[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]


 INSIDER THREATS TO AVIATION SECURITY: AIRLINE AND AIRPORT PERSPECTIVES

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                           TRANSPORTATION AND
                          PROTECTIVE SECURITY

                                 OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 27, 2018

                               __________

                           Serial No. 115-77

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
                                     

        Available via the World Wide Web: http://www.govinfo.gov

                               __________
                               
                               
 
                    U.S. GOVERNMENT PUBLISHING OFFICE                    
34-448 PDF                  WASHINGTON : 2019                     
          
-----------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected]. 
                              
                               

                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Sheila Jackson Lee, Texas
Mike Rogers, Alabama                 James R. Langevin, Rhode Island
Lou Barletta, Pennsylvania           Cedric L. Richmond, Louisiana
Scott Perry, Pennsylvania            William R. Keating, Massachusetts
John Katko, New York                 Donald M. Payne, Jr., New Jersey
Will Hurd, Texas                     Filemon Vela, Texas
Martha McSally, Arizona              Bonnie Watson Coleman, New Jersey
John Ratcliffe, Texas                Kathleen M. Rice, New York
Daniel M. Donovan, Jr., New York     J. Luis Correa, California
Mike Gallagher, Wisconsin            Val Butler Demings, Florida
Clay Higgins, Louisiana              Nanette Diaz Barragan, California
Thomas A. Garrett, Jr., Virginia
Brian K. Fitzpatrick, Pennsylvania
Ron Estes, Kansas
Don Bacon, Nebraska
Debbie Lesko, Arizona
                   Brendan P. Shields, Staff Director
                  Hope Goins, Minority Staff Director
                                 
                                 
                                 ------                                

         SUBCOMMITTEE ON TRANSPORTATION AND PROTECTIVE SECURITY

                     John Katko, New York, Chairman
Mike Rogers, Alabama                 Bonnie Watson Coleman, New Jersey
Brian K. Fitzpatrick, Pennsylvania   William R. Keating, Massachusetts
Ron Estes, Kansas                    Donald M. Payne, Jr., New Jersey
Debbie Lesko, Arizona                Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Kyle D. Klein, Subcommittee Staff Director
                            
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable John Katko, a Representative in Congress From the 
  State of New York, and Chairman, Subcommittee on Transportation 
  and Protective Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable Bonnie Watson Coleman, a Representative in Congress 
  From the State of New Jersey, and Ranking Member, Subcommittee 
  on Transportation and Protective Security:
  Oral Statement.................................................     4
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     6

                               Witnesses

Ms. Wendy Reiter, Director, Aviation Security, Port of Seattle:
  Oral Statement.................................................     8
  Prepared Statement.............................................     9
Mr. Stephen A. Alterman, President, Cargo Airline Association:
  Oral Statement.................................................    11
  Prepared Statement.............................................    13
Ms. Lauren Beyer, Vice President, Security and Facilitation, 
  Airlines for America:
  Oral Statement.................................................    14
  Prepared Statement.............................................    16
Mr. Tim Canoll, President, Air Line Pilots Association:
  Oral Statement.................................................    19
  Prepared Statement.............................................    20

                                Appendix

Question From Honorable Brian K. Fitzpatrick for Tim Canoll......    40

 
 INSIDER THREATS TO AVIATION SECURITY: AIRLINE AND AIRPORT PERSPECTIVES

                              ----------                              


                     Wednesday, September 27, 2018

             U.S. House of Representatives,
                    Subcommittee on Transportation 
                           and Protective Security,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:04 a.m., in 
room HVC-210, Capitol Visitor Center, Hon. John Katko (Chairman 
of the subcommittee) presiding.
    Present: Representatives Katko, Estes, Lesko, and Watson 
Coleman.
    Mr. Katko. The Committee on Homeland Security, Subcommittee 
on Transportation and Protective Security, will come to order. 
The subcommittee is meeting today to examine the risk insider 
threats pose to America's aviation system. I now recognize 
myself for an opening statement.
    First, I want to acknowledge House passage of a 
comprehensive 5-year FAA reauthorization. This legislation also 
includes a full authorization of the Transportation Security 
Administration. This is the first time TSA has been 
reauthorized since the agency was stood up following the terror 
attacks of September 11.
    This bipartisan bill includes not only 22 House-passed 
transportation security bills, but also a number of key 
provisions from last year's DHS authorization legislation.
    I look forward to seeing this legislation move quickly 
through the Senate and to the President's desk so that we can 
implement unprecedented transparency and accountability at TSA 
and make the agency more adaptive to evolving threats to the 
traveling public.
    Now, on to the topic of today's hearing.
    When considering threats facing America's aviation sector, 
it is critical that we consider the security threats emanating 
from inside the sector itself. Insider threats can manifest 
themselves in a variety of ways, including drug and weapon 
smuggling, human trafficking, terror plots, and others.
    For example, in 2013, Terry Loewen, an avionics technician 
at Wichita Mid-Continent Airport, was arrested by the FBI for 
plotting a suicide attack using a vehicle-borne improvised 
explosive device. Loewen intended to use his airport 
credentials to gain access to the tarmac and detonate the truck 
near aircraft and the passenger terminal during peak holiday 
travel to maximize casualties.
    In 2014, Eugene Harvey, a baggage handler at Hartsfield-
Jackson International Airport, smuggled 153 firearms, including 
AK-47 assault weapons, on 17 flights between Atlanta and New 
York. Harvey was able to bring the guns into the sterile area 
of the airport using a secure identification display area, or 
SIDA badge, because he was not subjected to physical security 
screening.
    Additionally, in May 2018, 10 airline employees at Dallas/
Fort Worth International Airport were indicted as part of an 
FBI undercover operation. The employees believed they were 
smuggling methamphetamines. One of the employees who was 
indicted said he would be able to smuggle guns as well, and 
another told undercover agents he would be willing to smuggle 
explosives for the right price. That is truly frightening.
    Most recently, in August 2018, Richard Russell, a ground 
service agent at Seattle-Tacoma International Airport who held 
valid security credentials, entered an aircraft maintenance 
area and stole a commercial aircraft before crashing it to take 
his own life.
    Just last week, a student pilot jumped a security fence at 
Orlando Melbourne international Airport and boarded a passenger 
jet that was undergoing maintenance. While it is unclear what 
his intentions were, there remain access control concerns 
surrounding that incident and many others.
    This string of disturbing incidents clearly demonstrates 
the risk insider threats pose to our Nation's aviation system. 
I am concerned that the same vulnerabilities that were 
exploited in these situations could also be exploited by 
terrorists to carry out an attack.
    Over the past few years, progress has certainly been made 
to address these gaps, especially with respect to pre-
employment vetting and screening of aviation workers before 
entering the secure area of the airport.
    However, the fact that these insider threats continue to 
manifest would seem to indicate that the current system has not 
proven to be a sufficient deterrent for employees with 
malicious intent.
    This committee has passed multiple pieces of legislation 
dealing with aviation employee vetting and access controls, 
including my bill, H.R. 876, the Aviation Employee Screening 
and Security Enhancement Act of 2017, which should be headed to 
the President's desk as part of the FAA reauthorization.
    While this bill has many provisions that will help mitigate 
insider threats, this is not an issue that can be dealt with 
solely through legislation. You all know it takes a lot more 
for me to acknowledge that.
    At this hearing, the subcommittee has the opportunity to 
hear from a number of aviation stakeholders with varying 
perspectives on how we can respond to insider threats. The 
groups these individuals represent are on the front lines and 
have unique insight into how best to combat the threats facing 
our Nation's aviation system.
    I look forward to discussing how we can better screen and 
vet aviation employees and improve access controls to help 
ensure the sensitive areas of our Nation's airports are secure.
    I also look forward to hearing the witnesses' opinions on 
how the Federal Government can better work with industry to 
address any existing vulnerabilities in our current system.
    I truly believe that close collaboration between all the 
relevant stakeholders--we are not interested in ``gotcha'' 
moments here today, we are just interested in a frank 
discussion--will be key to tackling the array of insider 
threats facing America's aviation sector.
    I would like to thank all of you for showing up today, and 
I look forward to hearing your testimony.
    [The statement of Chairman Katko follows:]
                    Statement of Chairman John Katko
                           September 27, 2018
    First, I want to acknowledge House passage of a comprehensive, 5-
year FAA Reauthorization. This legislation also includes a full 
reauthorization of the Transportation Security Administration. This is 
the first time TSA has been reauthorized since the agency was stood up 
following the terror attacks of September 11.
    This bipartisan bill includes not only 22 House-passed 
transportation security bills, but also a number of key provisions from 
last year's DHS Authorization legislation.
    I look forward to seeing this legislation move quickly through the 
Senate and to the President's desk, so that we can implement 
unprecedented transparency and accountability at TSA and make the 
agency more adaptive to evolving threats to the traveling public. Now, 
on to the topic of today's hearing.
    When considering threats facing America's aviation sector, it is 
critical that we consider the security threats emanating from inside 
the sector itself.
    Insider threats can manifest themselves in a variety of ways, 
including drug and weapons smuggling, human trafficking, terror plots, 
and others.
    For example, in December 2013, Terry Loewen--an avionics technician 
at Wichita Mid-Continent Airport--was arrested by the FBI for plotting 
a suicide attack using a vehicle-borne improvised explosives device.
    Loewen intended to use his airport credentials to gain access to 
the tarmac and detonate the truck near aircraft and the passenger 
terminal during peak holiday travel to maximize casualties.
    In 2014, Eugene Harvey, a baggage handler at Hartsfield-Jackson 
International Airport, smuggled 153 firearms, including AK-47 assault 
weapons, on 17 flights between Atlanta and New York.
    Harvey was able to bring the guns into the sterile area of the 
airport using his Secure Identification Display Area--or SIDA--badge, 
because he was not subjected to physical security screening.
    Additionally, in May 2018, 10 airline employees at Dallas/Fort 
Worth International Airport were indicted as part of an FBI undercover 
operation. The employees believed they were smuggling methamphetamines.
    One of the employees who was indicted indicated he would be able to 
smuggle guns as well, and another told undercover agents he would be 
willing to smuggling explosives for the right price.
    Most recently, in August 2018, Richard Russell, a ground services 
agent at Seattle-Tacoma International Airport who held valid security 
credentials, entered an aircraft maintenance area and stole a 
commercial aircraft before crashing it order to take his own life.
    Just last week, a student pilot jumped a security fence at Orlando 
Melbourne International Airport and boarded a passenger jet that was 
undergoing maintenance. While it is unclear what his intentions were, 
there remain access controls concerns surrounding that incident.
    This string of disturbing incidents clearly demonstrates the risk 
insider threats pose to our Nation's aviation system. I am concerned 
that the same vulnerabilities that were exploited in these situations 
could also be exploited by terrorists to carry out an attack.
    Over the past few years, progress has certainly been made to 
address the gaps, especially with respect to pre-employment vetting and 
screening aviation workers before entering the secure area of the 
airport.
    However, the fact that these insider threats continue to manifest 
would seem to indicate that the current system has not proven to be a 
sufficient deterrent for employees with malicious intent.
    This committee has passed multiple pieces of legislation dealing 
with aviation employee vetting and access controls including my bill, 
H.R. 876, The Aviation Employee Screening and Security Enhancement Act 
of 2017, which should be headed to the President's desk as part of the 
FAA reauthorization.
    While this bill has many provisions that will help mitigate insider 
threats, this is not an issue that can be dealt with solely through 
legislation--and you all know it takes a lot for me to acknowledge 
that.
    At this hearing, the subcommittee has the opportunity to hear from 
a number of aviation stakeholders, with varying perspectives on how we 
can respond to insider threats.
    The groups these individuals represent are on the front lines and 
have unique insight into how to best combat the threats facing our 
Nation's aviation system.
    I look forward to discussing how we can better screen and vet 
aviation employees and improve access controls to help ensure the 
sensitive areas of our Nation's airports are secure.
    I also look forward to hearing the witness' opinions on how the 
Federal Government can better work with industry to address any 
existing vulnerabilities in our current system. I truly believe that 
close collaboration between all the relevant stakeholders will be key 
in truly tackling the array of insider threats facing America's 
aviation sector.
    I'd like to thank the witnesses again for being here today and I 
look forward to hearing their testimony.

