[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2361 Introduced in Senate (IS)]

<DOC>






114th CONGRESS
  1st Session
                                S. 2361

          To enhance airport security, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            December 7, 2015

   Mr. Thune (for himself, Mr. Nelson, Ms. Ayotte, and Ms. Cantwell) 
introduced the following bill; which was read twice and referred to the 
           Committee on Commerce, Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
          To enhance airport security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Airport Security Enhancement and 
Oversight Act''.

SEC. 2. FINDINGS.

    Congress makes the following findings:
            (1) A number of recent airport security breaches in the 
        United States have involved the use of Secure Identification 
        Display Area (referred to in this section as ``SIDA'') badges, 
        the credentials used by airport and airline workers to access 
        the secure areas of an airport.
            (2) In December 2014, a Delta ramp agent at Hartsfield-
        Jackson Atlanta International Airport was charged with using 
        his SIDA badge to bypass airport security checkpoints and 
        facilitate an interstate gun smuggling operation over a number 
        of months via commercial aircraft.
            (3) In January 2015, an Atlanta-based Aviation Safety 
        Inspector of the Federal Aviation Administration used his SIDA 
        badge to bypass airport security checkpoints and transport a 
        firearm in his carry-on luggage.
            (4) In February 2015, a local news investigation found that 
        over 1,000 SIDA badges at Hartsfield-Jackson Atlanta 
        International Airport were lost or missing.
            (5) In March 2015, and again in May 2015, Transportation 
        Security Administration (referred to in this section as the 
        ``Administration'') contractors were indicted for participating 
        in a drug smuggling ring using luggage passed through the 
        secure area of the San Francisco International Airport.
            (6) The Administration has indicated that it does not 
        maintain a list of lost or missing SIDA badges, and instead 
        relies on airport operators to track airport worker 
        credentials.
            (7) The Administration rarely uses its enforcement 
        authority to fine airport operators that reach a certain 
        threshold of missing SIDA badges.
            (8) In April 2015, the Aviation Security Advisory Committee 
        issued 28 recommendations for improvements to airport access 
        control.
            (9) In June 2015, the Inspector General of the Department 
        of Homeland Security reported that the Administration did not 
        have all relevant information regarding 73 airport workers who 
        had records in United States intelligence-related databases 
        because the Administration was not authorized to receive all 
        terrorism-related information under current interagency 
        watchlisting policy.
            (10) The Inspector General also found that the 
        Administration did not have appropriate checks in place to 
        reject incomplete or inaccurate airport worker employment 
        investigations, including criminal history record checks and 
        work authorization verifications, and had limited oversight 
        over the airport operators that the Administration relies on to 
        perform criminal history and work authorization checks for 
        airport workers.
            (11) There is growing concern about the potential insider 
        threat at airports in light of recent terrorist activities.

SEC. 3. DEFINITIONS.

    (a) Administration.--The term ``Administration'' means the 
Transportation Security Administration.
    (b) Administrator.--The term ``Administrator'' means the 
Administrator of the Transportation Security Administration.
    (c) Appropriate Committees of Congress.--The term ``appropriate 
committees of Congress'' means--
            (1) the Committee on Commerce, Science, and Transportation 
        of the Senate;
            (2) the Committee on Homeland Security and Governmental 
        Affairs of the Senate; and
            (3) the Committee on Homeland Security of the House of 
        Representatives.
    (d) ASAC.--The term ``ASAC'' means the Aviation Security Advisory 
Committee established under section 44946 of title 49, United States 
Code.
    (e) Secretary.--The term ``Secretary'' means the Secretary of 
Homeland Security.
    (f) SIDA.--The term ``SIDA'' means Secure Identification Display 
Area as defined in section 1540.5 of title 49, Code of Federal 
Regulations, or any successor regulation to such section.

SEC. 4. THREAT ASSESSMENT.

    (a) Insider Threats.--
            (1) In general.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator shall conduct or 
        update an assessment to determine the level of risk posed to 
        the domestic air transportation system by individuals with 
        unescorted access to a secure area of an airport (as defined in 
        section 44903(j)(2)(H)) in light of recent international 
        terrorist activity.
            (2) Considerations.--In conducting or updating the 
        assessment under paragraph (1), the Administrator shall 
        consider--
                    (A) domestic intelligence;
                    (B) international intelligence;
                    (C) the vulnerabilities associated with unescorted 
                access authority granted to domestic airport operators 
                and air carriers, and their employees;
                    (D) the vulnerabilities associated with unescorted 
                access authority granted to foreign airport operators 
                and air carriers, and their employees;
                    (E) the processes and practices designed to 
                mitigate the vulnerabilities associated with unescorted 
                access privileges granted to airport operators and air 
                carriers, and their employees;
                    (F) the recent security breaches at domestic and 
                foreign airports; and
                    (G) the recent security improvements at domestic 
                airports, including the implementation of 
                recommendations made by relevant advisory committees.
    (b) Reports to Congress.--The Administrator shall submit to the 
appropriate committees of Congress--
            (1) a report on the results of the assessment under 
        subsection (a), including any recommendations for improving 
        aviation security;
            (2) a report on the implementation status of any 
        recommendations made by the ASAC; and
            (3) regular updates about the insider threat environment as 
        new information becomes available and as needed.

