[Senate Hearing 106-1136]
[From the U.S. Government Publishing Office]



                                                       S. Hrg. 106-1136

                 OVERSIGHT HEARING ON AVIATION SECURITY

=======================================================================

                                HEARING

                               before the

                        SUBCOMMITTEE ON AVIATION

                                 OF THE

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                       ONE HUNDRED SIXTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 6, 2000

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation


79-942              U.S. GOVERNMENT PRINTING OFFICE
                            WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpr.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                       ONE HUNDRED SIXTH CONGRESS

                             SECOND SESSION

                     JOHN McCAIN, Arizona, Chairman
TED STEVENS, Alaska                  ERNEST F. HOLLINGS, South Carolina
CONRAD BURNS, Montana                DANIEL K. INOUYE, Hawaii
SLADE GORTON, Washington             JOHN D. ROCKEFELLER IV, West 
TRENT LOTT, Mississippi                  Virginia
KAY BAILEY HUTCHISON, Texas          JOHN F. KERRY, Massachusetts
OLYMPIA J. SNOWE, Maine              JOHN B. BREAUX, Louisiana
JOHN ASHCROFT, Missouri              RICHARD H. BRYAN, Nevada
BILL FRIST, Tennessee                BYRON L. DORGAN, North Dakota
SPENCER ABRAHAM, Michigan            RON WYDEN, Oregon
SAM BROWNBACK, Kansas                MAX CLELAND, Georgia
                  Mark Buse, Republican Staff Director
            Martha P. Allbright, Republican General Counsel
               Kevin D. Kayes, Democratic Staff Director
                  Moses Boyd, Democratic Chief Counsel
                                 ------                                

                        SUBCOMMITTEE ON AVIATION

                   SLADE GORTON, Washington, Chairman
TED STEVENS, Alaska                  JOHN D. ROCKEFELLER IV, West 
CONRAD BURNS, Montana                    Virginia
TRENT LOTT, Mississippi              ERNEST F. HOLLINGS, South Carolina
KAY BAILEY HUTCHISON, Texas          DANIEL K. INOUYE, Hawaii
JOHN ASHCROFT, Missouri              RICHARD H. BRYAN, Nevada
BILL FRIST, Tennessee                JOHN B. BREAUX, Louisiana
OLYMPIA J. SNOWE, Maine              BYRON L. DORGAN, North Dakota
SAM BROWNBACK, Kansas                RON WYDEN, Oregon
SPENCER ABRAHAM, Michigan            MAX CLELAND, Georgia
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on April 6, 2000....................................     1
Prepared Statement of Senator Bryan..............................     5
Prepared Statement of Senator Gorton.............................     6
Prepared Statement Senator Hollings..............................     4
Statement of Senator Hutchison...................................     1
    Prepared statement...........................................     2
Prepared Statement of Senator McCain.............................     3

                               Witnesses

Dillingham, Gerald, Associate Director, Transportation and 
  Telecommunications Issues, Resources, Community, and Economic 
  Development Division, U.S. General Accounting Office...........     7
    Prepared statement...........................................     9
Doubrava, Richard J., Managing Director of Security, Air 
  Transport Association..........................................    33
    Prepared statement...........................................    34
Flynn, Hon. Cathal, Associate Administrator for Civil Aviation 
  Security, Federal Aviation Administration......................    16
    Prepared statement...........................................    18
Stefani, Alexis M., Assistant Inspector General for Auditing, 
  Office of the Inspector General, U.S. Department of 
  Transportation.................................................    22
    Prepared statement...........................................    24

                                Appendix

American Association of Airport Executives and the Airports 
  Council International, North America, joint prepared statement.    49
Response to written questions submitted by Hon. Slade Gorton to:
    Gerald Dillingham............................................    51
    Admiral Cathal Flynn.........................................    53
    Alexis M. Stefani............................................    65
Response to written questions submitted by Hon. John McCain to:
    Richard J. Doubrava..........................................    52
    Admiral Cathal Flynn.........................................    60
    Alexis M. Stefani............................................    66

 
                         OVERSIGHT HEARING ON 
                           AVIATION SECURITY

                              ----------                              


                        THURSDAY, APRIL 6, 2000

                                       U.S. Senate,
                                  Subcommittee on Aviation,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:15 a.m. in 
room SR-253, Russell Senate Office Building, Hon. Kay Bailey 
Hutchison, Chairman of the Subcommittee, presiding.

        OPENING STATEMENT OF HON. KAY BAILEY HUTCHISON, 
                    U.S. SENATOR FROM TEXAS

    Senator Hutchison. Let me first say that I have statements 
for the record from several members of the Committee, including 
the Chairman, Senator McCain, and the Ranking Member, Senator 
Hollings. Others have given opening statements, and I will keep 
the record open for any members of the Committee who wish to 
make opening statements.
    Let me start by saying that I appreciate Senator Gorton for 
his cooperation in allowing me to hold this hearing today. 
Approximately 500 million passengers pass through U.S. airports 
every year. Protecting their safety is an incredible challenge 
to the men and women of the aviation industry. The Federal 
Government, through the Federal Association Administration 
(FAA), and the industry together must do everything within our 
power to protect the public from the menace of terrorism and 
other security threats.
    In 1996, soon after the tragedy of the TWA Flight 800, I 
proposed new requirements to improve security at the nation's 
airports. Congress adopted these requirements as part of the 
Federal Aviation Reauthorization Act of 1996, which was a major 
accomplishment of this Committee, its chairman, and the 
chairman of the Subcommittee.
    This legislation attempted to improve the hiring process 
and enhance the professionalism of airport security screeners. 
The Act also directed the FAA to upgrade security technology 
with regard to baggage screening and explosive detection. In my 
view, the FAA has been slow to implement some of these vital 
security improvements. The FAA does not plan to finalize the 
regulation to improve training requirements for screeners and 
certification for screening companies until May 2001. Five 
years is too long to wait. Technology upgrades have also been 
slow in coming, even though the upgraded technology is readily 
available and is deployed in many airports. The traveling 
public should not have to wait another year before these simple 
improvements are implemented. The FAA must modernize its 
procedure for background checks of prospective security-related 
employees. An FAA background check currently takes 90 days. 
That is too long. Under the current procedures, the FAA is 
required to perform these checks only in certain areas. I think 
we need to look at these areas and tighten them so that we can 
close the gap.
    I plan to introduce legislation, the Airport Security 
Improvement Act, which would direct FAA to require criminal 
background checks of all applicants for positions with security 
responsibilities, including security screeners. The bill will 
also require that these checks be performed expeditiously.
    My legislation will direct the FAA to improve training 
requirements for security screeners by September 30 of this 
year. The FAA should require a minimum of 40 hours of classroom 
instruction and 40 hours of practical, on-the-job training 
before an individual is deemed qualified to provide security 
screening services.
    This standard would be a substantial increase over the 8 
hours of classroom training currently required for most 
screening positions in the United States. The 40-hour 
requirement is the prevailing standard in most of the 
industrialized world.
    Finally, my bill will require the FAA to work with air 
carriers and airport operators to strengthen procedures to 
eliminate unauthorized access to aircraft. Employees who fail 
to follow access procedures should be disciplined. I understand 
that the FAA is currently working on improving access standards 
to all major security areas in each airport, and I hope the 
bill will encourage them to do it in a timely fashion.
    So I thank all of you for coming today. Congress has asked 
the GAO to do a study of the 1996 Act and its implementation, 
and for that reason I will call first on Mr. Gerald Dillingham, 
the Associate Director of Transportation and Telecommunications 
Issues at the U.S. General Accounting Office in Washington, 
D.C.
    Thank you for being here, Mr. Dillingham.
    [The prepared statement of Senator Hutchison follows:]

           Prepared Statement of Hon. Kay Bailey Hutchison, 
                        U.S. Senator from Texas
    Before we start, I would like to thank Chairman Gorton for his 
cooperation. Without his strong support, we would not be holding this 
hearing on this critically important issue.
    Approximately 500 million passengers will pass through U.S. 
airports this year. Protecting their safety is an incredible challenge 
to the men and women of the aviation industry. The Federal Government, 
through the Federal Aviation Administration and Industry together, must 
do everything within our power to protect the public from the menace of 
terrorism and other security threats.
    In 1996, soon after the tragedy of TWA Flight 800, I proposed new 
requirements to improve security at the nation's airports. Congress 
adopted these requirements as part of the Federal Aviation 
Reauthorization Act of 1996. This legislation attempted to improve the 
hiring process and enhance the professionalism of airport security 
screeners. The Act also directed the FAA to upgrade security technology 
with regard to baggage screening and explosive detection.
    In my view, the FAA has been slow to implement these vital security 
improvements. The FAA does not plan to finalize the regulation to 
improve training requirements for screeners and certification for 
screening companies until May 2001. Five years is too long to wait. 
Technology upgrades have also been slow in coming, even though the 
upgraded technology is readily available. The traveling public should 
not have to wait yet another year before these improvements are 
implemented.
    The FAA must modernize its procedure for background checks of 
prospective security-related employees. An FAA background check 
currently takes 90 days. That is too long. Under current procedures, 
the FAA is required to perform these checks only when an applicant has 
a gap in employment history of 12 months or longer, or if preliminary 
investigation reveals discrepancies in an applicant's resume. But 43% 
of violent felons serve an average of only seven months. This gap 
should be closed.
    I plan to introduce legislation, The Airport Security Improvement 
Act, which would direct FAA to require criminal background checks for 
all applicants for positions with security responsibilities, including 
security screeners. The bill will also require that these checks be 
performed expeditiously.
    My legislation will also direct FAA to improve training 
requirements for security screeners by September 30 of this year. FAA 
should require a minimum of 40 hours of classroom instruction and 40 
hours of practical on-the-job training before an individual is deemed 
qualified to provide security screening services. This standard would 
be a substantial increase over the 8 hours of classroom training 
currently required for most screening positions in the U.S. The 40 hour 
requirement is the prevailing standard in most of the industrialized 
world.
    Finally, my bill would require FAA to work with air carriers and 
airport operators to strengthen procedures to eliminate unauthorized 
access to aircraft. Employees who fail to follow access procedures 
should be suspended or terminated. I understand that FAA is currently 
working on improving access standards. I hope that this bill will 
encourage them to do so in a timely fashion.
    We are privileged to have with us today a distinguished panel of 
witnesses who are well-versed in the area of airport security. I want 
to welcome them to the hearing and I am looking forward to their 
testimony.

    [The prepared statements of Senators McCain, Hollings, 
Bryan, and Gorton follow:]

   Prepared Statement of Hon. John McCain, U.S. Senator from Arizona
    Thank you, Senator Hutchison. Your longstanding interest in 
aviation security is to be commended, and I appreciate your calling for 
this hearing.
    I think it will become clear from the testimony we will hear this 
morning that there remains much work to be done in the area of aviation 
security. Whether it is the vulnerability of computer systems, the 
inadequacies of airport access controls, or the poor performance of 
some airport screeners, there are a variety of issues that must be 
addressed. I do not mean to be an alarmist because lapses in domestic 
aviation security have not yet led to a major incident. But an honest 
assessment of the overall security picture is sobering.
    It doesn't take a formal audit of the aviation security system to 
get the impression that all is not right. Just this week, it was 
reported that an Orlando-bound Delta Express flight from Long Island 
had to be diverted to a Virginia airport after a passenger found a 
loaded handgun in the plane's bathroom. Although that incident is out 
of the ordinary, it is troubling nonetheless.
    I am certainly aware that aviation security is a complex and 
difficult undertaking, and any system involving humans is going to have 
flaws. Furthermore, it can be too easy to grow complacent when there 
hasn't been a deadly terrorist incident involving a U.S. air carrier 
since Pan Am Flight 103 over Lockerbie, Scotland. But given the threats 
facing our nation today, another major security-related tragedy may be 
inevitable. Every effort must be made to increase awareness and 
performance. You can be sure that Osama bin Laden and others like him 
will continue to target Americans and American interests.
    To raise the bar on aviation safety, it will take the best efforts 
of many different groups and individuals, including the Congress. 
Although the recent FAA reauthorization bill contained a few provisions 
intended to improve security, there is always more that can be done. 
That is why Senator Hutchison is to be applauded for proposing 
legislation to address some of the problems in this area. I want to 
work with her to develop this bill and I look forward to helping her 
move it through the Committee.
    One of the key issues addressed in Senator Hutchison's proposal 
involves criminal history checks of prospective airline and airport 
employees who would have unescorted access to secure airport areas. 
There may be an unexpected loophole, however, with respect to 
individuals who are given access to secure areas. An incident at a 
local airport brought this potential problem to light.
    Recently, Dulles Airport police arrested an FAA safety inspector 
who was doing his job on the tarmac at the airport. While that incident 
raises several questions regarding federal and local cooperation on 
security matters, it has uncovered another issue of concern. The 
investigation of this matter has revealed that at least one FAA 
inspector attained his current position despite the fact that he had 
been charged with distribution of marijuana in the past. If we are 
going to set limits on private sector individuals who have access to 
secure airport areas, FAA employees must be held to similar standards.
    It would be sadly ironic if we raise the bar on the private sector, 
but then have lesser requirements for federal inspectors. Fortunately, 
the Inspector General is working with the Justice Department to 
investigate this situation more thoroughly and to determine if there 
may be a problem with other FAA inspectors. I will continue to follow 
this matter closely, and will pursue any remedies that may be 
necessary.
    Aviation security, like aviation safety, requires tremendous 
vigilance. We cannot let our efforts fall off for a moment. If we do, 
there may be dire consequences. Terrorists will definitely exploit our 
vulnerabilities, and they rarely telegraph their intentions. If there 
are flaws in the current system, I hope that we can all work together 
to fix the situation. Progress has been disappointingly slow in the 
past. Aviation security must remain a top priority for federal and 
aviation industry officials.
    I thank our witnesses for participating today and look forward to 
having their input on this critical subject matter.

            Prepared Statement of Hon. Ernest F. Hollings, 
                    U.S. Senator from South Carolina
    Good morning and thank you, Senator Hutchison, for chairing this 
important hearing. We all know that aviation security is an essential 
part of our overall air transportation system, however, it is something 
which we often take for granted. Thus, I am pleased that we are here 
today.
    Terrorism is an ever evolving threat, and to meet its challenge we 
must also change. I just returned from the Middle East and we talked a 
lot about security threats. Today, we know that the threat of terrorism 
has changed. First, it is no longer only a threat from abroad. We have 
terrorists living in the United States and people crossing over our 
borders to do harm. Oklahoma City and Pan Am 103 will live with us 
forever. We are also vulnerable to people like Ramzi Yousef who was 
convicted of masterminding the bombing of the World Trade Center. At 
the time he was apprehended, he was planning to blow up 11 U.S. 
airliners over the Pacific Ocean. The second change in terrorism is 
that it is common to find independent operators, either individuals or 
small groups, i.e. Ted Kaczynski. In light of this, aviation security 
is more critical than ever.
    In terms of the actual screening of passengers, the pre-boarding 
security screeners are a Maginot line between safety and those with ill 
intent. Although they are hard working and often dedicated, the 
turnover rate at most airports is over 100%. At one airport in 
particular, it was recently over 400%. A seasoned screener pool is 
essential to effective screening. However, nowadays it is very 
difficult to find a screener with more than a couple of months of 
experience at these airports. Consequently, the Department of 
Transportation Inspector General's office (DOT IG) and the General 
Accounting Office (GAO) have expressed concerns about screener 
performance.
    In the Federal Aviation Reauthorization Act of 1996, Congress 
mandated that the FAA conduct a study to determine whether the air 
carriers should relinquish their responsibility of administering 
security measures, with respect to passengers, service, flight crew, 
and cargo, over to the federal or state governments, either directly or 
through the airports. In the view of DOT, air carriers should retain 
their role in screening, and improve their participation in the 
security process. In this regard, they must improve security screener 
performance. Fortunately FAA, whose mission is to protect the traveling 
public and ensure the integrity of the civil aviation system, has 
worked to find a solution. It is attempting to raise the performance 
bar for the screener companies by requiring certification. Screeners 
will be tested and their employers will be dependent on their 
performance.
    Good equipment is essential to pre-boarding screeners and airline 
employees screening checked baggage. I look forward to hearing about 
the innovations in detection and increase in deployment. I am 
particularly interested in the explosive detection system and how we 
may need to increase screening. In light of my recent travel to the 
Middle East--I'm interested in knowing how the FAA, the Department of 
State and the Department of Transportation coordinate their security 
efforts.
    I also hope that we will have the opportunity to touch on the 
transport of hazardous material today. In FAIR-21, which was signed by 
President Clinton yesterday, more money is provided for safety 
inspectors. We all agree that the tragic crash of ValuJet in the 
Florida Everglades should never be repeated. Surely, increased 
vigilance and awareness are essential.
    Finally, a good strong working relationship among the FAA, the 
airports, and the air carriers is essential to aviation security. 
Recently, an FAA inspector was arrested at Dulles Airport while 
completing his duties. This incident indicates that better coordination 
is needed among the FAA, the air carriers, and the airports. Security 
is a team effort. It is my understanding that negotiations are ongoing 
to prevent the reoccurrence of this type of mishap.
    The issues which we will address today are ones which we have 
addressed in the past, but they are far from resolved. I look forward 
to hearing from our expert witnesses.

 Prepared Statement of Hon. Richard H. Bryan, U.S. Senator from Nevada
    The maintenance of our aviation security systems in the United 
States is of extreme importance. We are here today to discuss the 
current status of our security screening equipment that is relied upon 
at each of our airports as the last line of defense in preventing 
weapons or explosives from being used to harm the public on our 
commercial airlines. Madame Chairwoman, I would like to thank you for 
addressing this very important issue which concerns the safety of so 
many people each and every day.
    In 1988, the world witnessed the devastating affects of terrorism 
as Pan Am Flight 103 became the target of terrorism that claimed the 
life of 259 passengers and an additional 11 people on the ground. This 
tragedy was not the result of a weapon, but a small amount of Semtex, 
an extremely powerful explosive, that was hidden in a cassette recorder 
packed in a suitcase. For the past twelve years since this accident, 
the Administration and Congress have changed the focus from guns to 
explosives to ensure that future tragedies are averted.
    Many of the steps that both the Administration and Congress have 
pursued include: Passage of the Aviation Security Improvement Act 
(ASIA) of 1990 which required the FAA to begin an accelerated 18-month 
research and development effort to find an effective explosive 
detection system (EDS); following the TWA Flight 800 disaster, the 
creation of the Commission on Aviation Safety and Security in 1996 
which developed 20 specific recommendations for improving security 
including the CAPS (The Computer-Assisted Passenger Screening System) 
for passenger profiling; the 1996 FAA Act which directed the FAA to 
improve screener performance, including certifying screening companies; 
and most recently, the FAA proposed a Notice of Proposed rulemaking 
that would require certification of screening companies. Each one of 
these actions has been a step in the right direction, but in my mind 
there are still problems that need to be addressed.
    Technologically, many advancements have been made that will 
contribute to our goal of maintaining passenger safety, such as the 
development and implementation of a new generation of x-ray machines 
that are able to pick up explosive devices, and the use of various 
Explosive Detection Systems (EDS). However, our screening practices in 
the United States still remain far behind that of our European 
counterparts.
    The average annual screener turnover rates in the U.S. exceed 100% 
per year in most major airports and up to 400% per year at one airport 
in particular. It is apparent that we in the U.S., who are striving to 
achieve the highest level of security, are not requiring the necessary 
training and experience to carry out such a vital role. Currently, the 
average wage for screeners in the U.S. averages $5.75 per hour and some 
do not receive fringe benefits.
    As a point of contrast, the European screener personnel receive 
significantly more training and higher salaries than screeners in the 
U.S. and receive comprehensive benefits. Many screeners in Europe also 
have more screening experience on average than their U.S. counterparts. 
As a result screeners in many European countries have been able to 
detect more than twice as many test objects as screeners in the U.S. 
Madam chairman, this is an obvious problem that needs to be addressed. 
We may advance years ahead in technological equipment, but without 
properly trained and experienced personal, such equipment is useless.
    I believe that the recent proposed rulemaking by the FAA will make 
a positive contribution to the current screening practices through the 
mandatory certification of screening companies who will be held to a 
specific set of standards. However, the FAA has declined to require the 
certification of individual screeners believing that they do not have 
the statutory authority under Title 49 of the FAA Reauthorization Act 
of 1996. Currently, the air carriers have the responsibility to conduct 
screening, and the proposed rulemaking will set standards that they 
must adhere to and would make the carriers accountable for any 
failures. This is a step forward, but I also believe that the FAA must 
specifically address the issue of turnover in the final rulemaking that 
is directly linked to the experience that the screeners use in this 
vital security role. Better training combined with better wages and 
benefits will ultimately provide better screening security.
    In addition to screening, we must also ensure security procedures 
are followed in our nations airports. On November 18, 1999, the 
Department of Transportation Inspector General released the Airport 
Access Control report. This report was the result of physically testing 
various airports in the U.S. for laps is security in both sterile 
(areas in which people must first pass through screening) and non-
sterile areas (pre-screening areas such as ticketing). Frankly, the 
results were shocking:

   Of the 173 attempts to penetrate both non-sterile and 
        sterile areas of the airport, 117 (68 percent) were successful.

   Once penetration was established in secure areas, the 
        inspectors boarded aircraft operated by 35 different air 
        carriers 117 times.

   For the 117 aircraft boarded as a result of penetrating into 
        secure areas:
    --In 43 (37%) boardings, no air carrier personnel were onboard to 
            ensure security of the aircraft as required by security 
            programs.
    --In 43 (37%) boardings, employees (flight crews, maintenance 
            staff, food service workers, and other vendor personnel) 
            were onboard but did not challenge as required.
    --In 13 (11%) boardings, air carrier personnel were present and 
            challenged the inspectors inside the aircraft more than 3 
            minutes after the boarding (FAA uses 3 minutes as the 
            threshold for determining whether an aircraft was 
            successfully penetrated).
    --In only 18 (15%) boardings, air carrier personnel were present 
            and properly challenged the inspectors inside the aircraft 
            within 3 minutes.
    --In 12 instances, the inspectors were seated and ready for 
            departure at the time the test was concluded.

    Madam Chairman, I am happy to be here today to see how far we have 
come with many of our aviation security issues, but I still feel there 
is much work to be done to ensure safety in the future.

 Prepared Statement of Hon. Slade Gorton, U.S. Senator from Washington
    Thank you, Senator Hutchison. I appreciate your chairing of this 
hearing. I know that aviation security has long been an interest of 
yours, and I applaud your continuing efforts on this subject.
    Since a terrorist's bomb brought down Pan Am Flight 103 over 
Scotland, the U.S. has been acutely aware of the modern threats to 
civil aviation. Prior to that tragic incident, hijackings were the 
primary concern. Now we are focused on more sophisticated and 
potentially catastrophic threats.
    The Cold War may be over but the United States still has enemies. 
While we have been relatively fortunate in avoiding terrorism on our 
own soil, we cannot let our guard down. In fact, it was just last 
December in my home State of Washington where an individual was 
arrested at the Canadian border with more than 100 pounds of bomb-
making supplies and a sophisticated detonating device. Although that 
incident has not been linked to aviation, the threats to the U.S. are 
real and close to home. There is little doubt that aviation makes an 
attractive target both here and abroad.
    As with most important aviation initiatives, security is a 
cooperative effort involving the airlines, the airports, and the 
Federal Aviation Administration (FAA). The airlines and airports are 
the ones who bear primary responsibility for keeping passengers and 
aircraft secure from criminals and terrorists. But the FAA plays the 
critical role of setting standards and providing oversight. The FAA 
should also be responsible for developing a comprehensive, strategic 
plan to guide the efforts of everyone involved.
    I understand that the DOT Inspector General's office and other 
experts have been critical of the FAA for not having such a plan. I 
hope to hear today from the FAA about what the agency is doing with 
respect to this issue. Cooperation may be an indispensable part of the 
process, but the airlines, airports, and traveling public look to the 
FAA for leadership. While the FAA has had varying levels of success 
with individual programs and projects, it is important that all the 
separate initiatives be part of an integrated whole.
    The prepared testimonies of today's witnesses do not present an 
entirely reassuring picture of the state of aviation security today. 
While there have been improvements since Congress last took action in 
1996, certain aspects of the security effort appear to be falling 
short. It is vital that any deficiencies in the aviation security 
system be addressed quickly. Those who would do harm to the U.S. and 
its interests are not known to be forgiving of vulnerabilities and 
weaknesses.
    I thank each of our witnesses for being here and look forward to 
exploring this critical issue further.

