Act and of the White House Commission, the number of canine teams has doubled from 87 teams at 26 airports in 1996 to 175 teams today at 39 of our busiest airports. These canine teams, which are very effective in dealing with a variety of security situations, are now 100 percent dedicated to aviation security. Madam Chair, we believe the safety and security of the traveling public, our own citizens and those visiting the United States from abroad, is worth the investment that will need to be made by both Government and the private sector. We are moving in the right direction, and we appreciate very much the support that this Committee has given for our work. That concludes my statement, and I will be happy to answer questions. [The prepared statement of Admiral Flynn follows:] Prepared Statement of Hon. Cathal Flynn, Associate Administrator for Civil Aviation Security, Federal Aviation Administration Madam Chair, Senator Rockefeller and Members of the Subcommittee: Thank you for the opportunity to speak with you today on aviation security and the progress we have made since the 1996 Federal Aviation Administration reauthorization legislation in enhancing security of our aviation system. Today I would like to discuss several important security initiatives, including our recent rulemaking effort on the training, performance, and retention of airline security screeners at airports. As directed by legislation passed by this Committee in 1996, the Federal Aviation Administration (FAA) is conducting a rulemaking that would require screening companies to be certified by the FAA. I would like to start by describing this rulemaking and how we expect the training, performance, and retention of airport screeners to improve as a result, and then comment briefly on some of the other elements of our security program. Let me first emphasize that the threat to our Nation's aviation community has not diminished. It remains a dangerous world. Governments, airlines, and airports must work cooperatively to achieve our common goal: safe and secure air transportation worldwide. The number of incidents worldwide of unlawful interference with civil aviation (primarily hijacking and sabotage) have decreased over the last 20 years, while the number of flights, enplanements and passenger- miles flown have increased. As graphically demonstrated by the two most recent hijackings, this decrease does not minimize the gravity of these crimes. The terrorist threat to U.S. civil aviation is higher abroad than it is within the United States. The terrorist attacks against U.S. embassies in Kenya and Tanzania remind us of the global nature of terrorism and the need for everyone to work together to oppose it anywhere in the world. The relationship between Osama bin Laden, who was behind these terrorist attacks, and Ramzi Yousef, who was convicted of bombing the World Trade Center in New York and attempting to place bombs on a dozen U.S. air carrier flights in the Asia-Pacific region in 1995, exemplifies the continuing tangible threat to civil aviation. Only the wholehearted cooperation of our aviation partners thwarted those attacks in the Pacific. Moreover, members of foreign terrorist groups and representatives from state sponsors of terrorism are present in the United States. There is evidence that a few foreign terrorist groups have well-established capability and infrastructures here. Terrorism is a crime, but the threat to civil aviation is not restricted solely to those motivated by political concerns. We must also prevent other criminal acts, regardless of motivation, to ensure safe and secure air transportation. Given this security threat, since the early 1970's the FAA has required the screening of passengers and property carried aboard an aircraft in order to ensure that no unlawful or dangerous weapons, explosives, or other destructive substances are carried aboard. More recently, in response to the White House Commission on Aviation Safety and Security and to direction and guidance from this Committee in the Federal Aviation Reauthorization Act of 1996, the FAA developed a proposal to improve screening efforts, which we published in early January. I would like to briefly describe its development and purpose. On March 17, 1997, the FAA published an Advance Notice of Proposed Rulemaking (ANPRM), to certify screening companies and improve the training and testing of security screeners through the development of uniform performance standards. On the basis of the comments received as well as internal deliberations, the FAA determined that the critical element in screener certification is having a reliable and consistent way to measure actual screening performance. After evaluation and consultation, we decided to add more specific screening improvements to the proposed rule based on the use of new technology called threat image projection (TIP) systems. Consequently, in May 1998, we withdrew the ANPRM in order to focus our rulemaking efforts on TIP systems. A TIP system electronically inserts images of possible threats (e.g., a gun, knife, explosive device) on x-ray and explosives detection system monitors as if they were within a bag being screened. Its purpose is to provide training, keep screeners alert, and measure screener performance. High scores in detecting TIP images equate to a high probability of detecting actual bombs. Not only can TIP data be potentially used to assess screener performance over time, the results can also be used to analyze any correlation between performance, experience, and compensation. FAA field agents performed special evaluations using test objects in coordination with TIP data gathering to see if the data correlated. We conducted these preliminary tests of the prototype TIP x-ray systems and analyzed data from the fall of 1998 to January 1999, whereupon we concluded that TIP was potentially an effective and reliable means to measure screener performance. We will continue to seek comment and closely monitor TIP's capabilities in an operational environment, making necessary adjustments as we gain more experience with this technology. Our determination of TIP's reliability enabled us to move forward on the rule. On January 5, 2000, FAA issued a Notice of Proposed Rulemaking (NPRM) which requires the certification of all screening companies, specifies training requirements for screeners, sets standards for screening passengers and cargo, and establishes requirements for the use of screening equipment. The NPRM would require screening companies to adopt FAA-approved security programs and would require carriers to install TIP systems on all their x-ray and explosive detection systems. We held a public listening session on the proposed rule at FAA headquarters on March 10, one in San Francisco earlier this week and one in Fort Worth this morning. All public comments are due by May 4th. Our proposed rule also requires that all screening companies adopt and implement FAA-approved screening security programs that include procedures for performing screening functions, including operating equipment; screener testing standards and test administration requirement; threat image projection standards, operating requirements, and data collection methods; and performance standards. In addition, all screening personnel would have to pass computerized knowledge-based and x-ray interpretation tests before and after their on-the-job training and at the conclusion of their recurrent training. These tests would be monitored by air carrier personnel in accordance with the air carriers' security programs. We hope to issue a Final Rule on certification of screening companies in May 2001. The 1996 Reauthorization Act also directed the FAA to conduct a study and report back to Congress on the possibility of transferring certain air carrier security responsibilities to either airport operators or to the Federal Government, or to provide for shared responsibilities. We completed the study and submitted it to Congress in December 1998, after extensive research, taking into account the results of several commissions, studies and working groups, and concluded that there is a consensus in the aviation community to retain the current system of shared responsibilities for security. We found that, while there is significant support for more Federal Government involvement and funding, there is little support for the Government's assuming all air carrier responsibilities. The existing partnership, where the Government sets goals and works with the industry to see that those goals are met, is universally supported. Our study also concluded that the current system achieves an appropriate balance of responsibilities. While carriers should not have to bear all the costs of security, they should bear a substantial portion of the personnel costs to provide security screening and the operational costs of using the advanced security equipment that the Federal Government provides. At the same time, the Federal Government should continue to control the quality of aviation security and security screening by setting higher, but realistically achievable, standards for screener selection, training, and performance. Screeners are a critical link in the performance chain. While it is difficult to verify a correlation between better pay and better performance, we can all agree that properly trained and qualified people who are on the job longer tend to perform better. Government sets performance, not design, standards. The government can indirectly influence private sector pay through higher performance standards that require more training, and more investment in individuals who do it well. To help improve screener performance at the checkpoint, data collection and evaluation of automated screener assist x-rays--SAX--for carry-on bags was conducted last year as part of the National Safe Skies Alliance (NSSA). NSSA's creation in 1997 led to the establishment of a national test bed at McGhee Tyson Airport in Knoxville, Tennessee for operational evaluation and testing of newly developed technologies emphasizing checkpoint screening. The NSSA is a consortium of organizations including Oak Ridge National Laboratory, the Metropolitan Knoxville Airport Authority, the Minneapolis-St. Paul Metropolitan Airports Commission, the University of Tennessee, Embry-Riddle Aeronautical University, the Tennessee Air National Guard, the Honeywell Corporation, and a number of other private companies and public bodies. Their work includes the development of the best configurations and strategies to integrate security equipment into the airport environment in the most effective way. In addition, other aviation security research and development projects will also be conducted at this test bed. Although most security personnel are hardworking and conscientious, there is always room for improvement in the performance of airline screening responsibilities for both checked baggage and at the checkpoint. Screeners can always be better trained and motivated. There is also room for improvement by FAA personnel to provide clearer, more easily understood guidance on the proper use of equipment. Working together, I expect that improvements in these areas will be achieved. For good and effective performance, screeners must be given the best tools available to do the job, and must be trained to use them properly. Foremost among these tools are explosives detection systems (EDS). The Aviation Security Improvement Act of 1990 required that FAA certify EDS based on tests designed to validate their ability to detect, without human intervention, the amounts and types of explosives likely to be used by terrorists to cause catastrophic damage to commercial aircraft. Certification standards were published in 1993. We believe the performance criteria are tough, but appropriate. EDS installation and utilization remain among our greatest concerns. Deployed EDS must be factory tested, shipped, installed, and tested on site. The level of cooperation and ease of obtaining the appropriate permits varies from city to city, and from airport to airport. Operators must be trained and certified before the system becomes operational. It can take anywhere from three weeks to two months to make an EDS operational depending upon its location in an airport, the experience of airport personnel, the complexity of the installation, the training levels of screeners, and other variables noted in each site survey. In addition, some airports simply have no room for an EDS. Less complicated installations, not requiring complex reconfigurations of baggage processes, major renovation or new construction were done first. We have now completed nearly all of these installations and have started work on the more complex, and often more expensive installations, some of which may take two or more years to complete. Regarding utilization, the Department of Transportation Inspector General (DOT IG) reports that over 55 percent of the EDS in use are screening fewer than 225 bags per day, and that some machines are screening fewer than 100 bags per day. During 1999, the average number of selectee bags scanned ranged from 1635 to 1927 bags per week per machine, or an average of 234-275 selectee bags screened per day per machine. The range of averages is due primarily to normal traffic changes throughout the year and the fact that additional machines have been brought on line during each quarter for which data was collected. EDS screened more than 5.45 million bags during 1999. We do not believe these numbers indicate under-utilization of equipment. Rather than focusing on the number of bags screened by each machine, the more pertinent inquiry is what percent of selectee bags are being screened? The answer to that question is 100% wherever EDS are deployed. This perspective is consistent with the focused approach to security FAA has adopted, an approach that was subsequently endorsed by the White House Commission on Aviation Safety and Security. FAA security procedures are intended to concentrate on a smaller segment of passengers, using parameters developed within the counterterrorism community and reviewed by the Department of Justice (DOJ). DOJ found that the Computer-Assisted Passenger Prescreening System (CAPPS) used to identify selectees is nondiscriminatory; does not violate the Fourth Amendment prohibition against unreasonable searches and seizures; and does not involve any invasion of passengers' personal privacy. To further ensure that the CAPPS program is carried out in a non-discriminatory manner, we have proposed in our NPRM that airline and contractor security personnel receive civil rights and customer relations training. Further more, DOT, with the assistance of the Department of Justice, will be conducting a study in the next year to ensure that members of minority groups are not disproportionately affected in an unlawful manner in the security screening process. CAPPS allows us to focus on a manageable population of passengers. Until we have the technology to screen all checked bags with EDS without causing intolerable delays in processing departing passengers, we must continue to focus intelligently on a smaller segment of the bags. In the meantime, we will continue to relocate equipment and foster sharing among carriers to ensure the most effective use of all deployed security equipment. To reach the goal of 100% checked baggage screening by EDS, we are continuing R&D along two paths, both of which will be required to address the diverse configurations of U.S. airports. First, we must develop effective EDS that afford significantly higher throughput (the rate that bags are moved through the equipment) at a cost comparable to that of existing systems, and, second, we must also develop a lower cost EDS with lower throughput for use at smaller stations where the volume of bags is lower. As part of our overall program of realistic testing of aviation security measures, access control testing has also increased. About 5,000 access control tests have been conducted since March 1999 when the DOT IG provided their initial findings. The final report was released on November 18, 1999. FAA generally agrees with the final report and is aggressively responding to the DOT IG's specific recommendations. We are working with airport operators and air carriers to implement and strengthen existing controls to eliminate access control weaknesses. We are requiring airport operators and air carriers to develop and implement comprehensive training programs to teach employees their role in airport security, the importance of their participation, how their performance will be evaluated, and what action will be taken if they fail to perform. We are requiring airport operators and air carriers to develop and implement programs that foster and reward compliance with access control requirements, and discourage and penalize noncompliance. We will continue to work with the DOT IG on these important issues. A particularly intensive round of access control tests started on February 7, 2000, and will continue at some frequency indefinitely. At one point, 1,500 tests were conducted in only two weeks. In the tests we conducted last spring, access control measures stopped 96% of our attempts to penetrate aircraft. Data from the current effort, which was unannounced to industry, shows some improvement. We expect the level of performance to be maintained. Where it is not, we will move quickly to require the airport or air carrier to post guards as necessary to secure the aircraft or doors, an expensive, redundant measure. The revision of the basic Federal Aviation Regulations for airport and air carrier security under Part 107 and Part 108 that is currently ongoing will include strengthening access controls. For example, individuals will now be more accountable for displaying proper identification and challenging unauthorized persons in restricted areas of the airport. The revision will also permit enforcement action against anyone who enters secured areas without authorization. Previously, enforcement action was taken against the company and not the individual. The rulemaking would make both the individual and the company accountable. The final rule should be published later this year. Another area of increasing importance is air cargo. Cargo screening is improving steadily. The cargo security standards for all passenger air carriers and indirect air carriers (air freight forwarders) have been strengthened by narrowing the definition of known shipper and focusing security resources on unknown shippers. In September 1999, changes to U.S. and foreign air carrier security programs, and indirect air carrier security programs became effective. In addition, onboard couriers are now required to declare themselves to the air carrier, thus assuring that their bags will be treated as cargo and properly processed. We have approved cargo security programs for approximately 200 U.S. air carriers, 200 foreign air carriers and 3000 indirect air carriers. In FY99, we conducted 1802 comprehensive assessments of air carriers, 1580 comprehensive assessments of indirect air carriers, and 1369 inspections of dangerous goods shippers. We continue to conduct cargo security tests of air carriers using agents to pose as unknown cargo shippers offering packages. These tests indicate substantial industry compliance. Internationally, FAA assesses the effectiveness of security measures both at foreign airports served by U.S. carriers and also at airports that are a last point of departure by foreign air carriers for service into the United States. Currently the Foreign Airport Assessment Program covers 240 airports in over 100 countries. Since 1995, the FAA has cumulatively conducted approximately 550 foreign airport assessments. The annual number of assessments fluctuates as air carrier service changes. Our focus is on the need for governments to have the institutional ability to sustain security measures and we continue to work with airports and countries with persistent security deficiencies. In addition, we continuously conduct inspections of U.S. and foreign air carriers at foreign airports with direct service to the United States to ensure compliance with approved security programs. These inspections are more frequent at foreign airports assessed to have a higher overall terrorist threat. During the last four years, we conducted 1,888 foreign and U.S. air carrier station inspections at foreign locations for an average of 472 inspections a year. Finally, I would like to mention the Federal Air Marshals (FAM's) who protect the traveling public, passengers, and flight crews on U.S. air carrier flights worldwide. Since 1985, the FAM program has provided specially trained, armed teams of civil aviation security specialists for deployment worldwide on anti-hijacking missions. The thrust of the program is 99% deterrence, aimed at disrupting and confusing the planning and will of criminals and terrorists, and 1% response, to be able to assess, meet, and defeat any threat aboard an aircraft. All FAM's are volunteer FAA employees. They undergo sophisticated and realistic initial and recurrent training. We believe that one of the reasons there has not been a hijacking of a U.S. air carrier is the deterrent value of the FAM program. Terrorists considering a hijacking must take the possible presence of FAM's into account. We want the traveling public to know that we can be on any U.S. air carrier anywhere in the world at any time. The passenger sitting next to you on any flight could be a Federal Air Marshal. Madam Chair, that concludes my prepared statement. Thank you for the opportunity to testify. I would be happy to answer any questions at this time. Senator Hutchison. Thank you, Admiral Flynn. Ms. Alexis Stefani, the Assistant Inspector General for Auditing at the Office of the Inspector General at the Department of Transportation. Ms. Stefani. STATEMENT OF ALEXIS M. STEFANI, ASSISTANT INSPECTOR GENERAL FOR AUDITING, OFFICE OF THE INSPECTOR GENERAL, U.S. DEPARTMENT OF TRANSPORTATION Ms. Stefani. Good morning, Madam Chairman. Thank you for the opportunity to discuss aviation security. The responsibility for aviation security is shared by FAA, the air carriers, airports, and the work force of screeners and other employees that have access to the secured areas at the airport. Today, I would like to discuss four areas that affect aviation security. The first area is the need to strengthen FAA background investigation requirements for airport employees that have access to the secured areas. FAA has such requirements, but we have found them to be ineffective. For example, one of the triggers that would cause an FBI criminal check to be done is the existence of an unexplained employment gap of 12 months or more. This rule was designed to identify individuals who were incarcerated for committing a serious crime. However, the Department of Justice figures show that 61 percent of all State and Federal felony convictions result in probation, or an average jail sentence of 6 months. Also, we found the list of crimes that disqualify an employee from being issued airport ID allowing access to secure airport areas is insufficient. For example, of the 53 employees arrested this past summer for smuggling contraband at a major U.S. airport, 14 had criminal records that were serious, but not disqualifying felonies, including larceny, possession of drugs, and credit card fraud. We support FAA's initiatives to revise its background investigation requirements to include FBI criminal checks for all new employees who have access to secure areas. FAA should also expand the list of disqualifying crimes and require recurrent criminal checks for existing airport employees. The second area I would like to address is controlling unauthorized access to secure airport areas. Once hired, these employees must be accountable for complying with airport security access control requirements. During late 1998 and early 1999, in 68 percent of our tests at eight major airports we accessed secured areas without being challenged. We would not have been as successful if employees had taken prescribed security steps, such as closing the door behind them. Since then FAA has undertaken a wide-ranging program of testing that demonstrates access control can improve. In its most recent tests at 83 airports, FAA entered secure areas 31 percent of the time without being challenged. But testing is not enough. FAA needs to finalize regulations to make individuals directly accountable for access control violations. In addition, airports and air carriers must provide better initial and recurrent security training, and effectively use programs that reinforce security awareness. Also, FAA must continue testing. The third area deals with deploying and using technology to enhance screener performance. Since 1997, Congress has authorized over $350 million for deployment of advanced security technologies, and we commend FAA's efforts for its progress in deploying bulk explosive and trace detection machines to our airports. No matter how effective these technologies are in detecting explosives, they are ultimately dependent on the operator. Test results show that new technologies can correctly identify a potential threat, but a screener