[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2361 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 382
114th CONGRESS
  2d Session
                                S. 2361

                          [Report No. 114-222]

          To enhance airport security, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            December 7, 2015

   Mr. Thune (for himself, Mr. Nelson, Ms. Ayotte, Ms. Cantwell, Mr. 
Johnson, Ms. Klobuchar, and Mr. Carper) introduced the following bill; 
    which was read twice and referred to the Committee on Commerce, 
                      Science, and Transportation

                             March 7, 2016

                Reported by Mr. Thune, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
          To enhance airport security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Airport Security 
Enhancement and Oversight Act''.</DELETED>

<DELETED>SEC. 2. FINDINGS.</DELETED>

<DELETED>    Congress makes the following findings:</DELETED>
        <DELETED>    (1) A number of recent airport security breaches 
        in the United States have involved the use of Secure 
        Identification Display Area (referred to in this section as 
        ``SIDA'') badges, the credentials used by airport and airline 
        workers to access the secure areas of an airport.</DELETED>
        <DELETED>    (2) In December 2014, a Delta ramp agent at 
        Hartsfield-Jackson Atlanta International Airport was charged 
        with using his SIDA badge to bypass airport security 
        checkpoints and facilitate an interstate gun smuggling 
        operation over a number of months via commercial 
        aircraft.</DELETED>
        <DELETED>    (3) In January 2015, an Atlanta-based Aviation 
        Safety Inspector of the Federal Aviation Administration used 
        his SIDA badge to bypass airport security checkpoints and 
        transport a firearm in his carry-on luggage.</DELETED>
        <DELETED>    (4) In February 2015, a local news investigation 
        found that over 1,000 SIDA badges at Hartsfield-Jackson Atlanta 
        International Airport were lost or missing.</DELETED>
        <DELETED>    (5) In March 2015, and again in May 2015, 
        Transportation Security Administration (referred to in this 
        section as the ``Administration'') contractors were indicted 
        for participating in a drug smuggling ring using luggage passed 
        through the secure area of the San Francisco International 
        Airport.</DELETED>
        <DELETED>    (6) The Administration has indicated that it does 
        not maintain a list of lost or missing SIDA badges, and instead 
        relies on airport operators to track airport worker 
        credentials.</DELETED>
        <DELETED>    (7) The Administration rarely uses its enforcement 
        authority to fine airport operators that reach a certain 
        threshold of missing SIDA badges.</DELETED>
        <DELETED>    (8) In April 2015, the Aviation Security Advisory 
        Committee issued 28 recommendations for improvements to airport 
        access control.</DELETED>
        <DELETED>    (9) In June 2015, the Inspector General of the 
        Department of Homeland Security reported that the 
        Administration did not have all relevant information regarding 
        73 airport workers who had records in United States 
        intelligence-related databases because the Administration was 
        not authorized to receive all terrorism-related information 
        under current interagency watchlisting policy.</DELETED>
        <DELETED>    (10) The Inspector General also found that the 
        Administration did not have appropriate checks in place to 
        reject incomplete or inaccurate airport worker employment 
        investigations, including criminal history record checks and 
        work authorization verifications, and had limited oversight 
        over the airport operators that the Administration relies on to 
        perform criminal history and work authorization checks for 
        airport workers.</DELETED>
        <DELETED>    (11) There is growing concern about the potential 
        insider threat at airports in light of recent terrorist 
        activities.</DELETED>

<DELETED>SEC. 3. DEFINITIONS.</DELETED>

<DELETED>    (a) Administration.--The term ``Administration'' means the 
Transportation Security Administration.</DELETED>
<DELETED>    (b) Administrator.--The term ``Administrator'' means the 
Administrator of the Transportation Security Administration.</DELETED>
<DELETED>    (c) Appropriate Committees of Congress.--The term 
``appropriate committees of Congress'' means--</DELETED>
        <DELETED>    (1) the Committee on Commerce, Science, and 
        Transportation of the Senate;</DELETED>
        <DELETED>    (2) the Committee on Homeland Security and 
        Governmental Affairs of the Senate; and</DELETED>
        <DELETED>    (3) the Committee on Homeland Security of the 
        House of Representatives.</DELETED>
<DELETED>    (d) ASAC.--The term ``ASAC'' means the Aviation Security 
Advisory Committee established under section 44946 of title 49, United 
States Code.</DELETED>
<DELETED>    (e) Secretary.--The term ``Secretary'' means the Secretary 
of Homeland Security.</DELETED>
<DELETED>    (f) SIDA.--The term ``SIDA'' means Secure Identification 
Display Area as defined in section 1540.5 of title 49, Code of Federal 
Regulations, or any successor regulation to such section.</DELETED>