      STATEMENT OF GERALD DILLINGHAM, ASSOCIATE DIRECTOR, 
         TRANSPORTATION AND TELECOMMUNICATIONS ISSUES, 
 RESOURCES, COMMUNITY, AND ECONOMIC DEVELOPMENT DIVISION, U.S. 
                   GENERAL ACCOUNTING OFFICE

    Mr. Dillingham. Thank you, Madam Chair, for the opportunity 
to be here this morning to discuss some of the aviation 
security work that we have done for this Committee and other 
committees of the Congress. This morning, I am going to focus 
on two security areas, air traffic control, and pre-board 
passenger screening.
    With regard to ATC security, 2 years ago we completed a 
study of several critical ATC security areas, including 
physical security at ATC facilities, and the security of 
current and future ATC systems. Our overall conclusion was that 
FAA was ineffective in all of the critical areas included in 
our review.
    For example, we found that a significant proportion of the 
Nation's ATC facilities did not meet FAA's own standards for 
physical security. We also found that FAA had not performed the 
necessary analysis to determine security weaknesses for a 
significant proportion of the current ATC systems.
    We also found the beginnings of similar problems with the 
computer-based systems that would be a part of the soon-to-be-
modernized ATC system. The good news is that as a result of our 
report, the agency has begun to address these problems. The 
not-so-good news is that serious problems remain. Just 4 months 
ago, we reported that FAA allowed unvetted personnel, including 
dozens of foreign nationals, access to critical ATC computer 
codes to make and review Y2K fixes.
    With regard to screener performance, Madam Chair, because 
of the sensitive nature of the data about the effectiveness of 
pre-board passenger screening, we cannot provide those details 
in this public forum. Suffice it to say that performance is far 
from an acceptable level in what some have called the last line 
of defense for aviation security.
    Our review also looked at the causes and potential 
solutions to performance problems. We found that two of the 
most important causes of performance problems are rapid turn-
over rates and the inattention paid to the human factors issues 
involved in screener work. Turnover exceeds 100 percent a year 
at most large airports and it has topped 400 percent at one of 
the busiest airports in the nation.
    For example, at one airport we visited, nearly 1,000 
screeners had been trained during the course of 1 year. At the 
end of that year, only 140 were left. The effect of this kind 
of turnover is to have fewer experienced screeners at the 
checkpoints. It also has the effect of lessening the potential 
impact of the sophisticated and expensive screening equipment 
that the Federal Government is funding and deploying at the 
Nation's airports.
    We believe that the main reasons for these kinds of 
turnover rates are low wages and the few benefits that 
screeners receive, and maybe equally important are the human 
factor elements of the job itself.
    FAA now has several initiatives underway to address 
screener performance problems. These initiatives include 
establishing a screening company certification program, and 
installing a system called TIP, for automated monitoring of 
screener performance. Additionally, FAA is establishing goals 
for improving performance in accordance with the Government 
Performance and Results Act. FAA is also developing a battery 
of tests that can be used by screening companies to improve the 
selection and training of screener candidates.
    Unfortunately, none of these initiatives has been fully 
implemented, and most are behind schedule. For example, the 
screening company certification program is 2 years behind 
schedule, and will not begin implementation until 2002, and 
partially as a result of these delays FAA is also falling short 
in meeting its screener improvement goals.
    Another aspect of our work is a search for potential 
practices or lessons learned for improving performance. In our 
visits to several other countries, we found that in most 
countries screeners are required to have more extensive 
qualifications, meet higher training standards, screeners are 
paid more, and benefits are provided.
    Organizationally, these countries generally place the 
responsibility for screening with airports or the Government, 
instead of air carriers, as in the United States. The question, 
of course, is, does it make a difference? The answer is, maybe. 
The five countries we visited had significantly lower screener 
turnover and may have better screener performance. I say may 
have, because there is very little evidence that we had to 
examine about this particular issue, but the one example that 
we do have is a joint screener test between the United States 
and a European country, where the European screeners detected 
over twice as many test objects as the American screeners.
    We recognize that screener performance problems do not fall 
solely on the shoulders of FAA. The responsibility for certain 
conditions, such as rapid turnover, more appropriately rests 
with the air carriers and the screening companies. 
Nevertheless, Madam Chair, FAA does have a leadership 
responsibility not only for improving screener performance but 
also for improving the overall state of aviation security.
    In our view, the actions that FAA has currently underway 
are steps in the right direction and, when fully implemented, 
may provide the needed improvement. However, Madam Chair, it is 
critical that the Congress maintain vigilant oversight over 
FAA's efforts to ensure that it fully implements these 
initiatives in a timely fashion.
    Thank you.
    [The prepared statement of Mr. Dillingham follows:]
     Prepared Statement of Gerald Dillingham, Associate Director, 
Transportation and Telecommunications Issues, Resources, Community, and 
     Economic Development Division, U.S. General Accounting Office
Mr. Chairman and Members of the Subcommittee:

    We appreciate the opportunity to be here today to discuss the 
security of the nation's air transport system. The air transport system 
is vital to our nation's prosperity, and protecting this system from 
terrorist attacks or other dangerous acts remains an important national 
issue. Events over the past decade have shown that the threat of 
terrorism against the United States is an ever-present danger and, 
coupled with the fact that aviation is an attractive target for 
terrorists, indicate that the security of the air transport system 
remains at risk. Protecting this system demands a high level of 
vigilance because a single lapse in aviation security can result in 
hundreds of deaths, destroy equipment worth hundreds of millions of 
dollars, and have immeasurable negative impacts on the economy and the 
public's confidence in air travel.
    Our testimony today discusses the Federal Aviation Administration's 
(FAA) efforts to implement and improve security in two key areas: air 
traffic control computer systems and airport passenger screening 
checkpoints. Computer systems--and the information within--are the 
crucial link for providing information to air traffic controllers and 
aircraft flight crews to ensure the safe and expeditious movement of 
aircraft. Screening checkpoints and the screeners who operate them 
provide the means to ensure that passengers and others do not bring 
dangerous items aboard aircraft. Our testimony is based on issued 
reports on computer security and on work that we have under way on 
checkpoint screeners that we are conducting at this Subcommittee's 
request. Our report on checkpoint screeners will be issued shortly.
    In summary, Mr. Chairman, our work has identified security problems 
in both the air traffic control computer systems and in the performance 
of checkpoint screeners:

   A report we issued in 1998 detailed weaknesses in critical 
        computer security areas, including the physical security at 
        facilities that house air traffic control systems and the 
        management of security for operational computer systems. For 
        example, FAA had not assessed the physical security at a large 
        portion of its air traffic control facilities and had not 
        performed the necessary threat analyses for 87 of its 90 
        operational air traffic control computer systems in the 5 years 
        prior to our review. FAA has since initiated actions to resolve 
        the problems we identified in these instances; however, in 
        December 1999, we reported that FAA was still not following its 
        own security requirements as it failed to conduct the required 
        background searches on contractor employees reviewing and 
        repairing critical computer system software.

   FAA and the airline industry have made little progress in 
        improving the effectiveness of airport checkpoint screeners. 
        Screeners are not adequately detecting dangerous objects, and 
        long-standing problems affecting screeners' performance remain, 
        such as the rapid screener turnover and the inattention to 
        screener training. FAA's efforts to address these problems are 
        behind schedule. For example, FAA is 2 years behind schedule in 
        issuing a regulation that would implement a congressionally 
        mandated requirement to certify screening companies and improve 
        the training and testing of screeners. Partially as a 
        consequence of its delays, FAA has not attained its fiscal year 
        1999 Government Performance and Results Act goals for improving 
        screener performance. Five countries we visited had different 
        screening practices and significantly lower screener turnover 
        and may have better screener performance. One country's 
        screeners detected over twice as many test objects in a joint 
        testing program that it conducted with FAA.

    The security problems we have found would by themselves be cause 
for concern. Unfortunately, Mr. Chairman, the problems we have 
identified are not unique. Problems identified by others, such as the 
Department of Transportation's Inspector General, point out weaknesses 
in a number of other key aviation protection measures. Taken together, 
these problems show the chain of security protecting our aviation 
system has not one but several weak links. It must be recognized that 
the responsibility for these problems does not fall on the shoulders of 
FAA alone. The aviation industry is responsible for undertaking the 
security measures at airports and many of the problems identified--such 
as rapid screener turnover--more appropriately rest with it.
    The fact that there have been no major security incidents in recent 
years--such as the 1988 bombing of Pan Am Flight 103--could breed an 
attitude of complacency. Maintaining or improving aviation security in 
such an environment is more challenging. However, serious 
vulnerabilities in our aviation security system exist and must be 
adequately addressed. We expressed concern 2 years ago that the 
momentum of aviation security improvements must not be lost, and we 
express that concern again today. Continual congressional oversight 
will be needed to hold the aviation community accountable for 
establishing and achieving specific improvement goals and changes.
Background
    Before I discuss these issues in greater detail, it is important to 
place some perspective on the nation's aviation security system. 
Providing security to the nation's aviation system is a complex and 
difficult task because of the size of the U.S. system, the differences 
among airlines and airports, and the unpredictable nature of terrorism 
or criminal acts. The U.S. civil aviation system comprises hundreds of 
commercial airports, thousands of aircraft, and tens of thousands of 
flights each day that transport over 2 million passengers. FAA has 
hundreds of facilities throughout the country that monitor and direct 
the flow of aircraft to ensure they arrive safely at their intended 
destination. Providing security to such a vast and diverse system can 
be a daunting challenge.
    Yet the need for strong aviation security grows every day. The 
threat of terrorism against the United States remains high and, as 
evidenced by the 1995 discovery of a plot to bomb as many as 11 U.S. 
airliners, civil aviation is an attractive target. More recent events 
such as the December 1999 apprehension at the Canadian border of a 
suspected terrorist with bomb components, including some small enough 
to be brought onto an aircraft, reaffirm the need for concern. Other 
threats such as ``air rage''--those hostile or possibly criminal acts 
that occur onboard aircraft--are on the increase and could be 
potentially catastrophic if dangerous objects, such as weapons, were to 
be involved. In the past month alone, there have been two such 
incidents in which passengers attacked pilots in the cabins of airborne 
flights. Finally, a growing threat--computer hackers--has evolved that 
could threaten the security of aircraft or the entire national airspace 
system. If hackers are able to penetrate the air traffic control 
system, they could attack the computer systems used to communicate with 
and control aircraft, potentially causing significant economic problems 
and placing aircraft at risk.
    The threat of terrorist or other acts against aircraft have led to 
numerous calls for improvements that address the vulnerabilities in the 
aviation system. During the last decade, two presidential commissions 
have reviewed and reported on problems with various aspects of aviation 
security, and two major laws have been enacted that required actions to 
improve security measures. Additionally, the Congress provided about $1 
billion to FAA over the last 4 fiscal years to carry out its civil 
aviation security program, including over $340 million for the purchase 
and deployment of security equipment at U.S. airports.
ATC Computer Security
    Securing the air traffic control (ATC) computer systems that 
provide information to controllers and flight crews is critical to the 
safe and expeditious movement of aircraft. Failure to adequately 
protect these systems, as well as the facilities that house them, could 
cause nationwide disruption of air traffic or even loss of life. 
Moreover, malicious attacks on computer systems are becoming an 
increasing threat, and it is essential that FAA ensure the integrity 
and availability of the ATC computer systems and protect them from 
unauthorized access. Numerous laws as well as FAA's policy require that 
these systems be adequately protected.
    However, as we reported in May 1998, FAA had been ineffective in 
four critical computer security areas we reviewed.\1\ The first of 
these areas was physical security at key ATC facilities, such as towers 
and en route centers, where known weaknesses existed. For example, 
contractor employees were given unrestricted access to sensitive areas 
without required background investigations. In addition, at many 
facilities, the extent of weaknesses was unknown because FAA did not 
follow its own security policy and did not conduct the required 
physical security assessments from 1993 to 1998 at a large portion of 
its ATC facilities.
---------------------------------------------------------------------------
    \1\ Air Traffic Control: Weak Computer Security Practices 
Jeopardize Flight Safety (GAO/AIMD-98-155, May 18, 1998).
---------------------------------------------------------------------------
    Second, FAA had not ensured the security of operational ATC 
systems. FAA's policy requires that all ATC systems be assessed for 
risk, certified that they comply with FAA's requirements, and 
accredited by FAA management once the appropriate security safeguards 
have been implemented. However, of 90 operational ATC systems, only 3--
less than 4 percent--were certified and none was accredited. 
Additionally, security assessments for ATC telecommunications systems 
were similarly lacking. Eight of nine telecommunications systems were 
not assessed despite the fact that FAA's 1994 Telecommunications 
Strategic Plan stated that ``vulnerabilities that can be exploited in 
aeronautical telecommunications potentially threaten property and 
public safety.''
    Third, FAA was not adequately managing security for new ATC 
systems. Because FAA had no security architecture, security concept of 
operations, or security standards, the implementation of security 
requirements for ATC development efforts were ad hoc and sporadic. Of 
the six system development efforts we reviewed, only four had security 
requirements, and of these, only two were based on risk assessments. 
Without security requirements based on sound risk assessments, FAA 
lacks assurance that future ATC systems will be protected from attack.
    Fourth, FAA's management structure was not effectively implementing 
and enforcing computer security policy. Responsible offices did not 
adequately implement and enforce security policy, and FAA lacked a 
central point for enforcing security. In particular, FAA did not have a 
Chief Information Officer (CIO) reporting directly to the FAA 
Administrator, a management structure consistent with Clinger-Cohen Act 
requirements.
    As a result of our work, FAA has initiated efforts to address all 
four computer security problem areas. For example, it has inspected the 
facilities it had not assessed since 1993, and it has established a CIO 
position with responsibility for developing, implementing, and 
enforcing the agency's security policy. Nevertheless, weaknesses 
continue in FAA's efforts to maintain effective computer security. In 
December 1999, we reported that FAA was still not following its own 
security requirements.\2\ We found FAA used contractor employees to 
make Year 2000 repairs to mission-critical ATC systems and to review 
these systems' software without the required background searches being 
performed. In one case, we found that no background searches were 
performed on 36 foreign nationals who had access to copies of critical 
ATC systems' source code. As a result of not following its own security 
requirements, FAA increased the risk of inappropriate individuals 
gaining access to, and knowledge of, its facilities, information, and 
resources. Consequently, the ATC system may now be more susceptible to 
intrusion and malicious attacks. We are currently following up on the 
status of FAA's efforts to resolve the computer security problems we 
identified as part of an ongoing computer security review.
---------------------------------------------------------------------------
    \2\ Computer Security: FAA Needs to Improve Controls Over Use of 
Foreign Nationals to Remediate and Review Software (GAO/AIMD-00-55, 
Dec. 23, 1999).
---------------------------------------------------------------------------
Checkpoint Screeners
    Not only have we found security problems at air traffic control 
facilities, but more significantly, we have found problems at the 
screening checkpoints at airports. The screening checkpoints and the 
screeners who operate them are a key line of defense against the 
introduction of dangerous objects into the aviation system. All 
passengers and their baggage must be checked for weapons, explosives, 
or other dangerous articles that could pose a threat to the safety of 
an aircraft and those aboard it. FAA and the air carriers share this 
responsibility. FAA prescribes the screening regulations and 
establishes the basic standards for the screeners, the equipment, and 
the procedures to be used, and the air carriers are responsible for 
screening passengers and their baggage before they are permitted into 
the secure areas of an airport or onto an aircraft. Air carriers can 
use their own employees to conduct screening activities, but for the 
most part, air carriers hire security companies to do the screening.
    The screeners detect thousands of dangerous objects each year. Over 
the past 5 years, they detected nearly 10,000 firearms being carried 
through checkpoints, according to FAA. Nevertheless, the screeners do 
not identify all threats, and instances occur each year in which 
weapons are discovered to have passed through a checkpoint. We found a 
number of cases in which passengers passed through checkpoints on the 
first flight of their trips and were subsequently found to have loaded 
guns at screening checkpoints prior to boarding connecting flights. 
Similarly, we are aware of two instances in which simulated explosive 
devices used for testing screeners passed through screening checkpoints 
and were placed aboard aircraft.
    Concerns have been raised for many years by us and by others about 
the effectiveness of the screeners and the need to improve their 
performance. In 1978, the screeners were not detecting 13 percent of 
the potentially dangerous objects FAA agents carried through 
checkpoints during tests--a level that was considered ``significant and 
alarming.'' In 1987, we found that screeners were not detecting 20 
percent of the objects during FAA's tests.\3\ Two presidential 
commissions--established after the bombing of Pan Am Flight 103 in 1988 
and the then-unexplained crash of TWA Flight 800 in 1996--as well as 
numerous reports by GAO and the Department of Transportation's 
Inspector General have highlighted problems with screening and the need 
for improvements. To rectify some of these problems, the Federal 
Aviation Reauthorization Act of 1996 mandated that FAA certify 
screening companies, improve the training and testing of the screeners, 
and develop performance standards. However, Mr. Chairman, problems with 
the screeners' performance remain a serious concern. Data on FAA's test 
results cannot be released publicly, but our research shows that the 
screeners' ability to detect objects during the agency's tests is not 
improving, and in some cases is worsening.
---------------------------------------------------------------------------
    \3\ Aviation Security: FAA Needs Preboard Passenger Screening 
Performance Standards (GAO/RCED-87-182, July 24, 1987).
---------------------------------------------------------------------------
Screeners' Performance Problems Are Attributed to Rapid Turnover and 
        Inattention to Human Factors
    There is no single reason why screeners fail to identify dangerous 
objects. Two conditions--rapid screener turnover and inadequate 
attention to human factors--are believed to be important causes. The 
rapid turnover among screeners has been a long-standing problem, having 
been singled out as a concern in FAA and GAO reports dating back to at 
least 1979. We reported in 1987 that turnover among screeners was about 
100 percent a year at some airports, and today, the turnover is 
considerably higher.\4\ From May 1998 through April 1999, turnover 
averaged 126 percent among screeners at 19 large airports, with 5 
airports reporting turnover of 200 percent or more and 1 reporting 
turnover of 416 percent. At one airport we visited, of the 993 
screeners trained there over about a 1-year period, only 142, or 14 
percent, were still employed at the end of that year. Such rapid 
turnover can seriously affect the level of experience among the 
screeners operating a checkpoint. Appendix I lists the turnover rates 
for screeners at 19 large airports.
---------------------------------------------------------------------------
    \4\ GAO/RCED-87-182, July 24, 1987.
---------------------------------------------------------------------------
    Both FAA and the aviation industry attribute the rapid turnover to 
the low wages the screeners receive, the minimal benefits, and the 
daily stress of the job. Generally, screeners get paid at or near the 
minimum wage. We found that some of the screening companies at many of 
the nation's largest airports paid screeners a starting salary of $6 an 
hour or less, and at some airports the starting salary was the minimum 
wage--$5.15 an hour. It is common for the starting wages at airport 
fast-food restaurants to be higher than the wages the screeners 
receive. For instance, at one airport we visited, the screeners' wages 
started as low as $6.25 an hour, whereas the starting wage at one of 
the airport's fast-food restaurants was $7 an hour.
    The human factors associated with screening--those work-related 
issues that are influenced by human capabilities and constraints--have 
also been noted by FAA as problems affecting performance for over 20 
years. Screening duties require repetitive tasks as well as intense 
monitoring for the very rare event when a dangerous object might be 
observed. Too little attention has been given to factors such as (1) 
individuals' aptitudes for effectively performing screening duties, (2) 
the sufficiency of the training provided to the screeners and how well 
they comprehend it, and (3) the monotony of the job and the 
distractions that reduce the screeners' vigilance. As a result, 
screeners are being placed on the job who do not have the necessary 
abilities, do not have adequate knowledge to effectively perform the 
work, and who then find the duties tedious and unstimulating.
FAA Is Making Efforts to Address Causes of Screeners' Performance 
        Problems, but Progress Has Been Slow
    FAA has demonstrated that it is aware of the need to improve the 
screeners' performance by conducting efforts intended to address the 
turnover and human factors problems and by establishing goals with 
which to measure the agency's success in improving performance. The 
efforts include establishing a threat image projection system to keep 
screeners alert and to monitor their performance; a screening company 
certification program; and screener selection tests, computer-based 
training, and readiness tests. FAA's implementation of these efforts, 
however, has encountered substantial delays and is behind schedule. I 
would like to focus on two key efforts, the threat image projection 
system and the screening company certification program, and then 
discuss FAA's progress in achieving its goals for improved screener 
performance.
    The Threat Image Projection System
    FAA is deploying an enhancement to the x-ray machines used at the 
checkpoints called the threat image projection (TIP) system. As 
screeners routinely scan passengers' carry-on bags, TIP occasionally 
projects images of dangerous objects like guns and explosives on the x-
ray machines' screens. The screeners are expected to spot the objects 
and signal for the bags to be manually searched. Once prompted, TIP 
indicates whether an image is of an actual object in a bag or was 
generated by the system and also records the screeners' responses, 
providing a measure of their performance while keeping them more alert. 
By frequently exposing screeners to what dangerous objects look like on 
screen, TIP will also provide continuous on-the-job training.
    FAA is behind schedule in deploying this system. It had planned to 
begin deploying 284 units to 19 large airports in April 1998. But as a 
result of hardware and software problems, FAA dropped its plans to 
install the units on existing x-ray machines nationwide. Instead, in 
mid-2000, it will begin purchasing and deploying 1,380 new x-ray 
machines already equipped with the TIP system. FAA expects to have the 
system in place at the largest airports by the end of fiscal year 2001 
and at all airports by the end of fiscal 2003.
    Unfortunately, the delays in the TIP system's deployment have 
impeded another key initiative to improve the screeners' performance: 
the certification of screening companies.
    The Certification of Screening Companies
    In response to a mandate in the Federal Aviation Reauthorization 
Act of 1996 and a recommendation from the 1997 White House Commission 
on Aviation Safety and Security, FAA is creating a program to certify 
the security companies that staff the screening checkpoints. The agency 
plans to establish performance standards--an action we recommended in 
1987 \5\--that the screening companies will have to meet to earn and 
retain certification. It will also require that all screeners pass 
automated readiness tests after training and that all air carriers have 
TIP units on the x-ray machines at their checkpoints so that the 
screeners' performance can be measured to ensure FAA's standards are 
met. FAA believes that the need to meet certification standards will 
give the security companies a greater incentive to retain their best 
screeners longer and so will indirectly reduce turnover by raising the 
screeners' wages and improving training. Most of the air carrier, 
screening company, and airport representatives we contacted said they 
believe certification has the potential to improve the screeners' 
performance.
---------------------------------------------------------------------------
    \5\ GAO/RCED-87-182, July 24, 1987.
---------------------------------------------------------------------------
    FAA plans to use data from the TIP system to guide it in setting 
its performance standards, but because the system will not be at all 
airports before the end of fiscal year 2003, the agency is having to 
explore additional ways to set standards. FAA plans to issue the 
regulation establishing the certification program by May 2001, over 2 
years later than its earlier estimated issue date of March 1999. 
According to FAA, it has needed more time to develop performance 
standards and to develop and process a very complex regulation. The 
first certification of screening companies is expected to take place in 
2002.
    FAA's Goals for Screeners' Performance
    As required by the Government Performance and Results Act, FAA 
established goals in 1998 for improving screeners' detection of test 
objects carried through metal detectors and concealed in carry-on 
baggage. FAA views specific data relating to these goals, as well as 
other information relating to screeners' detection rates, to be too 
sensitive to release publicly. However, it can be said that, in part 
because of the delays in implementing its screener improvement efforts, 
the agency did not meet its first-year goals for improving screener 
performance. FAA acknowledged that it did not meet its fiscal year 1999 
improvement goal for detecting dangerous objects carried through metal 
detectors, but it believed that it had nearly met its goal for 
improving their detection in carry-on baggage. However, we found flaws 
in FAA's methodology for computing detection rates, and that, in fact, 
the goal was not met. We have discussed our findings with FAA, and as 
result of our findings and the delays in its initiatives, the agency is 
revising its goals.
    We are encouraged that FAA is currently developing an integrated 
checkpoint screening management plan to better focus its efforts and 
meet its goals for improving the screeners' performance. According to 
FAA officials, the plan, which is still in draft form, will (1) 
incorporate FAA's goals for improving the screeners' performance and 
detail how its efforts relate to the achievement of the goals; (2) 
identify and prioritize checkpoint and human factors problems that need 
to be resolved; and (3) provide measures for addressing the performance 
problems, including related milestone and budget information. Moreover, 
the draft plan will consolidate the responsibility for screening 
checkpoint improvements under a single program manager, who will 
oversee and coordinate efforts at FAA headquarters, field locations, 
and the agency's Technical Center in Atlantic City, New Jersey. FAA 
expects the plan to be completed in April 2000 and to be continuously 
updated based on its progress.
Screening Practices in Five Other Countries Differ From U.S. Practices
    To identify screening practices that differ from those in the 
United States, we visited five countries--Belgium, Canada, France, the 
Netherlands, and the United Kingdom--viewed by FAA and the aviation 
industry as having effective screening operations. These countries also 
have significantly lower screener turnover than the United States--
about 50 percent or lower. We found some significant differences in 
four areas: screening operations, screeners' qualifications, screeners' 
pay and benefits, and institutional responsibility for screening.
    First, screening operations in some countries are more stringent. 
For example, Belgium, the Netherlands, and the United Kingdom routinely 
touch or ``pat down'' passengers in response to metal detector alarms. 
Additionally, all five countries allow only ticketed passengers through 
the screening checkpoints, thereby allowing the screeners to more 
thoroughly check fewer people. Some countries also have a greater 
police or military presence near checkpoints. In the United Kingdom, 
for example, security forces--often armed with automatic weapons--
patrol at or near checkpoints. At Belgium's main airport, a constant 
police presence is maintained at one of two glass-enclosed rooms 
directly behind the checkpoints.
    Second, the screeners' qualifications are usually more extensive. 
For example, in contrast to the United States, Belgium requires 
screeners to be citizens, while France requires screeners to be 
citizens of a European Union country. In the Netherlands, screeners do 
not have to be citizens, but they must have been residents of the 
country for 5 years. Moreover, while FAA requires that screeners in 
this country have 12 hours of classroom training, Belgium, Canada, 
France, and the Netherlands require more. France requires 60 hours of 
training, and Belgium requires at least 40 hours with an additional 16 
to 24 hours for each activity, such as x-ray machine operations, the 
screener will conduct.
    Third, the screeners receive relatively better pay and benefits in 
most of these countries. While in the United States screeners receive 
wages that are at or slightly above minimum wage, screeners in some 
countries receive wages that they view as being ``middle income.'' In 
the Netherlands, for example, screeners receive at least the equivalent 
of about $7.50 per hour. This wage is about 30 percent higher than 
wages at fast-food restaurants. In Belgium, screeners receive about $14 
per hour. Screeners in some countries also receive some benefits, such 
as health care or vacations, as required under the laws of these 
countries.
    Finally, the responsibility for screening in most of these 
countries is placed with the airport or with the government, not with 
the air carriers as it is in the United States. In Belgium, France, and 
the United Kingdom, the responsibility for screening has been placed 
with the airports, which either hire screening companies to conduct the 
screening operations or, as at some airports in the United Kingdom, 
hire screeners or manage the checkpoints themselves. In the 
Netherlands, the government is responsible for passenger screening and 
hires a screening company to conduct checkpoint operations, which are 
overseen by a Dutch police force.
    Because each country follows its own unique set of screening 
practices, and because data on screener performance in each country 
were not available to us, it is difficult to measure the impact of 
these different practices, either individually or jointly, on improving 
screeners' performance. Nevertheless, there are indications that in at 
least one country, the practices may help to improve the screeners' 
performance. This country conducted a testing program jointly with FAA 
that showed that the other country's screeners detected over twice as 
many test objects as did the screeners in the United States.
    We note that practices similar to those in other countries have 
been proposed in the United States. The Chicago Department of Aviation, 
which operates Chicago-O'Hare International Airport, has advocated 
moving the responsibility for screening to airports, hiring screening 
companies under a model similar to that used by the General Services 
Administration to contract for security services, and having 
universities conduct more extensive and independent screener training 
programs. In response to a requirement of the Federal Aviation 
Reauthorization Act of 1996, FAA did evaluate options for moving 
screening responsibilities to airports or the federal government. The 
agency said that it found no consensus for moving these 
responsibilities to other parties, and consequently the responsibility 
for screening remains with the air carriers.
Summary
    Many vulnerable areas in the aviation system need strong 
protection. Unfortunately, Mr. Chairman, the problems we have 
identified in two of these areas are not unique. Others such as the 
Department of Transportation's Inspector General and the National 
Research Council have identified other problems with the security 
controls in and around airports, the implementation of security 
procedures, and the use and effectiveness of new equipment intended to 
better assist in identifying threats. Taken together, these problems 
point out that effective security for our nation's aviation system has 
not yet been achieved. It is often said that a chain is only as strong 
as its weakest link; in the case of aviation security, there are still 
many weak links. It must be recognized that these weak links are not 
the responsibility of FAA alone. The responsibility for certain 
conditions, such as the rapid screener turnover, more appropriately 
rests with the air carriers and screening companies. It will, 
therefore, take the cooperation of the aviation industry to put into 
place the actions needed to improve security.
    In closing, Mr. Chairman, the fact that there has been no major 
security incident in the United States or involving a U.S. airliner in 
nearly a decade could breed an attitude of complacency in improving 
aviation security. Improving security in such an environment is more 
challenging and difficult. Two years ago, in another testimony before 
the Congress, we expressed a similar concern in stressing that the 
momentum of aviation security improvements must not be lost. Given the 
extent of the problems, we must reiterate this concern and believe that 
continuing congressional oversight in holding FAA and the aviation 
industry accountable for improving the aviation security will be 
critical to the full achievement of a safe and secure air 
transportation system.
    Mr. Chairman, this concludes my prepared statement. I will be 
pleased to answer any questions that you or Members of the Subcommittee 
may have.