    Mr. Katko. I am pleased to recognize the Ranking Member of 
the subcommittee, the gentlelady and good friend from New 
Jersey, Mrs. Watson Coleman for her opening statement.
    Mrs. Watson Coleman. Good morning and thank you, Chairman. 
Thank you for holding this hearing.
    Thank you to the witnesses for being willing to share your 
experience, your concern, and your expectations of future 
things that we can do.
    I also want to thank the Chairman for his collaboration in 
putting together the package of TSA legislation that he 
referred to and that was included in the FAA Reauthorization 
Act that passed the House yesterday.
    By my count, the package included 21 TSA bills that 
originated in this subcommittee, reflecting the extent of our 
bipartisan work in this Congress and to the extent to which we 
have been listening to those who have come before us.
    In addition to bills I authored to enhance surface 
transportation security and authorize TSA's National Deployment 
Force, the package includes several provisions relevant to 
today's hearing.
    Congressman Keating's bill, the Airport Perimeter and 
Access Control Security Act, requires the TSA administrator to 
update key risk assessments and strategies guiding perimeter 
security and access control efforts.
    Chairman Katko's bill, the Aviation Employee Screening and 
Security Enhancement Act, of which I am a co-sponsor, directs a 
cost and a feasibility study of enhanced employee inspections 
at airport access points as well as an assessment of credential 
standards.
    These bills build upon provisions enacted in the 2016 FAA 
Extension Act that required TSA to update rules on airport 
access controls and improve criminal background checks.
    TSA and industry stakeholders have worked to implement 
these requirements and other measures to enhance security, 
including recommendations made by the Aviation Security 
Advisory Committee.
    For example, the TSA has developed the Advanced Threat 
Location Allocation Strategy, or ATLAS, to ensure limited 
resources for employee screening are deployed based on risk and 
in a manner that maximizes the expectation among employees that 
they will be subjected to screening.
    Airports and airlines, for their part, have worked hard to 
reduce access points to secure areas and improve security 
awareness among employees.
    All parties deserve recognition for taking these threats 
seriously and coming to the table to develop sensible and 
effective solutions.
    Nevertheless, recent incidents have made clear that 
significant vulnerabilities remain. Last month, the Horizon Air 
employee was able to steal and fly a passenger jet at Seattle-
Tacoma International Airport, ultimately crashing it in what 
was fortunately an unpopulated area killing only himself. If 
this individual had different intentions or if we had simply 
been less lucky, the incident could have placed all of downtown 
Seattle in grave danger.
    Then just a week ago, a student pilot was able to jump over 
a perimeter security fence at Orlando Melbourne International 
Airport and access a cockpit of a large passenger jet. 
Fortunately, two courageous maintenance workers were on board 
the plane and heroically disrupted the apparent plot to steal 
the plane.
    Again, under slightly different circumstances, events could 
have played out much more negatively.
    While the student pilot in Orlando was not an insider in 
the same way as an airline worker in Seattle, the incident 
highlighted the need to control access to aircraft more 
strictly, as well as the need to better secure airport 
perimeters.
    It has also highlighted that these workers should not be 
viewed primarily as a threat to aviation, but rather as 
important security partners. Aviation workers know airports 
better than anyone. They know who should be where, and they 
recognize when something is out of place. Security solutions 
must be developed in consultation with workers and take full 
advantage of their expertise, as well as perhaps additional 
training on awareness standards.
    Both of these recent incidents are being investigated, and 
I certainly am eager to learn more about the motives of the 
individuals in question and how they were able to defeat 
security measures so easily.
    In the mean time, I hope our witnesses today will be able 
to shed some light on how similar incidences can be prevented 
in the future and what this committee can do to be helpful.
    Thank you. I look forward to discussing the issues today. I 
yield back my time.
    [The statement of Ranking Member Watson Coleman follows:]
           Statement of Ranking Member Bonnie Watson Coleman
                           September 27, 2018
    I want to thank Chairman Katko for his collaboration in putting 
together the package of TSA legislation that was included in the FAA 
Reauthorization Act that passed the House yesterday.
    By my count, the package includes 21 TSA bills that originated in 
this subcommittee, reflecting the extent of our bipartisan work this 
Congress.
    In addition to bills I authored to enhance surface transportation 
security and authorize TSA's National Deployment Force, the package 
includes several provisions relevant to today's hearing.
    Congressman Keating's bill, the Airport Perimeter and Access 
Control Security Act, requires the TSA administrator to update key risk 
assessments and strategies guiding perimeter security and access 
control efforts.
    Chairman Katko's bill, the Aviation Employee Screening and Security 
Enhancement Act, of which I am a co-sponsor, directs a cost and 
feasibility study of enhanced employee inspections at airport access 
points, as well as an assessment of credentialing standards.
    These bills build upon provisions enacted in the 2016 FAA Extension 
Act that required TSA to update rules on airport access controls and 
improve criminal background checks.
    TSA and industry stakeholders have worked to implement those 
requirements and other measures to enhance security, including 
recommendations made by the Aviation Security Advisory Committee.
    For example, TSA has developed the Advanced Threat Location 
Allocation Strategy, or ``ATLAS,'' to ensure limited resources for 
employee screening are deployed based on risk and in a manner that 
maximizes the expectation among employees that they will be subject to 
screening.
    Airports and airlines, for their part, have worked to reduce access 
points to secure areas and improve security awareness among employees.
    All parties deserve recognition for taking these threats seriously 
and coming to the table to develop sensible and effective solutions.
    Nevertheless, recent incidents have made clear that significant 
vulnerabilities remain.
    Last month, a Horizon Air employee was able to steal and fly a 
passenger jet at Seattle-Tacoma International Airport, ultimately 
crashing it in what was fortunately an unpopulated area, killing only 
himself.
    If this individual had had different intentions, or if we had 
simply been less lucky, the incident could have placed all of downtown 
Seattle in grave danger.
    Just a week ago, a student pilot was able to jump over a perimeter 
security fence at Orlando-Melbourne International Airport and access 
the cockpit of a large passenger jet.
    Fortunately, two courageous maintenance workers were on board the 
plane and heroically disrupted the apparent plot to steal another 
plane.
    Again, under slightly different circumstances, events could have 
played out much more negatively.
    While the student pilot in Orlando was not an ``insider'' in the 
same way as the airline worker in Seattle, the incident highlighted the 
need to control access to aircraft more strictly--as well as the need 
to better secure airport perimeters.
    It also highlighted that workers should not be viewed primarily as 
a threat to aviation, but rather as important security partners.
    Aviation workers know airports better than anyone. They know who 
should be where, and they recognize when something is out of place.
    Security solutions must be developed in consultation with workers 
and take full advantage of their expertise.
    Both of these recent incidents are being investigated, and I am 
eager to learn more about the motives of the individuals in question 
and how they were able to defeat security measures so easily.
    In the mean time, I hope our witnesses today will be able to shed 
some light on how similar incidents can be prevented in the future and 
what this committee can do to be helpful.

    Mr. Katko. Thank you, Mrs. Watson Coleman.
    It is really amazing that 21 of our bills that came out of 
this committee got into the FAA bill. It is really a great sign 
of the teamwork that we have on this subcommittee and the 
bipartisanship, because National security should not be a 
partisan issue, and it is certainly not in this subcommittee.
    So I want to thank Mrs. Watson Coleman for her statement. 
Other Members of the subcommittee are reminded that opening 
statements may be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                           September 27, 2018
    Good morning and thank you to the Chairman for convening today's 
hearing.
    Today's hearing is timely given recent events.
    Twice in the last 2 months, unauthorized individuals have accessed 
cockpits of passenger jets.
    In the first case, a ground crew worker at Seattle-Tacoma 
International Airport was able to commandeer an unoccupied plane, take 
off from the airport, and fly around the Seattle-Tacoma area for an 
hour before crashing in a wooded area, killing only himself.
    In the second case, a student pilot with unclear intentions was 
able to hop a fence at Orlando-Melbourne International Airport and gain 
entry to an airplane cockpit before being tackled and detained by two 
workers who happened to be on the plane.
    While the details of these events are still being investigated, it 
is clear that a major loss of life was prevented by sheer luck--and by 
the heroism of the two workers who acted bravely and selflessly to 
prevent catastrophe.
    These events are the latest in a string of incidents displaying the 
challenges the aviation industry faces in controlling access to secure 
areas and aircrafts.
    Each incident is unique and highlights slightly different 
vulnerabilities depending on the people and airport involved.
    Given the complexity of the aviation system, no single solution 
will serve as a ``silver bullet'' to ensure sufficient security.
    Instead, the TSA, airports, airlines, and other stakeholders must 
work collaboratively to develop and implement layered security measures 
that address security gaps and reduce risk as much as possible.
    The Airport Perimeter and Access Control Security Act, introduced 
by Congressman Keating, will go a long way in directing that work by 
requiring TSA to update its risk assessments and strategies for 
perimeter security and access controls.
    I was happy to see that bill included in the FAA Reauthorization 
Act that passed the House yesterday, along with 8 other Democratic 
bills and numerous other provisions that will strengthen TSA's security 
efforts across all modes of transportation.
    Today, I hope to gain additional perspective on recent security 
incidents and learn from our witnesses what this committee can do to 
further support their security efforts.
    I look forward to engaging in a productive discussion on these 
issues.
    Again, thank you to the Chairman for his attention to these issues 
and to our witnesses for appearing before us today.

    Mr. Katko. We are grateful to have a very distinguished 
panel here to testify before us today. Let me remind each of 
you that your entire written statement will appear in the 
record.
    Our first witness, Ms. Wendy Reiter, currently serves as 
the director of aviation security for Seattle-Tacoma 
International Airport. In this position, she leads the Port of 
Seattle's Aviation Security Department and oversees all TSA 
mandates that involve the safety and security of the 16,000 
employees and travelers at the Sea-Tac Airport.
    She joined the Port of Seattle as the senior manager of 
airport terminal operations in 2001, where she served as the 
primary liaison to airlines.
    Prior to joining the Port of Seattle, Ms. Reiter was a 
station manager for Southwest Airlines--and you have got to get 
him to Syracuse, OK, I keep begging them--and director of 
customer service for Northwest Airlines, where she received 
numerous awards for leadership and outstanding customer 
service.
    Before I recognize Ms. Reiter for her opening statement, I 
want to reiterate what I said during my opening statement. That 
is, we are not interested in gotcha moments here today. We are 
interested in a free-flowing, frank discussion about how we can 
make airports safer from an insider threat perspective.
    So we welcome your input. Don't wait for us to call on you. 
If you have something, signal to us, and we will be happy to 
include you in the conversation.
    So with that, I will recognize Ms. Reiter for her opening 
statement.

STATEMENT OF WENDY REITER, DIRECTOR, AVIATION SECURITY, PORT OF 
                            SEATTLE

    Ms. Reiter. Chairman Katko, Ranking Member Watson Coleman, 
and Members of the committee, thank you for the opportunity to 
join you again today. My name is Wendy Reiter, and I serve as 
the director of aviation security for Seattle-Tacoma 
International Airport.
    Sea-Tac Airport has long prioritized the safety and 
security of our passengers, employees, and nearby residents. 
This commitment has driven Sea-Tac to do everything reasonable 
to invest in aviation security above and beyond what is 
required of us by Federal law, which has made us one of the 
leading airports in the country as it relates to insider threat 
and perimeter security.
    I am pleased to be here today to share some of the specific 
tactics we have employed at Sea-Tac, although I will note that 
I am not here to suggest that all airports should adopt these 
exact practices. Sea-Tac recognizes that it is up to each 
airport's local leadership to determine how to best invest 
limited resources for maximum return.
    Let me start with our approach to insider threat. First, 
before giving airport badges to employees and throughout the 
badge holder's employment, we work closely with the TSA and FBI 
to conduct regular background checks, both scheduled and 
unscheduled.
    These badges allow us to restrict sterile areas to vetted 
employees and use access controls to limit specific areas of 
the airport and airfield to only the most relevant employees.
    We are also planning, by end of this year, to be enrolled 
in the Rap Back program to ensure that badge access is 
immediately revoked from anyone with a newly-discovered 
disqualifying crime.
    Second, each of our sterile area access doors requires both 
a bag scan and a biometric fingerprint scan. The biometric 
element has been in place at Sea-Tac since shortly after 
September 11, 2001, and it is an additional layer of security 
that allows us to confirm that the badge matches the users. In 
certain cases, we have added a third level of security to 
require a pin that is specific to the person.
    Third, as of spring 2017, we have implemented physical 
screening to all employees accessing sterile areas of the 
airport terminal. Full employee screening required a 
significant upfront investment and major recurring cost to the 
airport, but we have been very pleased with results in terms of 
both security and employee convenience.
    As it relates to perimeter security, our plan is to 
institute physical employee screening at all of our airfield 
perimeter gates by the middle of 2019.
    We have also invested in three Air Scent dogs, which are 
trained to detect and trail explosive odors on moving persons, 
which is a huge advantage in the front of the airport around 
ticketing and baggage claim.
    At the end of the day, all security systems are based on 
thoughtful risk management and no security system is perfect or 
able to anticipate every potential action. For instance, Sea-
Tac experienced a high-profile insider incident just last 
month.
    That is why Sea-Tac recently joined in creating a new 
Industry Working Group on Aviation Security Best Practices. The 
group will baseline aviation security best practices and our 
findings will be included in the final report of the TSA's ASAC 
Insider Threat Subcommittee, of which I am a member.
    Specific topics for investigation include aircraft 
security, employee training and reward programs, mental health 
programs, and airport coordination operation centers.
    Sea-Tac has also initiated an independent third-party 
after-action report of our most recent insider incident to 
identify other changes that our airport will consider.
    I want to close by noting a series of activities coming 
together at the end of the year.
    TSA Administrator Pekoske expects ASAC to report back to 
him, and the Sea-Tac after-action report and the industry 
working group findings will also be completed by that time.
    Combined with the potential TSA and FBI reports on the 
recent Sea-Tac incident, the aviation community will have an 
incredible opportunity in early 2019 to thoughtfully discuss 
opportunities to move forward in impactful ways on insider 
threat.
    I look forward to working with this committee and others at 
that time.
    Thank you for your time today. I welcome any questions you 
may have.
    [The prepared statement of Ms. Reiter follows:]
                   Prepared Statement of Wendy Reiter
                           September 27, 2018
    Chairman Katko, Ranking Member Watson Coleman, and Members of the 
committee, thank you for the opportunity to discuss aviation insider 
threat and perimeter security issues with you today. My name is Wendy 
Reiter, and I currently serve as the director of aviation security for 
Seattle-Tacoma International Airport (Sea-Tac), which is owned and 
operated by the Port of Seattle. I also recently served as vice-chair 
of the Transportation Security Services committee of the American 
Association of Airport Executives.
    Sea-Tac Airport has long prioritized the safety and security of our 
passengers, employees, and nearby residents as our top responsibility. 
As an independent port authority governed by directly-elected 
Commissioners, protecting against threats both external and internal is 
a core part of our DNA. This commitment has driven Sea-Tac to do 
everything reasonable to invest in infrastructure, technology, and 
procedures that increase aviation security--above and beyond what is 
required of us by Federal law--which has made us one of the leading 
airports in the country as it relates to insider threat and perimeter 
security.
    We deeply appreciate the partnership we have with the 
Transportation Security Administration (TSA), including both local TSA 
staff as well as TSA leadership in Washington, DC. I also want to thank 
the subcommittee for your work on the Checkpoint Optimization and 
Efficiency Act, which has resulted in improved collaboration, 
communication, and information sharing at the local level.
    I am pleased to be here today to share some of the specific tactics 
we have employed at Sea-Tac, although I will note that we are not here 
to suggest that all airports should adopt these exact practices. As the 
old saying goes, ``if you've seen one airport, you've seen one 
airport,'' and so we recognize that it is up to each airport's local 
leadership to determine how to best invest limited resources for 
maximum return. This is particularly true for insider threat issues, 
which may not be fully preventable no matter how many layers of 
security and redundancies are put into place.
    Let me start with our approach to insider threat, which is mainly 
focused around three key aspects: Credentialing, biometrics, and 
physical employee screening. First, in terms of credentialing, we work 
closely with the Transportation Security Administration (TSA) and 
Federal Bureau of Investigation (FBI) to conduct regular background 
checks on all employees, both scheduled and unscheduled. Those badges 
not only allow us to ensure that sterile areas are restricted to vetted 
employees but also to use access controls to further limit specific 
areas of the airport and airfield to only the most relevant employees. 
We are also planning by the end of this year to be enrolled in the``Rap 
Back'' program to ensure that badge access is immediately revoked from 
anyone with a newly-discovered disqualifying crime.
    Second, each of our sterile-area access doors requires both a badge 
scan and a biometric fingerprint scan. The biometric element has been 
in place at Sea-Tac since shortly after September 11, 2001, and is an 
additional layer of security that allows us to confirm that the badge 
matches the user. In certain cases, we have added a third level of 
authentication to require the user to scan and swipe their badge as 
well as enter a uniquely assigned personal identification number (PIN).
    Third, as of spring 2017, we have implemented physical screening 
for all employees accessing the sterile areas of the airport terminals. 
We have multiple checkpoints, each with a magnetometer, that are 
staffed by Port of Seattle employees hired specifically for this 
purpose. Full employee screening required a significant upfront 
investment and major recurring costs to the airport, but we have been 
very pleased with the results in terms of both security and employee 
convenience. We've been able to process as many as 300 employees per 
hour, and have now screened approximately 1.5 million individuals over 
the last year-and-a-half. This screening has resulted several times in 
the seizure of both weapons and drugs, which we believe we would have 
been not caught without such a system in place.
    At Sea-Tac, we have 500 different employers operating at the 
airport, and there are limitations to the requirements that we can 
impose on all of those different entities and their workers. We rely on 
a partnership ethic to make any substantive changes to protocols and 
practices, and we are grateful for their openness to pursuing these 
important investments.
    As it relates to perimeter security, Sea-Tac has made major 
investments in both employee screening and explosive detection canines. 
While we've had physical screening of employees inside the airport for 
the last year-and-a-half, our plan is to institute the same level of 
security at all of our airfield perimeter gates by the middle of 2019. 
This new procedure will require every person entering the airfield to 
walk through a magnetometer, and will include visual screening of all 
vehicles--again by specifically trained Port of Seattle staff.
    We have also invested in purchasing our own explosive detection 
canines. In addition to the 8 Port of Seattle Police Department canine 
teams trained at the TSA canine training center at Lackland Air Force 
Base to sniff stationary objects for explosives, the Port 2 years ago 
purchased 3 Air Scent-trained dogs from K2 Solutions in North Carolina. 
These dogs are trained to detect and trail explosive odors on a moving 
person, which is a huge advantage in the front of the airport around 
ticketing and baggage claim. The Port Police are the first law 
enforcement agency in Washington State to have certified working Air 
Scent Teams.
    At the end of the day, all security systems are based on thoughtful 
risk management and maximizing the use of resources that can have the 
biggest impact. No security system is perfect or able to anticipate 
every potential action, and we need to continue to adapt security 
protocols to meet new challenges.
    Sea-Tac is a perfect example of this truth: Despite all of the 
measures I just listed, we still experienced a high-profile insider 
incident just last month.
    The need to remain vigilant and constantly improve is why Sea-Tac 
recently joined in creating a new Industry Working Group on Aviation 
Security Best Practices. Last month, aviation industry representatives 
from Airlines for America, Airports Council International-North 
America, the American Association of Airport Executives, the Cargo 
Airline Association, the Regional Airline Association, and the National 
Air Carrier Association met to discuss how we can collectively baseline 
aviation industry best practices. The group agreed that the best 
practices identified through this working group should be shared with 
the U.S. aviation industry, and should also inform the work of the 
TSA's Aviation Security Advisory Committee's (ASAC) Insider Threat 
subcommittee. The ASAC subcommittee has committed to incorporating 
these recommendations into its final report.
    As part of the working group's efforts, we are in the process of 
surveying aviation industry peers about best practices, and hope to 
have recommendations by the end of this year. Specific topics for 
investigation include aircraft security, employee training and reward 
programs, mental health programs, and airport coordination/operation 
centers. Sea-Tac has also intitiated an independent third-party after-
action report of our most recent insider incident, which will contain 
recommendations for changes that our airport will consider.
    I want to close by noting this confluence of activities that are 
coming together toward the end of the year. In his testimony to the 
Senate Commerce Committee earlier this month, TSA Administrator David 
Pekoske shared that he expects ASAC to report back to him by the end of 
the year on the status of their insider threat recommendations. 
Combined with the Sea-Tac after-action report, potential TSA and FBI 
reports on the recent Sea-Tac incident, and the industry working group 
findings, the aviation community will have an incredible opportunity in 
early 2019 to thoughtfully discuss opportunities to move forward in 
impactful ways on insider threat. I look forward to working with this 
committee and others at that time.
    Thank you for your time today, and I welcome any questions you may 
have.