can make the wrong decision and clear the passenger's bag. In 1996, the Gore Commission and Congress recognized the importance of screeners to aviation security, and recommended requiring screening companies to be certified. However, in 1998, FAA withdrew an earlier proposed rule requiring certification because a reliable method of measuring screener performance was not available. Since then, FAA has developed TIP, a computer program that inserts a fictitious threat image onto the screener's monitor as if it was in the bag. TIP results will be key to measuring screener performance and certifying screener companies. In May 2001, FAA expects to issue this final rule requiring screening companies to be certified. TIP at this point has been installed on all the certified bulk detection machines, or CTX's, used to screen your checked bags, but TIP is still being tested for the x-ray machines used to screen carry-on bags and will not be at all airports before 2003. Further, FAA needs to ensure that the CTX screeners maintain proficiency through actual experience. Our recent work found that these machines are still underused, with over half of the CTX's still screening fewer than 225 bags per day, compared to their certified rate of 225 bags per hour. Underuse of these machines may cause the screeners to become less proficient. In fact, FAA's tests show that operator performance continues to be the cause of test failures, not the machine itself. We had previously recommended in 1998, and FAA agreed, to conduct a study to determine the minimum daily processing rates needed to ensure these operators' proficiency, and to use these results to establish minimum daily rates. To date, no study has been conducted. Finally, my last point is the need to have an integrated strategic plan for security. To meet current and future threats to aviation security, FAA must have an integrated strategic plan to guide its efforts. Although we recommended such a plan in 1998, little progress has been made. FAA is about half-way through this billion-dollar effort and expects to expend an additional $600 million on aviation security through 2004, but it continues to focus on acquisition and deployment, rather than integrating all the various assets into a comprehensive system of systems that, working together, produces the best possible level of security. This concludes my statement. [The prepared statement of Ms. Stefani follows:] Prepared Statement of Alexis M. Stefani, Assistant Inspector General for Auditing, Office of the Inspector General, U.S. Department of Transportation Senator Hutchison and Members of the Subcommittee: We appreciate the opportunity to discuss aviation security. One of the Department of Transportation's (DOT) five strategic goals is National Security. Likewise, FAA has as a strategic goal the prevention of security incidents in the aviation system. Security of the Nation's aviation, surface, and marine transportation systems is one of the 12 management issues we have identified for DOT this year. Aviation security is a layered system of systems that is dependent on the coordination of airport and air carrier security operations and the integration of people and technology. Perhaps the most important factor in an effective security program is a well-trained and trusted workforce of screeners, baggage handlers, and other employees that process passengers or have access to secure areas of the airport. Aviation security relies heavily on each employee in the aviation system doing his or her part. The 1996 and 1997 Reports by the White House Commission on Aviation Safety and Security (known as the Gore Commission) made 31 recommendations regarding aviation security. The recommendations included: (1) requiring Federal Bureau of Investigation (FBI) criminal checks for all airport and air carrier employees with access to secure areas, no later than mid-1999; (2) developing comprehensive and effective means to control unauthorized access to secure airport areas and aircraft; (3) certifying screening companies and improving screener performance; and (4) deploying new explosives detection equipment. Today we would like to discuss four related areas: strengthening background investigation requirements for granting access to secure areas of the airport; controlling unauthorized access to secure airport areas and holding employees accountable for access control requirements; implementing and deploying technology that enhances screener performance; and establishing a strategic plan that integrates employees and technology into a comprehensive, seamless security program. Strengthening Background Investigation Requirements. Actions are needed to improve the process used to ensure that employees with access to secure areas of an airport are trustworthy. Our recent review of industry's compliance with FAA's background investigation requirements at six U.S. airports found that the requirements were ineffective. For example, FBI criminal checks \1\ are currently only required in certain cases, such as when there is an unexplained gap of employment of 12 months or more. However, according to the U.S. Department of Justice, 43 percent of violent felony convictions resulted in probation or an average jail time of just 7 months. In addition, the list of 25 crimes that disqualified an employee from being granted unescorted access to secure areas is insufficient and does not include serious crimes such as assault with a deadly weapon, burglary, larceny, and possession of drugs. --------------------------------------------------------------------------- \1\ An FBI criminal check involves a comparison of the individual's fingerprints to the FBI's database of individuals convicted of crimes in the United States. The FBI returns a complete criminal history if there is a fingerprint match. --------------------------------------------------------------------------- When the current requirements were proposed in 1992 and at the time the Gore Commission made its recommendation to require criminal checks for all employees, processing fingerprints and performing the criminal check took up to 90 days. Today, technology allows this process to be completed in only a few days, and airport operators and FAA both agree the requirements need to be revised. Although the background investigation requirements need to be revised, it is important that airport operators, air carriers and airport users \2\ comply with existing background investigation requirements as well as requirements to account for airport identification (ID). Our recent audit found that for 35 percent of the employee files reviewed, there was no evidence that a 5-year history verification was conducted, the verification was incomplete, or no file was available for review. In addition, 9 percent of the active airport IDs we reviewed were issued to employees who no longer needed access to secure areas, including some employees who had been terminated. --------------------------------------------------------------------------- \2\ Airport users include foreign air carriers, non-air-carrier airport tenants, and companies that do not have offices at the airport, but require access to the secure airport areas. Controlling Unauthorized Access. Airport access control has been, and continues to be, an area of great concern due to increased threat to U.S. airport facilities and aircraft. Once employees are granted access to secure areas, they must be held accountable for compliance with airport access control requirements. During late 1998 and early 1999, we tested access controls at eight major U.S. airports. We reported that FAA, airport operators and air carriers had not controlled unauthorized access to secure airport areas and aircraft, as recommended by the Gore Commission. We successfully accessed secure areas \3\ in 68 percent of our tests. Once we entered secure areas, we boarded aircraft 117 times. The majority of our aircraft boardings would not have occurred if employees had taken the prescribed steps, such as making sure doors closed behind them. --------------------------------------------------------------------------- \3\ OIG uses the term secure area to define the area of an airport where each person is required to display airport-approved identification. --------------------------------------------------------------------------- Recent FAA results demonstrate that compliance can improve with continuous oversight, but testing is not the only answer. During testing in December 1999 and January 2000 at 10 airports, FAA accessed secure areas 40 percent of the time without being challenged by employees. In February and March 2000, FAA expanded its testing to 83 airports and was able to access secure areas 31 percent of the time without being challenged by airport personnel. When noncompliance was found, actions were taken to correct the problem, such as posting security guards on doors to ensure only authorized employees accessed the secure area. In June 2000, FAA plans to issue regulations making individuals directly accountable to FAA for noncompliance with access control requirements. This will permit FAA to take enforcement action against the employee instead of the air carrier or airport when an employee does not follow access control requirements. Implementing and Deploying Technology. The Gore Commission recommended that the Government purchase and widely deploy significant numbers of innovative explosives detection systems to detect explosives in cargo, checked baggage, carry-on bags, and on passengers. In response, Congress has authorized more than $350 million since Fiscal Year (FY) 1997 for the deployment of advanced security technologies. Since then, FAA has deployed FAA-certified \4\ and non-certified bulk explosives detection machines, explosives trace detection devices, Computer-Based Training platforms, and Computer-Assisted Passenger Prescreening Systems. FAA plans to continue deploying many of these same technologies in the future, as well as new screening checkpoint x-ray machines. Although advanced security technologies are effective in detecting explosives, each one is ultimately dependent on the human operator. --------------------------------------------------------------------------- \4\ FAA's standards for certifying explosives detection systems for screening checked baggage are classified. The certification standard sets criteria for detection, false alarm, and baggage processing rates. --------------------------------------------------------------------------- FAA believes--and we agree--that operators of advanced security equipment are critical in improving security. FAA test results indicate that new technologies to detect explosives in passenger baggage can correctly identify a potential threat but a screener can make a wrong decision and ``clear'' the bag. Therefore, screeners who operate security equipment must be carefully selected, monitored, and trained. In response to the Gore Commission's recommendation to certify screening companies and improve screener performance, FAA expects to issue a final rule, in May 2001, establishing training requirements for screeners and requiring screening companies to be certified. To achieve this, FAA needs to have a means to measure screener performance, and methods of providing initial and recurrent screener training. FAA will rely on Threat Image Projection (TIP) to measure the performance of individual screeners and certify screening companies. TIP, a computer software program, projects fictitious images on to bags or an entire fictitious bag containing a threat onto the screener's monitor. TIP is intended to keep equipment operators alert, provide real world conditions, and measure performance in identifying the threat items. TIP has been installed on all CTX \5\ machines used to screen checked baggage. FAA is currently testing TIP equipped x-ray machines used to screen carry-on items. FAA plans to purchase more than 1,200 new TIP equipped x-ray machines for screening checkpoints by the end of FY 2003. --------------------------------------------------------------------------- \5\ The InVision Technologies CTX 5500 machines are the only FAA- certified bulk explosives detection devices currently deployed at U.S. airports. --------------------------------------------------------------------------- FAA will also rely on Computer-Based Training (CBT), an intensive course of self-paced, realistic learning using computer workstations. It is used to select, train, evaluate, and monitor the performance of employees who operate x-ray machines at passenger screening checkpoints. Although FAA began deploying CBT in April 1997, in March 1999 only 38 CBT platforms \6\ were installed at 37 airports, and there has not been any increase during the last year in the number of deployed CBT platforms. To complete deployment to all 79 large airports, an additional 42 platforms need to be installed. Furthermore, some CBT platforms are being used infrequently. --------------------------------------------------------------------------- \6\ A CBT platform consists of a network server with installed software, and networked computer terminals (workstations). --------------------------------------------------------------------------- Explosives detection equipment such as the CTX machine was developed to assist screeners in identifying threat items in passenger baggage. However, CTX machines are still underused, and screeners' performance needs improvement. Our recent audit work found that over 50 percent of the deployed CTX machines still screen fewer than 225 bags per day, on average, compared to a certified rate of 225 bags per hour. FAA needs to ensure that the screeners maintain their proficiency through actual experience with the machines in the airport environment. According to a recent report by the National Research Council, ``Underutilization poses a potential problem for the maintenance of operator skills, particularly the skills required for resolving alarms, because underpracticed skills often deteriorate.'' Recent testing by FAA showed a significant number of failures by CTX operators. FAA concluded that a major factor in the test failures appeared to be the performance of CTX operators, and not the CTX machine itself. In response to our 1998 report on the deployment of explosives detection equipment, FAA agreed to conduct a study to determine the minimum CTX daily processing rates needed to ensure operator proficiency, and use the results to establish minimum daily use rates. To date, no study has been conducted. Establishing a Strategic Plan. FAA has made significant progress in deploying existing advanced security technologies, as recommended by the Gore Commission. However, the Commission also stressed that aviation security should be a system of systems, layered, integrated, and working together to produce the highest possible levels of protection. To that end, the Commission emphasized that each of its recommendations should be viewed as a part of a whole and not in isolation. To meet current and future threats to aviation security, FAA needs an integrated strategic plan to guide its efforts and prioritize funding needs. From FYs 1997 through 2000, Congress has authorized $200 million in Research, Engineering, and Development funds, and over $350 million in Facilities and Equipment funds for various security efforts. FAA is approximately at the halfway point in the effort started by the Gore Commission. FAA expects to spend an additional $600 million on aviation security through FY 2004. Concentration on deployment (what to buy, when to buy it, and where to put it) is not the complete solution. This plan should include a balanced approach covering basic research, equipment deployment and use, certification and operator testing processes, data collection and analysis on actual equipment and operator performance, and regulation and enforcement. Although we recommended such a plan in 1998, FAA has made little progress in developing this strategic plan. Background The responsibility for aviation security is shared by FAA, the airlines, airports, and employees. FAA sets guidelines, establishes policies and procedures, and makes judgments on how to meet threats to aviation based on information from the intelligence community. FAA then tests the aviation industry to ensure they are complying with the many security requirements. FAA also sponsors the development, purchase, and deployment of new security technology, such as explosives detection equipment, for industry use. Airports are responsible for the security of the airport environment. Airlines are responsible for screening baggage, passengers, and cargo. Until recently, airlines and airports were responsible for purchasing security equipment and systems. The July 1996 crash of TWA Flight 800 was the catalyst for important advances in aviation security. Although the FBI and the National Transportation Safety Board have ruled out terrorist activity as a potential cause of the crash, the crash prompted the August 1996 creation of the Gore Commission. Its September 1996 and February 1997 reports addressed safety, security, and air traffic control modernization. The Gore Commission made 31 recommendations regarding aviation security, including recommendations that FAA: (1) require FBI criminal checks for all airport and air carrier employees with access to secure areas, no later than mid-1999; (2) develop comprehensive and effective means to control unauthorized access to aircraft and secure airport areas; (3) certify screening companies and improve screener performance; and (4) deploy new explosives detection equipment. Since 1997, Congress has provided over $350 million for deployment of advanced security technology, and $200 million in aviation security Research, Engineering and Development funds including about $21 million for human factors research. As of February 11, 2000, FAA has installed new security technologies, including 92 FAA-certified explosives detection machines at 35 airports, and 553 explosives trace detection devices at 84 airports. For FY 2001, FAA has requested $98 million to continue the deployment and $49 million for aviation security research, engineering, and development. Background Investigations Effective security requires that only trusted individuals are authorized access to secure areas. To accomplish this, FAA requires airport operators, air carriers and airport users to conduct employee background investigations before issuing airport ID that allows access to secure airport areas. FAA's background investigation procedures include: obtaining a 10- year employment history from those applying for access; verifying the most recent 5 years of that history; and performing an FBI criminal check when specific conditions are identified, such as a 12-month unexplained gap in employment. Individuals convicted within the past 10 years of any of 25 enumerated crimes are denied an airport ID. However, our recent review at six U.S. airports found that FAA's background investigation requirements were ineffective. Specifically: FBI criminal checks are only required for employees applying for airport ID when one of four conditions triggers the checks. For example, one of the triggers, a 12-month unexplained gap in employment, was designed to identify individuals who were incarcerated for committing a serious crime. However, according to the U.S. Department of Justice, 61 percent of all state and Federal felony convictions resulted in probation or an average jail sentence of 6 months. Even for violent felonies, 43 percent of convictions resulted in probation or an average jail time of just 7 months. The list of 25 crimes that disqualified an employee from being issued airport ID was insufficient and did not include serious crimes such as assault with a deadly weapon, burglary, larceny, and possession of drugs. Our analysis of 53 employees issued airport ID and arrested in a recent Department of Justice investigation for smuggling contraband into and out of a major U.S. airport showed that individuals convicted of the 25 disqualifying crimes are not the only employees who presented a security risk. Of the 15 (28 percent) arrested employees with FBI criminal records, just one had a criminal record for a disqualifying crime (committed after being issued airport ID). The other 14 employees had FBI criminal records for non-disqualifying felonies, such as larceny, battery, possession of a stolen vehicle, possession of drugs, and credit card fraud. FAA should revise its background investigation requirements to include initial and recurring criminal checks for all employees issued airport ID to allow access to secure airport areas. In February 1992, FAA proposed requiring a criminal check for all individuals with unescorted access privileges. However, industry opposed the proposal based on its cost and the impracticality of escorting employees while waiting for results of a criminal check. In 1992 and at the time the Gore Commission made its recommendation to require criminal checks for all employees, performing a criminal check took up to 90 days. Today, technology allows this process to be completed in only a few days, making the criminal check on all employees much more practical. Airport operators have supported requiring criminal checks for all employees with access to secure airport areas, and expanding the list of disqualifying crimes. As a result of quicker processing time, FAA plans to initiate new rulemaking requiring criminal checks for all employees. We support this initiative and recommend that new rules include initial and randomly recurring criminal checks for all employees with access to secure areas. Compliance with Existing Requirements. Although background investigation requirements need to be revised, it is important that airport operators, air carriers and airport users comply with current requirements. Our recent work at six airports found that these requirements were not being met. For 35 percent of the employee files reviewed, there was no evidence that a complete background investigation was performed. Despite this failure to comply with security requirements, the employees were issued airport ID and granted access to secure airport areas. Also, 15 percent of the employee files reviewed showed an unexplained gap of employment of 12 months or more, but the required FBI criminal check was not performed. Further, 9 percent of the background verifications we reviewed used an unacceptable method, such as verifying an employee's background with a personal reference or family member. The chart below summarizes the specific noncompliance with background investigation requirements for the six airports reviewed. The most serious noncompliance was at Airports 1 and 2, which permitted airport users to self-certify that background investigations were performed but had not established controls to ensure the investigations were properly completed. For example, 58 percent of the employee files reviewed at Airport 1 did not have evidence that a complete verification was conducted of the 5-year history. In contrast, Airport 6, with the lowest rate of noncompliance, did not permit airport users to self-certify that background investigations were performed. We have also had investigative cases involving airport IDs. In December, a Florida firm pleaded guilty to making false statements to FAA. The firm falsely certified on at least 70 occasions that background checks had been made on employees seeking access to secure areas at an airport. FAA needs to take effective action to ensure compliance with current background investigation requirements. FAA performs annual airport and air carrier assessments of compliance with security requirements and national assessments that focus on areas that require special emphasis. However, we found the assessments were limited in scope with regard to reviewing background investigation requirements. To illustrate, during an annual compliance review, FAA agents independently reviewed records for only airport operator employees and excluded airport user employees, where we found the majority of deficiencies. Also, FAA's national assessments of compliance mainly focused on airport users at 20 major U.S. airports. Airport ID Controls. All six airport operators we reviewed did not properly account for airport ID or immediately deny access to secure areas when an employee's authorization changed. One of the primary requirements of an airport's access control system is the ability to immediately deny access to individuals whose authority changes, such as someone who has resigned. At the six airports reviewed, 9 percent (234 of 2,586 reviewed) of the IDs issued to employees for access to secure airport areas remained active even though the employees no longer needed the access. Air carriers and airport users were not notifying the airport immediately when an employee no longer needed access. Although in some instances the employers had the active IDs in their possession, other active IDs were kept by employees who had resigned or had been terminated. For example, a regional air carrier could not account for 22 (18 percent) of 119 active airport IDs. Five of the IDs belonged to employees terminated prior to 1998. We will be issuing