[House Hearing, 112 Congress] [From the U.S. Government Publishing Office] TEN YEARS AFTER 9/11: ASSESSING AIRPORT SECURITY AND PREVENTING A FUTURE TERRORIST ATTACK ======================================================================= FIELD HEARING before the SUBCOMMITTEE ON OVERSIGHT, INVESTIGATIONS, AND MANAGEMENT of the COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED TWELFTH CONGRESS FIRST SESSION __________ SEPTEMBER 16, 2011 __________ Serial No. 112-45 __________ Printed for the use of the Committee on Homeland SecurityAvailable via the World Wide Web: http://www.gpo.gov/fdsys/ _____ U.S. GOVERNMENT PRINTING OFFICE 73-356 PDF WASHINGTON : 2012 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON HOMELAND SECURITY Peter T. King, New York, Chairman Lamar Smith, Texas Bennie G. Thompson, Mississippi Daniel E. Lungren, California Loretta Sanchez, California Mike Rogers, Alabama Sheila Jackson Lee, Texas Michael T. McCaul, Texas Henry Cuellar, Texas Gus M. Bilirakis, Florida Yvette D. Clarke, New York Paul C. Broun, Georgia Laura Richardson, California Candice S. Miller, Michigan Danny K. Davis, Illinois Tim Walberg, Michigan Brian Higgins, New York Chip Cravaack, Minnesota Jackie Speier, California Joe Walsh, Illinois Cedric L. Richmond, Louisiana Patrick Meehan, Pennsylvania Hansen Clarke, Michigan Ben Quayle, Arizona William R. Keating, Massachusetts Scott Rigell, Virginia Kathleen C. Hochul, New York Billy Long, Missouri Janice Hahn, California Jeff Duncan, South Carolina Tom Marino, Pennsylvania Blake Farenthold, Texas Mo Brooks, Alabama Michael J. Russell, Staff Director/Chief Counsel Kerry Ann Watkins, Senior Policy Director Michael S. Twinchek, Chief Clerk I. Lanier Avant, Minority Staff Director ------ SUBCOMMITTEE ON OVERSIGHT, INVESTIGATIONS, AND MANAGEMENT Michael T. McCaul, Texas, Chairman Gus M. Bilirakis, Florida William R. Keating, Massachusetts Billy Long, Missouri, Vice Chair Yvette D. Clarke, New York Jeff Duncan, South Carolina Danny K. Davis, Illinois Tom Marino, Pennsylvania Bennie G. Thompson, Mississippi Peter T. King, New York (Ex (Ex Officio) Officio) Dr. R. Nick Palarino, Staff Director Diana Bergwin, Subcommittee Clerk Tamla Scott, Minority Subcommittee Director C O N T E N T S ---------- Page Statements The Honorable Michael T. McCaul, a Representative in Congress From the State of Texas, and Chairman, Subcommittee on Oversight, Investigations, and Management: Oral Statement................................................. 1 Prepared Statement............................................. 3 The Honorable William R. Keating, a Representative in Congress From the State of Massachusetts, and Ranking Member, Subcommittee on Oversight, Investigations, and Management...... 4 Witnesses Mr. Stephen M. Lord, Director, Homeland Security and Justice Issues, Government Accountability Office: Oral Statement................................................. 7 Prepared Statement............................................. 9 Mr. Chris McLaughlin, Assistant Administrator for Security Operations, Transportation Security Administration, U.S. Department of Homeland Security: Oral Statement................................................. 17 Joint Prepared Statement....................................... 18 Admiral George Naccara (Ret.), Federal Security Director, Transportation Security Administration, U.S. Department of Homeland Security: Oral Statement................................................. 21 Joint Prepared Statement....................................... 18 Mr. Edward C. Freni, Director of Aviation, Massachusetts Port Authority: Oral Statement................................................. 22 Prepared Statement............................................. 27 Major Michael P. Concannon, Major, State Police Troop F, Boston Logan International Airport: Oral Statement................................................. 32 Prepared Statement............................................. 35 TEN YEARS AFTER 9/11: ASSESSING AIRPORT SECURITY AND PREVENTING A FUTURE TERRORIST ATTACK ---------- Friday, September 16, 2011 U.S. House of Representatives, Subcommittee on Oversight, Investigations, and Management, Committee on Homeland Security, Boston, MA. The subcommittee met, pursuant to call, at 9:37 a.m., at the General Edward Lawrence Logan International Airport, Terminal E, Departure Level, Boston, Massachusetts, Hon. Michael T. McCaul [Chairman of the subcommittee] presiding. Present: Representatives McCaul and Keating. Mr. McCaul. Well, good morning to everybody here. The Committee on Homeland Security will come to order. Let me first say thank you to the Massachusetts Port Authority and everybody involved with putting this hearing together. It's 10 years after 9/11. To be sitting in the very airport where the hijackers took off that fateful day is really something. I think it really brings a moment here as we reflect back 10 years later on aviation security. Let me thank the Ranking Member for being such a great host. The Boston-Austin connection is still alive and well. I had the pleasure to bring him down to Texas, and it was about 110 degrees, so I really appreciate the 60-degree weather and sunny conditions. I think Mr. Keating is probably the envy of almost every Member in the House as he represents Martha's Vineyard, Nantucket, and Cape Cod. So I'm proud to represent Austin to Houston. Boston is not exactly a stranger to me. I did attend the Kennedy School at Harvard University many years ago. So with that, we'll begin the hearing. The purpose of this hearing is to examine security at the Logan International Airport and aviation security throughout the United States 10 years after 9/11. This is an official House hearing, and so all of the rules of the House do apply to this hearing. I now recognize myself for an opening statement. I know that sounds kind of strange, but that's how we talk in Washington. We have to recognize ourself to speak. The morning of September 11, 2001, I remember watching the television with one of my daughters, and the first airplane had hit the Twin Tower and everybody thought it was an accident. Then the second plane hit, and she asked me, ``Daddy, why did that plane fly into the building?'' It was when that second plane flew, at that point, we knew that this was not an accident. We knew that America was under attack. There were a total of almost 3,000 deaths that day. It is estimated that the U.S. stock market lost $1.4 trillion in value. The United States was at war. We've lost thousands of men and women in the battle against terrorism, and we continue to fight the terrorists and protect our homeland. The terrorists began this war by using our airports as launching pads. Over a period of 10 years, we've spent billions of dollars to mitigate such a threat. However, the 9/11 Commission's 10th anniversary report card concludes, ``We are still vulnerable to aviation security threats.'' Specifically, the report states, ``We need to improve screening at airport checkpoints using biometrics and standardized identification documents to make it more difficult to circumvent security.'' In addition, the attempted terrorist bombing of Northwest flight 253 on approach to Detroit on Christmas day 2009 provides a vivid reminder that commercial aviation remains an attractive terrorist target and underscores the need for effective airport security. Our major airports now have multiple layers of security screening. Today's hearing will examine two of those layers, airport perimeter security as well as new security measures being tested here at Logan International Airport. This airport has led the Nation in new techniques and innovative methods to prevent another 9/11 attack. Methods used by airports to control access vary because of differences in design and layout. But all access controls must meet minimum performance standards established by the TSA. TSA requires airports to control access using methods such as pedestrian and vehicle gates, keypad access codes with personal identification numbers, magnetic stripe cards and readers, turnstiles, locks and keys, and security personnel. The Government Accountability Office's 2009 report concludes there have been thousands of security breaches at airports across this country. Additionally, it's been reported a young man breached perimeter security at the Charlotte Douglas International Airport and hid in the wheel well of a passenger plane. His body was found along Boston's airport's flight path. Department of Homeland Security Secretary Napolitano said, ``Clearly, if somebody, a 16-year-old, is able to circumvent standards and requirements and get into a wheel well of a plane, there has been a breakdown.'' Although some of these breaches are accidental, some may represent dry runs by terrorists. The GAO examined airport perimeter security and concluded that the TSA should develop a comprehensive risk assessment of airport security and milestones for its completion and evaluation plan for any future airport security pilot programs and a National strategy for airport security that includes key characteristics such as goals and priorities. Not only is perimeter security a special concern, but passenger screening is essential if we are to prevent another 9/11. TSA employees perform approximately 1.8 million screens per day, 2 million on holidays and have screened more than 6 billion travelers since September 2001. The methodology has not always been perfect, and the sheer magnitude of this effort is certain to garner critics about the procedures. TSA is attempting to improve security by testing a new program designed to identify potentially dangerous passengers before they board aircraft. The Screening Passengers by Observation Technique, or SPOT, originated right here at Boston Logan Airport in 2003. SPOT is designed to utilize nonintrusive behavior observation and analysis to identify high-risk passengers who may be a threat. The Behavior Detection Program, a modification of SPOT, will have specially-trained agents question passengers, engage their reaction before they board the aircraft. Based on physical clues or answers to questions, these officers should be able to detect suspicious behavior. The analysis will help determine if a passenger should go through additional screening. The program is based, in part, on the Israeli model of passenger screening. The GAO has examined this program and concludes it should be fully validated before used in airports throughout the United States. I hope I never have to answer a question for my daughter again about airplanes flying into buildings because of a terrorist attack. We are here today to make sure security is in place to prevent such questions and another tragedy. Finally, I would like to, again, thank the Massachusetts Port Authority for hosting this hearing. You would never know that we're in an airport terminal here today. You've just done a fantastic job putting this together. I want to thank all of the witnesses for being here and everybody attending this hearing. Thank you for your interest and your participation. [The statement of Mr. McCaul follows:] Prepared Statement of Chairman Michael T. McCaul The Committee on Homeland Security Subcommittee on Oversight, Investigations, and Management will come to order. The purpose of this hearing is to examine security at the General Edward Lawrence Logan International Airport. I appreciate the effort taken on behalf of all of those involved to have this important field hearing. This is an official Congressional hearing, as opposed to a town hall meeting, and as such, we must abide by certain rules of the Committee on Homeland Security and of the House of Representatives. I kindly wish to remind our guests today that demonstrations from the audience, including applause and verbal outbursts, as well as the use of signs or placards, are a violation of the Rules of the House of Representatives. It is important that we respect the decorum and the rules of this committee. I have also been requested to state that photography and cameras are limited to accredited press only. I now recognize myself for an opening statement. The morning of September 11, 2001, I remember watching television with one of my daughters and she asked ``why did that plane fly into the building?'' It was the second plane flying into the World Trade Center and at that point we knew it was no accident. America was under attack. There were a total of 2,996 deaths that day. It is estimated U.S. stocks lost $1.4 trillion in value. The United States went to war and we have lost thousands of men and women in the battle against terrorism. We continue to fight the terrorists and protect our homeland. The terrorists began this war by using our airports as launch pads. Over a period of 10 years we have spent billions of dollars to mitigate such a threat. However, the 9/11 Commission's tenth anniversary report card concludes ``we are still vulnerable to aviation security threats.'' Specifically the report states we need to improve screening at airport checkpoints using biometrics and standardize identification documents to make it more difficult to circumvent security. Additionally the attempted terrorist bombing of Northwest flight 253 on approach to Detroit on Christmas day 2009, provided a vivid reminder commercial aviation remains an attractive terrorist target and underscores the need for effective airport security. Our major airports now have multiple layers of security. Today's hearing will examine two of those layers; airport perimeter security, as well as new security measures being tested here at Logan International Airport in Boston. This airport has led the Nation in new techniques and innovative methods to prevent another 9/11 attack. Methods used by airports to control access vary because of differences in the design and layout, but all access controls must meet minimum performance standards established by The Transportation Security Administration. TSA requires airports to control access using methods such as pedestrian and vehicle gates, keypad access codes with personal identification numbers, magnetic stripe cards and readers, turnstiles, locks and keys, and security personnel. The Government Accountability Office 2009 report concludes there have been thousands of security breaches at airports around the country. Additionally, it has been reported a young man breached perimeter security at Charlotte/Douglas International Airport and hid in the wheel well of a passenger plane. His body was found along Boston airport's flight path. Department of Homeland Security Secretary Napolitano said, ``Clearly if somebody, a 16-year-old, is able to circumvent standards and requirements and get into the wheel well of a plane, there has been a breakdown.'' Although some of these breaches are accidental, some may represent dry runs by terrorists. The GAO examined airport perimeter security and concluded that TSA should develop a comprehensive risk assessment of airport security, and milestones for its completion; an evaluation plan for any future airport security pilot programs; and a National strategy for airport security that includes key characteristics, such as goals and priorities. Not only is perimeter security of special concern, but passenger screening is essential if we are to prevent another 9/11. TSA employees perform approximately 1.8 million screens a day, 2 million on holidays and have screened more than 6 billion travelers since September 2001. The methodology has not always been perfect. The sheer magnitude of this effort is certain to garner critics about the procedures. TSA is attempting to improve security by testing a new program designed to identify potentially dangerous passengers before they board aircraft. The Screening Passengers by Observation Technique (SPOT) originated at Boston Logan airport in 2003. SPOT is designed to utilize non-intrusive behavior observation and analysis to identify high-risk passengers who may be a threat. The Behavior Detection Program, a modification of SPOT, will have specially-trained agents question passengers and gauge their reaction before they board aircraft. Based on physical clues or answers to questions, these officers should be able to detect suspicious behavior. The analysis will help determine if a passenger should go through additional screening. The program is based in part on the Israeli model of passenger screening. The GAO has examined this program and concludes it should be fully validated before it is used in airports throughout the United States. I hope I never have to answer a question from my daughter again about planes flying into a building because of a terrorist attack. We are here today to make sure security is in place to prevent such questions and another tragedy. One final note; I would like to thank the Massachusetts Port Authority for hosting this hearing, all the witnesses present and especially my friend and colleague, Congressman Bill Keating for his insights about aviation security. With that I recognize the Ranking Member of the subcommittee, the gentleman from Massachusetts, Mr. Keating, for 5 minutes for the purpose of making an opening statement. Mr. McCaul. With that, I would like to recognize my good friend and colleague, the Ranking Member of the committee, Bill Keating. Mr. Keating. Thank you, Mr. Chairman. Now, last Sunday was a somber reminder of our lives, all of our lives, and the way that the tranquility that we had prior to that had been lost and lost forever, frankly. In the midst of our remembrance, there is still a great deal of struggle to comprehend exactly what led to the tragedy and how it could have been prevented. The fact of the matter is that, on September 11, 2001, our aviation security suffered a profound breach. This breach resulted in over 3,000 lives lost and a new understanding of what it means to be safe. We are living in a world where the reality has changed, and we know now that harm can strike at any moment on our own soil. Thereafter, many things have occurred. I think it's fitting and appropriate that the Committee on Homeland Security is here today at Logan Airport to examine the strides we've made in our aviation security since the terrible day of 9/11 and the steps we need to continue to take to ensure that we remain ahead of those who desire to attack us. I'd like to thank the MassPort Authority for their hospitality and their work in preparation for this hearing. I want to welcome two Michael McCauls. First, if I could, young Michael McCaul is here, 10 years old, and we welcome him to Boston. I also want to welcome Chairman Michael McCaul to Massachusetts. I'm happy to say that you're looking at two people who generally support the spirit of bipartisanship. Chairman McCaul's support was instrumental in conducting this hearing, and I thank him for that. Last month, I had the pleasure to travel to Houston to conduct a field hearing in Chairman McCaul's home State where we examined security procedures at the Port of Houston. Mr. Chairman, just as the lessons we learned at that hearing at the Port of Houston allowed me to better understand and address the issues of concern at the Port of Boston, I hope the procedures and pilot programs we'll examine here today at Logan Airport can one day be applied to airports Nation-wide. After all, Logan has become the gold standard for airports across the United States. The cooperation, security protocol, and technology employed here are impressive in every respect. Yet Logan's path to success originated in a place of sorrow when, a decade ago, terrorists chose this airport as one of their departure points in their quest to commit the most heinous terrorist attack to occur on U.S. soil. The devastating events of that day forever changed our Nation, and our security procedures have to adapt and change as well. On September 12, 2001, the leadership at Logan was faced with a choice, to remain frozen in time or to move forward and establish the reputation as one of the safest and most secure airports in the United States of America. To the benefit of all those who travel in and out of Logan, like I do each week, I'm pleased to say, they chose the latter. To date, Logan is the only airport in the country that conducts a daily security briefing that includes Federal, State, local law enforcement agencies, TSA, airport personnel, airlines, and MassPort staff. I had the opportunity to observe one of those briefings last June, and the high level of communication and cooperation that occurs here is truly outstanding. This type of intelligence sharing should be routine. Yet as we recently saw in the 9/11 Commission's latest report, it's one of the areas where our homeland security continues to lack efforts. I hope we learn today how you conduct it here, even weekends, 7 days a week, and how important that is, and hopefully, that can be a message that goes to every airport across the United States of America. Three weeks ago, Logan is the only airport in the country instituting an on-site Joint Terrorism Task Force. Furthermore, by December 31, 2002, Logan was the first and only major U.S. airport to meet the Federally-mandated deadline to have 100 percent in-line baggage screening for passengers. Today, as most people here heard, they're announcing the second generation of that kind of screening. In August 2006, the Massachusetts State Police started roadblocks to conduct random vehicle searches entering the airport premises. In March 2011, it became the first U.S. airport to fully implement full-body scanners. At least 1,000 new cameras are in place, including a pilot for a state-of-the- art 360-degree camera system that will improve video surveillance by leaps and bounds. These changes are laudable and should serve as the best practices Nation-wide. But through my time as Norfolk District Attorney and now in my capacity as Congressman for Massachusetts and a Ranking Member in this Homeland Security subcommittee, I'm particularly concerned about the lack of Nation-wide standards of perimeter security. That addresses fences, barriers, areas that surround airports. According to the GAO, in their 2009 report on the TSA, TSA hadn't conducted vulnerability assessments for 87 percent of the Nation's 450 commercial airports, nor has it developed a Nation-wide strategy that fully addresses perimeter security. The lack of adequate perimeter security could, in one of the worst-case scenarios, result in individuals with nefarious purposes accessing secure airport areas by simply climbing over a fence, and in some cases, overcoming even less of a barrier. This region has witnessed first-hand the devastating results that inadequate airport fencing can lead. In November 2010, the body of a 16-year-old tragically was found in Milton, Mass., Delvonte Tisdale from North Carolina. As a District Attorney, I was given the opportunity and the challenge to investigate that. Mr. Tisdale's case remains on-going. But investigators found that he breached the perimeter of a Charlotte Douglas Airport, gained access to an aircraft by climbing into and stowing away in the wheel well of a commercial airline and subsequently fell to his death as the aircraft made its final approach into Boston. Unfortunately, this is not an isolated incident. We hope today to learn what strides you've made here. We hope to share that knowledge Nation-wide. I truly thank all of you for taking the time to be with us this morning. Thank you, Mr. Chairman. I'll yield my time back. Mr. McCaul. I thank the Ranking Member, Mr. Keating. With that, I'm going to introduce the witnesses and look forward to hearing their testimony. First, we have Mr. Stephen Lord. He is the Director of Homeland Security and Justice Issues at the Government Accountability Office. He is responsible for overseeing and directing the GAO's various engagements on issues related to aviation and service transportation. In addition to holding a bachelor's