Skip to navigation Skip to content
Click Here to Join TSA

The Long-term Business of Travel Security

Kip Hawley's Journal

November 16, 2007

Checkpoint technology needed to be upgraded to eliminate the possibility of bringing IED components, not an assembled bomb, through the checkpoint. Photo of a bomb and a bomb part.

This week, TSA has been the subject of two different congressional committees to talk about covert checkpoint testing [here and here], and the headlines would grab anyone's attention. Assuming that you missed the actual hearings and viewed only the headlines or the videos, below is my summary of the hearing I wish I had:

Q: Are there vulnerabilities in TSA's checkpoint security -- specifically related to IED's?

A: Yes, there are vulnerabilities to any and every security measure.

Q: Is that dangerous?

A: Only if you don't identify the vulnerabilities and don’t do something about them.

Q: What vulnerabilities have you identified?

A: For carry-on bags, our current x-rays don't automatically identify all kinds of explosives so we have to depend on the Transportation Security Officer (TSO) at the x-ray to identify potential threats, call for a bag search and resolve the issue. This is of course subject to human error -- there are something like ten million images a day we examine.

For shoes, magnetometers and the old "shoe profile" don't necessarily identify all threats.

For people, magnetometers alone don't necessarily identify all threats.

Q: What have you done about it?

A: For carry-on bags: complete workforce re-training by professional bomb techs supported by 300 full-time bomb techs deployed at checkpoints for hands-on help and training. Checkpoint IED drills using bomb components and simulated explosives, every lane, every shift, every day, every airport. New Advanced Technology x-ray equipment will be deployed during 2008 (about 500) as well as explosive liquids detectors (about 200).

For shoes: we X-ray all shoes, which is very effective at identifying shoes that have been tampered with.

For people: We are conducting random and selective explosives detection on passengers using Explosives Trace Detection as well as pat-down procedures. We are testing Backscatter and Millimeter Wave whole body imaging portals.

For the unknown evolving threat, we’ve added extra layers of security, better technology, a strategy of flexible, unpredictable security measures, and constantly train and test our TSOs. We could reduce risk further by eliminating carry on bags all together, but that would cause additional inconvenience for the people we are trying to serve.

TSA has a very good story to tell that you would have missed if you only saw the videos and the headlines. Here it is:

Shortly after I became Administrator of TSA in July 2005, I asked our Office of Inspection, the office that conducts covert testing for TSA, to identify the vulnerabilities in our system at that time. We looked at technology vulnerabilities, people vulnerabilities and strategy vulnerabilities, and learned that we had work to do in all three areas.

Checkpoint technology needed to be upgraded to eliminate the possibility of bringing IED components, not an assembled bomb, through the checkpoint – a much harder task.

Our workforce was too checklist-oriented. Security officers were looking to find prohibited items and pull them out of bags, but they weren’t thinking outside the box.

Our strategy was stagnant and reactive. We needed to change up what we do and not be a sitting duck at the checkpoint. We needed to go on offense.

The analysis that resulted from covert testing gave us the path forward to better security. We retrained the entire TSA workforce using professional bomb tests directed at finding IED components, and changed our protocols to require us to train and test to the standard of IED components.

We’ve tested and deployed new technologies, including advanced technology X-ray, passenger imaging technology and other enhanced explosives detection technologies.

In the past two years, we’ve also added four additional layers of security – to give us a total of 19 - to address vulnerabilities and go on the offensive. Behavior observation identifies suspicious behaviors related to surveillance or pre-attack planning. Assuming document checking responsibilities enables us to use new technology to detect fraudulent documents while also tying in the behavior detection aspect.

VIPR (Visible Intermodal Protection and Response) teams utilize Federal Air Marshals who are not flying on aircraft. They now move under cover – and overtly – to do random patrols everywhere in the airport environment. And lastly, employee screening allows us to look at what employees are doing inside the airport - at the fuel pump, in the parking garage, around the perimeter of the airport.

So while the media reports focus on today’s hot topic of professional testers getting simulated bombs through checkpoints, the American public should know that TSA is very serious about the long-term business of preventing the real ones from getting through. We’ve implemented a risk-based strategy, rooted in intelligence and multi-layered to address vulnerabilities, that is sound enough to address the threats we know about today and flexible enough to deal with the ones we’ll find out about tomorrow.

Kip Hawley
TSA Administrator