a report to FAA on our work on airport ID controls. We will be recommending FAA revise its background investigation requirements, and work with airport operators and air carriers to improve compliance with requirements for issuing and accounting for airport ID. Access Control Once employees are granted access to secure areas, they must be held accountable for compliance with airport access control requirements. Our December 1998 through April 1999 testing of airport access controls at eight major U.S. airports demonstrated that FAA, airport operators, and air carriers had not controlled unauthorized access to secure airport areas and aircraft. We penetrated secure areas on 117 (68 percent) of 173 attempts. Once we penetrated secure areas, we boarded aircraft operated by 35 different air carriers 117 \7\ times. Passengers were onboard 18 of the aircraft we boarded. In 12 instances, we were seated and ready for departure at the time we concluded our tests. --------------------------------------------------------------------------- \7\ It is a coincidence that the number of penetrations into secure areas and aircraft boardings both equal 117. Not all penetrations resulted in boarding aircraft, and some penetrations resulted in multiple aircraft boardings. --------------------------------------------------------------------------- In these tests, the human element continued to be the primary access control weakness. The majority of our penetrations into secure areas that resulted in testers boarding aircraft would not have occurred if employees had (1) ensured the door closed behind them after entering the secure area; (2) challenged us for following them into secure areas; or (3) taken other steps required to restrict entry into secure areas, such as controlling pedestrian access through cargo facilities and vehicle gates. After our testing, FAA conducted approximately 3,000 tests at 79 airports in the spring of 1999. FAA reported that its test results were ``strikingly'' different from our results and that compliance with access control requirements had dramatically improved. We have completed a review of FAA's test data and found the results were very similar to those we reported with regard to penetrating secure areas. Specifically, FAA penetrated secure areas 56 percent of the times tested versus our rate of 68 percent. FAA reported improvement because 96 percent of its tests did not result in testers boarding aircraft for 3 minutes or more without being challenged. However, our testers were not required to remain onboard aircraft for a specified period of time, and some tests, such as driving through vehicle gates, could not result in boarding aircraft. Therefore, it is not accurate to compare FAA's test results to our results in terms of aircraft boardings. In December 1999 and January 2000, FAA agents performed follow-up testing at 10 airports. They gained access to secure areas 40 percent of the times attempted without being challenged by employees, and they boarded 13 aircraft. In February and March 2000, FAA expanded its testing to 83 airports, resulting in FAA agents penetrating secure areas 31 percent of the times attempted with 82 aircraft boarded. FAA's test results demonstrate that widespread, comprehensive testing can result in improved compliance. Also, when FAA ensures that corrective actions are taken, access control violations are reduced. For example, for one airport we reviewed in 1999, FAA's recent testing showed that the employees continued to allow unauthorized access. FAA demanded that corrective action be taken. As a result, security guards were posted at doors entering secure areas and access was effectively controlled. Testing alone will not be enough to motivate employees to accept and consistently meet their responsibilities for airport security. In June 2000, FAA plans to issue regulations making individuals directly accountable to FAA for noncompliance with access control requirements. This would permit FAA to take enforcement actions against employees. FAA also plans to issue regulations requiring airport operators to have a security compliance program, which fosters and rewards compliance and describes the disciplinary actions and penalties to be assessed when employees do not comply with security requirements. Further, airports and air carriers need to provide comprehensive and recurrent training that teaches employees their role in airport security. Implementing and Deploying Technology The Gore Commission recognized that it is critical that those charged with providing security for over 500 million passengers a year in the United States are the best qualified and trained in the industry. The Commission further recognized that better selection, training, and testing of the people who work at airport x-ray machines would result in a significant boost in security. Therefore, in September 1996, it recommended that FAA certify screening companies and improve screener performance. In October 1996, the President signed the Federal Aviation Reauthorization Act of 1996 (Public Law 104-264), which requires FAA to certify companies providing security screening, and to improve the training and testing of security screeners through development of uniform performance standards. In February 1997, the Gore Commission recommended that FAA work with the private sector and other Federal agencies to promote the professionalism of security personnel through a program that would include performance standards that reflect best practices, and adequate, common, and recurrent training that considers human factors. TIP Must Be Properly Deployed Before Screening Companies Can Be Certified. In response to the Gore Commission recommendation and the direction contained in Public Law 104-264, FAA published an advance notice of proposed rulemaking on the certification of screening companies in March 1997, but withdrew it in May 1998 because there was no reliable and consistent way to measure screeners' performance at the time. In January 2000, FAA again published a notice of proposed rulemaking that would require screening companies to be certified by FAA. The comment period for this proposed rule ends on May 4, 2000. TIP is the system that FAA will rely on to provide uniform data regarding screener performance, and thus use to evaluate and certify screening companies under the proposed rule. TIP uses two different methods of projection. One method, used with screening checkpoint x-ray machines, superimposes the image of a threat item onto the x-ray image of the actual passenger bag being screened. The other method, used with CTX machines, projects a prefabricated image of an entire threat bag onto the screener's monitor. FAA has only recently established procedures and controls for implementing and using the TIP program that has been installed on deployed CTX 5500 machines for almost a year. In response to our October 1999 audit report,\8\ FAA issued new guidance to air carriers in November 1999 that standardizes frequency of threat image presentation, provides better control over passwords, and requires that TIP be activated for each screening session. This should result in more consistent data on CTX screener performance. --------------------------------------------------------------------------- \8\ Follow-up Audit of Deployment of Explosives Detection Equipment, Federal Aviation Administration (Report No AV-2000-002, October 21, 1999). --------------------------------------------------------------------------- The TIP program is not as fully developed for use on screening checkpoint x-ray machines, which are used to screen carry-on items. FAA is currently evaluating the TIP program for checkpoint x-ray machines in an operational airport environment. When this evaluation is complete, FAA intends to purchase and deploy 390 TIP-configured x-ray machines in FY 2000 for $24 million. FAA must complete a successful field evaluation and ensure that management controls are in place before beginning the planned large-scale acquisition and deployment of this technology. The evaluation is expected to be complete by mid-April 2000. FAA plans to purchase a total of more than 1,200 TIP-equipped x- ray machines by the end of FY 2003. FAA Has Been Slow in Deploying Systems Needed to Train Screening Company Employees. CBT, a system that provides initial and recurrent training to screeners, is one of the technologies FAA is developing and deploying to improve screener performance. CBT offers an intensive course of realistic learning using computer workstations. It is used to select, train, evaluate, and monitor the performance of employees who operate screening checkpoint x-ray machines to screen carry-on items. The potential benefits of CBT are self-paced learning, enhanced opportunities for realistic practice, combined training and performance testing, and instruction that is uniform across the country. Despite the potential benefits of CBT, its deployment and implementation has been slow. Deployment of CBT platforms to the 19 Category X \9\ airports began in April 1997 and was completed in March 1999. By October 1998, CBT platforms had been deployed to 18 Category I \10\ airports. --------------------------------------------------------------------------- \9\ Category X airports represent the nation's largest and busiest airports as measured by the volume of passenger traffic and are potentially attractive targets for criminal and terrorist activity. \10\ Category I airports are somewhat smaller than Category X airports, and have an annual volume of at least 2 million passengers. --------------------------------------------------------------------------- In March 1999, FAA reported that 42 additional platforms would be required to complete deployment to the remaining 60 Category I airports. Now, a year later, there has been no change in the number of CBT platforms or the airports to which they had been deployed from what was reported last March. In addition, some air carrier representatives told us that they were not using CBT. At five airports, they told us they are not using CBT primarily because of an inadequate number of available workstations installed at their airports and the inconvenient location of the installed workstations. For example, at Ronald Reagan Washington National Airport, the CBT workstations are located away from the new main terminal building in a maintenance hangar. However, at Honolulu International Airport, the screening company that provides all security screening services at the main terminal was very pleased with both the location of the CBT workstations and the quality and effectiveness of the CBT software, and the company used CBT frequently. CBT has demonstrated that it can be a valuable and effective component in a system of systems intended to enhance aviation security. FAA needs to accelerate the deployment of this valuable training and evaluation technology. Explosives Detection Machines Used to Screen Checked Baggage Are Still Underused, and Screeners' Performance Needs Improvement. The Gore Commission recommended that the Government purchase and widely deploy significant numbers of innovative systems to detect explosives in cargo, checked baggage, carry-on bags, and on passengers. In response, Congress has authorized more than $350 million since 1997 for the deployment of advanced security technologies. As the program to deploy bulk explosives detection equipment matures, and the record of operational experience with deployed machines lengthens, we expected to see an increase in utilization rates over what FAA was reporting a year ago. Certainly, there has been a steady increase in the total number of bags screened across the system, as more CTX machines are deployed. On the other hand, comparison of quarterly performance statistics compiled on a per machine basis in 1998 and 1999 shows no significant increase in CTX average usage rates, as shown below.
We compared the average number of bags screened daily by each CTX in 1998 and 1999, as reported quarterly by FAA, and found that there had been an average increase of only 20 bags per day per machine. We also found that the majority of deployed and operational machines still do not screen as many bags in a full day of operation as the machine is certified to screen in an hour. As shown in the table below, more than 50 percent of the deployed machines still screen less than 225 bags per day, on average, compared to a certified rate of 225 bags per hour. ---------------------------------------------------------------------------------------------------------------- CY 1998 CY 1999 ------------------------------------------------------------------------------------- 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr ---------------------------------------------------------------------------------------------------------------- Total machines in use 12 18 24 34 43 59 64 75 ---------------------------------------------------------------------------------------------------------------- Machines averaging fewer 10 11 16 23 27 38 37 44 than 225 bags per day ---------------------------------------------------------------------------------------------------------------- Percent of machines 83.3% 61.1% 66.7% 67.6% 62.8% 64.4% 57.8% 58.7% underused ---------------------------------------------------------------------------------------------------------------- FAA does not require air carriers to screen more than the number of bags checked by ``selectees.'' Selectees include (1) passengers selected by Computer-Assisted Passenger Prescreening Systems (CAPPS);\11\ (2) passengers who cannot produce an approved form of identification; and (3) passengers unable to correctly answer the security questions required by the Air Carrier Standard Security Program.\12\ Before full implementation of CAPPS, FAA expected a greater number of selectees than are currently being identified. These expensive machines have the demonstrated capability to screen more bags now than the air carriers are screening. Unless the number of CAPPS selectees is increased, or the air carriers agree to screen more than the minimum required number of bags, CTX machines will continue to be underused, which in turn could negatively affect the proficiency of screeners. --------------------------------------------------------------------------- \11\ CAPPS is an automated passenger profiling system that uses information in airline reservation systems to separate passengers into a very large majority who present no security risk, and a small minority (known as selectees) who merit additional attention, such as having their checked baggage screened using explosives detection equipment. \12\ The Air Carrier Standard Security Program, required by Title 14, Code of Federal Regulations, Part 108, describes the security procedures the air carrier agrees to follow. --------------------------------------------------------------------------- According to a recent report by the National Research Council,\13\ ``Underutilization poses a potential problem for the maintenance of operator skills, particularly the skills required for resolving false alarms, because underpracticed skills often deteriorate. At some [CTX] locations, the throughput rate has been so low that operators could even lose their skills for operating the equipment.'' --------------------------------------------------------------------------- \13\ Assessment of Technologies Deployed to Improve Aviation Security, First Report, National Research Council, issued in 1999. --------------------------------------------------------------------------- This underutilization could result in screeners being less proficient when the equipment is being used. Our 1999 audit on security of checked baggage \14\ demonstrated that CTX screening personnel were not competent at operating the equipment. We found that when CTX 5500's warned of a threat, the equipment operator did not look for or identify the threat object in a significant number of cases. During more recent testing by FAA, operators continued to fail a significant number of tests. The failures primarily occurred because operators cleared the test bag without a search, even though the machine had alarmed. FAA concluded that one of the major factors in the test failures appeared to be the performance of CTX operators, and not the performance of the machine itself. --------------------------------------------------------------------------- \14\ Security of Checked Baggage on Flights Within the United States, Federal Aviation Administration (Report No. AV-1999-113, July 16, 1999). --------------------------------------------------------------------------- In response to our October 1998 report on the deployment of explosives detection equipment, FAA agreed to conduct a study to determine the minimum CTX daily processing rates needed to ensure operator proficiency, and use the results to establish minimum daily utilization rates for machine operators. FAA expected to conduct this study and report the results by the end of FY 1999. To date, this study has not been conducted. Strategic Plan FAA has made significant progress in deploying existing advanced security technologies, including 92 FAA-certified CTX 5500 machines equipped with TIP at 35 airports, 553 explosives trace detection devices at 84 airports, 18 advanced technology bulk explosives detection x-ray machines at 8 airports, and 38 CBT platforms at 37 airports. FAA will continue the acquisition and deployment of CTX 5500s, explosives trace detection devices, and CBT platforms. In addition, FAA will begin to deploy several other recently-certified bulk explosives detection technologies, including one with a slower throughput intended for small airports and low-traffic stations within larger airports; TIP-ready x-ray machines for screening checkpoints; and Threat Containment Units.\15\ --------------------------------------------------------------------------- \15\ Threat Containment Units are mobile containers that provide a safe and isolated environment to resolve threat items discovered at airports. --------------------------------------------------------------------------- FAA has also conducted or sponsored aviation security research, engineering, and development on bulk explosives detection equipment, explosives trace detection equipment, integration of airport security technology, aviation security human factors, and aircraft hardening. Impressive as the deployment of technologies is, FAA has continued to focus on the acquisition and deployment process, rather than on the necessary transition to integrating all the various assets into a comprehensive, seamless security program. The Gore Commission stressed that aviation security should be a system of systems, layered, integrated and working together to produce the highest possible levels of protection. To that end, the Gore Commission emphasized that each of its recommendations should be viewed as a part of a whole and not in isolation. In 1998 we recommended that, to meet current and future threats to aviation security, FAA develop an integrated strategic plan to guide its efforts and prioritize funding needs. Concentration on deployment (what to buy, when to buy it, and where to put it) is not the complete solution. This plan should include a balanced approach covering basic research, equipment deployment and use, certification and operations testing processes, data collection and analysis on actual equipment and operator performance, and regulation and enforcement. FAA should work with the aviation industry (air carriers, shippers, and airport operators) in developing this integrated security plan. The strategic plan that we recommended has not yet been developed. In our opinion, this must be done to guide the $600 million in Facilities and Equipment funding and Research, Engineering, and Development funding for aviation security expected in FYs 2001 through 2004. Senator Hutchison, this concludes my statement. I would be happy to answer any questions you might have. Senator Hutchison. Thank you very much. Mr. Richard Doubrava, Managing Director of Security, Air Transport Association. STATEMENT OF RICHARD J. DOUBRAVA, MANAGING DIRECTOR OF SECURITY, AIR TRANSPORT ASSOCIATION Mr. Doubrava. Thank you, Madam Chairman. Excuse my hoarseness this morning. I would like to thank you and the other members of the Subcommittee for the opportunity to participate in this important oversight hearing today. The safety and security of our passengers is our industry's number one priority. We believe that the partnership in Government and industry over the past 4 years has resulted in a more secure environment for the traveling public, but we still confront considerable challenges. In 1996, ATA's CEO, Carol Hallett, presented a far- reaching security plan, committing our members to a number of important goals, including wide-scale deployment of detection technology, implementation of automated passenger profiling, and establishment of security screening certification requirements. The industry has strongly supported efforts throughout the legislative and regulatory process necessary to achieve these goals. All of these efforts were guided by the commitment of both the industry and the Government to improve the checkpoint performance of screener efficiency and in an ever-changing security environment. During the same time, security threats have grown dramatically, and additional security measures have been required to be conducted due to valid domestic and international security concerns. The weapons of threat have been more sophisticated and more difficult to detect, and the challenges at the checkpoint have greatly multiplied. Clearly, once the pending regulation is final, there will be a major sea change in the screening checkpoint environment. The FAA screener certification process will make security screening companies a full partner in this checkpoint process. We believe that the continued development and deployment of enhanced checkpoint security training technology, known as TRX, will further contribute to this improvement, and we were pleased when the FAA agreed to support the industry recommendation to implement a multiyear plan to replace current checkpoint x-ray technology with new state-of-the-art detection, which includes threat image projection, and operators' assist functions. A number of security equipment vendors are participating in the FAA selection process, and they have worked closely with the FAA and the industry in developing technology that improves detection and also addresses the carriers' reliability and customer service needs. The industry continues to be keenly interested in further exploring the human factors and associated responses at play in the checkpoint operation. This includes the vital role of motivated employees in the stressful environment of an airport checkpoint operation, and we look forward to obtaining reporting data and trend information from current FAA studies underway at a number of checkpoint screening locations to attempt to determine the relationship between screener ability, performance, compensation, and workplace environment. Based on the current level of threat in the United States and the high volume of domestic passenger traffic, computer- assisted profiling, known as CAPPS, has offered an efficient, noninvasive security procedure meeting the needs of the FAA security program while lessening the intrusiveness on the traveling public and our passengers. We urge expansion of this program for use by U.S. air carriers in their international operations, and commend the FAA for its ongoing efforts with the industry to test and further develop I-CAPS at several foreign locations. The area of greatest challenge for us, however, is the ongoing effort to deploy explosive detection systems and other new security technologies associated with screening baggage. Clearly, the scope and complexity of such a massive deployment is prone to a variety of issues which complicate the process. The installation of this equipment into very different airline check-in and baggage makeup areas, as well as the huge diversity between airline operations and individual airport locations, has compounded these complexities. It is vital to the overall success of these ongoing efforts that the following occur. We must have a full commitment by the Congress and the FAA to continue support and multiyear funding for programs which are in reality an extension of our national security. The FAA must aggressively seek, foster, and fund research and development for new and competing technologies. Streamlined certification methods should be adopted to encourage more efficient, faster, and more cost-effective baggage-screening technology, and the industry must continue to partner with the FAA in an open and constructive manner to jointly develop a strategic approach to these issues which will ensure overall success. Senator Hutchison, we appreciate the leadership you have exhibited over the past years and look forward to working with you and the Committee on these other issues, and I would be pleased to respond to any questions you might have. [The prepared statement of Mr. Doubrava follows:] Prepared Statement of Richard J. Doubrava, Managing Director of