b"<html>\n<title> - HAS THE TSA BREACH JEOPARDIZED NATIONAL SECURITY? AN EXAMINATION OF WHAT HAPPENED AND WHY</title>\n<body><pre>[House Hearing, 111 Congress]\n[From the U.S. Government Publishing Office]\n\n\n \n  HAS THE TSA BREACH JEOPARDIZED NATIONAL SECURITY? AN EXAMINATION OF \n                         WHAT HAPPENED AND WHY \n\n=======================================================================\n\n                                HEARING\n\n                               before the\n\n                SUBCOMMITTEE ON TRANSPORTATION SECURITY\n                     AND INFRASTRUCTURE PROTECTION\n\n                                 of the\n\n                     COMMITTEE ON HOMELAND SECURITY\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED ELEVENTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                           DECEMBER 16, 2009\n\n                               __________\n\n                           Serial No. 111-49\n\n                               __________\n\n       Printed for the use of the Committee on Homeland Security\n                                     \n\n              [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n                                     \n\n  Available via the World Wide Web: http://www.gpoaccess.gov/congress/\n                               index.html\n\n                               __________\n\n                       U.S. GOVERNMENT PRINTING OFFICE \n\n56-188 PDF                       WASHINGTON : 2010 \n\nFor sale by the Superintendent of Documents, U.S. Government Printing \nOffice Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; \nDC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, \nWashington, DC 20402-0001 \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n                     COMMITTEE ON HOMELAND SECURITY\n\n               Bennie G. Thompson, Mississippi, Chairman\nLoretta Sanchez, California          Peter T. King, New York\nJane Harman, California              Lamar Smith, Texas\nPeter A. DeFazio, Oregon             Mark E. Souder, Indiana\nEleanor Holmes Norton, District of   Daniel E. Lungren, California\n    Columbia                         Mike Rogers, Alabama\nZoe Lofgren, California              Michael T. McCaul, Texas\nSheila Jackson Lee, Texas            Charles W. Dent, Pennsylvania\nHenry Cuellar, Texas                 Gus M. Bilirakis, Florida\nChristopher P. Carney, Pennsylvania  Paul C. Broun, Georgia\nYvette D. Clarke, New York           Candice S. Miller, Michigan\nLaura Richardson, California         Pete Olson, Texas\nAnn Kirkpatrick, Arizona             Anh ``Joseph'' Cao, Louisiana\nBen Ray Lujan, New Mexico            Steve Austria, Ohio\nWilliam L. Owens, New York\nBill Pascrell, Jr., New Jersey\nEmanuel Cleaver, Missouri\nAl Green, Texas\nJames A. Himes, Connecticut\nMary Jo Kilroy, Ohio\nEric J.J. Massa, New York\nDina Titus, Nevada\n                    I. Lanier Avant, Staff Director\n                     Rosaline Cohen, Chief Counsel\n                     Michael Twinchek, Chief Clerk\n                Robert O'Connor, Minority Staff Director\n                                 ------                                \n\n SUBCOMMITTEE ON TRANSPORTATION SECURITY AND INFRASTRUCTURE PROTECTION\n\n                 Sheila Jackson Lee, Texas, Chairwoman\nPeter A. DeFazio, Oregon             Charles W. Dent, Pennsylvania\nEleanor Holmes Norton, District of   Daniel E. Lungren, California\n    Columbia                         Pete Olson, Texas\nAnn Kirkpatrick, Arizona             Candice S. Miller, Michigan\nBen Ray Lujan, New Mexico            Steve Austria, Ohio\nEmanuel Cleaver, Missouri            Peter T. King, New York (Ex \nJames A. Himes, Connecticut              Officio)\nEric J.J. Massa, New York\nDina Titus, Nevada\nBennie G. Thompson, Mississippi (Ex \n    Officio)\n                     Michael Beland, Staff Director\n                   Natalie Nixon, Deputy Chief Clerk\n              Joseph Vealencis, Minority Subcommittee Lead\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\n\n                               Statements\n\nThe Honorable Sheila Jackson Lee, a Representative in Congress \n  From the State of Texas, and Chairwoman, Subcommittee on \n  Transportation Security and Infrastructure Protection..........     1\nThe Honorable Charles W. Dent, a Representative in Congress From \n  the State of Pennsylvania, and Ranking Member, Subcommittee on \n  Transportation Security and Infrastructure Protection..........     5\nThe Honorable Bennie G. Thompson, a Representative in Congress \n  From the State of Mississippi, and Chairman, Committee on \n  Homeland Security..............................................     8\n\n                               Witnesses\n\nMs. Gale Rossides, Acting Administrator, Transportation Security \n  Administration, Department of Homeland Security:\n  Oral Statement.................................................     9\n  Prepared Statement.............................................    11\n\n                             For the Record\n\nThe Honorable Charles W. Dent, a Representative in Congress From \n  the State of Pennsylvania, and Ranking Member, Subcommittee on \n  Transportation Security and Infrastructure Protection:\n  Statement of the Federal Law Enforcement Officers Association..     5\n  Letter From Honorable Charles W. Dent and Honorable Gus M. \n    Bilirakis, December 11, 2009.................................     7\n\n\n  HAS THE TSA BREACH JEOPARDIZED NATIONAL SECURITY? AN EXAMINATION OF \n                         WHAT HAPPENED AND WHY\n\n                              ----------                              \n\n\n                      Wednesday, December 16, 2009\n\n             U.S. House of Representatives,\n                    Committee on Homeland Security,\nSubcommittee on Transportation Security and Infrastructure \n                                                Protection,\n                                                    Washington, DC.\n    The subcommittee met, pursuant to call, at 2:16 p.m., in \nRoom 311, Cannon House Office Building, Hon. Sheila Jackson Lee \n[Chairwoman of the subcommittee] presiding.\n    Present: Representatives Jackson Lee, Thompson, Cleaver, \nHimes, Dent, Lungren, and Austria.\n    Also present: Representative Bilirakis.\n    Ms. Jackson Lee [Presiding]. The subcommittee will come to \norder.\n    Let me acknowledge the presence of the Chairman of the full \ncommittee, Mr. Thompson of Mississippi, and Ranking Member, Mr. \nDent of Pennsylvania.\n    Let me welcome those who are here and take a moment of \npersonal privilege to acknowledge the family of Mr. Ed Kelly, \nwho, in this business, is considered family.\n    Many of us gathered after 9/11 in our respective positions. \nMembers of this committee gathered as Members of the Select \nCommittee on Homeland Security. Many of us were there from the \nstart. Mr. Kelly, comfortably retired, having served as part of \nthe excellence of corporate America, decided to render that, if \nyou will, for another day and accepted the call to become part \nof the fighting men and women who serve in the Department of \nHomeland Security. We owe him an enormous debt of gratitude for \nhis service.\n    I was privileged to join my colleagues, Mr. Chairman, Mr. \nDent, the full committee Ranking Member, Mr. King, to send a \nletter of sympathy and was additionally privileged to rise to \nthe floor of the House to be able to give him the tribute that \nhe deserves as an American hero.\n    I would like to have, if I am indulged with unanimous \nconsent, to have his family stand at this time so that they \nmight be acknowledged by all of us.\n    [Applause.]\n    I believe that is Mrs. Kelly, Ed Kelly's sister, and niece \nwho are present with us today. Thank you all so very much for \nyour presence here.\n    The subcommittee is meeting today to receive testimony on \nTSA's inadvertent disclosure of security information related to \nairports. Our witness will help us to assess what transpired \nand lay the groundwork for ensuring that this never happens \nagain.\n    Remember, the title of this hearing is, ``Has the TSA \nBreach Jeopardized National Security? An Examination of What \nHappened and Why.''\n    That is our task, and that is our duty, to protect the \nhomeland. The way to do that is to determine what and why and \nto say, ``Never again.''\n    I now recognize myself for an opening statement. Before I \ndo that, we will have aired a film that has been presented \npreviously on network television.\n    [Begin video clip.]\n    Mr. Orr. The breach reveals some of the Government's most \nsensitive aviation security secrets. The 93-page manual \nprepared for Federal airport screeners shows samples of law \nenforcement and official credentials--Federal air marshals, CIA \nofficers, and Members of Congress--IDs which criminals or \nterrorists could copy.\n    The document also reveals travelers from a dozen \ncountries--including Cuba, North Korea, Somalia, and Yemen--are \nalways subjected to extra screening.\n    The Transportation Security Administration says the \nsecurity playbook, prepared in May of 2008, is out of date and \nthe sensitive methods have been updated six times, adding in a \nstatement, ``TSA is confident screening procedures currently in \nplace remain strong.''\n    Still, the TSA never meant for this information to be \npublic. Each page of the report carries this notice, ``Warning: \nThis record contains Sensitive Security Information. No part \nmay be disclosed without a need to know.''\n    The TSA says the whole report was improperly posted by the \nagency on a Government jobs site, with redactions.\n    But Wired Magazine editor John Abell says savvy bloggers \neasily restored the blacked-out test.\n    Mr. Abell. Clearly, this was a rookie mistake, so let's \njust call this a very early Christmas present to the kinds of \npeople that traffic in this kind of secret information.\n    Some of the compromised information is just routine common \nsense: ``An on-duty airport-assigned law enforcement officer \nmay be cleared without undergoing screening.''\n    But other guidance may be less intuitive. For example, \nsearches for explosive residue are not required for \nwheelchairs, prosthetic devices, and orthopedic shoes.\n    The TSA is investigating and says it takes the failure \nseriously. But critics say, with aviation a known terrorist \ntarget, it is a little late to get serious.\n    Mr. Orr. Bob Orr, CBS News, Washington.\n    [End video clip.]\n    Ms. Jackson Lee. The only early Christmas present that \nterrorists will get will be the resolve of the men and women of \nthe Department of Homeland Security, the President of the \nUnited States, and the men and women of the United States \nCongress. That is why we are here today, to ensure that going \nforward in this holiday season we have the opportunity to cure \nquickly the unfortunate and vast mistake that has been made.