SEC. 5. OVERSIGHT.

    (a) Enhanced Requirements.--
            (1) In general.--Subject to public notice and comment, and 
        in consultation with airport operators, the Administrator shall 
        update the rules on access controls issued by the Secretary 
        under chapter 449 of title 49, United States Code.
            (2) Considerations.--As part of the update under paragraph 
        (1), the Administrator shall consider--
                    (A) increased fines and advanced oversight for 
                airport operators that report missing more than 5 
                percent of credentials for unescorted access to any 
                SIDA of an airport;
                    (B) best practices for Category X airport operators 
                that report missing more than 3 percent of credentials 
                for unescorted access to any SIDA of an airport;
                    (C) additional audits and status checks for airport 
                operators that report missing more than 3 percent of 
                credentials for unescorted access to any SIDA of an 
                airport;
                    (D) review and analysis of the prior 5 years of 
                audits for airport operators that report missing more 
                than 3 percent of credentials for unescorted access to 
                any SIDA of an airport;
                    (E) increased fines and direct enforcement 
                requirements for both airport workers and their 
                employers that fail to report within 24 hours an 
                employment termination or a missing credential for 
                unescorted access to any SIDA of an airport; and
                    (F) a method for termination by the employer of any 
                airport worker that fails to report in a timely manner 
                missing credentials for unescorted access to any SIDA 
                of an airport.
    (b) Temporary Credentials.--The Administrator may encourage the 
issuance by airport and aircraft operators of free one-time, 24-hour 
temporary credentials for workers who have reported their credentials 
missing, but not permanently lost, stolen, or destroyed, in a timely 
manner, until replacement of credentials under section 1542.211 of 
title 49 Code of Federal Regulations is necessary.
    (c) Notification and Report to Congress.--The Administrator shall--
            (1) notify the appropriate committees of Congress each time 
        an airport operator reports that more than 3 percent of 
        credentials for unescorted access to any SIDA at a Category X 
        airport are missing or more than 5 percent of credentials to 
        access any SIDA at any other airport are missing; and
            (2) submit to the appropriate committees of Congress an 
        annual report on the number of violations and fines related to 
        unescorted access to the SIDA of an airport collected in the 
        preceding fiscal year.

SEC. 6. CREDENTIALS.

    (a) Lawful Status.--Not later than 90 days after the date of 
enactment of this Act, the Administrator shall issue guidance to 
airport operators regarding placement of an expiration date on each 
airport credential issued to a non-United States citizen no longer than 
the period of time during which that non-United States citizen is 
lawfully authorized to work in the United States.
    (b) Review of Procedures.--
            (1) In general.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator shall--
                    (A) issue guidance for transportation security 
                inspectors to annually review the procedures of airport 
                operators and air carriers for applicants seeking 
                unescorted access to any SIDA of an airport; and
                    (B) make available to airport operators and air 
                carriers information on identifying suspicious or 
                fraudulent identification materials.
            (2) Inclusions.--The guidance shall require a comprehensive 
        review of background checks and employment authorization 
        documents issued by the Citizenship and Immigration Services 
        during the course of a review of procedures under paragraph 
        (1).

SEC. 7. VETTING.