    Mr. Katko. Thank you Ms. Reiter. There is an awful lot you 
mentioned that we are going to be following up on. We 
appreciate that very much.
    We applaud you for getting out ahead of the employee 
screening issue. It is becoming more and more apparent that 
that is a high priority within our system. There are other 
things that we are going to be talking about today. One of 
which I want to talk about at some point is the mental health 
component. That we need to deal with as well.
    The Chair now recognizes Mr. Alterman. He is the president 
of the Cargo Airline Association where he leads the association 
in promoting the All-Cargo Air Carrier Industry, formulating 
industry policy and overseeing the association's daily 
activities. He has his posse with him behind him today, all the 
guys from FedEx in those nice uniforms there. I met them out in 
the hallway.
    He is also a senior partner in Meyers and Alterman, a 
Washington, DC, law firm specializing in air transportation 
law.
    Steve began his career in aviation in 1968 in the Bureau of 
Enforcement for the United States Civil Aeronautics Board. 
Initially hired as a trial attorney, he was soon promoted to 
chief of the Legal Division.
    In 1975, he joined the Cargo Airline Association as 
executive director, and in 1982 took the lead role as 
president.
    We now recognize Mr. Alterman for his opening statement.

  STATEMENT OF STEPHEN A. ALTERMAN, PRESIDENT, CARGO AIRLINE 
                          ASSOCIATION

    Mr. Alterman. Thank you, Mr. Chairman.
    Chairman Katko, Ranking Member Watson Coleman, Members of 
the subcommittee, good morning. My name is Steve Alterman, and 
I am president of the Cargo Airline Association. As Mr. Katko 
just mentioned, I started in this in 1968, so I am old. Our 
organization is a Nation-wide organization representing the 
interests of the all-cargo industry.
    I also have the honor of currently serving as chairman of 
TSA's Aviation Security Advisory Committee.
    I thank you for inviting me today on the insider threat 
issue.
    Before going forward, I would like to thank this committee 
and the U.S. Congress for what they have done in the 
reauthorization--actually, the authorization of TSA and those 
provisions in the FAA reauthorization bill. The provisions in 
there are long-needed, and we really appreciate it, both from 
my day job in the Cargo Airline Association and with respect to 
ASAC.
    While the recent incident in Seattle involving the threat 
and subsequent fatal crash of a Horizon Air aircraft has again 
raised the issue of insider threats to aviation, the issue is 
not a new one. Members of our industry and TSA have for years 
recognized the need to address this issue.
    Accordingly, members of the all-cargo industry have taken 
steps to deal with the risk by designing and instituting 
programs that better enable them to recognize potential 
problems and to devise mitigation strategies.
    While these programs are unique to each carrier and are 
considered proprietary, they all include training in 
recognizing potentially dangerous behavior, usually coupled 
with a form of TSA's ``See Something, Say Something'' program. 
Some even reward employees who provide information that leads 
to resolving troublesome issue.
    Our member companies, along with our colleagues in the 
passenger airline and airport industry segments, have continued 
to work with TSA to develop and build more robust public 
protections against these threats.
    Even though the investigation into the Seattle incident is 
not yet complete, and we urge everyone to await the findings 
before drawing any final conclusions, virtually all members of 
our industry--passenger airlines, all-cargo airlines, and 
airports--recognize the need to come together to share 
information, develop a set of recommended best practices, and 
share those practices among all industry participants. That is 
the same program that Wendy mentioned in her testimony.
    This effort is on-going and it is anticipated that the 
practices developed will also be shared with the new ASAC 
Insider Threat Subcommittee that was established in late May of 
this year.
    The Insider Threat Subcommittee replaces and expands upon 
ASAC's former Employee Access Working Group that made 28 
separate recommendations to the TSA for controlling access to 
the secure area of airports. Many of these recommendations have 
been instituted and others are in varying stages of 
development.
    As Ranking Member Watson Coleman indicated, one of these 
programs is the ATLAS program, which is an attempt to make sure 
that every employee understands that they are likely to be 
screened or challenged anywhere in the airport during their 
job.
    This is a program that is currently in development. It has 
been employed in a few areas. It needs to continue that 
development so that the final goal of employee expectations of 
screening is accomplished.
    In addition, ASAC in a report to the administrator that was 
sent on July 19 of this year has reviewed existing programs, 
both in the United States and overseas, to compare existing 
domestic insider threat initiatives, recognize practices that 
are common among insider threat programs, and review insider 
threat mitigation programs at international airports.
    The next phase of this project will be to expand the 
inquiry to make specific mitigation recommendations to the 
administrator.
    This on-going effort will also take into account the 
specific provisions of the FAA Reauthorization Act of 2018 that 
is expected to be enacted within the next several weeks.
    These provisions include, among others, sections 1933 and 
1934 that deal with the requirement to conduct a cost and 
feasibility study of airport worker access controls and a 
review of existing credentialing standards.
    To conclude, the issue of insider threats in all segments 
of our economy is a serious one, and every effort must be made 
to develop strategies to deter and defeat efforts to harm from 
within. This effort encompasses both members of the industry 
individually and between industry and the Federal Government. 
The all-cargo airlines are committed to this effort, as are our 
members of the Aviation Security Advisory Committee.
    Thank you again for inviting me. I would be happy to answer 
any questions.
    [The prepared statement of Mr. Alterman follows:]
               Prepared Statement of Stephen A. Alterman
                           September 27, 2018
    Chairman Katko, Ranking Member Watson Coleman, and Members of the 
subcommittee, good morning. My name is Steve Alterman and I am 
president of the Cargo Airline Association, the Nation-wide 
organization representing the interests ofthe all-cargo air carrier 
segment of the aviation marketplace.\1\ I also have the honor of 
currently serving as chairman the TSA Aviation Security Advisory 
Committee (ASAC). Thank you for inviting me to testify today on the 
issue of insider threats to our industry.
---------------------------------------------------------------------------
    \1\ Air carrier members are ABX Air, Inc., Atlas Air, DHL Express, 
FedEx Express, Kalitta Air, and United Parcel Service Co.
---------------------------------------------------------------------------
    While the recent incident in Seattle involving the theft and 
subsequent fatal crash of a Horizon Air aircraft has again raised the 
issue of insider threats to aviation, the issue is not a new one for 
aviation interests. Members of our industry--and TSA--have for years 
recognized the need to address this issue. Accordingly, members of the 
all-cargo industry have taken steps to deal with the risk by designing 
and instituting programs that better enable them to recognize potential 
problems and to devise mitigation programs. While these programs are 
unique to each carrier and are considered proprietary, they include 
training in recognizing potentially dangerous behavior, usually coupled 
with a form of TSA's ``See Something, Say Something'' program. Some 
even reward employees who provide information that leads resolving 
troublesome issues. And our member companies, along with our colleagues 
in the passenger airline and airport industry segments, have continued 
to work with TSA to develop and build more robust protections against 
these threats.
    Even though the investigation into the Seattle incident is not yet 
complete, and we urge everyone to await the findings of the FBI before 
drawing any conclusions, virtually all members of the industry--
passenger airlines, all-cargo airlines and airports--recognized the 
need to come together to share information, develop a set of 
recommended ``best practices'', and share those practices among all 
industry participants. This effort is on-going and it is anticipated 
that the practices developed will be shared with the new ASAC Insider 
Threat subcommittee that was established in late May of this year.
    This Insider Threat subcommittee replaces, and expands upon, ASAC's 
former Employee Access Working Group that made 28 separate 
recommendations to TSA for controlling access to the secure area of 
airports. Many of these recommendations have been instituted and others 
are in varying stages of development. In addition, ASAC, in a report 
sent to the administrator on July 19, 2018, has reviewed existing 
programs both in the United States and overseas to:
   Compare existing domestic Insider Threat initiatives;
   Recognize practices that are common among mature insider 
        threat programs; and
   Review Insider Threat mitigation programs at international 
        airports.
    The next phase of this project will be to expand the inquiry to 
make specific mitigation recommendations to the TSA administrator. This 
on-going effort will also take into account the specific provisions of 
the FAA Reauthorization Act of 2018 (H.R. 302) that is expected to be 
enacted by Congress within the next several weeks. These provisions 
include, among others, sections 1933 and 1934 that deal with the 
requirement to conduct a cost and feasibility study of airport worker 
access controls and a review of existing credentialing standards.
    To conclude, the issue of insider threats in all segments of our 
economy is a serious one and every effort must be made to develop 
strategies that deter and defeat efforts to do harm from within. This 
effort encompasses both members of industry individually and between 
industry and our Government partners. The all-cargo airlines are 
committed to this effort, as are the members of the Aviation Security 
Advisory Committee.
    Thank you again for inviting me to testify. I would be happy to 
answer any questions.

    Mr. Katko. Thank you, Mr. Alterman. I appreciate you being 
here today.
    Our third witness is Ms. Lauren Beyer. Ms. Beyer is the 
vice president for security and facilitation at Airlines for 
America. In this role, she is responsible for security, cargo, 
and facilitation issues and works collaboratively with A4A 
member airlines to advance priorities focused on the safe, 
secure, and efficient transportation of passenger and goods.
    She oversees all aspects of interaction with the Department 
of Homeland Security, Customs and Border Protection, and the 
Transportation Security Administration.
    Prior to joining A4A, Ms. Beyer served as the director for 
aviation and surface transportation security at the National 
Security Council, where she was responsible for planning, 
directing, and coordinating the development of National 
aviation security policies.
    The Chair now recognizes Ms. Beyer for her opening 
statement.

