[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
INSIDER THREATS TO AVIATION SECURITY: AIRLINE AND AIRPORT PERSPECTIVES
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
TRANSPORTATION AND
PROTECTIVE SECURITY
OF THE
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
__________
SEPTEMBER 27, 2018
__________
Serial No. 115-77
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
34-448 PDF WASHINGTON : 2019
-----------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Sheila Jackson Lee, Texas
Mike Rogers, Alabama James R. Langevin, Rhode Island
Lou Barletta, Pennsylvania Cedric L. Richmond, Louisiana
Scott Perry, Pennsylvania William R. Keating, Massachusetts
John Katko, New York Donald M. Payne, Jr., New Jersey
Will Hurd, Texas Filemon Vela, Texas
Martha McSally, Arizona Bonnie Watson Coleman, New Jersey
John Ratcliffe, Texas Kathleen M. Rice, New York
Daniel M. Donovan, Jr., New York J. Luis Correa, California
Mike Gallagher, Wisconsin Val Butler Demings, Florida
Clay Higgins, Louisiana Nanette Diaz Barragan, California
Thomas A. Garrett, Jr., Virginia
Brian K. Fitzpatrick, Pennsylvania
Ron Estes, Kansas
Don Bacon, Nebraska
Debbie Lesko, Arizona
Brendan P. Shields, Staff Director
Hope Goins, Minority Staff Director
------
SUBCOMMITTEE ON TRANSPORTATION AND PROTECTIVE SECURITY
John Katko, New York, Chairman
Mike Rogers, Alabama Bonnie Watson Coleman, New Jersey
Brian K. Fitzpatrick, Pennsylvania William R. Keating, Massachusetts
Ron Estes, Kansas Donald M. Payne, Jr., New Jersey
Debbie Lesko, Arizona Bennie G. Thompson, Mississippi
Michael T. McCaul, Texas (ex (ex officio)
officio)
Kyle D. Klein, Subcommittee Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable John Katko, a Representative in Congress From the
State of New York, and Chairman, Subcommittee on Transportation
and Protective Security:
Oral Statement................................................. 1
Prepared Statement............................................. 3
The Honorable Bonnie Watson Coleman, a Representative in Congress
From the State of New Jersey, and Ranking Member, Subcommittee
on Transportation and Protective Security:
Oral Statement................................................. 4
Prepared Statement............................................. 5
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 6
Witnesses
Ms. Wendy Reiter, Director, Aviation Security, Port of Seattle:
Oral Statement................................................. 8
Prepared Statement............................................. 9
Mr. Stephen A. Alterman, President, Cargo Airline Association:
Oral Statement................................................. 11
Prepared Statement............................................. 13
Ms. Lauren Beyer, Vice President, Security and Facilitation,
Airlines for America:
Oral Statement................................................. 14
Prepared Statement............................................. 16
Mr. Tim Canoll, President, Air Line Pilots Association:
Oral Statement................................................. 19
Prepared Statement............................................. 20
Appendix
Question From Honorable Brian K. Fitzpatrick for Tim Canoll...... 40
INSIDER THREATS TO AVIATION SECURITY: AIRLINE AND AIRPORT PERSPECTIVES
----------
Wednesday, September 27, 2018
U.S. House of Representatives,
Subcommittee on Transportation
and Protective Security,
Committee on Homeland Security,
Washington, DC.
The subcommittee met, pursuant to notice, at 10:04 a.m., in
room HVC-210, Capitol Visitor Center, Hon. John Katko (Chairman
of the subcommittee) presiding.
Present: Representatives Katko, Estes, Lesko, and Watson
Coleman.
Mr. Katko. The Committee on Homeland Security, Subcommittee
on Transportation and Protective Security, will come to order.
The subcommittee is meeting today to examine the risk insider
threats pose to America's aviation system. I now recognize
myself for an opening statement.
First, I want to acknowledge House passage of a
comprehensive 5-year FAA reauthorization. This legislation also
includes a full authorization of the Transportation Security
Administration. This is the first time TSA has been
reauthorized since the agency was stood up following the terror
attacks of September 11.
This bipartisan bill includes not only 22 House-passed
transportation security bills, but also a number of key
provisions from last year's DHS authorization legislation.
I look forward to seeing this legislation move quickly
through the Senate and to the President's desk so that we can
implement unprecedented transparency and accountability at TSA
and make the agency more adaptive to evolving threats to the
traveling public.
Now, on to the topic of today's hearing.
When considering threats facing America's aviation sector,
it is critical that we consider the security threats emanating
from inside the sector itself. Insider threats can manifest
themselves in a variety of ways, including drug and weapon
smuggling, human trafficking, terror plots, and others.
For example, in 2013, Terry Loewen, an avionics technician
at Wichita Mid-Continent Airport, was arrested by the FBI for
plotting a suicide attack using a vehicle-borne improvised
explosive device. Loewen intended to use his airport
credentials to gain access to the tarmac and detonate the truck
near aircraft and the passenger terminal during peak holiday
travel to maximize casualties.
In 2014, Eugene Harvey, a baggage handler at Hartsfield-
Jackson International Airport, smuggled 153 firearms, including
AK-47 assault weapons, on 17 flights between Atlanta and New
York. Harvey was able to bring the guns into the sterile area
of the airport using a secure identification display area, or
SIDA badge, because he was not subjected to physical security
screening.
Additionally, in May 2018, 10 airline employees at Dallas/
Fort Worth International Airport were indicted as part of an
FBI undercover operation. The employees believed they were
smuggling methamphetamines. One of the employees who was
indicted said he would be able to smuggle guns as well, and
another told undercover agents he would be willing to smuggle
explosives for the right price. That is truly frightening.
Most recently, in August 2018, Richard Russell, a ground
service agent at Seattle-Tacoma International Airport who held
valid security credentials, entered an aircraft maintenance
area and stole a commercial aircraft before crashing it to take
his own life.
Just last week, a student pilot jumped a security fence at
Orlando Melbourne international Airport and boarded a passenger
jet that was undergoing maintenance. While it is unclear what
his intentions were, there remain access control concerns
surrounding that incident and many others.
This string of disturbing incidents clearly demonstrates
the risk insider threats pose to our Nation's aviation system.
I am concerned that the same vulnerabilities that were
exploited in these situations could also be exploited by
terrorists to carry out an attack.
Over the past few years, progress has certainly been made
to address these gaps, especially with respect to pre-
employment vetting and screening of aviation workers before
entering the secure area of the airport.
However, the fact that these insider threats continue to
manifest would seem to indicate that the current system has not
proven to be a sufficient deterrent for employees with
malicious intent.
This committee has passed multiple pieces of legislation
dealing with aviation employee vetting and access controls,
including my bill, H.R. 876, the Aviation Employee Screening
and Security Enhancement Act of 2017, which should be headed to
the President's desk as part of the FAA reauthorization.
While this bill has many provisions that will help mitigate
insider threats, this is not an issue that can be dealt with
solely through legislation. You all know it takes a lot more
for me to acknowledge that.
At this hearing, the subcommittee has the opportunity to
hear from a number of aviation stakeholders with varying
perspectives on how we can respond to insider threats. The
groups these individuals represent are on the front lines and
have unique insight into how best to combat the threats facing
our Nation's aviation system.
I look forward to discussing how we can better screen and
vet aviation employees and improve access controls to help
ensure the sensitive areas of our Nation's airports are secure.
I also look forward to hearing the witnesses' opinions on
how the Federal Government can better work with industry to
address any existing vulnerabilities in our current system.
I truly believe that close collaboration between all the
relevant stakeholders--we are not interested in ``gotcha''
moments here today, we are just interested in a frank
discussion--will be key to tackling the array of insider
threats facing America's aviation sector.
I would like to thank all of you for showing up today, and
I look forward to hearing your testimony.
[The statement of Chairman Katko follows:]
Statement of Chairman John Katko
September 27, 2018
First, I want to acknowledge House passage of a comprehensive, 5-
year FAA Reauthorization. This legislation also includes a full
reauthorization of the Transportation Security Administration. This is
the first time TSA has been reauthorized since the agency was stood up
following the terror attacks of September 11.
This bipartisan bill includes not only 22 House-passed
transportation security bills, but also a number of key provisions from
last year's DHS Authorization legislation.
I look forward to seeing this legislation move quickly through the
Senate and to the President's desk, so that we can implement
unprecedented transparency and accountability at TSA and make the
agency more adaptive to evolving threats to the traveling public. Now,
on to the topic of today's hearing.
When considering threats facing America's aviation sector, it is
critical that we consider the security threats emanating from inside
the sector itself.
Insider threats can manifest themselves in a variety of ways,
including drug and weapons smuggling, human trafficking, terror plots,
and others.
For example, in December 2013, Terry Loewen--an avionics technician
at Wichita Mid-Continent Airport--was arrested by the FBI for plotting
a suicide attack using a vehicle-borne improvised explosives device.
Loewen intended to use his airport credentials to gain access to
the tarmac and detonate the truck near aircraft and the passenger
terminal during peak holiday travel to maximize casualties.
In 2014, Eugene Harvey, a baggage handler at Hartsfield-Jackson
International Airport, smuggled 153 firearms, including AK-47 assault
weapons, on 17 flights between Atlanta and New York.
Harvey was able to bring the guns into the sterile area of the
airport using his Secure Identification Display Area--or SIDA--badge,
because he was not subjected to physical security screening.
Additionally, in May 2018, 10 airline employees at Dallas/Fort
Worth International Airport were indicted as part of an FBI undercover
operation. The employees believed they were smuggling methamphetamines.
One of the employees who was indicted indicated he would be able to
smuggle guns as well, and another told undercover agents he would be
willing to smuggling explosives for the right price.
Most recently, in August 2018, Richard Russell, a ground services
agent at Seattle-Tacoma International Airport who held valid security
credentials, entered an aircraft maintenance area and stole a
commercial aircraft before crashing it order to take his own life.
Just last week, a student pilot jumped a security fence at Orlando
Melbourne International Airport and boarded a passenger jet that was
undergoing maintenance. While it is unclear what his intentions were,
there remain access controls concerns surrounding that incident.
This string of disturbing incidents clearly demonstrates the risk
insider threats pose to our Nation's aviation system. I am concerned
that the same vulnerabilities that were exploited in these situations
could also be exploited by terrorists to carry out an attack.
Over the past few years, progress has certainly been made to
address the gaps, especially with respect to pre-employment vetting and
screening aviation workers before entering the secure area of the
airport.
However, the fact that these insider threats continue to manifest
would seem to indicate that the current system has not proven to be a
sufficient deterrent for employees with malicious intent.
This committee has passed multiple pieces of legislation dealing
with aviation employee vetting and access controls including my bill,
H.R. 876, The Aviation Employee Screening and Security Enhancement Act
of 2017, which should be headed to the President's desk as part of the
FAA reauthorization.
While this bill has many provisions that will help mitigate insider
threats, this is not an issue that can be dealt with solely through
legislation--and you all know it takes a lot for me to acknowledge
that.
At this hearing, the subcommittee has the opportunity to hear from
a number of aviation stakeholders, with varying perspectives on how we
can respond to insider threats.