degree from the University of Virginia, Mr. Lord holds an MBA from George Mason University and an M.S. in national security strategy from the National War College. Thank you, Mr. Lord, for being here today. Next, Mr. Chris McLaughlin. He is the Assistant Administrator for Security Operations at TSA at the U.S. Department of Homeland Security. He has over 10 years' experience in airport security, leadership, and operations management, as well as extensive experience in managing multimillion-dollar projects, developing operational plans and strategies, and improving operational and personnel performance. Mr. McLaughlin holds a B.A. from Connecticut College, where he graduated magna cum laude. Next we have Admiral George Naccara. He is the Federal Security Director for TSA at the Department of Homeland Security. Prior to his work at TSA, the Admiral served 33 years in the United States Coast Guard. Thank you for your service, Admiral. He holds a bachelor's degree from the U.S. Coast Guard Academy and a master's degree from Central Michigan University. Thank you for being here. Next, Mr. Edward Freni--am I pronouncing that right? Mr. Freni. Yes. Mr. McCaul. I apologize. He is director of aviation at the Massachusetts Port Authority. Mr. Freni has over 30 years of executive experience with Logan International Airport and American Airlines. Mr. Freni holds a bachelor of science degree from the Whittemore School of Business. Thank you so much for being here, and thanks for all you've done to make this airport safer. Major Michael Concannon is a 26-year veteran of the Massachusetts State Police. He currently serves as the commanding officer of Troop F at Boston Logan International Airport. In this capacity, he also serves as the director of aviation security for the Massachusetts Port Authority. He is a 1987 cum laude graduate of the University of Massachusetts at Lowell and a 1996 cum laude graduate of Suffolk University Law School. He was admitted to the Massachusetts Bar in December 1996. So I want to thank all of you for being here today. With that, I recognize our first witness, Mr. Lord. STATEMENT OF STEPHEN M. LORD, DIRECTOR, HOMELAND SECURITY AND JUSTICE ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE Mr. Lord. Chairman McCaul, Ranking Member Keating, thanks for inviting me here today to discuss aviation security issues. The first thing I'd like to note is, security and commercial aviation operations is difficult given the hundreds of airports, thousands of daily flights and millions of passengers streaming through airport checkpoints on a daily basis. I'd also like to note that TSA spends several billion dollars each year in this endeavor. Today, I'd like to discuss 2 of the 20 layers of aviation security. The first is, as you mentioned previously, TSA's Behavior Detection Program, also called SPOT. I'd also like to discuss various airport perimeter security issues. First, regarding TSA's Behavior Detection Program, we issued a major report on this program in May 2010. The bottom line of our report is, while DHS has made an effort to validate the science underlying the program, more actions are needed. Additional steps need to be taken to ensure its full validity. As we noted in the report, TSA deployed the program on a Nation-wide basis before first determining there was a valid scientific basis for the program. Earlier this year, April 2011, DHS completed an initial validation study. But the study itself made several important recommendations, additional actions that need to be taken to ensure it had a sound scientific basis. That was a positive step. But again, additional work is going to be needed to be taken to ensure its validity. Some of the recommendations made in this report mirrored the recommendations we made in our big report, such as doing a cost-benefit analysis to help guide its deployment. I'd also like to briefly highlight another important recommendation we made in our SPOT report, and that was to empower the Behavior Detection Officers to better link them to the intel databases that TSA has at its disposal. We thought those links could be improved, because we think it's really important to fuse the screening personnel with the intel process, sort of to help better connect the dots. As Representative McCaul mentioned, that was an important 9/11 Commission Act recommendation. In sum, while TSA has taken actions to address our report recommendations, additional steps are still going to need to be taken to ensure you can apply these behavior detection principles on large-scale in the airport environment. I'd now like to discuss some of the findings from our 2009 Report on Airport Perimeter Security. Now, first of all, I think it's important to recognize, TSA undertakes a whole host of activities to help secure airport perimeters and maintain effective access controls. They do random worker screening. They've expanded the requirements for name-based background checks. They're encouraging industry to adopt biometric security standards. However, at the time of our report, TSA had not completed a comprehensive risk assessment of airports. It's important to do a risk assessment, because that really helps you decide where to focus your resources. The risk assessment also that they did complete in July 2010 did not fully consider the potential vulnerabilities of a so-called insider attack, which TSA views as a significant threat. The good news is that the risk of an insider attack will be included in the next update TSA is doing later this year, which is due later this year. We also recommended that TSA consider making greater use of the so-called joint vulnerability assessments to identify airport vulnerabilities, and these are really an important tool in the TSA toolbox. In fact, we consider them the gold standard because they're rigorous, they're documented and they're completed with the FBI. The latest data shows, they've completed these at 17 percent of the Nation's airports. Again, just to clarify, we're not recommending that you need to do them for 100 percent of the airports, but we think it's an important tool that they could more effectively apply on a larger scale. Also one positive development I'd like to reflect is that they've recently developed a new tool to help assess airport vulnerabilities. It's called the Airport Security Self- Evaluation Tool, or ASSET, and this thing is just being rolled out. So I think over time, as they apply this to airports such as Boston, it will help Federal Security Directors, such as Mr. Naccara, to help get a better sense of where to focus their protective efforts. Mr. Chairman, Mr. Keating, this concludes my statement, and I look forward to answering any questions that you have. Thank you. [The statement of Mr. Lord follows:] Prepared Statement of Stephen M. Lord September 16, 2011 gao highlights Highlights of GAO-11-938T, a testimony before the Subcommittee on Oversight, Investigations, and Management, Committee on Homeland Security, House of Representatives. Why GAO Did This Study The attempted bombing of Northwest flight 253 in December 2009 underscores the need for effective aviation security programs. Aviation security remains a daunting challenge with hundreds of airports and thousands of flights daily carrying millions of passengers and pieces of checked baggage. The Department of Homeland Security's (DHS) Transportation Security Administration (TSA) has spent billions of dollars and implemented a wide range of aviation security initiatives. Two key layers of aviation security are: (1) TSA's Screening of Passengers by Observation Techniques (SPOT) program designed to identify persons who may pose a security risk; and (2) airport perimeter and access controls security. This testimony provides information on the extent to which TSA has taken actions to validate the scientific basis of SPOT and strengthen airport perimeter security. This statement is based on prior products GAO issued from September 2009 through September 2011 and selected updates in August and September 2011. To conduct the updates, GAO analyzed documents on TSA's progress in strengthening aviation security, among other things. What GAO Recommends GAO has made recommendations in prior work to strengthen TSA's SPOT program and airport perimeter and access control security efforts. DHS and TSA generally concurred with the recommendations and have actions under way to address them. aviation security: tsa has made progress, but additional efforts are needed to improve security What GAO Found DHS completed an initial study in April 2011 to validate the scientific basis of the SPOT program; however, additional work remains to fully validate the program. In May 2010, GAO reported that TSA deployed this program, which uses behavior observation and analysis techniques to identify potentially high-risk passengers, before determining whether there was a scientifically valid basis for using behavior and appearance indicators as a means for reliably identifying passengers who may pose a risk to the U.S. aviation system. TSA officials said that SPOT was deployed in response to potential threats, such as suicide bombers, and was based on scientific research available at the time. TSA is pilot testing revised program procedures at Boston- Logan airport in which behavior detection officers will engage passengers entering screening in casual conversation to help determine suspicious behaviors. TSA plans to expand this pilot program in the fall of 2011. GAO recommended in May 2010 that DHS, as part of its validation study, assess the methodology to help ensure the validity of the SPOT program. DHS concurred and stated that the study included an independent review with a broad range of agencies and experts. The study found that SPOT was more effective than random screening to varying degrees. However, DHS's study was not designed to fully validate whether behavior detection can be used to reliably identify individuals in an airport environment who pose a security risk. The study also noted that additional work was needed to comprehensively validate the program. TSA officials are assessing the actions needed to address the study's recommendations but do not have time frames for completing this work. In September 2009 GAO reported that since 2004 TSA has taken actions to strengthen airport perimeter and access controls security by, among other things, deploying a random worker screening program; however, TSA had not conducted a comprehensive risk assessment or developed a National strategy. Specifically, TSA had not conducted vulnerability assessments for 87 percent of the approximately 450 U.S. airports regulated for security by TSA in 2009. GAO recommended that TSA develop: (1) A comprehensive risk assessment and evaluate the need to conduct airport vulnerability assessments Nation-wide, and (2) a National strategy to guide efforts to strengthen airport security. DHS concurred and TSA stated that the Transportation Sector Security Risk Assessment, issued in July 2010, was to provide a comprehensive risk assessment of airport security. However, this assessment did not consider the potential vulnerabilities of airports to an insider attack--an attack from an airport worker with authorized access to secure areas. In August 2011, TSA reported that transportation security inspectors conduct vulnerability assessments annually at all commercial airports, including an evaluation of perimeter security. GAO has not yet assessed the extent to which inspectors consistently conduct vulnerability assessments. TSA also updated the Transportation Systems--Sector-Specific Plan, which summarizes airport security program activities. However, the extent to which these activities were guided by measurable goals and priorities, among other things, was not clear. Providing such additional information would better address GAO's recommendation. Chairman McCaul, Ranking Member Keating, and Members of the subcommittee: I appreciate the opportunity to participate in today's hearing at Boston-Logan International Airport to discuss two key layers of aviation security: The Transportation Security Administration's (TSA) behavior-based passenger screening program and airport perimeter and access controls.\1\ The attempted terrorist bombing of Northwest flight 253 on December 25, 2009, provided a vivid reminder that civil aviation remains an attractive terrorist target and underscores the need for effective passenger screening. According to the President's National Counterterrorism Strategy released in June 2011, aviation security and screening is an essential tool in the ability to detect, disrupt, and defeat plots to attack the homeland.\2\ --------------------------------------------------------------------------- \1\ TSA's behavior-based passenger screening program is known as the Screening of Passengers by Observation Techniques (SPOT) program. \2\ National Strategy for Counterterrorism (Washington, DC: June 28, 2011). --------------------------------------------------------------------------- Securing commercial aviation operations remains a daunting task-- with hundreds of airports, thousands of aircraft, and thousands of flights daily carrying millions of passengers and pieces of checked baggage. In the almost 10 years that have passed since TSA assumed responsibility for aviation security, TSA has spent billions of dollars and implemented a wide range of initiatives to strengthen the layers of aviation security. For fiscal year 2011, TSA had about 54,800 personnel and its budget authority was about $7.7 billion. However, risks to the aviation system remain. Earlier this month, we reported on the progress made in securing the aviation system in the 10 years since the September 11, 2001, attacks and the work that still remains.\3\ --------------------------------------------------------------------------- \3\ See GAO, Department of Homeland Security: Progress Made and Work Remaining In Implementing Homeland Security Missions 10 Years After 9/11, GAO-11-881 (Washington, DC: Sept. 7, 2011). --------------------------------------------------------------------------- In addition, while airport operators, not TSA, generally retain direct day-to-day operational responsibility for airport perimeter security and implementing access controls for secure areas of their airports, TSA has responsibility for establishing and implementing measures to improve security in these areas.\4\ Criminal incidents involving airport workers using their access privileges to smuggle weapons and drugs into secure areas and onto planes have heightened concerns about the risks posed by workers and the security of airport perimeters and access to secured areas. --------------------------------------------------------------------------- \4\ For the purposes of this testimony, ``secure area'' is used generally to refer to areas specified in an airport security program for which access is restricted, including the security identification display areas (SIDA), the air operations areas (AOA), and the sterile areas. While security measures governing access to such areas may vary, in general a SIDA is an area in which appropriate identification must be worn, an AOA is an area providing access to aircraft movement and parking areas, and a sterile area provides passengers access to boarding aircraft and where access is generally controlled by TSA or a private screening entity under TSA oversight. See 49 C.F.R. 1540.5. --------------------------------------------------------------------------- My statement today discusses the extent to which TSA has taken actions to: (1) Validate the scientific basis of its behavior-based passenger screening program (referred to as SPOT), and (2) strengthen the security of airport perimeters and access controls. This statement is based on our prior products issued from September 2009 through September 2011, and includes selected updates conducted in August and September 2011 on TSA's efforts to implement our prior recommendations regarding SPOT and airport perimeters and access to secure areas of airports.\5\ For our May 2010 report on SPOT, we reviewed relevant literature on behavior analysis by subject matter experts.\6\ We conducted field site visits to 15 TSA-regulated airports with SPOT to observe operations and meet with key program personnel.\7\ We also interviewed recognized experts in the field, as well as cognizant officials from other U.S. Government agencies that utilize behavior analysis in their work. For the updates, we analyzed documentation from TSA on the actions it has taken to implement the recommendations from our May 2010 report, including efforts to validate the scientific basis for the program. As part of our efforts to update this information, we analyzed DHS's April 2011 SPOT validation study and discussed its findings with cognizant DHS officials. For our September 2009 report on TSA efforts to secure airport perimeters and access controls, we examined TSA documents related to risk assessments, airport security programs, and risk management. We also interviewed TSA, airport, and industry association officials and conducted site visits at nine TSA-regulated airports of varying size.\8\ For the updates, we analyzed documentation from TSA on actions it has taken to implement recommendations from our 2009 report, including efforts to conduct a comprehensive risk assessment and evaluate the need to conduct an assessment of security vulnerabilities at airports Nation- wide, and to develop a National strategy for airport perimeters and access controls security that identifies key elements such as goals and priorities. As part of our efforts to update this information, we analyzed TSA data on the number of vulnerability assessments conducted at airports from fiscal year 2004 through July 1, 2011, by airport. More detailed information on our scope and methodology can be found in our prior reports. --------------------------------------------------------------------------- \5\ See GAO, Aviation Security: A National Strategy and Other Actions Would Strengthen TSA's Efforts to Secure Commercial Airport Perimeters and Access Controls, GAO-09-399 (Washington, DC: Sept. 30, 2009); Aviation Security: Efforts to Validate TSA's Passenger Screening Behavior Detection Program Underway, but Opportunities Exist to Strengthen Validation and Address Operational Challenges, GAO-10-763 (Washington, DC: May 20, 2010); Aviation Security: TSA Has Taken Actions to Improve Security, but Additional Efforts Remain, GAO-11-807T (Washington, DC: Jul. 13, 2011); and GAO-11-881. \6\ National Research Council, Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Assessment (Washington, DC: National Academies Press, 2008). The report's preparation was overseen by the National Academy of Sciences Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals. Although the report addresses broader issues related to privacy and data mining, a senior National Research Council official stated that the committee included behavior detection as a focus because any behavior detection program could have privacy implications. \7\ For the purposes of this testimony, the term ``TSA-regulated airport'' refers to a U.S. airport operating under a TSA-approved security program and subject to TSA regulation and oversight. See 49 C.F.R. pt. 1542. \8\ See GAO-09-399. --------------------------------------------------------------------------- All of our work was conducted in accordance with generally accepted Government auditing standards. background The Aviation and Transportation Security Act established TSA as the Federal agency with primary responsibility for securing the Nation's civil aviation system, which includes the screening of all passenger and property transported by commercial passenger aircraft.\9\ At the 463 TSA-regulated airports in the United States, prior to boarding an aircraft, all passengers, their accessible property, and their checked baggage are screened pursuant to TSA-established procedures, which include passengers passing through security checkpoints where they and their identification documents are checked by transportation security officers (TSO) and other TSA employees or by private-sector screeners under TSA's Screening Partnership Program.\10\ Airport operators, however, are directly responsible for implementing TSA security requirements, such as those relating to perimeter security and access controls, in accordance with their approved security programs and other TSA direction. --------------------------------------------------------------------------- \9\ See Pub. L. No. 107-71, 115 Stat. 597 (2001). For purposes of this testimony, ``commercial passenger aircraft'' refers to a U.S. or foreign-based air carrier operating under TSA-approved security programs with regularly scheduled passenger operations to or from a U.S. airport. \10\ Private-sector screeners under contract to and overseen by TSA, and not TSOs, perform screening activities at airports participating in TSA's Screening Partnership Program. See 49 U.S.C. 44920. According to TSA, 16 airports participated in the program as of July 2011. --------------------------------------------------------------------------- TSA relies upon multiple layers of security to deter, detect, and disrupt persons posing a potential risk to aviation security. These layers include behavior detection officers (BDO), who examine passenger behaviors and appearances to identify passengers who might pose a potential security risk at TSA-regulated airports;\11\ TSA has selectively deployed about 3,000 BDOs to 161 of 463 TSA-regulated airports in the United States, including Boston-Logan airport where the program was initially deployed in 2003. Other security layers include travel document checkers, who examine tickets, passports, and other forms of identification; TSOs responsible for screening passengers and their carry-on baggage at passenger checkpoints, using X-ray equipment, magnetometers, Advanced Imaging Technology, and other devices; random employee screening; and checked baggage screening systems.\12\ Additional layers cited by TSA include, among others, intelligence gathering and analysis; passenger prescreening against terrorist watch lists; random canine team searches at airports; Federal air marshals, who provide Federal law enforcement presence on selected flights operated by U.S. air carriers; Visible Intermodal Protection Response (VIPR) teams; reinforced cockpit doors; the passengers themselves; as well as other measures both visible and invisible to the public.\13\ Figure 1 shows TSA's layers of aviation security. TSA has also implemented a variety of programs and protective actions to strengthen airport perimeters and access to sensitive areas of the airport, including conducting additional employee background checks and assessing different biometric-identification technologies.\14\ Airport perimeter and access control security is intended to prevent unauthorized access into secure areas of an airport--either from outside or within the airport complex. --------------------------------------------------------------------------- \11\ TSA designed SPOT to provide BDOs with a means of identifying persons who may pose a potential security risk at TSA-regulated airports by focusing on behaviors and appearances that deviate from an established baseline and that may be indicative of stress, fear, or deception. \12\ Advanced Imaging Technology screens passengers for metallic and non-metallic threats including weapons, explosives, and other objects concealed under layers of clothing. \13\ Working alongside local security and law enforcement officials, VIPR teams conduct a variety of security tactics to introduce unpredictability and deter potential terrorist actions, including random high-visibility patrols at mass transit and passenger rail stations and conducting passenger and baggage screening operations using specially trained behavior detection officers and a varying combination of explosive detection canine teams and explosives detection technology. \14\ Biometrics are measurements of an individual's unique characteristics, such as fingerprints, irises, and facial characteristics, used to verify identity.
