Short title

This Act may be cited as the

Airport Security Enhancement and Oversight Act

Findings

Congress makes the following findings: (1)A number of recent airport security breaches in the United States have involved the use of Secure Identification Display Area (referred to in this section as SIDA) badges, the credentials used by airport and airline workers to access the secure areas of an airport. (2)In December 2014, a Delta ramp agent at Hartsfield-Jackson Atlanta International Airport was charged with using his SIDA badge to bypass airport security checkpoints and facilitate an interstate gun smuggling operation over a number of months via commercial aircraft. (3)In January 2015, an Atlanta-based Aviation Safety Inspector of the Federal Aviation Administration used his SIDA badge to bypass airport security checkpoints and transport a firearm in his carry-on luggage. (4)In February 2015, a local news investigation found that over 1,000 SIDA badges at Hartsfield-Jackson Atlanta International Airport were lost or missing. (5)In March 2015, and again in May 2015, Transportation Security Administration (referred to in this section as the Administration) contractors were indicted for participating in a drug smuggling ring using luggage passed through the secure area of the San Francisco International Airport. (6)The Administration has indicated that it does not maintain a list of lost or missing SIDA badges, and instead relies on airport operators to track airport worker credentials. (7)The Administration rarely uses its enforcement authority to fine airport operators that reach a certain threshold of missing SIDA badges. (8)In April 2015, the Aviation Security Advisory Committee issued 28 recommendations for improvements to airport access control. (9)In June 2015, the Inspector General of the Department of Homeland Security reported that the Administration did not have all relevant information regarding 73 airport workers who had records in United States intelligence-related databases because the Administration was not authorized to receive all terrorism-related information under current interagency watchlisting policy. (10)The Inspector General also found that the Administration did not have appropriate checks in place to reject incomplete or inaccurate airport worker employment investigations, including criminal history record checks and work authorization verifications, and had limited oversight over the airport operators that the Administration relies on to perform criminal history and work authorization checks for airport workers. (11)There is growing concern about the potential insider threat at airports in light of recent terrorist activities.

Definitions

(a)

Administration

The term Administration means the Transportation Security Administration. (b)

Administrator

The term Administrator means the Administrator of the Transportation Security Administration. (c)

Appropriate committees of Congress

The term appropriate committees of Congress means— (1)the Committee on Commerce, Science, and Transportation of the Senate; (2)the Committee on Homeland Security and Governmental Affairs of the Senate; and (3)the Committee on Homeland Security of the House of Representatives. (d)

ASAC

The term ASAC means the Aviation Security Advisory Committee established under section 44946 of title 49, United States Code. (e)

Secretary

The term Secretary means the Secretary of Homeland Security. (f)

SIDA

The term SIDA means Secure Identification Display Area as defined in section 1540.5 of title 49, Code of Federal Regulations, or any successor regulation to such section.

Threat assessment

(a)

Insider threats

(1)

In general

Not later than 90 days after the date of enactment of this Act, the Administrator shall conduct or update an assessment to determine the level of risk posed to the domestic air transportation system by individuals with unescorted access to a secure area of an airport (as defined in section 44903(j)(2)(H)) in light of recent international terrorist activity. (2)

Considerations

In conducting or updating the assessment under paragraph (1), the Administrator shall consider— (A)domestic intelligence; (B)international intelligence; (C)the vulnerabilities associated with unescorted access authority granted to domestic airport operators and air carriers, and their employees; (D)the vulnerabilities associated with unescorted access authority granted to foreign airport operators and air carriers, and their employees; (E)the processes and practices designed to mitigate the vulnerabilities associated with unescorted access privileges granted to airport operators and air carriers, and their employees; (F)the recent security breaches at domestic and foreign airports; and (G)the recent security improvements at domestic airports, including the implementation of recommendations made by relevant advisory committees. (b)

Reports to Congress

The Administrator shall submit to the appropriate committees of Congress— (1)a report on the results of the assessment under subsection (a), including any recommendations for improving aviation security; (2)a report on the implementation status of any recommendations made by the ASAC; and (3)regular updates about the insider threat environment as new information becomes available and as needed.

Oversight

(a)

Enhanced requirements

(1)

In general

Subject to public notice and comment, and in consultation with airport operators, the Administrator shall update the rules on access controls issued by the Secretary under chapter 449 of title 49, United States Code. (2)

Considerations

As part of the update under paragraph (1), the Administrator shall consider— (A)increased fines and advanced oversight for airport operators that report missing more than 5 percent of credentials for unescorted access to any SIDA of an airport; (B)best practices for Category X airport operators that report missing more than 3 percent of credentials for unescorted access to any SIDA of an airport; (C)additional audits and status checks for airport operators that report missing more than 3 percent of credentials for unescorted access to any SIDA of an airport; (D)review and analysis of the prior 5 years of audits for airport operators that report missing more than 3 percent of credentials for unescorted access to any SIDA of an airport; (E)increased fines and direct enforcement requirements for both airport workers and their employers that fail to report within 24 hours an employment termination or a missing credential for unescorted access to any SIDA of an airport; and (F)a method for termination by the employer of any airport worker that fails to report in a timely manner missing credentials for unescorted access to any SIDA of an airport. (b)