    STATEMENT OF LAUREN BEYER, VICE PRESIDENT, SECURITY AND 
               FACILITATION, AIRLINES FOR AMERICA

    Ms. Beyer. Thank you.
    Good morning, Chairman Katko, Ranking Member Watson 
Coleman, and Members of the subcommittee. My name is Lauren 
Beyer. I am the vice president for security and facilitation at 
Airlines for America. Thank you for inviting me here today to 
discuss insider threats.
    The safety and security of our passengers and employees is 
our single highest priority. We take aviation security very 
seriously. We share this common goal with the Transportation 
Security Administration and work cooperatively and 
collaboratively with them every day to make sure our skies are 
secure.
    Given the vast geography and sheer volume of air travel, it 
is exceedingly important that we approach security in a smart, 
effective, and efficient manner that best utilizes the finite 
resources available in a system that both improves security and 
facilitates commerce.
    We believe that system is best represented through the 
principles of risk-based security, which is the linchpin and 
bedrock of our security system today.
    One of our Nation's greatest challenges is to strike the 
right balance between managing risk and overreaction. Enhanced 
mitigation of insider threats and the efficient operation of 
our Nation's airports are not mutually-exclusive goals. 
Government and industry must continue to work together to find 
pragmatic approaches that appropriately balance these issues.
    Insider threat, individuals with privileged access to 
sensitive areas who misuse this access and compromise security, 
is of great concern to the aviation industry. That is why 
airlines have acted to address this risk.
    Some of these measures include enhancements to access 
control, such as increased CCTV coverage, implementing ``See 
Something, Say Something'' campaigns, as my colleagues have 
already mentioned, providing multiple avenues for reporting of 
suspicious activity, and offering employee assistance programs.
    The tragic incident at Seattle-Tacoma International Airport 
in August of this year is a somber reminder of the constant 
vigilance required to keep our skies safe. These kinds of 
incidents require careful investigation and root cause analysis 
to determine corrective actions that may be required to 
mitigate identified security vulnerabilities.
    However, the industry is not sitting idly by while the 
investigation is on-going. In fact, as has been mentioned 
already, A4A, along with many of our stakeholders partners, has 
initiated an effort to bring together subject-matter experts 
from across industry and Government to solicit and thoroughly 
evaluate airport and aircraft security best practices.
    These practices will be shared across the aviation industry 
and will also inform the work of the ASAC Insider Threat 
Subcommittee that has already been mentioned. We strongly 
believe the ASAC is the appropriate venue in which to examine 
these matters and produce recommendations.
    Airlines have worked collaboratively with TSA airports and 
other stakeholders to implement the 2015 ASAC recommendations 
to improve employee access controls. Three years later, we 
applaud TSA and the larger aviation community for implementing 
the vast majority of those recommendations, and we continue to 
urge full implementation of those that are still pending.
    One aspect of access control that has received much 
attention is security screening and inspection of employees, 
and deservedly so. We continue to believe that physical 
screening of employees is one of several critical elements that 
should be used in combination to enhance access control.
    We applaud the subcommittee, and Chairman Katko in 
particularly, for his efforts to initiate a study to assess the 
impact of employee screening.
    We are also strong supporters of multiple security layers 
deployed on a risk-based and unpredictable basis. In this vein, 
we support further expansion of TSA's ATLAS program.
    Other critical elements to guard against insider threats 
include enhanced and perpetual vetting, security awareness 
training, as our Ranking Member already mentioned, and 
intelligence and information sharing.
    We continue to urge TSA to expand the list of disqualifying 
crimes for those seeking a SIDA badge and to align the list of 
disqualifying offenses with other Government programs. We also 
urge TSA to extend the lookback period for criminal history 
records checks.
    Finally, this subcommittee knows well that Congress 
continues to divert a portion of security fees toward general 
deficit reduction. We continue to request Congress redirect TSA 
passenger security fee revenue back to aviation security where 
those funds could be used to increase TSA capacity to mitigate 
insider threats.
    Our work is never done, and we will continue to evaluate 
how we can best improve our risk-based system to meet the 
evolving challenges of aviation security.
    Thank you on behalf of our member companies. I appreciate 
the opportunity to testify, and look forward to your questions.
    [The prepared statement of Ms. Beyer follows:]
                   Prepared Statement of Lauren Beyer
                           September 27, 2018
    Good morning Chairman Katko, Ranking Member Watson Coleman, and 
Members of the subcommittee. My name is Lauren Beyer, and I am the vice 
president for security and facilitation at Airlines for America (A4A). 
Thank you for inviting me here today to discuss insider threats to 
aviation security.
    Overview.--The safety and security of our passengers and employees 
is our single highest priority. We take aviation security very 
seriously. We share this common goal with the Transportation Security 
Administration (TSA) and work cooperatively and collaboratively with 
them every day to keep our skies safe and secure.
    When talking about the daily challenges of aviation security it is 
important to understand the depth and magnitude of what takes place and 
what is transported by air every single day. On a daily basis, U.S. 
airlines----
   Fly 2.3 million passengers world-wide;
   Carry more than 55,000 tons of cargo;
   Operate approximately 27,000 flights;
   Serve more than 800 airports in nearly 80 countries; and
   Directly employ more than 715,000 (full-time and part-time) 
        workers across the globe.
    Given the vast geography and sheer volume of air travel it is 
exceedingly important that we approach security in a smart, effective, 
and efficient manner that best utilizes the finite resources available 
in a system that both improves security and facilitates commerce. This 
becomes even more imperative given the expectation that both passenger 
and cargo traffic are expected to grow in the coming years. As an 
industry, we believe that system is best represented through the 
principles of risk-based security--which is the lynchpin and bedrock of 
our security system today.
    Risk-Based Security.--The administration of risk-based security 
principles is of paramount importance to aviation security. A risk-
based approach recognizes that ``one size fits all'' security is not 
the optimum response to threats, including from insiders. Risk-based, 
intelligence-driven analysis has been a widely accepted approach to 
aviation security for some time. We know the effectiveness of risk-
based security and we therefore strongly support it.
    One of our Nation's greatest challenges is to strike the right 
balance between managing risk and over-reaction. Enhanced mitigation of 
insider threats and the efficient operation of our Nation's airports 
are not mutually exclusive goals; Government and industry must continue 
to work together to find pragmatic approaches that appropriately 
balance these issues. By utilizing and following risk-based principles 
we provide a security framework that can be nimbler and more responsive 
to current and emerging threats and allows TSA and industry to focus 
finite resources on the highest risks. This framework also takes the 
operational complexity of the U.S. aviation system into account.
    Insider Threats.--Insider threat--individuals with privileged 
access to sensitive areas, equipment, or information who misuse this 
access and compromise security--is of great concern to the aviation 
industry.
    That is why carriers have acted to address this risk. A sampling of 
measures includes:
   Enhancements to access control such as the use of biometrics 
        and CCTV coverage;
   Implementing ``see something, say something'' campaigns or 
        other challenge programs;
   Providing multiple avenues for reporting of suspicious 
        activity--credited or anonymous--with incentives for such 
        reporting; and
   Offering employee assistance programs addressing issues such 
        as stress management, work-life balance, and grief and loss.
    Incident at SEATAC.--The tragic incident at Seattle-Tacoma 
International Airport in August of this year is a somber reminder of 
the constant vigilance required to keep our skies safe. These kinds of 
incidents require careful investigation and root cause analysis to 
determine corrective actions that may be required to mitigate 
identified security vulnerabilities. There is much at stake and it is 
critical authorities thoroughly investigate and analyze all facts.
    The industry is not sitting idly by while the investigation is on-
going, however. In fact, A4A along with many of our stakeholder 
partners has initiated an effort to bring together subject-matter 
experts from across the industry and Government to solicit and 
thoroughly evaluate airport and aircraft security best practices. These 
practices will be shared across the U.S. aviation industry. These best 
practices will also inform the work of the Aviation Security Advisory 
Committee (ASAC) Subcommittee on Insider Threat previously tasked by 
the TSA administrator to review and make recommendations to address 
insider threat more broadly.
    Aviation Security Advisory Committee.--We strongly believe the 
ASAC, of which A4A is a member, is the appropriate venue in which to 
examine these matters and produce recommendations. The ASAC includes 
representatives from across the aviation industry and is the 
traditional mechanism through which TSA and industry collaborate to 
develop the most effective aviation security measures.
    As this subcommittee will remember, in 2015 the ASAC created a 
working group tasked with analyzing the adequacy of existing security 
measures and recommending additional measures to improve employee 
access controls. The effort was supported by the Homeland Security 
Studies and Analysis Institute (HSSAI), which provided independent and 
objective subject-matter expertise, as well as by representatives of 
TSA. That effort produced 28 recommendations for effective measures to 
protect against possible acts of criminality and terrorism, measures 
that could be tailored to the unique environment at each airport. 
Airlines strongly supported and worked collaboratively with TSA, 
airports and other stakeholders to implement the ASAC recommendations. 
Three years later, we applaud TSA and the larger aviation community for 
implementing the vast majority of these recommendations and continue to 
urge full implementation of those that are still pending. While our 
work is obviously never done, the guideposts provided by the ASAC 
recommendations have and will continue to play an important role in 
improving our risk-based system.
    Access Control.--One aspect of access control that has received 
much attention over the last several years is security screening and 
inspection of employees, and deservedly so. We continue to believe that 
physical screening of employees is one of several elements that should 
be used in combination to enhance access control. We applaud the 
subcommittee, and Chairman Katko in particular, for his efforts to 
initiate a cost and feasibility study to assess the impact of employee 
screening which would include a comparison of estimated costs and 
effectiveness to the Federal Government, airports, and airlines. We 
believe that analysis will be critical in establishing how best to move 
forward and improve access control procedures.
    We are also strong supporters of multiple security layers deployed 
on a risk-based and unpredictable basis. Indeed, the International 
Civil Aviation Organization (ICAO) recommends increased use of random 
and unpredictable security measures to contribute to deterrence and to 
increase mitigation against the potential tactical advantage of 
insiders. This potential advantage is precisely why flexibility and 
agility rather than static or predictable processes are key to guard 
against insider threats. We believe that random and unpredictable 
checks should be conducted at a frequency significant enough to provide 
employees with a reasonable expectation that they will be subjected to 
such checks at any point during their work. That is why we supported 
the employee screening improvements enacted by Congress in 2016 as part 
of the Federal Aviation Administration, Safety and Security Act of 2016 
(Pub. L. 114-190), which directed TSA to expand the use of 
Transportation Security Officers to conduct random physical inspections 
of airport workers in a risk-based manner. TSA leverages its Advanced 
Threat Local Allocation Strategy (ATLAS) aviation worker screening 
program to allocate resources for these random inspections, and we 
support further expansion of the program.
    As mentioned, we believe physical screening is only one of several 
necessary elements to ensure effective access control. Other critical 
elements include enhanced and perpetual vetting, security awareness 
training, and intelligence and information sharing. We continue to urge 
TSA to expand the list of disqualifying crimes for those seeking a 
Secure Identification Display Area (SIDA) badge as well as to align the 
list of disqualifying offenses with other Government programs, 
particularly those of U.S. Customs and Border Protection (CBP). We also 
urge TSA to extend the lookback period for criminal history records 
checks.
    Stop the annual practice of diverting passenger security fee 
revenue.--U.S. aviation and its customers are subject to 17 Federal 
aviation taxes and ``fees''. Included within those numbers are revenues 
that are intended to support activities within the TSA, including the 
September 11 TSA Passenger Security Fee. As this subcommittee knows 
well, that ``fee'' is $5.60 imposed per one-way trip on passengers 
enplaning at U.S. airports with a limit of $11.20 per round trip; the 
fee also applies to inbound international passengers making a U.S. 
connection.
    However, starting in fiscal year 2014, Congress started diverting a 
portion of that fee toward general deficit reduction and is scheduled 
to continue diverting these critical resources through fiscal year 
2027. From our perspective, this policy is simply unacceptable. 
Airlines and their customers now pay $1.6 billion more in TSA security 
fees--$3.9 billion (2017) vs. $2.3 billion (2013)--for the exact same 
service. The concept of a ``fee'' specifically charged to pay for a 
specific service has long been lost in our industry and they have all 
simply become taxes by another name. We would respectfully request this 
committee do everything in its power to redirect TSA passenger security 
fee revenue back where it belongs: Paying for aviation security. These 
diverted funds could go a long way to increase TSA capacity to mitigate 
insider threats, including increased TSA risk-based, unpredictable 
physical inspections of airport workers at secure area access points 
and within the secure area.
    We appreciate Congressman DeFazio and Senator Markey's leadership 
on this issue through introduction of legislation to eliminate the 
diversion of security fees.
    Importance of Commercial Aviation Sector.--Airlines crisscross the 
country and globe every day carrying passengers and cargo safely and 
securely to their destinations, and this is an integral part of the 
economy. In 2014, according to the Federal Aviation Administration 
(FAA), economic activity in the United States attributed to commercial 
aviation-related goods and services totaled $1.54 trillion, generating 
10.2 million jobs with $427 billion in earnings. As of December 2016, 
our industry contributes 5 percent of our Nation's GDP. These figures, 
while both impressive and important, fail to consider the incalculable 
value of the passengers and crew flying on commercial flights every 
day. These facts underscore what is at stake and why we need to 
approach aviation security in a smart, effective, and efficient manner 
to make sure we get it right. The daily collaboration and communication 
between TSA and stakeholders will play a vital role toward increasing 
system-wide protection and lowering risk without unnecessarily clogging 
up the system.
    Thank you, on behalf of our member companies, we appreciate the 
opportunity to testify.

    Mr. Katko. Thank you very much, Ms. Beyer.
    Before we get to Mr. Canoll, I want to note that we are 
very pleased with the progress that the ASAC as a whole has 
made. You have expanded your scope and your breadth and your 
might, and it has become a truly interactive industry leader.
    We rely a lot of your findings because we trust them now. 
Not that we didn't before, but I think the stakeholders you 
have involved now are really making a difference from a 
holistic standpoint.
    So I really applaud that. I really applaud what Ms. Watson 
Coleman's bill is going to do for surface transportation, which 
is out of your purview, but they don't have a similar thing and 
they need it. They need to have interaction similar to what you 
have.
    So hopefully, if and when that gets formed, you can sit 
down and do a little cross-pollinating with them. It would be 
very helpful.
    So with that, I appreciate it very much.
    We appreciate you being here today, Ms. Beyer.
    Our final witness is Captain Tim Canoll. He is the tenth 
president of the Air Line Pilots Association International. He 
was elected by the union's board of directors on October 22, 
2014, and began his 4-year term on January 1, 2015.
    As ALPA's chief executive and administrative officer, 
Captain Canoll oversees daily operations of the association and 
presides over the meeting of ALPA's governing bodies, which 
sets policy for the organization.
    He is also the chief spokesperson for the union, advancing 
pilots' views in the airline industry before Congress, 
Parliament, Government agencies, airline and other business 
executives, and also the news media.
    Captain Canoll is a Delta MD-88 captain based in Atlanta, 
having also flown the B727, L-1011, and the B767-757.
    The Chair now recognizes Captain Canoll for his opening 
statement.

