• Who We Are
• For Travelers
• What We Do
• Join Us
• Our Approach
• Media Room
• Research Center

---

• Media Room
• DHS Leadership Journal Posts
• News & Happenings
• Press Releases
• RSS and News Feeds
• Speakers Bureau
• Terminal Madness
• Speeches & Testimony
• Workforce Stories
• Myth Busters

Testimony by Kip Hawley

Assistant Secretary of the Transportation Security Administration

Before the United States Senate
Committee on Commerce, Science and Transportation

February 9, 2006

Good morning, Mr. Chairman, Co-Chairman Inouye, and Members of the Committee.  Thank you for this opportunity to discuss the Secure Flight and Registered Traveler programs.

In December’s hearing, we discussed the fourteen layers of protection now in place for the cockpit and passenger cabin and our view of the current risk environment.  These layers range from measures the government takes overseas to pre-empt attacks, to the security measures in place on the aircraft itself.  

Today, I am here to assist the Committee in considering activities toward the middle of the fourteen layers, passenger pre-screening.

Passenger pre-screening can be broken down into three parts:

1. Identify known terrorists and prevent them from getting near an aircraft. This is role of watch list matching, which is now done by airlines and will be transferred to the government under Secure Flight.

2. Identify behaviors common to terrorists whose names we don’t know and give them additional screening.  This is the role of the Computer Assisted Pre-Screening or “CAPPS” process.

3. Identify people who do not pose a threat to aviation security, so that we do not expend valuable security resources unnecessarily.  This is the role of Registered Traveler.

Secure Flight is the most important of those and also the one requiring the most management attention. I will focus my opening remarks on Secure Flight.

The effort to improve terrorist watch list screening, first through the CAPPS II effort and subsequently under Secure Flight, was and is a complicated task. Despite sincere and dedicated efforts by TSA, there has been an undercurrent of concern from outside stake-holders, really from the beginning. Over the past four years, many concerns have been raised and addressed but Secure Flight continues to be a source of frustration.

Congress recognized these issues when it included special certification requirements for the Secure Flight program in recent appropriations acts.  And we appreciate GAO’s efforts to provide a comprehensive review of the Secure Flight program.

We are in the process of making changes to how TSA operates that align with Secretary Chertoff’s risk-based strategy for the Department.  I have previously shared with you our overall strategy, and the organizational changes that support that strategy.  And, on December 22, we outlined some operational steps in the direction of improvements in TSA's aviation checkpoint security.

As part of this continuing review, I asked TSA’s Information Technology Office to conduct IT system security audits of all TSA credentialing and vetting programs.  This review, which includes Secure Flight, is on-going but I believe that it is safe to say that many of the same issues identified by GAO are also highlighted by this more detailed review.

Rather than address each identified weakness on its own, I have directed that the Secure Flight IT systems go through the comprehensive recertification process, pursuant to Federal Information Security Management Act (FISMA) requirements.  This action and the others we are taking, I believe is compatible with GAO’s suggestion that we re-baseline the program and insure that we use technology development best-practices in management, security, and operations.  While the Secure Flight regulation is being developed, this is the time to ensure that Secure Flight’s security, operational and privacy foundation is solid.

We will move forward with the Secure Flight program as expeditiously as possible, but in view of our need to establish trust with all of our stakeholders on the security and privacy of our systems and data, my priority is to ensure that we do it right…not just that we do it quickly.

When I appeared before this Committee during the confirmation process, I said that I believe programs like Secure Flight should be built from a strong privacy foundation as a starting point as opposed to building it and then adding privacy. The approach I just outlined will accomplish that.

Security and privacy are necessary ingredients of each other and are not opposite ends of the spectrum. TSA will approach all of its programs with that in mind.

On Registered Traveler, I will just say that it will be market-driven, and offered by the private sector.  TSA’s principal requirements are that it:  1) pays its own way, and 2) does not diminish security.

We are fully aware terrorists may attempt to exploit Registered Traveler program benefits, and the program is designed to thwart those efforts.  

On November 3, 2005, I outlined the path forward for Registered Traveler.   We are on track, having met the milestones established for January 20th.  Depending on the pace of our market-driven private industry partners, TSA expects to be ready to begin screening Registered Traveler program applicants in mid-June.

Mr. Chairman, we look forward to working with the Committee to ensure that Secure Flight and Registered Traveler enhance the security of our aviation systems while protecting the privacy of Americans.  

Thank you again for the opportunity to testify today.  I will be pleased to respond to questions.