\n    So I hope, as we proceed in this hearing, we will hear that \nsteps are being taken to ensure the safe travel of the families \nwho will be visiting their families during what I hope will be \na very happy holiday season.\n    We are here today, as well, to discuss last week's \nrevelation that a TSA manual containing Sensitive Security \nInformation was posted by TSA on the internet without proper \ntechnical safeguards. As a result, sensitive information about \nour airports and screening policies was made available for the \nworld to see.\n    My colleagues and I were alarmed by this development, as it \nsent shockwaves across Capitol Hill. This subcommittee takes \nits oversight of TSA very seriously; after all, TSA was \nconstructed to help protect the American people from the very \ntype of events that transpired on September 11, 2001.\n    When events, such as last week's, are made public, it \nbecomes all too clear that more must be done and that TSA must \nkeep its eye on the ball. We must also be assured that \ncontractors of varying types are, again, vetted, trained, \nquestioned, queried, and if necessary, be part of the \ninquisition, because the security of America is paramount.\n    Today, we will be evaluating how this happened, the \nsecurity ramifications of this misstep, and how we are going to \navoid similar lapses in the future, and as well, to ensure that \nthose missteps, if they can be characterized as such, do not, \nin fact, jeopardize the National security of the American \npeople.\n    Before we go further, let me be clear that, although this \nwas a serious breach in the management of sensitive \ninformation, I have been assured by TSA that additional \npersonnel and procedures have been put in place at airports \nacross the country to ensure the safety of the traveling \npublic.\n    In essence, terrorists, watch out. Any terrorist group or \nindividual wishing to exploit this situation should be aware \nand beware that the United States will continue to use all \navailable resources to protect the flying public. During this \nbusy holiday season, the American people should know that it is \nsafe to fly, along with the courtesies that we expect to be \noffered by the Transportation Security Administration officers, \nwe do expect for them to do their duty.\n    Last week, Chairman Thompson and I sent a letter to TSA \nurging a third-party review of this incident. I am happy to \nlearn that Secretary Napolitano responded and requested that \nthe inspector general investigate, take over completely, and \nprovide recommendations regarding this incident. I look forward \nto a quick and immediate response.\n    In addition, I commend TSA for taking steps in response to \nthis incident. For example, I have been informed by TSA that \nfive people have been placed on administrative leave. This \nsubcommittee, however, also needs assurance that TSA is \nreviewing its processes for handling and posting of Sensitive \nSecurity Information and making a full inventory search of all \nof its staff around these issues and ensuring that this is not \npermeated beyond the five that were engaged in this unfortunate \nset of circumstances.\n    Questions we have include: Who is in TSA's management--who \nin TSA's management is ultimately responsible for this process? \nIs there a manual for training employees on how to post such \ninformation? What is the role of contract employees in the \nhandling and disseminating of sensitive security? What new \nsteps are being put in place to vet those individuals on their \ntraining, their instincts, their knowledge, and as well, their \nability to adhere to rules and safety precautions? Is there \nsufficient training for contract employees?\n    I would also like to know how broadly contract employees \nare solicited, and how far is the reach, and are we using small \nand minority-owned businesses? Are we using the same ones over \nand over again, therefore, committing the same mistakes over \nand over again?\n    One of the lessons made clear by this incident is that TSA \nneeds permanent, effective leadership. Our witness today, \nActing Administrator Rossides, has led TSA during a very active \nyear, and we thank her for her service. But the person \nnominated by the President to lead TSA, Mr. Erroll Southers, \nhas had his confirmation held up in the Senate.\n    Let me be very clear: We understand the duties and the \nconstitutional privileges of the Senate, advise and consent. \nBut what they are engaging in, in a partisan, one-sided \napproach is jeopardizing the security of the American people. \nWe need action on his nomination immediately, and I hope all \nstakeholders will also call for his swift confirmation. Our \nhomeland security efforts can no longer afford delay.\n    On a personal note, I have already mentioned the passing of \na TSA family member. But, again, as I close, let me acknowledge \nthat Ed Kelly managed TSA's cargo screening program and \ntestified before this subcommittee just this past March. Ed was \nan incredibly dedicated individual and a consummate \nprofessional who left retirement, as I said, after September 11 \nattacks in order to work on behalf of our Nation's homeland \nsecurity efforts.\n    Many in the industry said that he reformed the industry. He \nmade leaps and bounds of change and outstanding contributions \nto the security of America.\n    Again, on behalf of the subcommittee Members and staff, my \ncondolences are expressed to his family and to his colleagues \nat TSA.\n    Finally, I would like to point out that this subcommittee \nunderstands the enormity and importance of TSA's mission and \nthe dedication of its employees, but after last week's \nannouncement about the disclosure--and, unfortunately, other \nincidences--I think we can all agree that TSA can do better, \nand that is why we are here today. After a complete analysis of \nthis incident, we will determine how to make the agency and its \nemployees perform better and give the American people more \nconfidence in the TSA.\n    I am considering legislation that will help provide a \nfirewall over the issuance and distribution of data like this, \nalong with additional oversight on contractors and the \nutilization of them.\n    Without objection, the Chairwoman is authorized to deem the \nsubcommittee resolved into Executive Session to receive \nadditional testimony, if necessary.\n    Hearing no objection, it is so ordered.\n    The Chairwoman now recognizes the Ranking Member, the \ngentleman from Pennsylvania, Mr. Dent, who, by the way, joined \nthis in his sympathies for Mr. Kelly, but I also note that Mr. \nKelly has come from his region, if not his particular district.\n    Mr. Dent, you are now recognized for your opening \nstatement.\n    Mr. Dent. Thank you, Madam Chairwoman.\n    I, too, want to add my condolences and sympathies to the \nKelly family. Ed was a wonderful public servant, served the \nDepartment of Homeland Security so well and this Nation so \nwell, and our sympathies--I know I am speaking not only on my \nbehalf, but on behalf of the entire community in expressing our \ncondolences to his wife, Ann, his sister, Rosemary, and I \nbelieve his niece, Elizabeth, is here, as well, so, again, from \nall of us, our heartfelt condolences.\n    Again, thanks, Madam Chairwoman. For one thing, too, I note \nthe family has a strong connection to northeastern \nPennsylvania, Lake Ariel, and a very special place for the \nfamily and for many of us who know Pennsylvania well.\n    Again, Madam Chairwoman, I just want to thank you for \nholding this important hearing today. I agree that the TSA's \ndisclosure of this Sensitive Security Information is, indeed, \nunfortunate, and I would add that, based on my review of the \nsituation, TSA's mistake has undoubtedly weakened our aviation \nsecurity.\n    While we have many layers in our aviation security \nprocesses, some of those layers have been exposed after having \nthe aviation security screening management's standard operating \nprocedures posted on a public website for the past 9 months. I \nagree with comments made last week from the Federal Law \nEnforcement Officers Association, which stated, ``Air marshals \nand TSOs proudly shoulder considerable risk by virtue of their \njobs. Their agency should not compound this risk with flawed \ninternal controls and dismissive excuses.''\n    I ask unanimous consent to include their statement in the \nrecord. Madam Chair, I would like to ask unanimous consent to \ninclude their statement in the record.\n    Ms. Jackson Lee. Without objection, so ordered.\n    [The information follows:]\n     Statement of the Federal Law Enforcement Officers Association\n                            December 9, 2009\n    Today, J. Adler, National President for the Federal Law Enforcement \nOfficers Association (FLEOA) announced that he is asking House Homeland \nSecurity Chairman Bennie Thompson to hold a private hearing on TSA HQ'S \nsecurity breech. According to Adler, ``Both TSA's posting of sensitive \nsecurity information and their unwillingness to grasp the seriousness \nof this are unacceptable. A discreet hearing should be held so Congress \ncan determine why TSA posted this information, and why TSA attempted to \nminimize the importance of the information as ``outdated.'' The so-\ncalled ``outdated'' information should not be recklessly discounted \nlike a college textbook that is last year's edition.\n    Unfortunately, in response to this serious unwarranted disclosure, \nTSA HQ has offered more ``layers'' of excuses than assurances of \nprotection. Contrary to their efforts to deflect their responsibility \nfor making a serious security breach, they do not have sound security \nprocedures in play. What they have is a dedicated workforce that is \ntasked with overcompensating for a flawed system. Air Marshals and \nTSO'S proudly shoulder considerable risk by virtue of their jobs; their \nagency shouldn't compound this risk with flawed internal controls and \ndismissive excuses. Furthermore, the careless posting of information \npertaining to law enforcement officers flying armed only serves to \ncompromise their safety.\n    FLEOA takes great exception to the remarks attributed to former TSA \nAdministrator Edmund ``Kip'' Hawley. His suggestion that no one should \n``hyperventilate'' over the breach is offensive and epitomizes the \nhypocrisy of his tenure at TSA. To wit, he unfortunately did not \nhyperventilate when an external hard drive containing employee \npersonnel data disappeared. Instead, he condoned management's pursuit \nand termination of dedicated Air Marshals who disclosed serious officer \nsafety issues to the news media. One can only conclude that TSA HQ has \ntheir own set of rules that exempts them from accepting responsibility \nfor serious security disclosures.