STATEMENT OF TIM CANOLL, PRESIDENT, AIR LINE PILOTS ASSOCIATION

    Mr. Canoll. Thank you. The captain forgot to push the 
button.
    Thank you, Chairman Katko, Ranking Member Watson Coleman, 
and the subcommittee, for the opportunity to be here today. It 
is my pleasure to represent ALPA's more than 60,000 pilots who 
fly for 34 airlines in the United States and Canada.
    ALPA appreciates Chairman Katko's and Ranking Member Watson 
Coleman's leadership and the subcommittee's interest in 
reducing the threat posed by anyone with the intent to harm 
while working inside our air transportation system.
    For decades, ALPA pilots have demonstrated our commitment 
to aviation security. Our members are highly vetted and trained 
professionals, who are proud of our contributions to securing 
our industry.
    An insider in aviation is someone with authorization and 
unescorted access to secured airport areas, such as the 
security identification display area, known as the SIDA. Such 
insiders include air crew members, technicians, ground 
handlers, vendors, as well as law enforcement and security 
personnel.
    Security incidents involving insiders are rare. They can 
result from malicious intent, complacency, or lack of 
awareness. The threat includes placement of improvised 
explosive devices, hijacking, aircraft sabotage. In addition, 
we are concerned about criminal activity, such as smuggling 
contraband.
    Thanks to the leadership of this subcommittee and the work 
across our industry, we have made progress in addressing these 
types of security threats in both passenger and cargo 
operations. However, the ever-changing threat means we can 
never rest. We can, and yes, we must do more.
    For example, because of regulatory inequity, cargo 
operations are more susceptible to insider threats, making them 
a more desirable target for those with malicious intent. Unlike 
passenger aircraft, many cargo aircraft are not required to be 
equipped with a hardened flight deck door. Some wide-body 
aircraft purchased by at least one U.S. cargo operator today 
don't even have a bulkhead upon which an installed flight deck 
door could be installed.
    Another example, current regulations require cargo aircraft 
of 100,000 pounds or more to conduct loading and unloading 
within a SIDA. This means smaller cargo aircraft may be loaded 
and unloaded outside of a SIDA.
    Also of concern is that some foreign nationals and others 
who are granted access to cargo aircraft cockpits would never 
be allowed to access the passenger aircraft cockpits. This must 
change.
    In addition, cargo flight crews do not receive equivalent 
security training for the environment in which they are 
required to operate.
    Airline pilots are equally focused on screening passenger 
airline operations. We are pleased that the FAA 
reauthorization, approved by the House and now pending in the 
Senate, requires secondary cockpit barriers on new passenger 
airliners.
    This good progress for passenger airlines only makes more 
profound the security inadequacies of flying a cargo flight 
without a cockpit door, let alone a secondary barrier and a 
cockpit door.
    We are also pleased that the FAA reauthorization included 
Congressman Katko's legislation that strengthens the SIDA 
security protocols and requires a system-wide risk assessment 
of airport access control points and airport perimeter 
security.
    The United States made a quantum leap in aviation security 
when the TSA adopted a risk-based approach to modernize the 
one-size-fits-all security that was in place on 9/11. Since 
then, ALPA has been pleased with the TSA's efforts to seek the 
perspective of those of us on the front lines of aviation 
security.
    With the continued leadership of this subcommittee, I am 
hopeful that regulators and industry can act quickly on ALPA's 
recommendation to require all-cargo operations be conducted in 
a SIDA, require cargo-specific security training where it is 
currently inadequate, require fingerprint-based criminal 
history records checks for anyone with access to a cargo 
aircraft or that aircraft's cockpit, and require reinforced 
cockpit doors and adequate secondary barriers on every cargo 
aircraft.
    The Horizon Air incident near Sea-Tac reminds us that, 
while rare, insider threats exist in both passenger and cargo 
flight operations. We urge this subcommittee to maintain its 
oversight and leadership, and ALPA stands ready to continue to 
work with the airline industry to help ensure that all sectors 
of commercial aviation are protected from internal and external 
threats.
    Thank you very much. I, too, stand ready to answer any of 
the committee's questions.
    [The prepared statement of Mr. Canoll follows:]
                    Prepared Statement of Tim Canoll
                           September 27, 2018
    The Air Line Pilots Association, International (ALPA), represents 
more than 60,000 professional airline pilots who fly for 34 airlines in 
the United States and Canada. ALPA is the world's largest pilot union 
and the world's largest non-governmental aviation safety and security 
organization. We are the recognized voice of the airline piloting 
profession in North America, with a history of safety and security 
advocacy spanning more than 85 years. As the sole U.S. member of the 
International Federation of Airline Pilots Associations (IFALPA), ALPA 
has the unique ability to provide active airline pilot expertise to 
aviation security issues world-wide, and to incorporate an 
international dimension to security advocacy. ALPA has a long and 
distinguished record of accomplishments in aviation security which 
include being a forceful advocate for means to end the hijacking 
epidemic in the 1960's-1970's, led the development of the Federal 
Flight Deck Officer program and the Known Crewmember program following 
the attacks of 9/11, and we have been vocal and active on the issue of 
the insider threat--the subject of today's hearing--for many years.
                               background
    ALPA sincerely appreciates Chairman Katko's leadership in the 
aviation security arena and applauds the subcommittee's interests in 
reducing the threat posed by anyone who may have nefarious intentions 
which could be exploited while working inside the aviation system. 
According to the Department of Homeland Security's (DHS's) September 
14, 2018, National Terrorism Advisory System Bulletin, ``We continue to 
face one of the most challenging threat environments since 9/11, as 
foreign terrorist organizations exploit the internet to inspire, 
enable, or direct individuals already here in the homeland to commit 
terrorist acts.'' Terrorism analysts inform us that according to 
current intelligence, aviation continues to be the ``gold standard'' 
target of terrorist groups, so the timing and subject of this hearing 
are very appropriate.
    For purposes of this statement, we identify an ``insider'' as 
someone with authorization and unescorted access to secured areas of an 
airport and/or aircraft. Certainly, there is potential for insiders 
employed in positions of trust within the commercial aviation arena to 
harm passengers, crews, aircraft, and cargo. Fortunately, the number of 
insider threat incidents is exceptionally low in the United States, but 
the Government and industry must continually be on their guard against 
this threat vector and work tirelessly to stay ahead of it.
    Aviation security, like many other types of security, is built on a 
foundation of trust in the individual. Individuals employed in 
security-sensitive industries, like aviation, must pass extensive 
background and prior employment checks plus criminal history records 
checks. Those who pass those checks are issued identification media, 
access codes and other means to open locked doors, and the scope of 
their unescorted access is defined according to their job function. 
Generally, this system works well for the vast majority of trusted 
employees, but it certainly is not perfect as has been demonstrated on 
a number of occasions, most recently with an apparent theft and suicide 
of an airline employee using a company aircraft in Seattle.
                    the nature of the insider threat
    Fortunately, there are very few incidents of insider attacks 
against aviation which is a testament to the security systems in place 
in the United States and most nations around the world. The types of 
threats that exist can be:
   malicious--the insider seeks to aid or conduct an act which 
        is intended to cause death, injuries, and/or harm to property
   complacent--the insider takes a lax approach to policies, 
        procedures, and potential security risks
   unwitting--the insider is not aware of security policies, 
        procedures, and protocols which expose the organizations/agency 
        to external risks.
   from anyone who has authorized access to the Security 
        Identification Display Area (SIDA) or Air Operations Area 
        (AOA), which includes:
     Aircrew
     Technicians
     Ground handlers (baggage/cargo handlers, gate agents, 
            aircraft servicers, etc.)
     Vendors (restaurants, construction, transportation, etc.)
     Law enforcement and security personnel.
    In 2014, it was reported that several aviation employees involved 
in an alleged gun-smuggling ring had been arrested for using commercial 
airliners to transport prohibited items between two East Coast 
airports. Even though there was no discernible terrorist threat against 
commercial aviation, this criminal enterprise created significant 
concern for the public, Government, and industry. Two other examples of 
insider threats are as follows:
   In 2013, the FBI successfully established a sting operation 
        in which agents, posing as terrorist co-conspirators, assisted 
        a general aviation avionics technician in bringing what he 
        believed was a bomb onto the tarmac to destroy aircraft. The 
        perpetrator was arrested and ultimately sentenced to 20 years 
        in prison.
   In February 2016, a bomb detonated on Daallo Airlines Flight 
        159 20 minutes after departing Mogadishu, killing the passenger 
        who had brought it on-board. In May of that year, 2 men were 
        found guilty in court of planning the plot, one of whom was a 
        former security official at the airport, and 8 other airport 
        workers were convicted of aiding the plot.
   In May 2017, an American citizen and U.S. Air Force veteran 
        who had worked as an aircraft mechanic for a U.S. legacy 
        airline and other carriers, was indicted on charges of 
        supporting ISIS and sentenced to 35 years in prison.
    In addition to improvised explosive devices, threats from insiders 
could also come via the use of other prohibited items including 
firearms, knives, and other types of weapons, plus hijackings. 
Virtually undetectable threats, however, could come in the form of 
aircraft sabotage by those with knowledge of aircraft vulnerabilities, 
or cyber attacks launched distantly. Although airline pilots are 
focused mostly on the security of ground and in-flight aircraft 
operations, vulnerabilities to active shooters and other types of 
threats from insiders exist within airport terminals and the AOA. As in 
the case of the 2014 gun-smuggling ring, insiders may also plot and/or 
carry out criminal activity (e.g., theft) that is not aimed against 
aviation interests, but is still of concern due to the potential for 
terrorists to compromise security through the assistance of such 
actors.
    Insider threat vulnerabilities exist in airport terminals, which 
may be relatively soft targets with large crowds at passenger pick-up 
and drop-off areas. Other areas which present particular 
vulnerabilities with congregations of passengers include ticketing/
check-in counters, security screening queues, baggage claim areas, and 
gate areas.
    Aircraft are vulnerable to sabotage while on the ground and while 
in flight. During periods of inactivity, or during off-peak hours at an 
airport, not all aircraft are parked within SIDAs where multiple 
security layers are most prevalent. Also, one of the most vulnerable 
moments during flight happens when the cockpit door is opened and 
flight crew exit or enter for required rest breaks or physiological 
needs. ALPA has vigorously advocated for several years for a 
requirement for installed secondary barriers on passenger aircraft: 
Lightweight devices, which protect the flight deck from attack during 
the time that the cockpit door is opened for operational reasons during 
flight. Airlines are presently permitted to develop their own 
procedures using service carts and flight attendants to block access to 
the cockpit when the door is opened, but DHS-conducted testing in the 
mid-2000's demonstrated the inadequacy of those measures.
    Insider threats may also include cybersecurity attacks. We have 
seen both the operational and financial consequences of the loss of an 
airline reservation system, or the interruption to ATC services which 
are computerized. Aircraft are highly computerized machines with the 
bulk of their systems reliant on electronic primary and back-up sub-
systems. With numerous personnel accessing the aircraft while it is on 
the ground and in the air via Wi-Fi, satellite, or a connected device, 
the introduction of a malicious virus is a possibility which Government 
and industry are taking very seriously.
                insider threats to all-cargo operations
    We would like to highlight the security vulnerabilities that exist 
for all-cargo operations which are distinct from those of passenger 
operations. All-cargo operations have different regulatory requirements 
in a number of areas including the following, which make them more 
susceptible to insider threats:
   The TSA has developed and mandated the teaching of a 
        security training guidance document known as the ``Common 
        Strategy'' for passenger airlines and crews. The TSA has also 
        established, but not mandated, the teaching of equivalent 
        security training guidance known as the ``All-Cargo Common 
        Strategy'' for all-cargo airline employees and crews. 
        Government-approved security training, equivalent to that 
        required in the passenger domain, should be required for flight 
        crews and ground personnel supporting all-cargo flight 
        operations.
   In 2003, Congress passed the Vision 100--Century of Aviation 
        Reauthorization Act (Pub. L. 108-176), which included a 
        provision requiring a ``training program for flight and cabin 
        crew members to prepare the crew members for potential threat 
        conditions.'' These provisions were not and have not been 
        required for all-cargo crews; they are needed to help guard 
        against insider and other threats.
   Also, in 2003, Congress passed an appropriations bill (Pub. 
        L. 108-7), which included a provision stating that, ``No funds 
        appropriated in this Act may be used to apply or enforce a 
        regulatory requirement for strengthening of flight deck doors'' 
        on other than passenger aircraft. That year, the FAA issued a 
        rule requiring flight deck security for all-cargo operations 
        via an installed, reinforced flight deck door or enhanced 
        security measures to screen personnel with access to the 
        aircraft and cargo. It is ALPA's view that flight deck doors 
        are needed on all-cargo aircraft--just as they are on passenger 
        aircraft--as an additional layer of security, and the AMOC 
        needs to be rescinded. Hardened flight deck doors are needed on 
        every airplane, cargo and passenger. That is our best directed 
        deterrent in preventing another 9/11.
   The TSA has developed and mandated the teaching of a 
        security training guidance document known as the ``Common 
        Strategy'' for passenger airlines and crews. The TSA has also 
        established, but not required, the teaching of equivalent 
        security training guidance known as the ``All-Cargo Common 
        Strategy'' for all-cargo airline employees and crews. 
        Government-approved security training, equivalent to that 
        required in the passenger domain, should be mandated for and 
        tailored to the needs of flight crews and ground personnel 
        supporting all-cargo flight operations.
   Unlike passenger aircraft which are mandated to be equipped 
        with hardened flight deck doors, all-cargo aircraft are not 
        required to have them unless they had a flight deck door on or 
        after January 15, 2002. However, new, wide-body aircraft are 
        being operated by U.S. all-cargo operators that do not have a 
        flight deck door at all.
   The full all-cargo aircraft operators' standard security 
        plan is written on the basis of an installed, hardened, cockpit 
        door. The plan needs to be updated/amended to reflect the 
        reality of the cargo equipage requirements and reality, and 
        training needs to be required for all affected employees on the 
        plan.
   In 2006, the Transportation Security Administration (TSA) 
        issued new regulations concerning all-cargo operators which 
        created a requirement for those operating aircraft of 100,000 
        pounds or greater to conduct loading and unloading operations 
        within a SIDA. However, loopholes in the regulations allow 
        part-time SIDAs, and smaller all-cargo aircraft which ``feed'' 
        cargo to large aircraft to be operated outside of a SIDA at 
        certain airports.
   All-cargo operators have been issued deviations to the 
        Federal Aviation Regulations allowing greater access by non-
        pilots to aircraft and flight decks. Yet in 2002, the FAA 
        itself referred to the flight deck as ``the nerve center'' of 
        the operation. The agency further stated that any access 
        request ``shall be strictly and narrowly interpreted.''
   Some allowed access--which includes foreign nationals with 
        access to the cockpits of some all-cargo transport category 
        aircraft during flight--are vetted on the basis of a Security 
        Threat Assessment (STA), not a fingerprint-based criminal 
        history records check, as is required for insiders within the 
        SIDA.
   The Federal Flight Deck Officer (FFDO) tactics, techniques, 
        and procedures trained by TSA do not reflect the realities of 
        an attack coming on-board an aircraft without a hardened door, 
        and they need to be amended for that purpose. This information 
        has been conveyed to responsible parties in TSA.
                 actions to address the insider threat
    Commercial aviation has greatly increased its safety record using 
predictive data which helps identify potential or actual risk. 
Similarly, TSA and the aviation industry, including ALPA, have been 
working for several years on the development of more advanced means of 
predicting if and when a person will become an actual threat to 
security. The United States has made significant strides toward 
obtaining a better understanding of the trustworthiness of individuals 
working in airport sensitive areas, and elsewhere of course, since the 
9/11 attacks. This has been accomplished, in part, by the development 
and use of the FBI's Rap Back service which, as described by the 
Bureau, ``allows authorized agencies to receive notification of 
activity on individuals who hold positions of trust . . . thus 
eliminating the need for repeated background checks on a person from 
the same applicant agency. Prior to the deployment of Rap Back, the 
National criminal history background check system provided a one-time 
snapshot view of an individual's criminal history status. With Rap 
Back, authorized agencies can receive on-going status notifications of 
any criminal history reported to the FBI after the initial processing 
and retention of criminal or civil transactions.'' TSA also performs 
recurrent checks against the Terrorist Screening Center's watch list 
and other databases to identify any person who is known or suspected of 
being involved in terrorist activities.
    Perhaps most importantly, TSA has adopted a risk-based approach 
with the goal of consistently applying it to all aspects of the 
agency's mission. This replaces the one-size-fits-all security, which 
was in place on 9/11, and includes consideration of the individual and 
his or her role within aviation in the development of security 
requirements and policies. ALPA has been advocating for a risk-based 
security paradigm for about two decades and has been pleased to work 
with this committee to improve our Nation's aviation security 
infrastructure and protocols.
    In 2009, TSA initiated an Insider Threat Task Force, and in 2013 
created a new Insider Threat Program, which includes an Insider Threat 
Unit that follows up on threat incidents, inquiries, and tips. Two 
years later, the agency chartered the Insider Threat Advisory Group 
(ITAG) of TSA subject-matter experts. Earlier this year, TSA asked the 
Aviation Security Advisory Committee to create a new Insider Threat 
subcommittee, on which ALPA participates. The subcommittee has met 
twice in the past few months and is presently anticipating a request 
from TSA leadership to expound on and make recommendations concerning 
the threat posed by insiders with access to aircraft, as was 
demonstrated in the Horizon aircraft-theft tragedy, along with any new 
or revised recommendations.
    Relatedly, TSA requested ASAC in 2014 to create an Employee Access 
Working Group, on which ALPA was represented, that delved into the 
physical screening of employees at entrances to secured areas and other 
means of minimizing the risk of insiders. The WG reported its findings 
to the TSA's leadership the following year along with 28 separate 
recommendations for improving countermeasures against the potential 
threats posed by insiders. Those recommendations covered a wide range 
of different aspects of improvements to thwart the threat and many of 
them have been implemented, or are in the process of being implemented.
                          horizon air tragedy
    A matter of great interest continues to be the circumstances of the 
Horizon Air tragedy near Seattle-Tacoma International Airport, in which 
a company ramp employee, named Richard Russell, commandeered a Q400 
aircraft and after a period of flight, crashed the airplane into the 
ground. Unanswered questions remain about why this individual committed 
such an outrageous act, and how he was able to do so. What we know is 
that the employee is reported to have passed all company and airport 
vetting checks to obtain employment and required access badges. We also 
know that he gained access to the aircraft that he eventually stole in 
an area of the airport in which he was authorized to work unescorted.
                     melbourne, fl security breach
    While not specific to an insider threat, under current deviances 
for cargo operators, nothing would prevent a security breach like the 
one in Melbourne, Florida a few days ago from having an impact on cargo 
security. If there are non-trusted insiders with access because of weak 
SIDA rules, background checks, and vetting for all cargo operators 
creates opportunity. This event demonstrates methodology and means, and 
intent. Additionally, it highlights the ability for people to gain 
access to SIDAs and it is only a matter of time before they realize 
that cargo wide-body aircraft have no cockpit doors. Media reports 
indicate that the individual wanted to do harm with the aircraft. 
Attempted commandeering seems to be a ``trending'' risk, which under 
current rules makes cargo specifically vulnerable.
    While we are collectively waiting for the answers which will likely 
come at some future date, one area of improvement that ALPA believes is 
worth pursuing is making mental health resources available to all 
aviation insiders. Since the beginning of this year, ALPA has expended 
considerable resources on the development of a new, peer-reviewed 
support program. It is our belief that this program, and others like 
it, will help save lives of aviation employees and others.
                              conclusions
    The insider threat is one that has existed as long as there have 
been aviation industry employees and one that will be always be a 
component of the industry. The threat today is manageable, however, 
because of efforts being made by TSA and the industry to collectively 
stay abreast of it. However, improvements are needed, particularly 
within the all-cargo arena which does not have the same level of 
security as passenger operations. We urge this subcommittee to continue 
to exercise its oversight and leadership and help ensure that all 
sectors of commercial aviation are adequately protected from external 
and internal threats.