<DELETED>SEC. 4. THREAT ASSESSMENT.</DELETED>

<DELETED>    (a) Insider Threats.--</DELETED>
        <DELETED>    (1) In general.--Not later than 90 days after the 
        date of enactment of this Act, the Administrator shall conduct 
        or update an assessment to determine the level of risk posed to 
        the domestic air transportation system by individuals with 
        unescorted access to a secure area of an airport (as defined in 
        section 44903(j)(2)(H)) in light of recent international 
        terrorist activity.</DELETED>
        <DELETED>    (2) Considerations.--In conducting or updating the 
        assessment under paragraph (1), the Administrator shall 
        consider--</DELETED>
                <DELETED>    (A) domestic intelligence;</DELETED>
                <DELETED>    (B) international intelligence;</DELETED>
                <DELETED>    (C) the vulnerabilities associated with 
                unescorted access authority granted to domestic airport 
                operators and air carriers, and their 
                employees;</DELETED>
                <DELETED>    (D) the vulnerabilities associated with 
                unescorted access authority granted to foreign airport 
                operators and air carriers, and their 
                employees;</DELETED>
                <DELETED>    (E) the processes and practices designed 
                to mitigate the vulnerabilities associated with 
                unescorted access privileges granted to airport 
                operators and air carriers, and their 
                employees;</DELETED>
                <DELETED>    (F) the recent security breaches at 
                domestic and foreign airports; and</DELETED>
                <DELETED>    (G) the recent security improvements at 
                domestic airports, including the implementation of 
                recommendations made by relevant advisory 
                committees.</DELETED>
<DELETED>    (b) Reports to Congress.--The Administrator shall submit 
to the appropriate committees of Congress--</DELETED>
        <DELETED>    (1) a report on the results of the assessment 
        under subsection (a), including any recommendations for 
        improving aviation security;</DELETED>
        <DELETED>    (2) a report on the implementation status of any 
        recommendations made by the ASAC; and</DELETED>
        <DELETED>    (3) regular updates about the insider threat 
        environment as new information becomes available and as 
        needed.</DELETED>

<DELETED>SEC. 5. OVERSIGHT.</DELETED>

<DELETED>    (a) Enhanced Requirements.--</DELETED>
        <DELETED>    (1) In general.--Subject to public notice and 
        comment, and in consultation with airport operators, the 
        Administrator shall update the rules on access controls issued 
        by the Secretary under chapter 449 of title 49, United States 
        Code.</DELETED>
        <DELETED>    (2) Considerations.--As part of the update under 
        paragraph (1), the Administrator shall consider--</DELETED>
                <DELETED>    (A) increased fines and advanced oversight 
                for airport operators that report missing more than 5 
                percent of credentials for unescorted access to any 
                SIDA of an airport;</DELETED>
                <DELETED>    (B) best practices for Category X airport 
                operators that report missing more than 3 percent of 
                credentials for unescorted access to any SIDA of an 
                airport;</DELETED>
                <DELETED>    (C) additional audits and status checks 
                for airport operators that report missing more than 3 
                percent of credentials for unescorted access to any 
                SIDA of an airport;</DELETED>
                <DELETED>    (D) review and analysis of the prior 5 
                years of audits for airport operators that report 
                missing more than 3 percent of credentials for 
                unescorted access to any SIDA of an airport;</DELETED>
                <DELETED>    (E) increased fines and direct enforcement 
                requirements for both airport workers and their 
                employers that fail to report within 24 hours an 
                employment termination or a missing credential for 
                unescorted access to any SIDA of an airport; 
                and</DELETED>
                <DELETED>    (F) a method for termination by the 
                employer of any airport worker that fails to report in 
                a timely manner missing credentials for unescorted 
                access to any SIDA of an airport.</DELETED>
<DELETED>    (b) Temporary Credentials.--The Administrator may 
encourage the issuance by airport and aircraft operators of free one-
time, 24-hour temporary credentials for workers who have reported their 
credentials missing, but not permanently lost, stolen, or destroyed, in 
a timely manner, until replacement of credentials under section 
1542.211 of title 49 Code of Federal Regulations is 
necessary.</DELETED>
<DELETED>    (c) Notification and Report to Congress.--The 
Administrator shall--</DELETED>
        <DELETED>    (1) notify the appropriate committees of Congress 
        each time an airport operator reports that more than 3 percent 
        of credentials for unescorted access to any SIDA at a Category 
        X airport are missing or more than 5 percent of credentials to 
        access any SIDA at any other airport are missing; and</DELETED>
        <DELETED>    (2) submit to the appropriate committees of 
        Congress an annual report on the number of violations and fines 
        related to unescorted access to the SIDA of an airport 
        collected in the preceding fiscal year.</DELETED>

<DELETED>SEC. 6. CREDENTIALS.</DELETED>

<DELETED>    (a) Lawful Status.--Not later than 90 days after the date 
of enactment of this Act, the Administrator shall issue guidance to 
airport operators regarding placement of an expiration date on each 
airport credential issued to a non-United States citizen no longer than 
the period of time during which that non-United States citizen is 
lawfully authorized to work in the United States.</DELETED>
<DELETED>    (b) Review of Procedures.--</DELETED>
        <DELETED>    (1) In general.--Not later than 90 days after the 
        date of enactment of this Act, the Administrator shall--
        </DELETED>
                <DELETED>    (A) issue guidance for transportation 
                security inspectors to annually review the procedures 
                of airport operators and air carriers for applicants 
                seeking unescorted access to any SIDA of an airport; 
                and</DELETED>
                <DELETED>    (B) make available to airport operators 
                and air carriers information on identifying suspicious 
                or fraudulent identification materials.</DELETED>
        <DELETED>    (2) Inclusions.--The guidance shall require a 
        comprehensive review of background checks and employment 
        authorization documents issued by the Citizenship and 
        Immigration Services during the course of a review of 
        procedures under paragraph (1).</DELETED>