    (a) Eligibility Requirements.--
            (1) In general.--Not later than 180 days after the date of 
        enactment of this Act, and subject to public notice and 
        comment, the Administrator shall revise the regulations issued 
        under section 44936 of title 49, United States Code, in 
        accordance with this section and current knowledge of insider 
        threats and intelligence, to enhance the eligibility 
        requirements and disqualifying criminal offenses for 
        individuals seeking or having unescorted access to a SIDA of an 
        airport.
            (2) Disqualifying criminal offenses.--In revising the 
        regulations under paragraph (1), the Administrator shall 
        consider adding to the list of disqualifying criminal offenses 
        and criteria the offenses and criteria listed in section 
        122.183(a)(4) of title 19, Code of Federal Regulations and 
        section 1572.103 of title 49, Code of Federal Regulations.
            (3) Waivers.--In revising the regulations under paragraph 
        (1), the Administrator shall provide an adequate redress 
        process for an aviation worker subjected to an adverse 
        employment decision, including removal or suspension of the 
        aviation worker, due to a disqualifying criminal offense 
        described in this section.
            (4) Look back.--In revising the regulations under paragraph 
        (1), the Administrator shall propose that an individual be 
        disqualified if the individual was convicted, or found not 
        guilty by reason of insanity, of a disqualifying criminal 
        offense within 15 years before the date of an individual's 
        application, or if the individual was incarcerated for that 
        crime and released from incarceration within 5 years before the 
        date of the individual's application.
            (5) Certifications.--The Administrator shall require an 
        airport or aircraft operator, as applicable, to certify for 
        each individual who receives unescorted access to any SIDA of 
        an airport that--
                    (A) a specific need exists for providing that 
                individual with unescorted access authority; and
                    (B) the individual has certified to the airport or 
                aircraft operator that the individual understands the 
                requirements for possessing a SIDA badge.
            (6) Report to congress.--Not later than 90 days after the 
        date of enactment, the Administrator shall submit to the 
        appropriate committees of Congress a report on the status of 
        the revision to the regulations issued under section 44936 of 
        title 49, United States Code, in accordance with this section.
            (7) Rule of construction.--Nothing in this subsection may 
        be construed to affect existing aviation worker vetting fees 
        imposed by the Administration.
    (b) Recurrent Vetting.--
            (1) In general.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator and the Director of 
        the Federal Bureau of Investigation shall fully implement the 
        Rap Back service for recurrent vetting of eligible 
        Administration-regulated populations of individuals with 
        unescorted access to any SIDA of an airport.
            (2) Requirements.--As part of the requirement in paragraph 
        (1), the Administrator shall ensure that--
                    (A) any status notifications the Administration 
                receives through the Rap Back service about criminal 
                offenses be limited to only disqualifying criminal 
                offenses in accordance with the regulations promulgated 
                by the Administration under section 44903 of title 49, 
                United States Code, or other Federal law; and
                    (B) any information received by the Administration 
                through the Rap Back service is provided directly and 
                immediately to the relevant airport and aircraft 
                operators.
            (3) Report to congress.--Not later than 60 days after the 
        date of enactment of this Act, the Administrator shall submit 
        to the appropriate committees of Congress a report on the 
        implementation status of the Rap Back service.
    (c) Access to Terrorism-Related Data.--Not later than 30 days after 
the date of enactment of this Act, the Administrator and the Director 
of National Intelligence shall coordinate to ensure that the 
Administrator is authorized to receive automated, real-time access to 
additional Terrorist Identities Datamart Environment (TIDE) data and 
any other terrorism related category codes to improve the effectiveness 
of the Administration's credential vetting program for individuals that 
are seeking or have unescorted access to a SIDA of an airport.
    (d) Access to E-Verify and SAVE Programs.--Not later than 90 days 
after the date of enactment of this Act, the Secretary shall authorize 
each airport operator to have direct access to the E-Verify program and 
the Systematic Alien Verification for Entitlements (SAVE) automated 
system to determine the eligibility of individuals seeking unescorted 
access to a SIDA of an airport.

SEC. 8. METRICS.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Administrator shall develop and implement performance 
metrics to measure the effectiveness of security for the SIDAs of 
airports.
    (b) Considerations.--In developing the performance metrics under 
subsection (a), the Administrator may consider--
            (1) adherence to access point procedures;
            (2) proper use of credentials;
            (3) differences in access point requirements between 
        airport workers performing functions on the airside of an 
        airport and airport workers performing functions in other areas 
        of an airport;
            (4) differences in access point characteristics and 
        requirements at airports; and
            (5) any additional factors the Administrator considers 
        necessary to measure performance.

SEC. 9. INSPECTIONS AND ASSESSMENTS.