                             Appendix I Screener Turnover Rates at 19 Large Airports
                                               May 1998-April 1999
----------------------------------------------------------------------------------------------------------------
                                                                                                       Annual
                                                                                                      turnover
                                          City (airport)                                                rate
                                                                                                    (percentage)
----------------------------------------------------------------------------------------------------------------
Atlanta (Hartsfield Atlanta International)                                                               375
Baltimore (Baltimore-Washington International)                                                           155
Boston (Logan International)                                                                             207
Chicago (Chicago-O'Hare International)                                                                   200
Dallas-Ft. Worth (Dallas/Ft. Worth International)                                                        156
Denver (Denver International)                                                                            193
Detroit (Detroit Metro Wayne County)                                                                      79
Honolulu (Honolulu International)                                                                         37
Houston (Houston Intercontinental)                                                                       237
Los Angeles (Los Angeles International)                                                                   88
Miami (Miami International)                                                                               64
New York (John F. Kennedy International)                                                                  53
Orlando (Orlando International)                                                                          100
San Francisco (San Francisco International)                                                              110
San Juan (Luis Munoz Marin International)                                                                 70
Seattle (Seattle-Tacoma International)                                                                   140
St. Louis (Lambert St. Louis International)                                                              416
Washington (Washington-Dulles International)                                                              90
Washington (Ronald Reagan Washington National)                                                            47
 
    Total                                                                                                126
----------------------------------------------------------------------------------------------------------------
Source: FAA.

    Senator Hutchison. Thank you, Mr. Dillingham.
    Hon. Cathal Flynn, the Associate Administrator for Civil 
Aviation Security at the FAA. Admiral Flynn.

           STATEMENT OF HON. CATHAL FLYNN, ASSOCIATE 
  ADMINISTRATOR FOR CIVIL AVIATION SECURITY, FEDERAL AVIATION 
                         ADMINISTRATION

    Admiral Flynn. Madam Chair, thank you for the opportunity 
to speak with you today on the issue of aviation security. I 
would like to briefly summarize some of our recent efforts to 
enhance the security of our aviation system. The threat to our 
Nation's aviation community has not diminished. This remains a 
dangerous world. Although we have made significant progress, 
Governments, airlines, and airports must continue to work 
cooperatively to achieve safe and secure air transportation 
worldwide.
    Incidents worldwide of unlawful interference with civil 
aviation--that is, hijackings and sabotage--have decreased over 
the last 20 years, while the number of flights and enplanements 
has increased very substantially. But, as was graphically 
demonstrated by the recent hijacking of an Air India aircraft 
in which one passenger was murdered, the threat remains very 
real.
    We are focusing our efforts on the screening of passengers 
and cargo in order to ensure that unlawful or dangerous 
weapons, explosives, or other dangerous substances are not 
carried on aircraft. In response to both the White House 
Commission on Aviation Safety and Security, and to direction 
and guidance from this Committee in the 1996 FAA 
Reauthorization Act, we have developed a draft rule to improve 
screening efforts.
    We published the Notice of Proposed Rulemaking in early 
January. We have held two public listening sessions in 
Washington and San Francisco, and a third is being conducted 
today in Fort Worth. The public comment period will end on May 
4, and we expect the rule to become final within a year 
subsequent to that.
    The proposed rule would require the certification of all 
screening companies, specifies training requirements for 
screeners, and establishes requirements for the use of 
screening equipment. It would require screeners to use threat 
image projection (TIP), or TIP-equipped x-ray systems and 
explosives detection systems (EDS).
    A TIP system electronically inserts images of possible 
threats, like guns, knives, explosive devices, on x-ray or 
explosives detection system monitors. Its purpose is to provide 
training, keep screeners alert, and very importantly, to be 
able to measure performance accurately. We believe high scores 
in detecting TIP images will equate to a high probability of 
detecting real bombs. We will continue to closely monitor TIP's 
capabilities in the operational environment, making necessary 
adjustments as we gain more experience with this technology.
    Screeners must be given the best tools available to do the 
job, and must be trained to use them properly. Foremost among 
the tools are explosives detection systems. EDS installation 
and utilization remain among our greatest concerns. These 
systems have proven their effectiveness in detecting the 
amounts and types of explosives likely to be placed in checked 
baggage or small packages carried as cargo or baggage on 
commercial passenger aircraft.
    Similarly, explosives trace detection devices have been 
shown to be effective in discovering even the smallest amounts 
of explosives in carry-on bags and articles.
    Until we have the technology to screen all checked bags 
with explosive detection systems, without causing intolerable 
delays in processing passengers, we must continue to focus 
intelligently on a smaller segment of bags. The successful 
CAPPS program--CAPPS stands for computer-assisted passenger 
prescreening system--allows us to focus on a manageable 
population of passengers. CAPPS is a computerized system that 
essentially selects passengers whose checked baggage will be 
subject to further security measures. The system uses 
parameters developed within the counterterrorism, intelligence 
and law enforcement communities which have been found by the 
Justice Department to be nondiscriminatory and to meet Fourth 
Amendment standards.
    Another area of increasing importance is air cargo. Cargo 
screening is improving steadily. We have strengthened the cargo 
security standards for all passenger air carriers and air 
freight forwarders by narrowing the definition of a known 
shipper and focusing security resources on unknown shippers. In 
September 1999, changes to United States and foreign air 
carrier security programs, and indirect air carrier--that is 
freight forwarder--security programs became effective.
    In addition, on-board couriers are now required to declare 
themselves to the air carrier, thus assuring that their bags 
will be properly secured.
    Access control is another important issue of concern. The 
DOT Inspector General and GAO audits have properly noted 
industry's problems in performing FAA-required access control 
measures and background checks of their employees. More needs 
to be done by FAA and the airports in these areas.
    We are working with airport operators and air carriers to 
implement and strengthen existing controls to eliminate access 
control weaknesses. A particularly intensive round of access 
control tests started on February 7, 2000, and will continue at 
some frequency indefinitely. Performance has improved.
    Now, there are many other aspects of our security program, 
from the high tech million-dollar explosives detection systems, 
to Federal Air Marshals, who fly on a high number of our 
flights armed, to protect against hijackings. There are also 
less dramatic things, such as the explosive detection canine 
program.
    Following direction in the Reauthorization Act and of the 
White House Commission, the number of canine teams has doubled 
from 87 teams at 26 airports in 1996 to 175 teams today at 39 
of our busiest airports. These canine teams, which are very 
effective in dealing with a variety of security situations, are 
now 100 percent dedicated to aviation security.
    Madam Chair, we believe the safety and security of the 
traveling public, our own citizens and those visiting the 
United States from abroad, is worth the investment that will 
need to be made by both Government and the private sector. We 
are moving in the right direction, and we appreciate very much 
the support that this Committee has given for our work.
    That concludes my statement, and I will be happy to answer 
questions.
    [The prepared statement of Admiral Flynn follows:]

 Prepared Statement of Hon. Cathal Flynn, Associate Administrator for 
        Civil Aviation Security, Federal Aviation Administration
Madam Chair, Senator Rockefeller and Members of the Subcommittee:

    Thank you for the opportunity to speak with you today on aviation 
security and the progress we have made since the 1996 Federal Aviation 
Administration reauthorization legislation in enhancing security of our 
aviation system. Today I would like to discuss several important 
security initiatives, including our recent rulemaking effort on the 
training, performance, and retention of airline security screeners at 
airports. As directed by legislation passed by this Committee in 1996, 
the Federal Aviation Administration (FAA) is conducting a rulemaking 
that would require screening companies to be certified by the FAA. I 
would like to start by describing this rulemaking and how we expect the 
training, performance, and retention of airport screeners to improve as 
a result, and then comment briefly on some of the other elements of our 
security program.
    Let me first emphasize that the threat to our Nation's aviation 
community has not diminished. It remains a dangerous world. 
Governments, airlines, and airports must work cooperatively to achieve 
our common goal: safe and secure air transportation worldwide. The 
number of incidents worldwide of unlawful interference with civil 
aviation (primarily hijacking and sabotage) have decreased over the 
last 20 years, while the number of flights, enplanements and passenger-
miles flown have increased. As graphically demonstrated by the two most 
recent hijackings, this decrease does not minimize the gravity of these 
crimes.
    The terrorist threat to U.S. civil aviation is higher abroad than 
it is within the United States. The terrorist attacks against U.S. 
embassies in Kenya and Tanzania remind us of the global nature of 
terrorism and the need for everyone to work together to oppose it 
anywhere in the world. The relationship between Osama bin Laden, who 
was behind these terrorist attacks, and Ramzi Yousef, who was convicted 
of bombing the World Trade Center in New York and attempting to place 
bombs on a dozen U.S. air carrier flights in the Asia-Pacific region in 
1995, exemplifies the continuing tangible threat to civil aviation. 
Only the wholehearted cooperation of our aviation partners thwarted 
those attacks in the Pacific. Moreover, members of foreign terrorist 
groups and representatives from state sponsors of terrorism are present 
in the United States. There is evidence that a few foreign terrorist 
groups have well-established capability and infrastructures here.
    Terrorism is a crime, but the threat to civil aviation is not 
restricted solely to those motivated by political concerns. We must 
also prevent other criminal acts, regardless of motivation, to ensure 
safe and secure air transportation. Given this security threat, since 
the early 1970's the FAA has required the screening of passengers and 
property carried aboard an aircraft in order to ensure that no unlawful 
or dangerous weapons, explosives, or other destructive substances are 
carried aboard. More recently, in response to the White House 
Commission on Aviation Safety and Security and to direction and 
guidance from this Committee in the Federal Aviation Reauthorization 
Act of 1996, the FAA developed a proposal to improve screening efforts, 
which we published in early January. I would like to briefly describe 
its development and purpose.
    On March 17, 1997, the FAA published an Advance Notice of Proposed 
Rulemaking (ANPRM), to certify screening companies and improve the 
training and testing of security screeners through the development of 
uniform performance standards. On the basis of the comments received as 
well as internal deliberations, the FAA determined that the critical 
element in screener certification is having a reliable and consistent 
way to measure actual screening performance. After evaluation and 
consultation, we decided to add more specific screening improvements to 
the proposed rule based on the use of new technology called threat 
image projection (TIP) systems. Consequently, in May 1998, we withdrew 
the ANPRM in order to focus our rulemaking efforts on TIP systems.
    A TIP system electronically inserts images of possible threats 
(e.g., a gun, knife, explosive device) on x-ray and explosives 
detection system monitors as if they were within a bag being screened. 
Its purpose is to provide training, keep screeners alert, and measure 
screener performance. High scores in detecting TIP images equate to a 
high probability of detecting actual bombs. Not only can TIP data be 
potentially used to assess screener performance over time, the results 
can also be used to analyze any correlation between performance, 
experience, and compensation.
    FAA field agents performed special evaluations using test objects 
in coordination with TIP data gathering to see if the data correlated. 
We conducted these preliminary tests of the prototype TIP x-ray systems 
and analyzed data from the fall of 1998 to January 1999, whereupon we 
concluded that TIP was potentially an effective and reliable means to 
measure screener performance. We will continue to seek comment and 
closely monitor TIP's capabilities in an operational environment, 
making necessary adjustments as we gain more experience with this 
technology.
    Our determination of TIP's reliability enabled us to move forward 
on the rule. On January 5, 2000, FAA issued a Notice of Proposed 
Rulemaking (NPRM) which requires the certification of all screening 
companies, specifies training requirements for screeners, sets 
standards for screening passengers and cargo, and establishes 
requirements for the use of screening equipment. The NPRM would require 
screening companies to adopt FAA-approved security programs and would 
require carriers to install TIP systems on all their x-ray and 
explosive detection systems. We held a public listening session on the 
proposed rule at FAA headquarters on March 10, one in San Francisco 
earlier this week and one in Fort Worth this morning. All public 
comments are due by May 4th.
    Our proposed rule also requires that all screening companies adopt 
and implement FAA-approved screening security programs that include 
procedures for performing screening functions, including operating 
equipment; screener testing standards and test administration 
requirement; threat image projection standards, operating requirements, 
and data collection methods; and performance standards. In addition, 
all screening personnel would have to pass computerized knowledge-based 
and x-ray interpretation tests before and after their on-the-job 
training and at the conclusion of their recurrent training. These tests 
would be monitored by air carrier personnel in accordance with the air 
carriers' security programs. We hope to issue a Final Rule on 
certification of screening companies in May 2001.
    The 1996 Reauthorization Act also directed the FAA to conduct a 
study and report back to Congress on the possibility of transferring 
certain air carrier security responsibilities to either airport 
operators or to the Federal Government, or to provide for shared 
responsibilities. We completed the study and submitted it to Congress 
in December 1998, after extensive research, taking into account the 
results of several commissions, studies and working groups, and 
concluded that there is a consensus in the aviation community to retain 
the current system of shared responsibilities for security. We found 
that, while there is significant support for more Federal Government 
involvement and funding, there is little support for the Government's 
assuming all air carrier responsibilities. The existing partnership, 
where the Government sets goals and works with the industry to see that 
those goals are met, is universally supported.
    Our study also concluded that the current system achieves an 
appropriate balance of responsibilities. While carriers should not have 
to bear all the costs of security, they should bear a substantial 
portion of the personnel costs to provide security screening and the 
operational costs of using the advanced security equipment that the 
Federal Government provides. At the same time, the Federal Government 
should continue to control the quality of aviation security and 
security screening by setting higher, but realistically achievable, 
standards for screener selection, training, and performance.
    Screeners are a critical link in the performance chain. While it is 
difficult to verify a correlation between better pay and better 
performance, we can all agree that properly trained and qualified 
people who are on the job longer tend to perform better. Government 
sets performance, not design, standards. The government can indirectly 
influence private sector pay through higher performance standards that 
require more training, and more investment in individuals who do it 
well.
    To help improve screener performance at the checkpoint, data 
collection and evaluation of automated screener assist x-rays--SAX--for 
carry-on bags was conducted last year as part of the National Safe 
Skies Alliance (NSSA). NSSA's creation in 1997 led to the establishment 
of a national test bed at McGhee Tyson Airport in Knoxville, Tennessee 
for operational evaluation and testing of newly developed technologies 
emphasizing checkpoint screening. The NSSA is a consortium of 
organizations including Oak Ridge National Laboratory, the Metropolitan 
Knoxville Airport Authority, the Minneapolis-St. Paul Metropolitan 
Airports Commission, the University of Tennessee, Embry-Riddle 
Aeronautical University, the Tennessee Air National Guard, the 
Honeywell Corporation, and a number of other private companies and 
public bodies. Their work includes the development of the best 
configurations and strategies to integrate security equipment into the 
airport environment in the most effective way. In addition, other 
aviation security research and development projects will also be 
conducted at this test bed.
    Although most security personnel are hardworking and conscientious, 
there is always room for improvement in the performance of airline 
screening responsibilities for both checked baggage and at the 
checkpoint. Screeners can always be better trained and motivated. There 
is also room for improvement by FAA personnel to provide clearer, more 
easily understood guidance on the proper use of equipment. Working 
together, I expect that improvements in these areas will be achieved.
    For good and effective performance, screeners must be given the 
best tools available to do the job, and must be trained to use them 
properly. Foremost among these tools are explosives detection systems 
(EDS). The Aviation Security Improvement Act of 1990 required that FAA 
certify EDS based on tests designed to validate their ability to 
detect, without human intervention, the amounts and types of explosives 
likely to be used by terrorists to cause catastrophic damage to 
commercial aircraft. Certification standards were published in 1993. We 
believe the performance criteria are tough, but appropriate.
    EDS installation and utilization remain among our greatest 
concerns. Deployed EDS must be factory tested, shipped, installed, and 
tested on site. The level of cooperation and ease of obtaining the 
appropriate permits varies from city to city, and from airport to 
airport. Operators must be trained and certified before the system 
becomes operational.
    It can take anywhere from three weeks to two months to make an EDS 
operational depending upon its location in an airport, the experience 
of airport personnel, the complexity of the installation, the training 
levels of screeners, and other variables noted in each site survey. In 
addition, some airports simply have no room for an EDS. Less 
complicated installations, not requiring complex reconfigurations of 
baggage processes, major renovation or new construction were done 
first. We have now completed nearly all of these installations and have 
started work on the more complex, and often more expensive 
installations, some of which may take two or more years to complete.
    Regarding utilization, the Department of Transportation Inspector 
General (DOT IG) reports that over 55 percent of the EDS in use are 
screening fewer than 225 bags per day, and that some machines are 
screening fewer than 100 bags per day. During 1999, the average number 
of selectee bags scanned ranged from 1635 to 1927 bags per week per 
machine, or an average of 234-275 selectee bags screened per day per 
machine. The range of averages is due primarily to normal traffic 
changes throughout the year and the fact that additional machines have 
been brought on line during each quarter for which data was collected. 
EDS screened more than 5.45 million bags during 1999.
    We do not believe these numbers indicate under-utilization of 
equipment. Rather than focusing on the number of bags screened by each 
machine, the more pertinent inquiry is what percent of selectee bags 
are being screened? The answer to that question is 100% wherever EDS 
are deployed. This perspective is consistent with the focused approach 
to security FAA has adopted, an approach that was subsequently endorsed 
by the White House Commission on Aviation Safety and Security.
    FAA security procedures are intended to concentrate on a smaller 
segment of passengers, using parameters developed within the 
counterterrorism community and reviewed by the Department of Justice 
(DOJ). DOJ found that the Computer-Assisted Passenger Prescreening 
System (CAPPS) used to identify selectees is nondiscriminatory; does 
not violate the Fourth Amendment prohibition against unreasonable 
searches and seizures; and does not involve any invasion of passengers' 
personal privacy. To further ensure that the CAPPS program is carried 
out in a non-discriminatory manner, we have proposed in our NPRM that 
airline and contractor security personnel receive civil rights and 
customer relations training. Further more, DOT, with the assistance of 
the Department of Justice, will be conducting a study in the next year 
to ensure that members of minority groups are not disproportionately 
affected in an unlawful manner in the security screening process.
    CAPPS allows us to focus on a manageable population of passengers. 
Until we have the technology to screen all checked bags with EDS 
without causing intolerable delays in processing departing passengers, 
we must continue to focus intelligently on a smaller segment of the 
bags. In the meantime, we will continue to relocate equipment and 
foster sharing among carriers to ensure the most effective use of all 
deployed security equipment. To reach the goal of 100% checked baggage 
screening by EDS, we are continuing R&D along two paths, both of which 
will be required to address the diverse configurations of U.S. 
airports. First, we must develop effective EDS that afford 
significantly higher throughput (the rate that bags are moved through 
the equipment) at a cost comparable to that of existing systems, and, 
second, we must also develop a lower cost EDS with lower throughput for 
use at smaller stations where the volume of bags is lower.
    As part of our overall program of realistic testing of aviation 
security measures, access control testing has also increased. About 
5,000 access control tests have been conducted since March 1999 when 
the DOT IG provided their initial findings. The final report was 
released on November 18, 1999. FAA generally agrees with the final 
report and is aggressively responding to the DOT IG's specific 
recommendations. We are working with airport operators and air carriers 
to implement and strengthen existing controls to eliminate access 
control weaknesses. We are requiring airport operators and air carriers 
to develop and implement comprehensive training programs to teach 
employees their role in airport security, the importance of their 
participation, how their performance will be evaluated, and what action 
will be taken if they fail to perform. We are requiring airport 
operators and air carriers to develop and implement programs that 
foster and reward compliance with access control requirements, and 
discourage and penalize noncompliance. We will continue to work with 
the DOT IG on these important issues.
    A particularly intensive round of access control tests started on 
February 7, 2000, and will continue at some frequency indefinitely. At 
one point, 1,500 tests were conducted in only two weeks. In the tests 
we conducted last spring, access control measures stopped 96% of our 
attempts to penetrate aircraft. Data from the current effort, which was 
unannounced to industry, shows some improvement. We expect the level of 
performance to be maintained. Where it is not, we will move quickly to 
require the airport or air carrier to post guards as necessary to 
secure the aircraft or doors, an expensive, redundant measure.
    The revision of the basic Federal Aviation Regulations for airport 
and air carrier security under Part 107 and Part 108 that is currently 
ongoing will include strengthening access controls. For example, 
individuals will now be more accountable for displaying proper 
identification and challenging unauthorized persons in restricted areas 
of the airport. The revision will also permit enforcement action 
against anyone who enters secured areas without authorization. 
Previously, enforcement action was taken against the company and not 
the individual. The rulemaking would make both the individual and the 
company accountable. The final rule should be published later this 
year.
    Another area of increasing importance is air cargo. Cargo screening 
is improving steadily. The cargo security standards for all passenger 
air carriers and indirect air carriers (air freight forwarders) have 
been strengthened by narrowing the definition of known shipper and 
focusing security resources on unknown shippers. In September 1999, 
changes to U.S. and foreign air carrier security programs, and indirect 
air carrier security programs became effective. In addition, onboard 
couriers are now required to declare themselves to the air carrier, 
thus assuring that their bags will be treated as cargo and properly 
processed.
    We have approved cargo security programs for approximately 200 U.S. 
air carriers, 200 foreign air carriers and 3000 indirect air carriers. 
In FY99, we conducted 1802 comprehensive assessments of air carriers, 
1580 comprehensive assessments of indirect air carriers, and 1369 
inspections of dangerous goods shippers. We continue to conduct cargo 
security tests of air carriers using agents to pose as unknown cargo 
shippers offering packages. These tests indicate substantial industry 
compliance.
    Internationally, FAA assesses the effectiveness of security 
measures both at foreign airports served by U.S. carriers and also at 
airports that are a last point of departure by foreign air carriers for 
service into the United States. Currently the Foreign Airport 
Assessment Program covers 240 airports in over 100 countries. Since 
1995, the FAA has cumulatively conducted approximately 550 foreign 
airport assessments. The annual number of assessments fluctuates as air 
carrier service changes. Our focus is on the need for governments to 
have the institutional ability to sustain security measures and we 
continue to work with airports and countries with persistent security 
deficiencies. In addition, we continuously conduct inspections of U.S. 
and foreign air carriers at foreign airports with direct service to the 
United States to ensure compliance with approved security programs. 
These inspections are more frequent at foreign airports assessed to 
have a higher overall terrorist threat. During the last four years, we 
conducted 1,888 foreign and U.S. air carrier station inspections at 
foreign locations for an average of 472 inspections a year.
    Finally, I would like to mention the Federal Air Marshals (FAM's) 
who protect the traveling public, passengers, and flight crews on U.S. 
air carrier flights worldwide. Since 1985, the FAM program has provided 
specially trained, armed teams of civil aviation security specialists 
for deployment worldwide on anti-hijacking missions. The thrust of the 
program is 99% deterrence, aimed at disrupting and confusing the 
planning and will of criminals and terrorists, and 1% response, to be 
able to assess, meet, and defeat any threat aboard an aircraft. All 
FAM's are volunteer FAA employees. They undergo sophisticated and 
realistic initial and recurrent training. We believe that one of the 
reasons there has not been a hijacking of a U.S. air carrier is the 
deterrent value of the FAM program. Terrorists considering a hijacking 
must take the possible presence of FAM's into account. We want the 
traveling public to know that we can be on any U.S. air carrier 
anywhere in the world at any time. The passenger sitting next to you on 
any flight could be a Federal Air Marshal.
    Madam Chair, that concludes my prepared statement. Thank you for 
the opportunity to testify. I would be happy to answer any questions at 
this time.

    Senator Hutchison. Thank you, Admiral Flynn.
    Ms. Alexis Stefani, the Assistant Inspector General for 
Auditing at the Office of the Inspector General at the 
Department of Transportation. Ms. Stefani.

STATEMENT OF ALEXIS M. STEFANI, ASSISTANT INSPECTOR GENERAL FOR 
               AUDITING, OFFICE OF THE INSPECTOR 
           GENERAL, U.S. DEPARTMENT OF TRANSPORTATION

    Ms. Stefani. Good morning, Madam Chairman. Thank you for 
the opportunity to discuss aviation security. The 
responsibility for aviation security is shared by FAA, the air 
carriers, airports, and the work force of screeners and other 
employees that have access to the secured areas at the airport.
    Today, I would like to discuss four areas that affect 
aviation security. The first area is the need to strengthen FAA 
background investigation requirements for airport employees 
that have access to the secured areas. FAA has such 
requirements, but we have found them to be ineffective.
    For example, one of the triggers that would cause an FBI 
criminal check to be done is the existence of an unexplained 
employment gap of 12 months or more. This rule was designed to 
identify individuals who were incarcerated for committing a 
serious crime. However, the Department of Justice figures show 
that 61 percent of all State and Federal felony convictions 
result in probation, or an average jail sentence of 6 months.
    Also, we found the list of crimes that disqualify an 
employee from being issued airport ID allowing access to secure 
airport areas is insufficient. For example, of the 53 employees 
arrested this past summer for smuggling contraband at a major 
U.S. airport, 14 had criminal records that were serious, but 
not disqualifying felonies, including larceny, possession of 
drugs, and credit card fraud.
    We support FAA's initiatives to revise its background 
investigation requirements to include FBI criminal checks for 
all new employees who have access to secure areas. FAA should 
also expand the list of disqualifying crimes and require 
recurrent criminal checks for existing airport employees.
    The second area I would like to address is controlling 
unauthorized access to secure airport areas. Once hired, these 
employees must be accountable for complying with airport 
security access control requirements. During late 1998 and 
early 1999, in 68 percent of our tests at eight major airports 
we accessed secured areas without being challenged. We would 
not have been as successful if employees had taken prescribed 
security steps, such as closing the door behind them.
    Since then FAA has undertaken a wide-ranging program of 
testing that demonstrates access control can improve. In its 
most recent tests at 83 airports, FAA entered secure areas 31 
percent of the time without being challenged. But testing is 
not enough. FAA needs to finalize regulations to make 
individuals directly accountable for access control violations. 
In addition, airports and air carriers must provide better 
initial and recurrent security training, and effectively use 
programs that reinforce security awareness. Also, FAA must 
continue testing.
    The third area deals with deploying and using technology to 
enhance screener performance. Since 1997, Congress has 
authorized over $350 million for deployment of advanced 
security technologies, and we commend FAA's efforts for its 
progress in deploying bulk explosive and trace detection 
machines to our airports.
    No matter how effective these technologies are in detecting 
explosives, they are ultimately dependent on the operator. Test 
results show that new technologies can correctly identify a 
potential threat, but a screener can make the wrong decision 
and clear the passenger's bag.
    In 1996, the Gore Commission and Congress recognized the 
importance of screeners to aviation security, and recommended 
requiring screening companies to be certified. However, in 
1998, FAA withdrew an earlier proposed rule requiring 
certification because a reliable method of measuring screener 
performance was not available.
    Since then, FAA has developed TIP, a computer program that 
inserts a fictitious threat image onto the screener's monitor 
as if it was in the bag. TIP results will be key to measuring 
screener performance and certifying screener companies. In May 
2001, FAA expects to issue this final rule requiring screening 
companies to be certified.
    TIP at this point has been installed on all the certified 
bulk detection machines, or CTX's, used to screen your checked 
bags, but TIP is still being tested for the x-ray machines used 
to screen carry-on bags and will not be at all airports before 
2003.
    Further, FAA needs to ensure that the CTX screeners 
maintain proficiency through actual experience. Our recent work 
found that these machines are still underused, with over half 
of the CTX's still screening fewer than 225 bags per day, 
compared to their certified rate of 225 bags per hour. Underuse 
of these machines may cause the screeners to become less 
proficient. In fact, FAA's tests show that operator performance 
continues to be the cause of test failures, not the machine 
itself.
    We had previously recommended in 1998, and FAA agreed, to 
conduct a study to determine the minimum daily processing rates 
needed to ensure these operators' proficiency, and to use these 
results to establish minimum daily rates. To date, no study has 
been conducted.
    Finally, my last point is the need to have an integrated 
strategic plan for security. To meet current and future threats 
to aviation security, FAA must have an integrated strategic 
plan to guide its efforts. Although we recommended such a plan 
in 1998, little progress has been made. FAA is about half-way 
through this billion-dollar effort and expects to expend an 
additional $600 million on aviation security through 2004, but 
it continues to focus on acquisition and deployment, rather 
than integrating all the various assets into a comprehensive 
system of systems that, working together, produces the best 
possible level of security.
    This concludes my statement.
    [The prepared statement of Ms. Stefani follows:]

 Prepared Statement of Alexis M. Stefani, Assistant Inspector General 
   for Auditing, Office of the Inspector General, U.S. Department of 
                             Transportation
Senator Hutchison and Members of the Subcommittee:

    We appreciate the opportunity to discuss aviation security. One of 
the Department of Transportation's (DOT) five strategic goals is 
National Security. Likewise, FAA has as a strategic goal the prevention 
of security incidents in the aviation system. Security of the Nation's 
aviation, surface, and marine transportation systems is one of the 12 
management issues we have identified for DOT this year.
    Aviation security is a layered system of systems that is dependent 
on the coordination of airport and air carrier security operations and 
the integration of people and technology. Perhaps the most important 
factor in an effective security program is a well-trained and trusted 
workforce of screeners, baggage handlers, and other employees that 
process passengers or have access to secure areas of the airport. 
Aviation security relies heavily on each employee in the aviation 
system doing his or her part.
    The 1996 and 1997 Reports by the White House Commission on Aviation 
Safety and Security (known as the Gore Commission) made 31 
recommendations regarding aviation security. The recommendations 
included: (1) requiring Federal Bureau of Investigation (FBI) criminal 
checks for all airport and air carrier employees with access to secure 
areas, no later than mid-1999; (2) developing comprehensive and 
effective means to control unauthorized access to secure airport areas 
and aircraft; (3) certifying screening companies and improving screener 
performance; and (4) deploying new explosives detection equipment. 
Today we would like to discuss four related areas:

   strengthening background investigation requirements for 
        granting access to secure areas of the airport;
   controlling unauthorized access to secure airport areas and 
        holding employees accountable for access control requirements;
   implementing and deploying technology that enhances screener 
        performance; and
   establishing a strategic plan that integrates employees and 
        technology into a comprehensive, seamless security program.