The groups these individuals represent are on the front lines and
have unique insight into how to best combat the threats facing our
Nation's aviation system.
I look forward to discussing how we can better screen and vet
aviation employees and improve access controls to help ensure the
sensitive areas of our Nation's airports are secure.
I also look forward to hearing the witness' opinions on how the
Federal Government can better work with industry to address any
existing vulnerabilities in our current system. I truly believe that
close collaboration between all the relevant stakeholders will be key
in truly tackling the array of insider threats facing America's
aviation sector.
I'd like to thank the witnesses again for being here today and I
look forward to hearing their testimony.
Mr. Katko. I am pleased to recognize the Ranking Member of
the subcommittee, the gentlelady and good friend from New
Jersey, Mrs. Watson Coleman for her opening statement.
Mrs. Watson Coleman. Good morning and thank you, Chairman.
Thank you for holding this hearing.
Thank you to the witnesses for being willing to share your
experience, your concern, and your expectations of future
things that we can do.
I also want to thank the Chairman for his collaboration in
putting together the package of TSA legislation that he
referred to and that was included in the FAA Reauthorization
Act that passed the House yesterday.
By my count, the package included 21 TSA bills that
originated in this subcommittee, reflecting the extent of our
bipartisan work in this Congress and to the extent to which we
have been listening to those who have come before us.
In addition to bills I authored to enhance surface
transportation security and authorize TSA's National Deployment
Force, the package includes several provisions relevant to
today's hearing.
Congressman Keating's bill, the Airport Perimeter and
Access Control Security Act, requires the TSA administrator to
update key risk assessments and strategies guiding perimeter
security and access control efforts.
Chairman Katko's bill, the Aviation Employee Screening and
Security Enhancement Act, of which I am a co-sponsor, directs a
cost and a feasibility study of enhanced employee inspections
at airport access points as well as an assessment of credential
standards.
These bills build upon provisions enacted in the 2016 FAA
Extension Act that required TSA to update rules on airport
access controls and improve criminal background checks.
TSA and industry stakeholders have worked to implement
these requirements and other measures to enhance security,
including recommendations made by the Aviation Security
Advisory Committee.
For example, the TSA has developed the Advanced Threat
Location Allocation Strategy, or ATLAS, to ensure limited
resources for employee screening are deployed based on risk and
in a manner that maximizes the expectation among employees that
they will be subjected to screening.
Airports and airlines, for their part, have worked hard to
reduce access points to secure areas and improve security
awareness among employees.
All parties deserve recognition for taking these threats
seriously and coming to the table to develop sensible and
effective solutions.
Nevertheless, recent incidents have made clear that
significant vulnerabilities remain. Last month, the Horizon Air
employee was able to steal and fly a passenger jet at Seattle-
Tacoma International Airport, ultimately crashing it in what
was fortunately an unpopulated area killing only himself. If
this individual had different intentions or if we had simply
been less lucky, the incident could have placed all of downtown
Seattle in grave danger.
Then just a week ago, a student pilot was able to jump over
a perimeter security fence at Orlando Melbourne International
Airport and access a cockpit of a large passenger jet.
Fortunately, two courageous maintenance workers were on board
the plane and heroically disrupted the apparent plot to steal
the plane.
Again, under slightly different circumstances, events could
have played out much more negatively.
While the student pilot in Orlando was not an insider in
the same way as an airline worker in Seattle, the incident
highlighted the need to control access to aircraft more
strictly, as well as the need to better secure airport
perimeters.
It has also highlighted that these workers should not be
viewed primarily as a threat to aviation, but rather as
important security partners. Aviation workers know airports
better than anyone. They know who should be where, and they
recognize when something is out of place. Security solutions
must be developed in consultation with workers and take full
advantage of their expertise, as well as perhaps additional
training on awareness standards.
Both of these recent incidents are being investigated, and
I certainly am eager to learn more about the motives of the
individuals in question and how they were able to defeat
security measures so easily.
In the mean time, I hope our witnesses today will be able
to shed some light on how similar incidences can be prevented
in the future and what this committee can do to be helpful.
Thank you. I look forward to discussing the issues today. I
yield back my time.
[The statement of Ranking Member Watson Coleman follows:]
Statement of Ranking Member Bonnie Watson Coleman
September 27, 2018
I want to thank Chairman Katko for his collaboration in putting
together the package of TSA legislation that was included in the FAA
Reauthorization Act that passed the House yesterday.
By my count, the package includes 21 TSA bills that originated in
this subcommittee, reflecting the extent of our bipartisan work this
Congress.
In addition to bills I authored to enhance surface transportation
security and authorize TSA's National Deployment Force, the package
includes several provisions relevant to today's hearing.
Congressman Keating's bill, the Airport Perimeter and Access
Control Security Act, requires the TSA administrator to update key risk
assessments and strategies guiding perimeter security and access
control efforts.
Chairman Katko's bill, the Aviation Employee Screening and Security
Enhancement Act, of which I am a co-sponsor, directs a cost and
feasibility study of enhanced employee inspections at airport access
points, as well as an assessment of credentialing standards.
These bills build upon provisions enacted in the 2016 FAA Extension
Act that required TSA to update rules on airport access controls and
improve criminal background checks.
TSA and industry stakeholders have worked to implement those
requirements and other measures to enhance security, including
recommendations made by the Aviation Security Advisory Committee.
For example, TSA has developed the Advanced Threat Location
Allocation Strategy, or ``ATLAS,'' to ensure limited resources for
employee screening are deployed based on risk and in a manner that
maximizes the expectation among employees that they will be subject to
screening.
Airports and airlines, for their part, have worked to reduce access
points to secure areas and improve security awareness among employees.
All parties deserve recognition for taking these threats seriously
and coming to the table to develop sensible and effective solutions.
Nevertheless, recent incidents have made clear that significant
vulnerabilities remain.
Last month, a Horizon Air employee was able to steal and fly a
passenger jet at Seattle-Tacoma International Airport, ultimately
crashing it in what was fortunately an unpopulated area, killing only
himself.
If this individual had had different intentions, or if we had
simply been less lucky, the incident could have placed all of downtown
Seattle in grave danger.
Just a week ago, a student pilot was able to jump over a perimeter
security fence at Orlando-Melbourne International Airport and access
the cockpit of a large passenger jet.
Fortunately, two courageous maintenance workers were on board the
plane and heroically disrupted the apparent plot to steal another
plane.
Again, under slightly different circumstances, events could have
played out much more negatively.
While the student pilot in Orlando was not an ``insider'' in the
same way as the airline worker in Seattle, the incident highlighted the
need to control access to aircraft more strictly--as well as the need
to better secure airport perimeters.
It also highlighted that workers should not be viewed primarily as
a threat to aviation, but rather as important security partners.
Aviation workers know airports better than anyone. They know who
should be where, and they recognize when something is out of place.
Security solutions must be developed in consultation with workers
and take full advantage of their expertise.
Both of these recent incidents are being investigated, and I am
eager to learn more about the motives of the individuals in question
and how they were able to defeat security measures so easily.
In the mean time, I hope our witnesses today will be able to shed
some light on how similar incidents can be prevented in the future and
what this committee can do to be helpful.
Mr. Katko. Thank you, Mrs. Watson Coleman.
It is really amazing that 21 of our bills that came out of
this committee got into the FAA bill. It is really a great sign
of the teamwork that we have on this subcommittee and the
bipartisanship, because National security should not be a
partisan issue, and it is certainly not in this subcommittee.
So I want to thank Mrs. Watson Coleman for her statement.
Other Members of the subcommittee are reminded that opening
statements may be submitted for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
September 27, 2018
Good morning and thank you to the Chairman for convening today's
hearing.
Today's hearing is timely given recent events.
Twice in the last 2 months, unauthorized individuals have accessed
cockpits of passenger jets.
In the first case, a ground crew worker at Seattle-Tacoma
International Airport was able to commandeer an unoccupied plane, take
off from the airport, and fly around the Seattle-Tacoma area for an
hour before crashing in a wooded area, killing only himself.
In the second case, a student pilot with unclear intentions was
able to hop a fence at Orlando-Melbourne International Airport and gain
entry to an airplane cockpit before being tackled and detained by two
workers who happened to be on the plane.
While the details of these events are still being investigated, it
is clear that a major loss of life was prevented by sheer luck--and by
the heroism of the two workers who acted bravely and selflessly to
prevent catastrophe.
These events are the latest in a string of incidents displaying the
challenges the aviation industry faces in controlling access to secure
areas and aircrafts.
Each incident is unique and highlights slightly different
vulnerabilities depending on the people and airport involved.
Given the complexity of the aviation system, no single solution
will serve as a ``silver bullet'' to ensure sufficient security.
Instead, the TSA, airports, airlines, and other stakeholders must
work collaboratively to develop and implement layered security measures
that address security gaps and reduce risk as much as possible.
The Airport Perimeter and Access Control Security Act, introduced
by Congressman Keating, will go a long way in directing that work by
requiring TSA to update its risk assessments and strategies for
perimeter security and access controls.
I was happy to see that bill included in the FAA Reauthorization
Act that passed the House yesterday, along with 8 other Democratic
bills and numerous other provisions that will strengthen TSA's security
efforts across all modes of transportation.
Today, I hope to gain additional perspective on recent security
incidents and learn from our witnesses what this committee can do to
further support their security efforts.
I look forward to engaging in a productive discussion on these
issues.
Again, thank you to the Chairman for his attention to these issues
and to our witnesses for appearing before us today.
Mr. Katko. We are grateful to have a very distinguished
panel here to testify before us today. Let me remind each of
you that your entire written statement will appear in the
record.
Our first witness, Ms. Wendy Reiter, currently serves as
the director of aviation security for Seattle-Tacoma
International Airport. In this position, she leads the Port of
Seattle's Aviation Security Department and oversees all TSA
mandates that involve the safety and security of the 16,000
employees and travelers at the Sea-Tac Airport.
She joined the Port of Seattle as the senior manager of
airport terminal operations in 2001, where she served as the
primary liaison to airlines.
Prior to joining the Port of Seattle, Ms. Reiter was a
station manager for Southwest Airlines--and you have got to get
him to Syracuse, OK, I keep begging them--and director of
customer service for Northwest Airlines, where she received
numerous awards for leadership and outstanding customer
service.
Before I recognize Ms. Reiter for her opening statement, I
want to reiterate what I said during my opening statement. That
is, we are not interested in gotcha moments here today. We are
interested in a free-flowing, frank discussion about how we can
make airports safer from an insider threat perspective.
So we welcome your input. Don't wait for us to call on you.
If you have something, signal to us, and we will be happy to
include you in the conversation.
So with that, I will recognize Ms. Reiter for her opening
statement.
STATEMENT OF WENDY REITER, DIRECTOR, AVIATION SECURITY, PORT OF
SEATTLE
Ms. Reiter. Chairman Katko, Ranking Member Watson Coleman,
and Members of the committee, thank you for the opportunity to
join you again today. My name is Wendy Reiter, and I serve as
the director of aviation security for Seattle-Tacoma
International Airport.
Sea-Tac Airport has long prioritized the safety and
security of our passengers, employees, and nearby residents.