According to TSA, each one of these layers alone is capable of stopping a terrorist attack. TSA states that the security layers in combination multiply their value, creating a much stronger system, and that a terrorist who has to overcome multiple security layers to carry out an attack is more likely to be pre-empted, deterred, or to fail during the attempt. tsa has taken actions to validate the science underlying its behavior detection program, but more work remains We reported in May 2010 that TSA deployed SPOT Nation-wide before first determining whether there was a scientifically valid basis for using behavior and appearance indicators as a means for reliably identifying passengers who may pose a risk to the U.S. aviation system.\15\ DHS's Science and Technology Directorate completed a validation study in April 2011 to determine the extent to which SPOT was more effective than random screening at identifying security threats and how the program's behaviors correlate to identifying high- risk travelers.\16\ However, as noted in the study, the assessment was an initial validation step, but was not designed to fully validate whether behavior detection can be used to reliably identify individuals in an airport environment who pose a security risk. According to DHS, additional work will be needed to comprehensively validate the program. --------------------------------------------------------------------------- \15\ See GAO-10-763. \16\ See DHS, SPOT Referral Report Validation Study Final Report Volume I: Technical Report (Washington, DC: April 5, 2011). DHS's study defines high-risk passengers as travelers that knowingly and intentionally try to defeat the security process including those carrying serious prohibited items, such as weapons; illegal items, such as drugs; or fraudulent documents; or those that were ultimately arrested by law enforcement. --------------------------------------------------------------------------- According to TSA, SPOT was deployed before a scientific validation of the program was completed to help address potential threats to the aviation system, such as those posed by suicide bombers. TSA also stated that the program was based upon scientific research available at the time regarding human behaviors. We reported in May 2010 that approximately 14,000 passengers were referred to law enforcement officers under SPOT from May 2004 through August 2008.\17\ Of these passengers, 1,083 were arrested for various reasons, including being illegal aliens (39 percent), having outstanding warrants (19 percent), and possessing fraudulent documents (15 percent). The remaining 27 percent were arrested for other reasons. As noted in our May 2010 report, SPOT officials told us that it is not known if the SPOT program has resulted in the arrest of anyone who is a terrorist, or who was planning to engage in terrorist-related activity. According to TSA, in fiscal year 2010, SPOT referred about 50,000 passengers for additional screening and about 3,600 referrals to law enforcement officers. The referrals to law enforcement officers yielded approximately 300 arrests. Of these 300 arrests, TSA stated that 27 percent were illegal aliens, 17 percent were drug-related, 14 percent were related to fraudulent documents, 12 percent were related to outstanding warrants, and 30 percent were related to other offenses. DHS has requested about $254 million for fiscal year 2012 for the SPOT program, which would support an additional 350 (or 175 full-time equivalent) BDOs. If TSA receives its requested appropriation, TSA will be in a position to have invested about $1 billion in the SPOT program since fiscal year 2007. --------------------------------------------------------------------------- \17\ See GAO-10-763. --------------------------------------------------------------------------- According to TSA, as of August 2011, TSA is pilot testing revised procedures for BDOs at Boston-Logan airport to engage passengers entering screening in casual conversation to help determine suspicious behaviors. According to TSA, after a passenger's travel documents are verified, a BDO will briefly engage each passenger in conversation. If more information is needed to help determine suspicious behaviors, the officer will refer the passenger to a second BDO for a more thorough conversation to determine if additional screening is needed. TSA noted that these BDOs have received additional training in interviewing methods. TSA plans to expand this pilot program to additional airports in the fall of 2011. A 2008 report issued by the National Research Council of the National Academy of Sciences stated that the scientific evidence for behavioral monitoring is preliminary in nature.\18\ The report also noted that an information-based program, such as a behavior detection program, should first determine if a scientific foundation exists and use scientifically valid criteria to evaluate its effectiveness before deployment. The report added that such programs should have a sound experimental basis and that the documentation on the program's effectiveness should be reviewed by an independent entity capable of evaluating the supporting scientific evidence.\19\ According to the report, a terrorist's desire to avoid detection makes information- gathering techniques, such as asking what a person has done, is doing, or plans to do, highly unreliable. Using these techniques to elicit information could also have definite privacy implications. These findings, in particular, may be important as TSA moves forward with its pilot program to expand BDOs' use of conversation and interviews with all passengers entering screening. --------------------------------------------------------------------------- \18\ Specifically, the report states that the scientific support for linkages between behavioral and physiological markers and mental state is strongest for elementary states, such as simple emotions; weak for more complex states, such as deception; and nonexistent for highly complex states, such as when individuals hold terrorist intent and beliefs. \19\ A study performed by the JASON Program Office raised similar concerns. The JASON Program Office is an independent scientific advisory group that provides consulting services to the U.S. Government on matters of defense science and technology. --------------------------------------------------------------------------- As we reported in May 2010, an independent panel of experts could help DHS develop a comprehensive methodology to determine if the SPOT program is based on valid scientific principles that can be effectively applied in an airport environment for counterterrorism purposes. Thus, we recommended that the Secretary of Homeland Security convene an independent panel of experts to review the methodology of the validation study on the SPOT program being conducted to determine whether the study's methodology was sufficiently comprehensive to validate the SPOT program. We also recommended that this assessment include appropriate input from other Federal agencies with expertise in behavior detection and relevant subject matter experts.\20\ DHS concurred and stated that its validation study, completed in April 2011, included an independent review of the study with input from a broad range of Federal agencies and relevant experts, including those from academia. --------------------------------------------------------------------------- \20\ See GAO-10-763. --------------------------------------------------------------------------- DHS's validation study found that SPOT was more effective than random screening to varying degrees. For example, the study found that SPOT was more effective than random screening at identifying individuals who possessed fraudulent documents and identifying individuals who law enforcement officers ultimately arrested.\21\ However, DHS noted that the identification of such high-risk passengers was rare in both the SPOT and random tests. In addition, DHS determined that the base rate, or frequency, of SPOT behavioral indicators observed by TSA to detect suspicious passengers was very low and that these observed indicators were highly varied across the traveling public. Although details about DHS's findings related to these indicators are sensitive security information, the low base rate and high variability of traveler behaviors highlights the challenge that TSA faces in effectively implementing a standardized list of SPOT behavioral indicators. --------------------------------------------------------------------------- \21\ The extent to which SPOT is more effective than random at identifying fraudulent documents and individuals ultimately arrested by law enforcement officers is deemed sensitive security information by TSA. --------------------------------------------------------------------------- In addition, DHS outlined several limitations to the study. For example, the study noted that BDOs were aware of whether individuals they were screening were referred to them as the result of identified SPOT indicators or random selection. DHS stated that this had the potential to introduce bias into the assessment. DHS also noted that SPOT data from January 2006 through October 2010 were used in its analysis of behavioral indicators even though questions about the reliability of the data exist.\22\ In May 2010, we reported weaknesses in TSA's process for maintaining operational data from the SPOT program database. Specifically, the SPOT database did not have computerized edit checks built into the system to review the format, existence, and reasonableness of data. In another example, BDOs could not input all behaviors observed in the SPOT database because the database limited entry to eight behaviors, six signs of deception, and four types of prohibited items per passenger referred for additional screening. Because of these data-related issues, we reported that meaningful analyses could not be conducted at that time to determine if there is an association between certain behaviors and the likelihood that a person displaying certain behaviors would be referred to a law enforcement officer or whether any behavior or combination of behaviors could be used to distinguish deceptive from nondeceptive individuals. In our May 2010 report, we recommended that TSA establish controls for this SPOT data. DHS agreed and TSA has established additional data controls as part of its database upgrade. However, some of DHS's analysis for this study used SPOT data recorded prior to these additional controls being implemented. --------------------------------------------------------------------------- \22\ DHS officials stated that this historical SPOT data was not used in their analysis to determine whether SPOT was more effective than random screening. --------------------------------------------------------------------------- The study also noted that it was not designed to comprehensively validate whether SPOT can be used to reliably identify individuals in an airport environment who pose a security risk. The DHS study made recommendations related to strengthening the program and conducting a more comprehensive validation of whether the science can be used for counterterrorism purposes in the aviation environment.\23\ Some of these recommendations, such as the need for a comprehensive program evaluation including a cost-benefit analysis, reiterate recommendations made in our May 2010 report. TSA is currently reviewing the study's findings and assessing the steps needed to address DHS's recommendations but does not have time frames for completing this work. If TSA decides to implement the recommendations in the April 2011 DHS validation study, DHS may be years away from knowing whether there is a scientifically valid basis for using behavior detection techniques to help secure the aviation system against terrorist threats given the broad scope of the additional work and related resources identified by DHS for addressing the recommendations. Thus, as we reported in March 2011, Congress may wish to consider the study's results in making future funding decisions regarding the program.\24\ --------------------------------------------------------------------------- \23\ The study made recommendations related to SPOT in three areas: (1) Future validation efforts; (2) comparing SPOT with other screening programs; and (3) broader program evaluation issues. TSA designated the specific details of these recommendations sensitive security information. \24\ See GAO, Opportunities to Reduce Potential Duplication in Government Programs, Save Tax Dollars, and Enhance Revenue, GAO-11- 318SP (Washington, DC: Mar. 1, 2011). --------------------------------------------------------------------------- tsa has taken actions to strengthen airport perimeter and access controls security, but issues remain We reported in September 2009 that TSA has implemented a variety of programs and actions since 2004 to improve and strengthen airport perimeter and access controls security, including strengthening worker screening and improving access control technology.\25\ For example, to better address the risks posed by airport workers, in 2007 TSA implemented a random worker screening program that was used to enforce access procedures, such as ensuring workers display appropriate credentials and do not possess unauthorized items when entering secure areas. According to TSA officials, this program was developed to help counteract the potential vulnerability of airports to an insider attack--an attack from an airport worker with authorized access to secure areas. TSA has also expanded its requirements for conducting worker background checks and the population of individuals who are subject to these checks. For example, in 2007 TSA expanded requirements for name-based checks to all individuals seeking or holding airport- issued identification badges and in 2009 began requiring airports to renew all airport-identification media every 2 years. TSA also reported taking actions to identify and assess technologies to strengthen airport perimeter and access controls security, such as assisting the aviation industry and a Federal aviation advisory committee in developing security standards for biometric access controls. --------------------------------------------------------------------------- \25\ GAO-09-399. --------------------------------------------------------------------------- However, we reported in September 2009 that while TSA has taken actions to assess risk with respect to airport perimeter and access controls security, it had not conducted a comprehensive risk assessment based on assessments of threats, vulnerabilities, and consequences, as required by DHS's National Infrastructure Protection Plan (NIPP).\26\ We further reported that without a full depiction of threats, vulnerabilities, and consequences, an organization's ability to establish priorities and make cost-effective security decisions is limited.\27\ We recommended that TSA develop a comprehensive risk assessment, along with milestones for completing the assessment. DHS concurred with our recommendation and said it would include an assessment of airport perimeter and access control security risks as part of a comprehensive assessment for the transportation sector--the Transportation Sector Security Risk Assessment (TSSRA). The TSSRA, published in July 2010, included an assessment of various risk-based scenarios related to airport perimeter security but did not consider the potential vulnerabilities of airports to an insider attack--the insider threat--which it recognized as a significant issue. In July 2011, TSA officials told us that the agency is developing a framework for insider risk that is to be included in the next iteration of the assessment, which TSA expected to be released at the end of calendar year 2011. Such action, if taken, would meet the intent of our recommendation. --------------------------------------------------------------------------- \26\ GAO-09-399. DHS developed the NIPP to guide risk assessment efforts and the protection of the Nation's critical infrastructure, including airports. \27\ See GAO, Transportation Security: Comprehensive Risk Assessments and Stronger Internal Controls Needed to Help Inform TSA Resource Allocation, GAO-09-492 (Washington, DC: Mar. 27, 2009). --------------------------------------------------------------------------- We also recommended that, as part of a comprehensive risk assessment of airport perimeter and access controls security, TSA evaluate the need to conduct an assessment of security vulnerabilities at airports Nation-wide.\28\ At the time of our review, TSA told us its primary measures for assessing the vulnerability of airports to attack were professional judgment and the collective results of joint vulnerability assessments (JVA) it conducts with the Federal Bureau of Investigation (FBI) for select--usually high-risk--airports.\29\ Our analysis of TSA data showed that from fiscal years 2004 through 2008, TSA conducted JVAs at about 13 percent of the approximately 450 TSA- regulated airports that existed at that time, thus leaving about 87 percent of airports unassessed.\30\ TSA has characterized U.S. airports as an interdependent system in which the security of all is affected or disrupted by the security of the weakest link. However, we reported that TSA officials could not explain to what extent the collective JVAs of specific airports constituted a reasonable systems-based assessment of vulnerability across airports Nation-wide. Moreover, TSA officials said that they did not know to what extent the 87 percent of commercial airports that had not received a JVA as of September 2009--most of which were smaller airports--were vulnerable to an intentional security breach. DHS concurred with our 2009 report recommendation to assess the need for a vulnerability assessment of airports Nation-wide, and TSA officials stated that based on our review they intended to increase the number of JVAs conducted at Category II, III, and IV airports and use the resulting data to assist in prioritizing the allocation of limited resources. Our analysis of TSA data showed that from fiscal year 2004 through July 1, 2011, TSA conducted JVAs at about 17 percent of the TSA-regulated airports that existed at that time, thus leaving about 83 percent of airports unassessed.\31\ --------------------------------------------------------------------------- \28\ GAO-09-399. \29\ According to TSA officials, JVAs are assessments that teams of TSA special agents and other officials conduct jointly with the FBI, generally, as required by law, every 3 years for airports identified as high-risk. See 49 U.S.C. 44904(a)-(b). See also Pub. L. No. 104-264, 310, 110 Stat. 3213, 3253 (1996) (establishing the requirement that the Federal Aviation Administration (FAA) and the FBI conduct joint threat and vulnerability assessments every 3 years, or more frequently, as necessary, at each airport determined to be high-risk). Pursuant to ATSA, responsibility for conducting JVAs transferred from FAA to TSA. For more information on this issue, see GAO-09-399. \30\ From fiscal years 2004 through 2008 TSA conducted 67 JVAs at a total of 57 airports; 10 airports received 2 JVAs. TSA classifies the Nation's airports into one of five categories (X, I, II, III, and IV) based on various factors such as the number of take-offs and landings annually, the extent of passenger screening at the airport, and other security considerations. In general, Category X airports have the largest number of passenger boardings and Category IV airports have the smallest. According to TSA data, of the 67 JVAs conducted at 57 airports from fiscal years 2004 through 2008, 58--or 87 percent--were Category X and I airports. Of the remaining 9 assessments, 6 were at Category II airports, 1 at a Category III airport, and 2 at Category IV airports. Since our September 2009 report was issued, the number of TSA-regulated airports has increased from approximately 450 to 463. \31\ From fiscal year 2004 through July 1, 2011, TSA conducted 125 JVAs at 78 airports; 47 airports received more than one JVA during this period. --------------------------------------------------------------------------- Since we issued our report in September 2009, TSA had not conducted JVAs at Category III and IV airports.\32\ TSA stated that the TSSRA is to provide a comprehensive risk assessment of airport security, but could not tell us to what extent it has studied the need to conduct JVAs of security vulnerabilities at airports Nation-wide. Additionally, in August 2011 TSA reported that its National inspection program requires that transportation security inspectors conduct vulnerability assessments at all commercial airports, which are based on the joint vulnerability assessment model. According to TSA, every commercial airport in the United States receives a security assessment each year, including an evaluation of perimeter security and access controls. We have not yet assessed the extent to which transportation security inspectors consistently conduct vulnerability assessments based on the joint vulnerability model. Providing additional information on how and to what extent such security assessments have been performed would more fully address our recommendation. --------------------------------------------------------------------------- \32\ From fiscal year 2009 through July 1, 2011, TSA conducted 58 JVAs at a total of 56 airports; 2 airports received 2 JVAs. According to TSA data, of the 58 JVAs conducted, 47--or 88 percent--were at Category X and I airports; 7-12 percent--were conducted at Category II airports. TSA officials told us that since our report in September 2009 they have initiated a semi-annual report process that, in part, included a data analysis of the JVAs conducted at airports for the prior 6 months. The semi-annual report focuses on airport perimeter, terminal, critical infrastructure, airport operations, and airport services. Beginning in fiscal year 2011 the reports are to be developed on an annual basis. The reports are also used to direct future JVA efforts. --------------------------------------------------------------------------- We also reported in September 2009 that TSA's efforts to enhance the security of the Nation's airports have not been guided by a National strategy that identifies key elements, such as goals, priorities, performance measures, and required resources.\33\ To better ensure that airport stakeholders take a unified approach to airport security, we recommended that TSA develop a National strategy for airport security that incorporates key characteristics of effective security strategies, such as measurable goals and priorities. DHS concurred with this recommendation and stated that TSA would implement it by updating the Transportation Systems--Sector Specific Plan (TS- SSP), to be released in the summer of 2010.