\n    FLEOA expects Chairman Thompson and Ranking Member King will \nembrace the seriousness of the disclosure, as well TSA'S propensity for \nmanaging by double-standard. TSA HQ should be held accountable for this \nbreach, and a discreet, closed-door hearing would be the appropriate \nforum to properly address this serious matter. FLEOA is confident that \nthe committee will be able to persuade TSA HQ to conduct a \ncomprehensive review of this situation, and provide them with a \nmeaningful damage-control assessment.\n\n    Mr. Dent. As terrible as this--as the very public nature on \nwhich TSA's mistake was disclosed, I am pleased that we know \nthe mistake was actually made in the document was accidentally \nreleased. Now TSA has an opportunity to learn from that \nmistake. The question is, will they?\n    Ms. Rossides, I am confident that TSA will.\n    While I understand that people make mistakes, my review of \nthis incident over the course of the past week has led me to \none simple conclusion: This was not the failure of an \nindividual, but rather that of a failure of a system.\n    An individual in TSA's SSI review office failed to comply \nwith the National Security Agency's processes for \nelectronically redacting sensitive information. That \nindividual's supervisors failed to notice it. The Office of \nAcquisition failed to review the document before posting it on \nthe General Services Administration's FedBizOpps website. \nFinally, management failed to ask why it was necessary to post \na security-related document on-line for a contract and failed \nto consider viable alternatives.\n    On his second day in office, President Obama said, \n``Transparency and the rule of law will be the touchstones of \nthis presidency.'' Why then, after more than a week of phone \ncalls, e-mails, letters, and in-person requests does this \ncommittee still not have the most recent version of the \nstandard operating procedures? Section 114(r)(2) of Title 49, \nUnited States Code, specifically states that designating a \ndocument as Sensitive Security Information does not authorize \ninformation to be withheld from a committee of Congress \nauthorized to have the information. That is what the code says.\n    While I appreciate that my staff was given a 1-hour meeting \nwith an additional hour to review the most recent version of \nthe standard operating procedures, that is not particularly \ntransparent, in my view. After 4 days of asking nicely for the \nSOPs, Ranking Member Bilirakis and I authored a letter to Ms. \nRossides insisting she provide the committee the document. \nAgain, I ask unanimous consent to introduce that letter into \nthe record.\n    Ms. Jackson Lee. Without objection, so ordered.\n    [The information follows:]\n      Letter For the Record Submitted by Honorable Charles W. Dent\n                                                  December 11, 2009\nMs. Gale Rossides,\nActing Administrator, Transportation Security Administration, 601 South \n        12th Street, Arlington, VA 28598\n    Dear Acting Administrator Rossides: We are writing to formally \nrequest an immediate copy of the most current version of the \nTransportation Security Administration's (TSA's) Aviation Security \nScreening Management Standard Operating Procedures. The TSA has \nrepeatedly ignored our requests for this document since Tuesday, \nDecember 8th. TSA's unwillingness to provide the document is \nunproductive and a violation of law,\n    We would remind you that while section 114 of Title 49, United \nStates Code, authorizes the Transportation Security Administration to \nissue regulations protecting sensitive security information from public \ndisclosure, that same provision specifically states that it ``does not \nauthorize information to be withheld from a committee of Congress \nauthorized to have the information.''\\1\\ We would further remind you \nthat pursuant to House Rule X(i) of the Rules of the House of \nRepresentatives, the Committee on Homeland Security oversees ``overall \nhomeland security policy'' and ``transportation security.'' As such, \nthe law explicitly prohibits TSA's dilatory tactics.\n---------------------------------------------------------------------------\n    \\1\\ 49 USC \x06 114(r)(2).\n---------------------------------------------------------------------------\n    As you are aware, in addition to our review, the Subcommittee on \nTransportation Security and Infrastructure Protection will be holding a \nhearing on TSA's improper disclosure of sensitive airport screening \nprocedures on Wednesday, December 16, 2009. The Subcommittee needs \nsufficient time to review the current version of the released document \nto gauge the real impact of TSA's security failure.\n    Thank you for your immediate and personal attention to this matter.\n            Sincerely,\n                                           Charles W. Dent,\n       Ranking Member, Subcommittee on Transportation Security and \n                                         Infrastructure Protection.\n                                          Gus M. Bilirakis,\n   Ranking Member, Subcommittee on Management, Investigations, and \n                                                         Oversight.\n\n    Mr. Dent. Thank you, Madam Chairwoman.\n    In the end, you know, a lot of things went wrong, but a lot \nof things are now going right. I understand TSA is taking some \nrisk mitigation measures and has taken some immediate common-\nsense actions to prevent any further disclosures. I would hope \nto the extent possible you could highlight some of these during \nyour testimony this afternoon.\n    Finally, to those who re-posted this security information \non the internet, you should share in the blame should security \nbe breached as a result of this disclosure. In the future, I \nwould ask that you please, please use the whistleblower process \nCongress has created for you. Call the Department. Call the \ninspector general. Call Congress and its committees. But, \nplease, do not circulate sensitive security documents. Rest \nassured, we will hold the Department to account.\n    Ms. Rossides, I want you to know that I continue to believe \nthat the men and women of TSA, including yourself and your \nstaff, are giving your best efforts to improve the security of \nthe traveling public. While the accidental disclosure was \ncertainly disappointing and the lack of transparency provided \nby this administration is frustrating, I am committed to \nworking with you to improve the Transportation Security \nAdministration and the services it provides to our traveling \npublic.\n    With that, I would yield back the balance of my time.\n    Ms. Jackson Lee. I thank the gentleman for yielding back.\n    It is my privilege to acknowledge and recognize the \nChairman of the full committee, the gentleman from Mississippi, \nMr. Thompson, for an opening statement. Mr. Chairman.\n    Mr. Thompson. Thank you very much. Madam Chairwoman, I \nappreciate the holding of this hearing.\n    I would also like to take the opportunity to express my \ncondolences to the Ed Kelly family, as well as his TSA \ncolleagues who are here. Ed was a dedicated public servant, and \nhis efforts in the cargo security will never be forgotten.\n    There is no doubt that the events that transpired last week \nraise several questions about TSA's operational procedures and \npractices in handling sensitive information. Perhaps more \nimportantly, this incident also raises concerns about the \nsecurity of our entire transportation system.\n    No actions, legislation, or press statement can undo the \ndisclosure of this information. However, we can learn from this \nincident and move forward with security measures that ensure \nsensitive information will not be made available to the public.\n    The events from last week serve as a reminder of how \ncritical it is to have accountability at the Department of \nHomeland Security.\n    I think it was the right decision for Secretary Napolitano \nto request that the DHS inspector general begin an \ninvestigation of this incident. The review and investigation by \nthe inspector general is an important first step in learning \nthe details that will be essential in helping TSA improve \nprocedures for handling and posting sensitive material.\n    However, as I have said before, to get TSA to improve its \noperational performance in all program areas and at all levels \nof management, it is essential that TSA have permanent, \neffective leadership. The President has nominated Erroll \nSouthers to be TSA administrator, and I think we have waited \nlong enough for his confirmation.\n    His law enforcement background and operational experience \nwill be essential in improving TSA and strengthening our \nhomeland security efforts. With strong leadership is in place, \nincidents such as these are less likely to happen.\n    Nevertheless, today's hearing provides us in Congress with \nan opportunity to express our concerns and to hear from TSA \nabout what it plans to do. I am sure that we will need follow-\nup briefings and perhaps another hearing to review the \ninspector general's report and to assess steps going forward.\n    Madam Chairwoman, there are some questions that I have \nafter we have heard from our witness that would more or less \nenlighten us, I think, on this situation. But I am concerned \nabout it. I will express those concerns during the question-\nand-answer period. I yield back.\n    Ms. Jackson Lee. To the Chairman of the full committee, let \nme also express my appreciation for the astuteness and the \ndetail of which the committee, with you as Chair, and the staff \nhas taken to securing the homeland. I think this committee \nreflects that, and your cooperation and agreement with this \nsubcommittee's intent to hold a hearing is much appreciated. \nAgain, thank you very much for your leadership.\n    I wish to recognize--I think both of us are going to speak \nin tandem here on the gentleman from Florida, Mr. Dent.\n    Mr. Dent. Madam Chairwoman, I was going to ask unanimous \nconsent that Ranking Member Bilirakis of the Management, \nInvestigations and Oversight Subcommittee be authorized to join \nus on the dais and ask questions of the witnesses.\n    Ms. Jackson Lee. As you ask, I am ordering that Mr. \nBilirakis be allowed to sit on this committee and participate \nwith questions through the unanimous consent.\n    Any objection? So ordered.\n    Let me acknowledge Mr. Bilirakis' presence, Mr. Austria's \npresence, and Mr. Cleaver's presence, and thank them for being \nhere today.\n    Other Members of the subcommittee remind me that under \ncommittee rules opening statements may be submitted for the \nrecord.\n    Our witness today, Ms. Gale Rossides, is the acting \nadministrator of TSA. As I indicated previously, we are \ngrateful for her service, her long-standing service. As acting \nadministrator, Ms. Rossides oversees a workforce of 50,000 \npeople and the security operations of 450 federalized airports \nthroughout the USA, as well as the Federal security regime for \nhighways, railroads, ports, and mass transit systems.