This commitment has driven Sea-Tac to do everything reasonable
to invest in aviation security above and beyond what is
required of us by Federal law, which has made us one of the
leading airports in the country as it relates to insider threat
and perimeter security.
I am pleased to be here today to share some of the specific
tactics we have employed at Sea-Tac, although I will note that
I am not here to suggest that all airports should adopt these
exact practices. Sea-Tac recognizes that it is up to each
airport's local leadership to determine how to best invest
limited resources for maximum return.
Let me start with our approach to insider threat. First,
before giving airport badges to employees and throughout the
badge holder's employment, we work closely with the TSA and FBI
to conduct regular background checks, both scheduled and
unscheduled.
These badges allow us to restrict sterile areas to vetted
employees and use access controls to limit specific areas of
the airport and airfield to only the most relevant employees.
We are also planning, by end of this year, to be enrolled
in the Rap Back program to ensure that badge access is
immediately revoked from anyone with a newly-discovered
disqualifying crime.
Second, each of our sterile area access doors requires both
a bag scan and a biometric fingerprint scan. The biometric
element has been in place at Sea-Tac since shortly after
September 11, 2001, and it is an additional layer of security
that allows us to confirm that the badge matches the users. In
certain cases, we have added a third level of security to
require a pin that is specific to the person.
Third, as of spring 2017, we have implemented physical
screening to all employees accessing sterile areas of the
airport terminal. Full employee screening required a
significant upfront investment and major recurring cost to the
airport, but we have been very pleased with results in terms of
both security and employee convenience.
As it relates to perimeter security, our plan is to
institute physical employee screening at all of our airfield
perimeter gates by the middle of 2019.
We have also invested in three Air Scent dogs, which are
trained to detect and trail explosive odors on moving persons,
which is a huge advantage in the front of the airport around
ticketing and baggage claim.
At the end of the day, all security systems are based on
thoughtful risk management and no security system is perfect or
able to anticipate every potential action. For instance, Sea-
Tac experienced a high-profile insider incident just last
month.
That is why Sea-Tac recently joined in creating a new
Industry Working Group on Aviation Security Best Practices. The
group will baseline aviation security best practices and our
findings will be included in the final report of the TSA's ASAC
Insider Threat Subcommittee, of which I am a member.
Specific topics for investigation include aircraft
security, employee training and reward programs, mental health
programs, and airport coordination operation centers.
Sea-Tac has also initiated an independent third-party
after-action report of our most recent insider incident to
identify other changes that our airport will consider.
I want to close by noting a series of activities coming
together at the end of the year.
TSA Administrator Pekoske expects ASAC to report back to
him, and the Sea-Tac after-action report and the industry
working group findings will also be completed by that time.
Combined with the potential TSA and FBI reports on the
recent Sea-Tac incident, the aviation community will have an
incredible opportunity in early 2019 to thoughtfully discuss
opportunities to move forward in impactful ways on insider
threat.
I look forward to working with this committee and others at
that time.
Thank you for your time today. I welcome any questions you
may have.
[The prepared statement of Ms. Reiter follows:]
Prepared Statement of Wendy Reiter
September 27, 2018
Chairman Katko, Ranking Member Watson Coleman, and Members of the
committee, thank you for the opportunity to discuss aviation insider
threat and perimeter security issues with you today. My name is Wendy
Reiter, and I currently serve as the director of aviation security for
Seattle-Tacoma International Airport (Sea-Tac), which is owned and
operated by the Port of Seattle. I also recently served as vice-chair
of the Transportation Security Services committee of the American
Association of Airport Executives.
Sea-Tac Airport has long prioritized the safety and security of our
passengers, employees, and nearby residents as our top responsibility.
As an independent port authority governed by directly-elected
Commissioners, protecting against threats both external and internal is
a core part of our DNA. This commitment has driven Sea-Tac to do
everything reasonable to invest in infrastructure, technology, and
procedures that increase aviation security--above and beyond what is
required of us by Federal law--which has made us one of the leading
airports in the country as it relates to insider threat and perimeter
security.
We deeply appreciate the partnership we have with the
Transportation Security Administration (TSA), including both local TSA
staff as well as TSA leadership in Washington, DC. I also want to thank
the subcommittee for your work on the Checkpoint Optimization and
Efficiency Act, which has resulted in improved collaboration,
communication, and information sharing at the local level.
I am pleased to be here today to share some of the specific tactics
we have employed at Sea-Tac, although I will note that we are not here
to suggest that all airports should adopt these exact practices. As the
old saying goes, ``if you've seen one airport, you've seen one
airport,'' and so we recognize that it is up to each airport's local
leadership to determine how to best invest limited resources for
maximum return. This is particularly true for insider threat issues,
which may not be fully preventable no matter how many layers of
security and redundancies are put into place.
Let me start with our approach to insider threat, which is mainly
focused around three key aspects: Credentialing, biometrics, and
physical employee screening. First, in terms of credentialing, we work
closely with the Transportation Security Administration (TSA) and
Federal Bureau of Investigation (FBI) to conduct regular background
checks on all employees, both scheduled and unscheduled. Those badges
not only allow us to ensure that sterile areas are restricted to vetted
employees but also to use access controls to further limit specific
areas of the airport and airfield to only the most relevant employees.
We are also planning by the end of this year to be enrolled in the``Rap
Back'' program to ensure that badge access is immediately revoked from
anyone with a newly-discovered disqualifying crime.
Second, each of our sterile-area access doors requires both a badge
scan and a biometric fingerprint scan. The biometric element has been
in place at Sea-Tac since shortly after September 11, 2001, and is an
additional layer of security that allows us to confirm that the badge
matches the user. In certain cases, we have added a third level of
authentication to require the user to scan and swipe their badge as
well as enter a uniquely assigned personal identification number (PIN).
Third, as of spring 2017, we have implemented physical screening
for all employees accessing the sterile areas of the airport terminals.
We have multiple checkpoints, each with a magnetometer, that are
staffed by Port of Seattle employees hired specifically for this
purpose. Full employee screening required a significant upfront
investment and major recurring costs to the airport, but we have been
very pleased with the results in terms of both security and employee
convenience. We've been able to process as many as 300 employees per
hour, and have now screened approximately 1.5 million individuals over
the last year-and-a-half. This screening has resulted several times in
the seizure of both weapons and drugs, which we believe we would have
been not caught without such a system in place.
At Sea-Tac, we have 500 different employers operating at the
airport, and there are limitations to the requirements that we can
impose on all of those different entities and their workers. We rely on
a partnership ethic to make any substantive changes to protocols and
practices, and we are grateful for their openness to pursuing these
important investments.
As it relates to perimeter security, Sea-Tac has made major
investments in both employee screening and explosive detection canines.
While we've had physical screening of employees inside the airport for
the last year-and-a-half, our plan is to institute the same level of
security at all of our airfield perimeter gates by the middle of 2019.
This new procedure will require every person entering the airfield to
walk through a magnetometer, and will include visual screening of all
vehicles--again by specifically trained Port of Seattle staff.
We have also invested in purchasing our own explosive detection
canines. In addition to the 8 Port of Seattle Police Department canine
teams trained at the TSA canine training center at Lackland Air Force
Base to sniff stationary objects for explosives, the Port 2 years ago
purchased 3 Air Scent-trained dogs from K2 Solutions in North Carolina.
These dogs are trained to detect and trail explosive odors on a moving
person, which is a huge advantage in the front of the airport around
ticketing and baggage claim. The Port Police are the first law
enforcement agency in Washington State to have certified working Air
Scent Teams.
At the end of the day, all security systems are based on thoughtful
risk management and maximizing the use of resources that can have the
biggest impact. No security system is perfect or able to anticipate
every potential action, and we need to continue to adapt security
protocols to meet new challenges.
Sea-Tac is a perfect example of this truth: Despite all of the
measures I just listed, we still experienced a high-profile insider
incident just last month.
The need to remain vigilant and constantly improve is why Sea-Tac
recently joined in creating a new Industry Working Group on Aviation
Security Best Practices. Last month, aviation industry representatives
from Airlines for America, Airports Council International-North
America, the American Association of Airport Executives, the Cargo
Airline Association, the Regional Airline Association, and the National
Air Carrier Association met to discuss how we can collectively baseline
aviation industry best practices. The group agreed that the best
practices identified through this working group should be shared with
the U.S. aviation industry, and should also inform the work of the
TSA's Aviation Security Advisory Committee's (ASAC) Insider Threat
subcommittee. The ASAC subcommittee has committed to incorporating
these recommendations into its final report.
As part of the working group's efforts, we are in the process of
surveying aviation industry peers about best practices, and hope to
have recommendations by the end of this year. Specific topics for
investigation include aircraft security, employee training and reward
programs, mental health programs, and airport coordination/operation
centers. Sea-Tac has also intitiated an independent third-party after-
action report of our most recent insider incident, which will contain
recommendations for changes that our airport will consider.
I want to close by noting this confluence of activities that are
coming together toward the end of the year. In his testimony to the
Senate Commerce Committee earlier this month, TSA Administrator David
Pekoske shared that he expects ASAC to report back to him by the end of
the year on the status of their insider threat recommendations.
Combined with the Sea-Tac after-action report, potential TSA and FBI
reports on the recent Sea-Tac incident, and the industry working group
findings, the aviation community will have an incredible opportunity in
early 2019 to thoughtfully discuss opportunities to move forward in
impactful ways on insider threat. I look forward to working with this
committee and others at that time.
Thank you for your time today, and I welcome any questions you may
have.
Mr. Katko. Thank you Ms. Reiter. There is an awful lot you
mentioned that we are going to be following up on. We
appreciate that very much.
We applaud you for getting out ahead of the employee
screening issue. It is becoming more and more apparent that
that is a high priority within our system. There are other
things that we are going to be talking about today. One of
which I want to talk about at some point is the mental health
component. That we need to deal with as well.
The Chair now recognizes Mr. Alterman. He is the president
of the Cargo Airline Association where he leads the association
in promoting the All-Cargo Air Carrier Industry, formulating
industry policy and overseeing the association's daily
activities. He has his posse with him behind him today, all the
guys from FedEx in those nice uniforms there. I met them out in
the hallway.
He is also a senior partner in Meyers and Alterman, a
Washington, DC, law firm specializing in air transportation
law.
Steve began his career in aviation in 1968 in the Bureau of
Enforcement for the United States Civil Aeronautics Board.
Initially hired as a trial attorney, he was soon promoted to
chief of the Legal Division.
In 1975, he joined the Cargo Airline Association as
executive director, and in 1982 took the lead role as
president.
We now recognize Mr. Alterman for his opening statement.
STATEMENT OF STEPHEN A. ALTERMAN, PRESIDENT, CARGO AIRLINE
ASSOCIATION
Mr. Alterman. Thank you, Mr. Chairman.
Chairman Katko, Ranking Member Watson Coleman, Members of
the subcommittee, good morning. My name is Steve Alterman, and
I am president of the Cargo Airline Association. As Mr. Katko
just mentioned, I started in this in 1968, so I am old. Our
organization is a Nation-wide organization representing the
interests of the all-cargo industry.