\34\ TSA provided a copy of the updated plan to Congressional committees in June 2011 and to us in August 2011. We reviewed this plan and its accompanying aviation model annex and found that while the plan provided a high-level summary of program activities for addressing airport security such as the screening of workers, the extent to which these efforts would be guided by measurable goals and priorities, among other things, was not clear. Providing such additional information would better address the intent of our recommendation. --------------------------------------------------------------------------- \33\ GAO-09-399. \34\ TSA developed the TS-SSP to conform to NIPP requirements, which required sector-specific agencies to develop strategic risk management frameworks for their sectors that aligned with NIPP guidance. --------------------------------------------------------------------------- Chairman McCaul, Ranking Member Keating, and Members of the subcommittee, this concludes my statement. I look forward to answering any questions that you may have at this time. Mr. McCaul. Thank you, again, Mr. Lord. The Chairman now recognizes Mr. McLaughlin for his testimony. STATEMENT OF CHRIS MC LAUGHLIN, ASSISTANT ADMINISTRATOR FOR SECURITY OPERATIONS, TRANSPORTATION SECURITY ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY Mr. McLaughlin. Good morning, Chairman McCaul and Ranking Member Keating. I'm pleased to appear before you today to discuss aspects of the Transportation Security Administration's security operations at U.S. commercial airports. I will restrict my comments to broader TSA policies and objectives while Federal Security Director Naccara will address issues and initiatives specific to Boston Logan International Airport. As you know, the Aviation and Transportation Security Act, or ATSA, authorized TSA to work with U.S. airports and operators to strengthen security at access and critical control points throughout the United States. While TSA's aviation security standards provide a foundation for a comprehensive National program, the distinctive footprint, location, and requirements of each airport require each facility to have its own airport security program. TSA secures commercial airports through a variety of programs. The programs most familiar to the traveling public include passenger screening operations conducted by Transportation Security Officers at security checkpoints, carry-on and checked baggage screening, and the Secure Flight Program which fulfills a key 9/11 Commission recommendation to implement a uniform watchlist matching program for all passengers traveling from, within, or bound for United States against names on Government terrorist watch lists. Other layers of security play an equally important role and focus on preventing and detecting the unauthorized entry, presence, and movement of individuals and ground vehicles into and within the secured and airport operations areas of an airport. TSA maintains random and unpredictable security measures that may be employed at direct access points and airport perimeters, including vehicle inspections, explosive trace detection, enhanced screening, accessible property searches, as well as behavior detection. As required by statute, TSA proscribes procedures for screening individuals, inspecting goods, property, vehicles, and other equipment before entering into the secure area of an airport. These procedures safeguard against unauthorized persons having access to aircraft, thereby reducing opportunities for criminal behavior. These safeguards also help ensure the safety and integrity of other individuals involved in aviation, including aircraft service providers and workers involved in catering and passenger amenities on-board aircraft. Like-wise, TSA requires security access programs for vendors with direct access to airfields and aircraft. Ultimately, the airport authority is responsible for abiding by the perimeter security regulations set by TSA and must establish procedures for its personnel and resources. TSA also conducts airport inspections to enhance security and mitigate risk associated with perimeter security. These include joint vulnerability assessments as well as regulatory special emphasis inspections that focus on specific aspects of the operation and the testing of airport access control processes. Based upon the results of these inspections and assessments, TSA develops mitigation strategies to enhance an airport's security posture and determine if any changes are required. To counter the potential risk to perimeter security, TSA also deploys Transportation Security Inspectors to help determine whether airport operators are complying with TSA regulations and the airport's ASP. TSIs focus their assessments on security throughout the airport environments ranging from the curbside of the airport to the outermost perimeter fences. TSIs can recommend that civil penalties be assessed by TSA when repeated or egregious instances of noncompliance of regulations and security procedures are discovered. Earlier this year, TSA initiated a special emphasis assessment and a special emphasis inspection of all Category X and I through IV airports evaluating perimeter security, including fencing, nonfence, manmade barriers, natural barriers, CCTV, electronic intrusion and motion detection devices and other barriers. Assessments are complete at all Cat X and I airports and the remaining airport assessments are expected to be completed later this month. TSA's goal at all times is to maximize transportation security and stay ahead of evolving terrorist threats while protecting passengers' privacy and facilitating the efficient flow of travelers and legitimate commerce. I want to thank the subcommittee for this opportunity to speak to you today and discuss these important issues, and I'm happy to answer any questions that you might have. [The joint prepared statement of Mr. McLaughlin and Admiral Naccara follows:] Joint Prepared Statement of Christopher McLaughlin and George Naccara September 16, 2011 Good morning, Chairman McCaul, Ranking Member Keating, and distinguished Members of the subcommittee. We are pleased to appear before you today to discuss the Transportation Security Administration's (TSA) security operations at U.S. commercial airports and to address any questions you may have about security at Logan International Airport (BOS) in particular. As you know, the Aviation and Transportation Security Act (ATSA), (Pub. L. 107-71), authorized TSA to work with U.S. airport operators to strengthen security at access and critical control points throughout the United States to maximize the security of passengers and aircraft. While TSA's aviation security standards provide a foundation for a comprehensive National aviation security program, the distinctive footprint, location, and requirements of each airport require each facility to have its own Airport Security Program (ASP). The ASP at Logan Airport incorporates specific security elements including perimeter security measures, addressing the prevention and detection of the unauthorized entry, presence, and movement of individuals and vehicles into and within secured areas that may be unique to Logan. tsa's primary mission: preventing terrorism and enhancing security TSA secures our Nation's commercial airports through a variety of programs. The programs most familiar to the traveling public include passenger screening operations conducted by Transportation Security Officers (TSOs) at security checkpoints; carry-on and checked baggage screening; and the Secure Flight program, which fulfills a key 9/11 Commission recommendation to implement a uniform watch list matching program for all passengers traveling from, within, or bound for the United States against names on Government terrorist watch lists. Other layers of security play an equally important role in safeguarding our Nation against terrorist threats. These additional layers include the prevention and detection of unauthorized entry, presence, and movement of individuals and ground vehicles into, and within, the secured and Airport Operations Areas (AOA) of an airport. TSA's risk-based and intelligence-driven Security Playbook program strengthens the transportation security environment by increasing unpredictability and providing additional layers of security. This program employs security measures at direct access points and airport perimeters and uses a variety of resources and equipment to conduct screening of individuals and vehicles entering the secured area. Examples of the security measures that may be employed at direct access points and airport perimeters include: Vehicle inspections, explosives trace detection of individuals and property, enhanced screening, accessible property searches, and identification/media verifications, as well as behavior detection. behavior detection pilot program at bos TSA has long recognized the value of a layered, threat-based approach to transportation security and the need to focus more of our resources on people we know less about who potentially pose a threat to aviation security. As part of its on-going commitment to implement risk-based security measures, TSA is conducting a pilot program at BOS designed to assess the expanded use of behavior detection in the airport screening process. Extensive research indicates behavior analysis and interviewing are effective methods for detecting hostile intent and potential high-risk individuals. TSA's own behavior detection program, the Screening of Passengers by Observation Techniques (SPOT) program-- whose indicators have been scientifically validated through research conducted by the DHS Science and Technology Directorate--revealed that behavior detection was effective for identifying persons attempting to defeat the screening process. BOS was the first airport in the country to implement the agency's SPOT program, which is now employed at more than 160 airports Nation-wide. As part of the pilot, TSA is utilizing specially trained and certified Behavior Detection Officers (BDOs) who are focusing on increased passenger interactions and behavior analysis in conjunction with boarding pass and identification review at the entrance to the checkpoint. The advanced training the officers receive includes both classroom and on-the-job training designed to enhance their communication skills to engage in conversations with passengers to determine whether they pose a threat to transportation security. Although the vast majority of passengers will experience a casual greeting conversation with the BDO as they begin the security checkpoint screening process, a small number of passengers may be selected for an extended, but still limited, conversation and possibly for additional screening. The goal of this pilot is to understand how behavior detection can be used to improve both the effectiveness of transportation security and the passenger experience. TSA will evaluate how this pilot program impacts security, screening operations and passenger throughput, among other things, and these results will help determine how the agency proceeds with the program. collaboration: an essential component of security at bos Collaboration is an essential component of transportation security. Since its creation, TSA has engaged Massport, the Massachusetts State Police, and the airline carriers in a cooperative and complementary effort to enhance security throughout Logan Airport, best exemplified by the daily morning security briefing. At this meeting, we discuss incidents of the previous day, new security measures, and plans for the coming days and weeks. It is an opportunity for everyone to share their views and concerns to reach a common understanding of roles and responsibilities. Some of the tangible results arising from the cooperative atmosphere include:
Massport and the State Police partnership with TSA assets to develop and execute ``plays'' that deploy varying security measures on a random basis throughout the terminals and the secure areas of the airport; In the event of an incident, TSA, Massport, State Police, and the affected carriers convene an immediate conference call to determine the facts, assess the risk, and jointly decide on a course of action to resolve the matter with as little disruption as possible to the continued operation of the airport; TSA and Massport have worked together to improve Closed Circuit Television (CCTV) coverage of the airport's critical areas, providing TSA officials with real-time access to all of the camera views from within TSA offices; and Cooperation extends across the Federal level as well, as illustrated by the creation of the Nation's first airport-based counterterrorism office. DHS components, including TSA, U.S. Customs and Border Protection (CBP), and U.S. Immigration and Customs Enforcement (ICE) will work at the FBI's newly-opened Joint Terrorism Task Force (JTTF) office at Logan Airport to improve communications on security-related tasks. perimeter security: a shared responsibility As required by statute, TSA prescribes procedures for screening individuals, and inspecting goods, property, vehicles, and other equipment before entry into the secured area of an airport. These security access regulations, directives, and procedures safeguard against unauthorized persons having access to aircraft, thereby reducing opportunities for criminal violence, sabotage, or other destructive acts. These safeguards help to ensure the safety and integrity of individuals involved in the aviation domain, including aircraft service providers and workers involved in catering and passenger amenities on-board aircraft. Similarly, TSA requires security access programs for vendors with direct access to airfields and aircraft. Ultimately, the airport authority is responsible for abiding by the perimeter security regulations set by TSA and must establish procedures for its personnel and resources, which may include law enforcement personnel, to ensure compliance with the regulatory requirements. transportation security inspectors monitor compliance TSA conducts on-going and comprehensive airport inspections to enhance security and mitigate risk associated with perimeter integrity, including Joint Vulnerability Assessments, conducted with the Federal Bureau of Investigations (FBI), regulatory Special Emphasis Inspections (SEIs) that focus on specific aspects of operations, and the testing of access control processes at airports. Based upon the results of these inspections and assessments, TSA develops mitigation strategies that enhance an airport's security posture and determines if any changes are required. TSA collaborates with airport operators to identify effective practices across the industry regarding access control and perimeter security. To counter the potential risks to perimeter security, TSA deploys Transportation Security Inspectors (TSIs) to help determine whether airport operators are complying with all aspects of TSA regulations and the airport's ASP, as well as to provide strategic oversight regarding an airport's compliance status. The collaborative effort between TSA and the airport results in security enhancements to the airport and, where appropriate, amendments to the airport's ASP. TSIs focus their assessments on security throughout the airport environments, ranging from the curbside of the airport to the outermost perimeter fence along the edge of the airport property. Regional Security Inspectors (RSIs) located at TSA headquarters also conduct annual and periodic oversight assessments of inspection activity for air carrier and airport facilities at Category X, I, and II airports. TSIs can recommend that civil penalties be assessed by TSA when repeated or egregious instances of noncompliance with regulations and security procedures are discovered. Earlier this year, TSA's Office of Security Operations--Compliance Programs initiated a Special Emphasis Assessment (SEA) and an SEI of all Category X and Category I through IV airports, evaluating perimeter security, including fencing, non-fenced man-made barriers, natural barriers, CCTV, electronic intrusion and motion detection devices, and other barriers. Assessments are complete for all Category X and I airports and the remaining airport assessments are expected to be completed later this month. conclusion TSA's goal, at all times, is to maximize transportation security and stay ahead of evolving terrorist threats while protecting passengers' privacy and facilitating the efficient flow of travelers and legitimate commerce. We want to thank the subcommittee for the opportunity to discuss this important issue with you today and we are happy to answer any questions you may have. Mr. McCaul. Thank you, Mr. McLaughlin. The Chairman now recognizes Admiral Naccara for his testimony. STATEMENT OF ADMIRAL GEORGE NACCARA (RET.), FEDERAL SECURITY DIRECTOR, TRANSPORTATION SECURITY ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY Admiral Naccara. Good morning, Chairman McCaul and Ranking Member Keating. As my colleague, Chris McLaughlin, stated, I will now discuss TSA initiatives that are specific to security operations at Boston Logan Airport. TSA has long recognized the value of a layered threat-based approach to transportation security and the need to focus more of our resources on people we know less about who may pose a threat to aviation security. As part of its on-going commitment to implement risk-based security measures, TSA is conducting a Proof of Concept here in Boston to assess the value of expanding behavior detection in the airport screening process. Extensive research indicates this process is effective for detecting hostile intent and potential high-risk individuals. TSA's Behavior Detection Program, as you mentioned earlier, sir, the Screening of Passengers by Observation Technique, also known as SPOT, reveal that behavior detection was effective for helping identify persons attempting to defeat the screening process. Logan Airport was the first airport in the country to implement the agency's SPOT program, which is now employed at over 160 airports Nation-wide. As part of this Proof of Concept, TSA is using specially trained and certified Behavior Detection Officers, called BDOs, who are focusing their efforts on passenger interactions and behavior analysis. This is also being done in conjunction with boarding pass and identification review at the entrance through the checkpoints. The advanced training the officers receive includes both classroom and on-the-job training, and they are designed to enhance their communication skills to engage in conversations with passengers to determine whether they may pose a threat to transportation security. Although the vast majority of passengers will experience a casual conversation with our BDOs, a small number of passengers may be selected for an extended but still limited conversation and some possibly for additional screening. The goal of this Proof of Concept is to understand how behavior detection can be used to improve the effectiveness and efficiency of transportation security and also the passenger experience. We will evaluate how this Proof of Concept impacts security screening operations and passenger throughput, among other things, and these results will help us determine how the agency proceeds with the program. Now, I would like to describe how we are cooperating with our other essential partners at the local level to closely coordinate our security efforts. As you mentioned before, collaboration is essential to strengthening transportation security. Since its creation, TSA has engaged MassPort, the State police, and the airline carriers here to enhance security throughout Logan Airport, best exemplified by our daily morning briefing. As an explanation, at this briefing, we discuss incidents of the previous day, new security measures, as well as longer- term plans for the coming days and weeks. It is an opportunity for everyone in the security environment to share their views and concerns and to reach a common understanding of our roles and responsibilities in respect to security. Many positive tangible results arose from this cooperative atmosphere, including a partnership with MassPort, the State police, and TSA to develop and execute plays that deploy varying security measures on a random basis throughout the terminals and secure areas of the airport allowing us to address vulnerabilities heretofore unaddressed. In the case of a security incident, TSA, MassPort, State police and the affected carriers immediately convene a conference call to determine the facts, to assess the risks and to collaboratively decide on a course of action to resolve the matter with as little disruption to traffic as possible. TSA and MassPort have also worked together to improve the closed circuit TV coverage of the airport's critical areas, providing TSA officials and airport officials with real-time access to all available cameras in the airport. This cooperation also extends across the Federal level as illustrated by the creation of the Nation's first airport-based counterterrorism office, as you've mentioned before. In that office, several DHS components, including TSA, the Customs and Border Protection, Immigration and Customs Enforcement, will all work with FBI's newly-opened Joint Terrorism Task Force office at Logan Airport. We will certainly improve communications, and this will also enhance intelligence sharing. Thank you for your time, and I look forward to answering any questions that you may have, sir. Mr. McCaul. Thank you, Admiral. The Chairman now recognizes Mr. Freni for his testimony. STATEMENT OF EDWARD C. FRENI, DIRECTOR OF AVIATION, MASSACHUSETTS PORT AUTHORITY Mr. Freni. Chairman McCaul, Ranking Member Keating, welcome to Boston Logan International Airport. I want to thank you for giving us the opportunity to describe some of the measures that we've taken at Logan Airport to emerge from the tragedy of 9/11 into an airport recognized by both the Federal Government and our peers in the airport industry as a National leader in aviation security. For the record, my name is Edward C. Freni, and I'm Director of Aviation for the Massachusetts Port Authority which owns and operates Logan Airport as well as Worcester Regional Airport and Hanscom Field in Bedford. Last Sunday, America marked the 10th anniversary of the worst terrorist attack on this country in our history. More than 3,000 of our fellow Americans, as well as many citizens from other nations, were brutally killed in New York City, Washington, DC, and in a remote field in rural Pennsylvania. One hundred and forty seven of those fatalities were from Logan Airport, as two flights departing Boston for Los Angeles on the morning of September 11, 2001, American Airlines Flight 11 and United Airlines Flight 175, were commandeered by terrorists and used to attack New York's World Trade Center towers. Logan is a place where the scars left by the 9/11 attacks ``still run deep,'' as security expert Stephen Flynn said, accurately, as I can attest. September 11 had a profound impact on MassPort. Since that fateful day, MassPort has implemented an aggressive program of smart and focused security initiatives to strengthen defenses against potential threats. In the days and months following the attacks of 9/11, MassPort has worked tirelessly to implement strategies, policies, and programs suggested by security experts in the industry. MassPort continues to explore new technologies and ideas in order to maintain our status as a security innovator. Logan responded to that challenge and is now recognized as a National leader in aviation security. Logan is frequently chosen by the TSA and the Department of Homeland Security to pilot new techniques and technologies before they're installed and implemented Nation-wide. Behavioral pattern recognition surveillance techniques were pioneered by our State police here at Logan. The TSA took note of this new technique, which is an adopted version of methods used by the Israelis to spot terrorists using information derived from observed behavior rather than racial or ethnic categories and transformed it into a National program that TSA calls SPOT. Today, the TSA is again recognizing Logan's appreciation of this behavior approach by using us as their initial test site for risk-based screening using specially trained behavior assessors who ask passengers a short list of questions to help them determine if passengers might be pursuing a hostile agenda. Logan was the first airport in the country to meet the 2002 Congressional mandate for 100 percent baggage screening when we completed on time an automated in-line system of screening