    Mr. Katko. Thank you, Mr. Canoll.
    I now recognize myself for 5 minutes of questioning, 
although, since there is not a ton of people here today, we may 
show a little flexibility to all of us, all of my colleagues.
    Just really quickly, Mr. Canoll, I just want to understand 
this. Is it your testimony that cargo is sometimes unloaded on 
planes outside of SIDA-controlled areas? How is that possible?
    Mr. Canoll. Well, the way the regulations are crafted, it 
is measured on a simple weight equivalency. So if the weight of 
the aircraft is under 100,000 pounds, they don't need to 
establish a SIDA to load it or unload it. That includes 
aircrafts like ATR-42s, Cessna 208s, Air Caravans 408s, the new 
Cessna Sky Caravan. They are all allowed to be loaded and 
unloaded because they are well under 100,000.
    Mr. Katko. I understand that, but why is that? What is the 
logic behind that, the size, the weight requirement? How is 
that possible? I mean, how do you make a determination on what 
is secure and what is not based on the amount of cargo? It 
doesn't make sense to me.
    Mr. Canoll. It doesn't to me either, sir. I agree.
    Mr. Katko. Who makes that decision?
    Mr. Canoll. That, I believe, comes from the TSA. I believe 
it is from the TSA. But Steve might know better. Steve might 
know better.
    Mr. Katko. Would you agree that is something we need to 
address?
    Mr. Canoll. Yes, sir. That is on our list of things that 
need to be addressed, yes, sir.
    Mr. Katko. OK. Thank you very much.
    Ms. Reiter, I appreciate your testimony, everyone's 
testimony today. As I said in my opening statement, we have 
documented incidents all over the map here of insider actions, 
not just threats, actions.
    We have a terrorist act in the Midwest, we have individuals 
willing to smuggle even bombs on airplanes, or at least saying 
they would be willing to do that. We have individuals that were 
checking manifests to see where Federal air marshals are.
    We have individuals, part of the Dallas/Fort Worth case, we 
have in the Dallas/Fort Worth case we know that they were 
seeing where the VIPR teams were, and they were just going in 
other doors to get into the secure area.
    So risk-based security, layered security, of course, is 
great, but it is not foolproof, obviously.
    Mr. Alterman, I am going to get to you in a minute on the 
ATLAS program, but I do want to talk for a moment with Ms. 
Reiter.
    Based on your experience, we are going to have this report, 
after-action report, and I would very much like, if it is 
appropriate, to have it in the secure setting, for both the FBI 
component, as well as your own after-action report. I think it 
is really important that we get that in a timely manner.
    When do you expect the report to come out?
    Ms. Reiter. End of year.
    Mr. Katko. OK. Great. So let's try and schedule that as 
soon as it comes out. I would appreciate that.
    But we have talked about the insider threat issue. We have 
addressed it in the legislation that has been included in the 
FAA. I am looking very forward to everyone's discussions that 
are going to be coming out of that bill.
    One thing that bill doesn't consider or doesn't overtly 
consider is what is now a new concern, that is the mental 
health component. So for anybody here, let's start with Ms. 
Reiter, how do we address that? What do we do to try and 
address the mental health component of this threat?
    Ms. Reiter. Thanks for asking that.
    So we are addressing that in our ASAC group as well. We are 
looking at something that Baltimore currently does, which is 
not a mandatory issue, but looking at--it is called Mental 
Health and First Aid, which is offered to any employee that 
wants to come in and volunteer to look at this program. But it 
is much of just wanting to come in and talk, someone to talk 
to, if you will.
    We are doing some surveys of how many employers actually 
offer EAP programs, because maybe they don't offer EAP 
programs. So we are starting there first, right, and making 
sure that all the employers offer an EAP program. But just 
allowing the employees to have an opportunity to have somebody 
to talk to.
    Then, of course, from a legal perspective, can you mandate 
that people have a mental illness program?
    Mr. Katko. Right. We have to take a look at it.
    Ms. Reiter. We have to look at that.
    Mr. Katko. My son is in the military. He is a second 
lieutenant. They have peer-to-peer programs in the military, I 
believe, from my conversation with Mr. Canoll.
    So what about a peer-to-peer type program? If that sounds 
like a good idea, how would we implement that?
    Mr. Canoll. So in our union, we have great examples of it, 
and we use it on many of our properties, and we have a National 
program.
    It is not meant to handle the certification medical ability 
of the pilot to fly, but it is a place for the pilot to go if 
there are stresses in their life that are affecting their job. 
We find that if they have a place to go, they are apt to do it 
instead of internalizing the problem and bringing it into work 
with them.
    Mr. Katko. It sounds similar to Ms. Reiter's 
recommendation.
    Mr. Canoll. Exactly. We found it has worked very well, and 
we will partner with anyone to show them how we are doing it.
    Mr. Katko. OK. Anybody else want to add to that?
    Ms. Beyer.
    Ms. Beyer. I would just add that, I mean, as has been said, 
the well-being of our employees is very important to the 
airlines.
    On the point of employee assistance programs, many of the 
airlines already do offer a number of those programs to address 
issues such as stress management, or work-life balance, or 
grief and loss issues, et cetera.
    So it is something we are already actively engaged on.
    Mr. Katko. Thank you very much.
    Mr. Alterman.
    Mr. Alterman. Yes, I would just like to echo what has been 
previously said. A number of our companies already have 
programs like that. I think what ALPA is doing is good.
    I think that all of these issues will be explored in the 
context of the Insider Threat subcommittee of ASAC and we will 
probably come forward with some recommendations on it.
    It is a very tough issue because of privacy issues, but it 
is one that needs to be addressed, and we intend to do it.
    Mr. Katko. I appreciate that. That is going to be important 
for us to hear from you on. Of course, it is a touchy area.
    But here are the facts: Five people now in the country die 
from suicide. For every suicide, there are 25 suicide attempts. 
That means several thousand people a day attempt to take their 
own lives.
    In so doing, they often take other people's lives. We see 
that from the school shootings. We see it in what happened in 
the Seattle-Tacoma thing, most likely.
    So it is an issue that we can't ignore. I am head of the 
Mental Health Caucus in Congress, and it is stunning to me when 
we look at the fact that 24-year-olds and younger, the No. 2 
cause of death for them is suicide. No. 2. For people, 
everybody in this country, the No. 10 cause of death is 
suicide.
    So if we don't start embracing the reality that it is here 
and it is a serious problem and we need to get--I am asking 
you, and I am sure my colleagues will agree, to take a very 
deep dive on this as part of your ASAC review. It is going to 
be very important.
    With that, and we will have another round of questions for 
everybody, but I don't want to take away from everyone's time. 
Mrs. Watson Coleman has another hearing to get to, so we will 
have her go next. The Chair will now recognize Mrs. Coleman for 
5 minutes or more of questioning.
    Mrs. Watson Coleman. Thank you, Mr. Katko.
    Thank you each for your testimony. You certainly have 
raised questions, particularly issues regarding cargo planes 
and the security necessary. You have made some recommendations 
that were significant to me in terms of training and the 
secondary--a door, a door, and then a secondary door, which I 
am not sure I understand what that is.
    Can anyone explain to me what that second?
    Mr. Canoll. So the secondary barrier was part of the 9/11 
Commission's report as a companion element to a hardened 
cockpit door. Knowing that a cockpit door has to be opened at 
certain types of flights, either for inspections or 
physiological need, the idea was to ensure that anyone who was 
outside that cockpit door was barred from rushing the cockpit 
door when it was opened.
    So it is very inexpensive comparatively to airplane things. 
Screen, mesh screen wire, retractible wire that comes across in 
front of the door, creates a space between when the cockpit 
door is open so no one can rush in.
    Mrs. Watson Coleman. Oh, I never noticed. Maybe I have not 
been close enough to first class.
    I want to talk about these incidences, though, because 
these incidences just sort-of scare me.
    No. 1 is that with regard to the individual in Washington. 
First of all, I shared with my Chairman that I want to have a 
confidential briefing on what we find in this instance as well 
as the Orlando incident. Very different.
    With regard to this incident, I don't know the sort-of cost 
effectiveness of some kind of vetting that includes some sort 
of mental health check, whether or not it is on their 
background or whatever. I don't even know. I don't even know 
that that would have raised an alarm with regard to this 
person.
    What I think, though, is this whole ``See something, say 
something,'' if you work with an individual for a period of 
time and all of a sudden you see different behavior, you see 
different kind of complaints, you see someone who is very 
morose or whatever, I think employees need to be alerted to you 
are not a rat when you share this information with someone who 
might be helpful to that individual.
    I don't know if we are looking at trying to do some 
employee awareness accountability training now that something 
like that has happened.
    Ms. Reiter. So that is also something that we are looking 
at, but I can tell you that was not this case. The employees 
were--his employees that were with him were totally shocked. 
But I can tell you that we are looking at programs such as that 
where the employees will notice.
    Mrs. Watson Coleman. But he got on that plane by himself. 
My understanding was--and I don't know for sure, this is just 
information that was shared with me--that, typically speaking, 
there should have been two people, one with him.
    So is that just not enforced? Is that just this incident? 
What is the deal with that?
    Ms. Reiter. So I would like to talk more about that in a 
different setting after the investigation is completely done, 
if I can, please.
    Mrs. Watson Coleman. OK.
    I have a question for Mr. Canoll. I mean, how insightful 
and how like efficient--how does one become a pilot simply 
because one plays video games that simulate flying? How did 
that guy get that plane up in the air?
    Mr. Canoll. So if you have a computer with an internet 
connection and some time, you can download the manuals to just 
about any aircraft that you want to get familiar with and teach 
yourself by looking at the panels, ``Oh, that is the APU 
switch, I need to start that first.'' Download the checklist. 
It will tell you start the APU, turn on the air conditioning 
packs, close the cross-feed valves, engage the starter. You 
could just look at it and figure it out if you had enough time 
and the desire to do it.
    Mrs. Watson Coleman. But that takes some time when you are 
on a plane, too.
    Mr. Canoll. Well, you could do it, if you could display the 
panels, a picture of what the overhead panel looks like, that 
is all you really need.
    Mrs. Watson Coleman. I mean, this guy got on the plane, 
then had to do all the things that you said he did. He got to 
fly the plane and no one before he got that plane off the 
ground alerted anybody. Nobody. That is like a lot of time to 
do something awful like that and not have some kind of checks 
and balance.
    There are so many more questions on this, but I think that 
there probably are going to be things learned, discussed in 
different settings.
    So in the Melbourne, so what are we supposed to do, 
electrify fences around airports? What is it that we could have 
done even in that situation, from your perspective?
    Maybe I should ask Mr. Alterman that and Ms. Beyer.
    Mr. Alterman. I am not sure I know the answer to that 
question. I don't know the configuration of the airport. 
Perimeter security is an issue. It is a serious issue on how we 
handle perimeter security.
    We have just sort-of regenerated our airport and perimeter 
security subcommittee in ASAC. In view of what happened at 
Melbourne, I am virtually sure that that subcommittee will be 
working on that.
    I don't have an answer for you. I just have a process for 
you. We will be looking at that. It is more of an airport than 
an airline issue. But from an ASAC perspective, it is something 
we will look at.
    Mrs. Watson Coleman. Thank you, Mr. Alterman.
    Ms. Beyer, I don't know if you have any----
    Ms. Beyer. Sure. I would just add that, of course, it is 
very important that we allow the investigation to conclude to 
be able to analyze all the facts.
    However, if what I understand about the incident holds 
true, then I would argue that it reinforces what we believe so 
strongly in the importance of layered security measures, that 
it can't just be about perimeter fencing, perimeter security, 
which is indeed very important, but that can't be the only 
layer.
    As I understand the details of the incident thus far, the 
two employees that encountered this individual----
    Mrs. Watson Coleman. Thank God for them.
    Ms. Beyer [continuing]. They used their robust employee 
training that they had already received to challenge this 
individual who they didn't believe belonged where he was. I 
don't believe I have heard that he was badged.
    So I think that this is an example of how important those 
other layers are, a robust challenge culture in the airport for 
all employees. These are really critical.
    Mrs. Watson Coleman. Thank you. My time is up. There are so 
many more questions that we need to----
    Mr. Katko. You can go ahead and take a second.
    Mrs. Watson Coleman. No, I am good. I think that I want to 
understand were lessons learned and more response to the 
challenges that we face, particularly in situations like this.
    But I also appreciate everything you have said with regard 
to cargo security. I know we talked about that. We are very 
interested in ensuring that everything that has to do with 
aviation, if it is one pilot flying tons of cargo, if it is 700 
people on a triple-triple-decker plane, we want to make sure 
that they are safe.
    So thank you so much for your testimony.
    Thank you, Chairman.
    Mr. Katko. Thank you very much. There are several more 
questions I am going to have, so I am going to have a second 
round for sure.