Temporary credentials

The Administrator may encourage the issuance by airport and aircraft operators of free one-time, 24-hour temporary credentials for workers who have reported their credentials missing, but not permanently lost, stolen, or destroyed, in a timely manner, until replacement of credentials under section 1542.211 of title 49 Code of Federal Regulations is necessary. (c)

Notification and report to Congress

The Administrator shall— (1)notify the appropriate committees of Congress each time an airport operator reports that more than 3 percent of credentials for unescorted access to any SIDA at a Category X airport are missing or more than 5 percent of credentials to access any SIDA at any other airport are missing; and (2)submit to the appropriate committees of Congress an annual report on the number of violations and fines related to unescorted access to the SIDA of an airport collected in the preceding fiscal year.

Credentials

(a)

Lawful status

Not later than 90 days after the date of enactment of this Act, the Administrator shall issue guidance to airport operators regarding placement of an expiration date on each airport credential issued to a non-United States citizen no longer than the period of time during which that non-United States citizen is lawfully authorized to work in the United States. (b)

Review of procedures

(1)

In general

Not later than 90 days after the date of enactment of this Act, the Administrator shall— (A)issue guidance for transportation security inspectors to annually review the procedures of airport operators and air carriers for applicants seeking unescorted access to any SIDA of an airport; and (B)make available to airport operators and air carriers information on identifying suspicious or fraudulent identification materials. (2)

Inclusions

The guidance shall require a comprehensive review of background checks and employment authorization documents issued by the Citizenship and Immigration Services during the course of a review of procedures under paragraph (1).

Vetting

(a)

Eligibility requirements

(1)

In general

Not later than 180 days after the date of enactment of this Act, and subject to public notice and comment, the Administrator shall revise the regulations issued under section 44936 of title 49, United States Code, in accordance with this section and current knowledge of insider threats and intelligence, to enhance the eligibility requirements and disqualifying criminal offenses for individuals seeking or having unescorted access to a SIDA of an airport. (2)

Disqualifying criminal offenses

In revising the regulations under paragraph (1), the Administrator shall consider adding to the list of disqualifying criminal offenses and criteria the offenses and criteria listed in section 122.183(a)(4) of title 19, Code of Federal Regulations and section 1572.103 of title 49, Code of Federal Regulations. (3)

Waivers

In revising the regulations under paragraph (1), the Administrator shall provide an adequate redress process for an aviation worker subjected to an adverse employment decision, including removal or suspension of the aviation worker, due to a disqualifying criminal offense described in this section. (4)

Look back

In revising the regulations under paragraph (1), the Administrator shall propose that an individual be disqualified if the individual was convicted, or found not guilty by reason of insanity, of a disqualifying criminal offense within 15 years before the date of an individual’s application, or if the individual was incarcerated for that crime and released from incarceration within 5 years before the date of the individual's application. (5)

Certifications

The Administrator shall require an airport or aircraft operator, as applicable, to certify for each individual who receives unescorted access to any SIDA of an airport that— (A)a specific need exists for providing that individual with unescorted access authority; and (B)the individual has certified to the airport or aircraft operator that the individual understands the requirements for possessing a SIDA badge. (6)

Report to Congress

Not later than 90 days after the date of enactment, the Administrator shall submit to the appropriate committees of Congress a report on the status of the revision to the regulations issued under section 44936 of title 49, United States Code, in accordance with this section. (7)

Rule of construction

Nothing in this subsection may be construed to affect existing aviation worker vetting fees imposed by the Administration. (b)

Recurrent vetting

(1)

In general

Not later than 90 days after the date of enactment of this Act, the Administrator and the Director of the Federal Bureau of Investigation shall fully implement the Rap Back service for recurrent vetting of eligible Administration-regulated populations of individuals with unescorted access to any SIDA of an airport. (2)

Requirements

As part of the requirement in paragraph (1), the Administrator shall ensure that— (A)any status notifications the Administration receives through the Rap Back service about criminal offenses be limited to only disqualifying criminal offenses in accordance with the regulations promulgated by the Administration under section 44903 of title 49, United States Code, or other Federal law; and (B)any information received by the Administration through the Rap Back service is provided directly and immediately to the relevant airport and aircraft operators. (3)

Report to Congress

Not later than 60 days after the date of enactment of this Act, the Administrator shall submit to the appropriate committees of Congress a report on the implementation status of the Rap Back service. (c)

Access to terrorism-Related data

Not later than 30 days after the date of enactment of this Act, the Administrator and the Director of National Intelligence shall coordinate to ensure that the Administrator is authorized to receive automated, real-time access to additional Terrorist Identities Datamart Environment (TIDE) data and any other terrorism related category codes to improve the effectiveness of the Administration’s credential vetting program for individuals that are seeking or have unescorted access to a SIDA of an airport. (d)

Access to E-Verify and SAVE programs

Not later than 90 days after the date of enactment of this Act, the Secretary shall authorize each airport operator to have direct access to the E-Verify program and the Systematic Alien Verification for Entitlements (SAVE) automated system to determine the eligibility of individuals seeking unescorted access to a SIDA of an airport.