all checked baggage. MassPort is also a leader in evaluating new transportation security technologies on its own. To help weigh the effectiveness of new technologies, MassPort's Office of Corporate Security created the Transportation Security Center of Excellence that invites inventors, vendors of emerging technologies to test their products at MassPort's airport and Seaport facilities. Logan also tries to make security everyone's business, from the CEO to the front-line ticket agents and baggage handlers. We've even badged and deputized the clammers who fish in the mudflats off Logan's runway ends, recruiting them to be an additional set of eyes and ears, reporting suspicious activity out there in our vulnerable airport perimeter. But the most significant improvement we've made toward keeping our airports and the flying public safer and more secure is the communication, coordination, and close working partnerships that now exist between agencies who have met every day since 9/11 to review the latest information and intelligence together and to plan an appropriate response for that day. MassPort's daily 8:30 morning security meeting bringing together all agencies with security responsibilities is well-known throughout the industry. For the sake of simplicity, Logan Airport's response after 9/11 can be grouped under three broad categories. First were steps to physically harden Logan Airport and our other airport and seaport facilities against the possibility of their being a target of direct terrorist attack such as a suicide bombing. Under this category, I must include the consolidation of 11 points of access to Logan airfield pre-9/11 into just 2 heavily fortified, military-style security gates post-9/11 capable of withstanding an attempted breach from even a heavy vehicle. Second are the technological innovations we've made to the airport's security. Here I would like to include our baggage screening system, the biometric controlled access systems and surveillance cameras that we've installed, as well as the technologies we field-tested in real-time real-life settings including those screening technologies we pilot-tested for the TSA. Third are the steps we've taken to marshal and better organize the human assets that protect this airport. That includes everything from the Massachusetts State Troopers from Troop F who patrol Logan's terminals to the Sky Caps who work the terminal curbsides. There is an old saying that goes, ``You can't manage what you can't measure.'' Also unique to Logan is the development and use of over 200 line items of security metrics that help MassPort manage its multi-million dollar security program. Our metrics enable us to achieve a high level of visibility on the performance of all our security program components and track their performance over time by comparing performance year over year. This has lead to many improvements such as the camera surveillance program current metric that no camera is out of service more than 24 hours on average. Hardening Potential Targets: Let me begin with some of the steps we took physically to harden Logan Airport as a future terrorist attack. I've already mentioned the restricted access to the Logan airfield that now exists with a single heavily fortified gate at both the northern and southern ends of the airfield. In addition, Logan erected pillars, concrete barriers in front of every terminal to prevent a terrorist from driving a bomb into the airport. We also replaced its 8-foot-high chain- link fence around the perimeter to a 10-foot-high concrete wall. After 9/11, MassPort's security organization was thoroughly reviewed and analysis was completed of all of the procedures currently in place along with the placement and security of all fences, doors, windows, gates, underground utility tunnels, air intakes, and hundreds of smaller details bearing on the security of those critical assets. While Logan's Nationally-recognized bag screening system garnered most of the attention and accolades, there were other equally important initiatives undertaken to improve the overall security of MassPort's facilities. Shatter-proof laminate was installed in every airport terminal window to reduce injuries from flying glass should an explosion occur. Hundreds of bomb- resistant trash receptacles were installed in all of our terminals and our parking garages. Barriers were erected to prevent vehicles from approaching sensitive buildings. Idling limos and taxis were relocated so that they could be screened away from the terminal areas before proceeding to pick up our passengers. Tow trucks were deployed in forward positions alerting motorists that unattended or illegally parked vehicles at terminal curbsides would be removed. This was especially true when the security threat level went up triggering MassPort's zero tolerance policy that compels the immediate impoundment of improperly parked vehicles anywhere on our property. A vehicle inspection system was instituted to reopen parking lots near terminals that were closed by order of the FAA after the terrorist attacks. Authorized by a special act of the Massachusetts State Legislature, a 500-foot security zone was established around Logan's waterside perimeter. The perimeter is marked off with buoys and enforced by stepped-up patrols, which also gave MassPort an opportunity to strengthen our relationship with the U.S. Coast Guard, our local harbormasters, and the City of Boston's maritime security efforts. Random roadblocks were conducted by State police troops at the entrance points of our airport. Technological Innovations: Logan Airport is also in the forefront of technological innovations used to improve security. Logan was the only Cat X airport to complete the project of December 31, 2002, Federal deadline, 4 years later remained among the few large airports to have achieved a fully in-line explosive detection system. This was among the achievements that helped Logan earn Air Safety Week Airport Security Report's Exceptional Performance of Airport Security in 2004. Workers travelled to Logan from more than 40 States after 9/11 often sleeping in trailers they hauled themselves to install nearly 3 miles of bag belts, powered by more than 300 motors, construct 85,000 square feet of new bag rooms, renovate 55,000 square feet of existing bag rooms and construct eight new power substations. Logan is also making the needed structural changes. We have also installed about 200 security cameras throughout every airport concourse and airfield access points that can be monitored simultaneously at one central security office. A high-resolution surveillance camera currently being tested in Terminal A can record activity in an area the size of a stadium all the way to a Coke spilled on the floor. Along the airport perimeter, we have an extensive defense in depth which combines camera surveillance technology with police and fireboat patrols, police, fire, and operations vehicle patrols, and special fencing. We're also pursuing an automated intrusion detection system for this area. In 2007, we installed new access control systems to ensure that only authorized personnel are able to enter our secure areas. Our Human Assets: Technology is an important tool, but more important are the people who use it. While new technologies and capital construction projects grab the headlines, good security starts with people, communication, and organization. Logan believes that security is everyone's business, from the MassPort's CEO to the hundreds of vendors who work in the terminals. Through our Logan Watch Program, the airport instills a culture of security awareness among Logan's front-line staff, the eyes and ears of this airport who deal face-to-face with Logan's customers every day, by giving them counterterrorism training to help them spot and report activity that may be out of the ordinary or suspicious. A list of employees to help guard against threats is important. But equally important is to ensure that prospective employees are not threats to themselves. This is why we instituted an intensive system of background checks and badging for everyone that works in this airport, whether in a secure area or the public space. But perhaps the most important improvement made since September 11 has been the improved communication and cooperation that now exists among State, local, and Federal agencies that have responsibilities to keep Logan safe and secure. Admiral Naccara, Major Concannon, and I were not merely picked at random to be on this panel. We are part of a much larger team which first met on the afternoon of September 11 and has continued to meet and is meeting every single morning since then at 8:30 to assess current security information and threat intelligence. Seven days a week, Logan's security team assembles, MassPort Operations security teams, MassPort Fire Rescue and the Massachusetts State Police, the FAA, the TSA, the FBI, the Federal Air Marshals Service, the U.S. Customs and Border Protection, the airlines, our major tenants, and construction contractors are among those who attend this meeting. At the meeting, we review the events of the past 24 hours, set the priorities and actions for the coming day. This is tremendously effective because all of the key decision-makers are present in one room at the same time every day. All agencies can now simultaneously review intelligence from the preceding 24 hours and adjust our priorities and response for the day ahead. In conclusion: From the challenges of 9/11, Boston Logan International Airport has emerged as a Nationally-recognized leader in airport security. The airport's layered approach to security creates a gauntlet of information-sharing, interagency cooperation, cutting-edge technology and top-to-bottom human interaction that helps identify and thwart potential threats to the safety and security of Logan's workers and passengers, whether from terrorism or other sources. Logan was the first major airport in the Nation to have 100 percent in-line checked baggage screening, a 10-foot-high perimeter concrete wall around its landside boundary, a behavioral detection program that has been implemented and replicated by the TSA Nation-wide, and 100 percent biometric access control to restricted areas of the airport. The list of Logan's new security initiatives over the last 10 years is long, yet however many initiatives MassPort may have launched over the past decade since 9/11, security involves much more than formulating countermeasures to identify threats and vulnerabilities. At its core, good security is an extension of leadership. The commitment to use scarce resources to meet potential threats when other competing demands crowd for attention, the skill to educate the public about its responsibilities for improved security and the trade-offs it must make in lost time and convenience if the system is to work, the consistency to maintain organizational vigilance despite the inevitable and the almost endless lulls and false alarms, this requires strong, consistent leadership for a security system to work. These have been the hallmarks of MassPort's efforts as it has become a leader in transportation security. Last Sunday the Nation paused to honor the memories of those lives that were tragically lost on September 11, 2001 and paid tribute to the courage and dedication to the duty of the heroes and first responders of that day, many of whom have lost their lives. Memorials now exist at Ground Zero in New York City, at the Pentagon in Washington, DC, and in a remote field in Shanksville, Pennsylvania, and here at Boston Logan International Airport where the attacks of 9/11 were both a National tragedy and a personal one for all of us. Yet I believe that the most fitting memorial we could make to those who were lost that day is to continue doing everything humanly possible to ensure that the tragedy which took their lives never happens again. With this committee's help, I'm confident that we will. Thank you. [The statement of Mr. Freni follows:] Prepared Statement of Edward Freni September 16, 2011 Chairman McCaul, Ranking Member Keating, and Members of the committee. Welcome to Boston Logan International Airport. I want to thank you for giving us this opportunity to describe some of the measures we've undertaken at Logan Airport to emerge from the tragedy of 9/11 into an airport recognized by both the Federal Government and our peers in the airport industry as a National leader in aviation security. For the record, my name is Edward C. Freni, Director of Aviation for the Massachusetts Port Authority which owns and operates Logan Airport as well as Worcester Regional Airport and L.G. Hanscom Field in Bedford. Last Sunday, America marked the 10th anniversary of the worst terrorist attack on this country in our history. More than 3,000 of our fellow Americans, as well as many citizens from other nations, were brutally killed in New York City, Washington, DC and in a remote field in rural Pennsylvania. One hundred forty seven of those fatalities were from Logan Airport as two flights departing Boston for Los Angeles on the morning of September 11, 2001--Americans Airlines Flight 11 and United Airlines Flight 175--were commandeered by terrorists and used to attack New York's World Trade Center towers. Logan is a place where the scars left by the 9/11 attacks ``still run deep,'' as the security expert Stephen Flynn said, accurately, as I can attest. I was the senior aviation official in charge at Logan that morning as our airport director at the time, Tom Kinton, was in Canada along with many other airport directors from around the world attending the annual conference of Airports Council International. I had just gotten off the phone with Tom telling him the weather was beautiful and everything was going smoothly when we first learned a plane had hit the World Trade Center. At first we thought it was just a single engine private plane whose pilot had either lost control or become disoriented and veered tragically off course. But then we learned it was a commercial jetliner, and also that it had originated from Logan Airport. Then the second plane hit. In those first few hours after two flights from Logan Airport were hijacked, we couldn't be sure whether Logan itself might also be a target for attack. The rest of that day, and those that followed, were a blur. Though we could not know the precise details at the time, all of us who were there that day at Logan Airport knew that from that moment on, our world would never be the same. The tragic fact that Logan will forever be linked to 9/11 means there is a ``never again sense of mission,'' as Flynn called it, among those of us at Massport and throughout the law enforcement community in Boston to raise the bar on the way we manage the risk of a possible future attack at Logan Airport. September 11 had a profound impact on Massport. Since that fateful day, Massport has implemented an aggressive program of smart and focused security initiatives to strengthen defenses against potential threats. In the days and months following the attacks of 9/11, Massport brought in National and international security experts, including a team from Israel, to work with the authority in developing a program second to none. Since then, Massport has worked tirelessly to implement strategies, policies, and programs suggested by security experts in our industry. And Massport continues to explore new technologies and ideas in order to maintain our status as a security innovator. Because of what happened at Logan that day, Massport has always felt a special obligation and urgency to be on the forefront of whatever new techniques or technologies are out there that promise to make aviation more secure. We have been, because we knew that Logan Airport would always be in the National spotlight with a public anxious to believe in the air travel system again that would use Logan as a yardstick to measure how far we'd come to improve the security of that aviation system. Logan responded to that challenge and is now recognized as a National leader in aviation security. Logan is frequently chosen by the TSA and the Department of Homeland Security to pilot new techniques and technologies before they are installed or implemented Nation-wide. Behavior pattern recognition surveillance techniques were pioneered by our State Police here at Logan. The TSA took note of this new technique--which is an adopted version of methods used by the Israelis to spot terrorists using information derived from observed behavior rather than racial or ethnic categories--and transformed it into a National program the TSA calls ``SPOT.'' Today, the TSA is again recognizing Logan's appreciation of this behavior approach by using us as their initial test site for risk-based screening using specially-trained behavior assessors who ask passengers a short list of questions to help them determine if passengers might be pursuing a hostile agenda. Logan was the first airport in the country to meet the 2002 Congressional mandate for 100% baggage screening when we completed on time an automated, in-line system for screening all checked baggage. Massport is also a leader in evaluating new transportation security technologies on its own. To help weigh the effectiveness of new technologies, Massport's Office of Corporate Security created the Transportation Security Center of Excellence that invites inventors and vendors of emerging technologies to test their products at Massport's airport and seaport facilities. Logan also tries to make security everyone's business, from the CEO to the front-line ticket agents and baggage handlers. We've even badged and deputized the clammers who fish in the mudflats off Logan's runway ends, recruiting them to be an additional set of eyes and ears, reporting suspicious activity out there on that vulnerable airport perimeter. But the most significant improvement we've made toward keeping our airports and the flying public safer and more secure is the communication, coordination, and close working partnerships that now exist between agencies who've met every day since 9/11 to review the latest information and intelligence together and to plan an appropriate response for that day. Massport's daily 8:30 morning security meeting, bringing together all agencies with security responsibilities, is well-known throughout the industry. For the sake of simplicity, Logan Airport's response after 9/11 can be grouped under three broad categories: First, were steps to physically harden Logan Airport, and our other airport and seaport facilities, against the possibility of their being a target of a direct terrorist attack, such as a suicide bomber. Under this category I might include the consolidation of 11 points of access to the Logan airfield pre-9/11 into just two heavily fortified, military-style security gates post-9/11 capable of withstanding an attempted breech from even a heavy vehicle. Second, are the technological innovations we've made to the airport's security. Here, I would include our baggage screening system, the biometric-controlled access systems and surveillance cameras we've installed, as well as the technologies we've field tested in real-time, real-life settings, including those screening technologies we've pilot- tested for the TSA. Third are the steps we have taken to marshal and better organize the human assets that protect this airport, and that includes everything from the Massachusetts State Troopers from Troop F who patrol Logan's terminals to the Sky Caps who work the terminal curbs outside. There is an old saying that goes: ``You can't manage what you can't measure.'' Also unique to Logan is the development and use of over 200 line items of security metrics that help Massport manage its multi- million dollar security program. Our metrics enable us to achieve a high level of visibility on the performance of all our security program components and track their performance over time by comparing performance year over year. This has led to many improvements, such as the camera surveillance programs current metric that no camera is out of service for more than 24 hours, on average. hardening potential targets Let me begin with some of the steps we took to physically harden Logan Airport against a future terrorist attack. A facility like Logan Airport designed for easy public access and serving as many as 28 million passengers a year--77,000 passengers a day--is often called a ``soft target'' because the open and publicly-accessible nature of its mission presents unique security challenges for those who operate and protect them. I have already mentioned the restricted access to the Logan Airfield that now exists, with a single, heavily-fortified gate at both the northern and southern ends of the airfield. In addition, Logan erected pillars and concrete barriers in front of every terminal to prevent a terrorist from driving a bomb into the airport. We also replaced its 8-foot-high chain link fence around the perimeter with a 10-foot-high concrete wall. After 9/11 Massport's security organization was thoroughly reviewed. An analysis was completed of all the procedures currently in place, along with the placement and security of all fences, doors, windows, gates, underground utilities tunnels, air intakes, and the hundreds of smaller details bearing on the security of these critical assets. Deterrence and prevention, of course, are always the primary objective. But prudence dictates that it is also necessary to adopt measures to decrease the deadly toll of a terrorist attack should one be attempted. While Logan's Nationally-recognized bag screening system garnered most of the attention and accolades, there were other, equally important initiatives undertaken to improve the overall security of Massport's facilities: Shatter-proof laminate was installed to every airport terminal windows to reduce injuries from flying glass should an explosion occur. Hundreds of bomb-resistant trash receptacles were installed in all terminals and parking garages. Barriers were erected to prevent vehicles from approaching sensitive buildings. Idling limos and taxis were relocated so they could be screened away from terminals before proceeding to pick up passengers. Tow trucks were deployed in forward positions, alerting motorists that unattended or illegally parked vehicles at the terminal curbside would be removed. This was especially true when the security threat level went up, triggering Massport's zero tolerance policy that compels the immediate impoundment of improperly parked vehicles anywhere on the property. A vehicle inspection system was instituted to reopen parking lots near terminals that were closed by order of the FAA after the terrorist attacks--another security initiative that provides significant customer service benefits for Logan's passengers. Authorized by a special act of the Massachusetts State Legislature, a 500-foot security zone was established around Logan's waterside perimeter. The perimeter is marked off with buoys and enforced by stepped-up patrols, which also gave Massport an opportunity to strengthen our relationship with the U.S. Coast Guard, local harbormasters, and the City of Boston's maritime security efforts. Random road-blocks were conducted by State police troops at the entrance to our parking garages. technological innovations Logan Airport is also in the forefront of technological innovations used to improve security. Compelling proof of this commitment is Logan's baggage screening system. Logan was the only Category X airport to complete the project by the December 31, 2002 Federal deadline and 4 years later remained among the few large U.S. airports to have achieved a fully in-line Explosive Detection System. That was among the achievements that helped Logan earn Air Safety Week Airport Security Report's ``Exceptional Performance in Airport Security Award'' in 2004. Logan's bag screening system was