\n    Ms. Rossides was one of the six original Federal executives \nhand-picked in 2002 to build TSA. Let me say that deserves \ncommendation, and we thank you for that longevity of service.\n    Without objection, the witness's full statement will be \ninserted in the record. I now ask Ms. Rossides to summarize her \nstatement for 5 minutes.\n    You are recognized for 5 minutes.\n\n     STATEMENT OF MS. GALE ROSSIDES, ACTING ADMINISTRATOR, \nTRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND \n                            SECURITY\n\n    Ms. Rossides. Good afternoon, Chairwoman Jackson Lee, \nRanking Member Dent, and Chairman Thompson, and distinguished \nMembers of the subcommittee.\n    First of all, I want to thank you for recognizing the \nservices of Ed Kelly and his family. He was truly one of our \nheroes in TSA.\n    I appreciate your giving me the opportunity today to speak \nwith you about the recent website posting of an improperly \nredacted version of a management standard operating procedure, \nor SOP, on a Federal website. I regret this occurred and take \nfull responsibility for this mistake. Our response was swift, \ndecisive, and comprehensive, because our priority first and \nforemost is the safety of the traveling public.\n    I want to reassure all Members of this committee and the \ntraveling public that our aviation system is strong and the \npassengers will fly safely this holiday season and every day \nbecause of the layered security system we have in place.\n    From cutting-edge new technology to retraining our entire \nworkforce to the implementation of new security programs, we \nhave evolved and substantially strengthened security in the \nyear-and-a-half since this document was drafted.\n    On Sunday, December 6, I became aware that the screening \nmanagement SOP was posted to the Federal Business Opportunities \nwebsite without having the Sensitive Security Information, or \nSSI, properly redacted. The document was an attachment to a \nscreening partnership program contract solicitation.\n    We took immediate action. I convened a teleconference with \nTSA's senior executives, and we notified DHS headquarters on \nSunday night. Also on Sunday night, we removed the document \nfrom the Government website within hours, thanks to prompt work \nby the General Services Administration.\n    I then directed TSA's Office of Inspection to immediately \nbegin a review of what happened and how, and that review has \nsince been passed on to the DHS inspector general. Our Security \nOperations Office conducted an operational assessment of any \npotential vulnerabilities that this disclosure may have caused. \nOut of an abundance of caution, we quickly put mitigation \nmeasures in place to close any potential gaps.\n    I directed an audit of sensitive information posted both \ninternally and externally to be conducted by the chief \ninformation officer. We consulted with our Federal and law \nenforcement partners and stakeholders throughout the aviation \ndomain, and all have been tremendously supportive.\n    There have been numerous and significant changes in our \nevolving security program that are not contained in the May \n2008 version of this SOP.\n    As a point of reference, this document provides \ninstructions on who and what needs to be screened. It does not \ninclude the specific procedures used by our transportation \nsecurity officers to screen members of the traveling public.\n    Today, TSA's 12 other standard operating procedures, \nincluding the ones that cover an officer's screening \nprocedures, remain secure. The strength of our dynamic security \nsystem is in our own people, our technology, our stakeholder \npartnerships, and our multilayered and complex protocols.\n    We take this matter very seriously and look forward to the \ninspector general's report. Our response to their \nrecommendations will also be swift. We will hold individuals \naccountable as appropriate. At this time, five TSA employees \nhave been placed on administrative leave, pending the outcome \nof the continued investigation.\n    This has been a critical incident for TSA, and we have \nmanaged it as such. From an exhaustive internal review, we will \nemerge with stronger internal document control measures for all \nemployees. We will strengthen the electronic processes we use \nfor sharing information. Most importantly, we will continue to \nevolve our security programs in light of intelligence and our \nown testing and training regime to ensure the on-going security \nof the system.\n    In closing, I want to again assure Members of this \ncommittee, the traveling public, and our partners that our \nNation's aviation system is strong. We have closed any \npotential gaps, and we will continue to apply measures that \nenhance our complex security system.\n    I am happy to answer your questions and can discuss any \nsensitive material in the closed session to follow. Thank you.\n    [The statement of Ms. Rossides follows:]\n                 Prepared Statement of Gale D. Rossides\n                           December 16, 2009\n    Good afternoon Chairwoman Jackson Lee, Ranking Member Dent, and \ndistinguished Members of the subcommittee. Thank you for the \nopportunity to appear today to discuss the recent website posting of an \nimproperly redacted version of a 2008 Transportation Security \nAdministration (TSA) Screening Management Standard Operating Procedure \n(SOP). I appreciate the subcommittee's continued involvement in the \nsecurity operations of TSA, and look forward to working closely with \nCongress in fulfilling our on-going mission to safeguard all sectors of \ntransportation on behalf of the American people.\n    Let me begin by assuring the Members of the subcommittee and the \ntraveling public that our aviation security procedures remain strong. \nThe duties performed by TSA's dedicated workforce of Transportation \nSecurity Officers (TSOs), Federal Air Marshals, canine teams, and \nothers have not been adversely impacted by this incident. TSA will \ncontinue to ensure the same high standard of security during the \nupcoming holiday season that was evident throughout the Thanksgiving \nDay travel period. Our workforce is responsive, accountable, and \ndedicated to safeguarding the traveling public, and neither our \ncapability nor our resolve has been diminished by this incident.\n    Those who seek to infiltrate airport security will find no roadmap \nfrom the redacted text that was improperly released. This document, \nwhich was outdated, provides procedural information for managers. It is \nnot the SOP used by our TSOs at airport checkpoints to screen members \nof the traveling public. Because we continually adjust our SOPs and our \nsecurity protocols based on the receipt of intelligence information and \nthe testing of our security regimen, there have been six newer versions \nsince this SOP was drafted. Our TSO screening procedures have not been \ncompromised, and our multi-layered transportation security system \nremains intact. Nonetheless, out of an abundance of caution, we have \nundertaken an operational assessment of any potential vulnerabilities \nthat this disclosure may have caused, and have taken swift action to \nprevent the information from the SOP from being used to defeat a single \npoint in our multi-layered security system.\n    That being said, TSA, and I personally, take this incident very \nseriously. This was a mistake and we are very sorry it occurred. I \nwould like to provide a brief summary of the events surrounding this \nincident. On Sunday, December 6, TSA's Blog Team learned that a 2008 \nScreening Management SOP posted on the General Services \nAdministration's (GSA) Federal Business Opportunities website contained \nredacted information that had not been properly protected. The SOP had \nbeen posted by TSA on the GSA contracting website for a contract \nsolicitation under TSA's Screening Partnership Program. Such \ndocuments--when properly redacted--are used in contract solicitations \nto guarantee fairness in the procurement process. Unfortunately, the \nredaction on this particular document had been performed incorrectly, \nenabling readers to view the redacted portions as well as the headers \nand footers indicating that the document contained Sensitive Security \nInformation (SSI).\n    TSA takes any breach of its security programs very seriously, and \nwe reacted swiftly. I convened a Sunday evening senior staff conference \ncall as soon as I learned of the improperly redacted document, notified \nthe Department of Homeland Security's headquarters, and ordered that \nGSA be notified and immediate steps be taken to remove the document \nfrom the GSA website. Although this happened promptly and GSA \ncooperated fully with our request within 2 hours, outside individuals \nhad already downloaded the document and made it available on their \nwebsites.\n    We initiated an extensive internal review through the TSA Office of \nInspection and placed the employees who were involved with the \nredacting of the document on administrative leave pending completion of \nthe review. Secretary Napolitano also asked the Department's Inspector \nGeneral (IG) to conduct a thorough investigation of the matter, which \nwe are currently engaged in now.\n    Since this incident, we have also instituted even more stringent \nnew safeguards for all sensitive operational documents to ensure that \nno SSI is improperly released.\n    In closing, I deeply regret that this incident occurred. We have \ntaken immediate actions and look forward to working with the IG on \nimplementing any recommended actions in the future.\n    I am confident that through an exhaustive review of the facts and \ncircumstances surrounding this incident, TSA will emerge a stronger \nagency.\n    Thank you for your continued assistance to TSA and for the \nopportunity to discuss this matter with you today. I would be pleased \nto respond to your questions.\n\n    Ms. Jackson Lee. Allow me to thank you for your testimony \nand to now yield myself 5 minutes for questioning.\n    Before I do that, let me acknowledge the presence of Mr. \nHimes, a Member of the committee. Other Members will be \nrecognized in the order in which they have arrived.\n    Ms. Rossides, thank you for the initial steps that have \nbeen taken. Let me just ask one pointed question, because when \nwe started this unfortunate incident, and a lot of hysteria was \ncreated, both in terms of the media reporting it really looked \ndevastating. Tell me what level of participation now is the IG? \nHow comprehensive is the IG's investigation?