    The Chair now recognize Mrs. Lesko for 5 minutes of 
questioning.
    Mrs. Lesko. Thank you very much, Mr. Chairman.
    Thank you for your testimony today. I am a Congresswoman 
from Arizona. I noticed one of the incidents in 2018, this 
year, had to do with the FBI doing an undercover operation with 
some type of drug smuggling, specifically methamphetamines, to 
several airports, including Phoenix Sky Harbor International 
Airport.
    So my question--one of my questions--is just briefly, if 
anybody knows, what type of workers were these? Were they a 
combination of different categories of workers? I am curious if 
anyone knows that answer.
    Mr. Canoll. No, but I will tell you from a pilot's 
perspective our concern here is, while this is just illegal 
transport of contraband, you would say, well, what is the 
safety concern for, let's say, the passengers on-board the 
aircraft? The fact remains there are criminals in the security 
identification area. If they are willing to do that, what are 
the other things they are willing to do that could endanger the 
lives of our passengers or unsecure our cargo?
    Mrs. Lesko. Well, yes, I agree, because in the notes that I 
have not only were they transporting drugs, but also willing to 
transport guns and explosives. So that is a bit more serious.
    I do have a very basic question as well, Mr. Chairman, to 
anyone that can answer. So for a person that obviously doesn't 
fly a plane, do all planes like anybody can--I mean, obviously 
they have to have some type of security clearance, but there is 
no like code you have to punch in or anything, you just start a 
plane?
    Mr. Canoll. I will go first.
    For those aircrafts in the passenger regime that have a 
hardened cockpit door, there is an electronic system that 
unlocks the door to gain access to the cockpit, but not all 
cargo aircraft have that.
    But that door, even when the aircraft is on the ground and 
being subject to maintenance or cleaning or modification, there 
are people who have to access the cockpit besides the pilot.
    Mrs. Lesko. Sure.
    Mr. Canoll. They will be given that code, too. So there is 
going to be the proliferation of the code throughout the 
system.
    You can change the code. It is a labor-intensive thing. But 
that is the only barrier we have now to restrict someone from 
gaining access to a cockpit that is just sitting there on the 
ramp.
    Mrs. Lesko. Mr. Chair and Mr. Canoll, the code is to the 
door or the code is to start the plane?
    Mr. Canoll. The code is to unlock the electronic lock to 
the door to the cockpit.
    Mrs. Lesko. OK.
    Mr. Chair, I have one more question, and that is a specific 
question on when is the cockpit door supposed to be closed and 
who does it? Does the pilot do it? Does the air crew do it? 
When should it be closed?
    Mr. Canoll. So for passenger operations, and I believe it 
is specific to the airlines' procedures, for example, at my 
airline, once the cabin is secured, the lead flight attendant 
comes to the cockpit, says the cabin is secure. The captain 
then gives her permission to close the door. She or he closes 
the door, and then we check the security of the door.
    It will remain in that case closed and locked for all 
purposes, except for physiological needs of the crew or if 
there is some maintenance need that requires a pilot to go back 
to check the extension of the landing gear or the condition of 
the wings during de-icing conditions, until you arrive at the 
gate and the engines are shut down and the shutdown checklist 
is complete. Then the cockpit crew will open the door.
    Mrs. Lesko. Thank you. The reason I ask that is because I 
was recently on a flight, and I was kind-of surprised because I 
used the lavatory right at the front by the cockpit door, and 
the cockpit door was open and there was a bunch of passengers 
on-board. We hadn't taken off yet. So I was just curious when 
do you close the door. I don't know what you mean by when they 
have cleared the plane.
    Mr. Canoll. So it is when the boarding is complete, the 
passenger boarding door is closed, and the flight attendants 
are assured that everyone is in their seats with their 
seatbelts fastened. That is when the cockpit doors close, 
before the aircraft moves off the gate for the purpose of going 
to takeoff.
    Mrs. Lesko. Thank you very much.
    Thank you, Mr. Chair.
    Mr. Katko. Thank you, Mrs. Lesko.
    The Chair now recognizes Mr. Estes for 5 minutes of 
questioning. I will note that Mr. Estes also got a bill passed 
as part of the FAA reauthorization, and we are happy for that 
bill as well.
    Mr. Estes. Thank you, Mr. Chairman.
    I have got a couple questions that I wanted probably 
several people maybe to chime in on. The first one just deals 
with when an incident happens at an airport or a particular 
airline notices that, how do the details of the incident and 
the results and the findings and the action plan for corrective 
action get communicated through the airport community and 
through the airline community as well?
    Maybe I will just start from an airport standpoint and go 
from there.
    Ms. Reiter. Thank you for asking.
    So what we did immediately after the incident was contact 
our associations, ACI and AAAE, and they immediately got a 
phone call together with all of the airports so that we could 
talk to the airports about what had happened and we could talk 
about anything that we felt that we could tighten up at our 
airport and also that perhaps other airports could glean and 
help them as well.
    We then also contacted A4A, and we got a meeting together 
with them. That is where we decided that it would be really 
applicable for us to get a group together to talk about this 
and also be part of ASAC.
    So we also have learned from the events from San Francisco, 
Los Angeles, and Fort Lauderdale that it made sense for us to 
do an after-action report because of the event and to hire an 
outside consultant to do that after-action report. So that is 
immediately what we had done.
    Mr. Estes. Is that becoming a standard operating practice 
within the association maybe to communicate that? I mean, just 
share that information.
    Ms. Reiter. Yes, it makes sense to go through your 
associations, yes.
    Mr. Estes. OK. Thank you.
    Maybe you can.
    Ms. Beyer. Sure. I would just add from the airline 
perspective, very similar to what my colleague already 
highlighted, we immediately had calls amongst not only the A4A 
member airlines, but also our partners at the Regional Airline 
Association and NACA to discuss the incident so that everyone 
had the facts about what we knew at that time and what happened 
and could take any measures that they deemed appropriate.
    Also, I think immediate conversation certainly with our TSA 
partners and other law enforcement officials is very critical.
    Mr. Estes. Thank you.
    I don't know if there is anything from a cargo standpoint 
that might----
    Mr. Alterman. I think a couple of things.
    No. 1, what you are hearing is very true, and that is the 
associations within Washington that represent all the segments 
of the industry work very closely with each other. When 
something like this happens, believe me, we are on the phone 
with each other right away.
    The other thing, which goes back perhaps one step to your 
question and it sort-of developed more primacy after the Fort 
Lauderdale incident, was the question not of the after-action, 
but what have we learned in terms of when an incident is in 
progress, who is in charge, who does what, how do we 
communicate that, how do the various parties, whether it is 
TSA, law enforcement, airlines, airports, how do they all work 
together as an incident is happening before we get to the 
after-action things?
    I think there has been a lot of progress in that area, too, 
because I think a lot of airports--and Wendy can chime in on 
this--a lot of airports learned that maybe you have got to have 
one central command center so that when something is happening 
all the information goes to one place and you have got a 
process in place. I am not talking about specific things, but a 
process in place so that while these things are happening there 
is better coordination among all the people.
    Mr. Estes. All right. Thank you.
    Another question that we kind-of talked about in your 
opening statements is that we are much more engaged in the use 
of biometrics, particularly as we move forward, and some of the 
things were just rolling out in terms of how we use that and 
what do we do.
    Are there particular things, have we gotten to the point 
yet or are we still kind-of in the preliminary stages of, are 
there additional rules and regulations that need to be put in 
place for use of biometric, maybe even additional statutory 
changes that need to be done to allow that effective use?
    Ms. Beyer. Sure. So biometrics is a really important issue, 
as you have correctly noted. You know, I think that I would 
say, in terms of use in the airports, it can be a very 
effective tool.
    I know, as our colleague Wendy has noted, they use those at 
employee access points at Seattle Airport. Many other airports 
have similarly used or implemented biometric systems in a 
similar fashion.
    What works at one airport may or may not work at another, 
depending on that environment. But certainly it is one 
effective tool.
    Mr. Estes. Thank you.
    Ms. Reiter. Yes, I would say I agree with Lauren. It is 
very successful for us. However, it is based on layers of 
security for different airports. So it is very successful for 
us.
    Mr. Estes. All right. Thank you.
    Mr. Chairman, I yield back.
    Mr. Katko. Thank you. You will have an opportunity for a 
second round, Mrs. Lesko and Mr. Estes, if you are so inclined.
    I have several questions, no particular order of 
importance. But as I think about all this and I think about all 
the efforts that are going on in the United States, obviously, 
I think our airports do an extraordinary job of protecting 
people, but it is our job to constantly probe the 
vulnerabilities and help you address them.
    I am wondering if anyone has an opinion on what they see, 
for example, in the Caribbean, which I think is an often very 
ignored part of our air traffic as far as security issues. But 
somebody was talking about breaching the fence and what goes 
on. I remember landing in Caribbean airports, I don't ever see 
a fence, or if it was, it was minimal.
    So I would like to hear does anyone have security concerns 
about what is going on in the Caribbean Basin airports?
    Ms. Beyer. So I guess how I would approach that would be 
there are, of course, a number of our airlines that operate 
many flights in the Caribbean. There are two important pieces 
of that puzzle from a U.S. perspective. I think one, of course, 
is TSA responsibilities for assessing those airports. In 
certain cases, not just in the Caribbean, in other places of 
the world, they then impose additional requirements when they 
believe the security is not adequate.
    But I would also add that in many instances, not 
necessarily specific to the Caribbean, in fact at all locations 
where airlines operate overseas, we conduct our own risk 
assessments of those airports and the particular dynamics in 
that environment, and in many instances may choose to, on our 
own accord, implement additional security requirements around 
our aircraft, passengers, cargo, et cetera, to ensure that 
anything put on-board our aircraft en route to the United 
States is secure.
    Mr. Katko. We are contemplating a review, first-hand review 
of those airports, because there are some concerns from the 
security standpoint that I think need to be addressed. So if 
you feel more comfortable talking about some of these in a 
secure setting, I am happy to hear that. But I am just trying 
to get a general feel whether there are some concerns about 
those airports.
    Anybody else want to offer anything?
    Mr. Alterman. Not necessarily with the Caribbean airports. 
A lawyer never does this, but I don't know.
    But I think what Lauren said is very true about 
international operations. We all try to base our judgments in 
what we do based on the risk inherent in any particular 
operation. When we are operating from dangerous areas or from 
airports that have a security that is less than others, we take 
extraordinary steps to make sure those are secure.
    Freight moving into the United States is given much more 
security when they come from an Afghanistan than they do from 
an Iceland. We are always looking at the risk inherent in 
operating in various places, and the measures we take are 
tailored to those risks.
    So if there are problems in the Caribbean, and I don't know 
of exactly what those are, I am sure our operators do and are 
taking the steps. All of our security programs are in force in 
all of those places.
    Mr. Katko. OK. Thank you.
    I am going to switch gears here a bit. I know we are going 
to study this, we are going to get an after-action report, we 
are going to get all the discussions down the road. But the 
fact remains is a maintenance worker walked into a plane, 
started it up, and took off. Is there something we can do now 
to kind-of prevent a possible copycat from happening between 
now and the time we get your detailed input?
    I mean, how it is that a ground guy can walk up into a 
plane and turn it on and take off? I mean, forgive my 
ignorance, are there any biometrics that help you with the 
plane? Who has access to the plane? Is that something that is 
of concern? There are not even keys to planes.
    Also I understand that in this particular instance the 
individual was getting some training within the airport for 
flying, if I am not mistaken, having access on his down time. I 
am just curious about all of that.
    So I don't know who wants to start with that. That is a lot 
of stuff there to cover.
    Mr. Canoll. So I will start, Mr. Chairman.
    As mentioned before, there isn't any key to the airplane or 
any biometric loop you have to check off before you----
    Mr. Katko. Not just cargo, any airplane, right?
    Mr. Canoll. Any airplane. They are just not designed that 
way.
    But there are things that the industry groups are working 
on that are relatively quick to implement. Most of them we 
can't really discuss here because it would disclose what the 
countermeasure would be. But some are very simple, like 
blocking access to the runway once there is an unauthorized 
movement on the aircraft. It is relatively simple. You can say 
it, but, of course, the configuration geometry at each airport 
might be different. If there is a ramp very close to the 
airport, you may not have time to block the access to the 
runway.
    But those are the ideas that are being bantered about. I 
think there are some solutions. It is not going to be fool-
proof, but it is going to be a really good layer to prevent 
this from happening again.