<DELETED>SEC. 7. VETTING.</DELETED>

<DELETED>    (a) Eligibility Requirements.--</DELETED>
        <DELETED>    (1) In general.--Not later than 180 days after the 
        date of enactment of this Act, and subject to public notice and 
        comment, the Administrator shall revise the regulations issued 
        under section 44936 of title 49, United States Code, in 
        accordance with this section and current knowledge of insider 
        threats and intelligence, to enhance the eligibility 
        requirements and disqualifying criminal offenses for 
        individuals seeking or having unescorted access to a SIDA of an 
        airport.</DELETED>
        <DELETED>    (2) Disqualifying criminal offenses.--In revising 
        the regulations under paragraph (1), the Administrator shall 
        consider adding to the list of disqualifying criminal offenses 
        and criteria the offenses and criteria listed in section 
        122.183(a)(4) of title 19, Code of Federal Regulations and 
        section 1572.103 of title 49, Code of Federal 
        Regulations.</DELETED>
        <DELETED>    (3) Waivers.--In revising the regulations under 
        paragraph (1), the Administrator shall provide an adequate 
        redress process for an aviation worker subjected to an adverse 
        employment decision, including removal or suspension of the 
        aviation worker, due to a disqualifying criminal offense 
        described in this section.</DELETED>
        <DELETED>    (4) Look back.--In revising the regulations under 
        paragraph (1), the Administrator shall propose that an 
        individual be disqualified if the individual was convicted, or 
        found not guilty by reason of insanity, of a disqualifying 
        criminal offense within 15 years before the date of an 
        individual's application, or if the individual was incarcerated 
        for that crime and released from incarceration within 5 years 
        before the date of the individual's application.</DELETED>
        <DELETED>    (5) Certifications.--The Administrator shall 
        require an airport or aircraft operator, as applicable, to 
        certify for each individual who receives unescorted access to 
        any SIDA of an airport that--</DELETED>
                <DELETED>    (A) a specific need exists for providing 
                that individual with unescorted access authority; 
                and</DELETED>
                <DELETED>    (B) the individual has certified to the 
                airport or aircraft operator that the individual 
                understands the requirements for possessing a SIDA 
                badge.</DELETED>
        <DELETED>    (6) Report to congress.--Not later than 90 days 
        after the date of enactment, the Administrator shall submit to 
        the appropriate committees of Congress a report on the status 
        of the revision to the regulations issued under section 44936 
        of title 49, United States Code, in accordance with this 
        section.</DELETED>
        <DELETED>    (7) Rule of construction.--Nothing in this 
        subsection may be construed to affect existing aviation worker 
        vetting fees imposed by the Administration.</DELETED>
<DELETED>    (b) Recurrent Vetting.--</DELETED>
        <DELETED>    (1) In general.--Not later than 90 days after the 
        date of enactment of this Act, the Administrator and the 
        Director of the Federal Bureau of Investigation shall fully 
        implement the Rap Back service for recurrent vetting of 
        eligible Administration-regulated populations of individuals 
        with unescorted access to any SIDA of an airport.</DELETED>
        <DELETED>    (2) Requirements.--As part of the requirement in 
        paragraph (1), the Administrator shall ensure that--</DELETED>
                <DELETED>    (A) any status notifications the 
                Administration receives through the Rap Back service 
                about criminal offenses be limited to only 
                disqualifying criminal offenses in accordance with the 
                regulations promulgated by the Administration under 
                section 44903 of title 49, United States Code, or other 
                Federal law; and</DELETED>
                <DELETED>    (B) any information received by the 
                Administration through the Rap Back service is provided 
                directly and immediately to the relevant airport and 
                aircraft operators.</DELETED>
        <DELETED>    (3) Report to congress.--Not later than 60 days 
        after the date of enactment of this Act, the Administrator 
        shall submit to the appropriate committees of Congress a report 
        on the implementation status of the Rap Back service.</DELETED>
<DELETED>    (c) Access to Terrorism-Related Data.--Not later than 30 
days after the date of enactment of this Act, the Administrator and the 
Director of National Intelligence shall coordinate to ensure that the 
Administrator is authorized to receive automated, real-time access to 
additional Terrorist Identities Datamart Environment (TIDE) data and 
any other terrorism related category codes to improve the effectiveness 
of the Administration's credential vetting program for individuals that 
are seeking or have unescorted access to a SIDA of an 
airport.</DELETED>
<DELETED>    (d) Access to E-Verify and SAVE Programs.--Not later than 
90 days after the date of enactment of this Act, the Secretary shall 
authorize each airport operator to have direct access to the E-Verify 
program and the Systematic Alien Verification for Entitlements (SAVE) 
automated system to determine the eligibility of individuals seeking 
unescorted access to a SIDA of an airport.</DELETED>