Strengthening Background Investigation Requirements. Actions are needed 
to improve the process used to ensure that employees with access to 
secure areas of an airport are trustworthy. Our recent review of 
industry's compliance with FAA's background investigation requirements 
at six U.S. airports found that the requirements were ineffective. For 
example, FBI criminal checks \1\ are currently only required in certain 
cases, such as when there is an unexplained gap of employment of 12 
months or more. However, according to the U.S. Department of Justice, 
43 percent of violent felony convictions resulted in probation or an 
average jail time of just 7 months. In addition, the list of 25 crimes 
that disqualified an employee from being granted unescorted access to 
secure areas is insufficient and does not include serious crimes such 
as assault with a deadly weapon, burglary, larceny, and possession of 
drugs.
---------------------------------------------------------------------------
    \1\ An FBI criminal check involves a comparison of the individual's 
fingerprints to the FBI's database of individuals convicted of crimes 
in the United States. The FBI returns a complete criminal history if 
there is a fingerprint match.
---------------------------------------------------------------------------
    When the current requirements were proposed in 1992 and at the time 
the Gore Commission made its recommendation to require criminal checks 
for all employees, processing fingerprints and performing the criminal 
check took up to 90 days. Today, technology allows this process to be 
completed in only a few days, and airport operators and FAA both agree 
the requirements need to be revised.
    Although the background investigation requirements need to be 
revised, it is important that airport operators, air carriers and 
airport users \2\ comply with existing background investigation 
requirements as well as requirements to account for airport 
identification (ID). Our recent audit found that for 35 percent of the 
employee files reviewed, there was no evidence that a 5-year history 
verification was conducted, the verification was incomplete, or no file 
was available for review. In addition, 9 percent of the active airport 
IDs we reviewed were issued to employees who no longer needed access to 
secure areas, including some employees who had been terminated.
---------------------------------------------------------------------------
    \2\ Airport users include foreign air carriers, non-air-carrier 
airport tenants, and companies that do not have offices at the airport, 
but require access to the secure airport areas.

Controlling Unauthorized Access. Airport access control has been, and 
continues to be, an area of great concern due to increased threat to 
U.S. airport facilities and aircraft. Once employees are granted access 
to secure areas, they must be held accountable for compliance with 
airport access control requirements.
    During late 1998 and early 1999, we tested access controls at eight 
major U.S. airports. We reported that FAA, airport operators and air 
carriers had not controlled unauthorized access to secure airport areas 
and aircraft, as recommended by the Gore Commission. We successfully 
accessed secure areas \3\ in 68 percent of our tests. Once we entered 
secure areas, we boarded aircraft 117 times. The majority of our 
aircraft boardings would not have occurred if employees had taken the 
prescribed steps, such as making sure doors closed behind them.
---------------------------------------------------------------------------
    \3\ OIG uses the term secure area to define the area of an airport 
where each person is required to display airport-approved 
identification.
---------------------------------------------------------------------------
    Recent FAA results demonstrate that compliance can improve with 
continuous oversight, but testing is not the only answer. During 
testing in December 1999 and January 2000 at 10 airports, FAA accessed 
secure areas 40 percent of the time without being challenged by 
employees. In February and March 2000, FAA expanded its testing to 83 
airports and was able to access secure areas 31 percent of the time 
without being challenged by airport personnel. When noncompliance was 
found, actions were taken to correct the problem, such as posting 
security guards on doors to ensure only authorized employees accessed 
the secure area.
    In June 2000, FAA plans to issue regulations making individuals 
directly accountable to FAA for noncompliance with access control 
requirements. This will permit FAA to take enforcement action against 
the employee instead of the air carrier or airport when an employee 
does not follow access control requirements.

Implementing and Deploying Technology. The Gore Commission recommended 
that the Government purchase and widely deploy significant numbers of 
innovative explosives detection systems to detect explosives in cargo, 
checked baggage, carry-on bags, and on passengers. In response, 
Congress has authorized more than $350 million since Fiscal Year (FY) 
1997 for the deployment of advanced security technologies. Since then, 
FAA has deployed FAA-certified \4\ and non-certified bulk explosives 
detection machines, explosives trace detection devices, Computer-Based 
Training platforms, and Computer-Assisted Passenger Prescreening 
Systems. FAA plans to continue deploying many of these same 
technologies in the future, as well as new screening checkpoint x-ray 
machines. Although advanced security technologies are effective in 
detecting explosives, each one is ultimately dependent on the human 
operator.
---------------------------------------------------------------------------
    \4\ FAA's standards for certifying explosives detection systems for 
screening checked baggage are classified. The certification standard 
sets criteria for detection, false alarm, and baggage processing rates.
---------------------------------------------------------------------------
    FAA believes--and we agree--that operators of advanced security 
equipment are critical in improving security. FAA test results indicate 
that new technologies to detect explosives in passenger baggage can 
correctly identify a potential threat but a screener can make a wrong 
decision and ``clear'' the bag. Therefore, screeners who operate 
security equipment must be carefully selected, monitored, and trained.
    In response to the Gore Commission's recommendation to certify 
screening companies and improve screener performance, FAA expects to 
issue a final rule, in May 2001, establishing training requirements for 
screeners and requiring screening companies to be certified. To achieve 
this, FAA needs to have a means to measure screener performance, and 
methods of providing initial and recurrent screener 
training.
    FAA will rely on Threat Image Projection (TIP) to measure the 
performance of individual screeners and certify screening companies. 
TIP, a computer software program, projects fictitious images on to bags 
or an entire fictitious bag containing a threat onto the screener's 
monitor. TIP is intended to keep equipment operators alert, provide 
real world conditions, and measure performance in identifying the 
threat items. TIP has been installed on all CTX \5\ machines used to 
screen checked baggage. FAA is currently testing TIP equipped x-ray 
machines used to screen carry-on items. FAA plans to purchase more than 
1,200 new TIP equipped x-ray machines for screening checkpoints by the 
end of FY 2003.
---------------------------------------------------------------------------
    \5\ The InVision Technologies CTX 5500 machines are the only FAA-
certified bulk explosives detection devices currently deployed at U.S. 
airports.
---------------------------------------------------------------------------
    FAA will also rely on Computer-Based Training (CBT), an intensive 
course of self-paced, realistic learning using computer workstations. 
It is used to select, train, evaluate, and monitor the performance of 
employees who operate x-ray machines at passenger screening 
checkpoints. Although FAA began deploying CBT in April 1997, in March 
1999 only 38 CBT platforms \6\ were installed at 37 airports, and there 
has not been any increase during the last year in the number of 
deployed CBT platforms. To complete deployment to all 79 large 
airports, an additional 42 platforms need to be installed. Furthermore, 
some CBT platforms are being used infrequently.
---------------------------------------------------------------------------
    \6\ A CBT platform consists of a network server with installed 
software, and networked computer terminals (workstations).
---------------------------------------------------------------------------
    Explosives detection equipment such as the CTX machine was 
developed to assist screeners in identifying threat items in passenger 
baggage. However, CTX machines are still underused, and screeners' 
performance needs improvement. Our recent audit work found that over 50 
percent of the deployed CTX machines still screen fewer than 225 bags 
per day, on average, compared to a certified rate of 225 bags per hour.
    FAA needs to ensure that the screeners maintain their proficiency 
through actual experience with the machines in the airport environment. 
According to a recent report by the National Research Council, 
``Underutilization poses a potential problem for the maintenance of 
operator skills, particularly the skills required for resolving alarms, 
because underpracticed skills often deteriorate.'' Recent testing by 
FAA showed a significant number of failures by CTX operators. FAA 
concluded that a major factor in the test failures appeared to be the 
performance of CTX operators, and not the CTX machine itself. In 
response to our 1998 report on the deployment of explosives detection 
equipment, FAA agreed to conduct a study to determine 
the minimum CTX daily processing rates needed to ensure operator 
proficiency, and 
use the results to establish minimum daily use rates. To date, no study 
has been conducted.

Establishing a Strategic Plan. FAA has made significant progress in 
deploying existing advanced security technologies, as recommended by 
the Gore Commission. However, the Commission also stressed that 
aviation security should be a system of systems, layered, integrated, 
and working together to produce the highest possible levels of 
protection. To that end, the Commission emphasized that each of its 
recommendations should be viewed as a part of a whole and not in 
isolation.
    To meet current and future threats to aviation security, FAA needs 
an integrated strategic plan to guide its efforts and prioritize 
funding needs. From FYs 1997 through 2000, Congress has authorized $200 
million in Research, Engineering, and Development funds, and over $350 
million in Facilities and Equipment funds for various security efforts. 
FAA is approximately at the halfway point in the effort started by the 
Gore Commission. FAA expects to spend an additional $600 million on 
aviation security through FY 2004.
    Concentration on deployment (what to buy, when to buy it, and where 
to put it) is not the complete solution. This plan should include a 
balanced approach covering basic research, equipment deployment and 
use, certification and operator testing processes, data collection and 
analysis on actual equipment and operator performance, and regulation 
and enforcement. Although we recommended such a plan in 1998, FAA has 
made little progress in developing this strategic plan.
Background
    The responsibility for aviation security is shared by FAA, the 
airlines, airports, and employees. FAA sets guidelines, establishes 
policies and procedures, and makes judgments on how to meet threats to 
aviation based on information from the intelligence community. FAA then 
tests the aviation industry to ensure they are complying with the many 
security requirements. FAA also sponsors the development, purchase, and 
deployment of new security technology, such as explosives detection 
equipment, for industry use. Airports are responsible for the security 
of the airport environment. Airlines are responsible for screening 
baggage, passengers, and cargo. Until recently, airlines and airports 
were responsible for purchasing security equipment and systems.
    The July 1996 crash of TWA Flight 800 was the catalyst for 
important advances in aviation security. Although the FBI and the 
National Transportation Safety Board have ruled out terrorist activity 
as a potential cause of the crash, the crash prompted the August 1996 
creation of the Gore Commission. Its September 1996 and February 1997 
reports addressed safety, security, and air traffic control 
modernization. The Gore Commission made 31 recommendations regarding 
aviation security, including recommendations that FAA: (1) require FBI 
criminal checks for all airport and air carrier employees with access 
to secure areas, no later than mid-1999; (2) develop comprehensive and 
effective means to control unauthorized access to aircraft and secure 
airport areas; (3) certify screening companies and improve screener 
performance; and (4) deploy new explosives detection equipment.
    Since 1997, Congress has provided over $350 million for deployment 
of advanced security technology, and $200 million in aviation security 
Research, Engineering and Development funds including about $21 million 
for human factors research. As of February 11, 2000, FAA has installed 
new security technologies, including 92 FAA-certified explosives 
detection machines at 35 airports, and 553 explosives trace detection 
devices at 84 airports. For FY 2001, FAA has requested $98 million to 
continue the deployment and $49 million for aviation security research, 
engineering, and development.
Background Investigations
    Effective security requires that only trusted individuals are 
authorized access to secure areas. To accomplish this, FAA requires 
airport operators, air carriers and airport users to conduct employee 
background investigations before issuing airport ID that allows access 
to secure airport areas.
    FAA's background investigation procedures include: obtaining a 10-
year employment history from those applying for access; verifying the 
most recent 5 years of that history; and performing an FBI criminal 
check when specific conditions are identified, such as a 12-month 
unexplained gap in employment. Individuals convicted within the past 10 
years of any of 25 enumerated crimes are denied an airport ID.
    However, our recent review at six U.S. airports found that FAA's 
background investigation requirements were ineffective. Specifically:

   FBI criminal checks are only required for employees applying 
        for airport ID when one of four conditions triggers the checks. 
        For example, one of the triggers, a 12-month unexplained gap in 
        employment, was designed to identify individuals who were 
        incarcerated for committing a serious crime. However, according 
        to the U.S. Department of Justice, 61 percent of all state and 
        Federal felony convictions resulted in probation or an average 
        jail sentence of 6 months. Even for violent felonies, 43 
        percent of convictions resulted in probation or an average jail 
        time of just 7 months.

   The list of 25 crimes that disqualified an employee from 
        being issued airport ID was insufficient and did not include 
        serious crimes such as assault with a deadly weapon, burglary, 
        larceny, and possession of drugs. Our analysis of 53 employees 
        issued airport ID and arrested in a recent Department of 
        Justice investigation for smuggling contraband into and out of 
        a major U.S. airport showed that individuals convicted of the 
        25 disqualifying crimes are not the only employees who 
        presented a security risk. Of the 15 (28 percent) arrested 
        employees with FBI criminal records, just one had a criminal 
        record for a disqualifying crime (committed after being issued 
        airport ID). The other 14 employees had FBI criminal records 
        for non-disqualifying felonies, such as larceny, battery, 
        possession of a stolen vehicle, possession of drugs, and credit 
        card fraud.

    FAA should revise its background investigation requirements to 
include initial and recurring criminal checks for all employees issued 
airport ID to allow access to secure airport areas. In February 1992, 
FAA proposed requiring a criminal check for all individuals with 
unescorted access privileges. However, industry opposed the proposal 
based on its cost and the impracticality of escorting employees while 
waiting for results of a criminal check. In 1992 and at the time the 
Gore Commission made its recommendation to require criminal checks for 
all employees, performing a criminal check took up to 90 days. Today, 
technology allows this process to be completed in only a few days, 
making the criminal check on all employees much more practical.
    Airport operators have supported requiring criminal checks for all 
employees with access to secure airport areas, and expanding the list 
of disqualifying crimes. As a result of quicker processing time, FAA 
plans to initiate new rulemaking requiring criminal checks for all 
employees. We support this initiative and recommend that new rules 
include initial and randomly recurring criminal checks for all 
employees with access to secure areas.

Compliance with Existing Requirements. Although background 
investigation requirements need to be revised, it is important that 
airport operators, air carriers and airport users comply with current 
requirements. Our recent work at six airports found that these 
requirements were not being met. For 35 percent of the employee files 
reviewed, there was no evidence that a complete background 
investigation was performed. Despite this failure to comply with 
security requirements, the employees were issued airport ID and granted 
access to secure airport areas.
    Also, 15 percent of the employee files reviewed showed an 
unexplained gap of employment of 12 months or more, but the required 
FBI criminal check was not performed. Further, 9 percent of the 
background verifications we reviewed used an unacceptable method, such 
as verifying an employee's background with a personal reference or 
family member. The chart below summarizes the specific noncompliance 
with background investigation requirements for the six airports 
reviewed.




    The most serious noncompliance was at Airports 1 and 2, which 
permitted airport users to self-certify that background investigations 
were performed but had not established controls to ensure the 
investigations were properly completed. For example, 58 percent of the 
employee files reviewed at Airport 1 did not have evidence that a 
complete verification was conducted of the 5-year history. In contrast, 
Airport 6, with the lowest rate of noncompliance, did not permit 
airport users to self-certify that background investigations were 
performed.
    We have also had investigative cases involving airport IDs. In 
December, a Florida firm pleaded guilty to making false statements to 
FAA. The firm falsely certified on at least 70 occasions that 
background checks had been made on employees seeking access to secure 
areas at an airport.
    FAA needs to take effective action to ensure compliance with 
current background investigation requirements. FAA performs annual 
airport and air carrier assessments of compliance with security 
requirements and national assessments that focus on areas that require 
special emphasis. However, we found the assessments were limited in 
scope with regard to reviewing background investigation requirements. 
To illustrate, during an annual compliance review, FAA agents 
independently reviewed records for only airport operator employees and 
excluded airport user employees, where we found the majority of 
deficiencies. Also, FAA's national assessments of compliance mainly 
focused on airport users at 20 major U.S. airports.

Airport ID Controls. All six airport operators we reviewed did not 
properly account for airport ID or immediately deny access to secure 
areas when an employee's authorization changed. One of the primary 
requirements of an airport's access control system is the ability to 
immediately deny access to individuals whose authority changes, such as 
someone who has resigned. At the six airports reviewed, 9 percent (234 
of 2,586 reviewed) of the IDs issued to employees for access to secure 
airport areas remained active even though the employees no longer 
needed the access.
    Air carriers and airport users were not notifying the airport 
immediately when an employee no longer needed access. Although in some 
instances the employers had the active IDs in their possession, other 
active IDs were kept by employees who had resigned or had been 
terminated. For example, a regional air carrier could not account for 
22 (18 percent) of 119 active airport IDs. Five of the IDs belonged to 
employees terminated prior to 1998.
    We will be issuing a report to FAA on our work on airport ID 
controls. We will be recommending FAA revise its background 
investigation requirements, and work with airport operators and air 
carriers to improve compliance with requirements for issuing and 
accounting for airport ID.
Access Control
    Once employees are granted access to secure areas, they must be 
held accountable for compliance with airport access control 
requirements. Our December 1998 through April 1999 testing of airport 
access controls at eight major U.S. airports demonstrated that FAA, 
airport operators, and air carriers had not controlled unauthorized 
access to secure airport areas and aircraft. We penetrated secure areas 
on 117 (68 percent) of 173 attempts. Once we penetrated secure areas, 
we boarded aircraft operated by 35 different air carriers 117 \7\ 
times. Passengers were onboard 18 of the aircraft we boarded. In 12 
instances, we were seated and ready for departure at the time we 
concluded our tests.
---------------------------------------------------------------------------
    \7\ It is a coincidence that the number of penetrations into secure 
areas and aircraft boardings both equal 117. Not all penetrations 
resulted in boarding aircraft, and some penetrations resulted in 
multiple aircraft boardings.
---------------------------------------------------------------------------
    In these tests, the human element continued to be the primary 
access control weakness. The majority of our penetrations into secure 
areas that resulted in testers boarding aircraft would not have 
occurred if employees had (1) ensured the door closed behind them after 
entering the secure area; (2) challenged us for following them into 
secure areas; or (3) taken other steps required to restrict entry into 
secure areas, such as controlling pedestrian access through cargo 
facilities and vehicle gates.
    After our testing, FAA conducted approximately 3,000 tests at 79 
airports in the spring of 1999. FAA reported that its test results were 
``strikingly'' different from our results and that compliance with 
access control requirements had dramatically improved. We have 
completed a review of FAA's test data and found the results were very 
similar to those we reported with regard to penetrating secure areas. 
Specifically, FAA penetrated secure areas 56 percent of the times 
tested versus our rate of 68 percent.
    FAA reported improvement because 96 percent of its tests did not 
result in testers boarding aircraft for 3 minutes or more without being 
challenged. However, our testers were not required to remain onboard 
aircraft for a specified period of time, and some tests, such as 
driving through vehicle gates, could not result in boarding aircraft. 
Therefore, it is not accurate to compare FAA's test results to our 
results in terms of aircraft boardings.
    In December 1999 and January 2000, FAA agents performed follow-up 
testing at 10 airports. They gained access to secure areas 40 percent 
of the times attempted without being challenged by employees, and they 
boarded 13 aircraft. In February and March 2000, FAA expanded its 
testing to 83 airports, resulting in FAA agents penetrating secure 
areas 31 percent of the times attempted with 82 aircraft boarded.
    FAA's test results demonstrate that widespread, comprehensive 
testing can result in improved compliance. Also, when FAA ensures that 
corrective actions are taken, access control violations are reduced. 
For example, for one airport we reviewed in 1999, FAA's recent testing 
showed that the employees continued to allow unauthorized access. FAA 
demanded that corrective action be taken. As a result, security guards 
were posted at doors entering secure areas and access was effectively 
controlled.
    Testing alone will not be enough to motivate employees to accept 
and consistently meet their responsibilities for airport security. In 
June 2000, FAA plans to issue regulations making individuals directly 
accountable to FAA for noncompliance with access control requirements. 
This would permit FAA to take enforcement actions against employees. 
FAA also plans to issue regulations requiring airport operators to have 
a security compliance program, which fosters and rewards compliance and 
describes the disciplinary actions and penalties to be assessed when 
employees do not comply with security requirements. Further, airports 
and air carriers need to provide comprehensive and recurrent training 
that teaches employees their role in airport security.
Implementing and Deploying Technology
    The Gore Commission recognized that it is critical that those 
charged with providing security for over 500 million passengers a year 
in the United States are the best qualified and trained in the 
industry. The Commission further recognized that better selection, 
training, and testing of the people who work at airport x-ray machines 
would result in a significant boost in security. Therefore, in 
September 1996, it recommended that FAA certify screening companies and 
improve screener performance. In October 1996, the President signed the 
Federal Aviation Reauthorization Act of 1996 (Public Law 104-264), 
which requires FAA to certify companies providing security screening, 
and to improve the training and testing of security screeners through 
development of uniform performance standards.
    In February 1997, the Gore Commission recommended that FAA work 
with the private sector and other Federal agencies to promote the 
professionalism of security personnel through a program that would 
include performance standards that reflect best practices, and 
adequate, common, and recurrent training that considers human factors.

TIP Must Be Properly Deployed Before Screening Companies Can Be 
Certified. In response to the Gore Commission recommendation and the 
direction contained in Public Law 104-264, FAA published an advance 
notice of proposed rulemaking on the certification of screening 
companies in March 1997, but withdrew it in May 1998 because there was 
no reliable and consistent way to measure screeners' performance at the 
time. In January 2000, FAA again published a notice of proposed 
rulemaking that would require screening companies to be certified by 
FAA. The comment period for this proposed rule ends on May 4, 2000.
    TIP is the system that FAA will rely on to provide uniform data 
regarding screener performance, and thus use to evaluate and certify 
screening companies under the proposed rule. TIP uses two different 
methods of projection. One method, used with screening checkpoint x-ray 
machines, superimposes the image of a threat item onto the x-ray image 
of the actual passenger bag being screened. The other method, used with 
CTX machines, projects a prefabricated image of an entire threat bag 
onto the screener's monitor.
    FAA has only recently established procedures and controls for 
implementing and using the TIP program that has been installed on 
deployed CTX 5500 machines for almost a year. In response to our 
October 1999 audit report,\8\ FAA issued new guidance to air carriers 
in November 1999 that standardizes frequency of threat image 
presentation, provides better control over passwords, and requires that 
TIP be activated for each screening session. This should result in more 
consistent data on CTX screener performance.
---------------------------------------------------------------------------
    \8\ Follow-up Audit of Deployment of Explosives Detection 
Equipment, Federal Aviation Administration (Report No AV-2000-002, 
October 21, 1999).
---------------------------------------------------------------------------
    The TIP program is not as fully developed for use on screening 
checkpoint x-ray machines, which are used to screen carry-on items. FAA 
is currently evaluating the TIP program for checkpoint x-ray machines 
in an operational airport environment. When this evaluation is 
complete, FAA intends to purchase and deploy 390 TIP-configured x-ray 
machines in FY 2000 for $24 million. FAA must complete a successful 
field evaluation and ensure that management controls are in place 
before beginning the planned large-scale acquisition and deployment of 
this technology. The evaluation is expected to be complete by mid-April 
2000. FAA plans to purchase a total of more than 1,200 TIP-equipped x-
ray machines by the end of FY 2003.

FAA Has Been Slow in Deploying Systems Needed to Train Screening 
Company Employees. CBT, a system that provides initial and recurrent 
training to screeners, is one of the technologies FAA is developing and 
deploying to improve screener performance. CBT offers an intensive 
course of realistic learning using computer workstations. It is used to 
select, train, evaluate, and monitor the performance of employees who 
operate screening checkpoint x-ray machines to screen carry-on items. 
The potential benefits of CBT are self-paced learning, enhanced 
opportunities for realistic practice, combined training and performance 
testing, and instruction that is uniform across the country.
    Despite the potential benefits of CBT, its deployment and 
implementation has been slow. Deployment of CBT platforms to the 19 
Category X \9\ airports began in April 1997 and was completed in March 
1999. By October 1998, CBT platforms had been deployed to 18 Category I 
\10\ airports.
---------------------------------------------------------------------------
    \9\ Category X airports represent the nation's largest and busiest 
airports as measured by 
the volume of passenger traffic and are potentially attractive targets 
for criminal and terrorist 
activity.
    \10\ Category I airports are somewhat smaller than Category X 
airports, and have an annual volume of at least 2 million passengers.
---------------------------------------------------------------------------
    In March 1999, FAA reported that 42 additional platforms would be 
required to complete deployment to the remaining 60 Category I 
airports. Now, a year later, there has been no change in the number of 
CBT platforms or the airports to which they had been deployed from what 
was reported last March.
    In addition, some air carrier representatives told us that they 
were not using CBT. At five airports, they told us they are not using 
CBT primarily because of an inadequate number of available workstations 
installed at their airports and the inconvenient location of the 
installed workstations. For example, at Ronald Reagan Washington 
National Airport, the CBT workstations are located away from the new 
main terminal building in a maintenance hangar. However, at Honolulu 
International Airport, the screening company that provides all security 
screening services at the main terminal was very pleased with both the 
location of the CBT workstations and the quality and effectiveness of 
the CBT software, and the company used CBT frequently.
    CBT has demonstrated that it can be a valuable and effective 
component in a system of systems intended to enhance aviation security. 
FAA needs to accelerate the deployment of this valuable training and 
evaluation technology.

Explosives Detection Machines Used to Screen Checked Baggage Are Still 
Underused, and Screeners' Performance Needs Improvement. The Gore 
Commission recommended that the Government purchase and widely deploy 
significant numbers of innovative systems to detect explosives in 
cargo, checked baggage, carry-on bags, and on passengers. In response, 
Congress has authorized more than $350 million since 1997 for the 
deployment of advanced security technologies. As the program to deploy 
bulk explosives detection equipment matures, and the record of 
operational experience with deployed machines lengthens, we expected to 
see an increase in utilization rates over what FAA was reporting a year 
ago. Certainly, there has been a steady increase in the total number of 
bags screened across the system, as more CTX machines are deployed. On 
the other hand, comparison of quarterly performance statistics compiled 
on a per machine basis in 1998 and 1999 shows no significant increase 
in CTX average usage rates, as shown below.