    Mr. Katko. Does anybody else want to add to that?
    Ms. Beyer. Go ahead, Wendy.
    Ms. Reiter. Sorry, Lauren.
    So to talk a little bit about this particular case. First 
of all, he was viewing the simulation of this particular 
aircraft in the break room on several occasions, so he did 
clearly understand--or wanted to understand how to fly this 
aircraft. He was not a pilot by any means and this is how he 
learned how to fly the aircraft.
    The aircraft was extremely close to the runway. It was at 
the north end of the airfield that was very close to our 
runway. From the time that he got into the airplane--by the 
time that he started the engines, pushed the aircraft back, and 
got into the air was less than 4 minutes. So it was extremely 
close to the airfield.
    There are multiple things that we have done to increase or 
to make security more visible since then. We have more 
uniformed and nonuniformed personnel down at that end of the 
airfield. It is quite remote comparatively.
    We also are looking at other technologies. You know, 
perimeter. There is some video technology that you can purchase 
for a fence line that we are currently looking at to have done 
within the next 6 to 8 months. Rap Back is another, which would 
not have helped us in this case because he didn't have anything 
in his background anyways. However, the next case it could help 
us, right? So there are other things that we are doing to help 
as well.
    Alaska Airlines, it has increased their ``see something, 
say something,'' have met with every single one of their 
employees to talk about if you see something that is not the 
same or out of the ordinary, or if you see an employee that is 
acting differently, please alert us. Stop the operation. It is 
OK to stop the operation if you see something.
    So we definitely have increased our visibilities, and so 
has Alaska Airlines and other airlines, for that matter.
    Mr. Katko. Just out of curiosity, why was a flight 
simulator for that particular plane in a break room?
    Ms. Reiter. He was viewing it on one of the computers in 
the break room.
    Mr. Katko. Oh. So, in other words, he just had access over 
the internet to it.
    Ms. Reiter. Right.
    Mr. Katko. Oh, I gotcha. OK. OK. I thought it was like 
``here is how to fly this plane'' in a break room.
    Ms. Reiter. No. No, not at all.
    Mr. Katko. Whew. OK. All right. We are good.
    All right. Thank you.
    Anybody else want to add anything?
    Ms. Beyer. I would just add to Wendy's point, the airlines 
operating in Seattle have worked very closely with Wendy and 
her team on a number of the short-term changes that she already 
outlined. But some of the airlines have also implemented their 
own measures, such as increased police or management presence 
around aircraft, particularly at remote locations.
    I would just say I firmly believe, though, while it is 
important to evaluate the facts of individual incidents, that 
we shouldn't just focus on the one or two incidents. I believe 
our approach should be to evaluate insider threats globally. 
Airlines, as I know airports do as well, the airlines already 
have robust insider threat programs that are tailored to the 
unique needs of their companies.
    That being said, we are constantly evaluating how we can be 
better and if we need to change some of our practices, and that 
is why we initiated the working group that has been mentioned a 
lot today, and that is why we are actively participating in the 
ASAC effort.
    Mr. Katko. I think the ASAC effort is going to be 
critically important. You have a long list of things to look 
at. I mean, if this bill gets signed, gets through the Senate, 
it is going to direct you to do that.
    So, I mean, I look at the mental health component, which I 
am asking you to specifically take a look at. The ground 
component. How do you stop a plane if it is going to go? Is 
blocking a technique to be used? Plane access. Who is getting 
access? Why? What are best practices for that?
    Then, in addition to all the other access control issues, 
like the smuggling, let's not forgot something this size can 
take down an airplane now. We know that. It is going to take an 
awful lot of really good, hard critical thinking to fix that. 
We have gaps that are gaping, and a lot of it is from the 
insider threat perspective, that we keep an eye on.
    So I hope and pray that you are going to do a very thorough 
report on this because we are definitely going to have to talk 
more about this.
    Mr. Alterman. Yes. Thank you, Mr. Chairman.
    We are, and I hope we can do the good job. I think that we 
have the right people in the room on the new Insider Threat 
subcommittee. We are looking at all the issues you mentioned. 
We are looking at the requirements from the FAA Act when it is 
passed.
    We understand the seriousness of it. We have a very good 
TSA team working with us. They have something called the ITAG 
that they have had for several years, which is the Insider 
Threat Advisory Group. That has now been rolled into the--not 
rolled into, but is cooperating with and working with the ASAC 
team on this so that we now have all the information we hope in 
one place.
    Several meetings have been held already, and we hope to get 
something by the end of the year. This is difficult. Once you 
even decide what to do, writing a report and getting it through 
everybody is difficult. But we understand that.
    I might say, sort-of as an aside, I actually counted, and 
the FAA bill has 9 separate tasks for ASAC, and 2 or 3 others 
that relate to the work we are already doing. We understand 
that, and we appreciate your confidence in us. We may need 
mental health training for all the ASAC members before we are 
through.
    But thank you.
    Mr. Katko. Listen, that is part of it. Your credibility has 
skyrocketed because you are producing, and you are 
collaborating. You take into account everyone's concerns. From 
that come good things. I think we could learn in Congress from 
that, to be quite frank with you.
    So it is something that is going to take an awful lot, but 
I can't think of a more important issue for the airline 
industry right now than this. We are doing a pretty good job of 
securing things.
    The other big thing I can think of is 3-D scanners. How are 
we going to get those to the front line fast enough? We are 
going to have to think outside box on that, but that is for 
another day.
    But I do have a follow-up question for you, Mr. Alterman. 
That is, I know TSA and ASAC's current actions are relating to 
insider threat. You have been doing something with them, I 
believe it is a two-part task that Administrator Pekoske has 
come to talk to you about. Could you describe for a little bit 
what that is and where you are with it?
    Mr. Alterman. Yes. We received a tasking from the 
administrator to do basically a two-step process. The first 
step in that was basically a research project. That project was 
finished and delivered to the administrator on July 19 of this 
year. It involved looking, as far as we could in the time frame 
allowed, at not only what domestic people are doing on insider 
threat, what are some of the practices they are doing, but also 
looking overseas at various airports and trying to determine, 
to the extent that they would talk to the committee, to 
determine what is going on internationally that might inform us 
on what we are doing.
    That report was submitted to the administrator on July 19. 
I was hoping that perhaps I could just attach it to my 
testimony, but I am not sure it has been made public.
    Mr. Katko. It hasn't been made public, and I am wondering 
why.
    Mr. Alterman. I have no idea.
    Mr. Katko. It is not yours to answer. We are going to have 
to talk to Mr. Pekoske.
    Mr. Alterman. Yes. I don't think there is anything in it 
that is SSI, frankly. But I think it might be useful for you to 
understand the depth of that report to get it from----
    Mr. Katko. That would be great.
    Mr. Alterman. I just feel unconformable giving it to you 
without the authority to do it.
    Mr. Katko. I understand. We will get it from him.
    Mr. Alterman. The second part, the second tasking, which we 
think we know what it is going to say but we haven't yet 
formally received from the administrator, is looking at what 
the research was. What are the next steps? How do we define the 
mitigation efforts that we might take based on what we have 
already learned?
    That has gone over to the Insider Threat subcommittee to 
start working on even though we don't formally have the letter. 
That involves access controls. It involves all the things we 
have talked about this morning.
    Mr. Katko. It dovetails with what is going to be in the FAA 
bill as well. So that is good you are going to jump on that.
    Mr. Alterman. Yes. Exactly.
    Mr. Katko. That is encouraging. Good.
    I understand the position you are in and I am not going to 
ask you to disclose it. But we will have a discussion with Mr. 
Pekoske, and I am sure we will come to a conclusion on that.
    The Chair now recognizes Mrs. Lesko for as many questions 
as she wants to ask. We have some flexibility here.
    Mrs. Lesko. Mr. Chairman, I have no more questions.
    Mr. Katko. OK.
    Is there something, as long as we have a few minutes, is 
there something that you wanted us to bring up that we haven't 
brought up? I am asking any of the witnesses.
    Mr. Canoll. So I just want to emphasize one element here. 
If you are viewing the entire global view of insider threat, I 
really want to emphasize for the committee the soft underbelly, 
in our opinion, is the disparate regulations within the cargo 
world.
    If you are looking to do something evil with a jumbo wide-
body aircraft--and I want to be clear, most of the jumbo wide-
body aircraft in the United States are cargo aircraft. They are 
cargo and not passenger aircraft. Many of them, soon to be 
hundreds of them, are going to be flying around without cockpit 
doors.
    All of our tactics, procedures, and policies are built 
around defending that cockpit with a cockpit door. There are no 
published procedures or training for how do you defend the 
cockpit without a cockpit door.
    As a reminder, these cargo aircraft are not all-cargo. They 
have people on board. They have animal handlers, couriers, 
other employees on board with unfettered access to the pilots 
at the controls of the aircraft at any given moment.
    So we need to do some serious thinking about that 
vulnerability, because, in our opinion, that is by far the most 
critical one. It is growing. It is not just a static 
vulnerability we see today. There are hundreds of aircraft 
being delivered in this configuration in the future. This 
vulnerability will grow over time.
    Mr. Alterman. Mr. Chairman.
    Mr. Katko. Yes.
    Mr. Alterman. May I respond?
    Mr. Katko. Sure.
    Mr. Alterman. I hadn't planned on it, but I need to respond 
to that.
    Mr. Katko. Sure.
    Mr. Alterman. We love our pilots. They are very 
professional. We work tremendously with ALPA on a bunch of 
issues. They are simply wrong on this one.
    Let me explain the hardened door, because I just want to 
put it in the record so it is not a one-sided--I don't want to 
have an argument here. It is not appropriate.
    Mr. Katko. I understand.
    Mr. Alterman. The all-cargo industry has a completely 
different operational model than the passenger industry. Our 
security are designed around that operational model.
    We don't carry passengers in any normally accepted use of 
that term. We do carry individuals, very limited amount of 
individuals. If there is any inference that we are not 
regulated in the security of the cockpit, that is incorrect.
    We do two things. No. 1, the regulations require us to 
screen for stowaways, and we do that. We haven't found any. We 
continue to do that. But directly with what Captain Canoll has 
said, the regulations require that the all-cargo industry 
either have an installed door or have a program, an alternative 
program, that is approved by TSA. All of them have that 
program.
    It is important to note that these alternative procedures 
that are applied that protect the plane against the limited 
individuals that are on there, whether they be other pilots, 
whether they be animal handlers, whether they be couriers, they 
are extensive, they have proved effective. Each company may 
have a different procedure to deal with it. But all of them 
include extensive background checks of every passenger that 
gets on that plane and extensive screening of every passenger 
on that plane.
    In fact, the only incident that I know of that has 
developed on a cargo plane in recent years has been a deranged 
pilot. That is not to say anything bad about pilots. But we 
have been operating millions of flights over many years and 
have never had a problem there. We are regulated.
    I just wanted to put that on the record. I don't want to 
have a debate with Mr. Canoll.
    Mr. Katko. I appreciate it. This is not what we are here 
for, to have a debate. But, I mean, I guess he is calling into 
question the adequacy of the current TSA regulations, and we 
will take a look. You are welcome to follow up with us in 
writing.
    Mr. Canoll. Steve and I have had that debate many times.
    Mr. Katko. I understand. I understand completely.
    Mr. Alterman. Usually over a beer.
    Mr. Katko. That sounds good.
    Anything else anyone wants to add that we haven't 
discussed?
    I do appreciate the frankness of Ms. Reiter to come here 
based on a tough situation. As always, she displays a 
tremendous amount of professionalism, as have all of you. So I 
appreciate all your candid testimony today.
    Listen, we are all on the same page here. We are all just 
trying to keep people safe, keep pilots safe, keep airplanes 
safe, keep our country safe.
    It is our duty to do the oversight. We are going to 
continue to do it. We have an extraordinary number of hearings 
in the subcommittee because we take it very seriously. But we 
do appreciate the collaborative nature, and we appreciate the 
input of all of you.
    So with that, the hearing remains--I have magic words I 
have got to say here. Excuse me a second. This is what happens 
when you go off script.
    Members of the committee may have some additional questions 
and we will ask you to respond to those in writing. Pursuant to 
Committee Rule VII(D), the hearing record will be held open for 
10 days.
    Without objection, the subcommittee stands adjourned.
    [Whereupon, at 11:24 a.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

      Question From Honorable Brian K. Fitzpatrick for Tim Canoll
    Question. Captain Canoll, given the security discrepancies between 
security for passenger versus cargo operation at airports, is there a 
real risk associated with cargo operations that we are overlooking?
    Answer. Response was not received at the time of publication.

                                 [all]