Monday, January 19, 2009

Administrator Kip Hawley's Final TSA Blog Post

TSA opened up this web dialogue about a year ago to get feedback from the public and engage with them on the issues that they presented. We have learned a great deal from those of you who have posted and I am grateful for your engagement with us. While some of the individual comments are painful to read and/or based on something that is factually wrong, taken as an aggregate there are undeniable, unavoidable themes.

One of those themes is that TSA's security is intellect-free. The broad categories seem to be about doubting the reality of the current threat, perceived vulnerabilities, and experiences that defy common sense.

With this post, I would like to touch on threat and vulnerabilities and focus on how TSA is introducing more 'smart' security at the airport.

Threat information comes in many forms, virtually all of it coming to us with restrictions on how we can use it. The good news is that we get it -- and use it -- to craft our security activities, and we literally do that every day. The bad news is that a condition of getting the really detailed and actionable information is that we cannot fully explain to the public the 'why' behind what we do. Ellen Howe's previous post discusses how we have tried to get out as much as we can on the 'why,' most recently, with the Ad Council.

The point on vulnerabilities is that since there are vulnerabilities in every system, what's important is to identify them and then compensate for those vulnerabilities with other measures. TSA is involved in risk-management - understanding our vulnerabilities, looking at what terrorists may be planning, and devoting our main efforts to reduce the risk of attacks with catastrophic consequences.

You might look at it like mapping out a spectrum of attacks causing catastrophic consequences, then overlaying it with vulnerabilities, and then circling in red the vulnerabilities associated with high-consequence attack scenarios where we know terrorists are plotting. We look for compensating measures across the spectrum to protect against vulnerabilities or plotting of which we are unaware. But first of all, we take action to close down any vulnerabilities circled in red. When we see an intersection of threat, vulnerability and consequence, TSA takes action as we have with liquids and shoes even though we know that they will not be popular. We are more likely to consider convenience issues in other areas of the spectrum and devote considerable effort in working with our airport and airline colleagues to make things work with the least possible inconvenience. There are technology answers -- but we have to close the gap until the technology answer works and is deployed.

Part of the problem with the 'common sense' theme is that our rhetoric of smarter, flexible, unpredictable, stay-ahead-of-the-terrorist strategy can clash with your personal experience. Some measures are in place now and others rolling out that will sharply reduce that disconnect. I will mention a few examples in each of our key areas: people, technology, and process.

First off with our people, TSA is about two-thirds of the way through retraining our entire airport workforce, from Federal Security Director to front-line Officer. (Headquarters elements are also included.) This training is worthy of its own post but it is two full days in length and covers the gamut from human factors to updated information on terrorist weapons and tactics. It is all about being smart about how we do our security job and how to think in terms of identifying real - and sophisticated - threats and less about running through a checklist.

Secondly, we are also about two-thirds through a major deployment of much more sophisticated carry-on bag scanners, AT-X-ray. About 600 of the new, smarter AT's are deployed already with another 300 more in the next few months. These are the machines that will be able to detect threat liquids (or powders, gels, etc.) automatically and will allow TSA to change the baggie requirement and clear up many of the head-scratching moments you now endure. (Probably about a year away.)

Finally, I have spoken about wanting to break up the rigidity of checkpoint screening and mentioned a goal of changing it up, spreading it out, and calming it down. With a re-trained workforce that has better technology, we can make the existing process calmer. There are opportunities also to make process changes that will make things smoother. For instance, where we have rigid and predictable criteria for extra screening (like last minute travel changes and one-way tickets), we can get more security value by using less obvious criteria like randomness or behavior and make things less congested at the checkpoint.

While this forum will continue to hear from our vigorous critics, I hope that in addition to the words of the indefatigable Blogger Bob and his colleagues, you will see that TSA has backed them up with actions in the year that the EoS Blog has been in business.

Our on-line presence is much clearer, deeper, and more accessible - and improvements will continue. Black Diamond, laptop bags, clearer signage, better explanations of the “why”, are all examples of actions taken by TSA that were helped by this blog discussion. You've helped us prioritize your pain points and we do, in fact, work to reduce those.

The security needs in aviation (and surface transportation) are significant and on-going. Real security risk mitigation can only happen when all parties - including the public - are active, positive participants. The men and women of TSA are amazing in their commitment to protect you and it has been an honor to serve with them. I hope that, going forward, your personal experience with our people, bolstered by better technology and process, will bring us together in support of our common objective - untroubled transportation to our chosen destination and a safe, smooth return home.

Thank you for your interest and participation,