a massive undertaking successfully completed by nearly 800 bricklayers, electricians, carpenters, ironworkers, HVAC workers, bag belt workers, and others--all of whom had to be monitored daily to ensure security--and who worked around the clock to compress 2 or 3 years of construction work into less than 1. Workers traveled to Logan from more than 40 States after 9/11, often sleeping in trailers they hauled themselves, to install nearly 3 miles of bag belts powered by more than 300 motors, construct 85,000 square feet of new bag rooms, renovate 55,000 square feet of existing bag rooms, and construct eight new power substations. Logan's was the first bag screening system given the go-ahead to begin construction on the Federally-mandated system by the new TSA, and Massport's Board committed nearly $150 million to expedite construction before the reimbursement formula that eventually repaid those funds was even in place. At the same time the bag screening project was moving forward, Massport was designing and constructing modern security checkpoints for the TSA's passenger screening. The system incorporated updated equipment, better layout for increased flow, and the development of exit lane security doors and video monitoring to prevent the need to empty a terminal or concourse should there be concern about a possible security breach. Since then Logan has made significant investments to improve efficiency by retrofitting our terminals to consolidate checkpoints in both Terminal B and Terminal C. These are just a few examples where Logan is improving security with technology. Logan is also making needed structural changes. We have also installed about 200 security cameras throughout every airport concourse and airfield access points that can be monitored simultaneously from a central security office. A high-resolution surveillance camera currently being tested in Terminal A can record activity in an area the size of a stadium, all the way down to a Coke spilled on the floor. Along the airport perimeter we have an extensive defense in depth which combines camera surveillance technology with police and fire boat patrols; police, fire, and operations vehicle patrols, and special fencing. We are also pursuing automated intrusion detection for this area. In 2007, we installed a new Access Control System to ensure that only authorized personnel are able to enter secure areas. Logan also tries to be on the cutting edge of the development of new techniques and technologies to make our Nation more secure than it has ever been before. We have become a laboratory for the field testing of promising new security innovations. To separate what works from what's a waste of time Massport has assembled a special Security Advisory Committee. This group of experienced professionals, with contacts in New England's academic and business communities, works with our Director of Corporate Security to evaluate new security technologies and how they might be used. The council helps us to quickly decide which ideas are worth pursuing as we continue to launch pilot projects that push the envelope on ways to improve security--without sacrificing operational effectiveness. These tests, for example, proved the value of handheld wireless computers that were issued to our State Police, allowing troopers on foot patrol to conduct criminal history and license plate checks via a secure wireless network. human assets Technology is an important tool. But more important are the people who use it. While new technologies and capital construction projects grab the headlines, good security starts with people, communication, and organization. Logan believes that security is everyone's business, from Massport's CEO to the hundreds of vendors who work in the terminals. To remind everyone of this fact and to keep workers vigilant and on their toes, Logan has instituted a public recognition program called ``SAFE''--Security Awareness is for Everyone--to single out those workers who do their part to protect this airport. Through our ``Logan Watch'' program the airport instills a culture of security awareness among Logan's front-line staff--the eyes and ears of this airport who deal face-to-face with Logan's customers every day--by giving them counter-terrorism training to help them spot and report activity that may be out-of-the-ordinary or suspicious. To help employees do that more effectively, while also providing customer service benefits, Massport established an ``English for Speakers of Other Languages'' program at Logan Airport that has been in effect for the past 2 years. This joint effort of Massport, UGL Unicco, and SEIU Local 615 provides 32 weeks of intensive English instruction for airport workers whose primary language is not English. With the emphasis Logan Airport places on front-line airport employees to provide clear and accurate information to law enforcement officials about potential threats to airport security and public safety, Massport knew it was important to improve the English proficiency skills of everyone who works at this airport. While improving airport security may have been the primary impetus for a program that gives all airport workers the confidence to communicate effectively with the public, providing language skills also improves customer service for our passengers and opens new career doors for our workers. Enlisting employees to help guard against threats is important. But equally important is to ensure that prospective employees are not threats themselves. This is why we have instituted an intensive system of background checks and badging for everyone who works at this airport, whether in secure areas or public spaces. A program was implemented to check the fingerprints and criminal history records of all airport employees, contractors, and construction workers. These innovations don't stop at Logan Airport as Hanscom Field in Bedford became the first airport of its size to have a security badge program using FBI fingerprint background checks to better identify people who have access to the airfield. These were just some of the measures Logan adopted after turning to Nationally and internationally respected experts on counter-terrorism in order to better understand and prepare for the new world we woke up to on the morning of September 11, 2001. Airports in America have a lot to learn from the experience of airports in those parts of the world that have had to deal with the threat of terrorism much longer than we have. So immediately after 9/11 Logan hired the former head of security for Israel's El Al Airlines and Ben Gurion Airport, Rafi Ron, whose experience as a security specialist in one of the world's most dangerous regions was invaluable to Logan in preparing to counteract today's the new threats. By bringing Rafi Ron to Logan Airport we have been able to learn about the strict security that is standard operating procedure in Europe and Israel, while learning how these security measures can be adopted and incorporated into the operations of large, complex American airports like Logan with their unique demands and constraints. But perhaps the most important improvement made since September 11 has been the improved communication, cooperation, and cooperation that now exists among State, local, and Federal agencies that have responsibilities for keeping Logan safe and secure. Admiral Naccara, Major Concannon, and I were not merely picked at random to be on this panel. We are part of a much larger working team which first met on the afternoon of September 11 and has continued meeting every morning since then at 8:30 to assess current security information and threat intelligence. Seven days a week, Logan's security team assembles: Massport operations and security teams, Massport Fire Rescue, the Massachusetts State Police, the FAA, the TSA, the FBI, the Federal Air Marshal Service, U.S. Customs and Border Protection, the airlines, our major tenants and construction contractors, among others. At the meeting we review the events of the past 24 hours and set the priorities and actions for the coming day. This is tremendously effective because all the key decision makers are present in one room, at the same time, every day. All agencies can now simultaneously review intelligence from the preceding 24 hours and adjust our priorities and response for the day ahead. Another example of the close inter-agency cooperation you find at Logan Airport is the Joint Terrorism Task Force composed of Federal, State, and local law enforcement and security professionals. In another security first, Massport and the FBI announced just last month the opening of a Joint Terrorism Task Force headquarters here at Logan International Airport--the first ever, airport-based FBI-Joint Terrorism Task Force Unit in the country. Thanks to the new headquarters of the joint terrorism task force here at Logan, these agencies will be able to remain in constant physical contact even after the 8:30 morning meeting breaks up--further contributing to the teamwork that exists. The offices, located on-site at Logan, were formally opened in July by FBI Director Robert S. Mueller III. The facility is a tangible example of the collaborative approach to security at this airport. The agencies with a daily presence at the facility are the FBI, TSA, Federal Air Marshall Service, U.S. Department of State Diplomatic Security Service, U.S. Customs and Border Protection, Massachusetts State Police, Boston Police Department, Homeland Security Investigations, and Massport. The opening of the JTTF Annex has greatly enhanced the task force's ability to share vital information and dramatically strengthen investigative support in a timely manner with those that may be affected by criminal acts. conclusion From the challenges of 9/11 Boston Logan International Airport has emerged as a Nationally-recognized leader in airport security. The airport's layered approach to security creates a gauntlet of information-sharing, inter-agency cooperation, cutting-edge technology and top-to-bottom human interaction that helps identify and thwart potential threats to the safety and security of Logan's workers and passengers, whether from terrorism or other sources. Logan was the first major airport in the Nation to have 100% in- line checked baggage screening, a 10-foot-high perimeter concrete wall around its landside boundary, a behavior detection program that has been replicated by the TSA Nation-wide, and 100% biometric access control to restricted areas of the airport. The list of Logan's new security initiatives over the past 10 years is long. Yet, however many initiatives Massport may have launched over the past decade since 9/11, security involves much more than formulating countermeasures to identified threats and vulnerabilities. At its core, good security is an extension of leadership. The commitment to use scarce resources to meet potential threats when other competing demands crowd for attention; the skill to educate the public about its responsibilities for improved security and the tradeoffs it must make in lost time and convenience if the system is to work; the constancy to maintain organizational vigilance despite the inevitable, and almost endless, lulls and false alarms--this requires strong, consistent leadership for a security system to work. These have been the hallmarks of Massport's efforts as it has become a leader in transportation security. Last Sunday the Nation paused to honor the memories of those whose lives were tragically lost on September 11, 2001 and pay tribute to the courage and dedication to duty of the heroes and first responders of that day, many of whom also lost their lives. Memorials now exist at Ground Zero in New York City, at the Pentagon in Washington, DC, in a remote field in Shanksville, Pennsylvania and here at Boston Logan International Airport, where the attacks of 9/11 were both a National tragedy and a personal one as well. Yet I believe that the most fitting memorial we could make to those who were lost that day is to continue doing everything humanly possible to ensure that the tragedy which took their lives never happens again. With this committee's help, I am confident we will. Thank you. Mr. McCaul. Thank you, Mr. Freni. Let me just personally thank you for your service and the Massachusetts Port Authority for its service. I know you were here that fateful day. I can't imagine what was going through your mind, at that time. But you've been a real leader for the Nation, in terms of airport security, and you've really done a great job making this airport safer. So thank you so much. Mr. Freni. Thank you, Mr. Chairman. Mr. McCaul. Next the Chairman now recognizes Major Concannon. STATEMENT OF MICHAEL P. CONCANNON, MAJOR, STATE POLICE TROOP F, BOSTON LOGAN INTERNATIONAL AIRPORT Mr. Concannon. Good morning, Chairman McCaul and Ranking Member Keating. It's my honor and pleasure to speak with this committee regarding the topic of assessing airport security and preventing a future terrorist attack. Thank you for this opportunity. For the record, my name is Major Michael D. Concannon. I'm the Commanding Officer of Troop F of the Massachusetts State Police, charged with providing law enforcement and security services here at Boston Logan International Airport as well as at other MassPort properties. I'd first like to acknowledge the tremendous and professional working relationships that exists among the numerous entities that make up the security team at Logan Airport. It is my sincere belief that it is because of these incredibly strong partnerships that Logan Airport has been able to get it right when it comes to securing the large Category X international airport in the post-9/11 era. Those of us who work hard each day to protect the people and infrastructure at Logan understand that nothing less than a true team effort will work. Clearly, there is a sensitivity at Logan Airport due to the history here that drives this high level of commitment. The exceptional professional and personal relationships that have been forged through the years here at Boston have laid the foundation for any number of historic and groundbreaking security enhancements. Among these achievements are an historic playbook collaborative effort, an effective and coordinated State police and TSA canine effort, a comprehensive advanced imaging testing resolution protocol, an effective and efficient coordinated effort to maximize the resources of the TSA's bomb appraisal officers, as well as our own bomb squad, a practical and legally sound checkpoint response protocol, a unified breached resolution protocol, an on-airport robust ICE/DEA task force, and a recently established first in the Nation on-airport FBI Joint Terrorism Task Force Annex. These are just some of the advancements that we've been able to implement here at Logan Airport in recent years, and they are an example of, as well as, the fruits of the solid partnerships in place here at Logan. We continue to cultivate a very positive culture within the Logan security team where all of the airport's stakeholders, each and every employee is expected to understand, appreciate, and perform a security rule. These efforts were recently recognized at the highest levels of the TSA when the newly- appointed administrator, Mr. John Pistole, on his very first airport visit upon being appointed came to Logan Airport. He commented that the security operation here was ``one of the best, most secure'' of all of the airports in the Nation. We strive each day to ensure that our efforts are worthy of such high praise. In my role as Troop F Commander, I'm involved in all security matters that concern Logan Airport as well as other MassPort properties, and I work every single day with all of our partners, most notably, the TSA. In addition to being the Troop F Commander, I also serve as MassPort's Director of Aviation Security, and I'm afforded a seat at the table for all security-related discussions. The specific assets that the Massachusetts State Police offer in protecting these properties are numerous. Troop F consists of several components, including uniform troopers who perform patrol duties, troopers in tactical units such as the bomb squad and canine units, as well as troopers in investigative units and support units. We also have an officer assigned full-time to the newly created JTTF Annex. Each officer views his or her role as a member of the larger airport community and has embraced the cooperative and collaborative approach that is so vital in protecting the airport, its stakeholders, and the traveling public. Troop F is different from other geographic troops that make up the Massachusetts State Police, most of which include among their duties patrols of long stretches of State highways. While Troop F does not have the traditional patrol function, we do have the unique responsibility for maintaining a layered security approach at Logan Airport including the waterside and landside perimeters, the terminal and curb area, both with the public side of the passenger terminals and the sterile side as well as the aircraft operating area, the ramp area. The focus at Troop F primarily here at Logan Airport is a blend of a proactive security strategy coupled with a strong customer service approach. Our goal is the professional delivery of the highest levels of police and security services to MassPort through a combination of vigilance and courtesy. Not only is the specific mission of Troop F different than other State police troops, but the approach to fulfilling the mission is also different. Rather than a traditional response model whereby police officers respond to calls for service after the fact, the model at Troop F is a proactive one. Every officer here, regardless of unit assignment, has been trained in behavior pattern recognition and is expected to utilize these skills on a daily basis throughout the airport. Troopers are expected to be alert for anything or anybody who appears out the ordinary, whose behavior does not seem to fit in with normal actions and routines of travelers. When such behavior or action arises or raises questions, troopers engage that person in conversation to further assess the situation. This proactive preventative approach to security is certainly different than many of the assignments on the State police, and this mind-set is reiterated and reinforced repeatedly here at Troop F. Boston Logan was the first airport in the Nation to deploy this BPR program which was modeled after the Israeli airport security program and has been adapted for U.S. airport environment by Mr. Rafi Ron, an international aviation security expert hired by MassPort immediately after 9/11. The BPR program contributes to the creation of an efficient multilayered security system for the airport. As has been mentioned, this concept was the forerunner of the SPOT EDO program that you've heard about. It should be pointed out that, whenever a new security strategy is introduced, its vital to ensure that the Security team is on the same page. Beyond that, it's also critically important that the public supports the efforts as well. The BPR program and its observation and conversation techniques have been well-received at Logan Airport and have been embraced by the entire security team. These techniques are welcome by Logan Airport passengers who are reassured by the proactive and professional approach designed to identify potential criminals or terrorists without inconveniencing the tens of thousands of passengers who use Logan Airport each day. Not only are the officers of Troop F trained to be on the lookout for items, persons, or behaviors of concern, they are also trained to receive any and all referrals by airport employees and members of the public of issues that concern them. We coordinate our efforts closely with a variety of law enforcement and Homeland Security partners, including MassPort, the TSA, the Federal Air Marshals Service, Customs and Border Protection, the FBI, Immigrations and Customs Enforcement and the DEA, just to name a few. The officers assigned here in each of our security partners understand and accept that we are all part of a much larger layered security framework at the airport that includes not only law enforcement, public safety, and security personnel but also every single one of our 14,000 badged airport employees. The mind-set of every single person who works at the airport must be and is, ``If you see something that concerns you, you should say something to the authorities,'' or in short, ``See something, say something.'' Further, it's often mentioned here that, if you work at Logan Airport and you can go a day without thinking of 9/11, you should not work at Logan Airport. This cannot be overstated. We rely heavily on the eyes and ears of the airport community, including the airline employees, the airport vendor employees, the ground transportation team and members of the traveling public to assist us in securing Logan Airport. We constantly remind each of these partners of the important role that they play, and we have programs in place to train these people, remind these people, and recognize these people for their contributions. I'm confident in saying to this committee that the entire Boston Logan International Airport security team has worked very hard each day to accomplish these goals, and we have remained positive and flexible as we've had to adapt to evolving threats and challenging times. Further, we will continue to work hard and to be constantly mindful of the critical need for cooperation, communication, and collaboration. We have wrestled with many of the issues affecting airports across the country. But because of the constant effort to work together, to communicate openly, and to be mindful that we share a common goal, we have been able to work these issues to successful resolution. The advice that we would offer to other airports is this: Communication serves to establish relationships. Relationships forge true partnerships. Strong partnerships ensure successful collaborative outcomes. Again, I thank the Chairman and Ranking Member, Mr. Keating, and the committee for the opportunity to appear before you today and to share my thoughts. I look forward to any questions that you may have, thank you. [The statement of Mr. Concannon follows:] Prepared Statement of Major Michael P. Concannon September 16, 2011 Good morning Chairman McCaul, Ranking Member Keating, and Members of the committee. My name is Major Michael P. Concannon. I am the Commanding Officer of Troop F of the Massachusetts State Police; charged with providing law enforcement and security services here at Boston/Logan International Airport as well as at other Massachusetts Port Authority (Massport) properties. It is my honor and pleasure to speak with this committee regarding the topic of assessing airport security and preventing a future terrorist attack. Thank you for this opportunity. I would first like to acknowledge the tremendous professional working relationships that exist among the numerous entities that make up the ``Security Team'' at Logan Airport. It is my sincere belief that it is because of these incredibly strong partnerships that Logan Airport has been able to ``get it right'' when it comes to securing a large Category X international airport in this post-9/11 era. Those of us who work hard each day to protect the people and the infrastructure at Logan understand that nothing less than a true team effort will work. Clearly, there is a sensitivity at Logan Airport, due to the history at our airport, that drives this high level of commitment. The exceptional professional and personal relationships that have been forged through the years here at BOS have laid the foundation for any number of historic and ground-breaking security enhancements. Among these achievements are: An historic Playbook collaborative effort, an effective and coordinated MSP and TSA K-9 