<DELETED>SEC. 8. METRICS.</DELETED>

<DELETED>    (a) In General.--Not later than 1 year after the date of 
enactment of this Act, the Administrator shall develop and implement 
performance metrics to measure the effectiveness of security for the 
SIDAs of airports.</DELETED>
<DELETED>    (b) Considerations.--In developing the performance metrics 
under subsection (a), the Administrator may consider--</DELETED>
        <DELETED>    (1) adherence to access point 
        procedures;</DELETED>
        <DELETED>    (2) proper use of credentials;</DELETED>
        <DELETED>    (3) differences in access point requirements 
        between airport workers performing functions on the airside of 
        an airport and airport workers performing functions in other 
        areas of an airport;</DELETED>
        <DELETED>    (4) differences in access point characteristics 
        and requirements at airports; and</DELETED>
        <DELETED>    (5) any additional factors the Administrator 
        considers necessary to measure performance.</DELETED>

<DELETED>SEC. 9. INSPECTIONS AND ASSESSMENTS.</DELETED>

<DELETED>    (a) Model and Best Practices.--Not later than 180 days 
after the date of enactment of this Act, the Administrator, in 
consultation with the ASAC, shall develop a model and best practices 
for unescorted access security that--</DELETED>
        <DELETED>    (1) use intelligence, scientific algorithms, and 
        risk-based factors;</DELETED>
        <DELETED>    (2) ensure integrity, accountability, and 
        control;</DELETED>
        <DELETED>    (3) subject airport workers to random physical 
        security inspections conducted by Administration 
        representatives in accordance with this section;</DELETED>
        <DELETED>    (4) appropriately manage the number of SIDA access 
        points to improve supervision of and reduce unauthorized access 
        to these areas; and</DELETED>
        <DELETED>    (5) include validation of identification 
        materials, such as with biometrics.</DELETED>
<DELETED>    (b) Inspections.--Consistent with a risk-based security 
approach, the Administrator shall expand the use of transportation 
security officers and inspectors to conduct enhanced, random and 
unpredictable, data-driven, and operationally dynamic physical 
inspections of airport workers in each SIDA of an airport and at each 
SIDA access point--</DELETED>
        <DELETED>    (1) to verify the credentials of airport 
        workers;</DELETED>
        <DELETED>    (2) to determine whether airport workers possess 
        prohibited items, except for those that may be necessary for 
        the performance of their duties, as appropriate, in any SIDA of 
        an airport; and</DELETED>
        <DELETED>    (3) to verify whether airport workers are 
        following appropriate procedures to access a SIDA of an 
        airport.</DELETED>
<DELETED>    (c) Screening Review.--</DELETED>
        <DELETED>    (1) In general.--The Administrator shall conduct a 
        review of airports that have implemented additional airport 
        worker screening or perimeter security to improve airport 
        security, including--</DELETED>
                <DELETED>    (A) comprehensive airport worker screening 
                at access points to secure areas;</DELETED>
                <DELETED>    (B) comprehensive perimeter screening, 
                including vehicles;</DELETED>
                <DELETED>    (C) enhanced fencing or perimeter sensors; 
                and</DELETED>
                <DELETED>    (D) any additional airport worker 
                screening or perimeter security measures the 
                Administrator identifies.</DELETED>
        <DELETED>    (2) Best practices.--After completing the review 
        under paragraph (1), the Administrator shall--</DELETED>
                <DELETED>    (A) identify best practices for additional 
                access control and airport worker security at airports; 
                and</DELETED>
                <DELETED>    (B) disseminate the best practices 
                identified under subparagraph (A) to airport 
                operators.</DELETED>
        <DELETED>    (3) Pilot program.--The Administrator may conduct 
        a pilot program at 1 or more airports to test and validate best 
        practices for comprehensive airport worker screening or 
        perimeter security under paragraph (2).</DELETED>

<DELETED>SEC. 10. COVERT TESTING.</DELETED>

<DELETED>    (a) In General.--The Administrator shall increase the use 
of red-team, covert testing of access controls to any secure areas of 
an airport.</DELETED>
<DELETED>    (b) Additional Covert Testing.--The Inspector General of 
the Department of Homeland Security shall conduct red-team, covert 
testing of airport access controls to the SIDA of airports.</DELETED>
<DELETED>    (c) Reports to Congress.--</DELETED>
        <DELETED>    (1) Administrator report.--Not later than 90 days 
        after the date of enactment of this Act, the Administrator 
        shall submit to the appropriate committee of Congress a report 
        on the progress to expand the use of inspections and of red-
        team, covert testing under subsection (a).</DELETED>
        <DELETED>    (2) Inspector general report.--Not later than 180 
        days after the date of enactment of this Act, the Inspector 
        General of the Department of Homeland Security shall submit to 
        the appropriate committee of Congress a report on the 
        effectiveness of airport access controls to the SIDA of 
        airports based on red-team, covert testing under subsection 
        (b).</DELETED>

<DELETED>SEC. 11. SECURITY DIRECTIVES.</DELETED>

<DELETED>    (a) Review.--Not later than 180 days after the date of 
enactment of this Act, and annually thereafter, the Administrator, in 
consultation with the appropriate regulated entities, shall conduct a 
comprehensive review of every current security directive addressed to 
any regulated entity--</DELETED>
        <DELETED>    (1) to determine whether the security directive 
        continues to be relevant;</DELETED>
        <DELETED>    (2) to determine whether the security directives 
        should be streamlined or consolidated to most efficiently 
        maximize risk reduction; and</DELETED>
        <DELETED>    (3) to update, consolidate, or revoke any security 
        directive as necessary.</DELETED>
<DELETED>    (b) Notice.--For each security directive that the 
Administrator issues, the Administrator shall submit to the appropriate 
committees of Congress notice of the extent to which the security 
directive--</DELETED>
        <DELETED>    (1) responds to a specific threat or emergency 
        situation; and</DELETED>
        <DELETED>    (2) when it is anticipated that it will 
        expire.</DELETED>

