Honorable john roth Inspector General for the department of Homeland Security. Ms. Jennifer grover acting director security and justice of at the Government Accountability office and mr. Rafi ron president and ceo of new Age Security Solutions and also has extensive Airport Security work that he has personally participated in in israel. We welcome you all pursuant to Committee Rules all witnesses will be sworn before they testify so if you will rise and raise your right hand. Do you solemnly swear or affirm that the truth the testimony were about to give a bigger truth the whole truth and nothing but the truth . Thank you let the record reflect at all witnesses answered in the affirmative. In order to allow time for discussion we would appreciate it if you would limit your testimony to five minutes and your written record will obviously be made part of the record. We are liberal on your verbal comments but try to keep a close to five and we will start with you mr. Roth. You are recognized for five minutes. Chairman chaffetz Ranking Member cummings to members of the committee thank you for inviting me here to testify today about Airport Security issues. Each day tsa is required to screen about 1. 8 million passengers and 3 million carryon bags in 450 airports nationwide. Tsa faces a classic asymmetric threat. He they cannot afford to miss a single genuine threat without potentially catastrophic consequences. A terrace on the other hand only needs to get it right once. Tsas 50,000 transportation Security Officers spend long hours performing tedious task that require constant vigilance. Complacency can be a huge problem. Ensuring consistency across dhs largest workforce would challenge the best of organizations. Unfortunately although nearly 14 years at hassans tsas inception we remain deeply concerned about its ability to execute its mission. Since 2004 we have published more than 115 audit and inspection reports on tsas programs and operations. They have issued hundreds of recommendations to attempt to improve tsas efficiency and effectiveness. We have conducted a series of covert penetration tasks essentially testing tsas ability to stop us from bringing in simulated explosive weapons through checkpoints as well as testing whether we could enter secure areas through other means means. Although the results of those tests are classified and we would be happy to brief any member of their staff in a secure setting with regard to our specific findings we identified vulnerabilities caused by human technologybased failures. We have reported on tsas acquisitions. There are reports showed tsa faces significant challenges in contracting for goods and services. Despite spending billions on Aviation Security technology are testing of certain systems has revealed no result in improvement. We have examined the performance of tsas workforce which is largely a function of who is hired and how they are trained and managed. Our audits have repeatedly found that human error often simple failure to follow protocol posed a significant security vulnerability. We have looked at how tsa plans for deployed plans for deploys and maintains its equipment and found challenges at every step in the process. These weaknesses that reopen negative impact on transportation security as well. Additionally we have looked at how tsa says is risk in determining the screening. We applaud tsas efforts to use riskbased passenger screening because it allows tsa to focus some the unknown risk passengers instead of noncredit passengers who pose less risk however we have deep concerns about some of tsas decisions about the level of risk. We recently assessed the initiative and as a result of that inspection we have concluded that some of the methods that tsa used in determining risk our sound approaches to increasing the population. Risk assessment rules creates security vulnerabilities. Based on our review we believe tsa needs to modify initiative setting and screening processes. Unfortunately tsa cannot concur with the majority of our recommendations. We believe this represents tsas value to understand the gravity of the situation. As an example of vulnerabilities we recently reported that human Risk Assessment rules anatori assessment rules anatori as felons granted expedited screening through precheck to the travelers a former member of the terrorist group and will member was involved in numerous polonius criminal activities that lead to arrest and conviction. After serving a multiple Year Prison Sentence the traveler was released. Notwithstanding the fact the that transportation Security Officer recognize the traveler based on Media Coverage that traveler was permitted to use expedited screening. Tsa has taken some steps to amend a recommendation to direct security vulnerabilities nonetheless some, persist throughout tsa cannot control or risk to transportation security many issues are well within their control. Despite Planning Strategies for efficiently requiring equipment that operates at full capacity to detect Dangerous Items for example would go a long way towards improving overall operations. Better training and management of transportation Security Officers would help mitigate the effects of human order error which can never be eliminated but can be reduced. Taken together tsas focus on its practices and oversight of its technical assets and work worse is workforce with help enhance security as well as Customer Service for air passengers. Mr. Chairman this concludes my prepared statement and i welcome any questions you or other members of the committee may have. Thank you mpeg senior staff who spent a lot of time putting this information together we appreciate it. Ms. Grovers. Good morning chairman chaffetz and other staff. Screening systems must work properly to