effort, a comprehensive Advanced Imaging Testing (AIT) resolution protocol, an effective and efficient coordinated effort to maximize the resources of the TSA Bomb Appraisal Officers (BAO's), a practical and legally sound checkpoint response protocol, a unified breach resolution protocol, an on-airport robust ICE/DEA task force, and a recently established, first-in-the-Nation on-airport FBI Joint Terrorism Task Force Annex. These are just some of the advancements that we have been able to implement here at Logan Airport in recent years and they are an example of (as well as the fruits of) the solid partnerships in place at Logan Airport. We continue to cultivate a very positive culture within the Logan security team where all of the airport stakeholders, each and every employee, is expected to understand, appreciate, and perform a security role. These efforts were recently recognized at the highest levels of the Transportation Security Administration (TSA) when the newly-appointed administrator, Mr. John Pistole, on his very first airport visit upon being appointed administrator, came to Logan Airport. He commented that the security operation here was ``one of the best/most secure'' of all the airports in the Nation. We strive to ensure that our efforts are worthy of such high praise. In my role as Troop F Commander, I am involved in all security matters that concern Logan Airport, as well as all other Massport properties and I work every single day with all of our partners, most notably the TSA. In addition to being the Troop F Commander, I also serve as Massport's Director of Aviation Security and I am afforded a seat at the table for all security-related discussions. The specific assets that the Massachusetts State Police offer in protecting these properties are numerous. Troop F consists of several components, including uniformed Troopers who perform patrol duties, Troopers in tactical units such as the bomb squad and K-9 unit, as well as Troopers in investigative units and support units. Each officer views his/her role as a member of the larger airport community and has embraced the cooperative and collaborative approach that is so vital to protecting the airport, its stakeholders, and the travelling public. Troop F is different from other geographic Troops that make up the Massachusetts State Police, most of which include among their duties patrols of long stretches of State highways. While Troop F does not have the traditional ``patrol'' function, we do have the unique responsibility for maintaining a layered security approach at Logan Airport, including the waterside and landside perimeters, the terminal curb area, both the public side of the passenger terminals and the sterile side of the terminals (post screening), and on the ramp areas (the aircraft operating area--the AOA). The focus at Troop F, primarily at Logan Airport, is a blend of a proactive security strategy coupled with a strong customer service approach. Our goal is the professional delivery of the highest levels of police/security services to Massport, through a combination of vigilance and courtesy. Not only is the specific mission of Troop F different than the other State Police Troops, but the approach to fulfilling that mission is also different. Rather than the traditional ``response'' model, whereby police officers respond to calls for service (after the fact), the model at Troop F is ``proactive''. Every officer at Troop F, regardless of unit assignment, has been trained in Behavior Pattern Recognition (BPR) and is expected to utilize these skills on a daily basis, throughout the airport. Troopers are expected to be alert for anything or anybody who appears out of the ordinary, whose behavior does not seem to fit in with normal actions and routines of travelers. When a behavior or action raises questions, Troopers engage that person in conversation to further assess the situation. This proactive, preventative approach to security is certainly different than many of the assignments on the State Police and this mindset is reiterated and reinforced repeatedly. Boston/Logan was the first airport in the Nation to deploy this program, which was modeled after the Israeli airport security program and has been adapted for a U.S. airport environment by Rafi Ron, an international aviation security expert hired by Massport immediately after 9/11. The behavior pattern recognition program contributes to the creation of an efficient, multi-layered security system for the airport. Whenever a new security strategy is introduced, it is vital to ensure that the security team is on the same page. Beyond that, it is also critically important that the public supports the effort as well. The BPR program and its observation and conversation techniques have been well received at Logan Airport. These techniques are welcomed by Logan Airport passengers who are reassured by the proactive and professional approach designed to identify potential criminals or terrorists without inconveniencing the tens of thousands of passengers who use Logan each day. They are viewed as a significant improvement over the random searches that were such a frustrating intrusion and inconvenience for the vast majority of passengers in the past. Not only are the officers of Troop F trained to be on the lookout for items, persons, and behaviors of concern, they are also trained to receive any and all referrals by airport employees and members of the public of issues that concern them. We coordinate our efforts closely with a variety of law enforcement and homeland security partners, including Massport, the Transportation Safety Administration (TSA), the Federal Air Marshals Service (FAMS), Customs and Border Protection (CBP), the Federal Bureau of Investigation (FBI), Immigration and Customs Enforcement (ICE), and the Drug Enforcement Administration (DEA) to name a few. Troop F and the officers assigned here and each of our security partners understand and accept that we are all part of a much larger layered security framework at the airport that includes not only the law enforcement/public safety/security personnel, but every single one of our 14,000 Secure Identification Display Area (SIDA) badged airport employees. The mindset of every single person who works at the airport must be (and is) ``If you see something that concerns you, you should say something to the authorities. Or, in short, ``See Something, Say Something''. Further, it is often mentioned that, ``if you work at Logan Airport and you can go a day without thinking of 9/11, then you should not work at Logan Airport''. This cannot be overstated. We rely heavily on the eyes and ears of the airport community, including the airline employees, the airport vendor employees, the ground transportation team, and members of the travelling public to assist us in securing Logan Airport. We constantly remind each of these partners of the important role that they play and we have programs in place to train people, remind people, and to recognize people for their contributions. I'm confident in saying to this committee that the entire Boston/ Logan International Airport security team has worked very hard each day to accomplish these goals and we have remained positive and flexible as we've had to adapt to evolving threats and challenging times. Further, we will continue to work hard and to be constantly mindful of the critical need for cooperation, communication, and collaboration. We have wrestled with many of the same issues affecting airports across the country, but because of the constant effort to work together, to communicate openly, and to be mindful that we share a common goal, we have been able to work these issues to successful resolution. The advice we would offer to other airports is this: Communication serves to establish relationships, relationships forge true partnerships, and strong partnerships ensure successful, collaborative outcomes. Again, I thank the Chairman and the committee for the opportunity to appear before you today and to share my thoughts and I look forward to any questions that you may have. Thank you. Mr. McCaul. Thank you, Major, and I appreciate your testimony. Now, you can't come to this airport without remembering what happened 10 years ago. You know, it was a bright, sunny day, a crisp day, not unlike today, that turned into one of the darkest chapters in American history. To sit here and to think not too far from where we sit, Mohamed Atta and his band of hijackers slipped through detection, slipped through our security and got onto those airplanes and proceeded to kill 3,000 people gives me a tremendous sense of sorrow but also of obligation to make this place more secure. I will say, I think you all have done a fantastic job in that effort. Since that day, we've become accustomed, as a people, to go through airports. We take our shoes off. We go through secondary screening. We go through pat-downs. It's just become a way of life. As a Member of Congress--and I'm sure Mr. Keating as well-- we often hear complaints about, you know, ``Why are you taking the elderly woman aside and patting her down?'' And ``Why are you taking the child and patting them down?'' ``Why are you treating all Americans as an equal threat?'' Should we be more risk-based? Should we be looking more at the real threat rather than the grandmother? I think that's a common-sense approach, and I think that's an approach that this Behavior Detection Program, I think, seeks to do. Looking not at every individual as an equal threat, but let's look at the behavior of the individual. Is it suspicious? Let's analyze the behavior to spot those potential threats. I've had numerous people say, ``Why aren't we doing what they do in Israel? That works so well.'' I think that's what this program, as has been testified to, is really, it's part of that program. You all looked at what the Israelis have done, taken that and applied it here at Logan Airport. The first model, the first pilot program was done here. In my view, it's been successful, and now it's adopted in 160 airports across the country. It's resulted in 2,000 arrests in our airports. Again, I think it's just common sense. So I just would like, I think it would be interesting to hear a little bit more about how this program works and how we can get beyond the day where the grandmother is patted down, the World War II Veteran is patted down, and the child is patted down. Mr. Freni. Mr. Freni. As we stated, Mr. Chairman, shortly after 9/11, we had to strategize and make sure that we were doing the right things that made sense to make sure that this airport was secure. Obviously, we thought that it was important that we take a look at the people that travel through the airport day-in and day-out. So we had engaged with Rafi Ron, as the Major mentioned in his remarks, to come in and show us the Israeli model. We thought that that fit appropriately. We decided, at that time, that we would train the entire Troop F in those techniques. Along with that, we instituted a program called Logan Watch where the condensed version of that training is now introduced to all our employees that hold badges. They have to take that program before they are enabled to get a badge to work here at the airport. So they have the same knowledge that Mr. Ron had when he came to the State police group, so that they look to see if there is anything out of the ordinary on a daily basis. But we have drilled that into the fabric and imbedded it into the fabric of the way we do business here. It's great to see that the TSA has now taken that program and instituted it with the size of the workforce that George Naccara has here. So that gives us a whole different group of people that are in the front lines that can look and pay attention to the behavior of those who come through our terminals and get on our airplanes. So the SPOT Program is a derivative of what we did originally with Rafi Ron. We welcome the opportunity to test the risk-based assessment that we have actually started and I'm sure George will talk about. But we are now exempting the young children under 12, so hopefully, your young son will be exempt from some of the scrutiny that some of the young children have had to go through, and it pains us to see that. Also, with the elderly group, we hope that it will branch out to that. But the important thing is that we're watching and paying attention to the way people behave. We think that with the institution of the SPOT Program and other risk assessment programs that we're willing to test here any time at this airport is the best way to go. Mr. McCaul. Well, thank you. You did mention my son. This was yesterday, I'm at Dulles Airport. He broke his finger playing football, so he had a metal splint, and of course went through the magnetometer and went through secondary screening, and he was tested for explosives. I don't know, I don't think my son is a threat to the National security of the United States. But in any event, it's good to hear that this airport is using that common-sense approach where you don't have to pat down 5-year-old kids. I think that it will go a long way with the American people. They can accept having to go through a lot of this stuff. But when they see the grandmother or the child, I think they lose their patience with that. I think what you're doing will take this in the right direction. You know, in oversight, we're often very critical. This is one of those days where I have to commend and applaud you for your efforts. Admiral, I want to applaud you for taking this, this model approach that the Israelis developed, and applying it throughout the Nation through the TSA. Do you have any comments or would you like to explain how this works and what the training is? Admiral Naccara. Well, thank you, Mr. Chairman. I'll defer some of the explanation to my colleague, Chris McLaughlin, for the National approach to the risk-based security. But as far as Logan Airport goes, what Mr. Freni explained was accurate. That was, we saw great value in what the State police were doing and what MassPort was doing here, and as an agency, we were leaning forward and looking for opportunities to improve security and perhaps to work away from complete reliance on technology and look into the human interaction and how that could enhance our processes. Fortunately, we began with pilot programs here in 2005, expanded to other airports in the New England area. Then our headquarters understood and allowed us to begin a formal pilot program which has led to the Nation-wide SPOT Program that we have today with nearly 3,000 officers at around 160 airports. Now, in the evolution of the human interaction and behavior detection, it's an exciting time. As you suggested, we are treating everyone the same, and that is not the most effective use of resources. So we need a method to assess the risk associated with every passenger and then to manage that risk appropriately, and that's where we're headed. Frankly, the Proof of Concept we have in place here is exciting and very well-embraced by MassPort and the State police and the carriers, which is critical to our success certainly, but even to the passengers. We've had this in place now for nearly 6 weeks. We've spoken to thousands, tens of thousands of passengers, and generally, the reaction has been extremely positive. The questions they're being asked are very similar to those which are asked of international passengers. Anyone who has traveled around the world has also been exposed to those types of questions. We're looking for the reactions, the behaviors, and we're also looking for inconsistencies in their story. That is refining our process so that we will treat people differently. There are a number of elements to the overall program of risk-based security, and one of them addresses the issue of your child. Again, I'll allow Chris to talk about that. But that was a program that was piloted here and at five other airports around the country beginning about 6 weeks ago. There is some relaxation of the standards for children who appear to be 12 and under, and it's working very well. Our goal, of course, is to minimize the pat-downs that are conducted on a child 12 and under. As you suggested, they are considered a much lower risk. We are adapting our systems. The World War II veterans you've suggested also, we've modified the processes for them as well. That's certainly deserved, and it's appropriate respect for them. Mr. McCaul. That's right. Admiral Naccara. It's an exciting time for all of us, and you'll see many changes. They won't come too quickly, but on the other hand, the process has begun, and I'll defer to Chris on that. Mr. McCaul. Let me just say that 10 years after the tragic events, this is certainly, in my judgment, a good news story. Mr. McLaughlin, do you have any comments? Mr. McLaughlin. Thank you, sir. Coming up here from the District of Columbia, I mean, the first thing that I would like to do is truly recognize the local team here. They truly embody what we're looking for across the Nation in terms of a real partnership to securing our aviation process. So I'm honored to be here with them. From literally his first day or first few days on the job, our administrator, John Pistole, has been talking actively about moving away from a one-size-fits-all security model to a risk-based approach. To that end, TSA has been working diligently on a number of different initiatives within the portfolio of risk-based security to try to do three things; improve security, do it more efficiently, and frankly, do it in a way that also improves the overall customer experience. We believe, truly, that we can accomplish those three things by taking a smart approach. We learned from the support and the recommendations of the GAO with the variety of things that we roll out, we apply some of those pieces into the work we're doing, and we pilot them in places like Logan. At the end of the day, we are confident that things like the Assessor Proof of Concept, as we've shown recently with the pilots with children under 12 and have now rolled out nationally, there are ways that we can look at an individual based on what we know about them in advance of their arrival to the airport, what we learn about them while they're at the airport, and then we can apply appropriate screening measures to them based on what we found out through that process. So we agree wholeheartedly that there is a better, smarter, more effective, and more efficient way to doing this. Mr. McCaul. Well, I look forward to getting updates on the successes. I know you've had 2,000 arrests. Fortunately, none of those were terrorist-related, although some involved, I think, counterfeit documents which could have been related to terrorism. But certainly, that's 2,000 criminals off the street. So Major, as you had mentioned, I was a Federal prosecutor. I used to work with the JTTF, Joint Terrorism Task Force. It's a valuable model approach. You say that you are now very coordinated with their efforts here at the airport? Mr. Concannon. Yes, we are, sir. Mr. McCaul. Could you elaborate on that? Mr. Concannon. Yes, Mr. Chairman. We have a sergeant, one of our troopers, assigned full-time with the JTTF working closely with that team. The JTTF Annex here at the airport obviously has a close relationship with the Boston JTTF Annex downtown. They work closely on any issues that arise here at the airport. Our sergeant who is assigned there is able to bring back information to share with the troops. That can help with either an on-going investigation or certainly intelligence updates, things to be on the lookout for. We found it very productive. We think it's a great idea, and we'd like to see it expanded throughout the country. Mr. McCaul. That's very good. Mr. Lord, the 9/11 Commission's Tenth Anniversary Report Card had some criticism. We're still vulnerable to aviation security threats, in their opinion, and specifically talk about the need to improve screening at checkpoints using biometrics and standardized identification documents. What are your thoughts on that? Mr. Lord. Well, first of all, we've done a large body of work on, not only the screening process, but the technologies that's utilized to implement some of the processes. We found some problem areas in deploying effective technology, but also in using biometrics. We did a very detailed assessment--it's not in the aviation sector, mind you, it's in the maritime--on the so-called TWIC biometric card. It's a Transportation Worker ID card. At one time, that was envisioned as the model. It was going to be rolled out across all modes of transportation. But they had some difficulties designing the card, implementing it, doing effective background checks. It proved to be a little more difficult than I think people originally envisioned. Also, it's just being used a visual flash pass now. So we've had some covert investigators visit various ports, and they were able to obtain access to most of the facilities they entered. So our point was, well, until they're used with readers, it's really not going to be an effective deterrent. You need to, you know, make sure all industry stakeholders are on board before rolling out these types of programs. Mr. McCaul. Go ahead. Mr. Lord. Also, one additional point about the Israeli model. I probably get that question more than anything, regarding our work on behavior detection. I salute TSA's efforts to make the program more conversational. I think that has the potential to make it more effective. But I think that it's important to also note that in Israel, they have a very small-scale size operation. So you have to be careful about inferring everything is readily transferrable to the U.S. model. Also in Israel, you can profile people, you know, on the basis of race, sex, and national origin. Obviously, that's a major difference between their system and our system which makes it, you know, less comparable. Mr. McCaul. Of course, my opinion is the hijackers came from a certain part of the world, and our intelligence assets overseas are in those areas. I think that certainly, in my view, should be a factor. But having said that, I do know that when I asked the Secretary why we're not using this approach, the Israeli approach, she said that it would take too long to process with, you know, millions of passengers. The good news, from what I understand through this program, it has not slowed down the process in any way, shape, or form. Is that correct, Admiral? Admiral Naccara. Yes, sir. As a matter of fact, we are testing various options. We call it a Proof of Concept. That allows us to explore different manipulations in this system. We're looking at the outcome, and one of those considerations in the outcome would be the through-put. So we've tried two different models, and in each case, we have seen virtually no difference in the overall screening process out in front. These are exciting times. We'll continue to test other models as well. As Chris has pointed out, we have to be aware of different circumstances and different airports, certainly even in different checkpoints, and we have different levels of staffing. So those factors have to all be considered as we assess the data that comes in, and then we make some decisions as to where we go in the future. But this is very preliminary. Mr. McCaul. I just want to follow up on the 9/11 Commission again, Mr. Lord. When you say ``readers,'' you're talking about, these are identification documents that can be falsified or used by another person to gain access to the airport, and you're talking about biometric? Mr. Lord. Yes. These are biometric card readers. Mr. McCaul. So it's the individual. You know that's the individual with the card. Mr. Lord. Yes. Everybody gets a card thing. Then to make it effective, you have to swipe the card to get access. In the TWIC program anyway, they've given everybody a card, but the readers aren't installed