<DELETED>SEC. 12. IMPLEMENTATION REPORT.</DELETED>

<DELETED>    Not later than 1 year after the date of enactment of this 
Act, the Comptroller General shall--</DELETED>
        <DELETED>    (1) assess the progress made by the Administration 
        and the effect on aviation security of implementing the 
        requirements under sections 4 through 11 of this Act; 
        and</DELETED>
        <DELETED>    (2) report to the appropriate committees of 
        Congress on the results of the assessment under paragraph (1), 
        including any recommendations.</DELETED>

<DELETED>SEC. 13. MISCELLANEOUS AMENDMENTS.</DELETED>

<DELETED>    (a) ASAC Terms of Office.--Section 44946(c)(2)(A) of title 
49, United States Code is amended to read as follows:</DELETED>
                <DELETED>    ``(A) Terms.--The term of each member of 
                the Advisory Committee shall be 2 years, but a member 
                may continue to serve until the Assistant Secretary 
                appoints a successor. A member of the Advisory 
                Committee may be reappointed.''.</DELETED>
<DELETED>    (b) Feedback.--Section 44946(b)(5) of title 49, United 
States Code, is amended to read as follows:</DELETED>
        <DELETED>    ``(5) Feedback.--Not later than 90 days after 
        receiving recommendations transmitted by the Advisory Committee 
        under paragraph (2) or paragraph (4), the Assistant Secretary 
        shall respond in writing to the Advisory Committee with 
        feedback on each of the recommendations, an action plan to 
        implement any of the recommendations with which the Assistant 
        Secretary concurs, and a justification for why any of the 
        recommendations have been rejected.''.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Airport Security Enhancement and 
Oversight Act''.

SEC. 2. FINDINGS.

    Congress makes the following findings:
            (1) A number of recent airport security breaches in the 
        United States have involved the use of Secure Identification 
        Display Area (referred to in this section as ``SIDA'') badges, 
        the credentials used by airport and airline workers to access 
        the secure areas of an airport.
            (2) In December 2014, a Delta ramp agent at Hartsfield-
        Jackson Atlanta International Airport was charged with using 
        his SIDA badge to bypass airport security checkpoints and 
        facilitate an interstate gun smuggling operation over a number 
        of months via commercial aircraft.
            (3) In January 2015, an Atlanta-based Aviation Safety 
        Inspector of the Federal Aviation Administration used his SIDA 
        badge to bypass airport security checkpoints and transport a 
        firearm in his carry-on luggage.
            (4) In February 2015, a local news investigation found that 
        over 1,000 SIDA badges at Hartsfield-Jackson Atlanta 
        International Airport were lost or missing.
            (5) In March 2015, and again in May 2015, Transportation 
        Security Administration (referred to in this section as the 
        ``Administration'') contractors were indicted for participating 
        in a drug smuggling ring using luggage passed through the 
        secure area of the San Francisco International Airport.
            (6) The Administration has indicated that it does not 
        maintain a list of lost or missing SIDA badges, and instead 
        relies on airport operators to track airport worker 
        credentials.
            (7) The Administration rarely uses its enforcement 
        authority to fine airport operators that reach a certain 
        threshold of missing SIDA badges.
            (8) In April 2015, the Aviation Security Advisory Committee 
        issued 28 recommendations for improvements to airport access 
        control.
            (9) In June 2015, the Inspector General of the Department 
        of Homeland Security reported that the Administration did not 
        have all relevant information regarding 73 airport workers who 
        had records in United States intelligence-related databases 
        because the Administration was not authorized to receive all 
        terrorism-related information under current interagency 
        watchlisting policy.
            (10) The Inspector General also found that the 
        Administration did not have appropriate checks in place to 
        reject incomplete or inaccurate airport worker employment 
        investigations, including criminal history record checks and 
        work authorization verifications, and had limited oversight 
        over the airport operators that the Administration relies on to 
        perform criminal history and work authorization checks for 
        airport workers.
            (11) There is growing concern about the potential insider 
        threat at airports in light of recent terrorist activities.

SEC. 3. DEFINITIONS.

    (a) Administration.--The term ``Administration'' means the 
Transportation Security Administration.
    (b) Administrator.--The term ``Administrator'' means the 
Administrator of the Transportation Security Administration.
    (c) Appropriate Committees of Congress.--The term ``appropriate 
committees of Congress'' means--
            (1) the Committee on Commerce, Science, and Transportation 
        of the Senate;
            (2) the Committee on Homeland Security and Governmental 
        Affairs of the Senate; and
            (3) the Committee on Homeland Security of the House of 
        Representatives.
    (d) ASAC.--The term ``ASAC'' means the Aviation Security Advisory 
Committee established under section 44946 of title 49, United States 
Code.
    (e) Secretary.--The term ``Secretary'' means the Secretary of 
Homeland Security.
    (f) SIDA.--The term ``SIDA'' means Secure Identification Display 
Area as defined in section 1540.5 of title 49, Code of Federal 
Regulations, or any successor regulation to such section.