deliver the security protections that they promised. Over several years gao is found weaknesses in tsas oversight of the screening systems raising questions of whether tsa is falling short in its ability to ensure Aviation Security. Tsa has taken some steps to improve oversight of these systems that additional actions are needed. Today i will focus on four areas. First a secure Flight Program which matches passenger information against federal Government Watch lists to ensure that those who should not fly or should receive enhanced screening are identified. Second a i. T. Systems which are the fullbody scanners that are used to screen passengers for items at the checkpoint. There have been inclusions screening process which tsa uses to provide expedited screening to passengers who were not previously identified as low risk and for criminal history checks done to airport to set airport workers. Regarding secure flight we found september 2014 at tsa did not have timely and reliable information about the extent extender causes of system matching errors. Which occur when secure flight fails to identify passengers who were matches to the watch list. In response to usa has developed a mechanism to keep track of the nonmatching errors and they are considering considering methods to evaluating your flights matching rates on in ongoing basis. Regarding ait we found in march 2014 at tsa did not include information about screener performance when they were evaluating a i. T. Effectiveness. Rather tsas assessment was limited to the accuracy of ait systems in the laboratory. However after ait identifies a potential threat of screening officer must do a targeted patdown to resolve the alarm. The bus the accuracy of the screeners and conducting their patdowns properly and identifying alternate items is key to understanding the effectiveness of the i. T. Systems in the airport operating environment. Dhs concurred with our recommendation to measure a i. T. As a function of both technology and the screening officers operating but has not fully address their recommendation. Similarly in december 2014 we found tsa has not tested the Security Effectiveness of conclusion systems as it functions as a whole. As part of managed conclusion tsa uses multiple layers of security. Such has explosive detection devices and canines to mitigate the inherent risk associated with screening randomly selected passengers in a system that was designed for low risk passengers. However if the security layers are not working as intended in tsa may not be sufficiently screening passengers. As you know that tsa has tested individual layers of security used in its conclusion and is reported finding them effective although gao has raised concerns about the effectiveness of some of these layers such as behavior detection officers. At the time of the report tsa was planning to complete testing testing of inclusion system by may 2016. Finally regarding tsa then bowman and airport worker vetting we found in December December 2011 that the criminal history Information Available to you tsa and airport was limited. Specifically ta save access to criminal history records was excluding state records. In response to our recommendation tsa and the fbi confirmed there was a risk of incomplete information and the fbi isnt reported expanding the criminal history record Information Available to tsa for the Security Threat assessments. In conclusion tsa has made progress in improving its screening oversight such as by taking steps to understand the vulnerabilities in the secure Flight Program and working with the fbi to obtain access to more complete criminal Background Information yet more work remains to ensure that secure flight and managed inclusion are working as tsa intends. Chairman chaffetz Ranking Member cummings this concludes my statement that i look forward to your questions. Thank you. Mr. Ron you are now recognized for five minutes. Thank you mr. Chairman and Committee Members think youve were inviting me to testify again before you. I have chosen to speak today not on passenger screening as the witnesses have referred in detail but rather go into what mr. Cummings mentioned earlier and that is the failure to give what i would describe as the airport so these which is an extremely important part of our airport and Aviation Security system. What i wish the committee to understand is that the importance of Airport Security has to be measured against the threat of somebody being able to access some aircraft parked on the ground without knowledge or without detection and in the case of the stowaway as we have witnessed in the past they try to get, to take to hide in the wheel well but instead of that instead of 120 pounds of bone and flesh they leave behind a twopound device that will not be noticed. The measures that are being implemented today are simply unable to do that. So if i would put that into and i would say well we invest billions of dollars every year in screening passengers and at the same time we leave the parameter but dont want to say and attended that i say unattended to a satisfactory level, what we actually do is invest all of our resources and leaving the backdoor open but at the end of the day it is the same aircraft that we are trying to protect by screening that would be harmed by the relatively easy access of individuals through the parameter. The parameter is certainly something we have noticed in the past. I havent seen a lot of development during the last few years despite the fact that they have made a lot of red lines. The other subject that brings a lot of heads will headlines lately is the issue of the threat of an insider becoming part of an operation and carry out illegal activity that could be also translated into terrorist threats. We saw the case in