Security, Air Transport Association Madam Chairman and Members of the Subcommittee, I am Richard J. Doubrava, Managing Director of Security for the Air Transport Association of America. ATA represents the major commercial passenger and cargo air carriers in the United States. On behalf of our twenty- eight member airlines,\1\ I would like to thank you and the other members of the subcommittee for the opportunity to participate in this oversight hearing. --------------------------------------------------------------------------- \1\ ATA's members are Airborne Express, Alaska Airlines, Aloha Airlines, America West Airlines, American Airlines, American Trans Air, Atlas Air, Continental Airlines, Delta Air Lines, DHL Airways, Emery Worldwide, Evergreen International, Federal Express, Hawaiian Airlines, Midwest Express, Northwest Airlines, Polar Air Cargo, Reeve Aleutian Airlines, Southwest Airlines, Trans World Airlines, United Airlines, United Parcel Service, and US Airways. ATA's associate members are Aeromexico, Air Canada, Canadian Airlines International, KLM--Royal Dutch Airlines, and Mexicana Airlines. --------------------------------------------------------------------------- The safety and security of our passengers is our industry's number one priority. Substantial progress has been made since the 1996 report by the Presidential Commission on Aviation Safety and Security and enactment by Congress of legislation which set out the priorities for a joint industry and government partnership to improve the aviation security baseline. We believe that this partnership over the past four years has resulted in a more secure environment for the traveling public, but we still confront significant challenges. As we look back on these recommendations and legislative initiatives it is useful to measure the progress which we have made. As part of the industry's commitment to these efforts in 1996, ATA's CEO Carol Hallett presented a far reaching security plan committing our members to a number of important goals including wide-scale deployment of detection technology; implementation of automated passenger profiling; and establishment of security screening contractor certification requirements. The industry has strongly supported these efforts throughout the legislative and regulatory process necessary to achieve these goals. The subject of today's hearing by the Aviation Subcommittee is most timely given the evolution occurring in the airport environment of the security checkpoint with relation to equipment, training and performance issues as well as the pending process by the FAA to certify security screening companies. Over the past thirty years the aviation security system has evolved significantly. Checkpoint security was originally established in the early 1970's to deter would-be hijackers. Since such threats required deterrents to keep such individuals off aircraft, air carriers became the front line defense in preventing air piracy. Since that time air carriers have been assigned by the government the primary responsibility for providing checkpoint security. Working with the FAA and the airports, we believe that these efforts have been pursued with commitment and dedication in an environment which has changed substantially as the threat of terrorism and violent acts on civil aviation have increased. The industry, working with the FAA, has undertaken a number of major initiatives during this period. In 1989, ATA and the Regional Airline Association (RAA) jointly developed the first written FAA- approved screener training program aimed at improving screener knowledge and performance. The program consists of comprehensive screener and supervisor training materials which are made available to air carriers and screening companies which clearly define the role and responsibilities of the checkpoint and checkpoint personnel. This information has been updated as necessary. ATA just completed a major enhancement in our program by developing a computer-based training (CBT) product for field use. In 1990, ATA expanded its training product to implement a ``train- the trainer'' program which provides checkpoint supervisory personnel with the necessary knowledge and technique to conduct local training programs thus expanding training opportunities. In 1993, ATA and the RAA developed a ``Checkpoint Operations Guide'' (COG) which provided all domestic security checkpoints with a comprehensive operating manual setting out the technical and administrative guidance for passenger screening personnel. The information in this guide is a synopsis of standards and statutory requirements jointly established by the FAA and industry associations. This is updated as required and has brought consistency and clarity to the checkpoint screening environment. All of these efforts were guided by the commitment of both the industry and the government to improve checkpoint performance and screener proficiency in an ever-changing security environment. During the same time security threats grew dramatically. Additional security measures were required to be conducted due to valid domestic and international security concerns. The weapons of threat have become more sophisticated and more difficult to detect. The challenges at the checkpoint have greatly multiplied. Clearly once the pending regulation is final, there will be a major sea change in the screening checkpoint environment. The FAA screener certification process will make security screening companies a full partner in the checkpoint process. While supportive, the industry has concerns and questions in a number of areas with the FAA's proposed rule. These include issues of clearly defining accountability as well as the regulatory structure devised to support this process. It is important that the FAA not create a bureaucratic structure that becomes over-burdensome to the industry. ATA is also concerned about the ultimate regulatory and economic impact the proposed certification process may inflict on some aspects of the security screening industry possibly affecting their continued ability to compete in a new regulatory environment. A number of companies providing such services are local business entities located in small airport environments and unfamiliar with federal regulatory processes. They may find it difficult or economically unfeasible to continue such services. This includes a number of our regional airline partners which serve small airports without benefit of x-ray checkpoint equipment where employees of the air carriers conduct personal screening. We commend the FAA for holding field meetings this week in Ft. Worth and San Francisco to foster greater participation by screening companies and further discussion on the proposed certification rule. Ultimately, we are confident that these issues will be resolved and a final rule enacted which meets our common goal of enhancing the security screening baseline. In tandem with these efforts, we believe that the continued development and deployment of enhanced checkpoint screening technology (TRX) will further contribute to this improvement. We were pleased when the FAA agreed to support the industry recommendation to implement a multi-year plan to replace current checkpoint x-ray technology with new, state of the art detection which includes threat-image projection (TIP) and operator-assist functions. A number of security equipment vendors are participating in the FAA selection process. They have worked closely with the FAA and the industry in developing technology that improves detection and also addresses the carrier's reliability and customer service needs. With initial deployment set to begin at our nation's largest airports within the next several months, it is vital that this replacement plan be fully funded on a multi-year basis by the FAA until all airports obtain such updated checkpoint equipment. The deployment of this technology alone will result in improved screening and screener performance at all checkpoints. The industry continues to be keenly interested in further exploring the human factors and associated responses at play in the checkpoint operation. This includes the vital role of motivating employees in the stressful environment of an airport checkpoint operation. We look forward to obtaining some reporting data and trend information from current FAA studies underway at a number of checkpoint screening locations to attempt to determine any relationship between screener ability, performance, compensation and workplace environment. This is an area where there is little in the way of definitive data and this information should serve as a preliminary review for issues which will no doubt need further study and consideration. In late 1996, the Congress, the FAA and the industry committed to the prompt development and deployment of a computer-assisted passenger screening program (CAPS). We met that goal with the implementation by the industry of such a program in December 1998. Here the industry and the FAA worked closely in overcoming many difficult operational and technical issues to successfully achieve this goal. CAPS is extremely useful as the result of its adaptability and its invisibility. Quick modification of screening criteria in the computer program can respond immediately to any evolving security threats, while the necessary associated screening measures are deployed behind the scenes. Based on the current level of threat in the United States and the high volume of passenger traffic, CAPS has offered an efficient, non- invasive security procedure meeting the needs of the FAA security program and lessening its intrusiveness on the traveling public. We urge expansion of this program for use by U.S. air carriers in their international operations and commend the FAA for its ongoing efforts with the industry to test and further develop ``I-CAPS'' at several foreign locations. There is great potential for reducing the invasive physical screening of persons and baggage currently necessary for international ``selectee'' passengers. The area of greatest challenge is the ongoing effort to deploy explosive detection systems (EDS) and other new security technologies associated with checked baggage screening. This deployment has been handled by the Security Integrated Product Team (``IPT'') made up of the FAA and industry representatives working with a coalition of manufacturers, contractors, vendors and associations. Clearly the scope and complexity of such a massive deployment is prone to a variety of issues which complicate the process. The installation of this equipment into very different airline check-in and baggage make-up areas as well as the huge diversity between airline operations and individual airport locations compounds these complexities even further. Given that we are working, for the most part, with first generation technology, the industry continues to experience significant issues with operating procedures, alarm rates and resolution, performance, staffing, training, testing and maintenance costs. It is vital to the overall success of these ongoing efforts that the following occur:
We must have a full commitment by the Congress and the FAA to continue support and multi-year funding for programs which are an extension of our national security; The FAA must aggressively seek, foster and fund research and development of new and competing technologies. Streamlined certification methods should be adopted to encourage more efficient, faster and more cost-effective baggage screening technology; And, the industry must continue to partner with the FAA in an open and constructive manner to jointly develop a strategic approach to these issues which will ensure overall success of these efforts. As I noted earlier, progress over the past four years has been exceptionally good. ATA and our member carriers are grateful for the continued support of the Chairman, this committee and the Congress in providing the on-going commitment and funding to achieve the goals which the industry and the government jointly developed in 1996. We remain dedicated to working in partnership with the Congress and the Federal Aviation Administration in all areas of aviation security. Thank you again for providing ATA the opportunity to participate in this hearing. I would be pleased to respond to any questions the committee might have. Senator Hutchison. Thank you all very much. I am going to have to go vote, so we will take a recess. There are two votes, so it will be a minimum of 20 minutes, and I will come back and start immediately into the question period, because I do have a number of questions. The testimony has been, I think, very enlightening. It is very important and I am very concerned that we address some of the issues that you have raised. I plan to do it through legislation after having all of your input, so we will discuss that as soon as we get back. I want to get a little more information for the purposes of introducing my legislation next week. Thank you. [Recess.] Senator Hutchison. Thank you all very much for waiting for those votes, and I very much appreciate your testimony. While I was on the floor, I talked to the Committee Chairman, Senator McCain, about testimony that you have given, and that this is an area in which he also is very interested, so I think you are going to see some legislation introduced very soon. I would like to get your opinion on some of the things that we are looking at, and also if you think there is anything else we should add, so let me start first with Mr. Dillingham and also Admiral Flynn, or Ms. Stefani if you have an opinion on this. But as has been said, most of the rest of the industrialized world has a 40-hour training period for screeners at airport security facilities. We have an 8-hour requirement in the United States, so I would like to ask you along this line if you think 40 hours is reasonable. Should we come up to that standard, and are we doing this in the best way? It has been said that in most places airports pay for security. In America, the airlines pay. Should we be looking at the airports being more responsible? Should we be looking at this becoming an FAA responsibility, which I know would be quite costly? What is the best approach, in your opinion, and is the 40-hour requirement that is in my legislation something that you think is a reasonable requirement? Let me start with Mr. Dillingham. Mr. Dillingham. Madam Chair, we agree the 40-hour training situation is a very positive step. As you say, most of the rest of the world in fact does require more training. However, I think it is important to point out that without a complete package of initiatives, you may end up with a situation of better trained people who are still leaving. So it has to involve more than just the training, even though training is one of the concerns involved with security screening. As long as there remains rapid screener turnover, the expense of training will keep recurring, but experienced screeners will not be on the job. A complete package has to include things that will somehow address the turnover issue as well. Senator Hutchison. Let me ask you, if we are going to continue with the contracting out of this responsibility, do you think the private enterprise, free enterprise system will work, and that people will know that if they are going to have to spend 40 hours of training, plus 40 hours of on-the-job flight training, that they are going to have to pay more to keep people from turning over, because the training costs would outweigh the savings of the low salaries? Mr. Dillingham. I think that would have an effect, but we have examples where screeners are paid $12, $14 an hour, but it has not significantly improved their performance. That is why it has to be a whole package of initiatives. What's also needed is the right kind of people--and when I say the right kind of people, I mean with the screener selection test that the FAA is developing. You get the right kind of people with the right kind of attributes, and train them well, then you create a situation where there is an improved, for lack of a better term, quality of life with regard to their job, so that screeners do in fact stay. This could involve things like career track, or it could involve some professionalization of the job itself. So the training is a major part of it, but again, I emphasize that a package is needed. But I wanted to also comment on the second part of your question about alternatives. Clearly, the GAO has been saying for a long time that we have had the same situation of diverse responsibility for aviation security for 20 years, and as we suggested, we do not see a great deal of improvement using the current configuration that now exists, with airlines in charge of passenger screening the airports responsible for access control, and things like that. There are alternatives out there, and we are being asked by another committee of the Congress to look at some of those alternatives and talk about the pros and cons associated with each one. The FAA, as a part of the 1996 Reauthorization Act, looked at the situation, and tried to determine if a change was necessary. Essentially they concluded that they could not have a consensus about changing anything, so they would just leave it the way it is. We do not think that that is the best way to do that kind of work, so we are going to try to followup and come up with some alternatives for the Congress to consider. Senator Hutchison. When would your timetable be for that report? Mr. Dillingham. As soon as our resources are free. In terms of when it will be available on where your legislation might be, I could not say right now, because we are at the early stages of that work. Senator Hutchison. So you do not have a timetable of when you would even put forward some other options? Mr. Dillingham. I do not yet have a timetable for when we could issue a report, but we are always willing and ready to talk to you and your staff about what we know now, based upon the experience we have had in doing the current work. Senator Hutchison. Give me a couple of options you would be looking at. Mr. Dillingham. We are talking about a situation, for example, of a nonprofit corporation in charge of all of aviation security. We are talking about a situation where we might have a university-based training program with FAA input. So there are a number of options for organizationally changing what we currently do. Senator Hutchison. I would be very happy for you to also talk to my staff and me about these options. I think it is time for us to look at some very bold steps here. Admiral Flynn, I would like for you to answer the question, but I would also like to ask you why the FAA is targeting May of 2001 on this training issue. Admiral Flynn. Madam Chair, with the comment period of the rule ending May 4 of this year, May of 2001 is a compressed time period to complete a rule, to do the analysis of comments, to do the economic analysis based on economic information provided in the comment period, and to bring the rule through the processes of review that are required for it to become final. Senator Hutchison. Can the FAA, on its own, compress that even further? It just seems quite long for something this important, and particularly since the bill was passed in 1996. Admiral Flynn. The FAA has looked at that, but were there to be legislation, I would appreciate support, or even it being made stronger than that, to ensure that we do this without delay. I certainly share the sense of urgency that the Committee has about getting this done. I would offer to make myself available to you and to your staff to work on what is the most timely way, and most prompt way of getting this done. Senator Hutchison. Well, I look forward to meeting with you. I am giving you fair warning that my bill says September 30. I cannot tell you that bill will pass in the timeframe that would allow that, but I think you should be targeting September 30 at the FAA. This is very important. From your testimony today it is clear that training standards in the United States are lower than the rest of the industrialized world, and yet we have more than 500 million passengers going through our airports, so I would like for you to look at an internal step up, and I am going to try to force it as well, but as you know, things take a long time getting through here as well, so I would ask you for that cooperation. Admiral Flynn. Gladly, Senator. Senator Hutchison. Ms. Stefani, did you have any remarks on the 40 hours? Ms. Stefani. No, Madam Chair. Senator Hutchison. I think I am convinced that the 40 hours in the classroom and the 40 hours on-site is a good place to start, and I think if we do that, that the rest of the structure is going to have to make that kind of investment, as Mr. Dillingham has said. I would like to go to the computer hacking issue that was addressed, I think, by the GAO and Ms. Stefani, and ask you if you believe, Admiral Flynn, that the FAA is looking at the potential dangers presented by hacking, and what steps are being taken to assure that our air traffic control system is secure? Admiral Flynn. Indeed, Madam Chair, the FAA is doing that. The work is led by our Chief Information Officer, Mr. Daniel Meehan. They have done very considerable work to assess the systems of the air traffic system for vulnerabilities, and have put in place a plan to do this. The people who are doing this are the same people who were in charge of FAA's successful Y2K program, so I think that program is much strengthened from the time the GAO looked at it. I think it is probably one of the best information systems security programs in Government as, indeed, it should be. Senator Hutchison. Do you have an early warning system that would allow you to detect tampering in this area? Admiral Flynn. Yes, indeed, there are fire walls, and the fire walls are monitored continually. Senator Hutchison. Ms. Stefani. Ms. Stefani. Yes. We currently have work underway. We are actually scanning and trying to see how secure the individual computers are in the various systems, not only in FAA, but in the Department of Transportation as a whole. The review also includes looking at things like unauthorized back-door access to different systems. We are looking at basic computer security requirements such as controls and passwords. We are making sure that the Department as a whole, not just FAA, has the right processes and procedures in place. Senator Hutchison. Thank you. I would think in air traffic control and train controls, the margin of error is so small that that would be a priority. Mr. Dillingham, did you have a comment on that? Mr. Dillingham. Yes, Senator Hutchison. I just wanted to let you know the GAO is also looking at the security situation with regard to air traffic control in much the same way as the DOTIG is following up on the work that we did a couple of years ago, and I notice the Admiral mentioned that the situation is being controlled by, or being run by the people who did the Y2K fixes. As you will recall in our testimony, there was a problem with the Y2K fixes as well, so we are going to be looking at every aspect of computer security over the next few months. Senator Hutchison. Well, I think it is certainly a priority, and I am pleased to hear that it is for all of you, as well. Let me take the access issue, because my bill attempts to strengthen security at high-risk areas by having immediate suspension or termination of any employee that enters a secure area without authorization. Is there anything else that we should do that would mandate security access, or do you feel that FAA is fully engaged on this? It seems to me that there is more that could be done, and I would like to know that you are doing everything, and if you do not think that legislatively we need any more action I would like to hear that, or if you think we should be pushing, I would like to hear that. Admiral Flynn. Admiral Flynn. The FAA has been testing this system very intensively. Now, for the past year we have noticed both improvement in the rate of challenge and improvement in the defenses against people being able to get to and aboard the aircraft. The airports have done quite significant things with regard to where there are problem doors. They have either completely barred them with due regard for fire safety, or they have posted guards on them to supplement the automatic controls on those doors. I would recommend reconsideration of firing someone, or removing a person's authorization to be in the secure area, for a single offense. I would recommend that we look at the nature of that offense. Certainly the means ought to be there for progressive discipline--someone is not wearing ID, for example, then there needs to be a system of progressive discipline leading to termination. Senator Hutchison. Is the FAA doing that now? Admiral Flynn. We have a proposed rule that permits the air carriers--I am sorry, the airports, to have progressive discipline, and a further proposed rulemaking in which the FAA will take action directly against individuals, and those rules will be final this year. Senator Hutchison. So it is up to each individual airport what happens? Admiral Flynn. To have individual accountability, and many of them do now, many airports