\n    Ms. Rossides. Madam Chairwoman, they are specifically \nlooking at what happened, who was involved, how did it happen, \nand what measures and recommendations can they make to TSA so \nthat it does not happen again. They are looking at both papers, \nand they are doing an extensive forensics on the technology, \nlooking at the electronic transmission of the document.\n    Ms. Jackson Lee. On the SOP, did you indicate that Members \ncould have individual classified or confidential briefings on \nthe new procedures?\n    Ms. Rossides. Yes, Madam. We have offered and we will \ncontinue to offer, as we go through this process, briefings to \nany of the Members or their staff on the current SOP that is in \nplace across the aviation system so that the Members can get a \nfull understanding and appreciation of the fact that many \nsystems improvements have been put in place since that version \nin 2008 was drafted.\n    Ms. Jackson Lee. What is your best assessment of whether or \nnot the lives of Americans are now presently at jeopardy or in \njeopardy because of information that is already disseminated? \nWhat we are speaking of here is a pullback of what occurred and \nan investigation of why. But now that information has been \ndisseminated, where are we with respect to security, as it \nrelates to the traveling public?\n    Ms. Rossides. Madam Chairwoman, the system is very strong, \nand I am very confident in saying that for several reasons. \nFirst of all, there were six versions or updates to the \ndocument that was released that had very significant changes to \nthe way we conduct the screening procedures.\n    Secondly, this was a management's standard operating \nprocedure; in other words, it had a lot of checklists of what \nto do to start the day at the checkpoint. It did not have a lot \nof Sensitive Security Information on how to actually do certain \nprocedures at the checkpoint.\n    That being said, I appreciate the gravity and the \nsignificance with which people regarded this. But we knew and \nour immediate reaction was to begin to do a line-by-line review \nof that document, compare it to measures in place today, and, \nfrankly, even with the confidence we had, out of an abundance \nof caution, we immediately took some additional measures which \nwe do any time we get information that says, ``Let's put an \nadditional set of measures in place in order to be that much \nmore confident in the system.''\n    Ms. Jackson Lee. Is it safe to say that you have changed \nthe review procedures? Is it also--I am asking several \nquestions at once, so you might want to make note. The review--\nor the process that administers the SSI--meaning the document--\nprior to making the document available to the general public, \nto review those procedures, is it safe to say that, as the \npublic is traveling, that there are new schemes and procedures \nthat no one knows about?\n    Lastly, let me just hold this up. This is an example of the \nkinds of cards that were displayed. Some others dealt with law \nenforcement officers who need to have confidentiality and \nprivacy. The question is, should we begin to change all of \nthese IDs in order to ensure the safety of those who are in the \nservice of their Government?\n    Ms. Rossides. Madam Chairwoman, let me answer your \nquestions and make sure that I am fully responding to your \nseveral questions.\n    First of all, with respect to the review of the procedures, \nthere were several things we did. We began our information \nprotection oversight board, which is a board we established \nseveral years ago, to look at incidents like this. We also--I \nasked that, even though SOPs be treated in their entirety as \nSSI, I asked that we just hold and not release any other SOPs \nuntil we could get a complete review of what had been released \nand what the circumstances were.\n    I also directed the Office of Acquisition to look at all of \ntheir current and recent postings for procurement solicitations \nand take down any that had any other relevant SSI or sensitive \ninformation in them and to make sure that they looked \ncompletely at those, which, to the best of my knowledge, we had \nno other.\n    We put in a number of measures, mitigation measures that \nare part of the flexibilities that we have across the system. \nFederal security directors on Monday morning were directed to \nimplement some of those other flexible provisions so that we \nwould ensure the safety of the traveling public.\n    I would like to specifically, you know, describe the ID \nthat you show. Although, you know, we take full responsibility \nand we are not at all pleased that this document was released, \nthose IDs in the document are photocopies. I just want to \nassure you and the traveling public and our law enforcement \npartners, there are other aspects to those identifications and \ncredentials that have security features to them, and we have \nextensive procedures in place to validate the authenticity of \npersons traveling through that represent themselves as law \nenforcement officers. In fact, some of those improvements we \nhave made have been at the direct urging of this committee.\n    Ms. Jackson Lee. I thank you, Administrator, and now yield \n5 minutes to the Ranking Member, Mr. Dent.\n    Mr. Dent. Thank you, Madam Chairwoman.\n    Thanks, Ms. Rossides, for being here today. The President, \nas you know, has stated repeatedly that the administration \nwould embrace the spirit of transparency. The day after his \ninauguration, the President stated, ``Transparency and rule of \nlaw will be the touchstones of this presidency.''\n    Are you familiar with Section 114(r), which authorizes TSA \nto prescribe regulations prohibiting the disclosure of \nSensitive Security Information?\n    Ms. Rossides. Yes, sir, I am.\n    Mr. Dent. Can you please explain your interpretation of the \nCongressional exemption included in Section 114(r)(2)?\n    Ms. Rossides. My understanding is that, when TSA receives a \nrequest like this, we are required to provide it to the \nCongress when it is received from the leadership of a \ncommittee, and we do that when we are properly requested.\n    Mr. Dent. Do you have a certain date when you will be \ntransmitting to the Committee on Homeland Security a copy of \nthe current document, such as today, you know, next week, you \nknow, any date certain after the new year?\n    Ms. Rossides. Mr. Congressman, what I will pledge to you is \nthat, in the aftermath, the immediate aftermath of this, we \nwanted to exercise the absolute operational security over all \nof these SOPs. My commitment to you is, once we are through the \ntraveling holiday season, I will come back and I will talk with \nyou and the leadership of this committee about how to make all \nof that information available to you. In the meantime, we will \nsit and give briefings to any Members or their staff that \nrequested on this document specifically.\n    Mr. Dent. You know, I certainly appreciate that TSA \nprovided my staff about an hour briefing on the differences \nbetween these two documents. Then I think there was about an \nhour to review the latest version of the document, but I want \nto make sure that I am clear that I still would like to have a \nhard copy of the document for a thorough review.\n    I guess the question still is why does TSA not want to \nprovide the committee with a hard copy of this document, given \nthat we have asked for thousands of pages of Sensitive Security \nInformation in the past and TSA has provided them? Why is this \ndifferent?\n    Ms. Rossides. The only reason this is different right now \nis in the immediate aftermath of this incident. I was very \nconcerned to maintain the tightest controls over the current \nversion, because it does have very significant changes to what \nwas released. I just wanted to take the absolute measures to \nprotect that information, and that is why a hard copy wouldn't \nbe presented, but we were very, very willing to provide the \ninformation and actually explain the difference in the versions \nfrom one document to the other.\n    Mr. Dent. I thank you for that answer. I keep hearing that \nthe administration is reviewing our request for an unclassified \ndocument, and I guess the question is, where are you in that \nreview? Who, if anybody, would be holding up the documents from \nbeing provided to our committee? Is it the TSA? Is it DHS, the \nWhite House?\n    Ms. Rossides. Right now, sir, it is--basically, the request \nis pending and that ultimate decision would be mine or the \nSecretary's to make. Those are the--under the regulation, we \nare the two officials with the authority to make the decision \nto release it.\n    Mr. Dent. Well, speaking for the Republican side of this \ncommittee, I just really would, again, request that we get a \ndate certain for that document. As I have said, we have \nreceived, thousands of pages of--Sensitive Security Information \nand it has never been an issue, but this one seems to be. I \nunderstand the issue that you and I have talked about with the \ntravel season being upon us here, but certainly it would be, I \nthought, reasonable to have a date certain, some time early in \nthe new year.\n    Ms. Rossides. I will get back to you, sir.\n    Mr. Dent. Finally, after the TSA asked the General Services \nAdministration to review the document from its website, it \nremoved it in about 2 hours, but not before being captured and \nthen reposted by various other websites. Do the current \nregulations provide you a mechanism to keep individuals from \nreposting this information on other websites?\n    Ms. Rossides. No, sir, they do not. We do not have any \nauthority to ask non-Government or non-DHS sites to take it \ndown.\n    Mr. Dent. What action did TSA intend to take against those \nwho are reposting this sensitive document that should not be in \nthe public domain?\n    Ms. Rossides. Well, right now, there really isn't any \nauthoritative action we can take. Honestly, persons that have \nposted it, I would, you know, hope that out of their patriotic \nsense of duty to, you know, their fellow countrymen, they would \ntake it down. But, honestly, I have no authority to direct them \nand order them to take it down.\n    Mr. Dent. So there is nothing in current regulations that \nprovide you a mechanism to compel they remove this information?\n    Ms. Rossides. No.\n    Mr. Dent. I yield back.\n    Ms. Jackson Lee. Thank you very much.\n    Just as I yield to Chairman Thompson, let me be very clear, \nAdministrator Rossides, that there is a view by the majority--\nand I appreciate the comments of the Ranking Member--that we \nwant to see the inspector general's work completed before any \npublic distribution of these items, the SOP in particular, \nbecause there is concern about the impact on National security.