    We compared the average number of bags screened daily by each CTX 
in 1998 and 1999, as reported quarterly by FAA, and found that there 
had been an average increase of only 20 bags per day per machine. We 
also found that the majority of deployed and operational machines still 
do not screen as many bags in a full day of operation as the machine is 
certified to screen in an hour. As shown in the table below, more than 
50 percent of the deployed machines still screen less than 225 bags per 
day, on average, compared to a certified rate of 225 bags per hour.


----------------------------------------------------------------------------------------------------------------
                                              CY 1998                                    CY 1999
                           -------------------------------------------------------------------------------------
                             1st Qtr    2nd Qtr    3rd Qtr    4th Qtr    1st Qtr    2nd Qtr    3rd Qtr   4th Qtr
----------------------------------------------------------------------------------------------------------------
Total machines in use       12         18         24         34         43         59         64        75
----------------------------------------------------------------------------------------------------------------
Machines averaging fewer    10         11         16         23         27         38         37        44
 than 225 bags per day
----------------------------------------------------------------------------------------------------------------
Percent of machines         83.3%      61.1%      66.7%      67.6%      62.8%      64.4%      57.8%     58.7%
 underused
----------------------------------------------------------------------------------------------------------------

    FAA does not require air carriers to screen more than the number of 
bags checked by ``selectees.'' Selectees include (1) passengers 
selected by Computer-Assisted Passenger Prescreening Systems 
(CAPPS);\11\ (2) passengers who cannot produce an approved form of 
identification; and (3) passengers unable to correctly answer the 
security questions required by the Air Carrier Standard Security 
Program.\12\ Before full implementation of CAPPS, FAA expected a 
greater number of selectees than are currently being identified. These 
expensive machines have the demonstrated capability to screen more bags 
now than the air carriers are screening. Unless the number of CAPPS 
selectees is increased, or the air carriers agree to screen more than 
the minimum required number of bags, CTX machines will continue to be 
underused, which in turn could negatively affect the proficiency of 
screeners.
---------------------------------------------------------------------------
    \11\ CAPPS is an automated passenger profiling system that uses 
information in airline reservation systems to separate passengers into 
a very large majority who present no security risk, and a small 
minority (known as selectees) who merit additional attention, such as 
having their checked baggage screened using explosives detection 
equipment.
    \12\ The Air Carrier Standard Security Program, required by Title 
14, Code of Federal Regulations, Part 108, describes the security 
procedures the air carrier agrees to follow.
---------------------------------------------------------------------------
    According to a recent report by the National Research Council,\13\ 
``Underutilization poses a potential problem for the maintenance of 
operator skills, particularly the skills required for resolving false 
alarms, because underpracticed skills often deteriorate. At some [CTX] 
locations, the throughput rate has been so low that operators could 
even lose their skills for operating the equipment.''
---------------------------------------------------------------------------
    \13\ Assessment of Technologies Deployed to Improve Aviation 
Security, First Report, National Research Council, issued in 1999.
---------------------------------------------------------------------------
    This underutilization could result in screeners being less 
proficient when the equipment is being used. Our 1999 audit on security 
of checked baggage \14\ demonstrated that CTX screening personnel were 
not competent at operating the equipment. We found that when CTX 5500's 
warned of a threat, the equipment operator did not look for or identify 
the threat object in a significant number of cases. During more recent 
testing by FAA, operators continued to fail a significant number of 
tests. The failures primarily occurred because operators cleared the 
test bag without a search, even though the machine had alarmed. FAA 
concluded that one of the major factors in the test failures appeared 
to be the performance of CTX operators, and not the performance of the 
machine itself.
---------------------------------------------------------------------------
    \14\ Security of Checked Baggage on Flights Within the United 
States, Federal Aviation Administration (Report No. AV-1999-113, July 
16, 1999).
---------------------------------------------------------------------------
    In response to our October 1998 report on the deployment of 
explosives detection equipment, FAA agreed to conduct a study to 
determine the minimum CTX daily processing rates needed to ensure 
operator proficiency, and use the results to establish minimum daily 
utilization rates for machine operators. FAA expected to conduct this 
study and report the results by the end of FY 1999. To date, this study 
has not been conducted.
Strategic Plan
    FAA has made significant progress in deploying existing advanced 
security technologies, including 92 FAA-certified CTX 5500 machines 
equipped with TIP at 35 airports, 553 explosives trace detection 
devices at 84 airports, 18 advanced technology bulk explosives 
detection x-ray machines at 8 airports, and 38 CBT platforms at 37 
airports. FAA will continue the acquisition and deployment of CTX 
5500s, explosives trace detection devices, and CBT platforms. In 
addition, FAA will begin to deploy several other recently-certified 
bulk explosives detection technologies, including one with a slower 
throughput intended for small airports and low-traffic stations within 
larger airports; TIP-ready x-ray machines for screening checkpoints; 
and Threat Containment Units.\15\
---------------------------------------------------------------------------
    \15\ Threat Containment Units are mobile containers that provide a 
safe and isolated environment to resolve threat items discovered at 
airports.
---------------------------------------------------------------------------
    FAA has also conducted or sponsored aviation security research, 
engineering, and development on bulk explosives detection equipment, 
explosives trace detection equipment, integration of airport security 
technology, aviation security human factors, and aircraft hardening.
    Impressive as the deployment of technologies is, FAA has continued 
to focus on the acquisition and deployment process, rather than on the 
necessary transition to integrating all the various assets into a 
comprehensive, seamless security program. The Gore Commission stressed 
that aviation security should be a system of systems, layered, 
integrated and working together to produce the highest possible levels 
of protection. To that end, the Gore Commission emphasized that each of 
its recommendations should be viewed as a part of a whole and not in 
isolation.
    In 1998 we recommended that, to meet current and future threats to 
aviation security, FAA develop an integrated strategic plan to guide 
its efforts and prioritize funding needs. Concentration on deployment 
(what to buy, when to buy it, and where to put it) is not the complete 
solution. This plan should include a balanced approach covering basic 
research, equipment deployment and use, certification and operations 
testing processes, data collection and analysis on actual equipment and 
operator performance, and regulation and enforcement. FAA should work 
with the aviation industry (air carriers, shippers, and airport 
operators) in developing this integrated security plan.
    The strategic plan that we recommended has not yet been developed. 
In our opinion, this must be done to guide the $600 million in 
Facilities and Equipment funding and Research, Engineering, and 
Development funding for aviation security expected in FYs 2001 through 
2004.
    Senator Hutchison, this concludes my statement. I would be happy to 
answer any questions you might have.

    Senator Hutchison. Thank you very much.
    Mr. Richard Doubrava, Managing Director of Security, Air 
Transport Association.

    STATEMENT OF RICHARD J. DOUBRAVA, MANAGING DIRECTOR OF 
              SECURITY, AIR TRANSPORT ASSOCIATION

    Mr. Doubrava. Thank you, Madam Chairman. Excuse my 
hoarseness this morning.
    I would like to thank you and the other members of the 
Subcommittee for the opportunity to participate in this 
important oversight hearing today. The safety and security of 
our passengers is our industry's number one priority.
    We believe that the partnership in Government and industry 
over the past 4 years has resulted in a more secure environment 
for the traveling public, but we still confront considerable 
challenges. In 1996, ATA's CEO, Carol Hallett, presented a far-
reaching security plan, committing our members to a number of 
important goals, including wide-scale deployment of detection 
technology, implementation of automated passenger profiling, 
and establishment of security screening certification 
requirements.
    The industry has strongly supported efforts throughout the 
legislative and regulatory process necessary to achieve these 
goals. All of these efforts were guided by the commitment of 
both the industry and the Government to improve the checkpoint 
performance of screener efficiency and in an ever-changing 
security environment. During the same time, security threats 
have grown dramatically, and additional security measures have 
been required to be conducted due to valid domestic and 
international security concerns.
    The weapons of threat have been more sophisticated and more 
difficult to detect, and the challenges at the checkpoint have 
greatly multiplied. Clearly, once the pending regulation is 
final, there will be a major sea change in the screening 
checkpoint environment. The FAA screener certification process 
will make security screening companies a full partner in this 
checkpoint process.
    We believe that the continued development and deployment of 
enhanced checkpoint security training technology, known as TRX, 
will further contribute to this improvement, and we were 
pleased when the FAA agreed to support the industry 
recommendation to implement a multiyear plan to replace current 
checkpoint x-ray technology with new state-of-the-art 
detection, which includes threat image projection, and 
operators' assist functions.
    A number of security equipment vendors are participating in 
the FAA selection process, and they have worked closely with 
the FAA and the industry in developing technology that improves 
detection and also addresses the carriers' reliability and 
customer service needs.
    The industry continues to be keenly interested in further 
exploring the human factors and associated responses at play in 
the checkpoint operation. This includes the vital role of 
motivated employees in the stressful environment of an airport 
checkpoint operation, and we look forward to obtaining 
reporting data and trend information from current FAA studies 
underway at a number of checkpoint screening locations to 
attempt to determine the relationship between screener ability, 
performance, compensation, and workplace environment.
    Based on the current level of threat in the United States 
and the high volume of domestic passenger traffic, computer-
assisted profiling, known as CAPPS, has offered an efficient, 
noninvasive security procedure meeting the needs of the FAA 
security program while lessening the intrusiveness on the 
traveling public and our passengers.
    We urge expansion of this program for use by U.S. air 
carriers in their international operations, and commend the FAA 
for its ongoing efforts with the industry to test and further 
develop I-CAPS at several foreign locations.
    The area of greatest challenge for us, however, is the 
ongoing effort to deploy explosive detection systems and other 
new security technologies associated with screening baggage. 
Clearly, the scope and complexity of such a massive deployment 
is prone to a variety of issues which complicate the process. 
The installation of this equipment into very different airline 
check-in and baggage makeup areas, as well as the huge 
diversity between airline operations and individual airport 
locations, has compounded these complexities.
    It is vital to the overall success of these ongoing efforts 
that the following occur. We must have a full commitment by the 
Congress and the FAA to continue support and multiyear funding 
for programs which are in reality an extension of our national 
security. The FAA must aggressively seek, foster, and fund 
research and development for new and competing technologies. 
Streamlined certification methods should be adopted to 
encourage more efficient, faster, and more cost-effective 
baggage-screening technology, and the industry must continue to 
partner with the FAA in an open and constructive manner to 
jointly develop a strategic approach to these issues which will 
ensure overall success.
    Senator Hutchison, we appreciate the leadership you have 
exhibited over the past years and look forward to working with 
you and the Committee on these other issues, and I would be 
pleased to respond to any questions you might have.
    [The prepared statement of Mr. Doubrava follows:]

    Prepared Statement of Richard J. Doubrava, Managing Director of 
                  Security, Air Transport Association
    Madam Chairman and Members of the Subcommittee, I am Richard J. 
Doubrava, Managing Director of Security for the Air Transport 
Association of America. ATA represents the major commercial passenger 
and cargo air carriers in the United States. On behalf of our twenty-
eight member airlines,\1\ I would like to thank you and the other 
members of the subcommittee for the opportunity to participate in this 
oversight hearing.
---------------------------------------------------------------------------
    \1\ ATA's members are Airborne Express, Alaska Airlines, Aloha 
Airlines, America West Airlines, American Airlines, American Trans Air, 
Atlas Air, Continental Airlines, Delta Air Lines, DHL Airways, Emery 
Worldwide, Evergreen International, Federal Express, Hawaiian Airlines, 
Midwest Express, Northwest Airlines, Polar Air Cargo, Reeve Aleutian 
Airlines, Southwest Airlines, Trans World Airlines, United Airlines, 
United Parcel Service, and US Airways. ATA's associate members are 
Aeromexico, Air Canada, Canadian Airlines International, KLM--Royal 
Dutch Airlines, and Mexicana Airlines.
---------------------------------------------------------------------------
    The safety and security of our passengers is our industry's number 
one priority. Substantial progress has been made since the 1996 report 
by the Presidential Commission on Aviation Safety and Security and 
enactment by Congress of legislation which set out the priorities for a 
joint industry and government partnership to improve the aviation 
security baseline. We believe that this partnership over the past four 
years has resulted in a more secure environment for the traveling 
public, but we still confront significant challenges.
    As we look back on these recommendations and legislative 
initiatives it is useful to measure the progress which we have made. As 
part of the industry's commitment to these efforts in 1996, ATA's CEO 
Carol Hallett presented a far reaching security plan committing our 
members to a number of important goals including wide-scale deployment 
of detection technology; implementation of automated passenger 
profiling; and establishment of security screening contractor 
certification requirements.
    The industry has strongly supported these efforts throughout the 
legislative and regulatory process necessary to achieve these goals.
    The subject of today's hearing by the Aviation Subcommittee is most 
timely given the evolution occurring in the airport environment of the 
security checkpoint with relation to equipment, training and 
performance issues as well as the pending process by the FAA to certify 
security screening companies.
    Over the past thirty years the aviation security system has evolved 
significantly. Checkpoint security was originally established in the 
early 1970's to deter would-be hijackers. Since such threats required 
deterrents to keep such individuals off aircraft, air carriers became 
the front line defense in preventing air piracy. Since that time air 
carriers have been assigned by the government the primary 
responsibility for providing checkpoint security. Working with the FAA 
and the airports, we believe that these efforts have been pursued with 
commitment and dedication in an environment which has changed 
substantially as the threat of terrorism and violent acts on civil 
aviation have increased.
    The industry, working with the FAA, has undertaken a number of 
major initiatives during this period. In 1989, ATA and the Regional 
Airline Association (RAA) jointly developed the first written FAA-
approved screener training program aimed at improving screener 
knowledge and performance. The program consists of comprehensive 
screener and supervisor training materials which are made available to 
air carriers and screening companies which clearly define the role and 
responsibilities of the checkpoint and checkpoint personnel. This 
information has been updated as necessary. ATA just completed a major 
enhancement in our program by developing a computer-based training 
(CBT) product for field use.
    In 1990, ATA expanded its training product to implement a ``train-
the trainer'' program which provides checkpoint supervisory personnel 
with the necessary knowledge and technique to conduct local training 
programs thus expanding training opportunities.
    In 1993, ATA and the RAA developed a ``Checkpoint Operations 
Guide'' (COG) which provided all domestic security checkpoints with a 
comprehensive operating manual setting out the technical and 
administrative guidance for passenger screening personnel. The 
information in this guide is a synopsis of standards and statutory 
requirements jointly established by the FAA and industry associations. 
This is updated as required and has brought consistency and clarity to 
the checkpoint screening environment.
    All of these efforts were guided by the commitment of both the 
industry and the government to improve checkpoint performance and 
screener proficiency in an ever-changing security environment. During 
the same time security threats grew dramatically. Additional security 
measures were required to be conducted due to valid domestic and 
international security concerns. The weapons of threat have become more 
sophisticated and more difficult to detect. The challenges at the 
checkpoint have greatly multiplied.
    Clearly once the pending regulation is final, there will be a major 
sea change in the screening checkpoint environment. The FAA screener 
certification process will make security screening companies a full 
partner in the checkpoint process.
    While supportive, the industry has concerns and questions in a 
number of areas with the FAA's proposed rule. These include issues of 
clearly defining accountability as well as the regulatory structure 
devised to support this process. It is important that the FAA not 
create a bureaucratic structure that becomes over-burdensome to the 
industry.
    ATA is also concerned about the ultimate regulatory and economic 
impact the proposed certification process may inflict on some aspects 
of the security screening industry possibly affecting their continued 
ability to compete in a new regulatory environment. A number of 
companies providing such services are local business entities located 
in small airport environments and unfamiliar with federal regulatory 
processes. They may find it difficult or economically unfeasible to 
continue such services. This includes a number of our regional airline 
partners which serve small airports without benefit of x-ray checkpoint 
equipment where employees of the air carriers conduct personal 
screening.
    We commend the FAA for holding field meetings this week in Ft. 
Worth and San Francisco to foster greater participation by screening 
companies and further discussion on the proposed certification rule. 
Ultimately, we are confident that these issues will be resolved and a 
final rule enacted which meets our common goal of enhancing the 
security screening baseline.
    In tandem with these efforts, we believe that the continued 
development and deployment of enhanced checkpoint screening technology 
(TRX) will further contribute to this improvement. We were pleased when 
the FAA agreed to support the industry recommendation to implement a 
multi-year plan to replace current checkpoint x-ray technology with 
new, state of the art detection which includes threat-image projection 
(TIP) and operator-assist functions. A number of security equipment 
vendors are participating in the FAA selection process. They have 
worked closely with the FAA and the industry in developing technology 
that improves detection and also addresses the carrier's reliability 
and customer service needs.
    With initial deployment set to begin at our nation's largest 
airports within the next several months, it is vital that this 
replacement plan be fully funded on a multi-year basis by the FAA until 
all airports obtain such updated checkpoint equipment. The deployment 
of this technology alone will result in improved screening and screener 
performance at all checkpoints.
    The industry continues to be keenly interested in further exploring 
the human factors and associated responses at play in the checkpoint 
operation. This includes the vital role of motivating employees in the 
stressful environment of an airport checkpoint operation. We look 
forward to obtaining some reporting data and trend information from 
current FAA studies underway at a number of checkpoint screening 
locations to attempt to determine any relationship between screener 
ability, performance, compensation and workplace environment. This is 
an area where there is little in the way of definitive data and this 
information should serve as a preliminary review for issues which will 
no doubt need further study and consideration.
    In late 1996, the Congress, the FAA and the industry committed to 
the prompt development and deployment of a computer-assisted passenger 
screening program (CAPS). We met that goal with the implementation by 
the industry of such a program in December 1998. Here the industry and 
the FAA worked closely in overcoming many difficult operational and 
technical issues to successfully achieve this goal. CAPS is extremely 
useful as the result of its adaptability and its invisibility. Quick 
modification of screening criteria in the computer program can respond 
immediately to any evolving security threats, while the necessary 
associated screening measures are deployed behind the scenes.
    Based on the current level of threat in the United States and the 
high volume of passenger traffic, CAPS has offered an efficient, non-
invasive security procedure meeting the needs of the FAA security 
program and lessening its intrusiveness on the traveling public. We 
urge expansion of this program for use by U.S. air carriers in their 
international operations and commend the FAA for its ongoing efforts 
with the industry to test and further develop ``I-CAPS'' at several 
foreign locations. There is great potential for reducing the invasive 
physical screening of persons and baggage currently necessary for 
international ``selectee'' passengers.
    The area of greatest challenge is the ongoing effort to deploy 
explosive detection systems (EDS) and other new security technologies 
associated with checked baggage screening. This deployment has been 
handled by the Security Integrated Product Team (``IPT'') made up of 
the FAA and industry representatives working with a coalition of 
manufacturers, contractors, vendors and associations. Clearly the scope 
and complexity of such a massive deployment is prone to a variety of 
issues which complicate the process. The installation of this equipment 
into very different airline check-in and baggage make-up areas as well 
as the huge diversity between airline operations and individual airport 
locations compounds these complexities even further. Given that we are 
working, for the most part, with first generation technology, the 
industry continues to experience significant issues with operating 
procedures, alarm rates and resolution, performance, staffing, 
training, testing and maintenance costs.
    It is vital to the overall success of these ongoing efforts that 
the following occur:

   We must have a full commitment by the Congress and the FAA 
        to continue support and multi-year funding for programs which 
        are an extension of our national security;

   The FAA must aggressively seek, foster and fund research and 
        development of new and competing technologies. Streamlined 
        certification methods should be adopted to encourage more 
        efficient, faster and more cost-effective baggage screening 
        technology;

   And, the industry must continue to partner with the FAA in 
        an open and constructive manner to jointly develop a strategic 
        approach to these issues which will ensure overall success of 
        these efforts.

    As I noted earlier, progress over the past four years has been 
exceptionally good. ATA and our member carriers are grateful for the 
continued support of the Chairman, this committee and the Congress in 
providing the on-going commitment and funding to achieve the goals 
which the industry and the government jointly developed in 1996. We 
remain dedicated to working in partnership with the Congress and the 
Federal Aviation Administration in all areas of aviation security.
    Thank you again for providing ATA the opportunity to participate in 
this hearing. I would be pleased to respond to any questions the 
committee might have.