do have individual accountability and progressive discipline programs. Senator Hutchison. Ms. Stefani. Ms. Stefani. Yes. One of the things that we noted in our most recent review of this area was the need to improve the training. When the employee shows up, whether they are a baggage handler, or a security guard, or a screener, they need basic training on what their role is in airport security. We went to eight airports. At four of those airports, employee training included testing, so you were pretty much assured that the employee understood what the requirements were and what their responsibilities were. In other cases, training consisted of an employee sitting in a room watching a video. There was no testing, no assurance that they understood the security requirements. In one case, English was the second language for a large number of employees, and yet the security tape was in English. We are not sure how much they actually understood of what was being said. So in our view employees need better initial training, they need recurring training to remind them of their security responsibilities, and when problems occur, remedial training is also needed. Senator Hutchison. Is understanding English not a requirement for screening personnel? Admiral Flynn. Madam Chair, yes, it is. Ms. Stefani was referring to ramp workers, many of whom do not speak English, and we have been working with the airports. Many airports are now doing multilingual training for their ramp workers and people who clean aircraft and have access to them. Senator Hutchison. Mr. Dillingham, do you have anything to add? Mr. Dillingham. No, ma'am. Senator Hutchison. Mr. Doubrava, do you have anything on this issue? Mr. Doubrava. Madam Chairman, I think it highlights the complexity of the issue, because we have joint tenancy and responsibilities. I can assure you of the industry's strong commitment--I just recently came to this position from one of the major air carriers where I had the responsibility for the operational side of security. I can assure you that that commitment is very strong in the industry to try to improve the performance in this area. The process is complicated because of just what goes on in the airport operationally, the huge diversity, and the size and scope of many of the airports. We may have an access failure that rebounds on the air carrier that started with an access failure some other place in the airport. We commend Admiral Flynn and his folks in the FAA security offices, and we have been working together very, very diligently on this issue over the last 18 months. I think what is important is we are in a transition period as we move forward from the legislation which you sponsored, and the screener certification regulations that are being rolled out by the FAA and the air carrier industry responding internally to strengthen security training programs. With expanded industry internal audit processes, testing processes, the training programs I think substantial progress is being made. Clearly we have a ways to go, but if you look at how far we have come since the Presidential commission and the Congress' action to make funding recommendations, I think we have made great progress. Senator Hutchison. Let me turn to the technology in the machines that are being used to screen. Do we have enough of the checked-baggage screening devices and, furthermore, as I have gone through DFW airport, I have noticed the machines that measure residue or dust to see if there is any kind of explosive residue, but do we have enough of those? I notice most airports do not have them. Certainly DFW does, and I am glad to see it, but do we have enough of the up-to-date technological equipment at our major class 1 airports, and how far down do we go with that up-to-date technology in airport size? Admiral Flynn. 552 devices are now in use, and they are at the checkpoints of all of the top, almost 80 airports. There are 450 airports that FAA regulates for security, and so there is a way to go. Now, once you get past the first 80 you are starting to get into considerably smaller airports. That equipment is the explosives trace detection equipment. Senator Hutchison. So that is the trace detection and the CTX. Admiral Flynn. Now, with regard to the EDS's, we have deployed 90 of them. There are 93 explosives detection systems deployed. They are in 36 airports, and used by 20 carriers, United States and foreign flag carriers, that are using them in the airports in the United States. Senator Hutchison. I would just like to ask Mr. Dillingham and Ms. Stefani if this is sufficient. Have we moved quickly enough on this, and should Congress be looking at moving this more quickly? Mr. Dillingham. Madam Chair, initially there were some serious delays in getting the equipment deployed, and I am not sure if that was FAA's fault, but for now they seem to be on track in terms of getting the equipment out, as far as we can tell. We have not looked at that directly in quite some time. Ms. Stefani. On the deployment of both the CTX bulk detection machines, and the trace detection equipment, FAA has made considerable progress. An area that FAA is still researching is for those smaller airports where basically what we may call an EDS-lite, a smaller machine that will fit into a different kind of configuration, is needed and FAA is moving out on this. Senator Hutchison. Do you need any help, and let me say this, if you need any help on the appropriations for those machines, please contact me, because that is the first priority for me. Admiral Flynn. Thank you very much. Senator Hutchison. I would like to move to the criminal background check area. There seems to be a void here in what we are allowed to do in criminal background checks, and in light of your testimony my intention is to close that gap. I am told you do not perform a criminal background check on anyone unless there is a 12-month lapse in employment, and yet, Ms. Stefani, you testified that 61 percent of the violent felony convictions serve 6 to 7 months in prison. So you could have an 11-month gap in an employment record and still be hired for a security scanning position. Do you think we need to close that void legislatively, and is it true that we are not now allowed to do a criminal background check unless there is that 12-month void or less? Ms. Stefani. There are four conditions in place right now that trigger a criminal check. The easiest one to explain is the 12-month gap. The others relate to information obtained during the background investigation. For example, if information becomes available during the investigation that indicates the applicant might have been convicted of a disqualifying crime. As it stands right now, FAA would have to make a rule, and go through the rulemaking process in order to change it so that an FBI criminal check would be required for all applicants. Senator Hutchison. According to the statement of the airports that will be submitted for the record, the regulations today say that you cannot do the FBI criminal history check unless there is a 12-month lapse, so we do need either a new regulation or a law that requires it, is that correct? Ms. Stefani. That is correct. A new regulation is needed. Admiral Flynn. From the point of view of the underlying law, I believe the recently passed FAIR-21 goes a long way to solving that. We also seek the FBI's cooperation with regard to the processing of the fingerprints, and the deployment of systems for online processing of fingerprints, so that there will be a rapid turnaround on it. But the principle of going directly to fingerprints, and avoiding, or going past, or taking away the employment check is a good one. Senator Hutchison. Well, let me just ask you this. Why hasn't the FAA changed that regulation, knowing what the issue is here? Admiral Flynn. Madam Chair, the problem has been that it has taken over 50 days to get a return of fingerprint checks. The processing time is that long. Senator Hutchison. Is that the FBI's responsibility? Admiral Flynn. It is delays in the system overall, as the fingerprints go to the FBI, at the FBI, and then returning to the airport, sending them, in effect, by mail. That can be improved now that the fingerprints can be transmitted electronically and are now being assessed through the systems that the FBI has of doing it automatically. I think we will have the cooperation of the FBI in doing that and putting those fingerprints ahead in priority over other requirements that there are for checking fingerprints. We would very much like to examine with you the legislation that would affect the various departments of Government that are involved in this. Senator Hutchison. Well, my goal is going to be to tighten this up so that the person cannot come into employment unless a criminal background check has been done, so I want to work with you in writing the legislation to cover the loopholes, but a 12-month lapse in employment record is just not a sufficient standard, when we know that people can be convicted of a violent crime and serve 6 or 7 months in prison. Mr. Doubrava. Senator Hutchison, if I could add a couple of comments to that, the industry strongly supports, and we are very hopeful the FBI fingerprint program can be expanded dramatically, because certainly from our vantage point we feel that 100-percent fingerprint background check is a worthy goal. The problem that we face is that under the current process, when you have a qualified employee who comes and wants to work in the job market that we are in, they need to start as soon as possible, and so the problem is that we lose good applicants because of the delay period. When you may have justifiable reasons for having to conduct an extended background check, that may not necessarily be the result of criminal activity. So I think that our frustration--and under the current process right now, as you know, and I have spoken with both the Majority and Minority staff, and they are well aware that some of the issues for us are that the current process is just fraught with so many issues because of the need to verify how much that information that you receive is adequate for the verification process based on third parties. And I think that one thing the FAA and the industry have been working--this is not to criticize the FBI, but currently they do huge amounts of background checks, and the airline industry is a very small percentage of what they do, but as we move toward this process with testing at several airports, we hope that the Congress will move forward, working with the FBI to make sure that we get this fingerprint, automated fingerprint check program underway and a wide-scale approach, and I think that a lot of these issues will then fall to the side once we have that available to us. Senator Hutchison. I think both of you are making very good points, and we will work to make sure that we have zero tolerance with the information available. The last area I would like to address is the checked baggage screening area. It is my understanding that the FAA is going to phase in 100-percent checked baggage screening, beginning in 2009. I would just ask you if that is correct and if you think that is a sufficient addressing of the issue. Is that the right timetable, or could we do that more quickly? Admiral Flynn. Madam Chair, it depends on the results of research and development. The machines and systems that we have today are not sufficiently efficient. They are effective in finding explosives, but the cost of installing the machines that would be needed for 100-percent screening is in effect unbearable. It is enormous. Senator Hutchison. What about the baggage match issue? Has that been implemented? Admiral Flynn. The checked baggage security program is on the basis of selection by CAPPS, and that gives a high level of security. Ultimately, when baggage screening machines become more efficient, and our estimate of when that could be practical is 2009, at that time we would be replacing these relatively inefficient systems with new systems, replacing the ones we are now deploying for screening CAPPS selectees' bags. We ought to be working to prepare terminals as they are being built, when it is much less expensive to install the equipment, to prepare for the transition. But again, with regard to the efficiency of checked baggage screening, the throughput rate has to come up and the false alarm rate has to come down substantially for it to be practical in the present level of threat to do 100% screening in the United States. Mr. Doubrava. Senator, where this becomes most important is in the operational needs of the air carriers. I know in your own State you have a number of hub carriers, and in the hub- and-spoke system with the sheer numbers of passengers and operations that you have, the industry needs to have equipment which supports these complex operational requirements. To take a little issue with my colleague here with regard to usage of EDS, one of the biggest challenges for the industry has been the limitations of this first generation technology. We cannot screen the sheer numbers of bags that must be accommodated in the hub-and-spoke operations. When you have carriers that run high frequencies and you have major peak times the current machines cannot handle the necessary bag throughput for a timely operation. So as we look at these issues, the biggest challenge we face is the R&D support for a smaller, faster device with a lower alarm rate. The industry is committed to moving to a 100- percent whole baggage screening regime. While I clearly understand the concern about when this will be accomplished when we put in the outyear 2009, we all felt--Government and industry together--that this was a doable date. We did not want to leave expectations high that we would be able to readily achieve this goal, because of the outstanding technology issues. Senator Hutchison. Are you doing passenger matches with checked baggage? Mr. Doubrava. As Admiral Flynn indicated, we are doing those with selected passengers. We had a long--and you were involved in some of those discussions--debate about what industry could do in terms of 100-percent domestic positive bag match on all domestic passengers. Madam Chairman, it would be impossible given the current operational environment. The industry would have to change the entire approach of how we do business in order to accommodate such a huge scope. In the current system right now 15 to 20 percent of our passengers double-connect on line. We would not have the manpower resources and the cost structure to accomplish this goal. The FAA and the industry have worked with a third party independent group to look at this. Their conclusions were similar--we would have to change the entire scope of the way we do business in the airline industry domestically, and the costs would be intolerable. Senator Hutchison. I want to ask Ms. Stefani and Mr. Dillingham if they have looked at the passenger match on certain profiles. Have you looked at the effectiveness of that approach? Mr. Dillingham. No, we have not, Madam Chair. Senator Hutchison. Ms. Stefani. Ms. Stefani. We have done some work looking at the CAPPS system, testing it, and we found that it was effective. It was identifying the selectees when they should have been selected. On the issue of CAPPS and the use of explosives detection machines, there is no doubt that we need to develop an explosives detection device that is smaller, faster, and cheaper, so that we can get it deployed across the country. When you look at a date like 2009, given the number of CAPPS selectees that are coming up, it is not as high as FAA expected. Our concern is, how do we get the practice? How do we move from where we are today to being able to screen a billion bags a year? The machines that we have are capable of doing more, and we would like to see them doing more screening. Senator Hutchison. That concludes my questions. Is there anything I have not covered that any of you would suggest we put in the Airport Security Act that I will be introducing next week, any other area that needs to be tightened up, that you would like to suggest? Admiral Flynn. Madam Chair, I would like the opportunity to reflect on that a bit, and to get back to you in the next day or so. Senator Hutchison. Well, I would very much like to have that input, and I appreciate your cooperation, Admiral Flynn. I think your testimony, plus Mr. Dillingham and Ms. Stefani's, has been very helpful in this, and certainly, Mr. Doubrava, the Air Transport Association has to be a part of this as well. I want to say that the record will be open for any member of the Committee to submit a statement, and I will put in a statement from the American Association of Airport Executives and the Airports Council International, North America. Senator Hutchison. If there are no further comments, I will adjourn the meeting. Thank you very much. [Whereupon, at 11:50 a.m., the Subcommittee adjourned.] A P P E N D I X Joint Prepared Statement of the American Association of Airport Executives and the Airports Council International, North America Mr. Chairman and Members of the Subcommittee: The Airports Council International--North America (ACI-NA) and the American Association of Airport Executives (AAAE) appreciate the opportunity to submit written comments for the record of the hearing held April 6, 2000 regarding our views on aviation security at our nation's airports. We are pleased to offer you our insights on what has been deemed one of the most important operating procedures in the aviation system. ACI-NA's members are the local, state and regional governing bodies that own and operate commercial service airports in the United States and Canada. ACI-NA member airports serve more than 97 percent of the U.S. domestic scheduled air passenger and cargo traffic and virtually all U.S. scheduled international travel. AAAE is the world's largest professional organization representing the men and women who manage airports. AAAE members manage primary, commercial service, reliever and general aviation airports, which enplane 99 percent of the passengers in the United States. We believe the most important aspect of providing a safe and secure aviation operating environment is a close partnership with the intelligence community, the air carriers and the regulators. We are pleased to have participated in the FAA's Aviation Security Advisory Committee (ASAC) from its inception and hope to continue making progress on these crucial issues by fostering the relationships formed within the Committee itself and its many subcommittees and working groups. We were pleased to see the language included in the recent FAA reauthorization legislation permitting interface between government and industry entities outside the federal advisory committee structure to allow for frank and open discussions on sensitive security matters in a timely manner. This structure will allow FAA and industry to address ways to meet our security goals in the most expeditious and effective fashion, and will also allow local airport and law enforcement officers to play a much more significant role in the development of essential emergency measures and long range policy recommendations. This recognition of the effectiveness of partnership should be the first step in a process to review and assess the existing regulator-regulated party relationship that we currently work within. As evidenced by recent problematic events, the current system of aggressive assessments and punitive actions leads inevitably to resentment and reactive measures instead of to constructive solutions to identified problems. FAA should seek ways to work with the security professionals in the aviation community to conduct assessments in a cooperative interactive method free from the threat of penalty for self-assessment and disclosure. Airport security consortia have also proven to be an effective forum for the discussion and dissemination of information on local security programs and operations as well as national trends. We understand the FAA is tasked with conducting assessments to determine compliance with existing regulatory programs. We strongly encourage the FAA to use consortia as the forum for improving local security measures at airports in addition to conducting tests to verify the effectiveness of specific measures and recommend ways to make improvements versus assessing penalties for violation. FAA should provide information to the security consortia members on the relevant goals and objectives to improve local procedures. Test protocols should be standardized and disseminated to all parties so that corresponding information on system failures can be addressed in a comprehensive manner with a complete understanding of all elements of the program considered. Many of our member airports conduct self-analysis of this nature and apply the results to program improvements. These airports have scored above the average during both FAA and DOT IG assessments. Conducting tests in a vacuum and reporting results of violations with minimal or no details on how the test was conducted has little to no productive value when attempting to assess ways and means to improve the test environment. We have been long awaiting the comprehensive rewrite of FAR Part 107 as it will codify a myriad of policy memos, emergency amendments that have been in place for over 10 years, and management procedures and practices developed in an ad hoc manner to address ``security concerns of the moment.'' Of particular interest is the section of the proposed new regulation addressing individual accountability. It has long been our position that ``security is everybody's business.'' This crucial element of airport and airline security programs has been absent from FAA regulations, forcing airports and air carriers to seek local ordinances to address violation of federal regulations. ACI-NA and AAAE have been working with our industry partners to develop a set of minimum national standards for local airport individual compliance programs addressing the most common violations. We need full support of our federal partners to make these compliance programs effective. FAA must assist the airport and air carrier industry to enforce these programs, once established under regulation, by imposing penalties described in airport and air carrier programs to individual violators in a timely manner. Under the current programs FAA assessment of civil penalty can take upwards of several months to complete, severely undermining their effectiveness. Prior to finalizing the proposed regulation FAA should consider addressing the current list of crimes that disqualify an individual's application for unescorted access. It is our understanding that the FAA has the regulatory authority to expand the current list of crimes delineated under FAR Part 107.31 to reflect current concerns. While many of the existing crimes were selected to address terrorist activity, recent events have made it apparent that persons with unescorted access to the secure area of an airport are willing and able to participate in other activities with an equally detrimental impact on the security of the air transportation system. If an individual willingly places an illegal substance on board an aircraft for monetary compensation, that same individual will likely introduce a weapon or explosive device into the sterile area of the airport and perhaps onto the aircraft itself. Airport and air carrier employers do not have a legal means to conduct a comprehensive assessment of the criminal records of potential employees. Therefore, it is our position that FAA should include on the list of disqualifying crimes, crimes that show intent or predisposition to accept rewards for illegal activity or unlawful gain such as theft or burglary. FAA must work with the industry and law enforcement entities to review the current list of disqualifying crimes and assist in amending the list as deemed appropriate to prevent the introduction of deadly or dangerous items onto aircraft. As stated earlier, airport and air carrier employers are not free to assess the criminal background of all potential employees who seek unescorted access to the secure area of the airport. The current regulations specifically restrict the use of an FBI criminal history check to those individuals who cannot produce proof positive that they were employed for the ten years prior to application (with no greater than a 12 month gap in records) for unescorted access privileges at an airport. As many convictions no longer carry a minimum twelve-month sentence due to plea bargaining and reduction of charges, the screen created by this process is no longer valid. FAA and FBI now have the capability to accept fingerprint records in a digital format and can affirm the criminal record of an individual in a matter of days. In light of these technological improvements we see no reason to continue to produce reams of documentation on each applicant's employment history. Rather we believe it is incumbent on the FAA and the FBI to expedite a procedure to allow airports and air carriers to conduct a 100% fingerprint background check on all employees seeking unescorted access to the secure area of an airport. This procedure