SEC. 4. THREAT ASSESSMENT.

    (a) Insider Threats.--
            (1) In general.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator shall conduct or 
        update an assessment to determine the level of risk posed to 
        the domestic air transportation system by individuals with 
        unescorted access to a secure area of an airport (as defined in 
        section 44903(j)(2)(H)) in light of recent international 
        terrorist activity.
            (2) Considerations.--In conducting or updating the 
        assessment under paragraph (1), the Administrator shall 
        consider--
                    (A) domestic intelligence;
                    (B) international intelligence;
                    (C) the vulnerabilities associated with unescorted 
                access authority granted to domestic airport operators 
                and air carriers, and their employees;
                    (D) the vulnerabilities associated with unescorted 
                access authority granted to foreign airport operators 
                and air carriers, and their employees;
                    (E) the processes and practices designed to 
                mitigate the vulnerabilities associated with unescorted 
                access privileges granted to airport operators and air 
                carriers, and their employees;
                    (F) the recent security breaches at domestic and 
                foreign airports; and
                    (G) the recent security improvements at domestic 
                airports, including the implementation of 
                recommendations made by relevant advisory committees.
    (b) Reports to Congress.--The Administrator shall submit to the 
appropriate committees of Congress--
            (1) a report on the results of the assessment under 
        subsection (a), including any recommendations for improving 
        aviation security;
            (2) a report on the implementation status of any 
        recommendations made by the ASAC; and
            (3) regular updates about the insider threat environment as 
        new information becomes available and as needed.

SEC. 5. OVERSIGHT.

    (a) Enhanced Requirements.--
            (1) In general.--Subject to public notice and comment, and 
        in consultation with airport operators, the Administrator shall 
        update the rules on access controls issued by the Secretary 
        under chapter 449 of title 49, United States Code.
            (2) Considerations.--As part of the update under paragraph 
        (1), the Administrator shall consider--
                    (A) increased fines and advanced oversight for 
                airport operators that report missing more than 5 
                percent of credentials for unescorted access to any 
                SIDA of an airport;
                    (B) best practices for Category X airport operators 
                that report missing more than 3 percent of credentials 
                for unescorted access to any SIDA of an airport;
                    (C) additional audits and status checks for airport 
                operators that report missing more than 3 percent of 
                credentials for unescorted access to any SIDA of an 
                airport;
                    (D) review and analysis of the prior 5 years of 
                audits for airport operators that report missing more 
                than 3 percent of credentials for unescorted access to 
                any SIDA of an airport;
                    (E) increased fines and direct enforcement 
                requirements for both airport workers and their 
                employers that fail to report within 24 hours an 
                employment termination or a missing credential for 
                unescorted access to any SIDA of an airport; and
                    (F) a method for termination by the employer of any 
                airport worker that fails to report in a timely manner 
                missing credentials for unescorted access to any SIDA 
                of an airport.
    (b) Temporary Credentials.--The Administrator may encourage the 
issuance by airport and aircraft operators of free one-time, 24-hour 
temporary credentials for workers who have reported their credentials 
missing, but not permanently lost, stolen, or destroyed, in a timely 
manner, until replacement of credentials under section 1542.211 of 
title 49 Code of Federal Regulations is necessary.
    (c) Notification and Report to Congress.--The Administrator shall--
            (1) notify the appropriate committees of Congress each time 
        an airport operator reports that more than 3 percent of 
        credentials for unescorted access to any SIDA at a Category X 
        airport are missing or more than 5 percent of credentials to 
        access any SIDA at any other airport are missing; and
            (2) submit to the appropriate committees of Congress an 
        annual report on the number of violations and fines related to 
        unescorted access to the SIDA of an airport collected in the 
        preceding fiscal year.

SEC. 6. CREDENTIALS.

    (a) Lawful Status.--Not later than 90 days after the date of 
enactment of this Act, the Administrator shall issue guidance to 
airport operators regarding placement of an expiration date on each 
airport credential issued to a non-United States citizen no longer than 
the period of time during which that non-United States citizen is 
lawfully authorized to work in the United States.
    (b) Review of Procedures.--
            (1) In general.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator shall--
                    (A) issue guidance for transportation security 
                inspectors to annually review the procedures of airport 
                operators and air carriers for applicants seeking 
                unescorted access to any SIDA of an airport; and
                    (B) make available to airport operators and air 
                carriers information on identifying suspicious or 
                fraudulent identification materials.
            (2) Inclusions.--The guidance shall require a comprehensive 
        review of background checks and employment authorization 
        documents issued by the Citizenship and Immigration Services 
        during the course of a review of procedures under paragraph 
        (1).

SEC. 7. VETTING.