I also have the honor of currently serving as chairman of
TSA's Aviation Security Advisory Committee.
I thank you for inviting me today on the insider threat
issue.
Before going forward, I would like to thank this committee
and the U.S. Congress for what they have done in the
reauthorization--actually, the authorization of TSA and those
provisions in the FAA reauthorization bill. The provisions in
there are long-needed, and we really appreciate it, both from
my day job in the Cargo Airline Association and with respect to
ASAC.
While the recent incident in Seattle involving the threat
and subsequent fatal crash of a Horizon Air aircraft has again
raised the issue of insider threats to aviation, the issue is
not a new one. Members of our industry and TSA have for years
recognized the need to address this issue.
Accordingly, members of the all-cargo industry have taken
steps to deal with the risk by designing and instituting
programs that better enable them to recognize potential
problems and to devise mitigation strategies.
While these programs are unique to each carrier and are
considered proprietary, they all include training in
recognizing potentially dangerous behavior, usually coupled
with a form of TSA's ``See Something, Say Something'' program.
Some even reward employees who provide information that leads
to resolving troublesome issue.
Our member companies, along with our colleagues in the
passenger airline and airport industry segments, have continued
to work with TSA to develop and build more robust public
protections against these threats.
Even though the investigation into the Seattle incident is
not yet complete, and we urge everyone to await the findings
before drawing any final conclusions, virtually all members of
our industry--passenger airlines, all-cargo airlines, and
airports--recognize the need to come together to share
information, develop a set of recommended best practices, and
share those practices among all industry participants. That is
the same program that Wendy mentioned in her testimony.
This effort is on-going and it is anticipated that the
practices developed will also be shared with the new ASAC
Insider Threat Subcommittee that was established in late May of
this year.
The Insider Threat Subcommittee replaces and expands upon
ASAC's former Employee Access Working Group that made 28
separate recommendations to the TSA for controlling access to
the secure area of airports. Many of these recommendations have
been instituted and others are in varying stages of
development.
As Ranking Member Watson Coleman indicated, one of these
programs is the ATLAS program, which is an attempt to make sure
that every employee understands that they are likely to be
screened or challenged anywhere in the airport during their
job.
This is a program that is currently in development. It has
been employed in a few areas. It needs to continue that
development so that the final goal of employee expectations of
screening is accomplished.
In addition, ASAC in a report to the administrator that was
sent on July 19 of this year has reviewed existing programs,
both in the United States and overseas, to compare existing
domestic insider threat initiatives, recognize practices that
are common among insider threat programs, and review insider
threat mitigation programs at international airports.
The next phase of this project will be to expand the
inquiry to make specific mitigation recommendations to the
administrator.
This on-going effort will also take into account the
specific provisions of the FAA Reauthorization Act of 2018 that
is expected to be enacted within the next several weeks.
These provisions include, among others, sections 1933 and
1934 that deal with the requirement to conduct a cost and
feasibility study of airport worker access controls and a
review of existing credentialing standards.
To conclude, the issue of insider threats in all segments
of our economy is a serious one, and every effort must be made
to develop strategies to deter and defeat efforts to harm from
within. This effort encompasses both members of the industry
individually and between industry and the Federal Government.
The all-cargo airlines are committed to this effort, as are our
members of the Aviation Security Advisory Committee.
Thank you again for inviting me. I would be happy to answer
any questions.
[The prepared statement of Mr. Alterman follows:]
Prepared Statement of Stephen A. Alterman
September 27, 2018
Chairman Katko, Ranking Member Watson Coleman, and Members of the
subcommittee, good morning. My name is Steve Alterman and I am
president of the Cargo Airline Association, the Nation-wide
organization representing the interests ofthe all-cargo air carrier
segment of the aviation marketplace.\1\ I also have the honor of
currently serving as chairman the TSA Aviation Security Advisory
Committee (ASAC). Thank you for inviting me to testify today on the
issue of insider threats to our industry.
---------------------------------------------------------------------------
\1\ Air carrier members are ABX Air, Inc., Atlas Air, DHL Express,
FedEx Express, Kalitta Air, and United Parcel Service Co.
---------------------------------------------------------------------------
While the recent incident in Seattle involving the theft and
subsequent fatal crash of a Horizon Air aircraft has again raised the
issue of insider threats to aviation, the issue is not a new one for
aviation interests. Members of our industry--and TSA--have for years
recognized the need to address this issue. Accordingly, members of the
all-cargo industry have taken steps to deal with the risk by designing
and instituting programs that better enable them to recognize potential
problems and to devise mitigation programs. While these programs are
unique to each carrier and are considered proprietary, they include
training in recognizing potentially dangerous behavior, usually coupled
with a form of TSA's ``See Something, Say Something'' program. Some
even reward employees who provide information that leads resolving
troublesome issues. And our member companies, along with our colleagues
in the passenger airline and airport industry segments, have continued
to work with TSA to develop and build more robust protections against
these threats.
Even though the investigation into the Seattle incident is not yet
complete, and we urge everyone to await the findings of the FBI before
drawing any conclusions, virtually all members of the industry--
passenger airlines, all-cargo airlines and airports--recognized the
need to come together to share information, develop a set of
recommended ``best practices'', and share those practices among all
industry participants. This effort is on-going and it is anticipated
that the practices developed will be shared with the new ASAC Insider
Threat subcommittee that was established in late May of this year.
This Insider Threat subcommittee replaces, and expands upon, ASAC's
former Employee Access Working Group that made 28 separate
recommendations to TSA for controlling access to the secure area of
airports. Many of these recommendations have been instituted and others
are in varying stages of development. In addition, ASAC, in a report
sent to the administrator on July 19, 2018, has reviewed existing
programs both in the United States and overseas to:
Compare existing domestic Insider Threat initiatives;
Recognize practices that are common among mature insider
threat programs; and
Review Insider Threat mitigation programs at international
airports.
The next phase of this project will be to expand the inquiry to
make specific mitigation recommendations to the TSA administrator. This
on-going effort will also take into account the specific provisions of
the FAA Reauthorization Act of 2018 (H.R. 302) that is expected to be
enacted by Congress within the next several weeks. These provisions
include, among others, sections 1933 and 1934 that deal with the
requirement to conduct a cost and feasibility study of airport worker
access controls and a review of existing credentialing standards.
To conclude, the issue of insider threats in all segments of our
economy is a serious one and every effort must be made to develop
strategies that deter and defeat efforts to do harm from within. This
effort encompasses both members of industry individually and between
industry and our Government partners. The all-cargo airlines are
committed to this effort, as are the members of the Aviation Security
Advisory Committee.
Thank you again for inviting me to testify. I would be happy to
answer any questions.
Mr. Katko. Thank you, Mr. Alterman. I appreciate you being
here today.
Our third witness is Ms. Lauren Beyer. Ms. Beyer is the
vice president for security and facilitation at Airlines for
America. In this role, she is responsible for security, cargo,
and facilitation issues and works collaboratively with A4A
member airlines to advance priorities focused on the safe,
secure, and efficient transportation of passenger and goods.
She oversees all aspects of interaction with the Department
of Homeland Security, Customs and Border Protection, and the
Transportation Security Administration.
Prior to joining A4A, Ms. Beyer served as the director for
aviation and surface transportation security at the National
Security Council, where she was responsible for planning,
directing, and coordinating the development of National
aviation security policies.
The Chair now recognizes Ms. Beyer for her opening
statement.
STATEMENT OF LAUREN BEYER, VICE PRESIDENT, SECURITY AND
FACILITATION, AIRLINES FOR AMERICA
Ms. Beyer. Thank you.
Good morning, Chairman Katko, Ranking Member Watson
Coleman, and Members of the subcommittee. My name is Lauren
Beyer. I am the vice president for security and facilitation at
Airlines for America. Thank you for inviting me here today to
discuss insider threats.
The safety and security of our passengers and employees is
our single highest priority. We take aviation security very
seriously. We share this common goal with the Transportation
Security Administration and work cooperatively and
collaboratively with them every day to make sure our skies are
secure.
Given the vast geography and sheer volume of air travel, it
is exceedingly important that we approach security in a smart,
effective, and efficient manner that best utilizes the finite
resources available in a system that both improves security and
facilitates commerce.
We believe that system is best represented through the
principles of risk-based security, which is the linchpin and
bedrock of our security system today.
One of our Nation's greatest challenges is to strike the
right balance between managing risk and overreaction. Enhanced
mitigation of insider threats and the efficient operation of
our Nation's airports are not mutually-exclusive goals.
Government and industry must continue to work together to find
pragmatic approaches that appropriately balance these issues.
Insider threat, individuals with privileged access to
sensitive areas who misuse this access and compromise security,
is of great concern to the aviation industry. That is why
airlines have acted to address this risk.
Some of these measures include enhancements to access
control, such as increased CCTV coverage, implementing ``See
Something, Say Something'' campaigns, as my colleagues have
already mentioned, providing multiple avenues for reporting of
suspicious activity, and offering employee assistance programs.
The tragic incident at Seattle-Tacoma International Airport
in August of this year is a somber reminder of the constant
vigilance required to keep our skies safe. These kinds of
incidents require careful investigation and root cause analysis
to determine corrective actions that may be required to
mitigate identified security vulnerabilities.
However, the industry is not sitting idly by while the
investigation is on-going. In fact, as has been mentioned
already, A4A, along with many of our stakeholders partners, has
initiated an effort to bring together subject-matter experts
from across industry and Government to solicit and thoroughly
evaluate airport and aircraft security best practices.
These practices will be shared across the aviation industry
and will also inform the work of the ASAC Insider Threat
Subcommittee that has already been mentioned. We strongly
believe the ASAC is the appropriate venue in which to examine
these matters and produce recommendations.
Airlines have worked collaboratively with TSA airports and
other stakeholders to implement the 2015 ASAC recommendations
to improve employee access controls. Three years later, we
applaud TSA and the larger aviation community for implementing
the vast majority of those recommendations, and we continue to
urge full implementation of those that are still pending.
One aspect of access control that has received much
attention is security screening and inspection of employees,
and deservedly so. We continue to believe that physical
screening of employees is one of several critical elements that
should be used in combination to enhance access control.
We applaud the subcommittee, and Chairman Katko in
particularly, for his efforts to initiate a study to assess the
impact of employee screening.
We are also strong supporters of multiple security layers
deployed on a risk-based and unpredictable basis. In this vein,
we support further expansion of TSA's ATLAS program.
Other critical elements to guard against insider threats
include enhanced and perpetual vetting, security awareness
training, as our Ranking Member already mentioned, and
intelligence and information sharing.
We continue to urge TSA to expand the list of disqualifying
crimes for those seeking a SIDA badge and to align the list of
disqualifying offenses with other Government programs. We also
urge TSA to extend the lookback period for criminal history
records checks.
Finally, this subcommittee knows well that Congress
continues to divert a portion of security fees toward general
deficit reduction. We continue to request Congress redirect TSA
passenger security fee revenue back to aviation security where
those funds could be used to increase TSA capacity to mitigate
insider threats.
Our work is never done, and we will continue to evaluate
how we can best improve our risk-based system to meet the
evolving challenges of aviation security.