would provide evidence of past convictions regardless of the time lapsed since conviction (greater than ten years) and would obviate the need to verify by letter, phone or other means the validity of statements provided by the job applicant themselves. Another difficulty that airport operators face in verifying the background of individuals applying for unescorted access is the lack of standardized information available on recent immigrants to the United States. Very often these individuals have no method of providing the information required to meet the standards outlined in FAR Part 107.31. The United States Immigration and Naturalization Service (INS) performs a background investigation on these individuals prior to issuing a ``green card'' allowing them to work in the United States. The INS should provide the record of investigation to airport and air carrier management to verify that the individual to the best of their knowledge has not been convicted of any of the disqualifying crimes. This statement by the INS should be an acceptable substitute for the current method of collecting documentation from varied sources that may or may not be well controlled. Other technological advances in the security assessment field will have significant impact on airport operations, terminal design, emergency response procedures and other planning and manpower requirements. It is essential that FAA continue to work not only with the air carriers who will be utilizing passenger and baggage screening equipment, but also with airport operators who will need to modify terminal buildings and educate our public safety staff on the placement and uses of this equipment. The Security Equipment Integrated Product Team has made significant progress in the development of short term plans to integrate existing technology into the current airport system. We are calling on the FAA to work with industry to establish long-term goals and objectives for the development of an integrated aviation security plan. Airport operators can then reflect these goals and objectives in our terminal design and operations planning allowing for the most effective deployment and use of this equipment. A long-term plan will also allow estimates of future funding needs to be identified and sources for the funding to be procured accordingly. One final issue that has been raised for discussion is the assignment of responsibility for carrying out screening of passengers and their baggage. Passenger screening is acknowledged as an essential element of the overall aviation security system. Some have even classified it as the first line of defense against the introduction of deadly or dangerous weapons into the air transportation system. The performance of these duties should rightfully be the subject of continual scrutiny with the aim of ever improving the level of security provided. Which party in the security partnership should perform the screening function has been the focus of many debates on the issue. Questions as to why the airport operators or the federal government do not conduct screening can easily be addressed. The Aircraft Piracy Act of 1961 (PL 87-197) first vested the air carriers with the responsibility for performing passenger screening by allowing them to refuse transport to passengers or property that could jeopardize air safety. The Air Transportation Security and Anti-Hijacking Act of 1974 (PL 93-366) explored the issue in detail, and determined that the responsibility was best assigned to the air carriers as they have the most direct interface with the passengers and baggage allowing them to assess behavior in conjunction with the screening process. Additional concerns relate to ``probable cause'' and ``illegal search and seizure'' protections. The Supreme Court case ``Terry v. Ohio'' determined that probable cause for search and seizure does not exist if a person is merely proceeding into the sterile area of a facility to meet an arriving passenger, or to escort a departing passenger. Therefore, if a law enforcement officer or government entity with law enforcement responsibilities were to conduct screening and finds evidence of a violation (cash over $10,000 or drugs) they are duty bound to take action which would violate the individuals rights. In addition to these legal concerns, there are the practicalities of the current system. Under the current procedures, information about high risk passengers is collected by the air carriers, the air carrier is the entity that comes into contact with the passenger when they check- in for the flight. The air carrier also comes into contact with the passengers carry-on and checked baggage. Therefore the air carrier representative is the person with the best opportunity to designate the passenger and their baggage as a ``selectee'' for aggressive screening measures until such time as the threat presented by the passenger or their baggage can be resolved. To interject an outside party into this process would require a significant modification to the existing passenger check-in and screening process. It is our position that the FAA and the air carriers should work toward the implementation of comprehensive performance based standards for security screening employees. These employees should be vested with the knowledge that it is their responsibility to provide a crucial element of the aviation security system. They should be provided with comprehensive initial and recurrent training and the best tools available to complete their job. Compensation should reflect their skills and performance accordingly. FAA's proposed regulation on the certification of screening companies goes a long way toward reaching this goal, but falls short of working with the very individuals who provide these essential services. Again we appreciate the opportunity to provide our views on this important issue. We hope that you will find them to be enlightening and useful. ______ Response to Written Questions Submitted by Hon. Slade Gorton to Gerald Dillingham Question. Do you agree with the FAA's assessment that it will induce screening companies to pay their employees higher wages with higher performance standards that require more training? In your opinion, are there additional steps that should be taken? Answer. We believe that it may be possible to get screening companies to pay higher wages through higher performance standards that require more training, but it is by no means certain. FAA has limited tools that it can use to influence screener wages, but mandatory higher standards could be the right one. If FAA sets high performance standards that require screening companies to (1) seek and retain more capable screeners, (2) invest more money in their training, and (3) maintain high performance to retain certification, then it should be in the screening companies' interest to raise wages in order to obtain the best candidates. However, screening has historically been seen as an additional cost burden to air carriers, and they have tended to contract with the lowest-cost screening companies to handle their screening operations. Consequently, their concerns remain about the ability of screening companies to raise wages sufficiently to attract good candidates and still be able to compete effectively for screening contracts with the air carriers. We believe it would be most prudent to let the efforts FAA has underway to improve screener performance take effect, be evaluated, and then decide whether or not additional actions are warranted. Question. Does GAO have any reconunendations for improving the abysmal weapons and explosives detection rate that you outlined in your testimony? Answer. We do not have any specific recommendations at this time that could improve screener detection rates. FAA has several initiatives underway that may be a starting point that could help to achieve higher detection rates, such as computer-based training, the Threat Image Projection (TIP) System, and screening company certification; however, it is still too early to determine what impact these initiatives will have on improving screener performance. In our view, the key to improving detection rates is the timely and effective FAA implementation of initiatives such as TIP, which is designed to increase screeners' experience and attentiveness. If these are implemented promptly and properly, then this country may finally obtain significant improvements in weapons and explosives detection rates. Question. In order to improve screener performance, are there any lessons that the FAA can learn from other screening practices in other countries? Answer. We found a number of differences in the way other countries conduct screening operations. These differences include: (1) more extensive qualifications and training for screeners, (2) higher pay for screeners, (3) assignment of screening responsibilities to the airport or government, and (4) more stringent checkpoint operations, such as routine ``pat down'' searches of passengers and limiting access to checkpoints and beyond to passengers only. However, the critical piece of information is whether these practices result in better screener performance. We were unable to obtain from these countries information on whether and how these differences lead to improved screener performance. Nevertheless, the screening practices of other countries potentially contain lessons for FAA. We can not be prescriptive on what these lessons would be, largely because it would take significant study and cooperation from other countries to determine the impact the differing practices have on screeners' ability to detect dangerous objects. However, if FAA's current initiatives do not increase screener performance to levels needed to adequately ensure the safety of air passengers, we believe that FAA should vigorously examine the practices of other countries to identify lessons for adoption in the United States. ______ Response to Written Questions Submitted by Hon. John McCain to Richard J. Doubrava Question 1. Should the computer-assisted passenger screening (CAPS) system be adjusted so that more passengers are selected at random to have their checked bags scanned by explosive detection equipment? Answer. The industry is strongly opposed to an arbitrary increase in the CAPs random rate to increase the usage of security screening equipment. The CAPs program was developed jointly between the industry and government to identify certain factors that would result in a passenger being selected to undergo the ``selectee process.'' The random factor was developed to insure that there were no overt factors, which resulted in individuals being targeted as the result of any personal bias. The Justice Department repeatedly reviewed the CAPs program and certified it as non-discriminatory. Any plan to alter this program in order to deal with issues associated with the level of security screening equipment usage undermines the program. Such an action would do nothing to improve the security baseline of ``selectee'' profiling by simply increasing the numbers of passengers put into the ``selectee'' category. This is not a security-based approach. Question 2. In your testimony, you said that progress has been exceptionally good. But GAO has found that screener performance has possibly worsened. On what do you base your assessment of exceptional progress? What are the airlines doing as an industry to improve screener performance? Answer. Mr. Chairman, my comments were reflective of the progress which the industry and the government have made since the recommendations of the Presidential Commission on Airline Safety and Security. As of March, 2000 there are contracts for the deployment of 180 explosive detection systems (EDS) at the major airports in the U.S. In addition, 420 new state-of-the-art checkpoint x-ray systems have been contracted for deployment at the nation's airports. These machines will include ``threat image production'' (TIP) which will be a major training enhancement for checkpoint screeners. In addition, the continued rollout of trace detection devices continues at U.S. airports as well. The industry was among the first to call for the certification of security screening companies by the FAA. This certification process will result in the screening companies becoming a full and equal partner in the aviation security process. While the industry recognizes the need for improved performance in a number of security areas, this does not diminish the progress which we believe has been made over the past several years in strengthening U.S. aviation security. ______ Response to Written Questions Submitted by Hon. Slade Gorton to Admiral Cathal Flynn Question 1. Ultimately the responsibility for detecting weapons and explosives in baggage lies with the airlines, even if they contract out for the screening of carry-on baggage. If the airlines are fined consistently and at higher rates for the inability of screeners to detect potentially dangerous objects during FAA tests, won't they have more incentive to make sure that screeners are paid and trained in a manner that fits their level of responsibility? Answer. The FAA does believe increasing tests and fines for carriers or airports that perform poorly can motivate good performance. FAA has used this approach in a number of areas. In the area of checkpoint screening, however, there are certain limitations on the beneficial effect of individual fines for individual test failures. The most apparent is that airlines have traditionally charged the contract screening companies for any FAA imposed fines, which, in turn, sometimes results in the firing of individual screeners, rather than prompting an examination of how to improve system performance. FAA, therefore, has other initiatives in an ongoing effort to improve screeners' ability to detect potentially dangerous objects. One such effort involves the certification of screening companies, which will allow the FAA to monitor screener training and to hold screening companies directly accountable for their performance. Screening companies whose performance falls below the standard could be subjected, not just to penalties, but to requirements for redundant staffing and, possibly, public signage indicating that screening remains safe only because of the redundancy required by the FAA. Question 2. Does the United States have the most stringent security screening standards in the world? If not, what countries' standards exceed ours? Do their standards exceed even the FAA's proposed requirements? Answer. The scope of how security is employed by individual nations is commensurate with the perceived threat and culture. In limited, select countries, such as Israel, security measures are more extensive and aggressive than those instituted in the United States, in order to address the level of perceived threat. In those countries, the volume of passengers requiring screening, passenger acceptance of more intrusive procedures because of the immediate threat levels, and the acceptable passenger delay in aviation systems without the hub and spoke system of United States allows for more time consuming processing of passengers. The FAA has developed standards for explosive detection system (EDS) technology that must be met for a system to be certified by the FAA. The EDS criteria are extensive but appropriately justified by threat analysis conducted by the intelligence community and aircraft vulnerability analyses performed by the FAA and other government entities. The standard focuses on explosive type and mass and mandates a processing rate and sets a minimally acceptable false alarm rate. While individual nations may use different detection software that attempts to detect smaller explosive masses, this significantly impacts the system false alarm rate. If studies of aircraft vulnerability to explosions show that a decrease in the explosive mass is required, the FAA will change the EDS criteria. The FAA is developing standards for the screening checkpoint that will focus on threats being introduced to the aircraft at the screening checkpoint either in carry-on baggage or concealed on passengers. Systems will be developed through the sponsorship of the FAA's Research and Development program to meet this future standard. The FAA is the world leader in the development and deployment of advanced aviation security screening equipment. Numerous countries use equipment that is developed by research sponsored by the FAA. With respect to the human element, the proposed Certification of Screening Companies rule is expected to improve screening performance. It will require the use of threat image projection (TIP). The FAA anticipates that in the future, TIP data may provide a basis not only to monitor the performance of screening locations but also to establish performance standards. Certification of screening companies will allow the FAA to monitor screener training and to hold screening companies directly accountable for their performance. Question 3. My understanding is that the 8000-39 FAA inspector identification badge has been in use for a decade at least. If that's so, why do you think that many airport and airline officials don't recognize the universal access privileges of the 8000-39 ID? Answer. We believe the majority of airline and airport employees recognize the privileges that attach to the 8000-39 ID (issued to FAA's aviation safety inspectors) to remain in security-controlled areas of an airport without escort while conducting inspections. Nevertheless, the FAA is taking steps to ensure the credential will be universally recognized at all airports, by including information on this ID during the training given to all employees and airport-assigned police officers. Also, the FAA is ensuring that FAA aviation safety inspectors (ASI) are familiar with procedures for properly getting onto the ramp, for displaying the ID at all times, and for responding to the appropriate challenges that may be made by industry employees who are attempting to ensure that only authorized persons are on the ramp. FAA's Office of Civil Aviation Security requested on May 1, 2000, that all airports review their security programs to ensure the form and the authority of the ASI's are recognized and brief all airport- assigned law enforcement officials about the form. Copies of the form have been distributed to police shift commanders and at airport consortia meetings. FAA field personnel are also reviewing the airport security training programs to make sure the form is recognized and described adequately. Simultaneously, FAA Flight Standards is reacquainting its workforce with how to obtain access to the ramp, the need to display the ID, and the legitimacy of requests by ramp workers to see the ID as they discharge their security ``challenge'' requirements. Question 4. What is the FAA doing to develop a strategic aviation security plan? Answer. The Office of Civil Aviation Security has developed several broad strategic plans since the bombing of Pan Am 103. Provisions of the Aviation Security Improvement Act of 1990 and subsequent legislation, and the recommendations of groups like the White House Commission on Aviation Safety and Security, helped to define the aviation security strategic direction and effect its implementation. FAA also met with industry representatives in a series of ``strategic summits'' beginning in June 1998 and has developed ``end states'' of the system 5 years in the future. The Associate Administrator for Civil Aviation Security (ACS) does not produce a publicly available, detailed strategic plan including specific goals, objectives, and implementing actions because such a plan would unavoidably reveal vulnerabilities in the civil aviation system that could be exploited. Instead, we present the main elements of our aviation security strategic plan as an overview in the FAA and Department of Transportation strategic plans and on the pages of biennial reports to Congress. FAA is currently drafting a plan describing aviation security strategic direction and elements, but at a broad enough level to make it suitable for public release by the end of this calendar year. This is one of several major planning activities for aviation security. FAA is implementing a new matrix approach to civil aviation security planning and evaluation that uses Integrated Program Management (IPM) Teams for each major security subsystem. IPM teams have identified 5-year goals and developed detailed internal management program plans with actions necessary to meet the goals. A newly established ACS evaluation staff will coordinate the matrix approach of IPM teams. The staff will evaluate effectiveness and interactions of individual elements of the security program. A manager for the anticipated staff of analysts was hired in May 2000. FAA has two coordinated groups formulating a system architecture and concept of operations for civil aviation security. The IPM team designated ``Program 1'' is responsible for defining all the elements of the security program. A draft of the total system architecture is planned for the end of CY 2000. The Security Equipment Integrated Program Team (SEIPT) System Architecture team is focusing on the areas of SEIPT involvement (checked bags and checkpoint). A draft qualitative description of the SEIPT system architecture was completed in May 2000. In addition, the SEIPT is developing a security equipment deployment plan and has contracted with a Center of Excellence to develop a deployment optimization model by August 2000. Question 5. In your prepared testimony you said that in a 1998 report, the FAA found no consensus for a change in responsibility for aviation security. Furthermore, you said, ``The existing partnership, where the government sets goals and works with the industry to see that those goals are met is universally supported.'' What are the goals that have been set for the industry? How have they been met? Answer. The overall goal is to deter or prevent hijacking, sabotage, and other criminal and terrorist acts against civil aviation. Ensuring effective screening of ever-increasing numbers of passengers, baggage and cargo on more flights without restricting movement remains our greatest challenge. The U.S. aviation industry must embrace improved security as part of its mission to provide better service to its customers. The FAA and industry have been working together through the Aviation Security Advisory Committee, Security Equipment Integrated Program Team, and meetings with associations and airline and airport executives such as the Security Summit held in June 1998. The partners strive to create effective and efficient aviation security systems; effective in the sense that they reliably accomplish the tasks assigned, and efficient in the sense that they do their job for the least cost, both in terms of money and the movement of passengers, cargo and mail For example, a primary element of our strategic plan is to improve checked baggage and checkpoint screening through effective and efficient use of advanced technology security equipment by air carriers. Nonintrusive screening depends upon the use of such technologies to find weapons and explosive devices without excessively disrupting the flow of passengers or the expeditious movement of their bags. The use of automated or computer intensive equipment in place of labor intensive measures is faster, more efficient, but primarily more effective. Working together, the FAA and industry have achieved the goal of automated passenger screening with bag match or explosives detection system (EDS) screening of selected passengers' bags, using the Computer-Assisted Passenger Prescreening System (CAPPS), while safeguarding civil liberties. The screening system, however, is limited by the level of performance by screeners and how they use the tools provided. We hope that the certification of screening companies in concert with the training and selection tools FAA has provided will lead to increased professionalism in the airline screening workforce. We will set performance standards to ensure an appropriate level of detection of weapons and explosive devices. We will require training to standards we set and we will test to those standards to ensure accomplishment of our aviation security goals. Question 6. In the 1996 FAA reauthorization bill, Congress required the FAA and FBI to carry out joint threat and vulnerability assessments at each ``high risk'' airport. What is the status of those assessments? How have the FAA, FBI, and industry responded to these assessments? Answer. To date, joint threat and vulnerability assessments have been conducted at 33 U.S. airports. For FY2000, twenty-six additional airports have been scheduled to have joint threat and vulnerability assessments conducted. Industry representatives participate in the assessment process through consultations with FAA Security specialists and those who hold security clearances are briefed on the threat assessments pertaining to their airports. Since 1996, FAA, in conjunction with the FBI, has evolved a methodology that seeks to capture airport vulnerabilities through data collection and analysis. This process involves both agencies, in close cooperation with industry, and produces data that serve to both identify vulnerabilities