Metrics

(a)

In general

Not later than 1 year after the date of enactment of this Act, the Administrator shall develop and implement performance metrics to measure the effectiveness of security for the SIDAs of airports. (b)

Considerations

In developing the performance metrics under subsection (a), the Administrator may consider— (1)adherence to access point procedures; (2)proper use of credentials; (3)differences in access point requirements between airport workers performing functions on the airside of an airport and airport workers performing functions in other areas of an airport; (4)differences in access point characteristics and requirements at airports; and (5)any additional factors the Administrator considers necessary to measure performance.

Inspections and assessments

(a)

Model and best practices

Not later than 180 days after the date of enactment of this Act, the Administrator, in consultation with the ASAC, shall develop a model and best practices for unescorted access security that— (1)use intelligence, scientific algorithms, and risk-based factors; (2)ensure integrity, accountability, and control; (3)subject airport workers to random physical security inspections conducted by Administration representatives in accordance with this section; (4)appropriately manage the number of SIDA access points to improve supervision of and reduce unauthorized access to these areas; and (5)include validation of identification materials, such as with biometrics. (b)

Inspections

Consistent with a risk-based security approach, the Administrator shall expand the use of transportation security officers and inspectors to conduct enhanced, random and unpredictable, data-driven, and operationally dynamic physical inspections of airport workers in each SIDA of an airport and at each SIDA access point— (1)to verify the credentials of airport workers; (2)to determine whether airport workers possess prohibited items, except for those that may be necessary for the performance of their duties, as appropriate, in any SIDA of an airport; and (3)to verify whether airport workers are following appropriate procedures to access a SIDA of an airport. (c)

Screening review

(1)

In general

The Administrator shall conduct a review of airports that have implemented additional airport worker screening or perimeter security to improve airport security, including— (A)comprehensive airport worker screening at access points to secure areas; (B)comprehensive perimeter screening, including vehicles; (C)enhanced fencing or perimeter sensors; and (D)any additional airport worker screening or perimeter security measures the Administrator identifies. (2)

Best practices

After completing the review under paragraph (1), the Administrator shall— (A)identify best practices for additional access control and airport worker security at airports; and (B)disseminate the best practices identified under subparagraph (A) to airport operators. (3)

Pilot program

The Administrator may conduct a pilot program at 1 or more airports to test and validate best practices for comprehensive airport worker screening or perimeter security under paragraph (2).

10.

Covert testing

(a)

In general

The Administrator shall increase the use of red-team, covert testing of access controls to any secure areas of an airport. (b)

Additional covert testing

The Inspector General of the Department of Homeland Security shall conduct red-team, covert testing of airport access controls to the SIDA of airports. (c)

Reports to Congress

(1)

Administrator report

Not later than 90 days after the date of enactment of this Act, the Administrator shall submit to the appropriate committee of Congress a report on the progress to expand the use of inspections and of red-team, covert testing under subsection (a). (2)

Inspector General report

Not later than 180 days after the date of enactment of this Act, the Inspector General of the Department of Homeland Security shall submit to the appropriate committee of Congress a report on the effectiveness of airport access controls to the SIDA of airports based on red-team, covert testing under subsection (b).

11.

Security directives

(a)

Review

Not later than 180 days after the date of enactment of this Act, and annually thereafter, the Administrator, in consultation with the appropriate regulated entities, shall conduct a comprehensive review of every current security directive addressed to any regulated entity— (1)to determine whether the security directive continues to be relevant; (2)to determine whether the security directives should be streamlined or consolidated to most efficiently maximize risk reduction; and (3)to update, consolidate, or revoke any security directive as necessary. (b)

Notice

For each security directive that the Administrator issues, the Administrator shall submit to the appropriate committees of Congress notice of the extent to which the security directive— (1)responds to a specific threat or emergency situation; and (2)when it is anticipated that it will expire.

12.

Implementation report

Not later than 1 year after the date of enactment of this Act, the Comptroller General shall— (1)assess the progress made by the Administration and the effect on aviation security of implementing the requirements under sections 4 through 11 of this Act; and (2)report to the appropriate committees of Congress on the results of the assessment under paragraph (1), including any recommendations.

13.

Miscellaneous amendments

(a)

ASAC terms of office

Section 44946(c)(2)(A) of title 49, United States Code is amended to read as follows:

(A)

Terms

The term of each member of the Advisory Committee shall be 2 years, but a member may continue to serve until the Assistant Secretary appoints a successor. A member of the Advisory Committee may be reappointed.

(b)

Feedback

Section 44946(b)(5) of title 49, United States Code, is amended to read as follows:

(5)

Feedback

Not later than 90 days after receiving recommendations transmitted by the Advisory Committee under paragraph (2) or paragraph (4), the Assistant Secretary shall respond in writing to the Advisory Committee with feedback on each of the recommendations, an action plan to implement any of the recommendations with which the Assistant Secretary concurs, and a justification for why any of the recommendations have been rejected.