Thank you on behalf of our member companies. I appreciate
the opportunity to testify, and look forward to your questions.
[The prepared statement of Ms. Beyer follows:]
Prepared Statement of Lauren Beyer
September 27, 2018
Good morning Chairman Katko, Ranking Member Watson Coleman, and
Members of the subcommittee. My name is Lauren Beyer, and I am the vice
president for security and facilitation at Airlines for America (A4A).
Thank you for inviting me here today to discuss insider threats to
aviation security.
Overview.--The safety and security of our passengers and employees
is our single highest priority. We take aviation security very
seriously. We share this common goal with the Transportation Security
Administration (TSA) and work cooperatively and collaboratively with
them every day to keep our skies safe and secure.
When talking about the daily challenges of aviation security it is
important to understand the depth and magnitude of what takes place and
what is transported by air every single day. On a daily basis, U.S.
airlines----
Fly 2.3 million passengers world-wide;
Carry more than 55,000 tons of cargo;
Operate approximately 27,000 flights;
Serve more than 800 airports in nearly 80 countries; and
Directly employ more than 715,000 (full-time and part-time)
workers across the globe.
Given the vast geography and sheer volume of air travel it is
exceedingly important that we approach security in a smart, effective,
and efficient manner that best utilizes the finite resources available
in a system that both improves security and facilitates commerce. This
becomes even more imperative given the expectation that both passenger
and cargo traffic are expected to grow in the coming years. As an
industry, we believe that system is best represented through the
principles of risk-based security--which is the lynchpin and bedrock of
our security system today.
Risk-Based Security.--The administration of risk-based security
principles is of paramount importance to aviation security. A risk-
based approach recognizes that ``one size fits all'' security is not
the optimum response to threats, including from insiders. Risk-based,
intelligence-driven analysis has been a widely accepted approach to
aviation security for some time. We know the effectiveness of risk-
based security and we therefore strongly support it.
One of our Nation's greatest challenges is to strike the right
balance between managing risk and over-reaction. Enhanced mitigation of
insider threats and the efficient operation of our Nation's airports
are not mutually exclusive goals; Government and industry must continue
to work together to find pragmatic approaches that appropriately
balance these issues. By utilizing and following risk-based principles
we provide a security framework that can be nimbler and more responsive
to current and emerging threats and allows TSA and industry to focus
finite resources on the highest risks. This framework also takes the
operational complexity of the U.S. aviation system into account.
Insider Threats.--Insider threat--individuals with privileged
access to sensitive areas, equipment, or information who misuse this
access and compromise security--is of great concern to the aviation
industry.
That is why carriers have acted to address this risk. A sampling of
measures includes:
Enhancements to access control such as the use of biometrics
and CCTV coverage;
Implementing ``see something, say something'' campaigns or
other challenge programs;
Providing multiple avenues for reporting of suspicious
activity--credited or anonymous--with incentives for such
reporting; and
Offering employee assistance programs addressing issues such
as stress management, work-life balance, and grief and loss.
Incident at SEATAC.--The tragic incident at Seattle-Tacoma
International Airport in August of this year is a somber reminder of
the constant vigilance required to keep our skies safe. These kinds of
incidents require careful investigation and root cause analysis to
determine corrective actions that may be required to mitigate
identified security vulnerabilities. There is much at stake and it is
critical authorities thoroughly investigate and analyze all facts.
The industry is not sitting idly by while the investigation is on-
going, however. In fact, A4A along with many of our stakeholder
partners has initiated an effort to bring together subject-matter
experts from across the industry and Government to solicit and
thoroughly evaluate airport and aircraft security best practices. These
practices will be shared across the U.S. aviation industry. These best
practices will also inform the work of the Aviation Security Advisory
Committee (ASAC) Subcommittee on Insider Threat previously tasked by
the TSA administrator to review and make recommendations to address
insider threat more broadly.
Aviation Security Advisory Committee.--We strongly believe the
ASAC, of which A4A is a member, is the appropriate venue in which to
examine these matters and produce recommendations. The ASAC includes
representatives from across the aviation industry and is the
traditional mechanism through which TSA and industry collaborate to
develop the most effective aviation security measures.
As this subcommittee will remember, in 2015 the ASAC created a
working group tasked with analyzing the adequacy of existing security
measures and recommending additional measures to improve employee
access controls. The effort was supported by the Homeland Security
Studies and Analysis Institute (HSSAI), which provided independent and
objective subject-matter expertise, as well as by representatives of
TSA. That effort produced 28 recommendations for effective measures to
protect against possible acts of criminality and terrorism, measures
that could be tailored to the unique environment at each airport.
Airlines strongly supported and worked collaboratively with TSA,
airports and other stakeholders to implement the ASAC recommendations.
Three years later, we applaud TSA and the larger aviation community for
implementing the vast majority of these recommendations and continue to
urge full implementation of those that are still pending. While our
work is obviously never done, the guideposts provided by the ASAC
recommendations have and will continue to play an important role in
improving our risk-based system.
Access Control.--One aspect of access control that has received
much attention over the last several years is security screening and
inspection of employees, and deservedly so. We continue to believe that
physical screening of employees is one of several elements that should
be used in combination to enhance access control. We applaud the
subcommittee, and Chairman Katko in particular, for his efforts to
initiate a cost and feasibility study to assess the impact of employee
screening which would include a comparison of estimated costs and
effectiveness to the Federal Government, airports, and airlines. We
believe that analysis will be critical in establishing how best to move
forward and improve access control procedures.
We are also strong supporters of multiple security layers deployed
on a risk-based and unpredictable basis. Indeed, the International
Civil Aviation Organization (ICAO) recommends increased use of random
and unpredictable security measures to contribute to deterrence and to
increase mitigation against the potential tactical advantage of
insiders. This potential advantage is precisely why flexibility and
agility rather than static or predictable processes are key to guard
against insider threats. We believe that random and unpredictable
checks should be conducted at a frequency significant enough to provide
employees with a reasonable expectation that they will be subjected to
such checks at any point during their work. That is why we supported
the employee screening improvements enacted by Congress in 2016 as part
of the Federal Aviation Administration, Safety and Security Act of 2016
(Pub. L. 114-190), which directed TSA to expand the use of
Transportation Security Officers to conduct random physical inspections
of airport workers in a risk-based manner. TSA leverages its Advanced
Threat Local Allocation Strategy (ATLAS) aviation worker screening
program to allocate resources for these random inspections, and we
support further expansion of the program.
As mentioned, we believe physical screening is only one of several
necessary elements to ensure effective access control. Other critical
elements include enhanced and perpetual vetting, security awareness
training, and intelligence and information sharing. We continue to urge
TSA to expand the list of disqualifying crimes for those seeking a
Secure Identification Display Area (SIDA) badge as well as to align the
list of disqualifying offenses with other Government programs,
particularly those of U.S. Customs and Border Protection (CBP). We also
urge TSA to extend the lookback period for criminal history records
checks.
Stop the annual practice of diverting passenger security fee
revenue.--U.S. aviation and its customers are subject to 17 Federal
aviation taxes and ``fees''. Included within those numbers are revenues
that are intended to support activities within the TSA, including the
September 11 TSA Passenger Security Fee. As this subcommittee knows
well, that ``fee'' is $5.60 imposed per one-way trip on passengers
enplaning at U.S. airports with a limit of $11.20 per round trip; the
fee also applies to inbound international passengers making a U.S.
connection.
However, starting in fiscal year 2014, Congress started diverting a
portion of that fee toward general deficit reduction and is scheduled
to continue diverting these critical resources through fiscal year
2027. From our perspective, this policy is simply unacceptable.
Airlines and their customers now pay $1.6 billion more in TSA security
fees--$3.9 billion (2017) vs. $2.3 billion (2013)--for the exact same
service. The concept of a ``fee'' specifically charged to pay for a
specific service has long been lost in our industry and they have all
simply become taxes by another name. We would respectfully request this
committee do everything in its power to redirect TSA passenger security
fee revenue back where it belongs: Paying for aviation security. These
diverted funds could go a long way to increase TSA capacity to mitigate
insider threats, including increased TSA risk-based, unpredictable
physical inspections of airport workers at secure area access points
and within the secure area.
We appreciate Congressman DeFazio and Senator Markey's leadership
on this issue through introduction of legislation to eliminate the
diversion of security fees.
Importance of Commercial Aviation Sector.--Airlines crisscross the
country and globe every day carrying passengers and cargo safely and
securely to their destinations, and this is an integral part of the
economy. In 2014, according to the Federal Aviation Administration
(FAA), economic activity in the United States attributed to commercial
aviation-related goods and services totaled $1.54 trillion, generating
10.2 million jobs with $427 billion in earnings. As of December 2016,
our industry contributes 5 percent of our Nation's GDP. These figures,
while both impressive and important, fail to consider the incalculable
value of the passengers and crew flying on commercial flights every
day. These facts underscore what is at stake and why we need to
approach aviation security in a smart, effective, and efficient manner
to make sure we get it right. The daily collaboration and communication
between TSA and stakeholders will play a vital role toward increasing
system-wide protection and lowering risk without unnecessarily clogging
up the system.
Thank you, on behalf of our member companies, we appreciate the
opportunity to testify.
Mr. Katko. Thank you very much, Ms. Beyer.
Before we get to Mr. Canoll, I want to note that we are
very pleased with the progress that the ASAC as a whole has
made. You have expanded your scope and your breadth and your
might, and it has become a truly interactive industry leader.
We rely a lot of your findings because we trust them now.
Not that we didn't before, but I think the stakeholders you
have involved now are really making a difference from a
holistic standpoint.
So I really applaud that. I really applaud what Ms. Watson
Coleman's bill is going to do for surface transportation, which
is out of your purview, but they don't have a similar thing and
they need it. They need to have interaction similar to what you
have.
So hopefully, if and when that gets formed, you can sit
down and do a little cross-pollinating with them. It would be
very helpful.
So with that, I appreciate it very much.
We appreciate you being here today, Ms. Beyer.
Our final witness is Captain Tim Canoll. He is the tenth
president of the Air Line Pilots Association International. He
was elected by the union's board of directors on October 22,
2014, and began his 4-year term on January 1, 2015.
As ALPA's chief executive and administrative officer,
Captain Canoll oversees daily operations of the association and
presides over the meeting of ALPA's governing bodies, which
sets policy for the organization.
He is also the chief spokesperson for the union, advancing
pilots' views in the airline industry before Congress,
Parliament, Government agencies, airline and other business
executives, and also the news media.
Captain Canoll is a Delta MD-88 captain based in Atlanta,
having also flown the B727, L-1011, and the B767-757.
The Chair now recognizes Captain Canoll for his opening
statement.
STATEMENT OF TIM CANOLL, PRESIDENT, AIR LINE PILOTS ASSOCIATION
Mr. Canoll. Thank you. The captain forgot to push the
button.
Thank you, Chairman Katko, Ranking Member Watson Coleman,
and the subcommittee, for the opportunity to be here today. It
is my pleasure to represent ALPA's more than 60,000 pilots who
fly for 34 airlines in the United States and Canada.