and to allocate resources. The methodology consists of a questionnaire with over three hundred questions on the vulnerabilities of an airport, an empirical study prepared by the local FBI offices on Criminal Activity Trend Analysis on the airport and surrounding areas, and a classified FBI threat assessment tailored to the airport or geographic region in which the airport is located. The empirical data is tied to a database managed at FAA. These assessments help in identifying vulnerabilities in security systems at designated airports and in recommending modifications in security facilities, equipment, and procedures to address or correct the vulnerabilities. Question 7a. In the past year, how much was levied in fines against screening companies or air carriers for screening checkpoint violations? How much was actually collected? Answer. From May 15, 1999 through May 15, 2000, the FAA closed 505 cases against various air carriers for screening checkpoint violations, 331 of which civil penalties were recommended, totaling $4,073,623. Of that amount, the agency has collected $2,245,875 to date. Question 7b. Do these fines have an impact and lead to improved performance by air carriers, screening companies, and individual screeners? Answer. Increasing tests and fines of carriers or airports which perform poorly can motivate good performance as long as the definition of good performance is clear and its treatment is consistent. FAA has used this approach in a number of areas. In the area of checkpoint screening, however, there are certain limitations on the beneficial effect of individual fines for individual test failures which will be alleviated by initiatives documented in the notice of proposed rulemaking (NPRM) for certification of screening companies. The target for publishing the final rule is 12 months after the NPRM comment period, which closed on May 4. The comment period was extended a month beyond the original April 4 date to allow for outreach to small businesses. Question 8. Last December the GAO reported that the FAA has not consistently performed background checks or investigations on employees of FAA contractors, as the agency's own policy requires. What are the FAA's plans for enforcing its policy on background checks? When will the FAA complete its efforts to address recommendations made by the GAO? Are these policies enforced with respect to FAA inspectors themselves? Answer. The FAA has begun to address the recommendations made by the GAO and those efforts are ongoing. Specifically, FAA has (a) conducted an agency-wide security awareness and education briefing for appropriate personnel that provided detailed guidance on the tasks and procedures for investigating contractor employees; (b) developed procedures, intended to be in place by September 2000, for conducting semi-annual audits of contracts; (c) developed contract provisions, including prescriptions to implement the requirements of FAA Order 1600.1D, Personnel Security Program (all existing contracts should be modified by September 2000); (d) begun conducting the position risk/sensitivity level determinations for applicable positions under Mission Critical Systems (MCS) contracts, and maintaining records on individuals working on systems for whom background checks have been initiated and/or completed; and, (e) performed security review on each critical (Y2K) system remediated under contract. Additionally, the FAA is revising its policies governing the release of technical data owned or acquired by the FAA. This new policy will be implemented in September 2000 as a modification to FAA Order 1200.22B, ``Use of National Airspace Data and/or Interface Equipment by Outside Interests.'' The agency is also establishing a training module to be in place by May 2001, to be used in conjunction with other training provided to appropriate personnel on the procedures for implementation of requirements for investigating contractor employees. Further, by September 2000, FAA plans to complete an assessment of its resource needs to fully carry out implementation of the security policies and procedures. Question 9. What if any progress has the FAA made in advancing the implementation of an automated fingerprint identification system that would allow airport and air carrier management to conduct a 100 percent assessment of all applicants seeking unescorted access? Answer. The FAA fully supports such a system and believes that it is critical to the successful replacement of the current system of employment verifications with mandatory FBI fingerprint checks. The FAA, in conjunction with the Office of Personnel Management (OPM) and the FBI, is conducting a pilot test of electronic fingerprint transmission at Denver International Airport, John F. Kennedy International Airport, and Washington Dulles International Airport. Participation in the pilot is voluntary. In July 1999, the FBI's Criminal Justice Information Services Division implemented the Integrated Automated Fingerprint Identification System (IAFIS). OPM has developed a fingerprint processing system that allows their customers to take advantage of the enhancements IAFIS offers. By early July 2000, as part of the pilot program, the FAA expects to electronically transmit fingerprint results through OPM back to the pilot airports. By the conclusion of the pilot in October/November, FAA hopes to prove that a substantial number of fingerprints can be transmitted and processed electronically with the results returned to airports within 6 days. Even with electronic transmission, civilian fingerprint requests and results still have to be channeled through OPM, as required by the FBI for oversight purposes. Question 10. The FAA requires employees seeking unescorted access to secure areas of airports to have background investigations. DOT IG investigations have found companies working at airports have submitted falsified employment records for individuals granted such access. Some of these individuals were convicted felons. a. Does the FAA know the extent of this problem nationwide? Answer. We have concluded that as a result of four national audits, the problems that have been discovered are isolated and not systemic. In each instance where a problem has been discovered either by the FAA, the airport, or the Office of Inspector General, immediate actions were taken to correct the problem with follow-up to prevent recurrence. Also in each instance, depending on the circumstances, enforcement action or criminal prosecution was initiated against those individuals responsible for causing the violation. b. What action has FAA taken to prevent this from occurring? Answer. FAA has published a rulemaking that strengthens the role of the airports and air carriers by requiring audits to be conducted on the employment history investigations. Simultaneously, FAA is continuing its own national audits of airports, air carriers screening companies, and airport users to determine the level of compliance with the regulatory requirements. To date, the results do not contradict the findings of previous audits in that the non-compliance is largely limited to administrative mistakes as opposed to intentional falsification or fraud. c. Are the FAA's background investigation requirements effective in ensuring only trusted employees have unescorted access to secure airport areas? Answer. No. Such assurances cannot be made if Government must balance the compelling need to safeguard the air transportation system against criminal acts, while preserving the fundamental rights of individuals. On the other hand, the system in place today uses a reasonably fair means of checking the bona fides of persons who are employed in the aviation industry. This approach is not unlike the systems employed in the private sector: banking, securities, and by the states in regulating teachers, child care workers, and others who are employed in services in which there is a fiduciary relationship. All of these systems rest on the premise that a conviction of a serious crime may be a presumptive indication of future behavior. d. Should all people seeking unescorted access to secure airport areas submit fingerprints to the FBI for a criminal record check? Answer. Yes, fingerprint-based criminal history checks are the only accurate method for determining if an applicant has a criminal record. With adequate safeguards against the unauthorized disclosure of such records, requiring 100% fingerprints would not be a quantum step from the point at which FAA and the aviation industry currently find themselves. The Federal Bureau of Investigation now has greater capabilities to process fingerprint checks than it did in 1996, at the time of the promulgation of FAA's rulemaking, and the agency and the industry have successfully processed thousands of fingerprints submitted in connection with applicants who triggered the system. But even if fingerprints were to be required of every aviation employee, this process would be virtually meaningless for the thousands of newly arrived immigrants who do not possess a U.S. Department of Justice criminal history file. e. Should the list of crimes that disqualify an individual from having unescorted access to secure airport areas be expanded? Answer. Yes, we will actively but carefully consider expanding the list of crimes in any rulemaking that we undertake. The reason for caution is that there are complex issues of privacy and state and local jurisdiction that need to be carefully considered. f. Has the FAA considered using other investigative tools, such as foreign criminal checks, credit checks, and drug tests for determining whether employees can be trusted with the safety of the traveling public? Answer. Yes. More than any other security issues, background checks have been and continue to be evaluated in detail. Question 11. In 1998, the FAA issued new rules requiring industry audits of compliance with employee background investigation requirements be incorporated into airport and air carrier security programs. What has the FAA done to implement this new rule? What are industry's concerns with implementing the rule? Answer. On April 28, 2000, the FAA issued amendments to the Air Carrier Standard Security Program and approved airport security programs requiring air carriers and airports to audit their compliance with the employee background investigation requirements. These amendments will go into effect on May 31, 2000. With the required audits, regulated parties can better assess the background investigations and correct specific problems. The amendments addressed in detail airport concerns about the suggested formula for random sampling and records retention. Several airports requested the flexibility to allow them to continue to use the auditing systems that they had voluntarily implemented when those systems met the intent of the rule. Another area of concern was the appropriate handling of the discovery of an instance of suspected fraud or an improperly conducted employee background investigation. All concerns were addressed in the final amendments, including acceptance of the existing auditing systems and clear outline of procedures to address fraudulent and improperly conducted background investigations. Question 12. The DOT Inspector General's Office has made recommendations to improve the training of employees given access to secure airport areas, to make employees accountable for compliance with their access control responsibilities, and to strengthen access controls in sterile areas of the airport. What actions has FAA taken in response to these recommendations? Answer. For more than a decade, airport access control system requirements such as ID card display, challenge procedures, emergency response to alarms, etc., have been in practice. The DOT OIG and FAA test results have clearly and consistently revealed inadequacies in compliance. Test results indicate that the human element associated with implementing and enforcing airport access control is the primary system weakness. Increased emphasis on system integration and continued emphasis on human factors such as individual accountability and operator training, along with continued intensive testing for compliance, are anticipated to improve access control effectiveness. The FAA and all entities at the airport must work together as a team to ensure security practices are followed. Therefore, the FAA is developing a compliance program to ensure a more effective mixture of individual and corporate responsibility for complying with security regulations, particularly those relating to access controls. The proposed changes to Federal Aviation Administration requirements under 14 CFR Part 107 and 108 will provide greater protection of secure areas. The development of additional technical specifications and modernization of access controls systems should also improve reliability, integrity, and adaptability. Question 13. The DOT IG has recommended that the FAA improve and better administer its security database to ensure it is efficient and reliable, and can be used to identify systematic problems and allocate resources. The FAA planned to develop a new Web-based system by the end of 1999, costing approximately $325,000. What progress has FAA made to improve its security database? Was the estimated cost estimate accurate? Answer. WebAAIRS will be ALPHA/BETA tested in August/September of this year. We will be able to fully field WebAAIRS before the end of 2000. System development has required incorporation of the new FAR Parts 107 and 108 (the basic security rules) and testing protocols now being used to verify background checks and access control. The program has overcome resource constraints, primarily IRM contractor turnover. The initial estimate of $325,000 is still valid. Question 14. For FY 2000, Congress appropriated $100 million to continue the deployment of security systems and equipment. What are FAA's plans for spending the $100 million? What new technologies will be purchased and deployed this year, and how do they fit into an overall strategy to improve aviation security? Answer. During FY 2000, the FAA plans to purchase 24 explosives detection systems (EDS), 210 explosives trace detection devices, 420 threat image projection (TIP) equipped screening checkpoint x-rays, 488 computer-based screener training workstations, and 30 threat containment units. Each of these security equipment deployments supports one or more underlying elements of the FAA's aviation security strategy. For example, deployment of certified EDS equipment supports the end state goal of screening all passenger checked bags identified through the Computer-Assisted Passenger Prescreening System, by December 31, 2004. Deployment of TIP equipped x-rays and computer-based training workstations provide the necessary tools to assess screener performance and improve training in support of full implementation of the screening company certification rule that will soon go into effect. Question 15. The Department of Defense and the U.S. Customs Service are also investing heavily in new detection technologies and deploying them to prevent terrorist acts and to detect narcotics. Two years ago GAO urged greater cooperation between federal agencies and noted that synergies can be obtained. How closely does FAA work with these two federal agencies? Are there any lessons learned from the Department of Defense or the Customs Service that can be transferred to the FAA? Answer. The FAA has a close working relationship with numerous federal agencies through the Technical Support Working Group (TSWG), an interagency organization with a counterterrorism mission. We actively participate on TSWG subcommittees to establish quick turnaround projects, normally resulting in fielded hardware, to address security related needs of common interest. FAA has spent extensive time with Customs in reviewing their ``Automated Targeting System'' to screen and clear cargo. This information helped guide FAA's initial establishment of an R&D effort with International Consultants on Targeted Security (ICTS) to automate cargo profiling. In the close established working relationship which FAA holds with DOD and Customs, technical information is shared, including ``lessons learned.'' One example is FAA's monitoring Custom's efforts to implement x-ray backscatter technology for screening people for hidden threat or contraband material. Question 16. As part of its research and development efforts, the FAA has invested in hardened baggage containers that can help an aircraft survive an in-flight explosion. What is the status of hardened containers? What is the time frame for introducing them into the U.S. transport fleet? Answer. The FAA has sponsored development of Hardened Unit Load Devices (HULD) of the LD-3 classification. LD-3 class containers are used on wide-bodied passenger aircraft. The FAA, with coordination from industry, developed a certification specification for LD-3 class HULD's, delineating design criteria for blast-resistant containers and airworthiness and operational requirements for containers. As of April 2000, only two units have successfully met all criteria. The units are from the same vendor, with one being a variant of the other in that only the door location was changed. The FAA has purchased 21 prototype units for the purpose of conducting an operational assessment. The first 11 units were delivered in early 1999 and were characterized by a rear door. The last units were delivered in January 2000, and are equipped with a side door which is more operationally suitable for the air carriers. The rear door units were placed in service starting in February 1999 and data have been collected on damage, operability, repair, and the ability of the unit to contain successfully a blast at various intervals of use. The demonstration has resulted in several minor modifications in the container design. The demonstration is planned to continue through mid- 2001. The FAA is also sponsoring development of a container that can be used in narrow body aircraft such as B-737's. The FAA is analyzing the HULD cost and effectiveness, including an assessment of how HULD's complement other in-place security measures. At this point the FAA does not plan on requiring air carriers to use HULD's. Question 17. Both the DOT Inspector General's Office and the FAA have reported that screening equipment operators continue to fail tests, and are not that effective in detecting test objects. --Is this a systemic problem or just an isolated one? --What is FAA doing to address this issue? --What are some solutions for improvement? Answer. The FAA is addressing this systemic issue on various fronts, including: The FAA has proposed the certification of security screening companies. The proposal is intended to improve the screening of passengers, accessible property, checked baggage, and cargo and to provide standards for consistent high performance and increased screening company accountability. The FAA is developing a screener selection test to help screening companies identify applicants who may have natural aptitude to be effective screeners. Computer Based Training (CBT) equipment is being deployed. They consist of platforms with a workstation designed to train screeners while not directly engaged in performing screening functions. The potential benefits of CBT are self-paced learning, enhanced opportunities for realistic practice, combined training and performance testing, and uniform instruction throughout the country. Under the proposed rule, the FAA will require screening companies to ensure that every trainee passes an FAA readiness test for each type of screening to be performed. The FAA is purchasing and deploying new x-ray equipment (TRX) with the Threat Image Projection (TIP) systems. TIP systems superimpose images of potentially dangerous items on x- ray monitors during normal screening checkpoint operations and are designed to improve screener training, maintain screener proficiency and increase screener attention to duties. Most importantly, it builds screeners' ``mental libraries'' of indications of threats/potentially dangerous objects. FAA expects that TIP data will provide a basis to establish performance standards. FAA research and development continue to address TIP performance issues. ______ Response to Written Questions Submitted by Hon. John McCain to Admiral Cathal Flynn Question 1. Should the computer-assisted passenger pre-screening system (CAPPS) be adjusted so that more passengers are selected at random to have their checked bags scanned by explosive detection equipment? Answer. No. The FAA has worked to ensure that CAPPS applies appropriate criteria fairly, effectively, and practicably. The CAPPS criteria are based upon an analysis of past events as predictors of an individual's potential for involvement in certain criminal acts against civil aviation. The current random factor adds a degree of unpredictability of selection so the integrity of the system is protected from hostile surveillance. Further, the degree of randomness takes into consideration the balance between thorough application of established criteria, operational necessities, and the need to avoid any appearances of discriminatory factors. Specifically, in regard to operational necessities, to achieve a significant increase in the chances that an explosive device would be discovered through random selections, the number of selections would have to be increased almost to a point of operational impracticality. Further, human factors research suggests that, in such a scenario, operators might be less likely to treat as genuinely suspicious those items that cause the explosives detection system to alarm. This might result as operators seek to reduce processing times to expedite handling of the increased number of bags to be screened. While increasing random selections is doable in the short run, we believe it would be counterproductive. Question 2. The current list of disqualifying crimes seems inadequate. For instance, it does not address the issue of theft or criminal behavior for the purposes of individual gain. Recent events show that employees with access to aircraft can just as easily place controlled substances on aircraft as they could explosive devices when paid to do so. a. What is the FAA prepared to do to rectify this problem? Answer. We agree the current list of disqualifying crimes can be expanded. In addressing problems such as those raised in your question, we continue close coordination with local, state and federal law enforcement organizations, including the U.S. Attorney offices, Federal Justice agencies, and airline and airport management. We also will collaboratively review and more fully address this issue. The FAA welcomes input from Congress to determine which crimes should be added. The FAA also will request the participation of the Aviation Security Advisory Committee to assist us in determining a viable solution to the issue presented. The Aviation Security Advisory Committee (ASAC) is a national committee established by the Secretary of Transportation and chaired by the Associate Administrator for Civil Aviation Security. The committee provides advice and recommendations to the Administrator for improving aviation security measures by examining all areas of civil aviation security with the aim of developing recommendations for the improvement of methods, equipment, and procedures to improve civil aviation security. As a priority during its June 1, 2000, meeting, we requested the ASAC to establish a working group to review expansion of the list of disqualifying crimes. b. Is there a legal basis for airport management to deny access privileges to persons convicted of crimes other than those described in the regulation? Answer. There may be a legal basis for airport management to deny access privileges to persons convicted of crimes other than those described in the regulation. This is dependent upon the state and local laws and ordinances applicable to the jurisdiction in which the airport is located. c. Please clarify airport management's authority to access national crime databases to determine if applicants have committed crimes that do not automatically disqualify individuals under federal requirements? Answer. Information contained in any Department of Justice criminal history record system will be made available for use in connection with licensing or local/state employment or for other uses only if such dissemination is authorized by Federal or state statues and approved by the Attorney General of the United States, in accordance with 28 CFR 20.33. To our knowledge, no airports have authority other than the FAA rules to access DOJ criminal justice history record information for use in determining access to secured areas. Records obtained under this authority may be used solely for the purpose requested, in accordance with 28 CFR 50.12. Therefore, airport management may only use records obtained under 14 CFR Part 107 for Part 107 purposes. Question 3. Many persons applying for positions at airports are recent immigrants to the United States. Collection of employment records or other substantiating documents on these individuals has been a significant challenge for airport and air carrier management. The