yet, so. Mr. McCaul. Last question. I want to give my Ranking Member some time, and I appreciate your generosity. I just want to end with a general question, and that is, you know, I was Chief of Counterterrorism at Justice for a while. I remember in 1993, Ramzi Yousef, World Trade Center bomber, escaped and went to Islamabad. I know the FBI agent who arrested him. When they knocked his door down, it was sort of eerie. He had baby dolls in his apartment, and they were stuffed with chemical explosives. His intention of the plot was to carry those baby dolls on multiple airlines and blow up simultaneously these airplanes. I know that his uncle, Khalid Sheikh Mohammed, had talked about flying airplanes into buildings in the mid-1990s. The threat of chemical explosives is still an issue today. In fact, you know, just recently, the Christmas bomber, we know out of Yemen, the Clerk Yemen is still looking at ways to use chemical explosives on aviation to bring down airplanes. I think since that time, we've had another type of screening device. So where are we with detecting chemical explosives, and what is the threat today from that, I guess, part of the question for the TSA? Mr. McLaughlin. I'll take that question. I have to confess that that's a bit beyond my scope of expertise in terms of the overall chemical threat in terms of the composition. What I will tell you is that threat does still exist, as you've pointed out, and really what you're talking about is the complexity of our issues. So we're doing everything that we can to minimize intrusive techniques for the majority of customers, but we have to be cognizant of things like what you just described with baby dolls. So whether that's liquids, gels, or children's toys, we still have to make sure that every change that we make in a risk-based posture doesn't ignore the real threat that is very much there today. We're charged with defending against that. Mr. McCaul. All right. Mr. McLaughlin. So that the short answer is that we analyze each of our pieces as we roll in changes to our system to make sure that we're not missing something like a current and active threat. Mr. McCaul. Thank you. Admiral, do you have any comments on that? Admiral Naccara. We also have deployed certain pieces of technology at our checkpoints and in our baggage rooms to help us detect additional chemicals or explosives, what would be indicators of explosives. We're always improving that. With each year, I think we've rolled out some new technologies that give us more capabilities. So as Chris suggests, it's a continuing process, and it's a challenge to keep up with the bad guys, frankly. But we have been attempting that. You'll see new pieces of equipment, periodically, at the checkpoint and in the baggage rooms. Mr. McCaul. Thank you. I want to thank the Ranking Member for his patience. I hope I didn't ask every question that you were going to ask. Mr. Keating. No, thank you. Mr. McCaul. With that, I recognize my good friend and colleague, Mr. Keating. Mr. Keating. Thank you, Mr. Chairman. You know, Logan's perimeter security is unique, because there are so much water boundaries that are there, water-based boundaries. But there are airports in urban areas, airports in rural areas. So many airports have a different, you know, set of logistics attached to it. One of the things cited in the 9/11 Commission report review touches on an area of concern that I have on--getting back to the Charlotte Douglas example with Delvonte Tisdale-- you know, the issue they brought forward is the unity of command and who is in charge and making sure those lines are clear. The aviation director from Charlotte Douglas Airport where it was believed Mr. Tisdale breached perimeter security recently provided written testimony to Congress. He stated in that testimony, ``When there is a threat on board an aircraft, the FBI responds and investigates. When a pilot makes an error on the aircraft, the FAA responds and investigates. And when there is an airplane crash, the NTSB responds and investigates.'' If it's believed there is a security breach at a major U.S. airport, why shouldn't TSA respond and investigate first? Why, in that instance, was it first handed over to local police authorities to look at this? Shouldn't there be that same chain of command immediately where there is one Federal agency that just initiates and takes charge of that rather than turning to a local police authority? Mr. McLaughlin. So I'll use Charlotte as the example, but I'll speak in more broad terms. As I believe I stated earlier, TSA's role in airport security is to regulate a process. Each individual airport is required to write and operate in accordance with a local airport security program that TSA approves. The actual day-to- day oversight of the security operation in that airport does fall back to the airport authority. What TSA does, and in this example, we use a finding from a breach such as happened in Charlotte. As an example, as a result of that, we conducted a National special emphasis inspection of all airports, from Cat X all of the way through Cat 4s. As I said, we'll be done with that analysis at the end of this fiscal year so that we can ensure that, once we've identified a problem, it doesn't happen again. At the local level, we conduct annual and comprehensive inspections of the airports to ensure that they're in compliance with their plan. As we stated, we do perform joint vulnerability assessments at the required 34 airports a year, plus an additional between 10 and 15, depending on our resources. While that doesn't cover every airport, it certainly covers more than 75 percent of the traveling public that originate from those largest airports. Mr. Keating. I just think that, you know, there has been two repeated--well, there has been repeated breaches since then at that same airport and perimeter security. Someone was breaching security stealing, from my understanding, diesel fuel out of the place, and that was happening, and someone else just was able to hop a fence. This is a tremendous weakness. I'll direct this to Mr. Lord, and if any of the other panelists, although the other three are dealing with Logan here, it's a little different. But this is a tremendous, tremendous weakness we have. When we had testimony in Homeland Security as the major committee looking back at the Commission reports, we had former Secretary Tom Ridge, and we had the vice chair of that committee, Lee Hamilton, both say that there is a real problem with perimeter security. If we're trying to create uniform standards of security, if we leave that to each local police, when some of these are rural and don't have the resources, you know, with all of the great efforts that you've done here at Logan, if there is a breach in the network, people from here aren't safe. So my thinking, Mr. Lord, is just it's beyond me not to understand why there isn't some Federal uniform authority over those jurisdictions. Should we be doing that as Congress? I mean, something should be done so that TSA's hands aren't tied, if that's what happened here. Mr. Lord. Well, actually, I thought Mr. McLaughlin gave a very nice description of the overall who has oversight. Essentially, it's a shared responsibility. Under this current system, a lot of different stakeholders have a role in helping ensure security. I probably know that that doesn't satisfy your question. But at least, when we looked at this in our perimeter security report, we noticed, first of all, breaches occur on a regular basis. I think there was an average of over 2,000 breaches across the National system on an annual basis. We thought it was important given that the TSA conduct a comprehensive risk assessment to obtain, you know, and to identify vulnerabilities across the Nation and to use that information to better decide what to focus on. I think the special emphasis reviews Mr. McLaughlin mentioned, that's a good step. That's going to allow them to see, is this a problem on a broader scale or is it unique to Charlotte? So I think they're doing--they're taking the right actions at the moment. I look forward to seeing what the special emphasis review concludes. But again, you just can't do it on an airport-by-airport basis. You have to do these assessments more broadly. Given the current jurisdiction, everybody seems to have a piece of it, I think that's a good way to proceed. You have to come up with a better visibility on what the problem is on a National scale before attacking the problem. Mr. Keating. You know, well, I think the problem is pretty obvious. I think if you are having an investigation on commercial aircraft that are flying all over the country, leaving it to a local police force isn't going to cut it. It just isn't going to cut it. It's an area that we should look at, in my opinion, more strongly. You know, the whole area of jurisdiction is a problem. As Congress, I must say, at a public hearing just like this, we have our own weaknesses. Because the jurisdiction of homeland security is a patchwork quilt. We're doing our best. I know the Chairman shares my concern as well. We've got to clean up our own jurisdictional problems, you know, for homeland. But when you're dealing with this and the investigative primary responsibility is in a local airport where, I believe, in that instance--and you're familiar, Mr. McLaughlin--there were suggestions that were a few years old that they just ignored. So you have a situation like this. The locals are in charge, and they're ignoring the Federal Government and their recommendations. So the oversight is important, but it's just not good enough, frankly. If anyone else wanted to comment on this, I'd welcome any comments. Mr. McLaughlin. If I could follow up on that, sir. I would say that, in the Charlotte case, specifically, we do, TSA does have a regulatory authority, and we are able to take certain and significant steps, when necessary. We do still have some open investigations with regard to this case. But I would point out two specific things, significant things that Charlotte has done in the interim to improve their perimeter securement. No. 1 is, they've increased their police force at the airport by some 21 officers; and No. 2, they've increased their testing, their own internal testing from twice a day to three times a day. So they are taking some significant steps. They've proposed, in addition to that, several changes to their ASP that we currently have for review within TSA and will be responding in the near future on that. Mr. Keating. What penalties can you invoke, if they ignore--and I'm not picking on Charlotte. I don't think they're alone. It would be just counterintuitive that this is the only airport that there are problems like this. But you know, this affects all of the folks here, and all of the things we've heard here are undercut when we don't have a uniform, seamless approach to this. Mr. McLaughlin. Civil penalties, we would use that mechanism to hold the airports accountable, if they wouldn't comply with our requirements. Mr. Keating. Is that fines? Mr. McLaughlin. Yes, sir. Mr. Keating. Anything else? Do you have the ability to shut down that airport until they get it right? Mr. McLaughlin. I would have to get back with you on that answer. Mr. Keating. It's an area that I'm going to be looking at myself, because I think we need stronger penalties. They're just ignoring those things, and we cannot have that kind of network across the country. If I could move a little further, just jumping around. On the SPOT Program and the behavior observation program, I really commend the people here in looking at it and analyzing it. Could you go into depths about how that analysis is going to occur, and if Mr. Lord or Mr. McLaughlin also have ideas about what should be considered, what kind of metrics are used to evaluate how effective it is and also to make sure, as Mr. Lord said, you know, we can't racially profile people in the United States and we shouldn't. But when you are doing the analysis, what kind of metrics and safeguards go into making sure that that's not occurring? Mr. McLaughlin. I'll take that because it's a National program being conducted here locally. As I said earlier, the GAO made some strong recommendations with regard to the SPOT Program overall. Many of those have been incorporated into the assessor or the behavior detection pilot that we're running here in Boston. So we're looking at a broad spectrum of effectiveness, first and foremost security effectiveness. We want to ensure that this is actual working, that it's helping us to mitigate the threat further than what we're doing today. But second to that, we're looking at the overall impact from an efficiency perspective. So are we ensuring that we're doing this within the constraints of budget and other concerns that we have today. Then finally, we're truly looking at the customer impact. If you have an opportunity to observe that pilot, I would suggest that, in many ways, this enhances the customer experience because it puts TSA in a place where we're having a very human, personal, casual conversation with each customer that approaches us. So we started the process with baseline data. We had data collectors in Logan evaluating a number of different metrics. Now in the pilot phase, we're evaluating how we're performing against those baseline metrics. Again, they touched the spectrum from effectiveness to efficiency to customer experience. I would be more than happy to set up a briefing where we can go into more detail about what they are specifically. Mr. Keating. Thank you. We're here at the site of the international terminal. I'm curious, in terms of resources, money, and how difficult this is, how do you deal with the foreign language issues when you're having a chat-down? Do you have those resources? Mr. Freni. I could speak for Logan Airport. We have many employees, multilingual, that we hire in our public relations and TSR program, public service. Many times, we're called upon to assist with the law enforcement and the TSA to interpret. Mr. Keating. One of the things--and you know when we have these hearings, we have to be careful we don't breach any security or give anyone information that we don't want them to have--but one of the things that I'm very curious about, to the extent that you can talk about it, with the new optics program that you are having with MIT and Lincoln Laboratories and Pacific Northwest, with that camera system, it truly is amazing. This is the pilot project that is here, you know, to be tried out here before the rest of the country. I have an understanding that sometimes, when you look at behavior, sometimes people's actions in a crowd and other things can trigger a computer program where they can zero in on points. That, to me, offers a lot of promise in trying to see, you know, trying to pick out behavior just from an optical standpoint, you know, mechanically. Is there something that you can, without breaching too much security, is there something that you can inform us about that? Admiral Naccara. I can address that. Actually, we considered that, but it's not being deployed at this time. There are a number of problems with that, sir. No. 1, the angle would be from the ceiling, so you may not have a very good perspective of a person's face. Also, very difficult to read that, and the software has not been proven that good to effectively identify those behaviors in that method. So at this point, the camera is being used periodically because it requires so much data space just to view the complete terminal, in this case. It's got tremendous acuity and can view numbers on my badge, for example, at the far end of the terminal. It can be programmed to identify or to alarm for certain colors or certain actions. But we do not have the software, at this point, to identify behaviors. To their credit, MIT is looking at the next iteration of that camera system as well in which they will use many more lenses knitted together to give a 360-degree perspective in a larger area. Mr. Keating. Another one of the--oh, I'm sorry. Go ahead, Mr. Lord. Mr. Lord. I just wanted to note that one of the recommendations in our SPOT report was to better utilize available closed-circuit TVs to refine the program and to help, you know, judge whether you are honing in on the right types of behaviors. So it's good to hear that the TSA is already moving on that. Mr. Keating. Did you do any work, Mr. Lord, to see how realistic that might be someday? Mr. Lord. I know other airports are using more, you know, for lack of better word, hi-def systems. I guess, we were somewhat surprised that every airport has a slightly different approach on the system. We encourage TSA to ensure, you know, that you have a more effective system across all airports. We don't think there should just be this lack of uniformity, which they readily agree with. Mr. Keating. I want to give everyone the opportunity to jump in with another issue. But one thing I'll pick up that, again, it's a good opportunity, frankly, to recognize all of the work that the family members of the victims have put into making sure that other people aren't harmed and the work they did with the 9/11 Commission. Certainly, we all feel an obligation as we walk in here every day and remember 9/11 to those family members that we follow through on the hard work of the Commission. But one of the areas--if I can get some input, it's a great group to ask this question to, I think--one of the weaknesses and the deficiencies that are still there that are identified include the nature of identifications and how they vary from State to State and how they're different. One of the recommendations that they had is that the Federal Government should set standards for the issuance of birth certificates, you know, birth certificates and all kinds of other sources of identification to make sure that's, well, now you are a major hub, and you are getting people from all States and all countries. So how can the Federal Government be helpful in setting some kind of uniformity of those identifications? Mr. McLaughlin. One thing that we can do and that we're in the process of doing at TSA is developing and deploying software that can read multiple forms of identifications and will apply that against the boarding pass. So that's a new tool that we'll be deploying in the near future that will help us ensure that a proper ID is matched up with a proper boarding pass before we allow access through the checkpoint. I'll defer to others here. Mr. Freni. The comment that I'd have from the airline side of the business is that that really needs to be done when the record is developed. Hopefully, there will be some kind of software development where you can pick up on the identification of that person when they make their reservation so it doesn't have to come to the airport to do that. So hopefully, you know, we can tie that in when someone either goes on-line and makes a reservation and ties it into what we call a P&R system where you'd recognize the identification without any problem and then it avoids the waiting until they get here with their boarding pass. Mr. Keating. I'm just probing on areas where we can make changes that have to be made. One of them I think is shameful that hasn't been made by us in Congress and elsewhere is that you meet 8:30 every morning and share information. But when a crisis occurs, that information sharing has to be immediate and it has to be seamless. Could you tell us, from your vantage point, the importance of having that public safety radio band available, the 10 megahertz that's necessary, so that Nation-wide through all different public safety agencies, you can communicate immediately when something occurs? The fact that that hasn't been done, again, is something I'm just lost at. I mean, you know, I know there is controversy about, you know, that band. But I honestly feel that's something that should have been done immediately after 9/11. But from your, you know, with boots on the ground, how important it is to have that band, can anyone? Mr. Concannon. I can tell you, sir, that we actually had this conversation yesterday at State police headquarters. There is a strong interest, for obvious reasons. Colonel McGovern, superintendent of the State police, understands the issue. She's been speaking with State officials about the need to have a dedicated band and to have a dedicated interoperability, not just in moments of crisis, but on a daily basis. So it's definitely an interest, significant concern to the State police. Mr. Keating. I know, you know, that some of the reviews of 9/11 taught us that so many lives would have been saved had that been in place. Here we are 10 years later, and it's still not in place. So we've got our work cut out for us as well. People are going to wonder about this--and I'll leave this as a final question that could help us going forward--you know, you've done so much here and you've had innovative programs. They're costly. Could you comment on some of the means that you use to fund some of the things you've done and some of the needs you have going forward? I'll throw that open to anyone that wants to. Mr. Freni. Over the years since 9/11, all of the programs that I outlined in my comments have cost a significant amount of money. We meet with our stakeholders, our airlines, and in some cases, we have to recover those costs through our rates and charges. We do that, and that's the cost of doing business here at Logan Airport. We've also been very fortunate with our Federal partners to be reimbursed for a good portion of some of the initiatives that we've taken on. One example of that is the inline baggage screening system that we were able to fund and move forward on without Federal funding. We were able to capture a good percentage of that money after we completed it. So we've taken the risk to fund these projects on our own and have tried to find ways through our partners and our users to be able to pay for those initiatives. Admiral Naccara. Speaking from the Federal perspective to what Mr. Freni just described, they have been opportunistic at MassPort by being so focused for 10 years, and I'm appreciative of sharing in that embodiment of spirit here. When they see an opportunity for improvement, they're always leaning forward. When they see that potential, they're exceptionally well-prepared. They will come forward with a very well-justified product, and it's a very compelling argument. When others are still debating whether the concept is fine or should we put money towards that, MassPort will step forward with a quality product that makes it very easy for the Federal Government to say that this is justified. This is the place we should provide some funding. Then everyone benefits in the end. Mr. Keating. With the nature of airports, small rural airports, they have unique challenges. I think it's an area where we should continue. Because as I said, one weak link endangers everyone's safety. So I thank you. I'll yield back my time with that, Mr. Chairman. Mr. McCaul. Thank you, Bill, for that questioning. I want to thank the witnesses for being here today. This has been a very productive hearing. I also want to thank all of the personnel at Logan Airport that made this hearing possible and the Massachusetts Port Authority and the Massachusetts State Police who are here today for allowing us to host this and for welcoming a Texan to Massachusetts. It's a real honor to be here, and again, thank you for your service. It's been a great hearing. So I thank the witnesses for their valuable testimony and the Members for their questions. The Members of the committee may have some additional questions for the witnesses, and we will ask you to respond to these in writing. The hearing record will be held open for 10 days. Without objection, the subcommittee stands adjourned. [Whereupon, at 11:17 a.m., the subcommittee was adjourned.]