\n    I would encourage Members to take full advantage of the \npersonal review of documents, but we ask you to urgently move \nforward, as our Ranking Member has indicated, and we are going \nto be following this through the holiday season and into the \nbeginning of the year.\n    I now am pleased to yield 5 minutes to the Chairman of the \nfull committee, Mr. Thompson.\n    Mr. Thompson. Thank you very much, Madam Chairwoman.\n    Just for timeline purposes, Ms. Rossides, can you tell the \ncommittee when this particular posting went up on the web and \nwhen TSA found out about it?\n    Ms. Rossides. Yes, sir. It went up in March 2009. It was \npart of a solicitation for the SPP program. It came to my \nattention and senior leadership's attention on Sunday, December \n6, in the early evening.\n    Mr. Thompson. So this particular item was in the public \ndomain from March until December?\n    Ms. Rossides. Yes, sir.\n    Mr. Thompson. Well, I guess one of my concerns is you said \nyou took swift, decisive, and comprehensive action. That is \nafter you found out.\n    Ms. Rossides. Correct.\n    Mr. Thompson. So before that, it was in wherever. I guess, \nwhat are the--can you explain to the committee the protocols \nfor putting items on the web?\n    Ms. Rossides. Yes, sir. At least through the acquisition \nprocess, there are two approaches when we post procurement \nactions. One is to--when we have any kind of sensitive \ninformation, one is to post it to the secure side of the GSA \nFedBizOpps site, which means that it is password-protected or \notherwise secured. The other is solicitations get posted to \nFedBizOpps' unsecured side.\n    This particular solicitation got posted on their unsecured \nside and then was not properly redacted. The--there are other \nways that we also will give potential vendors the opportunity \nto look at SSI information and procurement actions. We might \nhave a physical reading room where we invite the vendors in, \nand then they can look at that--any SSI material in a physical \nreading room.\n    Mr. Thompson. Thank you. Now, was this a private contract, \nwho did this, who did this posting?\n    Ms. Rossides. That is within the scope of the IG's review \nright now. I can't really comment, because of the IG's due \ndiligence on determining exactly who did what postings. There \nwas a contractor under the SSI office at the time, a contract \ncompany under contract with the SSI office.\n    Mr. Thompson. Why would we have a contractor in the SSI \noffice?\n    Ms. Rossides. Small contracts like that often just provide \nclerical support. Sometimes they provide research support. \nSometimes they provide some technical support. They are not \npeople that are making the decisions on the technical aspects \nof a job, in terms of like the redactions.\n    Mr. Thompson. Are they required to have clearances?\n    Ms. Rossides. Yes, sir, they are.\n    Mr. Thompson. Did all these employees in question here have \nclearances?\n    Ms. Rossides. That I cannot answer specifically, but during \nthe scope of the IG review, we will know exactly what \nclearances everybody did have and the particular people \ninvolved.\n    Mr. Thompson. Well, you have already suspended five people.\n    Ms. Rossides. Yes, sir.\n    Mr. Thompson. I would hope that part of your review would \nhave looked at whether or not these clearances were in effect.\n    Ms. Rossides. The five people who were put on \nadministrative leave do have clearances, yes, sir.\n    Mr. Thompson. Well, but the--to your knowledge, these are \nnot all the people who had access to what we are talking about. \nAm I correct?\n    Ms. Rossides. Exactly, sir. As part of the IG's review, \nthey will determine if it was confined to just these five or \nif, in fact, there are more people who are responsible for this \nerror.\n    Mr. Thompson. For the committee's point of information, how \ndid we find out about this--how did TSA find out about this \nposting?\n    Ms. Rossides. I found out from a blogger notifying our blog \nteam. We have a TSA blog team. A blogger who frequently blogs \non TSA's blog called and sent an e-mail to one of our bloggers \nand pointed it out. That followed a chain of events of my being \nnotified of it.\n    Mr. Thompson. So the particular software that was used to \ndo the redacting, is that a TSA-approved software?\n    Ms. Rossides. Any of the software on TSA computers are \napproved by our chief information officer.\n    Mr. Thompson. Did that chief information officer understand \nthat it could be unredacted on the web?\n    Ms. Rossides. That will be part of what we learn in the IG \nreview, exactly which software, what version of the software, \nand what version was on the various computers that actually \ntouched this document.\n    Mr. Thompson. So we don't know?\n    Ms. Rossides. I do not know yet.\n    Mr. Thompson. I would take that you have talked to the \nchief information officer?\n    Ms. Rossides. Yes. They are going through and looking at \nall of the versions of the software on TSA computers now, and \nthey are going through that inventory right now, with the goal \nbeing that we will ultimately have the same software on all \ncomputers, and everybody will be properly trained to that \nsoftware.\n    Mr. Thompson. Is there a software presently being used by \nTSA that can't be unredacted?\n    Ms. Rossides. Yes, sir, there is.\n    Mr. Thompson. Have we made that software available to \neveryone who is doing posting on the web for TSA?\n    Ms. Rossides. Yes, sir, we have. We are going back and \nmaking sure that everybody who is using that software is \nproperly trained and knows, again, how to properly use that \nsoftware. If I could add, had this software been properly used, \nit would have worked on this document, so we are making sure \nthat everybody who deals with SSI information----\n    Mr. Thompson. Wait a minute. You just told me you don't \nknow which software--you mean, this----\n    Ms. Rossides. The software in use, the software that our \nCIO uses today and authorizes, if that software was used----\n    Mr. Thompson. Okay. I got you now.\n    Ms. Rossides [continuing]. It would have worked.\n    Mr. Thompson. But you don't know which software was used?\n    Ms. Rossides. Exactly.\n    Mr. Thompson. Okay. Thank you very much.\n    I yield back, Madam Chairwoman.\n    Ms. Jackson Lee. I thank the Chairman.\n    Now I recognize Mr. Austria.\n    Mr. Austria. Thank you, Madam Chairwoman and Ranking Member \nDent. I would just like to lend my voice to those who are \ndeeply troubled by this incident. It is extremely concerning to \nme that here we sit, 8 years after 9/11, and our Government, \nwhether it be accidental or carelessness, can make such a \nmistake as posting sensitive information on a website.\n    I am very concerned about that. I am very concerned with \nthe fact that TSA posted the standard operating procedures, \nthat the Federal Government with this incident may have \ninadvertently helped those that we don't want to see this \ninformation, terrorists, others, do their homework for them, so \nto speak. I am very concerned about that.\n    So let me--if I may, I have a number of questions here. I \nam going to get right to my questions. But, Ms. Rossides, thank \nyou for your testimony today.\n    Let me, first of all, ask you--kind of following up on the \nChairman's questions on redaction--how often does the TSA post \nredacted standard operating procedures on the internet? What is \nthe purpose of that?\n    Ms. Rossides. Sir, this was the first time that we had ever \nposted a standard operating procedure for a procurement \nsolicitation, and it was done specifically for the procurement, \nfor companies to compete for privatizing airports in the State \nof Montana.\n    Mr. Austria. Let me follow up on that answer, because my \nnext question would be, why would TSA post any of its standard \noperating procedures, sensitive or not? I understand that the \nentire document may not have been security sensitive, but there \nwere parts that the general public should not have seen. Why \nwould you post anything? Why would you give anyone the \nopportunity to learn anything about TSA's aviation security \nprocedures?\n    Ms. Rossides. In the course of that particular \nsolicitation, any vendors will have to be able to prove that \nthey can provide the security procedures at those airports. So \nthey needed to know what kind of requirements we would have at \ncheckpoints for them to be able to demonstrate their \nqualification to be a qualified vendor to be considered for \nthis contract.\n    Beyond that, one of the questions that the IG is asking is, \nwhy did we take the steps that we did? They are reviewing that \ndecision in terms of, why was it posted?\n    Mr. Austria. Let me follow up on this question again, but \nwhat is the purpose of posting this? Why does TSA post this on \nthe internet? What is the purpose of that?\n    Ms. Rossides. The purpose was for a procurement action. It \nis not something that we post routinely. It was for a specific \nprocurement action that this particular SOP was posted.\n    Mr. Austria. So going forward, will TSA continue to use the \ninternet to post redacted Sensitive Security Information for \npotential contractors or vendors? Or have you changed the way \nyou are doing business?\n    Ms. Rossides. We have immediately--I have immediately \ndirected the Office of Acquisition to not post any SOPs like \nthis. What we will review with the General Services \nAdministration is ensuring that if we ever do have to post \nsolicitations again--say, for the technology purchases that we \nare doing--that would contain any SSI information, we will \nverify that that is in a secure environment on their secure \nwebsite.\n    We are also looking at other measures, physically inviting \npotential vendors in to look at material, as opposed to doing \nany postings at all.\n    Mr. Austria. Okay. I appreciate that answer.\n    Let me kind of follow up a little bit on what the Chairman \nwas talking about as far as redacting the sensitive documents, \nbecause I think that is very important. Can you tell us, as a \ncommittee, what TSA's normal process and procedures are for \nredacting sensitive documents?\n    Ms. Rossides. Yes, sir. The normal process is that within \nprogram offices that have SSI information, there is a \ndesignated individual who is trained to properly redact the \nmaterials. The chief information office puts out the \ninstructions on how to properly redact information, based upon \nthe technology that is on each individual's computer.\n    That process now we are going back and reviewing, both as \npart of the IG review, in terms of how did this actually \nhappen, and then now, what our CIO is also doing is making sure \nthat the same software for redacting is on all computers, so \nthat the training is consistent from office to office to \noffice.\n    Mr. Austria. Okay. One last question I have--I know my time \nis up, Madam Chairwoman.