ALPA appreciates Chairman Katko's and Ranking Member Watson
Coleman's leadership and the subcommittee's interest in
reducing the threat posed by anyone with the intent to harm
while working inside our air transportation system.
For decades, ALPA pilots have demonstrated our commitment
to aviation security. Our members are highly vetted and trained
professionals, who are proud of our contributions to securing
our industry.
An insider in aviation is someone with authorization and
unescorted access to secured airport areas, such as the
security identification display area, known as the SIDA. Such
insiders include air crew members, technicians, ground
handlers, vendors, as well as law enforcement and security
personnel.
Security incidents involving insiders are rare. They can
result from malicious intent, complacency, or lack of
awareness. The threat includes placement of improvised
explosive devices, hijacking, aircraft sabotage. In addition,
we are concerned about criminal activity, such as smuggling
contraband.
Thanks to the leadership of this subcommittee and the work
across our industry, we have made progress in addressing these
types of security threats in both passenger and cargo
operations. However, the ever-changing threat means we can
never rest. We can, and yes, we must do more.
For example, because of regulatory inequity, cargo
operations are more susceptible to insider threats, making them
a more desirable target for those with malicious intent. Unlike
passenger aircraft, many cargo aircraft are not required to be
equipped with a hardened flight deck door. Some wide-body
aircraft purchased by at least one U.S. cargo operator today
don't even have a bulkhead upon which an installed flight deck
door could be installed.
Another example, current regulations require cargo aircraft
of 100,000 pounds or more to conduct loading and unloading
within a SIDA. This means smaller cargo aircraft may be loaded
and unloaded outside of a SIDA.
Also of concern is that some foreign nationals and others
who are granted access to cargo aircraft cockpits would never
be allowed to access the passenger aircraft cockpits. This must
change.
In addition, cargo flight crews do not receive equivalent
security training for the environment in which they are
required to operate.
Airline pilots are equally focused on screening passenger
airline operations. We are pleased that the FAA
reauthorization, approved by the House and now pending in the
Senate, requires secondary cockpit barriers on new passenger
airliners.
This good progress for passenger airlines only makes more
profound the security inadequacies of flying a cargo flight
without a cockpit door, let alone a secondary barrier and a
cockpit door.
We are also pleased that the FAA reauthorization included
Congressman Katko's legislation that strengthens the SIDA
security protocols and requires a system-wide risk assessment
of airport access control points and airport perimeter
security.
The United States made a quantum leap in aviation security
when the TSA adopted a risk-based approach to modernize the
one-size-fits-all security that was in place on 9/11. Since
then, ALPA has been pleased with the TSA's efforts to seek the
perspective of those of us on the front lines of aviation
security.
With the continued leadership of this subcommittee, I am
hopeful that regulators and industry can act quickly on ALPA's
recommendation to require all-cargo operations be conducted in
a SIDA, require cargo-specific security training where it is
currently inadequate, require fingerprint-based criminal
history records checks for anyone with access to a cargo
aircraft or that aircraft's cockpit, and require reinforced
cockpit doors and adequate secondary barriers on every cargo
aircraft.
The Horizon Air incident near Sea-Tac reminds us that,
while rare, insider threats exist in both passenger and cargo
flight operations. We urge this subcommittee to maintain its
oversight and leadership, and ALPA stands ready to continue to
work with the airline industry to help ensure that all sectors
of commercial aviation are protected from internal and external
threats.
Thank you very much. I, too, stand ready to answer any of
the committee's questions.
[The prepared statement of Mr. Canoll follows:]
Prepared Statement of Tim Canoll
September 27, 2018
The Air Line Pilots Association, International (ALPA), represents
more than 60,000 professional airline pilots who fly for 34 airlines in
the United States and Canada. ALPA is the world's largest pilot union
and the world's largest non-governmental aviation safety and security
organization. We are the recognized voice of the airline piloting
profession in North America, with a history of safety and security
advocacy spanning more than 85 years. As the sole U.S. member of the
International Federation of Airline Pilots Associations (IFALPA), ALPA
has the unique ability to provide active airline pilot expertise to
aviation security issues world-wide, and to incorporate an
international dimension to security advocacy. ALPA has a long and
distinguished record of accomplishments in aviation security which
include being a forceful advocate for means to end the hijacking
epidemic in the 1960's-1970's, led the development of the Federal
Flight Deck Officer program and the Known Crewmember program following
the attacks of 9/11, and we have been vocal and active on the issue of
the insider threat--the subject of today's hearing--for many years.
background
ALPA sincerely appreciates Chairman Katko's leadership in the
aviation security arena and applauds the subcommittee's interests in
reducing the threat posed by anyone who may have nefarious intentions
which could be exploited while working inside the aviation system.
According to the Department of Homeland Security's (DHS's) September
14, 2018, National Terrorism Advisory System Bulletin, ``We continue to
face one of the most challenging threat environments since 9/11, as
foreign terrorist organizations exploit the internet to inspire,
enable, or direct individuals already here in the homeland to commit
terrorist acts.'' Terrorism analysts inform us that according to
current intelligence, aviation continues to be the ``gold standard''
target of terrorist groups, so the timing and subject of this hearing
are very appropriate.
For purposes of this statement, we identify an ``insider'' as
someone with authorization and unescorted access to secured areas of an
airport and/or aircraft. Certainly, there is potential for insiders
employed in positions of trust within the commercial aviation arena to
harm passengers, crews, aircraft, and cargo. Fortunately, the number of
insider threat incidents is exceptionally low in the United States, but
the Government and industry must continually be on their guard against
this threat vector and work tirelessly to stay ahead of it.
Aviation security, like many other types of security, is built on a
foundation of trust in the individual. Individuals employed in
security-sensitive industries, like aviation, must pass extensive
background and prior employment checks plus criminal history records
checks. Those who pass those checks are issued identification media,
access codes and other means to open locked doors, and the scope of
their unescorted access is defined according to their job function.
Generally, this system works well for the vast majority of trusted
employees, but it certainly is not perfect as has been demonstrated on
a number of occasions, most recently with an apparent theft and suicide
of an airline employee using a company aircraft in Seattle.
the nature of the insider threat
Fortunately, there are very few incidents of insider attacks
against aviation which is a testament to the security systems in place
in the United States and most nations around the world. The types of
threats that exist can be:
malicious--the insider seeks to aid or conduct an act which
is intended to cause death, injuries, and/or harm to property
complacent--the insider takes a lax approach to policies,
procedures, and potential security risks
unwitting--the insider is not aware of security policies,
procedures, and protocols which expose the organizations/agency
to external risks.
from anyone who has authorized access to the Security
Identification Display Area (SIDA) or Air Operations Area
(AOA), which includes:
Aircrew
Technicians
Ground handlers (baggage/cargo handlers, gate agents,
aircraft servicers, etc.)
Vendors (restaurants, construction, transportation, etc.)
Law enforcement and security personnel.
In 2014, it was reported that several aviation employees involved
in an alleged gun-smuggling ring had been arrested for using commercial
airliners to transport prohibited items between two East Coast
airports. Even though there was no discernible terrorist threat against
commercial aviation, this criminal enterprise created significant
concern for the public, Government, and industry. Two other examples of
insider threats are as follows:
In 2013, the FBI successfully established a sting operation
in which agents, posing as terrorist co-conspirators, assisted
a general aviation avionics technician in bringing what he
believed was a bomb onto the tarmac to destroy aircraft. The
perpetrator was arrested and ultimately sentenced to 20 years
in prison.
In February 2016, a bomb detonated on Daallo Airlines Flight
159 20 minutes after departing Mogadishu, killing the passenger
who had brought it on-board. In May of that year, 2 men were
found guilty in court of planning the plot, one of whom was a
former security official at the airport, and 8 other airport
workers were convicted of aiding the plot.
In May 2017, an American citizen and U.S. Air Force veteran
who had worked as an aircraft mechanic for a U.S. legacy
airline and other carriers, was indicted on charges of
supporting ISIS and sentenced to 35 years in prison.
In addition to improvised explosive devices, threats from insiders
could also come via the use of other prohibited items including
firearms, knives, and other types of weapons, plus hijackings.
Virtually undetectable threats, however, could come in the form of
aircraft sabotage by those with knowledge of aircraft vulnerabilities,
or cyber attacks launched distantly. Although airline pilots are
focused mostly on the security of ground and in-flight aircraft
operations, vulnerabilities to active shooters and other types of
threats from insiders exist within airport terminals and the AOA. As in
the case of the 2014 gun-smuggling ring, insiders may also plot and/or
carry out criminal activity (e.g., theft) that is not aimed against
aviation interests, but is still of concern due to the potential for
terrorists to compromise security through the assistance of such
actors.
Insider threat vulnerabilities exist in airport terminals, which
may be relatively soft targets with large crowds at passenger pick-up
and drop-off areas. Other areas which present particular
vulnerabilities with congregations of passengers include ticketing/
check-in counters, security screening queues, baggage claim areas, and
gate areas.
Aircraft are vulnerable to sabotage while on the ground and while
in flight. During periods of inactivity, or during off-peak hours at an
airport, not all aircraft are parked within SIDAs where multiple
security layers are most prevalent. Also, one of the most vulnerable
moments during flight happens when the cockpit door is opened and
flight crew exit or enter for required rest breaks or physiological
needs. ALPA has vigorously advocated for several years for a
requirement for installed secondary barriers on passenger aircraft:
Lightweight devices, which protect the flight deck from attack during
the time that the cockpit door is opened for operational reasons during
flight. Airlines are presently permitted to develop their own
procedures using service carts and flight attendants to block access to
the cockpit when the door is opened, but DHS-conducted testing in the
mid-2000's demonstrated the inadequacy of those measures.
Insider threats may also include cybersecurity attacks. We have
seen both the operational and financial consequences of the loss of an
airline reservation system, or the interruption to ATC services which
are computerized. Aircraft are highly computerized machines with the
bulk of their systems reliant on electronic primary and back-up sub-
systems. With numerous personnel accessing the aircraft while it is on
the ground and in the air via Wi-Fi, satellite, or a connected device,
the introduction of a malicious virus is a possibility which Government
and industry are taking very seriously.
insider threats to all-cargo operations
We would like to highlight the security vulnerabilities that exist
for all-cargo operations which are distinct from those of passenger
operations. All-cargo operations have different regulatory requirements
in a number of areas including the following, which make them more
susceptible to insider threats:
The TSA has developed and mandated the teaching of a
security training guidance document known as the ``Common
Strategy'' for passenger airlines and crews. The TSA has also
established, but not mandated, the teaching of equivalent
security training guidance known as the ``All-Cargo Common
Strategy'' for all-cargo airline employees and crews.
Government-approved security training, equivalent to that
required in the passenger domain, should be required for flight
crews and ground personnel supporting all-cargo flight
operations.
In 2003, Congress passed the Vision 100--Century of Aviation
Reauthorization Act (Pub. L. 108-176), which included a
provision requiring a ``training program for flight and cabin
crew members to prepare the crew members for potential threat
conditions.'' These provisions were not and have not been
required for all-cargo crews; they are needed to help guard
against insider and other threats.