    Senator Hutchison. Thank you all very much. I am going to 
have to go vote, so we will take a recess. There are two votes, 
so it will be a minimum of 20 minutes, and I will come back and 
start immediately into the question period, because I do have a 
number of questions.
    The testimony has been, I think, very enlightening. It is 
very important and I am very concerned that we address some of 
the issues that you have raised. I plan to do it through 
legislation after having all of your input, so we will discuss 
that as soon as we get back. I want to get a little more 
information for the purposes of introducing my legislation next 
week. Thank you.
    [Recess.]
    Senator Hutchison. Thank you all very much for waiting for 
those votes, and I very much appreciate your testimony. While I 
was on the floor, I talked to the Committee Chairman, Senator 
McCain, about testimony that you have given, and that this is 
an area in which he also is very interested, so I think you are 
going to see some legislation introduced very soon.
    I would like to get your opinion on some of the things that 
we are looking at, and also if you think there is anything else 
we should add, so let me start first with Mr. Dillingham and 
also Admiral Flynn, or Ms. Stefani if you have an opinion on 
this.
    But as has been said, most of the rest of the 
industrialized world has a 40-hour training period for 
screeners at airport security facilities. We have an 8-hour 
requirement in the United States, so I would like to ask you 
along this line if you think 40 hours is reasonable. Should we 
come up to that standard, and are we doing this in the best 
way?
    It has been said that in most places airports pay for 
security. In America, the airlines pay. Should we be looking at 
the airports being more responsible? Should we be looking at 
this becoming an FAA responsibility, which I know would be 
quite costly? What is the best approach, in your opinion, and 
is the 40-hour requirement that is in my legislation something 
that you think is a reasonable requirement?
    Let me start with Mr. Dillingham.
    Mr. Dillingham. Madam Chair, we agree the 40-hour training 
situation is a very positive step. As you say, most of the rest 
of the world in fact does require more training. However, I 
think it is important to point out that without a complete 
package of initiatives, you may end up with a situation of 
better trained people who are still leaving. So it has to 
involve more than just the training, even though training is 
one of the concerns involved with security screening.
    As long as there remains rapid screener turnover, the 
expense of training will keep recurring, but experienced 
screeners will not be on the job. A complete package has to 
include things that will somehow address the turnover issue as 
well.
    Senator Hutchison. Let me ask you, if we are going to 
continue with the contracting out of this responsibility, do 
you think the private enterprise, free enterprise system will 
work, and that people will know that if they are going to have 
to spend 40 hours of training, plus 40 hours of on-the-job 
flight training, that they are going to have to pay more to 
keep people from turning over, because the training costs would 
outweigh the savings of the low salaries?
    Mr. Dillingham. I think that would have an effect, but we 
have examples where screeners are paid $12, $14 an hour, but it 
has not significantly improved their performance. That is why 
it has to be a whole package of initiatives.
    What's also needed is the right kind of people--and when I 
say the right kind of people, I mean with the screener 
selection test that the FAA is developing. You get the right 
kind of people with the right kind of attributes, and train 
them well, then you create a situation where there is an 
improved, for lack of a better term, quality of life with 
regard to their job, so that screeners do in fact stay. This 
could involve things like career track, or it could involve 
some professionalization of the job itself. So the training is 
a major part of it, but again, I emphasize that a package is 
needed.
    But I wanted to also comment on the second part of your 
question about alternatives. Clearly, the GAO has been saying 
for a long time that we have had the same situation of diverse 
responsibility for aviation security for 20 years, and as we 
suggested, we do not see a great deal of improvement using the 
current configuration that now exists, with airlines in charge 
of passenger screening the airports responsible for access 
control, and things like that.
    There are alternatives out there, and we are being asked by 
another committee of the Congress to look at some of those 
alternatives and talk about the pros and cons associated with 
each one. The FAA, as a part of the 1996 Reauthorization Act, 
looked at the situation, and tried to determine if a change was 
necessary. Essentially they concluded that they could not have 
a consensus about changing anything, so they would just leave 
it the way it is.
    We do not think that that is the best way to do that kind 
of work, so we are going to try to followup and come up with 
some alternatives for the Congress to consider.
    Senator Hutchison. When would your timetable be for that 
report?
    Mr. Dillingham. As soon as our resources are free. In terms 
of when it will be available on where your legislation might 
be, I could not say right now, because we are at the early 
stages of that work.
    Senator Hutchison. So you do not have a timetable of when 
you would even put forward some other options?
    Mr. Dillingham. I do not yet have a timetable for when we 
could issue a report, but we are always willing and ready to 
talk to you and your staff about what we know now, based upon 
the experience we have had in doing the current work.
    Senator Hutchison. Give me a couple of options you would be 
looking at.
    Mr. Dillingham. We are talking about a situation, for 
example, of a nonprofit corporation in charge of all of 
aviation security. We are talking about a situation where we 
might have a university-based training program with FAA input. 
So there are a number of options for organizationally changing 
what we currently do.
    Senator Hutchison. I would be very happy for you to also 
talk to my staff and me about these options. I think it is time 
for us to look at some very bold steps here.
    Admiral Flynn, I would like for you to answer the question, 
but I would also like to ask you why the FAA is targeting May 
of 2001 on this training issue.
    Admiral Flynn. Madam Chair, with the comment period of the 
rule ending May 4 of this year, May of 2001 is a compressed 
time period to complete a rule, to do the analysis of comments, 
to do the economic analysis based on economic information 
provided in the comment period, and to bring the rule through 
the processes of review that are required for it to become 
final.
    Senator Hutchison. Can the FAA, on its own, compress that 
even further? It just seems quite long for something this 
important, and particularly since the bill was passed in 1996.
    Admiral Flynn. The FAA has looked at that, but were there 
to be legislation, I would appreciate support, or even it being 
made stronger than that, to ensure that we do this without 
delay. I certainly share the sense of urgency that the 
Committee has about getting this done.
    I would offer to make myself available to you and to your 
staff to work on what is the most timely way, and most prompt 
way of getting this done.
    Senator Hutchison. Well, I look forward to meeting with 
you. I am giving you fair warning that my bill says September 
30. I cannot tell you that bill will pass in the timeframe that 
would allow that, but I think you should be targeting September 
30 at the FAA.
    This is very important. From your testimony today it is 
clear that training standards in the United States are lower 
than the rest of the industrialized world, and yet we have more 
than 500 million passengers going through our airports, so I 
would like for you to look at an internal step up, and I am 
going to try to force it as well, but as you know, things take 
a long time getting through here as well, so I would ask you 
for that cooperation.
    Admiral Flynn. Gladly, Senator.
    Senator Hutchison. Ms. Stefani, did you have any remarks on 
the 40 hours?
    Ms. Stefani. No, Madam Chair.
    Senator Hutchison. I think I am convinced that the 40 hours 
in the classroom and the 40 hours on-site is a good place to 
start, and I think if we do that, that the rest of the 
structure is going to have to make that kind of investment, as 
Mr. Dillingham has said.
    I would like to go to the computer hacking issue that was 
addressed, I think, by the GAO and Ms. Stefani, and ask you if 
you believe, Admiral Flynn, that the FAA is looking at the 
potential dangers presented by hacking, and what steps are 
being taken to assure that our air traffic control system is 
secure?
    Admiral Flynn. Indeed, Madam Chair, the FAA is doing that. 
The work is led by our Chief Information Officer, Mr. Daniel 
Meehan. They have done very considerable work to assess the 
systems of the air traffic system for vulnerabilities, and have 
put in place a plan to do this.
    The people who are doing this are the same people who were 
in charge of FAA's successful Y2K program, so I think that 
program is much strengthened from the time the GAO looked at 
it. I think it is probably one of the best information systems 
security programs in Government as, indeed, it should be.
    Senator Hutchison. Do you have an early warning system that 
would allow you to detect tampering in this area?
    Admiral Flynn. Yes, indeed, there are fire walls, and the 
fire walls are monitored continually.
    Senator Hutchison. Ms. Stefani.
    Ms. Stefani. Yes. We currently have work underway. We are 
actually scanning and trying to see how secure the individual 
computers are in the various systems, not only in FAA, but in 
the Department of Transportation as a whole. The review also 
includes looking at things like unauthorized back-door access 
to different systems. We are looking at basic computer security 
requirements such as controls and passwords. We are making sure 
that the Department as a whole, not just FAA, has the right 
processes and procedures in place.
    Senator Hutchison. Thank you. I would think in air traffic 
control and train controls, the margin of error is so small 
that that would be a priority.
    Mr. Dillingham, did you have a comment on that?
    Mr. Dillingham. Yes, Senator Hutchison. I just wanted to 
let you know the GAO is also looking at the security situation 
with regard to air traffic control in much the same way as the 
DOTIG is following up on the work that we did a couple of years 
ago, and I notice the Admiral mentioned that the situation is 
being controlled by, or being run by the people who did the Y2K 
fixes.
    As you will recall in our testimony, there was a problem 
with the Y2K fixes as well, so we are going to be looking at 
every aspect of computer security over the next few months.
    Senator Hutchison. Well, I think it is certainly a 
priority, and I am pleased to hear that it is for all of you, 
as well.
    Let me take the access issue, because my bill attempts to 
strengthen security at high-risk areas by having immediate 
suspension or termination of any employee that enters a secure 
area without authorization.
    Is there anything else that we should do that would mandate 
security access, or do you feel that FAA is fully engaged on 
this? It seems to me that there is more that could be done, and 
I would like to know that you are doing everything, and if you 
do not think that legislatively we need any more action I would 
like to hear that, or if you think we should be pushing, I 
would like to hear that.
    Admiral Flynn.
    Admiral Flynn. The FAA has been testing this system very 
intensively. Now, for the past year we have noticed both 
improvement in the rate of challenge and improvement in the 
defenses against people being able to get to and aboard the 
aircraft.
    The airports have done quite significant things with regard 
to where there are problem doors. They have either completely 
barred them with due regard for fire safety, or they have 
posted guards on them to supplement the automatic controls on 
those doors.
    I would recommend reconsideration of firing someone, or 
removing a person's authorization to be in the secure area, for 
a single offense. I would recommend that we look at the nature 
of that offense. Certainly the means ought to be there for 
progressive discipline--someone is not wearing ID, for example, 
then there needs to be a system of progressive discipline 
leading to termination.
    Senator Hutchison. Is the FAA doing that now?
    Admiral Flynn. We have a proposed rule that permits the air 
carriers--I am sorry, the airports, to have progressive 
discipline, and a further proposed rulemaking in which the FAA 
will take action directly against individuals, and those rules 
will be final this year.
    Senator Hutchison. So it is up to each individual airport 
what happens?
    Admiral Flynn. To have individual accountability, and many 
of them do now, many airports do have individual accountability 
and progressive discipline programs.
    Senator Hutchison. Ms. Stefani.
    Ms. Stefani. Yes. One of the things that we noted in our 
most recent review of this area was the need to improve the 
training. When the employee shows up, whether they are a 
baggage handler, or a security guard, or a screener, they need 
basic training on what their role is in airport security.
    We went to eight airports. At four of those airports, 
employee training included testing, so you were pretty much 
assured that the employee understood what the requirements were 
and what their responsibilities were.
    In other cases, training consisted of an employee sitting 
in a room watching a video. There was no testing, no assurance 
that they understood the security requirements.
    In one case, English was the second language for a large 
number of employees, and yet the security tape was in English. 
We are not sure how much they actually understood of what was 
being said.
    So in our view employees need better initial training, they 
need recurring training to remind them of their security 
responsibilities, and when problems occur, remedial training is 
also needed.
    Senator Hutchison. Is understanding English not a 
requirement for screening personnel?
    Admiral Flynn. Madam Chair, yes, it is. Ms. Stefani was 
referring to ramp workers, many of whom do not speak English, 
and we have been working with the airports. Many airports are 
now doing multilingual training for their ramp workers and 
people who clean aircraft and have access to them.
    Senator Hutchison. Mr. Dillingham, do you have anything to 
add?
    Mr. Dillingham. No, ma'am.
    Senator Hutchison. Mr. Doubrava, do you have anything on 
this issue?
    Mr. Doubrava. Madam Chairman, I think it highlights the 
complexity of the issue, because we have joint tenancy and 
responsibilities. I can assure you of the industry's strong 
commitment--I just recently came to this position from one of 
the major air carriers where I had the responsibility for the 
operational side of security. I can assure you that that 
commitment is very strong in the industry to try to improve the 
performance in this area. The process is complicated because of 
just what goes on in the airport operationally, the huge 
diversity, and the size and scope of many of the airports.
    We may have an access failure that rebounds on the air 
carrier that started with an access failure some other place in 
the airport. We commend Admiral Flynn and his folks in the FAA 
security offices, and we have been working together very, very 
diligently on this issue over the last 18 months. I think what 
is important is we are in a transition period as we move 
forward from the legislation which you sponsored, and the 
screener certification regulations that are being rolled out by 
the FAA and the air carrier industry responding internally to 
strengthen security training programs.
    With expanded industry internal audit processes, testing 
processes, the training programs I think substantial progress 
is being made. Clearly we have a ways to go, but if you look at 
how far we have come since the Presidential commission and the 
Congress' action to make funding recommendations, I think we 
have made great progress.
    Senator Hutchison. Let me turn to the technology in the 
machines that are being used to screen. Do we have enough of 
the checked-baggage screening devices and, furthermore, as I 
have gone through DFW airport, I have noticed the machines that 
measure residue or dust to see if there is any kind of 
explosive residue, but do we have enough of those? I notice 
most airports do not have them. Certainly DFW does, and I am 
glad to see it, but do we have enough of the up-to-date 
technological equipment at our major class 1 airports, and how 
far down do we go with that up-to-date technology in airport 
size?
    Admiral Flynn. 552 devices are now in use, and they are at 
the checkpoints of all of the top, almost 80 airports. There 
are 450 airports that FAA regulates for security, and so there 
is a way to go.
    Now, once you get past the first 80 you are starting to get 
into considerably smaller airports. That equipment is the 
explosives trace detection equipment.
    Senator Hutchison. So that is the trace detection and the 
CTX.
    Admiral Flynn. Now, with regard to the EDS's, we have 
deployed 90 of them. There are 93 explosives detection systems 
deployed. They are in 36 airports, and used by 20 carriers, 
United States and foreign flag carriers, that are using them in 
the airports in the United States.
    Senator Hutchison. I would just like to ask Mr. Dillingham 
and Ms. Stefani if this is sufficient. Have we moved quickly 
enough on this, and should Congress be looking at moving this 
more quickly?
    Mr. Dillingham. Madam Chair, initially there were some 
serious delays in getting the equipment deployed, and I am not 
sure if that was FAA's fault, but for now they seem to be on 
track in terms of getting the equipment out, as far as we can 
tell. We have not looked at that directly in quite some time.
    Ms. Stefani. On the deployment of both the CTX bulk 
detection machines, and the trace detection equipment, FAA has 
made considerable progress. An area that FAA is still 
researching is for those smaller airports where basically what 
we may call an EDS-lite, a smaller machine that will fit into a 
different kind of configuration, is needed and FAA is moving 
out on this.
    Senator Hutchison. Do you need any help, and let me say 
this, if you need any help on the appropriations for those 
machines, please contact me, because that is the first priority 
for me.
    Admiral Flynn. Thank you very much.
    Senator Hutchison. I would like to move to the criminal 
background check area. There seems to be a void here in what we 
are allowed to do in criminal background checks, and in light 
of your testimony my intention is to close that gap. I am told 
you do not perform a criminal background check on anyone unless 
there is a 12-month lapse in employment, and yet, Ms. Stefani, 
you testified that 61 percent of the violent felony convictions 
serve 6 to 7 months in prison.
    So you could have an 11-month gap in an employment record 
and still be hired for a security scanning position. Do you 
think we need to close that void legislatively, and is it true 
that we are not now allowed to do a criminal background check 
unless there is that 12-month void or less?
    Ms. Stefani. There are four conditions in place right now 
that trigger a criminal check. The easiest one to explain is 
the 12-month gap. The others relate to information obtained 
during the background investigation. For example, if 
information becomes available during the investigation that 
indicates the applicant might have been convicted of a 
disqualifying crime.
    As it stands right now, FAA would have to make a rule, and 
go through the rulemaking process in order to change it so that 
an FBI criminal check would be required for all applicants.
    Senator Hutchison. According to the statement of the 
airports that will be submitted for the record, the regulations 
today say that you cannot do the FBI criminal history check 
unless there is a 12-month lapse, so we do need either a new 
regulation or a law that requires it, is that correct?
    Ms. Stefani. That is correct. A new regulation is needed.
    Admiral Flynn. From the point of view of the underlying 
law, I believe the recently passed FAIR-21 goes a long way to 
solving that. We also seek the FBI's cooperation with regard to 
the processing of the fingerprints, and the deployment of 
systems for online processing of fingerprints, so that there 
will be a rapid turnaround on it.
    But the principle of going directly to fingerprints, and 
avoiding, or going past, or taking away the employment check is 
a good one.
    Senator Hutchison. Well, let me just ask you this. Why 
hasn't the FAA changed that regulation, knowing what the issue 
is here?
    Admiral Flynn. Madam Chair, the problem has been that it 
has taken over 50 days to get a return of fingerprint checks. 
The processing time is that long.
    Senator Hutchison. Is that the FBI's responsibility?
    Admiral Flynn. It is delays in the system overall, as the 
fingerprints go to the FBI, at the FBI, and then returning to 
the airport, sending them, in effect, by mail. That can be 
improved now that the fingerprints can be transmitted 
electronically and are now being assessed through the systems 
that the FBI has of doing it automatically. I think we will 
have the cooperation of the FBI in doing that and putting those 
fingerprints ahead in priority over other requirements that 
there are for checking fingerprints.
    We would very much like to examine with you the legislation 
that would affect the various departments of Government that 
are involved in this.
    Senator Hutchison. Well, my goal is going to be to tighten 
this up so that the person cannot come into employment unless a 
criminal background check has been done, so I want to work with 
you in writing the legislation to cover the loopholes, but a 
12-month lapse in employment record is just not a sufficient 
standard, when we know that people can be convicted of a 
violent crime and serve 6 or 7 months in prison.
    Mr. Doubrava. Senator Hutchison, if I could add a couple of 
comments to that, the industry strongly supports, and we are 
very hopeful the FBI fingerprint program can be expanded 
dramatically, because certainly from our vantage point we feel 
that 100-percent fingerprint background check is a worthy goal.
    The problem that we face is that under the current process, 
when you have a qualified employee who comes and wants to work 
in the job market that we are in, they need to start as soon as 
possible, and so the problem is that we lose good applicants 
because of the delay period. When you may have justifiable 
reasons for having to conduct an extended background check, 
that may not necessarily be the result of criminal activity.
    So I think that our frustration--and under the current 
process right now, as you know, and I have spoken with both the 
Majority and Minority staff, and they are well aware that some 
of the issues for us are that the current process is just 
fraught with so many issues because of the need to verify how 
much that information that you receive is adequate for the 
verification process based on third parties.
    And I think that one thing the FAA and the industry have 
been working--this is not to criticize the FBI, but currently 
they do huge amounts of background checks, and the airline 
industry is a very small percentage of what they do, but as we 
move toward this process with testing at several airports, we 
hope that the Congress will move forward, working with the FBI 
to make sure that we get this fingerprint, automated 
fingerprint check program underway and a wide-scale approach, 
and I think that a lot of these issues will then fall to the 
side once we have that available to us.
    Senator Hutchison. I think both of you are making very good 
points, and we will work to make sure that we have zero 
tolerance with the information available.
    The last area I would like to address is the checked 
baggage screening area. It is my understanding that the FAA is 
going to phase in 100-percent checked baggage screening, 
beginning in 2009. I would just ask you if that is correct and 
if you think that is a sufficient addressing of the issue. Is 
that the right timetable, or could we do that more quickly?
    Admiral Flynn. Madam Chair, it depends on the results of 
research and development. The machines and systems that we have 
today are not sufficiently efficient. They are effective in 
finding explosives, but the cost of installing the machines 
that would be needed for 100-percent screening is in effect 
unbearable. It is enormous.
    Senator Hutchison. What about the baggage match issue? Has 
that been implemented?
    Admiral Flynn. The checked baggage security program is on 
the basis of selection by CAPPS, and that gives a high level of 
security. Ultimately, when baggage screening machines become 
more efficient, and our estimate of when that could be 
practical is 2009, at that time we would be replacing these 
relatively inefficient systems with new systems, replacing the 
ones we are now deploying for screening CAPPS selectees' bags. 
We ought to be working to prepare terminals as they are being 
built, when it is much less expensive to install the equipment, 
to prepare for the transition.
    But again, with regard to the efficiency of checked baggage 
screening, the throughput rate has to come up and the false 
alarm rate has to come down substantially for it to be 
practical in the present level of threat to do 100% screening 
in the United States.
    Mr. Doubrava. Senator, where this becomes most important is 
in the operational needs of the air carriers. I know in your 
own State you have a number of hub carriers, and in the hub-
and-spoke system with the sheer numbers of passengers and 
operations that you have, the industry needs to have equipment 
which supports these complex operational requirements.
    To take a little issue with my colleague here with regard 
to usage of EDS, one of the biggest challenges for the industry 
has been the limitations of this first generation technology. 
We cannot screen the sheer numbers of bags that must be 
accommodated in the hub-and-spoke operations. When you have 
carriers that run high frequencies and you have major peak 
times the current machines cannot handle the necessary bag 
throughput for a timely operation.
    So as we look at these issues, the biggest challenge we 
face is the R&D support for a smaller, faster device with a 
lower alarm rate. The industry is committed to moving to a 100-
percent whole baggage screening regime. While I clearly 
understand the concern about when this will be accomplished 
when we put in the outyear 2009, we all felt--Government and 
industry together--that this was a doable date. We did not want 
to leave expectations high that we would be able to readily 
achieve this goal, because of the outstanding technology 
issues.
    Senator Hutchison. Are you doing passenger matches with 
checked baggage?
    Mr. Doubrava. As Admiral Flynn indicated, we are doing 
those with selected passengers. We had a long--and you were 
involved in some of those discussions--debate about what 
industry could do in terms of 100-percent domestic positive bag 
match on all domestic passengers. Madam Chairman, it would be 
impossible given the current operational environment.
    The industry would have to change the entire approach of 
how we do business in order to accommodate such a huge scope. 
In the current system right now 15 to 20 percent of our 
passengers double-connect on line. We would not have the 
manpower resources and the cost structure to accomplish this 
goal.
    The FAA and the industry have worked with a third party 
independent group to look at this. Their conclusions were 
similar--we would have to change the entire scope of the way we 
do business in the airline industry domestically, and the costs 
would be intolerable.
    Senator Hutchison. I want to ask Ms. Stefani and Mr. 
Dillingham if they have looked at the passenger match on 
certain profiles. Have you looked at the effectiveness of that 
approach?
    Mr. Dillingham. No, we have not, Madam Chair.
    Senator Hutchison. Ms. Stefani.
    Ms. Stefani. We have done some work looking at the CAPPS 
system, testing it, and we found that it was effective. It was 
identifying the selectees when they should have been selected.
    On the issue of CAPPS and the use of explosives detection 
machines, there is no doubt that we need to develop an 
explosives detection device that is smaller, faster, and 
cheaper, so that we can get it deployed across the country.
    When you look at a date like 2009, given the number of 
CAPPS selectees that are coming up, it is not as high as FAA 
expected. Our concern is, how do we get the practice? How do we 
move from where we are today to being able to screen a billion 
bags a year? The machines that we have are capable of doing 
more, and we would like to see them doing more screening.
    Senator Hutchison. That concludes my questions. Is there 
anything I have not covered that any of you would suggest we 
put in the Airport Security Act that I will be introducing next 
week, any other area that needs to be tightened up, that you 
would like to suggest?
    Admiral Flynn. Madam Chair, I would like the opportunity to 
reflect on that a bit, and to get back to you in the next day 
or so.
    Senator Hutchison. Well, I would very much like to have 
that input, and I appreciate your cooperation, Admiral Flynn. I 
think your testimony, plus Mr. Dillingham and Ms. Stefani's, 
has been very helpful in this, and certainly, Mr. Doubrava, the 
Air Transport Association has to be a part of this as well.
    I want to say that the record will be open for any member 
of the Committee to submit a statement, and I will put in a 
statement from the American Association of Airport Executives 
and the Airports Council International, North America.
    Senator Hutchison. If there are no further comments, I will 
adjourn the meeting. Thank you very much.
    [Whereupon, at 11:50 a.m., the Subcommittee adjourned.]
                            A P P E N D I X

    Joint Prepared Statement of the American Association of Airport 
    Executives and the Airports Council International, North America
Mr. Chairman and Members of the Subcommittee:

    The Airports Council International--North America (ACI-NA) and the 
American Association of Airport Executives (AAAE) appreciate the 
opportunity to submit written comments for the record of the hearing 
held April 6, 2000 regarding our views on aviation security at our 
nation's airports. We are pleased to offer you our insights on what has 
been deemed one of the most important operating procedures in the 
aviation system.
    ACI-NA's members are the local, state and regional governing bodies 
that own and operate commercial service airports in the United States 
and Canada. ACI-NA member airports serve more than 97 percent of the 
U.S. domestic scheduled air passenger and cargo traffic and virtually 
all U.S. scheduled international travel. AAAE is the world's largest 
professional organization representing the men and women who manage 
airports. AAAE members manage primary, commercial service, reliever and 
general aviation airports, which enplane 99 percent of the passengers 
in the United States.
    We believe the most important aspect of providing a safe and secure 
aviation operating environment is a close partnership with the 
intelligence community, the air carriers and the regulators. We are 
pleased to have participated in the FAA's Aviation Security Advisory 
Committee (ASAC) from its inception and hope to continue making 
progress on these crucial issues by fostering the relationships formed 
within the Committee itself and its many subcommittees and working 
groups. We were pleased to see the language included in the recent FAA 
reauthorization legislation permitting interface between government and 
industry entities outside the federal advisory committee structure to 
allow for frank and open discussions on sensitive security matters in a 
timely manner. This structure will allow FAA and industry to address 
ways to meet our security goals in the most expeditious and effective 
fashion, and will also allow local airport and law enforcement officers 
to play a much more significant role in the development of essential 
emergency measures and long range policy recommendations. This 
recognition of the effectiveness of partnership should be the first 
step in a process to review and assess the existing regulator-regulated 
party relationship that we currently work within. As evidenced by 
recent problematic events, the current system of aggressive assessments 
and punitive actions leads inevitably to resentment and reactive 
measures instead of to constructive solutions to identified problems. 
FAA should seek ways to work with the security professionals in the 
aviation community to conduct assessments in a cooperative interactive 
method free from the threat of penalty for self-assessment and 
disclosure.
    Airport security consortia have also proven to be an effective 
forum for the discussion and dissemination of information on local 
security programs and operations as well as national trends. We 
understand the FAA is tasked with conducting assessments to determine 
compliance with existing regulatory programs. We strongly encourage the 
FAA to use consortia as the forum for improving local security measures 
at airports in addition to conducting tests to verify the effectiveness 
of specific measures and recommend ways to make improvements versus 
assessing penalties for violation. FAA should provide information to 
the security consortia members on the relevant goals and objectives to 
improve local procedures. Test protocols should be standardized and 
disseminated to all parties so that corresponding information on system 
failures can be addressed in a comprehensive manner with a complete 
understanding of all elements of the program considered. Many of our 
member airports conduct self-analysis of this nature and apply the 
results to program improvements. These airports have scored above the 
average during both FAA and DOT IG assessments. Conducting tests in a 
vacuum and reporting results of violations with minimal or no details 
on how the test was conducted has little to no productive value when 
attempting to assess ways and means to improve the test environment.
    We have been long awaiting the comprehensive rewrite of FAR Part 
107 as it will codify a myriad of policy memos, emergency amendments 
that have been in place for over 10 years, and management procedures 
and practices developed in an ad hoc manner to address ``security 
concerns of the moment.''
    Of particular interest is the section of the proposed new 
regulation addressing individual accountability. It has long been our 
position that ``security is everybody's business.'' This crucial 
element of airport and airline security programs has been absent from 
FAA regulations, forcing airports and air carriers to seek local 
ordinances to address violation of federal regulations. ACI-NA and AAAE 
have been working with our industry partners to develop a set of 
minimum national standards for local airport individual compliance 
programs addressing the most common violations. We need full support of 
our federal partners to make these compliance programs effective. FAA 
must assist the airport and air carrier industry to enforce these 
programs, once established under regulation, by imposing penalties 
described in airport and air carrier programs to individual violators 
in a timely manner. Under the current programs FAA assessment of civil 
penalty can take upwards of several months to complete, severely 
undermining their effectiveness.
    Prior to finalizing the proposed regulation FAA should consider 
addressing the current list of crimes that disqualify an individual's 
application for unescorted access. It is our understanding that the FAA 
has the regulatory authority to expand the current list of crimes 
delineated under FAR Part 107.31 to reflect current concerns. While 
many of the existing crimes were selected to address terrorist 
activity, recent events have made it apparent that persons with 
unescorted access to the secure area of an airport are willing and able 
to participate in other activities with an equally detrimental impact 
on the security of the air transportation system. If an individual 
willingly places an illegal substance on board an aircraft for monetary 
compensation, that same individual will likely introduce a weapon or 
explosive device into the sterile area of the airport and perhaps onto 
the aircraft itself. Airport and air carrier employers do not have a 
legal means to conduct a comprehensive assessment of the criminal 
records of potential employees. Therefore, it is our position that FAA 
should include on the list of disqualifying crimes, crimes that show 
intent or predisposition to accept rewards for illegal activity or 
unlawful gain such as theft or burglary. FAA must work with the 
industry and law enforcement entities to review the current list of 
disqualifying crimes and assist in amending the list as deemed 
appropriate to prevent the introduction of deadly or dangerous items 
onto aircraft.
    As stated earlier, airport and air carrier employers are not free 
to assess the criminal background of all potential employees who seek 
unescorted access to the secure area of the airport. The current 
regulations specifically restrict the use of an FBI criminal history 
check to those individuals who cannot produce proof positive that they 
were employed for the ten years prior to application (with no greater 
than a 12 month gap in records) for unescorted access privileges at an 
airport. As many convictions no longer carry a minimum twelve-month 
sentence due to plea bargaining and reduction of charges, the screen 
created by this process is no longer valid. FAA and FBI now have the 
capability to accept fingerprint records in a digital format and can 
affirm the criminal record of an individual in a matter of days. In 
light of these technological improvements we see no reason to continue 
to produce reams of documentation on each applicant's employment 
history. Rather we believe it is incumbent on the FAA and the FBI to 
expedite a procedure to allow airports and air carriers to conduct a 
100% fingerprint background check on all employees seeking unescorted 
access to the secure area of an airport. This procedure would provide 
evidence of past convictions regardless of the time lapsed since 
conviction (greater than ten years) and would obviate the need to 
verify by letter, phone or other means the validity of statements 
provided by the job applicant themselves. Another difficulty that 
airport operators face in verifying the background of individuals 
applying for unescorted access is the lack of standardized information 
available on recent immigrants to the United States. Very often these 
individuals have no method of providing the information required to 
meet the standards outlined in FAR Part 107.31. The United States 
Immigration and Naturalization Service (INS) performs a background 
investigation on these individuals prior to issuing a ``green card'' 
allowing them to work in the United States. The INS should provide the 
record of investigation to airport and air carrier management to verify 
that the individual to the best of their knowledge has not been 
convicted of any of the disqualifying crimes. This statement by the INS 
should be an acceptable substitute for the current method of collecting 
documentation from varied sources that may or may not be well 
controlled.
    Other technological advances in the security assessment field will 
have significant impact on airport operations, terminal design, 
emergency response procedures and other planning and manpower 
requirements. It is essential that FAA continue to work not only with 
the air carriers who will be utilizing passenger and baggage screening 
equipment, but also with airport operators who will need to modify 
terminal buildings and educate our public safety staff on the placement 
and uses of this equipment. The Security Equipment Integrated Product 
Team has made significant progress in the development of short term 
plans to integrate existing technology into the current airport system. 
We are calling on the FAA to work with industry to establish long-term 
goals and objectives for the development of an integrated aviation 
security plan. Airport operators can then reflect these goals and 
objectives in our terminal design and operations planning allowing for 
the most effective deployment and use of this equipment. A long-term 
plan will also allow estimates of future funding needs to be identified 
and sources for the funding to be procured accordingly.
    One final issue that has been raised for discussion is the 
assignment of responsibility for carrying out screening of passengers 
and their baggage. Passenger screening is acknowledged as an essential 
element of the overall aviation security system. Some have even 
classified it as the first line of defense against the introduction of 
deadly or dangerous weapons into the air transportation system. The 
performance of these duties should rightfully be the subject of 
continual scrutiny with the aim of ever improving the level of security 
provided. Which party in the security partnership should perform the 
screening function has been the focus of many debates on the issue. 
Questions as to why the airport operators or the federal government do 
not conduct screening can easily be addressed. The Aircraft Piracy Act 
of 1961 (PL 87-197) first vested the air carriers with the 
responsibility for performing passenger screening by allowing them to 
refuse transport to passengers or property that could jeopardize air 
safety. The Air Transportation Security and Anti-Hijacking Act of 1974 
(PL 93-366) explored the issue in detail, and determined that the 
responsibility was best assigned to the air carriers as they have the 
most direct interface with the passengers and baggage allowing them to 
assess behavior in conjunction with the screening process. Additional 
concerns relate to ``probable cause'' and ``illegal search and 
seizure'' protections. The Supreme Court case ``Terry v. Ohio'' 
determined that probable cause for search and seizure does not exist if 
a person is merely proceeding into the sterile area of a facility to 
meet an arriving passenger, or to escort a departing passenger. 
Therefore, if a law enforcement officer or government entity with law 
enforcement responsibilities were to conduct screening and finds 
evidence of a violation (cash over $10,000 or drugs) they are duty 
bound to take action which would violate the individuals rights. In 
addition to these legal concerns, there are the practicalities of the 
current system. Under the current procedures, information about high 
risk passengers is collected by the air carriers, the air carrier is 
the entity that comes into contact with the passenger when they check-
in for the flight. The air carrier also comes into contact with the 
passengers carry-on and checked baggage. Therefore the air carrier 
representative is the person with the best opportunity to designate the 
passenger and their baggage as a ``selectee'' for aggressive screening 
measures until such time as the threat presented by the passenger or 
their baggage can be resolved. To interject an outside party into this 
process would require a significant modification to the existing 
passenger check-in and screening process. It is our position that the 
FAA and the air carriers should work toward the implementation of 
comprehensive performance based standards for security screening 
employees. These employees should be vested with the knowledge that it 
is their responsibility to provide a crucial element of the aviation 
security system. They should be provided with comprehensive initial and 
recurrent training and the best tools available to complete their job. 
Compensation should reflect their skills and performance accordingly. 
FAA's proposed regulation on the certification of screening companies 
goes a long way toward reaching this goal, but falls short of working 
with the very individuals who provide these essential services.
    Again we appreciate the opportunity to provide our views on this 
important issue. We hope that you will find them to be enlightening and 
useful.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Slade Gorton 
                          to Gerald Dillingham
    Question. Do you agree with the FAA's assessment that it will 
induce screening companies to pay their employees higher wages with 
higher performance standards that require more training? In your 
opinion, are there additional steps that should be taken?
    Answer. We believe that it may be possible to get screening 
companies to pay higher wages through higher performance standards that 
require more training, but it is by no means certain. FAA has limited 
tools that it can use to influence screener wages, but mandatory higher 
standards could be the right one. If FAA sets high performance 
standards that require screening companies to (1) seek and retain more 
capable screeners, (2) invest more money in their training, and (3) 
maintain high performance to retain certification, then it should be in 
the screening companies' interest to raise wages in order to obtain the 
best candidates. However, screening has historically been seen as an 
additional cost burden to air carriers, and they have tended to 
contract with the lowest-cost screening companies to handle their 
screening operations. Consequently, their concerns remain about the 
ability of screening companies to raise wages sufficiently to attract 
good candidates and still be able to compete effectively for screening 
contracts with the air carriers.
    We believe it would be most prudent to let the efforts FAA has 
underway to improve screener performance take effect, be evaluated, and 
then decide whether or not additional actions are warranted.