\n    Ms. Rossides, based on what has happened here, do you \nbelieve that our aviation security has been compromised or \nweakened because of this incident?\n    Ms. Rossides. No, sir, I do not.\n    Mr. Austria. Thank you, Madam Chairwoman.\n    Ms. Jackson Lee. Thank you.\n    The gentleman from Missouri is recognized, Mr. Cleaver, for \n5 minutes.\n    Mr. Cleaver. Ms. Rossides, thank you for being here.\n    To follow with Mr. Austria's, the answer to that question \nwould have been what you just said no matter what, right?\n    Ms. Rossides. Yes, sir. I believe that our system is very \nstrong.\n    Mr. Cleaver. No, no, no. I mean, but even if it weren't, \nthat that would be the answer, right?\n    Ms. Rossides. I don't understand.\n    Mr. Cleaver. I mean, you wouldn't have sat here in front \nof, you know, TV cameras that our system has been compromised.\n    Ms. Rossides. I believe that the system is very strong and \nit was not compromised as a result of this, sir.\n    Mr. Cleaver. Okay. I understand why you won't answer the \nquestion, which is why I asked the question. But that was \nsomewhat of an answer. Has there been a--see, I don't--I am not \nsure you can answer my questions here, because I don't--\nbecause----\n    Ms. Rossides. I can--perhaps when we get into the closed \nsession, I can answer and give you more examples as to why I am \nconfident in our systems.\n    Mr. Cleaver. Well, generally, whether it is science or \ntheology or anthropology or epidemiology, we all build on what \nwas. So it seems to me that any new versions were built on \nolder versions. Am I right about that?\n    Ms. Rossides. Yes, sir.\n    Mr. Cleaver. Okay. So if I am correct, then there obviously \nis information that is out there that is in the latest \niteration.\n    Ms. Rossides. That is true. But that--the bulk of that \ninformation is not SSI information. It is checklists. It is \nroutine standard procedures.\n    Mr. Cleaver. The SSI material was posted on the fob.com on \nMarch 3, but it was not discovered by TSA until December 6. \nWhat was the--what happened differently in between time?\n    Ms. Rossides. The procurement solicitation was up on the \nFedBizOpps website. In fact, the procurement went through its \nwhole process. A contractor was selected for that procurement. \nThen the normal routine is, once the contract is awarded, the \nGSA keeps the procurement award posted on the FedBizOpps and \nadvises the public, who actually won the contract.\n    Mr. Cleaver. Okay. Unfortunately, it sounds like we have \nbeen called to vote. The questions that I have, based on what \nyou are saying, I am not sure I want answered. I mean, I don't \nthink you will answer it in front of everybody in the first \nplace.\n    So I don't want to ask it, because then I get frustrated, \nbecause you can't answer it. On top of that, I appreciate you \nnot answering it--sounds clear.\n    Ms. Rossides. Well, if we have the opportunity to go into \nthe Executive Session, perhaps I can give you some answers that \nwon't frustrate you and will be able to give you more \ninformation.\n    Mr. Cleaver. But you understand the----\n    Ms. Rossides. Yes, sir, I do. I understand.\n    Mr. Cleaver. Madam Chairwoman, thank you.\n    Ms. Jackson Lee. I thank the gentleman.\n    The gentlelady is correct. If we are prepared to go into \nExecutive Session--we are called for a vote. We are going to \ncontinue for a period of time.\n    I do want to ask the administrator on her time \ncircumstances here. I see the number of Members, but we do want \nto pose that question to you. What is your time circumstance, \nplease?\n    Ms. Rossides. You know, probably, Madam Chairwoman, I have \ngot to be out of here by about 4:15.\n    Ms. Jackson Lee. 4:15.\n    Ms. Rossides. Yes, ma'am.\n    Ms. Jackson Lee. Let me now recognize--and we will \ncontemplate what our next step is. Let me recognize Mr. Lungren \nfor 5 minutes. He is not a Member of the committee--yield to--\nbut we are graciously accepting him, but we are going to \nMembers first.\n    Mr. Himes is recognized.\n    Mr. Himes. Thank you, Madam Chairwoman. A couple of quick \nquestions.\n    First, I share my colleagues' concern, obviously, with this \ndisclosure of sensitive information. Of course, no organization \ndoesn't make mistakes. The measure of an organization is how \nwell you learn from your mistakes. It sounds like you have \ntaken a fairly aggressive approach to that.\n    Here's a slightly off-the-wall question, but one that I \nthink is important. We know that, through a couple of different \nmechanisms, this information is now in the public domain. Are \nyou or is anybody looking to see who has subsequently \ndownloaded it?\n    Ms. Rossides. I believe that is part of what the IG is \nlooking at. We do know--we have in our--our CIO shop has done \nan initial review of who did download it and has it on their \nwebsites, the non-Government, non-DHS websites. We do know \nthat.\n    Mr. Himes. Thank you. Yes, no, I am just intrigued by the \npossibility that you might cross-check a list of those end-\nusers, not just cross-posters, but end-users who downloaded it \nperhaps with other lists that could--from which we could maybe \nmake some inferences.\n    When we get classified information on this committee, each \npage is usually marked with some degree of classification. \nSometimes each paragraph has actually indicated some level of \nclassification. Do you follow a similar protocol on a hard \ncopy? Would SSI be always indicated as such?\n    Ms. Rossides. Yes, sir. If appropriately marked, the SSI \ndocument would be marked and the pages would have a header and \na footer on them that said it is SSI information.\n    Mr. Himes. Not having seen the SSI that was disclosed, was \nthat, in fact, appropriately marked as such?\n    Ms. Rossides. No, sir, it was not, no. That was part of the \nproblem.\n    Mr. Himes. So the failure was one of marking.\n    Ms. Rossides. And redacting.\n    Mr. Himes. And redacting, okay. Do you have a sense for \nwhat your overall rate of compliance is with respect to marking \nappropriately your documents?\n    Ms. Rossides. Well, sir, we do a number of self-assessments \nas part of our SSI program, and we do those routinely. We also \nhad a very extensive review by GAO at the end of 2007 who \nactually gave very good grade to TSA for how we do--our program \noffice addresses SSI.\n    Mr. Himes. Thank you. I yield back the balance of my time.\n    Ms. Jackson Lee. I thank the gentleman from Connecticut.\n    I would like to now recognize Mr. Bilirakis for 5 minutes.\n    Mr. Bilirakis. Yes, I will go ahead and ask my questions \nduring the Executive Session, Madam Chairwoman. Thank you.\n    Ms. Jackson Lee. Let me----\n    Mr. Dent. May I ask your indulgence, Madam Chairwoman? I \nknow we have a few minutes before the vote, but before we go \ninto Executive Session, I am struggling a little bit with the \nunderlying premise of Ms. Rossides' response.\n    By refusing to give a document to this committee because \nyou are concerned about public disclosure, that is implying \nthat the subcommittee will disclose the document. That is what \ntroubles me the most: The implication that this subcommittee is \nnot taking security of these documents that seriously, and I \nthink we all agree that we know that is not the case.\n    For the record, I am glad the inspector general is doing \nhis investigation, but that is not particularly relevant to our \nrequest for this document. We are a separate and equal branch \nof Government responsible for overseeing TSA's activities. I am \nfrustrated by, again, a willingness to provide us a date \ncertain for delivering this critical document to the \nsubcommittee.\n    So I feel like I have been left with no choice. I feel like \nwe have given the administration every opportunity to provide \nthis document. I appreciate the fact that our staff has been \nable to look at this for a few hours.\n    I think, somewhat reluctantly, along with Ranking Member \nBilirakis, Mr. Lungren and Mr. King, and others, you know, I \nwill be introducing a resolution of inquiry demanding that the \nSecretary provide the House of Representatives with this \ndocument. I think it is only appropriate, and I would rather \nnot do it. If I had a date certain, I would not ask for this \nresolution.\n    Ms. Jackson Lee. The gentleman--if the gentleman's finished \nhis remarks--let me ask you, Administrator Rossides, if you \nhave a definitive date or whether you could submit a definitive \ndate of the completion of the IG report?\n    Ms. Rossides. No, Madam. I am sorry. I do not. I do not \nknow when the IG will definitively be finished. I know that \nthey have this on an expedited track, but I don't have a \nspecific date. I couldn't speak----\n    Ms. Jackson Lee. Do you have a close, proximate date?\n    Ms. Rossides. All I know is when they first began the \nengagement and took it over from our office of inspection, they \nsaid they wanted to have it done in a matter of a couple weeks, \nso that they started that, you know, earlier, right after--they \nstarted it on December 9.\n    Ms. Jackson Lee. Okay, well, let me just say that I am very \nmoved by the sincerity of Mr. Dent's request and intent to \noffer a resolution of inquiry, but I am aware that the Chairman \nof the full committee has authority to move forward, and it \nwould seem, Mr. Dent, that you would raise that question with \nthe Chairman of the full committee. I think that would be the \nappropriate next step and not a resolution of inquiry.\n    I might also say that part of our concern has been that, in \ndisclosing the SOP, it is possible for leaks. Of course, it \nsounds maybe that it is ironic that I would use the term leaks, \nbecause, obviously, we have had a breach. But there have been \nmany, many Members of the House and the Senate that have asked \nfor this document, and there is no doubt this is a high-profile \ndocument, but our job is to ensure that there are no further \nleaks equally egregious.\n    So I would ask that you ask the Chairman of the full \ncommittee as a first step, but more importantly, I would say \nthat I would like Ms. Rossides to come back in the next 24 \nhours, if she can be in touch with the Secretary and the IG, to \nget a more definitive time. I know answering today may be \ndifficult, but I would think the inspector general would be \nopen to the fact that this is urgent. Mr. Dent has indicated it \nis urgent. There is a suggestion of a resolution of inquiry, \nwhich I think is premature.\n    But even so, that shows the urgency of the matter. We need \nto, in essence, respond to that. So I would suggest that the \nfirst response for Mr. Dent and his colleagues is a request to \nthe Chairman of the full committee, Mr. Thompson. Then I would \nwant to have the additional information for our subcommittee as \nto the time that you believe this might occur.