Immigration and Naturalization Service (INS) conducts interviews and background assessments on all persons seeking to immigrate to the U.S. prior to granting them resident alien status and the right to work in the U.S. --Has the FAA assessed INS background investigation procedures to determine whether airports and air carriers can rely on the information collected by INS to determine if these persons have committed crimes that should disqualify them from unescorted access privileges? --If the FAA has determined that the assessments are not adequate to make this determination, what is FAA doing to assist airports and air carriers to obtain information that the FAA deems appropriate? Answer. In the development of a rule approximately 5 years ago, the FAA reviewed the INS background investigation procedures and found them to be inconsistently applied. At that time it was determined the INS background procedures could not be used for determining unescorted access privileges. We are aware that there have been changes in procedures since that time and will be contacting INS in the near future to assess current procedures to see if this may now be a viable avenue for airports and air carriers. The FAA has met with representatives of INTERPOL to seek their advice and assistance. INTERPOL representatives informed the FAA of the many roadblocks which make their assistance highly improbable. Question 4. In 1998, FAA issued new rules requiring airports to conduct reviews of employee background investigations to ascertain completeness prior to issuing airport identification for access to secure areas. The DOT Inspector General's Office found, however, that not all FAA field personnel were aware that the rule was effective, and three of six airports reviewed had not implemented the policy. Does the FAA know the extent of this non-compliance? What has FAA done to implement the rule? What guidance was issued to the FAA field and industry to ensure the requirement was implemented? Answer. To ensure that FAA field personnel, as well as industry, were aware of the additional requirements, FAA updated and redistributed a handbook for conducting background checks. This document represents a joint effort by both FAA and industry representatives. Despite these efforts to promote widespread understanding of the rule, evidence has been discovered that some airport operators have failed to implement the additional requirements fully. Namely, the FAA has learned that three (of more than 400 airport operators) had not yet fully implemented the preliminary review process to be followed upon receipt of an application for unescorted access. FAA field offices followed up with the three airport operators and familiarized them with these requirements. FAA is assessing compliance with these requirements in two ways. First, during periodic assessments of airport identification systems and background check procedures, FAA inspectors sample files maintained by the airport operator. Under a proposed airport security program amendment to become final this month, airports will be required to conduct self-audits of the access investigations conducted in each prior year. They will be required to summarize their findings and corrective actions for the review of FAA Security. In addition to the periodic audits, and in expanding this process, FAA Security is conducting an ongoing special emphasis assessment that focuses on screeners, airport tenants, and others who require unescorted access to the secured areas of airports. These components provide FAA Security with a comprehensive picture of compliance with this security requirement. Question 5. One of the main components of airport access control systems is to deny immediate access to employees when their authorization changes, such as when an employee is terminated. DOT investigators found that airports were failing to ensure this requirement was being met. Does FAA know the extent of this problem? What controls are in place to ensure access to secure areas is immediately denied when required? Answer. Yes. FAA assesses access control systems on a continuing basis. The fundamental requirements of FAA's access rule provide that a system, method, or procedure employed by an airport to control access to its secured areas should be capable of denying access to an unauthorized person. This may take the form of an automated control that interrogates an access medium or it may be the function of a security guard to prevent passage into the secured area by one whose access authority has changed. The FAA requires that airport security programs contain measures that ensure ID equipment, card stock, unused and recovered cards, and records associated with the identification system are secured. A record of the serial numbers which indicate to whom the access medium is issued, that individual's employer, issue date, expiration date, and access authorization is controlled by the airport operator and is available for inspection by the FAA. Lost or stolen ID badges must be reported immediately to the airport operator and are only replaced after the person making the report files a police report explaining the circumstances of the loss or theft. The airport security program also requires that annually the airport operators conduct an audit of lost/stolen badges. When 5 percent of the total number of ID badges issued in the current series of media are unaccountable (lost, stolen or unrecoverable), the airport operator must reissue new identification media to all authorized individuals, or revalidate the current identification media. New or revalidated ID media must be visually distinct from the media being replaced. Non-expired ID media of any type or style currently being issued that have not been accounted for in the audit must be considered a part of the unaccountable ID media percentage, and part of the total number of ID media issued. Expired media are not considered unaccountable or part of the total number issued. The FAA has a vigorous program of inspecting, monitoring, and testing to ensure the system identified in the airport security program is in place and functioning as described. The FAA and the airport operator track system performance and take immediate corrective action to ensure system integrity. The human factor also plays a significant role in the success or failure of the system in preventing unauthorized access. The Office of Inspector General (OIG) noted this observation in their audit report. FAA keeps detailed records on the performance of airports in terms of tests and assessments. Follow-up audits conducted after publication of the OIG report, as well as preliminary reports from audits underway indicate that the problems uncovered appear to be isolated and not systemic. Nevertheless, in each instance where the FAA, airport operator or OIG discovered problems, immediate actions were taken to correct the problem with additional measures to prevent recurrence. Also in each instance, depending on the circumstances, enforcement action or criminal prosecution was initiated against those responsible for causing the violation. Question 6. The FAA reports access control tests and industry compliance with access control requirements in terms of aircraft boardings. Why? Are there other ways to inflict harm to the flying public without boarding an aircraft? Answer. We report access control tests and industry compliance with access control requirements in terms of aircraft boardings to Congress because the passenger aircraft is at the core of the multi-layered system designed to protect against intruders. Our testing efforts, however, are not focused just on the aircraft and our data are not just reported in terms of aircraft boardings. We have established interim performance criteria (which are protected Sensitive Security Information that can be provided separately to the Committee) in two parts--aircraft boardings and unauthorized ramp access. We include the latter because bags and cargo that go into aircraft are stored on the ramp before loading. Test frequencies and enforcement are adjusted depending on performance at each airport against both criteria. Question 7. The FAA has recently certified several new explosives detection systems for screening checked baggage. What are the plans for acquiring and deploying these new systems? Can we expect some competitive pricing among the manufacturers, and reduced costs for installing, operating and maintaining the equipment? Does each certified system provide its own unique attributes to fill an identified need, or are all of the systems more or less interchangeable, just manufactured by different companies? Answer. FAA intends to purchase a limited number of production units of each of the three new explosives detection systems that have been certified in the laboratory by the agency in recent months. FAA has purchased four L-3 Communications eXaminer 3DX-6000's, four InVision CTX-9000's and two InVision CTX-2500's. These initial production units are used to conduct first article tests. We plan to place a limited number of machines at airports for operational testing. Before significant numbers of newly certified explosives detection systems are deployed to airports, FAA must further test the equipment to assure the suitability, maintainability, reliability, and effectiveness of the equipment in an airport operating environment. Additionally, vendors must demonstrate they have met all critical infrastructure requirements necessary for widespread operational deployment of production equipment. For example, vendors must document and/or demonstrate their verified screener training and testing programs, validated simulants and test articles for calibration and airport operational testing, acceptable factory/site acceptance test and operator qualification test procedures, and an established quality assurance program for equipment production which meets FAA standards. With the recent certification of equipment manufactured by a second vendor, FAA may, over time, gain some benefits of competitive pricing. There is some overlap in performance characteristics and list prices of the eXaminer 3DX-6000 and the CTX-9000; less overlap in comparison of the eXaminer 3DX-6000 with the CTX-5500 and 2500 series machines. Question 8. To what extent are we cooperating with foreign governments and agencies in seeking a solution to our aviation security problems? Have we made a worldwide survey of promising breakthroughs elsewhere? Answer. The FAA security organization interacts with its foreign counterparts on many levels and does so primarily through the International Liaison Staff and through program responsibilities held by the Office of Civil Aviation Security Policy and Planning and the Office of Civil Aviation Security Operations. The FAA security organization works very closely with international organizations, such as the International Civil Aviation Organization; regional security bodies, such as the European Civil Aviation Conference (ECAC); and sub-regional aviation security organizations, such as the North American Aviation Trilateral. Our involvement with these and other organizations provides a means by which FAA can monitor and encourage the development of new technologies and approaches to aviation security problems. Of the regional entities, Europe is the most progressive. It is with this region that FAA is most active. Through ECAC, and the 37 individual States which comprise its membership, FAA cooperates with Europe on issues related to the development and continued improvement of security standards and equipment. FAA has permanent observer status with the ECAC Security Working Group and holds two observer positions on its technical and operational task forces. ECAC takes FAA's views into consideration as it undertakes new and more assertive approaches to hold baggage security, harmonization of standards, and improved compliance within the European region. For instance, FAA's explosive detection systems criteria were adopted in part by ECAC recently and FAA methods are included in elements of a newly developed airport auditing program for the region. In addition to our extensive relationship with ECAC and our involvement with other regional organizations, FAA has established sixteen Civil Aviation Security Liaison Officer positions at U.S. embassy locations throughout the world. These security specialists monitor and coordinate civil aviation security efforts and programs that impact U.S. and international aviation security measures. This program provides FAA a unique conduit through which information is exchanged and developments in security technology or methods are monitored. Another way FAA cooperates with foreign governments is through Memoranda of Cooperation and Memoranda of Understanding. These agreements, which encompass technical exchanges, training, and other areas of mutual interest, have led to collaboration in joint testing and evaluation of security screening equipment and hardened luggage containers, among other things. Lastly, FAA is charged with the responsibility of evaluating security at all international airports from which U.S. and foreign airlines provide service to the United States. FAA security specialists currently visit 242 airports in 102 countries on a periodic basis to ensure these airports are meeting international security standards. In meeting routinely with aviation security personnel from these and other locations, matters of mutual interest and concern are discussed and technical information is exchanged. Question 9. I understand that airline pilots and others have been pushing for the development of a Universal Access System, which would, among other things, allow a single form of identification to be used at most if not all airports. What is the status of the Universal Access System? What are the potential risks and benefits of such a system? Answer. The Universal Access System (UAS) was developed, in part, through the joint Government-industry efforts of the UAS Working Group of the Aviation Security Advisory Committee (ASAC). The ASAC is chartered under the provisions of the Federal Advisory Committees Act. The result of the working group's efforts was published as ``The Universal Access System Program, Program Summary and Operational Test Report'' on October 21, 1997. Working with previously appropriated federal funds, the UAS Working Group and others established a test program using an airline central database and two participating airports. Following a successful test, the UAS Working Group completed an implementation plan and a few airports have linked to the central database. However, opposition to the wide implementation of UAS was expressed in the UAS Working Group. The ASAC subsequently voted to retire the UAS Working group at its meeting on May 13, 1999. Under Section 102(b) of Public Law 106-181, FAA was authorized to spend up to $8 million in fiscal year 2001 for the purchase and installation of UAS if requested by airport and air carrier officials. Although spending for UAS was authorized, Congress did not appropriate any additional funding, and FAA did not include funding for UAS in its budget request because of the lack of a significant level of industry support. The FAA remains willing to assist air carrier and airport operators that may request funding for the voluntary installation of UAS. FAA has met with industry representatives regarding initiatives in place to expand UAS to major hub airports. These proposals appear promising, and FAA will work with industry to accomplish the shared objective of an effective and efficient security system. The UAS offers several benefits, including a standardized format for the identification/access card to be worn by participants in those areas of the airports controlled for security purposes. A common data base permits timely and universally effective additions, making it possible to immediately permit or deny an individual's access to security areas of airports when using the UAS card as an access medium. The UAS concept bears several risks and complications. There is a need to designate a responsible party or parties to maintain the common database. The potential for errors and oversights in the system would be significant. Further, if the universally recognized ID cards are not retrieved immediately from persons whose privileges have been revoked, those cards could be used by those persons to move, unchallenged, once they have otherwise gained access to the controlled areas of any participating airport. Question 10. It is my understanding that some airlines are offering rewards or bounties to any employee who catches an FAA inspector trying to find security vulnerabilities and lapses at airports. Is that an appropriate incentive? If so, shouldn't employees be rewarded for catching any person trying to gain unauthorized access to secure areas of an airport, rather than focusing on FAA employees? Doesn't such an incentive scheme lead to confrontational attitudes among groups and individuals that supposedly share the same goals of improved security? Answer. Yes, some air carriers and airport authorities have implemented incentive programs to increase vigilance on the security- controlled areas of airports and especially around parked passenger- carrying aircraft. These programs are not designed to target FAA employees but are in place to provide an additional incentive that encourages airport/airline employees to remain on the alert and challenge individuals in and around their immediate area of control. Employees are asked to challenge any person who appears to be unauthorized within these secure areas and to report their presence to airport, air carrier, or law enforcement authorities. The programs offer cash awards of up to $50 in some instances and, in others special recognition and benefits to employees whenever they successfully detect and report any intruder. The FAA regularly conducts access inspections and tests of the ID Display and challenging requirements at airports as part of its overall mission. In response to FAA testing, industry encourages their employees to be particularly alert and to detect individuals who are not displaying airport authorized ID media. In the vast majority of cases, this aggressive challenging is not directed specifically at FAA. It is directed at any intruder who is not in compliance with the ID Display requirements of the Federal Aviation Regulations, Airport Security Program or the Air Carrier Standard Security program. It can also be attributed to the increased emphasis FAA has placed on this area of aviation security responsibility. The FAA and industry share the common goal of improving security at our nation's airports and approach all security responsibilities as partners in an effort to ensure a safe and secure environment for the traveling public. Because of FAA's role as the regulator/tester, employees naturally become the target of the ID display/challenging incentive programs. And, the industry has a vested interest in demonstrating compliance with the agencies regulatory requirement. There have been isolated instances when employees have become confrontational during security tests. When this has occurred, FAA and industry work quickly to resolve any issues immediately without further escalation. ______ Response to Written Questions Submitted by Hon. Slade Gorton to Alexis M. Stefani Question. In the aftermath of the recent security incident involving FAA Inspector Gore at Dulles Airport, the inspectors' union claims that inspectors at airports across the country are routinely denied access to secured areas that they have the credentials to examine. Moreover, the inspectors routinely accept the fact that airport or airline officials are denying them access to areas that they are allowed to inspect. Are you aware of this issue? Answer. Yes, we are currently reviewing the claim by the inspector's union that aviation safety inspectors are often prevented from performing their safety inspection duties by airport and air carrier employees. Under FAA policies, FAA inspectors displaying FAA Identification 8000.39 are to be given free and uninterrupted entry to secure airport areas to conduct safety inspections. The inspectors are not required to have identification issued by individual airports. We are looking into whether the incident at Dulles is isolated or a common occurrence within the aviation community. We are also trying to determine whether Mr. Gore followed FAA policy and properly displayed, or promptly presented, his FAA identification during his attempted inspection at Dulles. Question. Has the FAA's testing of compliance with access control requirements been adequate? Answer. Yes, FAA has made significant improvement in its testing of compliance with access control requirements and FAA has indicated that it will ``continue [intensive testing] at some frequency indefinitely.'' However, as we testified in April, testing alone will not be enough to motivate the aviation industry and its employees to accept and consistently meet their responsibilities for airport security. FAA must require airport operators and air carriers to develop and implement comprehensive training programs that teach employees what their role in airport security is, the importance of their participation, how their performance will be evaluated, and what action will be taken if they fail to perform. Until these actions are taken, compliance with access control requirements will remain at an unacceptable level. Question. The FAA disputes the assertion that explosives detection equipment is being underutilized. How do you respond to the contention that the utilization rates merely reflect natural fluctuations in traffic? Answer. FAA and the air carriers focus on the ``peak of the peak,'' the five minute period in any one day when check-ins, and therefore selectees, are at their highest level. They then extrapolate that five minute peak at the CTX machine into a hypothetical peak hour by multiplying the number of bags in the five minute peak by 12. It is this number that FAA and the air carriers say limits their ability to increase CTX usage. However, actual usage data from the CTX's show that the actual peak hour in any one day is almost always less, often significantly so, than the hypothetical peak hour. We compared the average number of bags screened daily by each CTX in 1998 and 1999, as reported quarterly by FAA, and found that the majority of deployed and operational CTX machines still do not screen as many bags in a full day of operation as the machine is certified to screen in an hour. More than 50 percent of the deployed machines screen less than 225 bags per day, on average, compared to a certified rate of 225 bags per hour, and more than 30 percent of them screen fewer than 125 bags per day. We still believe that this is not an effective way to use a million dollar machine that does what it was designed to do-- detect explosives. ______ Response to Written Questions Submitted by Hon. John McCain to Alexis M. Stefani Question. Should the computer-assisted passenger prescreening system (CAPPS) be adjusted so that more passengers are selected at random to have their checked bags scanned by explosives detection equipment? Answer. Yes. Before full implementation of CAPPS, FAA expected a greater number of selectees than are currently being identified, and CTX machines have the demonstrated capability to screen more bags now than the air carriers are screening. Increasing the randomness factor in CAPPS is one way to increase the utilization of these expensive machines. FAA does not expect to begin the phase-in of 100% checked baggage screening until 2009, provided the technology is available to support screening at the required throughput levels without sacrificing detection capability, and at a reasonable cost. FAA regards the technical risk to be high, because although a research and development program designed to provide the systems required for 100% checked baggage screening is underway, it may not be successful. Nevertheless, the majority of the machines are being underused today, and the gap between CAPPS-only now, and 100% checked baggage screening beginning in 2009, could begin to be filled by increasing the random selection factor to keep existing machines working up to capacity. Question. The FAA recently published a Notice of Proposed Rulemaking on Certification of Screening Companies. Do you think the process described in that proposed rule will improve screeners' performance? Answer. Yes, we think that the certification process will go a long way toward improving screeners' performance if properly implemented. The certification process will require screening companies to meet minimum standards, which should result in improved performance on the part of screeners to detect threat objects. FAA will rely on TIP to enhance and measure the performance of individual screeners, and to certify screening companies. TIP, a computer software program, projects fictitious images onto bags, or an entire fictitious bag containing a threat onto the screener's monitor. TIP is intended to keep equipment operators alert, provide real world conditions, and measure individual screeners' performance in identifying threat items.