    Question. Does GAO have any reconunendations for improving the 
abysmal weapons and explosives detection rate that you outlined in your 
testimony?
    Answer. We do not have any specific recommendations at this time 
that could improve screener detection rates. FAA has several 
initiatives underway that may be a starting point that could help to 
achieve higher detection rates, such as computer-based training, the 
Threat Image Projection (TIP) System, and screening company 
certification; however, it is still too early to determine what impact 
these initiatives will have on improving screener performance. In our 
view, the key to improving detection rates is the timely and effective 
FAA implementation of initiatives such as TIP, which is designed to 
increase screeners' experience and attentiveness. If these are 
implemented promptly and properly, then this country may finally obtain 
significant improvements in weapons and explosives detection rates.

    Question. In order to improve screener performance, are there any 
lessons that the FAA can learn from other screening practices in other 
countries?
    Answer. We found a number of differences in the way other countries 
conduct screening operations. These differences include: (1) more 
extensive qualifications and training for screeners, (2) higher pay for 
screeners, (3) assignment of screening responsibilities to the airport 
or government, and (4) more stringent checkpoint operations, such as 
routine ``pat down'' searches of passengers and limiting access to 
checkpoints and beyond to passengers only. However, the critical piece 
of information is whether these practices result in better screener 
performance. We were unable to obtain from these countries information 
on whether and how these differences lead to improved screener 
performance.
    Nevertheless, the screening practices of other countries 
potentially contain lessons for FAA. We can not be prescriptive on what 
these lessons would be, largely because it would take significant study 
and cooperation from other countries to determine the impact the 
differing practices have on screeners' ability to detect dangerous 
objects. However, if FAA's current initiatives do not increase screener 
performance to levels needed to adequately ensure the safety of air 
passengers, we believe that FAA should vigorously examine the practices 
of other countries to identify lessons for adoption in the United 
States.
                                 ______
                                 
      Response to Written Questions Submitted by Hon. John McCain 
                         to Richard J. Doubrava
    Question 1. Should the computer-assisted passenger screening (CAPS) 
system be adjusted so that more passengers are selected at random to 
have their checked bags scanned by explosive detection equipment?
    Answer. The industry is strongly opposed to an arbitrary increase 
in the CAPs random rate to increase the usage of security screening 
equipment. The CAPs program was developed jointly between the industry 
and government to identify certain factors that would result in a 
passenger being selected to undergo the ``selectee process.'' The 
random factor was developed to insure that there were no overt factors, 
which resulted in individuals being targeted as the result of any 
personal bias. The Justice Department repeatedly reviewed the CAPs 
program and certified it as non-discriminatory. Any plan to alter this 
program in order to deal with issues associated with the level of 
security screening equipment usage undermines the program. Such an 
action would do nothing to improve the security baseline of 
``selectee'' profiling by simply increasing the numbers of passengers 
put into the ``selectee'' category. This is not a security-based 
approach.

    Question 2. In your testimony, you said that progress has been 
exceptionally good. But GAO has found that screener performance has 
possibly worsened. On what do you base your assessment of exceptional 
progress? What are the airlines doing as an industry to improve 
screener performance?
    Answer. Mr. Chairman, my comments were reflective of the progress 
which the industry and the government have made since the 
recommendations of the Presidential Commission on Airline Safety and 
Security. As of March, 2000 there are contracts for the deployment of 
180 explosive detection systems (EDS) at the major airports in the U.S. 
In addition, 420 new state-of-the-art checkpoint x-ray systems have 
been contracted for deployment at the nation's airports. These machines 
will include ``threat image production'' (TIP) which will be a major 
training enhancement for checkpoint screeners. In addition, the 
continued rollout of trace detection devices continues at U.S. airports 
as well. The industry was among the first to call for the certification 
of security screening companies by the FAA. This certification process 
will result in the screening companies becoming a full and equal 
partner in the aviation security process. While the industry recognizes 
the need for improved performance in a number of security areas, this 
does not diminish the progress which we believe has been made over the 
past several years in strengthening U.S. aviation security.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Slade Gorton 
                        to Admiral Cathal Flynn
    Question 1. Ultimately the responsibility for detecting weapons and 
explosives in baggage lies with the airlines, even if they contract out 
for the screening of carry-on baggage. If the airlines are fined 
consistently and at higher rates for the inability of screeners to 
detect potentially dangerous objects during FAA tests, won't they have 
more incentive to make sure that screeners are paid and trained in a 
manner that fits their level of responsibility?
    Answer. The FAA does believe increasing tests and fines for 
carriers or airports that perform poorly can motivate good performance. 
FAA has used this approach in a number of areas. In the area of 
checkpoint screening, however, there are certain limitations on the 
beneficial effect of individual fines for individual test failures. The 
most apparent is that airlines have traditionally charged the contract 
screening companies for any FAA imposed fines, which, in turn, 
sometimes results in the firing of individual screeners, rather than 
prompting an examination of how to improve system performance. FAA, 
therefore, has other initiatives in an ongoing effort to improve 
screeners' ability to detect potentially dangerous objects. One such 
effort involves the certification of screening companies, which will 
allow the FAA to monitor screener training and to hold screening 
companies directly accountable for their performance. Screening 
companies whose performance falls below the standard could be 
subjected, not just to penalties, but to requirements for redundant 
staffing and, possibly, public signage indicating that screening 
remains safe only because of the redundancy required by the FAA.

    Question 2. Does the United States have the most stringent security 
screening standards in the world? If not, what countries' standards 
exceed ours? Do their standards exceed even the FAA's proposed 
requirements?
    Answer. The scope of how security is employed by individual nations 
is commensurate with the perceived threat and culture. In limited, 
select countries, such as Israel, security measures are more extensive 
and aggressive than those instituted in the United States, in order to 
address the level of perceived threat. In those countries, the volume 
of passengers requiring screening, passenger acceptance of more 
intrusive procedures because of the immediate threat levels, and the 
acceptable passenger delay in aviation systems without the hub and 
spoke system of United States allows for more time consuming processing 
of passengers.
    The FAA has developed standards for explosive detection system 
(EDS) technology that must be met for a system to be certified by the 
FAA. The EDS criteria are extensive but appropriately justified by 
threat analysis conducted by the intelligence community and aircraft 
vulnerability analyses performed by the FAA and other government 
entities. The standard focuses on explosive type and mass and mandates 
a processing rate and sets a minimally acceptable false alarm rate. 
While individual nations may use different detection software that 
attempts to detect smaller explosive masses, this significantly impacts 
the system false alarm rate. If studies of aircraft vulnerability to 
explosions show that a decrease in the explosive mass is required, the 
FAA will change the EDS criteria.
    The FAA is developing standards for the screening checkpoint that 
will focus on threats being introduced to the aircraft at the screening 
checkpoint either in carry-on baggage or concealed on passengers. 
Systems will be developed through the sponsorship of the FAA's Research 
and Development program to meet this future standard. The FAA is the 
world leader in the development and deployment of advanced aviation 
security screening equipment. Numerous countries use equipment that is 
developed by research sponsored by the FAA.
    With respect to the human element, the proposed Certification of 
Screening Companies rule is expected to improve screening performance. 
It will require the use of threat image projection (TIP). The FAA 
anticipates that in the future, TIP data may provide a basis not only 
to monitor the performance of screening locations but also to establish 
performance standards. Certification of screening companies will allow 
the FAA to monitor screener training and to hold screening companies 
directly accountable for their performance.

    Question 3. My understanding is that the 8000-39 FAA inspector 
identification badge has been in use for a decade at least. If that's 
so, why do you think that many airport and airline officials don't 
recognize the universal access privileges of the 8000-39 ID?
    Answer. We believe the majority of airline and airport employees 
recognize the privileges that attach to the 8000-39 ID (issued to FAA's 
aviation safety inspectors) to remain in security-controlled areas of 
an airport without escort while conducting inspections. Nevertheless, 
the FAA is taking steps to ensure the credential will be universally 
recognized at all airports, by including information on this ID during 
the training given to all employees and airport-assigned police 
officers. Also, the FAA is ensuring that FAA aviation safety inspectors 
(ASI) are familiar with procedures for properly getting onto the ramp, 
for displaying the ID at all times, and for responding to the 
appropriate challenges that may be made by industry employees who are 
attempting to ensure that only authorized persons are on the ramp.
    FAA's Office of Civil Aviation Security requested on May 1, 2000, 
that all airports review their security programs to ensure the form and 
the authority of the ASI's are recognized and brief all airport-
assigned law enforcement officials about the form. Copies of the form 
have been distributed to police shift commanders and at airport 
consortia meetings. FAA field personnel are also reviewing the airport 
security training programs to make sure the form is recognized and 
described adequately. Simultaneously, FAA Flight Standards is 
reacquainting its workforce with how to obtain access to the ramp, the 
need to display the ID, and the legitimacy of requests by ramp workers 
to see the ID as they discharge their security ``challenge'' 
requirements.

    Question 4. What is the FAA doing to develop a strategic aviation 
security plan?
    Answer. The Office of Civil Aviation Security has developed several 
broad strategic plans since the bombing of Pan Am 103. Provisions of 
the Aviation Security Improvement Act of 1990 and subsequent 
legislation, and the recommendations of groups like the White House 
Commission on Aviation Safety and Security, helped to define the 
aviation security strategic direction and effect its implementation. 
FAA also met with industry representatives in a series of ``strategic 
summits'' beginning in June 1998 and has developed ``end states'' of 
the system 5 years in the future.
    The Associate Administrator for Civil Aviation Security (ACS) does 
not produce a publicly available, detailed strategic plan including 
specific goals, objectives, and implementing actions because such a 
plan would unavoidably reveal vulnerabilities in the civil aviation 
system that could be exploited. Instead, we present the main elements 
of our aviation security strategic plan as an overview in the FAA and 
Department of Transportation strategic plans and on the pages of 
biennial reports to Congress. FAA is currently drafting a plan 
describing aviation security strategic direction and elements, but at a 
broad enough level to make it suitable for public release by the end of 
this calendar year. This is one of several major planning activities 
for aviation security.

   FAA is implementing a new matrix approach to civil aviation 
        security planning and evaluation that uses Integrated Program 
        Management (IPM) Teams for each major security subsystem. IPM 
        teams have identified 5-year goals and developed detailed 
        internal management program plans with actions necessary to 
        meet the goals. A newly established ACS evaluation staff will 
        coordinate the matrix approach of IPM teams. The staff will 
        evaluate effectiveness and interactions of individual elements 
        of the security program. A manager for the anticipated staff of 
        analysts was hired in May 2000.

   FAA has two coordinated groups formulating a system 
        architecture and concept of operations for civil aviation 
        security.

   The IPM team designated ``Program 1'' is responsible for 
        defining all the elements of the security program. A draft of 
        the total system architecture is planned for the end of CY 
        2000.

   The Security Equipment Integrated Program Team (SEIPT) 
        System Architecture team is focusing on the areas of SEIPT 
        involvement (checked bags and checkpoint). A draft qualitative 
        description of the SEIPT system architecture was completed in 
        May 2000. In addition, the SEIPT is developing a security 
        equipment deployment plan and has contracted with a Center of 
        Excellence to develop a deployment optimization model by August 
        2000.

    Question 5. In your prepared testimony you said that in a 1998 
report, the FAA found no consensus for a change in responsibility for 
aviation security. Furthermore, you said, ``The existing partnership, 
where the government sets goals and works with the industry to see that 
those goals are met is universally supported.'' What are the goals that 
have been set for the industry? How have they been met?
    Answer. The overall goal is to deter or prevent hijacking, 
sabotage, and other criminal and terrorist acts against civil aviation. 
Ensuring effective screening of ever-increasing numbers of passengers, 
baggage and cargo on more flights without restricting movement remains 
our greatest challenge. The U.S. aviation industry must embrace 
improved security as part of its mission to provide better service to 
its customers. The FAA and industry have been working together through 
the Aviation Security Advisory Committee, Security Equipment Integrated 
Program Team, and meetings with associations and airline and airport 
executives such as the Security Summit held in June 1998. The partners 
strive to create effective and efficient aviation security systems; 
effective in the sense that they reliably accomplish the tasks 
assigned, and efficient in the sense that they do their job for the 
least cost, both in terms of money and the movement of passengers, 
cargo and mail
    For example, a primary element of our strategic plan is to improve 
checked baggage and checkpoint screening through effective and 
efficient use of advanced technology security equipment by air 
carriers. Nonintrusive screening depends upon the use of such 
technologies to find weapons and explosive devices without excessively 
disrupting the flow of passengers or the expeditious movement of their 
bags. The use of automated or computer intensive equipment in place of 
labor intensive measures is faster, more efficient, but primarily more 
effective. Working together, the FAA and industry have achieved the 
goal of automated passenger screening with bag match or explosives 
detection system (EDS) screening of selected passengers' bags, using 
the Computer-Assisted Passenger Prescreening System (CAPPS), while 
safeguarding civil liberties.
    The screening system, however, is limited by the level of 
performance by screeners and how they use the tools provided. We hope 
that the certification of screening companies in concert with the 
training and selection tools FAA has provided will lead to increased 
professionalism in the airline screening workforce. We will set 
performance standards to ensure an appropriate level of detection of 
weapons and explosive devices. We will require training to standards we 
set and we will test to those standards to ensure accomplishment of our 
aviation security goals.

    Question 6. In the 1996 FAA reauthorization bill, Congress required 
the FAA and FBI to carry out joint threat and vulnerability assessments 
at each ``high risk'' airport. What is the status of those assessments? 
How have the FAA, FBI, and industry responded to these assessments?
    Answer. To date, joint threat and vulnerability assessments have 
been conducted at 33 U.S. airports. For FY2000, twenty-six additional 
airports have been scheduled to have joint threat and vulnerability 
assessments conducted. Industry representatives participate in the 
assessment process through consultations with FAA Security specialists 
and those who hold security clearances are briefed on the threat 
assessments pertaining to their airports.
    Since 1996, FAA, in conjunction with the FBI, has evolved a 
methodology that seeks to capture airport vulnerabilities through data 
collection and analysis. This process involves both agencies, in close 
cooperation with industry, and produces data that serve to both 
identify vulnerabilities and to allocate resources. The methodology 
consists of a questionnaire with over three hundred questions on the 
vulnerabilities of an airport, an empirical study prepared by the local 
FBI offices on Criminal Activity Trend Analysis on the airport and 
surrounding areas, and a classified FBI threat assessment tailored to 
the airport or geographic region in which the airport is located. The 
empirical data is tied to a database managed at FAA. These assessments 
help in identifying vulnerabilities in security systems at designated 
airports and in recommending modifications in security facilities, 
equipment, and procedures to address or correct the vulnerabilities.

    Question 7a. In the past year, how much was levied in fines against 
screening companies or air carriers for screening checkpoint 
violations? How much was actually collected?
    Answer. From May 15, 1999 through May 15, 2000, the FAA closed 505 
cases against various air carriers for screening checkpoint violations, 
331 of which civil penalties were recommended, totaling $4,073,623. Of 
that amount, the agency has collected $2,245,875 to date.

    Question 7b. Do these fines have an impact and lead to improved 
performance by air carriers, screening companies, and individual 
screeners?
    Answer. Increasing tests and fines of carriers or airports which 
perform poorly can motivate good performance as long as the definition 
of good performance is clear and its treatment is consistent. FAA has 
used this approach in a number of areas. In the area of checkpoint 
screening, however, there are certain limitations on the beneficial 
effect of individual fines for individual test failures which will be 
alleviated by initiatives documented in the notice of proposed 
rulemaking (NPRM) for certification of screening companies. The target 
for publishing the final rule is 12 months after the NPRM comment 
period, which closed on May 4. The comment period was extended a month 
beyond the original April 4 date to allow for outreach to small 
businesses.

    Question 8. Last December the GAO reported that the FAA has not 
consistently performed background checks or investigations on employees 
of FAA contractors, as the agency's own policy requires. What are the 
FAA's plans for enforcing its policy on background checks? When will 
the FAA complete its efforts to address recommendations made by the 
GAO? Are these policies enforced with respect to FAA inspectors 
themselves?
    Answer. The FAA has begun to address the recommendations made by 
the GAO and those efforts are ongoing. Specifically, FAA has (a) 
conducted an agency-wide security awareness and education briefing for 
appropriate personnel that provided detailed guidance on the tasks and 
procedures for investigating contractor employees; (b) developed 
procedures, intended to be in place by September 2000, for conducting 
semi-annual audits of contracts; (c) developed contract provisions, 
including prescriptions to implement the requirements of FAA Order 
1600.1D, Personnel 
Security Program (all existing contracts should be modified by 
September 2000); 
(d) begun conducting the position risk/sensitivity level determinations 
for applicable positions under Mission Critical Systems (MCS) 
contracts, and maintaining records on individuals working on systems 
for whom background checks have been initiated and/or completed; and, 
(e) performed security review on each critical (Y2K) system remediated 
under contract.
    Additionally, the FAA is revising its policies governing the 
release of technical data owned or acquired by the FAA. This new policy 
will be implemented in September 2000 as a modification to FAA Order 
1200.22B, ``Use of National Airspace Data and/or Interface Equipment by 
Outside Interests.'' The agency is also establishing a training module 
to be in place by May 2001, to be used in conjunction with other 
training provided to appropriate personnel on the procedures for 
implementation of requirements for investigating contractor employees. 
Further, by September 2000, FAA plans to complete an assessment of its 
resource needs to fully carry out implementation of the security 
policies and procedures.

    Question 9. What if any progress has the FAA made in advancing the 
implementation of an automated fingerprint identification system that 
would allow airport and air carrier management to conduct a 100 percent 
assessment of all applicants seeking unescorted access?
    Answer. The FAA fully supports such a system and believes that it 
is critical to the successful replacement of the current system of 
employment verifications with mandatory FBI fingerprint checks. The 
FAA, in conjunction with the Office of Personnel Management (OPM) and 
the FBI, is conducting a pilot test of electronic fingerprint 
transmission at Denver International Airport, John F. Kennedy 
International Airport, and Washington Dulles International Airport. 
Participation in the pilot is voluntary. In July 1999, the FBI's 
Criminal Justice Information Services Division implemented the 
Integrated Automated Fingerprint Identification System (IAFIS). OPM has 
developed a fingerprint processing system that allows their customers 
to take advantage of the enhancements IAFIS offers. By early July 2000, 
as part of the pilot program, the FAA expects to electronically 
transmit fingerprint results through OPM back to the pilot airports.
    By the conclusion of the pilot in October/November, FAA hopes to 
prove that a substantial number of fingerprints can be transmitted and 
processed electronically with the results returned to airports within 6 
days. Even with electronic transmission, civilian fingerprint requests 
and results still have to be channeled through OPM, as required by the 
FBI for oversight purposes.

    Question 10. The FAA requires employees seeking unescorted access 
to secure areas of airports to have background investigations. DOT IG 
investigations have found companies working at airports have submitted 
falsified employment records for individuals granted such access. Some 
of these individuals were convicted felons.

a. Does the FAA know the extent of this problem nationwide?

    Answer. We have concluded that as a result of four national audits, 
the problems that have been discovered are isolated and not systemic. 
In each instance where a problem has been discovered either by the FAA, 
the airport, or the Office of Inspector General, immediate actions were 
taken to correct the problem with follow-up to prevent recurrence. Also 
in each instance, depending on the circumstances, enforcement action or 
criminal prosecution was initiated against those individuals 
responsible for causing the violation.

b. What action has FAA taken to prevent this from occurring?

    Answer. FAA has published a rulemaking that strengthens the role of 
the airports and air carriers by requiring audits to be conducted on 
the employment history investigations.
    Simultaneously, FAA is continuing its own national audits of 
airports, air carriers screening companies, and airport users to 
determine the level of compliance with the regulatory requirements. To 
date, the results do not contradict the findings of previous audits in 
that the non-compliance is largely limited to administrative mistakes 
as opposed to intentional falsification or fraud.

c. Are the FAA's background investigation requirements effective in 
ensuring only trusted employees have unescorted access to secure 
airport areas?

    Answer. No. Such assurances cannot be made if Government must 
balance the compelling need to safeguard the air transportation system 
against criminal acts, while preserving the fundamental rights of 
individuals. On the other hand, the system in place today uses a 
reasonably fair means of checking the bona fides of persons who are 
employed in the aviation industry. This approach is not unlike the 
systems employed in the private sector: banking, securities, and by the 
states in regulating teachers, child care workers, and others who are 
employed in services in which there is a fiduciary relationship. All of 
these systems rest on the premise that a conviction of a serious crime 
may be a presumptive indication of future behavior.

d. Should all people seeking unescorted access to secure airport areas 
submit fingerprints to the FBI for a criminal record check?

    Answer. Yes, fingerprint-based criminal history checks are the only 
accurate method for determining if an applicant has a criminal record. 
With adequate safeguards against the unauthorized disclosure of such 
records, requiring 100% fingerprints would not be a quantum step from 
the point at which FAA and the aviation industry currently find 
themselves. The Federal Bureau of Investigation now has greater 
capabilities to process fingerprint checks than it did in 1996, at the 
time of the promulgation of FAA's rulemaking, and the agency and the 
industry have successfully processed thousands of fingerprints 
submitted in connection with applicants who triggered the system. But 
even if fingerprints were to be required of every aviation employee, 
this process would be virtually meaningless for the thousands of newly 
arrived immigrants who do not possess a U.S. Department of Justice 
criminal history file.

e. Should the list of crimes that disqualify an individual from having 
unescorted access to secure airport areas be expanded?

    Answer. Yes, we will actively but carefully consider expanding the 
list of crimes in any rulemaking that we undertake. The reason for 
caution is that there are complex issues of privacy and state and local 
jurisdiction that need to be carefully considered.

f. Has the FAA considered using other investigative tools, such as 
foreign criminal checks, credit checks, and drug tests for determining 
whether employees can be trusted with the safety of the traveling 
public?

    Answer. Yes. More than any other security issues, background checks 
have been and continue to be evaluated in detail.

    Question 11. In 1998, the FAA issued new rules requiring industry 
audits of compliance with employee background investigation 
requirements be incorporated into airport and air carrier security 
programs. What has the FAA done to implement this new rule? What are 
industry's concerns with implementing the rule?
    Answer. On April 28, 2000, the FAA issued amendments to the Air 
Carrier Standard Security Program and approved airport security 
programs requiring air carriers and airports to audit their compliance 
with the employee background investigation requirements. These 
amendments will go into effect on May 31, 2000. With the required 
audits, regulated parties can better assess the background 
investigations and correct specific problems.
    The amendments addressed in detail airport concerns about the 
suggested formula for random sampling and records retention. Several 
airports requested the flexibility to allow them to continue to use the 
auditing systems that they had voluntarily implemented when those 
systems met the intent of the rule. Another area of concern was the 
appropriate handling of the discovery of an instance of suspected fraud 
or an improperly conducted employee background investigation. All 
concerns were addressed in the final amendments, including acceptance 
of the existing auditing systems and clear outline of procedures to 
address fraudulent and improperly conducted background investigations.

    Question 12. The DOT Inspector General's Office has made 
recommendations to improve the training of employees given access to 
secure airport areas, to make employees accountable for compliance with 
their access control responsibilities, and to strengthen access 
controls in sterile areas of the airport. What actions has FAA taken in 
response to these recommendations?
    Answer. For more than a decade, airport access control system 
requirements such as ID card display, challenge procedures, emergency 
response to alarms, etc., have been in practice. The DOT OIG and FAA 
test results have clearly and consistently revealed inadequacies in 
compliance.
    Test results indicate that the human element associated with 
implementing and enforcing airport access control is the primary system 
weakness. Increased emphasis on system integration and continued 
emphasis on human factors such as individual accountability and 
operator training, along with continued intensive testing for 
compliance, are anticipated to improve access control effectiveness. 
The FAA and all entities at the airport must work together as a team to 
ensure security practices are followed. Therefore, the FAA is 
developing a compliance program to ensure a more effective mixture of 
individual and corporate responsibility for complying with security 
regulations, particularly those relating to access controls.
    The proposed changes to Federal Aviation Administration 
requirements under 14 CFR Part 107 and 108 will provide greater 
protection of secure areas. The development of additional technical 
specifications and modernization of access controls systems should also 
improve reliability, integrity, and adaptability.

    Question 13. The DOT IG has recommended that the FAA improve and 
better administer its security database to ensure it is efficient and 
reliable, and can be used to identify systematic problems and allocate 
resources. The FAA planned to develop a new Web-based system by the end 
of 1999, costing approximately $325,000. What progress has FAA made to 
improve its security database? Was the estimated cost estimate 
accurate?
    Answer. WebAAIRS will be ALPHA/BETA tested in August/September of 
this year. We will be able to fully field WebAAIRS before the end of 
2000. System development has required incorporation of the new FAR 
Parts 107 and 108 (the basic security rules) and testing protocols now 
being used to verify background checks and access control. The program 
has overcome resource constraints, primarily IRM contractor turnover. 
The initial estimate of $325,000 is still valid.

    Question 14. For FY 2000, Congress appropriated $100 million to 
continue the deployment of security systems and equipment. What are 
FAA's plans for spending the $100 million? What new technologies will 
be purchased and deployed this year, and how do they fit into an 
overall strategy to improve aviation security?
    Answer. During FY 2000, the FAA plans to purchase 24 explosives 
detection systems (EDS), 210 explosives trace detection devices, 420 
threat image projection (TIP) equipped screening checkpoint x-rays, 488 
computer-based screener training workstations, and 30 threat 
containment units.
    Each of these security equipment deployments supports one or more 
underlying elements of the FAA's aviation security strategy. For 
example, deployment of certified EDS equipment supports the end state 
goal of screening all passenger checked bags identified through the 
Computer-Assisted Passenger Prescreening System, by December 31, 2004. 
Deployment of TIP equipped x-rays and computer-based training 
workstations provide the necessary tools to assess screener performance 
and improve training in support of full implementation of the screening 
company certification rule that will soon go into effect.