Also, in 2003, Congress passed an appropriations bill (Pub.
L. 108-7), which included a provision stating that, ``No funds
appropriated in this Act may be used to apply or enforce a
regulatory requirement for strengthening of flight deck doors''
on other than passenger aircraft. That year, the FAA issued a
rule requiring flight deck security for all-cargo operations
via an installed, reinforced flight deck door or enhanced
security measures to screen personnel with access to the
aircraft and cargo. It is ALPA's view that flight deck doors
are needed on all-cargo aircraft--just as they are on passenger
aircraft--as an additional layer of security, and the AMOC
needs to be rescinded. Hardened flight deck doors are needed on
every airplane, cargo and passenger. That is our best directed
deterrent in preventing another 9/11.
The TSA has developed and mandated the teaching of a
security training guidance document known as the ``Common
Strategy'' for passenger airlines and crews. The TSA has also
established, but not required, the teaching of equivalent
security training guidance known as the ``All-Cargo Common
Strategy'' for all-cargo airline employees and crews.
Government-approved security training, equivalent to that
required in the passenger domain, should be mandated for and
tailored to the needs of flight crews and ground personnel
supporting all-cargo flight operations.
Unlike passenger aircraft which are mandated to be equipped
with hardened flight deck doors, all-cargo aircraft are not
required to have them unless they had a flight deck door on or
after January 15, 2002. However, new, wide-body aircraft are
being operated by U.S. all-cargo operators that do not have a
flight deck door at all.
The full all-cargo aircraft operators' standard security
plan is written on the basis of an installed, hardened, cockpit
door. The plan needs to be updated/amended to reflect the
reality of the cargo equipage requirements and reality, and
training needs to be required for all affected employees on the
plan.
In 2006, the Transportation Security Administration (TSA)
issued new regulations concerning all-cargo operators which
created a requirement for those operating aircraft of 100,000
pounds or greater to conduct loading and unloading operations
within a SIDA. However, loopholes in the regulations allow
part-time SIDAs, and smaller all-cargo aircraft which ``feed''
cargo to large aircraft to be operated outside of a SIDA at
certain airports.
All-cargo operators have been issued deviations to the
Federal Aviation Regulations allowing greater access by non-
pilots to aircraft and flight decks. Yet in 2002, the FAA
itself referred to the flight deck as ``the nerve center'' of
the operation. The agency further stated that any access
request ``shall be strictly and narrowly interpreted.''
Some allowed access--which includes foreign nationals with
access to the cockpits of some all-cargo transport category
aircraft during flight--are vetted on the basis of a Security
Threat Assessment (STA), not a fingerprint-based criminal
history records check, as is required for insiders within the
SIDA.
The Federal Flight Deck Officer (FFDO) tactics, techniques,
and procedures trained by TSA do not reflect the realities of
an attack coming on-board an aircraft without a hardened door,
and they need to be amended for that purpose. This information
has been conveyed to responsible parties in TSA.
actions to address the insider threat
Commercial aviation has greatly increased its safety record using
predictive data which helps identify potential or actual risk.
Similarly, TSA and the aviation industry, including ALPA, have been
working for several years on the development of more advanced means of
predicting if and when a person will become an actual threat to
security. The United States has made significant strides toward
obtaining a better understanding of the trustworthiness of individuals
working in airport sensitive areas, and elsewhere of course, since the
9/11 attacks. This has been accomplished, in part, by the development
and use of the FBI's Rap Back service which, as described by the
Bureau, ``allows authorized agencies to receive notification of
activity on individuals who hold positions of trust . . . thus
eliminating the need for repeated background checks on a person from
the same applicant agency. Prior to the deployment of Rap Back, the
National criminal history background check system provided a one-time
snapshot view of an individual's criminal history status. With Rap
Back, authorized agencies can receive on-going status notifications of
any criminal history reported to the FBI after the initial processing
and retention of criminal or civil transactions.'' TSA also performs
recurrent checks against the Terrorist Screening Center's watch list
and other databases to identify any person who is known or suspected of
being involved in terrorist activities.
Perhaps most importantly, TSA has adopted a risk-based approach
with the goal of consistently applying it to all aspects of the
agency's mission. This replaces the one-size-fits-all security, which
was in place on 9/11, and includes consideration of the individual and
his or her role within aviation in the development of security
requirements and policies. ALPA has been advocating for a risk-based
security paradigm for about two decades and has been pleased to work
with this committee to improve our Nation's aviation security
infrastructure and protocols.
In 2009, TSA initiated an Insider Threat Task Force, and in 2013
created a new Insider Threat Program, which includes an Insider Threat
Unit that follows up on threat incidents, inquiries, and tips. Two
years later, the agency chartered the Insider Threat Advisory Group
(ITAG) of TSA subject-matter experts. Earlier this year, TSA asked the
Aviation Security Advisory Committee to create a new Insider Threat
subcommittee, on which ALPA participates. The subcommittee has met
twice in the past few months and is presently anticipating a request
from TSA leadership to expound on and make recommendations concerning
the threat posed by insiders with access to aircraft, as was
demonstrated in the Horizon aircraft-theft tragedy, along with any new
or revised recommendations.
Relatedly, TSA requested ASAC in 2014 to create an Employee Access
Working Group, on which ALPA was represented, that delved into the
physical screening of employees at entrances to secured areas and other
means of minimizing the risk of insiders. The WG reported its findings
to the TSA's leadership the following year along with 28 separate
recommendations for improving countermeasures against the potential
threats posed by insiders. Those recommendations covered a wide range
of different aspects of improvements to thwart the threat and many of
them have been implemented, or are in the process of being implemented.
horizon air tragedy
A matter of great interest continues to be the circumstances of the
Horizon Air tragedy near Seattle-Tacoma International Airport, in which
a company ramp employee, named Richard Russell, commandeered a Q400
aircraft and after a period of flight, crashed the airplane into the
ground. Unanswered questions remain about why this individual committed
such an outrageous act, and how he was able to do so. What we know is
that the employee is reported to have passed all company and airport
vetting checks to obtain employment and required access badges. We also
know that he gained access to the aircraft that he eventually stole in
an area of the airport in which he was authorized to work unescorted.
melbourne, fl security breach
While not specific to an insider threat, under current deviances
for cargo operators, nothing would prevent a security breach like the
one in Melbourne, Florida a few days ago from having an impact on cargo
security. If there are non-trusted insiders with access because of weak
SIDA rules, background checks, and vetting for all cargo operators
creates opportunity. This event demonstrates methodology and means, and
intent. Additionally, it highlights the ability for people to gain
access to SIDAs and it is only a matter of time before they realize
that cargo wide-body aircraft have no cockpit doors. Media reports
indicate that the individual wanted to do harm with the aircraft.
Attempted commandeering seems to be a ``trending'' risk, which under
current rules makes cargo specifically vulnerable.
While we are collectively waiting for the answers which will likely
come at some future date, one area of improvement that ALPA believes is
worth pursuing is making mental health resources available to all
aviation insiders. Since the beginning of this year, ALPA has expended
considerable resources on the development of a new, peer-reviewed
support program. It is our belief that this program, and others like
it, will help save lives of aviation employees and others.
conclusions
The insider threat is one that has existed as long as there have
been aviation industry employees and one that will be always be a
component of the industry. The threat today is manageable, however,
because of efforts being made by TSA and the industry to collectively
stay abreast of it. However, improvements are needed, particularly
within the all-cargo arena which does not have the same level of
security as passenger operations. We urge this subcommittee to continue
to exercise its oversight and leadership and help ensure that all
sectors of commercial aviation are adequately protected from external
and internal threats.
Mr. Katko. Thank you, Mr. Canoll.
I now recognize myself for 5 minutes of questioning,
although, since there is not a ton of people here today, we may
show a little flexibility to all of us, all of my colleagues.
Just really quickly, Mr. Canoll, I just want to understand
this. Is it your testimony that cargo is sometimes unloaded on
planes outside of SIDA-controlled areas? How is that possible?
Mr. Canoll. Well, the way the regulations are crafted, it
is measured on a simple weight equivalency. So if the weight of
the aircraft is under 100,000 pounds, they don't need to
establish a SIDA to load it or unload it. That includes
aircrafts like ATR-42s, Cessna 208s, Air Caravans 408s, the new
Cessna Sky Caravan. They are all allowed to be loaded and
unloaded because they are well under 100,000.
Mr. Katko. I understand that, but why is that? What is the
logic behind that, the size, the weight requirement? How is
that possible? I mean, how do you make a determination on what
is secure and what is not based on the amount of cargo? It
doesn't make sense to me.
Mr. Canoll. It doesn't to me either, sir. I agree.
Mr. Katko. Who makes that decision?
Mr. Canoll. That, I believe, comes from the TSA. I believe
it is from the TSA. But Steve might know better. Steve might
know better.
Mr. Katko. Would you agree that is something we need to
address?
Mr. Canoll. Yes, sir. That is on our list of things that
need to be addressed, yes, sir.
Mr. Katko. OK. Thank you very much.
Ms. Reiter, I appreciate your testimony, everyone's
testimony today. As I said in my opening statement, we have
documented incidents all over the map here of insider actions,
not just threats, actions.
We have a terrorist act in the Midwest, we have individuals
willing to smuggle even bombs on airplanes, or at least saying
they would be willing to do that. We have individuals that were
checking manifests to see where Federal air marshals are.
We have individuals, part of the Dallas/Fort Worth case, we
have in the Dallas/Fort Worth case we know that they were
seeing where the VIPR teams were, and they were just going in
other doors to get into the secure area.
So risk-based security, layered security, of course, is
great, but it is not foolproof, obviously.
Mr. Alterman, I am going to get to you in a minute on the
ATLAS program, but I do want to talk for a moment with Ms.
Reiter.
Based on your experience, we are going to have this report,
after-action report, and I would very much like, if it is
appropriate, to have it in the secure setting, for both the FBI
component, as well as your own after-action report. I think it
is really important that we get that in a timely manner.
When do you expect the report to come out?
Ms. Reiter. End of year.
Mr. Katko. OK. Great. So let's try and schedule that as
soon as it comes out. I would appreciate that.
But we have talked about the insider threat issue. We have
addressed it in the legislation that has been included in the
FAA. I am looking very forward to everyone's discussions that
are going to be coming out of that bill.
One thing that bill doesn't consider or doesn't overtly
consider is what is now a new concern, that is the mental
health component. So for anybody here, let's start with Ms.
Reiter, how do we address that? What do we do to try and
address the mental health component of this threat?
Ms. Reiter. Thanks for asking that.
So we are addressing that in our ASAC group as well. We are
looking at something that Baltimore currently does, which is
not a mandatory issue, but looking at--it is called Mental
Health and First Aid, which is offered to any employee that
wants to come in and volunteer to look at this program. But it
is much of just wanting to come in and talk, someone to talk
to, if you will.
We are doing some surveys of how many employers actually
offer EAP programs, because maybe they don't offer EAP
programs. So we are starting there first, right, and making
sure that all the employers offer an EAP program. But just
allowing the employees to have an opportunity to have somebody
to talk to.
