Recently, the Government Accountability Office (GAO) released a report on TSA’s covert testing program. We’ve written about the report and posted it on our website. Some media and blogs have covered the report and created some misperceptions along the way –headlines like: “TSA Doesn’t Look Into Airport Security Screener Failures don’t help. So we wanted to talk a bit about the covert testing process at TSA.
TSA undergoes covert testing by three entities: The GAO, the DHS Inspector General and TSA’s own Office of Inspection. The recent GAO report focused on TSA’s covert testing procedures. During the course of the year long GAO review, the auditors examined all TSA covert test reports and recommendations, and had access to new policy or Standard Operating Procedure changes derived from the covert test recommendations. Many of the changes are in place today to further enhance the safety and security of the traveling public.
The report validated TSA’s covert testing program and included some recommendations. The recommendation that is causing confusion deals with the way TSA records test failures.
GAO recommended that TSA include a line item in our database for "failures." One would assume “failure” means someone missed an IED, but in fact the failure could be in how a rule is applied, how a technology functions in a specific airport, or how a procedure requires follow-up on an alarm. Because of the vast amount of qualitative information recorded by testers, they write more detailed explanations of failures in a written report instead of a line item in a database. We did, however, concur with the GAO recommendation and have now added a category to the data base on failures in addition to the more detailed reports we’ll continue to do.
The specific misperception we wanted to clear up is what we do with the test results. In some of the blog coverage I’ve seen, including the link mentioned above, some think we don’t do anything with the test results, which is far from the truth. These results are critical to closing security gaps in individual airports and throughout the entire aviation system. As soon as a covert test is completed in an airport, the findings are shared with the TSA leadership there, noting areas for improvement, whether it be in the application of Standard Operating Procedures, use of technology or other areas. The testers also meet with Transportation Security Officers after the testing is completed to show them where mistakes were made and offer suggestions to immediately close any security gap.
After the airport staff is briefed, the testers conduct a briefing to TSA senior staff to show them the failures and recommendations. Information is shared with the Office of Security Operations, which oversees TSA operations at airports nationwide. This gives headquarters an opportunity to look at results at one airport to see if there are implications for the whole aviation network. As needed, Standard Operating Procedures and training could be changed, technology is tweaked, and processes can be changed at the national level based on covert tests.
Bottom line: we take these results – and the results of GAO and the DHS Inspector General - very seriously and TSA constantly uses them to improve security.
EoS Blog Team