    (a) Eligibility Requirements.--
            (1) In general.--Not later than 180 days after the date of 
        enactment of this Act, and subject to public notice and 
        comment, the Administrator shall revise the regulations issued 
        under section 44936 of title 49, United States Code, in 
        accordance with this section and current knowledge of insider 
        threats and intelligence, to enhance the eligibility 
        requirements and disqualifying criminal offenses for 
        individuals seeking or having unescorted access to a SIDA of an 
        airport.
            (2) Disqualifying criminal offenses.--In revising the 
        regulations under paragraph (1), the Administrator shall 
        consider adding to the list of disqualifying criminal offenses 
        and criteria the offenses and criteria listed in section 
        122.183(a)(4) of title 19, Code of Federal Regulations and 
        section 1572.103 of title 49, Code of Federal Regulations.
            (3) Waiver process for denied credentials.--Notwithstanding 
        section 44936(b) of title 49, United States Code, in revising 
        the regulations under paragraph (1) of this subsection, the 
        Administrator shall--
                    (A) ensure there exists or is developed a waiver 
                process for approving the issuance of credentials for 
                unescorted access to the SIDA, for an individual found 
                to be otherwise ineligible for such credentials; and
                    (B) consider, as appropriate and practicable--
                            (i) the circumstances of any disqualifying 
                        act or offense, restitution made by the 
                        individual, Federal and State mitigation 
                        remedies, and other factors from which it may 
                        be concluded that the individual does not pose 
                        a terrorism risk or a risk to aviation security 
                        warranting denial of the credential; and
                            (ii) the elements of the appeals and waiver 
                        process established under section 70105(c) of 
                        title 46, United States Code.
            (4) Look back.--In revising the regulations under paragraph 
        (1), the Administrator shall propose that an individual be 
        disqualified if the individual was convicted, or found not 
        guilty by reason of insanity, of a disqualifying criminal 
        offense within 15 years before the date of an individual's 
        application, or if the individual was incarcerated for that 
        crime and released from incarceration within 5 years before the 
        date of the individual's application.
            (5) Certifications.--The Administrator shall require an 
        airport or aircraft operator, as applicable, to certify for 
        each individual who receives unescorted access to any SIDA of 
        an airport that--
                    (A) a specific need exists for providing that 
                individual with unescorted access authority; and
                    (B) the individual has certified to the airport or 
                aircraft operator that the individual understands the 
                requirements for possessing a SIDA badge.
            (6) Report to congress.--Not later than 90 days after the 
        date of enactment, the Administrator shall submit to the 
        appropriate committees of Congress a report on the status of 
        the revision to the regulations issued under section 44936 of 
        title 49, United States Code, in accordance with this section.
            (7) Rule of construction.--Nothing in this subsection may 
        be construed to affect existing aviation worker vetting fees 
        imposed by the Administration.
    (b) Recurrent Vetting.--
            (1) In general.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator and the Director of 
        the Federal Bureau of Investigation shall fully implement the 
        Rap Back service for recurrent vetting of eligible 
        Administration-regulated populations of individuals with 
        unescorted access to any SIDA of an airport.
            (2) Requirements.--As part of the requirement in paragraph 
        (1), the Administrator shall ensure that--
                    (A) any status notifications the Administration 
                receives through the Rap Back service about criminal 
                offenses be limited to only disqualifying criminal 
                offenses in accordance with the regulations promulgated 
                by the Administration under section 44903 of title 49, 
                United States Code, or other Federal law; and
                    (B) any information received by the Administration 
                through the Rap Back service is provided directly and 
                immediately to the relevant airport and aircraft 
                operators.
            (3) Report to congress.--Not later than 60 days after the 
        date of enactment of this Act, the Administrator shall submit 
        to the appropriate committees of Congress a report on the 
        implementation status of the Rap Back service.
    (c) Access to Terrorism-Related Data.--Not later than 30 days after 
the date of enactment of this Act, the Administrator and the Director 
of National Intelligence shall coordinate to ensure that the 
Administrator is authorized to receive automated, real-time access to 
additional Terrorist Identities Datamart Environment (TIDE) data and 
any other terrorism related category codes to improve the effectiveness 
of the Administration's credential vetting program for individuals that 
are seeking or have unescorted access to a SIDA of an airport.
    (d) Access to E-Verify and SAVE Programs.--Not later than 90 days 
after the date of enactment of this Act, the Secretary shall authorize 
each airport operator to have direct access to the E-Verify program and 
the Systematic Alien Verification for Entitlements (SAVE) automated 
system to determine the eligibility of individuals seeking unescorted 
access to a SIDA of an airport.

SEC. 8. METRICS.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Administrator shall develop and implement performance 
metrics to measure the effectiveness of security for the SIDAs of 
airports.
    (b) Considerations.--In developing the performance metrics under 
subsection (a), the Administrator may consider--
            (1) adherence to access point procedures;
            (2) proper use of credentials;
            (3) differences in access point requirements between 
        airport workers performing functions on the airside of an 
        airport and airport workers performing functions in other areas 
        of an airport;
            (4) differences in access point characteristics and 
        requirements at airports; and
            (5) any additional factors the Administrator considers 
        necessary to measure performance.

SEC. 9. INSPECTIONS AND ASSESSMENTS.

