Homeland Security: TSA Using Covert Operatives to Test Security Measures
by Jim Kouri, CPP
(The following article is based on reports and material obtained by the National Association of Chiefs of Police. The material presented herein is not classified information.)
The Transportation Security Administration uses undercover, or covert, testing to approximate techniques that terrorists may use to identify vulnerabilities in and measure the performance of airport security systems.
During these tests, undercover inspectors attempt to pass threat objects through passenger and baggage screening systems, and access secure airport areas. In response to a request by the US Congress, the General Accountability Office examined the TSA's strategy for conducting covert testing of the transportation system and the extent to which the agency has designed and implemented its covert tests to achieve identified goals; and the results of TSA's national aviation covert tests conducted from September 2002 to June 2007, and the extent to which TSA uses the results of these tests to mitigate security vulnerabilities.
To conduct this work, GAO analyzed covert testing documents and data and interviewed TSA and transportation industry officials.
TSA has designed and implemented risk-based national and local covert testing programs to achieve its goals of identifying vulnerabilities and measuring the performance of the aviation security system, and has begun to determine the extent to which covert testing will be used in non-aviation modes of transportation. TSA's Office of Inspection (OI) used information on terrorist threats to design and implement its national covert tests and determine at which airports to conduct tests based on the likelihood of a terrorist attack.
However, OI did not systematically record the causes of test failures or practices that resulted in higher pass rates for tests. Without systematically recording reasons for test failures, such as failures caused by screening equipment not working properly, as well as reasons for test passes, TSA is limited in its ability to mitigate identified vulnerabilities.
OI officials stated that identifying a single cause for a test failure is difficult since failures can be caused by multiple factors. TSA recently redesigned its local covert testing program to more effectively measure the performance of passenger and baggage screening systems and identify vulnerabilities.
However, it is too early to determine whether the program will meet its goals since it was only recently implemented and TSA is still analyzing the results of initial tests. While TSA has a well established covert testing program in commercial aviation, the agency does not regularly conduct covert tests in non-aviation modes of transportation.
Select domestic and foreign transportation organizations and DHS components use covert testing to identify security vulnerabilities in non-aviation settings. However, TSA lacks a systematic process for coordinating with these organizations. TSA covert tests conducted from September 2002 to June 2007 have identified vulnerabilities in the commercial aviation system at airports of all sizes, and the agency could more fully use the results of tests to mitigate identified vulnerabilities.
While the specific results of these tests and the vulnerabilities they identified are classified, covert test failures can be caused by multiple factors, including screening equipment that does not detect a threat item, Transportation Security Officers, formerly known as screeners, not properly following TSA procedures when screening passengers, or TSA screening procedures that do not provide sufficient detail to enable TSOs to identify the threat item.
TSA's Administrator and senior officials are routinely briefed on covert test results and are provided with test reports that contain recommendations to address identified vulnerabilities. However, TSA lacks a systematic process to ensure that OI's recommendations are considered and that the rationale for implementing or not implementing OI's recommendations is documented.
Without such a process, TSA is limited in its ability to use covert test results to strengthen aviation security. TSA officials stated that opportunities exist to improve the agency's processes in this area. In May 2008, GAO issued a classified report on TSA's covert testing program. That report contained information that was deemed either classified or sensitive. This version of the report summarizes our overall findings and recommendations while omitting classified or sensitive security information.
Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police. He's former chief at a New York City housing project in Washington Heights nicknamed "Crack City" by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for a number of organizations. He's also served on the National Drug Task Force and trained police and security officers throughout the country. He writes for many police and crime magazines including Chief of Police, Police Times, The Narc Officer, Campus Law Enforcement Journal, and others. He's appeared as on-air commentator for over 100 TV and radio news and talk shows including Oprah, McLaughlin Report, CNN Headline News, MTV, Fox News, etc. His book Assume The Position is available at Amazon.Com, Booksamillion.com, and can be ordered at local bookstores. Kouri holds a bachelor of science in criminal justice and master of arts in public administration and he's a board certified protection professional.