    (a) Model and Best Practices.--Not later than 180 days after the 
date of enactment of this Act, the Administrator, in consultation with 
the ASAC, shall develop a model and best practices for unescorted 
access security that--
            (1) use intelligence, scientific algorithms, and risk-based 
        factors;
            (2) ensure integrity, accountability, and control;
            (3) subject airport workers to random physical security 
        inspections conducted by Administration representatives in 
        accordance with this section;
            (4) appropriately manage the number of SIDA access points 
        to improve supervision of and reduce unauthorized access to 
        these areas; and
            (5) include validation of identification materials, such as 
        with biometrics.
    (b) Inspections.--Consistent with a risk-based security approach, 
the Administrator shall expand the use of transportation security 
officers and inspectors to conduct enhanced, random and unpredictable, 
data-driven, and operationally dynamic physical inspections of airport 
workers in each SIDA of an airport and at each SIDA access point--
            (1) to verify the credentials of airport workers;
            (2) to determine whether airport workers possess prohibited 
        items, except for those that may be necessary for the 
        performance of their duties, as appropriate, in any SIDA of an 
        airport; and
            (3) to verify whether airport workers are following 
        appropriate procedures to access a SIDA of an airport.
    (c) Screening Review.--
            (1) In general.--The Administrator shall conduct a review 
        of airports that have implemented additional airport worker 
        screening or perimeter security to improve airport security, 
        including--
                    (A) comprehensive airport worker screening at 
                access points to secure areas;
                    (B) comprehensive perimeter screening, including 
                vehicles;
                    (C) enhanced fencing or perimeter sensors; and
                    (D) any additional airport worker screening or 
                perimeter security measures the Administrator 
                identifies.
            (2) Best practices.--After completing the review under 
        paragraph (1), the Administrator shall--
                    (A) identify best practices for additional access 
                control and airport worker security at airports; and
                    (B) disseminate the best practices identified under 
                subparagraph (A) to airport operators.
            (3) Pilot program.--The Administrator may conduct a pilot 
        program at 1 or more airports to test and validate best 
        practices for comprehensive airport worker screening or 
        perimeter security under paragraph (2).

SEC. 10. COVERT TESTING.

    (a) In General.--The Administrator shall increase the use of red-
team, covert testing of access controls to any secure areas of an 
airport.
    (b) Additional Covert Testing.--The Inspector General of the 
Department of Homeland Security shall conduct red-team, covert testing 
of airport access controls to the SIDA of airports.
    (c) Reports to Congress.--
            (1) Administrator report.--Not later than 90 days after the 
        date of enactment of this Act, the Administrator shall submit 
        to the appropriate committee of Congress a report on the 
        progress to expand the use of inspections and of red-team, 
        covert testing under subsection (a).
            (2) Inspector general report.--Not later than 180 days 
        after the date of enactment of this Act, the Inspector General 
        of the Department of Homeland Security shall submit to the 
        appropriate committee of Congress a report on the effectiveness 
        of airport access controls to the SIDA of airports based on 
        red-team, covert testing under subsection (b).

SEC. 11. SECURITY DIRECTIVES.

    (a) Review.--Not later than 180 days after the date of enactment of 
this Act, and annually thereafter, the Administrator, in consultation 
with the appropriate regulated entities, shall conduct a comprehensive 
review of every current security directive addressed to any regulated 
entity--
            (1) to determine whether the security directive continues 
        to be relevant;
            (2) to determine whether the security directives should be 
        streamlined or consolidated to most efficiently maximize risk 
        reduction; and
            (3) to update, consolidate, or revoke any security 
        directive as necessary.
    (b) Notice.--For each security directive that the Administrator 
issues, the Administrator shall submit to the appropriate committees of 
Congress notice of the extent to which the security directive--
            (1) responds to a specific threat or emergency situation; 
        and
            (2) when it is anticipated that it will expire.

SEC. 12. IMPLEMENTATION REPORT.

    Not later than 1 year after the date of enactment of this Act, the 
Comptroller General shall--
            (1) assess the progress made by the Administration and the 
        effect on aviation security of implementing the requirements 
        under sections 4 through 11 of this Act; and
            (2) report to the appropriate committees of Congress on the 
        results of the assessment under paragraph (1), including any 
        recommendations.

SEC. 13. MISCELLANEOUS AMENDMENTS.

    (a) ASAC Terms of Office.--Section 44946(c)(2)(A) of title 49, 
United States Code is amended to read as follows:
                    ``(A) Terms.--The term of each member of the 
                Advisory Committee shall be 2 years, but a member may 
                continue to serve until the Assistant Secretary 
                appoints a successor. A member of the Advisory 
                Committee may be reappointed.''.
    (b) Feedback.--Section 44946(b)(5) of title 49, United States Code, 
is amended to read as follows:
            ``(5) Feedback.--Not later than 90 days after receiving 
        recommendations transmitted by the Advisory Committee under 
        paragraph (2) or paragraph (4), the Assistant Secretary shall 
        respond in writing to the Advisory Committee with feedback on 
        each of the recommendations, an action plan to implement any of 
        the recommendations with which the Assistant Secretary concurs, 
        and a justification for why any of the recommendations have 
        been rejected.''.
                                 <all>