\n    Ms. Rossides. Yes, ma'am, I will do that.\n    Ms. Jackson Lee. The IG's report.\n    Mr. Dent. Madam Chairwoman, the only thing I would ask----\n    Ms. Jackson Lee. I yield to the gentleman for a response.\n    Mr. Dent. The only thing I would ask, respectfully, is that \nwe be given a date certain as to when we would receive this \ndocument, then I would quite happily withdraw the motion for \nthe resolution of inquiry. I do feel that the inspector general \ninvestigation is irrelevant to our request for that particular \ndocument. As I said previously, we have received, many \nthousands of pages of sensitive and security information, and I \nthink our committee has handled them well and we certainly will \nmake a request to the Chairman.\n    I would just like to keep this resolution out there for \nconsideration. Hopefully in the intervening time, we can get a \ndate certain. If we were to get a date certain for the release \nof document, then we could at that time withdraw the \nresolution.\n    Ms. Jackson Lee. I think we found some measure of \nreconciliation or a moment that we can reconsider.\n    Let me quickly--I think there are one or two Members that \nare going to be here. I am continuing the hearing because of \nthe time constraints of Ms. Rossides. So anyone that is \ninterested in the--going forward on the Executive Session, they \nneed to hurry back, because the first vote--let me just \nproceed--I assume all Members have gone forward. I will yield \nmyself for a second round until we convene into the Executive \nSession.\n    Do you believe that any actions taken by the individuals \nthat you have put on administrative leave or have disposed of \nin another manner--and I do need to get a correct \ninterpretation--were some of these individuals contract \nemployees?\n    Ms. Rossides. Madam Chairwoman, at the time in March 2009, \none of the individuals was a contractor, but he is now a TSA \nemployee, and he is one of the five TSA employees that is on \nadministrative leave.\n    Ms. Jackson Lee. Do you believe that any actions by these \nemployees was intentional?\n    Ms. Rossides. I would have to wait for the IG report, but \nmy honest assessment is no.\n    Ms. Jackson Lee. But you----\n    Ms. Rossides. I think this was an accident.\n    Ms. Jackson Lee. Your honest assessment is no, but you do \nnot know?\n    Ms. Rossides. I don't know for sure until the IG gives us \nthe report.\n    Ms. Jackson Lee. One of the employees was a contractor, and \nyou are representing to this committee that that individual is \nnow employed. But are you also representing that that \nindividual went through the normal security checks?\n    Ms. Rossides. Yes. If he was hired as a TSA employee, he \nwould have had a background check.\n    Ms. Jackson Lee. What do we learn from the idea--not the \nidea, but the actual happening of this incident occurring in \nMarch 2009 and this was exposed in the last 3 weeks? What do we \nlearn from that?\n    Ms. Rossides. I think that--\n    Ms. Jackson Lee. As you answer that question, can you \ncomprehend the disappointment that we have in that issue?\n    Ms. Rossides. Yes, Madam Chairwoman. I think there are a \nnumber of things that we learned from this. Our learnings from \nthis are that we definitely need better processes in place and \ntighter controls on how we handle sensitive information. In the \nsize of TSA, as large of an organization it is, where this \ninformation is shared across the organization, we are going to \nhave to make sure that we have designated personnel who are \nproperly managing--and managing this information and treating \nit in the manner in which it should be. We need to make sure \nthat our personnel are trained and really truly understand.\n    If there is a lesson that the entire TSA organization has \nlearned in this, it shows that, you know, the accident or the \nmistake of one or a few can tremendously impact the whole \nagency and our credibility with the American public. So we are \ntaking it very, very seriously. I think that our front-line \nofficers, our FAMs, our inspectors, our TSOs are very much \naware of their responsibility now because a document like this \nhas been put out there.\n    So I think there will be a number of lessons that we will \nlearn. I also think that there are technology solutions that \nhopefully will come from the IG's report about the right \ntechnology to use, the right versions to use when redacting \ninformation.\n    Ms. Jackson Lee. Let me say this. I will recess this \ncommittee, and keeping in mind your schedule, we will return \nquickly, but my intent is to write legislation, first of all, \nwith a great deal of respect for the reliance of this \nGovernment overall, not just Department of Homeland Security, \non contract employees, from Blackwater employees to a number of \nothers.\n    It is clear that there needs to be standards utilized for \nthe hiring, retaining, and utilizing of contract employees. It \nwill be my thought, it will be my legislative initiative to \ninsist that contract employees not be used to handle Sensitive \nSecurity Information, period.\n    Then we are looking to craft legislation that puts a \nfirewall around certain technology, because as I was listening \nto the Chairman, if this is unique technology that ultimately \nwill prevent redacting from showing up again on a website, then \nI don't want random individuals having access to that, because \nthen you can be exploited.\n    So I will introduce legislation in the early part of the \nyear to establish that criteria, and we will also have to find \na better pathway of informing the Members of this House and \nSenate, and I would imagine the White House, on issues of \nbreach of security.\n    With that, this hearing remains in recess. We may start \nback in--with a brief open session, but we will then go into \nthe Executive Session. Thank you. This hearing is now in \nrecess.\n    [Recess.]\n    Ms. Jackson Lee. Committee is called to order.\n    Ms. Rossides, I would like to pursue a line of questioning. \nThis is not the Executive Session, which we will go into very \nshortly.\n    Would you please share, again, with the explanation as to \nwhether or not we had a different software in March 2009, but \nwe now have a different software in December 2009, dealing with \nthis particular issue?\n    Ms. Rossides. Madam Chairwoman, I can't answer that \nquestion with any specificity, because I do not know, and that \nis what the IG's forensic team is looking at, as they are \nlooking at all of the computers that were used by people in \nthis action, so I cannot answer that. That will be part of the \nIG's review.\n    Ms. Jackson Lee. Do you have information--and if you have \nsaid it before, if you could say it again--that the policies of \ndealing with SSI have now changed, is there a review process of \nseveral individuals that are now as we speak looking at \nSensitive Security Information and making a paper trail \ndecision, meaning that you will know who made the decision, on \nwhat goes onto the web?\n    Ms. Rossides. Yes. That is really--I would give you a \ncouple of answers to that. First of all, our procedures for how \nSSI information is handled internally is part of our review and \nour lessons learned. We will look again at those procedures.\n    The SSI office maintains very detailed records of how they \nlook at the documents and then how the documents are passed \nforward to other offices. The acquisition office is also \nlooking at their procedures. Then most importantly, the CIO, \nour chief information officer, is looking at both the \ntechnology that should be used across the whole agency in \nhandling redacted material. We have actually asked the NSA to \ncome in and help us ensure, give us a certification that any \ntool we use for redacting material electronically will meet \ntheir certification standards. So we are taking that added \nmeasure.\n    Ms. Jackson Lee. As you do that, you are going to have \nwritten criteria, some roadmap to go forward on the handling of \nthese materials so that we can assure the American people that \nthis will not happen again?\n    Ms. Rossides. We will do a exhaustive review--and I commit \nto you that we will make sure we have procedures in writing \nthat we train the appropriate personnel and that we raise every \nemployee awareness about the importance of handling SSI \nmaterial appropriately.\n    Ms. Jackson Lee. All right. As I indicated with respect to \ncontractors, is there any determination that contractors would \nbe outside the realm of sensitive security materials?\n    Ms. Rossides. No. Madam Chairwoman, right now, I believe \nthat we do have some contractors that handle SSI material, but \nif they do, they are subject to the exact same procedures that \nany employee in handling SSI is subject to.\n    Ms. Jackson Lee. Well, I, frankly, believe that we should \nleave our SSI materials to employees of Homeland Security. I \nknow that this Government has become very dependent in many \nareas--and in some areas, it is very effective. I have no \nproblem with who builds our highways and bridges. It may be \nvery difficult for the Government to engage in construction.\n    But I certainly have concern about the use of non-\nGovernment employees in the handling of Sensitive Security \nInformation. I am going to raise that with the Department. I am \nraising it with you. I would like you to raise it with your \nteam. We will have to come to some resolution on that, because \nthere is little reprimand, I believe, under the circumstances \nfor a contract employee who is getting paid by tax dollars, but \nthen is, unfortunately, in a breach such as this, which we have \nnot determined whether or not it was intentional. Certainly, I \nappreciate your representation at the level that it was at.\n    Then final question before we enter into this session, the \nindividuals that you were dealing with that have been, I guess, \nsuspended----\n    Ms. Rossides. Placed on administrative----\n    Ms. Jackson Lee [continuing]. Administrative leave, what \nlevel civil service rank would they have been at? What was \ntheir level?\n    Ms. Rossides. I would have to get back to you and confirm. \nThey are at the mid-level and one, I believe, is at a senior \nmanagement level. But I could have--I would have to confirm \nall--all five of them. I know that--that one, the high--the \nhighest level one was at a senior management level. It is the K \nband in TSA's pay system.\n    Ms. Jackson Lee. Okay. With that in mind, thank you. The \nsubcommittee will now resolve into Executive Session. I ask the \nclerk to prepare the room.\n    [Whereupon, at 3:52 p.m., the subcommittee proceeded in \nExecutive Session, and subsequently adjourned the hearing at \n4:14 p.m.]\n\n                                 <all>\n\x1a\n</pre></body></html>\n"