    (a) Model and Best Practices.--Not later than 180 days after the 
date of enactment of this Act, the Administrator, in consultation with 
the ASAC, shall develop a model and best practices for unescorted 
access security that--
            (1) use intelligence, scientific algorithms, and risk-based 
        factors;
            (2) ensure integrity, accountability, and control;
            (3) subject airport workers to random physical security 
        inspections conducted by Administration representatives in 
        accordance with this section;
            (4) appropriately manage the number of SIDA access points 
        to improve supervision of and reduce unauthorized access to 
        these areas; and
            (5) include validation of identification materials, such as 
        with biometrics.
    (b) Inspections.--Consistent with a risk-based security approach, 
the Administrator shall expand the use of transportation security 
officers and inspectors to conduct enhanced, random and unpredictable, 
data-driven, and operationally dynamic physical inspections of airport 
workers in each SIDA of an airport and at each SIDA access point--
            (1) to verify the credentials of airport workers;
            (2) to determine whether airport workers possess prohibited 
        items, except for those that may be necessary for the 
        performance of their duties, as appropriate, in any SIDA of an 
        airport; and
            (3) to verify whether airport workers are following 
        appropriate procedures to access a SIDA of an airport.
    (c) Screening Review.--
            (1) In general.--The Administrator shall conduct a review 
        of airports that have implemented additional airport worker 
        screening or perimeter security to improve airport security, 
        including--
                    (A) comprehensive airport worker screening at 
                access points to secure areas;
                    (B) comprehensive perimeter screening, including 
                vehicles;
                    (C) enhanced fencing or perimeter sensors; and
                    (D) any additional airport worker screening or 
                perimeter security measures the Administrator 
                identifies.
            (2) Best practices.--After completing the review under 
        paragraph (1), the Administrator shall--
                    (A) identify best practices for additional access 
                control and airport worker security at airports; and
                    (B) disseminate the best practices identified under 
                subparagraph (A) to airport operators.
            (3) Pilot program.--The Administrator may conduct a pilot 
        program at 1 or more airports to test and validate best 
        practices for comprehensive airport worker screening or 
        perimeter security under paragraph (2).

SEC. 10. COVERT TESTING.

    (a) In General.--The Administrator shall increase the use of red-
team, covert testing of access controls to any secure areas of an 
airport.
    (b) Additional Covert Testing.--The Inspector General of the 
Department of Homeland Security shall conduct red-team, covert testing 
of airport access controls to the SIDA of airports.
    (c) Reports to Congress.--
            (1) Administrator report.--Not later than 90 days after the 
        date of enactment of this Act, the Administrator shall submit 
        to the appropriate committee of Congress a report on the 
        progress to expand the use of inspections and of red-team, 
        covert testing under subsection (a).
            (2) Inspector general report.--Not later than 180 days 
        after the date of enactment of this Act, the Inspector General 
        of the Department of Homeland Security shall submit to the 
        appropriate committee of Congress a report on the effectiveness 
        of airport access controls to the SIDA of airports based on 
        red-team, covert testing under subsection (b).

SEC. 11. SECURITY DIRECTIVES.

    (a) Review.--Not later than 180 days after the date of enactment of 
this Act, and annually thereafter, the Administrator, in consultation 
with the appropriate regulated entities, shall conduct a comprehensive 
review of every current security directive addressed to any regulated 
entity--
            (1) to determine whether the security directive continues 
        to be relevant;
            (2) to determine whether the security directives should be 
        streamlined or consolidated to most efficiently maximize risk 
        reduction; and
            (3) to update, consolidate, or revoke any security 
        directive as necessary.
    (b) Notice.--For each security directive that the Administrator 
issues, the Administrator shall submit to the appropriate committees of 
Congress notice of the extent to which the security directive--
            (1) responds to a specific threat or emergency situation; 
        and
            (2) when it is anticipated that it will expire.

SEC. 12. IMPLEMENTATION REPORT.

    Not later than 1 year after the date of enactment of this Act, the 
Comptroller General shall--
            (1) assess the progress made by the Administration and the 
        effect on aviation security of implementing the requirements 
        under sections 4 through 11 of this Act; and
            (2) report to the appropriate committees of Congress on the 
        results of the assessment under paragraph (1), including any 
        recommendations.

SEC. 13. MISCELLANEOUS AMENDMENTS.

    (a) ASAC Terms of Office.--Section 44946(c)(2)(A) of title 49, 
United States Code is amended to read as follows:
                    ``(A) Terms.--The term of each member of the 
                Advisory Committee shall be 2 years, but a member may 
                continue to serve until the Assistant Secretary 
                appoints a successor. A member of the Advisory 
                Committee may be reappointed.''.
    (b) Feedback.--Section 44946(b)(5) of title 49, United States Code, 
is amended to read as follows:
            ``(5) Feedback.--Not later than 90 days after receiving 
        recommendations transmitted by the Advisory Committee under 
        paragraph (2) or paragraph (4), the Assistant Secretary shall 
        respond in writing to the Advisory Committee with feedback on 
        each of the recommendations, an action plan to implement any of 
        the recommendations with which the Assistant Secretary concurs, 
        and a justification for why any of the recommendations have 
        been rejected.''.
                                                       Calendar No. 382

114th CONGRESS

  2d Session

                                S. 2361

                          [Report No. 114-222]

_______________________________________________________________________

                                 A BILL

          To enhance airport security, and for other purposes.

_______________________________________________________________________

                             March 7, 2016

                       Reported with an amendment