atlanta and here in this case i have to say that tsa has responded to it rather quickly by increasing their background checks and the frequency of those checks but as we just heard from the other witnesses its still an open question about the background check itself and if it provides us with the security. The third i would like to refer to is the issue of how well do we protect the public against ground attacks as we witnessed a couple of years ago at lax when an active shooter started shooting at the checkpoint and the Security Forces at the airport responded in a way that certainly can lead us to conclusion for improvement in this area. The common denominator of what are the threepoint sediuk made is that none of them are relayed to passengers and yes they are falling back even in comparison with screening passengers. That means the reason for that is in 2001 the tsa was established it was established both as an implementer of security as well as a regulator. I dont know any other example of government structures where an entity is regulating itself. There has to be a certain level of dependence and authority for the regulator to first of all issue regulations that sometimes they not be comfortable but still have to be performed and certainly when you look for the performance that doesnt meet regulatory requirements that you are in charge of implementation that is a conflict of interest and i strongly recommend that the committee would have a look at it and consider a solution to that. The last one that i would like to make is when we look at Police Forces at airports around the country we see more or less standard Law Enforcement organizations. But we have to understand that the airport the police function prior date is prevention rather than Law Enforcement and reaction because when i terrorist attacks takes place its all over. There is very little except the damages if we talk about exclusive devices and even woman talk about active shooters we need to perform better. That certainly calls for a different type of Airport Security. Airport security should be a dedicated specialized force where people are selected on the basis of their ability to perform those roles. They have to be trained and certified and their certification has to be maintained. Exercises should be carried out on a regular basis and at the end of the day we have to make sure that the capability to prevent or in cases where we need to respond would be quick and effective and this is not where we are today. I thank you very much. Thank you mr. Ron nala the witnesses. We are going to go to rather questions and i will start. First of all what you just said was interesting. You said tsa tries to do everything and there are very few models of this. I think only romania, bulgaria and some third world countries have that structure and they there should be some separation. The government should be in charge of security information for sample getting the intelligence preparing the list so even if you prepare a list and you testified for several that you respond. Am i correct in what i say about the structure being flawed . Yes sir. We never set it up to that tsa continue to operate this huge screening force. Never in our wildest imagination would be imagined or to 6000 screeners and 15,000 administrators. Stop and think about that and begin the report has been released today you see why carraway would show up. Just go over it. Are fairly independent mr. Roth . The first thing we conducted covert penetration tests. I also asked the staff and if the members are nailed who have not participated in a closed briefing you need to get a closed briefing and hear about the rate of failures. Youll be appalled. Its appalling the failure rate rate we dont have to give any specifics that are classified but its an appalling failure right right mr. Roth . I am deeply concerned. We have seen vulnerability in human failures. We will set that up in the Committee Members have audit to tsas acquisitions. Numb number to the acquisition history is a complete fiasco. I cited the competing lobbyists the buying equipment that didnt work and people werent trained for and now the report back here is the gao Technology Report and you said you cited some of the Technology Oversight in this report in march of last year does not enforce compliance with operational directives. That is still the case . In fact from march of 2011 through february 2013 about half the airport with ait systems did not report any ied check point results. Is this correct . Yes sir thats correct. And not Much Movement according to what you found mr. Roth on operation training and auditing. Is that correct . Thats correct. Okay then lets go, the third. This is what he found examining the performance of tsas workforce which is largely a function of who is hiring and how they are hired and trained and managed. Still problems with recruiting. Still problems with training mr. Roth . Correct. Still problems with managing and responsibility in conducting audit and oversight within the system. Thats right pay its. Your audits have repeatedly found human error and often a simple failure to follow protocol. Those are significant vulnerabilities. Is that your statement . It is sir to its. Lets go the last one here. Tsa managed to maintain its equipment. People not realize the threat is very serious and ongoing and the bad guys are one step ahead of us. Just look at the history. The shoe bomber. Tsa never detected it right . Correct. The diaper bomber never detected it, right . Correct. The New York Times square bomber. He bought his ticket on the phone went to jfk and went through all the screening systems and was not stop until we got on the plane and it wasnt tsa. Thats my understanding. Thats my understanding that these are failures of t