    Question 15. The Department of Defense and the U.S. Customs Service 
are also investing heavily in new detection technologies and deploying 
them to prevent terrorist acts and to detect narcotics. Two years ago 
GAO urged greater cooperation between federal agencies and noted that 
synergies can be obtained. How closely does FAA work with these two 
federal agencies? Are there any lessons learned from the Department of 
Defense or the Customs Service that can be transferred to the FAA?
    Answer. The FAA has a close working relationship with numerous 
federal agencies through the Technical Support Working Group (TSWG), an 
interagency organization with a counterterrorism mission. We actively 
participate on TSWG subcommittees to establish quick turnaround 
projects, normally resulting in fielded hardware, to address security 
related needs of common interest.
    FAA has spent extensive time with Customs in reviewing their 
``Automated Targeting System'' to screen and clear cargo. This 
information helped guide FAA's initial establishment of an R&D effort 
with International Consultants on Targeted Security (ICTS) to automate 
cargo profiling.
    In the close established working relationship which FAA holds with 
DOD and Customs, technical information is shared, including ``lessons 
learned.'' One example is FAA's monitoring Custom's efforts to 
implement x-ray backscatter technology for screening people for hidden 
threat or contraband material.

    Question 16. As part of its research and development efforts, the 
FAA has invested in hardened baggage containers that can help an 
aircraft survive an in-flight explosion. What is the status of hardened 
containers? What is the time frame for introducing them into the U.S. 
transport fleet?
    Answer. The FAA has sponsored development of Hardened Unit Load 
Devices (HULD) of the LD-3 classification. LD-3 class containers are 
used on wide-bodied passenger aircraft. The FAA, with coordination from 
industry, developed a certification specification for LD-3 class 
HULD's, delineating design criteria for blast-resistant containers and 
airworthiness and operational requirements for containers. As of April 
2000, only two units have successfully met all criteria. The units are 
from the same vendor, with one being a variant of the other in that 
only the door location was changed.
    The FAA has purchased 21 prototype units for the purpose of 
conducting an operational assessment. The first 11 units were delivered 
in early 1999 and were characterized by a rear door. The last units 
were delivered in January 2000, and are equipped with a side door which 
is more operationally suitable for the air carriers. The rear door 
units were placed in service starting in February 1999 and data have 
been collected on damage, operability, repair, and the ability of the 
unit to contain successfully a blast at various intervals of use. The 
demonstration has resulted in several minor modifications in the 
container design. The demonstration is planned to continue through mid-
2001.
    The FAA is also sponsoring development of a container that can be 
used in narrow body aircraft such as B-737's. The FAA is analyzing the 
HULD cost and effectiveness, including an assessment of how HULD's 
complement other in-place security measures. At this point the FAA does 
not plan on requiring air carriers to use HULD's.

    Question 17. Both the DOT Inspector General's Office and the FAA 
have reported that screening equipment operators continue to fail 
tests, and are not that effective in detecting test objects.
  --Is this a systemic problem or just an isolated one?
  --What is FAA doing to address this issue?
  --What are some solutions for improvement?

    Answer. The FAA is addressing this systemic issue on various 
fronts, including:

   The FAA has proposed the certification of security screening 
        companies. The proposal is intended to improve the screening of 
        passengers, accessible property, checked baggage, and cargo and 
        to provide standards for consistent high performance and 
        increased screening company accountability.

   The FAA is developing a screener selection test to help 
        screening companies identify applicants who may have natural 
        aptitude to be effective screeners.

   Computer Based Training (CBT) equipment is being deployed. 
        They consist of platforms with a workstation designed to train 
        screeners while not directly engaged in performing screening 
        functions. The potential benefits of CBT are self-paced 
        learning, enhanced opportunities for realistic practice, 
        combined training and performance testing, and uniform 
        instruction throughout the country.

   Under the proposed rule, the FAA will require screening 
        companies to ensure that every trainee passes an FAA readiness 
        test for each type of screening to be performed.

   The FAA is purchasing and deploying new x-ray equipment 
        (TRX) with the Threat Image Projection (TIP) systems. TIP 
        systems superimpose images of potentially dangerous items on x-
        ray monitors during normal screening checkpoint operations and 
        are designed to improve screener training, maintain screener 
        proficiency and increase screener attention to duties. Most 
        importantly, it builds screeners' ``mental libraries'' of 
        indications of threats/potentially dangerous objects.

   FAA expects that TIP data will provide a basis to establish 
        performance standards.

    FAA research and development continue to address TIP performance 
issues.
                                 ______
                                 
      Response to Written Questions Submitted by Hon. John McCain 
                        to Admiral Cathal Flynn
    Question 1. Should the computer-assisted passenger pre-screening 
system (CAPPS) be adjusted so that more passengers are selected at 
random to have their checked bags scanned by explosive detection 
equipment?
    Answer. No. The FAA has worked to ensure that CAPPS applies 
appropriate criteria fairly, effectively, and practicably. The CAPPS 
criteria are based upon an analysis of past events as predictors of an 
individual's potential for involvement in certain criminal acts against 
civil aviation. The current random factor adds a degree of 
unpredictability of selection so the integrity of the system is 
protected from hostile surveillance. Further, the degree of randomness 
takes into consideration the balance between thorough application of 
established criteria, operational necessities, and the need to avoid 
any appearances of discriminatory factors.
    Specifically, in regard to operational necessities, to achieve a 
significant increase in the chances that an explosive device would be 
discovered through random selections, the number of selections would 
have to be increased almost to a point of operational impracticality. 
Further, human factors research suggests that, in such a scenario, 
operators might be less likely to treat as genuinely suspicious those 
items that cause the explosives detection system to alarm. This might 
result as operators seek to reduce processing times to expedite 
handling of the increased number of bags to be screened. While 
increasing random selections is doable in the short run, we believe it 
would be counterproductive.

    Question 2. The current list of disqualifying crimes seems 
inadequate. For instance, it does not address the issue of theft or 
criminal behavior for the purposes of individual gain. Recent events 
show that employees with access to aircraft can just as easily place 
controlled substances on aircraft as they could explosive devices when 
paid to do so.

a. What is the FAA prepared to do to rectify this problem?

    Answer. We agree the current list of disqualifying crimes can be 
expanded. In addressing problems such as those raised in your question, 
we continue close coordination with local, state and federal law 
enforcement organizations, including the U.S. Attorney offices, Federal 
Justice agencies, and airline and airport management. We also will 
collaboratively review and more fully address this issue. The FAA 
welcomes input from Congress to determine which crimes should be added.
    The FAA also will request the participation of the Aviation 
Security Advisory Committee to assist us in determining a viable 
solution to the issue presented. The Aviation Security Advisory 
Committee (ASAC) is a national committee established by the Secretary 
of Transportation and chaired by the Associate Administrator for Civil 
Aviation Security. The committee provides advice and recommendations to 
the Administrator for improving aviation security measures by examining 
all areas of civil aviation security with the aim of developing 
recommendations for the improvement of methods, equipment, and 
procedures to improve civil aviation security. As a priority during its 
June 1, 2000, meeting, we requested the ASAC to establish a working 
group to review expansion of the list of disqualifying crimes.

b. Is there a legal basis for airport management to deny access 
privileges to persons convicted of crimes other than those described in 
the regulation?

    Answer. There may be a legal basis for airport management to deny 
access privileges to persons convicted of crimes other than those 
described in the regulation. This is dependent upon the state and local 
laws and ordinances applicable to the jurisdiction in which the airport 
is located.

c. Please clarify airport management's authority to access national 
crime databases to determine if applicants have committed crimes that 
do not automatically disqualify individuals under federal requirements?

    Answer. Information contained in any Department of Justice criminal 
history record system will be made available for use in connection with 
licensing or local/state employment or for other uses only if such 
dissemination is authorized by Federal or state statues and approved by 
the Attorney General of the United States, in accordance with 28 CFR 
20.33. To our knowledge, no airports have authority other than the FAA 
rules to access DOJ criminal justice history record information for use 
in determining access to secured areas. Records obtained under this 
authority may be used solely for the purpose requested, in accordance 
with 28 CFR 50.12. Therefore, airport management may only use records 
obtained under 14 CFR Part 107 for Part 107 purposes.

    Question 3. Many persons applying for positions at airports are 
recent immigrants to the United States. Collection of employment 
records or other substantiating documents on these individuals has been 
a significant challenge for airport and air carrier management. The 
Immigration and Naturalization Service (INS) conducts interviews and 
background assessments on all persons seeking to immigrate to the U.S. 
prior to granting them resident alien status and the right to work in 
the U.S.

  --Has the FAA assessed INS background investigation procedures to 
        determine whether airports and air carriers can rely on the 
        information collected by INS to determine if these persons have 
        committed crimes that should disqualify them from unescorted 
        access privileges?

  --If the FAA has determined that the assessments are not adequate to 
        make this determination, what is FAA doing to assist airports 
        and air carriers to obtain information that the FAA deems 
        appropriate?

    Answer. In the development of a rule approximately 5 years ago, the 
FAA reviewed the INS background investigation procedures and found them 
to be inconsistently applied. At that time it was determined the INS 
background procedures could not be used for determining unescorted 
access privileges. We are aware that there have been changes in 
procedures since that time and will be contacting INS in the near 
future to assess current procedures to see if this may now be a viable 
avenue for airports and air carriers.
    The FAA has met with representatives of INTERPOL to seek their 
advice and assistance. INTERPOL representatives informed the FAA of the 
many roadblocks which make their assistance highly improbable.

    Question 4. In 1998, FAA issued new rules requiring airports to 
conduct reviews of employee background investigations to ascertain 
completeness prior to issuing airport identification for access to 
secure areas. The DOT Inspector General's Office found, however, that 
not all FAA field personnel were aware that the rule was effective, and 
three of six airports reviewed had not implemented the policy. Does the 
FAA know the extent of this non-compliance? What has FAA done to 
implement the rule? What guidance was issued to the FAA field and 
industry to ensure the requirement was implemented?
    Answer. To ensure that FAA field personnel, as well as industry, 
were aware of the additional requirements, FAA updated and 
redistributed a handbook for conducting background checks. This 
document represents a joint effort by both FAA and industry 
representatives. Despite these efforts to promote widespread 
understanding of the rule, evidence has been discovered that some 
airport operators have failed to implement the additional requirements 
fully. Namely, the FAA has learned that three (of more than 400 airport 
operators) had not yet fully implemented the preliminary review process 
to be followed upon receipt of an application for unescorted access. 
FAA field offices followed up with the three airport operators and 
familiarized them with these requirements.
    FAA is assessing compliance with these requirements in two ways. 
First, during periodic assessments of airport identification systems 
and background check procedures, FAA inspectors sample files maintained 
by the airport operator. Under a proposed airport security program 
amendment to become final this month, airports will be required to 
conduct self-audits of the access investigations conducted in each 
prior year. They will be required to summarize their findings and 
corrective actions for the review of FAA Security. In addition to the 
periodic audits, and in expanding this process, FAA Security is 
conducting an ongoing special emphasis assessment that focuses on 
screeners, airport tenants, and others who require unescorted access to 
the secured areas of airports. These components provide FAA Security 
with a comprehensive picture of compliance with this security 
requirement.

    Question 5. One of the main components of airport access control 
systems is to deny immediate access to employees when their 
authorization changes, such as when an employee is terminated. DOT 
investigators found that airports were failing to ensure this 
requirement was being met. Does FAA know the extent of this problem? 
What controls are in place to ensure access to secure areas is 
immediately denied when required?
    Answer. Yes. FAA assesses access control systems on a continuing 
basis. The fundamental requirements of FAA's access rule provide that a 
system, method, or procedure employed by an airport to control access 
to its secured areas should be capable of denying access to an 
unauthorized person. This may take the form of an automated control 
that interrogates an access medium or it may be the function of a 
security guard to prevent passage into the secured area by one whose 
access authority has changed.
    The FAA requires that airport security programs contain measures 
that ensure ID equipment, card stock, unused and recovered cards, and 
records associated with the identification system are secured. A record 
of the serial numbers which indicate to whom the access medium is 
issued, that individual's employer, issue date, expiration date, and 
access authorization is controlled by the airport operator and is 
available for inspection by the FAA. Lost or stolen ID badges must be 
reported immediately to the airport operator and are only replaced 
after the person making the report files a police report explaining the 
circumstances of the loss or theft.
    The airport security program also requires that annually the 
airport operators conduct an audit of lost/stolen badges. When 5 
percent of the total number of ID badges issued in the current series 
of media are unaccountable (lost, stolen or unrecoverable), the airport 
operator must reissue new identification media to all authorized 
individuals, or revalidate the current identification media. New or 
revalidated ID media must be visually distinct from the media being 
replaced. Non-expired ID media of any type or style currently being 
issued that have not been accounted for in the audit must be considered 
a part of the unaccountable ID media percentage, and part of the total 
number of ID media issued. Expired media are not considered 
unaccountable or part of the total number issued.
    The FAA has a vigorous program of inspecting, monitoring, and 
testing to ensure the system identified in the airport security program 
is in place and functioning as described. The FAA and the airport 
operator track system performance and take immediate corrective action 
to ensure system integrity.
    The human factor also plays a significant role in the success or 
failure of the system in preventing unauthorized access. The Office of 
Inspector General (OIG) noted this observation in their audit report. 
FAA keeps detailed records on the performance of airports in terms of 
tests and assessments.
    Follow-up audits conducted after publication of the OIG report, as 
well as preliminary reports from audits underway indicate that the 
problems uncovered appear to be isolated and not systemic. 
Nevertheless, in each instance where the FAA, airport operator or OIG 
discovered problems, immediate actions were taken to correct the 
problem with additional measures to prevent recurrence. Also in each 
instance, depending on the circumstances, enforcement action or 
criminal prosecution was initiated against those responsible for 
causing the violation.

    Question 6. The FAA reports access control tests and industry 
compliance with access control requirements in terms of aircraft 
boardings. Why? Are there other ways to inflict harm to the flying 
public without boarding an aircraft?
    Answer. We report access control tests and industry compliance with 
access control requirements in terms of aircraft boardings to Congress 
because the passenger aircraft is at the core of the multi-layered 
system designed to protect against intruders. Our testing efforts, 
however, are not focused just on the aircraft and our data are not just 
reported in terms of aircraft boardings. We have established interim 
performance criteria (which are protected Sensitive Security 
Information that can be provided separately to the Committee) in two 
parts--aircraft boardings and unauthorized ramp access. We include the 
latter because bags and cargo that go into aircraft are stored on the 
ramp before loading. Test frequencies and enforcement are adjusted 
depending on performance at each airport against both criteria.

    Question 7. The FAA has recently certified several new explosives 
detection systems for screening checked baggage. What are the plans for 
acquiring and deploying these new systems? Can we expect some 
competitive pricing among the manufacturers, and reduced costs for 
installing, operating and maintaining the equipment? Does each 
certified system provide its own unique attributes to fill an 
identified need, or are all of the systems more or less 
interchangeable, just manufactured by different companies?
    Answer. FAA intends to purchase a limited number of production 
units of each of the three new explosives detection systems that have 
been certified in the laboratory by the agency in recent months. FAA 
has purchased four L-3 Communications eXaminer 3DX-6000's, four 
InVision CTX-9000's and two InVision CTX-2500's. These initial 
production units are used to conduct first article tests. We plan to 
place a limited number of machines at airports for operational testing.
    Before significant numbers of newly certified explosives detection 
systems are deployed to airports, FAA must further test the equipment 
to assure the suitability, maintainability, reliability, and 
effectiveness of the equipment in an airport operating environment. 
Additionally, vendors must demonstrate they have met all critical 
infrastructure requirements necessary for widespread operational 
deployment of production equipment. For example, vendors must document 
and/or demonstrate their verified screener training and testing 
programs, validated simulants and test articles for calibration and 
airport operational testing, acceptable factory/site acceptance test 
and operator qualification test procedures, and an established quality 
assurance program for equipment production which meets FAA standards.
    With the recent certification of equipment manufactured by a second 
vendor, FAA may, over time, gain some benefits of competitive pricing. 
There is some overlap in performance characteristics and list prices of 
the eXaminer 3DX-6000 and the CTX-9000; less overlap in comparison of 
the eXaminer 3DX-6000 with the CTX-5500 and 2500 series machines.

    Question 8. To what extent are we cooperating with foreign 
governments and agencies in seeking a solution to our aviation security 
problems? Have we made a worldwide survey of promising breakthroughs 
elsewhere?
    Answer. The FAA security organization interacts with its foreign 
counterparts on many levels and does so primarily through the 
International Liaison Staff and through program responsibilities held 
by the Office of Civil Aviation Security Policy and Planning and the 
Office of Civil Aviation Security Operations.
    The FAA security organization works very closely with international 
organizations, such as the International Civil Aviation Organization; 
regional security bodies, such as the European Civil Aviation 
Conference (ECAC); and sub-regional aviation security organizations, 
such as the North American Aviation Trilateral. Our involvement with 
these and other organizations provides a means by which FAA can monitor 
and encourage the development of new technologies and approaches to 
aviation security problems.
    Of the regional entities, Europe is the most progressive. It is 
with this region that FAA is most active. Through ECAC, and the 37 
individual States which comprise its membership, FAA cooperates with 
Europe on issues related to the development and continued improvement 
of security standards and equipment. FAA has permanent observer status 
with the ECAC Security Working Group and holds two observer positions 
on its technical and operational task forces. ECAC takes FAA's views 
into consideration as it undertakes new and more assertive approaches 
to hold baggage security, harmonization of standards, and improved 
compliance within the European region. For instance, FAA's explosive 
detection systems criteria were adopted in part by ECAC recently and 
FAA methods are included in elements of a newly developed airport 
auditing program for the region.
    In addition to our extensive relationship with ECAC and our 
involvement with other regional organizations, FAA has established 
sixteen Civil Aviation Security Liaison Officer positions at U.S. 
embassy locations throughout the world. These security specialists 
monitor and coordinate civil aviation security efforts and programs 
that impact U.S. and international aviation security measures. This 
program provides FAA a unique conduit through which information is 
exchanged and developments in security technology or methods are 
monitored.
    Another way FAA cooperates with foreign governments is through 
Memoranda of Cooperation and Memoranda of Understanding. These 
agreements, which encompass technical exchanges, training, and other 
areas of mutual interest, have led to collaboration in joint testing 
and evaluation of security screening equipment and hardened luggage 
containers, among other things.
    Lastly, FAA is charged with the responsibility of evaluating 
security at all international airports from which U.S. and foreign 
airlines provide service to the United States. FAA security specialists 
currently visit 242 airports in 102 countries on a periodic basis to 
ensure these airports are meeting international security standards. In 
meeting routinely with aviation security personnel from these and other 
locations, matters of mutual interest and concern are discussed and 
technical information is exchanged.

    Question 9. I understand that airline pilots and others have been 
pushing for the development of a Universal Access System, which would, 
among other things, allow a single form of identification to be used at 
most if not all airports. What is the status of the Universal Access 
System? What are the potential risks and benefits of such a system?
    Answer. The Universal Access System (UAS) was developed, in part, 
through the joint Government-industry efforts of the UAS Working Group 
of the Aviation Security Advisory Committee (ASAC). The ASAC is 
chartered under the provisions of the Federal Advisory Committees Act. 
The result of the working group's efforts was published as ``The 
Universal Access System Program, Program Summary and Operational Test 
Report'' on October 21, 1997.
    Working with previously appropriated federal funds, the UAS Working 
Group and others established a test program using an airline central 
database and two participating airports. Following a successful test, 
the UAS Working Group completed an implementation plan and a few 
airports have linked to the central database. However, opposition to 
the wide implementation of UAS was expressed in the UAS Working Group. 
The ASAC subsequently voted to retire the UAS Working group at its 
meeting on May 13, 1999.
    Under Section 102(b) of Public Law 106-181, FAA was authorized to 
spend up to $8 million in fiscal year 2001 for the purchase and 
installation of UAS if requested by airport and air carrier officials. 
Although spending for UAS was authorized, Congress did not appropriate 
any additional funding, and FAA did not include funding for UAS in its 
budget request because of the lack of a significant level of industry 
support.
    The FAA remains willing to assist air carrier and airport operators 
that may request funding for the voluntary installation of UAS. FAA has 
met with industry representatives regarding initiatives in place to 
expand UAS to major hub airports. These proposals appear promising, and 
FAA will work with industry to accomplish the shared objective of an 
effective and efficient security system.
    The UAS offers several benefits, including a standardized format 
for the identification/access card to be worn by participants in those 
areas of the airports controlled for security purposes. A common data 
base permits timely and universally effective additions, making it 
possible to immediately permit or deny an individual's access to 
security areas of airports when using the UAS card as an access medium.
    The UAS concept bears several risks and complications. There is a 
need to designate a responsible party or parties to maintain the common 
database. The potential for errors and oversights in the system would 
be significant. Further, if the universally recognized ID cards are not 
retrieved immediately from persons whose privileges have been revoked, 
those cards could be used by those persons to move, unchallenged, once 
they have otherwise gained access to the controlled areas of any 
participating airport.

    Question 10. It is my understanding that some airlines are offering 
rewards or bounties to any employee who catches an FAA inspector trying 
to find security vulnerabilities and lapses at airports. Is that an 
appropriate incentive? If so, shouldn't employees be rewarded for 
catching any person trying to gain unauthorized access to secure areas 
of an airport, rather than focusing on FAA employees? Doesn't such an 
incentive scheme lead to confrontational attitudes among groups and 
individuals that supposedly share the same goals of improved security?
    Answer. Yes, some air carriers and airport authorities have 
implemented incentive programs to increase vigilance on the security-
controlled areas of airports and especially around parked passenger-
carrying aircraft. These programs are not designed to target FAA 
employees but are in place to provide an additional incentive that 
encourages airport/airline employees to remain on the alert and 
challenge individuals in and around their immediate area of control.
    Employees are asked to challenge any person who appears to be 
unauthorized within these secure areas and to report their presence to 
airport, air carrier, or law enforcement authorities. The programs 
offer cash awards of up to $50 in some instances and, in others special 
recognition and benefits to employees whenever they successfully detect 
and report any intruder.
    The FAA regularly conducts access inspections and tests of the ID 
Display and challenging requirements at airports as part of its overall 
mission. In response to FAA testing, industry encourages their 
employees to be particularly alert and to detect individuals who are 
not displaying airport authorized ID media. In the vast majority of 
cases, this aggressive challenging is not directed specifically at FAA. 
It is directed at any intruder who is not in compliance with the ID 
Display requirements of the Federal Aviation Regulations, Airport 
Security Program or the Air Carrier Standard Security program. It can 
also be attributed to the increased emphasis FAA has placed on this 
area of aviation security responsibility.
    The FAA and industry share the common goal of improving security at 
our nation's airports and approach all security responsibilities as 
partners in an effort to ensure a safe and secure environment for the 
traveling public. Because of FAA's role as the regulator/tester, 
employees naturally become the target of the ID display/challenging 
incentive programs. And, the industry has a vested interest in 
demonstrating compliance with the agencies regulatory requirement. 
There have been isolated instances when employees have become 
confrontational during security tests. When this has occurred, FAA and 
industry work quickly to resolve any issues immediately without further 
escalation.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Slade Gorton 
                          to Alexis M. Stefani

    Question. In the aftermath of the recent security incident 
involving FAA Inspector Gore at Dulles Airport, the inspectors' union 
claims that inspectors at airports across the country are routinely 
denied access to secured areas that they have the credentials to 
examine. Moreover, the inspectors routinely accept the fact that 
airport or airline officials are denying them access to areas that they 
are allowed to inspect. Are you aware of this issue?
    Answer. Yes, we are currently reviewing the claim by the 
inspector's union that aviation safety inspectors are often prevented 
from performing their safety inspection duties by airport and air 
carrier employees. Under FAA policies, FAA inspectors displaying FAA 
Identification 8000.39 are to be given free and uninterrupted entry to 
secure airport areas to conduct safety inspections. The inspectors are 
not required to have identification issued by individual airports. We 
are looking into whether the incident at Dulles is isolated or a common 
occurrence within the aviation community. We are also trying to 
determine whether Mr. Gore followed FAA policy and properly displayed, 
or promptly presented, his FAA identification during his attempted 
inspection at Dulles.

    Question. Has the FAA's testing of compliance with access control 
requirements been adequate?
    Answer. Yes, FAA has made significant improvement in its testing of 
compliance with access control requirements and FAA has indicated that 
it will ``continue [intensive testing] at some frequency 
indefinitely.'' However, as we testified in April, testing alone will 
not be enough to motivate the aviation industry and its employees to 
accept and consistently meet their responsibilities for airport 
security. FAA must require airport operators and air carriers to 
develop and implement comprehensive training programs that teach 
employees what their role in airport security is, the importance of 
their participation, how their performance will be evaluated, and what 
action will be taken if they fail to perform. Until these actions are 
taken, compliance with access control requirements will remain at an 
unacceptable level.

    Question. The FAA disputes the assertion that explosives detection 
equipment is being underutilized. How do you respond to the contention 
that the utilization rates merely reflect natural fluctuations in 
traffic?
    Answer. FAA and the air carriers focus on the ``peak of the peak,'' 
the five minute period in any one day when check-ins, and therefore 
selectees, are at their highest level. They then extrapolate that five 
minute peak at the CTX machine into a hypothetical peak hour by 
multiplying the number of bags in the five minute peak by 12. It is 
this number that FAA and the air carriers say limits their ability to 
increase CTX usage. However, actual usage data from the CTX's show that 
the actual peak hour in any one day is almost always less, often 
significantly so, than the hypothetical peak hour.
    We compared the average number of bags screened daily by each CTX 
in 1998 and 1999, as reported quarterly by FAA, and found that the 
majority of deployed and operational CTX machines still do not screen 
as many bags in a full day of operation as the machine is certified to 
screen in an hour. More than 50 percent of the deployed machines screen 
less than 225 bags per day, on average, compared to a certified rate of 
225 bags per hour, and more than 30 percent of them screen fewer than 
125 bags per day. We still believe that this is not an effective way to 
use a million dollar machine that does what it was designed to do--
detect explosives.
                                 ______
                                 
      Response to Written Questions Submitted by Hon. John McCain 
                          to Alexis M. Stefani

    Question. Should the computer-assisted passenger prescreening 
system (CAPPS) be adjusted so that more passengers are selected at 
random to have their checked bags scanned by explosives detection 
equipment?
    Answer. Yes. Before full implementation of CAPPS, FAA expected a 
greater number of selectees than are currently being identified, and 
CTX machines have the demonstrated capability to screen more bags now 
than the air carriers are screening. Increasing the randomness factor 
in CAPPS is one way to increase the utilization of these expensive 
machines.
    FAA does not expect to begin the phase-in of 100% checked baggage 
screening until 2009, provided the technology is available to support 
screening at the required throughput levels without sacrificing 
detection capability, and at a reasonable cost. FAA regards the 
technical risk to be high, because although a research and development 
program designed to provide the systems required for 100% checked 
baggage screening is underway, it may not be successful. Nevertheless, 
the majority of the machines are being underused today, and the gap 
between CAPPS-only now, and 100% checked baggage screening beginning in 
2009, could begin to be filled by 
increasing the random selection factor to keep existing machines 
working up to 
capacity.

    Question. The FAA recently published a Notice of Proposed 
Rulemaking on Certification of Screening Companies. Do you think the 
process described in that proposed rule will improve screeners' 
performance?
    Answer. Yes, we think that the certification process will go a long 
way toward improving screeners' performance if properly implemented. 
The certification process will require screening companies to meet 
minimum standards, which should result in improved performance on the 
part of screeners to detect threat objects. FAA will rely on TIP to 
enhance and measure the performance of individual screeners, and to 
certify screening companies. TIP, a computer software program, projects 
fictitious images onto bags, or an entire fictitious bag containing a 
threat onto the screener's monitor. TIP is intended to keep equipment 
operators alert, provide real world conditions, and measure individual 
screeners' performance in identifying threat items.

                                