Then, of course, from a legal perspective, can you mandate
that people have a mental illness program?
Mr. Katko. Right. We have to take a look at it.
Ms. Reiter. We have to look at that.
Mr. Katko. My son is in the military. He is a second
lieutenant. They have peer-to-peer programs in the military, I
believe, from my conversation with Mr. Canoll.
So what about a peer-to-peer type program? If that sounds
like a good idea, how would we implement that?
Mr. Canoll. So in our union, we have great examples of it,
and we use it on many of our properties, and we have a National
program.
It is not meant to handle the certification medical ability
of the pilot to fly, but it is a place for the pilot to go if
there are stresses in their life that are affecting their job.
We find that if they have a place to go, they are apt to do it
instead of internalizing the problem and bringing it into work
with them.
Mr. Katko. It sounds similar to Ms. Reiter's
recommendation.
Mr. Canoll. Exactly. We found it has worked very well, and
we will partner with anyone to show them how we are doing it.
Mr. Katko. OK. Anybody else want to add to that?
Ms. Beyer.
Ms. Beyer. I would just add that, I mean, as has been said,
the well-being of our employees is very important to the
airlines.
On the point of employee assistance programs, many of the
airlines already do offer a number of those programs to address
issues such as stress management, or work-life balance, or
grief and loss issues, et cetera.
So it is something we are already actively engaged on.
Mr. Katko. Thank you very much.
Mr. Alterman.
Mr. Alterman. Yes, I would just like to echo what has been
previously said. A number of our companies already have
programs like that. I think what ALPA is doing is good.
I think that all of these issues will be explored in the
context of the Insider Threat subcommittee of ASAC and we will
probably come forward with some recommendations on it.
It is a very tough issue because of privacy issues, but it
is one that needs to be addressed, and we intend to do it.
Mr. Katko. I appreciate that. That is going to be important
for us to hear from you on. Of course, it is a touchy area.
But here are the facts: Five people now in the country die
from suicide. For every suicide, there are 25 suicide attempts.
That means several thousand people a day attempt to take their
own lives.
In so doing, they often take other people's lives. We see
that from the school shootings. We see it in what happened in
the Seattle-Tacoma thing, most likely.
So it is an issue that we can't ignore. I am head of the
Mental Health Caucus in Congress, and it is stunning to me when
we look at the fact that 24-year-olds and younger, the No. 2
cause of death for them is suicide. No. 2. For people,
everybody in this country, the No. 10 cause of death is
suicide.
So if we don't start embracing the reality that it is here
and it is a serious problem and we need to get--I am asking
you, and I am sure my colleagues will agree, to take a very
deep dive on this as part of your ASAC review. It is going to
be very important.
With that, and we will have another round of questions for
everybody, but I don't want to take away from everyone's time.
Mrs. Watson Coleman has another hearing to get to, so we will
have her go next. The Chair will now recognize Mrs. Coleman for
5 minutes or more of questioning.
Mrs. Watson Coleman. Thank you, Mr. Katko.
Thank you each for your testimony. You certainly have
raised questions, particularly issues regarding cargo planes
and the security necessary. You have made some recommendations
that were significant to me in terms of training and the
secondary--a door, a door, and then a secondary door, which I
am not sure I understand what that is.
Can anyone explain to me what that second?
Mr. Canoll. So the secondary barrier was part of the 9/11
Commission's report as a companion element to a hardened
cockpit door. Knowing that a cockpit door has to be opened at
certain types of flights, either for inspections or
physiological need, the idea was to ensure that anyone who was
outside that cockpit door was barred from rushing the cockpit
door when it was opened.
So it is very inexpensive comparatively to airplane things.
Screen, mesh screen wire, retractible wire that comes across in
front of the door, creates a space between when the cockpit
door is open so no one can rush in.
Mrs. Watson Coleman. Oh, I never noticed. Maybe I have not
been close enough to first class.
I want to talk about these incidences, though, because
these incidences just sort-of scare me.
No. 1 is that with regard to the individual in Washington.
First of all, I shared with my Chairman that I want to have a
confidential briefing on what we find in this instance as well
as the Orlando incident. Very different.
With regard to this incident, I don't know the sort-of cost
effectiveness of some kind of vetting that includes some sort
of mental health check, whether or not it is on their
background or whatever. I don't even know. I don't even know
that that would have raised an alarm with regard to this
person.
What I think, though, is this whole ``See something, say
something,'' if you work with an individual for a period of
time and all of a sudden you see different behavior, you see
different kind of complaints, you see someone who is very
morose or whatever, I think employees need to be alerted to you
are not a rat when you share this information with someone who
might be helpful to that individual.
I don't know if we are looking at trying to do some
employee awareness accountability training now that something
like that has happened.
Ms. Reiter. So that is also something that we are looking
at, but I can tell you that was not this case. The employees
were--his employees that were with him were totally shocked.
But I can tell you that we are looking at programs such as that
where the employees will notice.
Mrs. Watson Coleman. But he got on that plane by himself.
My understanding was--and I don't know for sure, this is just
information that was shared with me--that, typically speaking,
there should have been two people, one with him.
So is that just not enforced? Is that just this incident?
What is the deal with that?
Ms. Reiter. So I would like to talk more about that in a
different setting after the investigation is completely done,
if I can, please.
Mrs. Watson Coleman. OK.
I have a question for Mr. Canoll. I mean, how insightful
and how like efficient--how does one become a pilot simply
because one plays video games that simulate flying? How did
that guy get that plane up in the air?
Mr. Canoll. So if you have a computer with an internet
connection and some time, you can download the manuals to just
about any aircraft that you want to get familiar with and teach
yourself by looking at the panels, ``Oh, that is the APU
switch, I need to start that first.'' Download the checklist.
It will tell you start the APU, turn on the air conditioning
packs, close the cross-feed valves, engage the starter. You
could just look at it and figure it out if you had enough time
and the desire to do it.
Mrs. Watson Coleman. But that takes some time when you are
on a plane, too.
Mr. Canoll. Well, you could do it, if you could display the
panels, a picture of what the overhead panel looks like, that
is all you really need.
Mrs. Watson Coleman. I mean, this guy got on the plane,
then had to do all the things that you said he did. He got to
fly the plane and no one before he got that plane off the
ground alerted anybody. Nobody. That is like a lot of time to
do something awful like that and not have some kind of checks
and balance.
There are so many more questions on this, but I think that
there probably are going to be things learned, discussed in
different settings.
So in the Melbourne, so what are we supposed to do,
electrify fences around airports? What is it that we could have
done even in that situation, from your perspective?
Maybe I should ask Mr. Alterman that and Ms. Beyer.
Mr. Alterman. I am not sure I know the answer to that
question. I don't know the configuration of the airport.
Perimeter security is an issue. It is a serious issue on how we
handle perimeter security.
We have just sort-of regenerated our airport and perimeter
security subcommittee in ASAC. In view of what happened at
Melbourne, I am virtually sure that that subcommittee will be
working on that.
I don't have an answer for you. I just have a process for
you. We will be looking at that. It is more of an airport than
an airline issue. But from an ASAC perspective, it is something
we will look at.
Mrs. Watson Coleman. Thank you, Mr. Alterman.
Ms. Beyer, I don't know if you have any----
Ms. Beyer. Sure. I would just add that, of course, it is
very important that we allow the investigation to conclude to
be able to analyze all the facts.
However, if what I understand about the incident holds
true, then I would argue that it reinforces what we believe so
strongly in the importance of layered security measures, that
it can't just be about perimeter fencing, perimeter security,
which is indeed very important, but that can't be the only
layer.
As I understand the details of the incident thus far, the
two employees that encountered this individual----
Mrs. Watson Coleman. Thank God for them.
Ms. Beyer [continuing]. They used their robust employee
training that they had already received to challenge this
individual who they didn't believe belonged where he was. I
don't believe I have heard that he was badged.
So I think that this is an example of how important those
other layers are, a robust challenge culture in the airport for
all employees. These are really critical.
Mrs. Watson Coleman. Thank you. My time is up. There are so
many more questions that we need to----
Mr. Katko. You can go ahead and take a second.
Mrs. Watson Coleman. No, I am good. I think that I want to
understand were lessons learned and more response to the
challenges that we face, particularly in situations like this.
But I also appreciate everything you have said with regard
to cargo security. I know we talked about that. We are very
interested in ensuring that everything that has to do with
aviation, if it is one pilot flying tons of cargo, if it is 700
people on a triple-triple-decker plane, we want to make sure
that they are safe.
So thank you so much for your testimony.
Thank you, Chairman.
Mr. Katko. Thank you very much. There are several more
questions I am going to have, so I am going to have a second
round for sure.
The Chair now recognize Mrs. Lesko for 5 minutes of
questioning.
Mrs. Lesko. Thank you very much, Mr. Chairman.
Thank you for your testimony today. I am a Congresswoman
from Arizona. I noticed one of the incidents in 2018, this
year, had to do with the FBI doing an undercover operation with
some type of drug smuggling, specifically methamphetamines, to
several airports, including Phoenix Sky Harbor International
Airport.
So my question--one of my questions--is just briefly, if
anybody knows, what type of workers were these? Were they a
combination of different categories of workers? I am curious if
anyone knows that answer.
Mr. Canoll. No, but I will tell you from a pilot's
perspective our concern here is, while this is just illegal
transport of contraband, you would say, well, what is the
safety concern for, let's say, the passengers on-board the
aircraft? The fact remains there are criminals in the security
identification area. If they are willing to do that, what are
the other things they are willing to do that could endanger the
lives of our passengers or unsecure our cargo?
Mrs. Lesko. Well, yes, I agree, because in the notes that I
have not only were they transporting drugs, but also willing to
transport guns and explosives. So that is a bit more serious.
I do have a very basic question as well, Mr. Chairman, to
anyone that can answer. So for a person that obviously doesn't
fly a plane, do all planes like anybody can--I mean, obviously
they have to have some type of security clearance, but there is
no like code you have to punch in or anything, you just start a
plane?
Mr. Canoll. I will go first.
For those aircrafts in the passenger regime that have a
hardened cockpit door, there is an electronic system that
unlocks the door to gain access to the cockpit, but not all
cargo aircraft have that.
But that door, even when the aircraft is on the ground and
being subject to maintenance or cleaning or modification, there
are people who have to access the cockpit besides the pilot.
Mrs. Lesko. Sure.
Mr. Canoll. They will be given that code, too. So there is
going to be the proliferation of the code throughout the
system.
You can change the code. It is a labor-intensive thing. But
that is the only barrier we have now to restrict someone from
gaining access to a cockpit that is just sitting there on the
ramp.
Mrs. Lesko. Mr. Chair and Mr. Canoll, the code is to the
door or the code is to start the plane?
Mr. Canoll. The code is to unlock the electronic lock to
the door to the cockpit.
Mrs. Lesko. OK.
Mr. Chair, I have one more question, and that is a specific
question on when is the cockpit door supposed to be closed and
who does it? Does the pilot do it? Does the air crew do it?
When should it be closed?
Mr. Canoll. So for passenger operations, and I believe it
is specific to the airlines' procedures, for example, at my
airline, once the cabin is secured, the lead flight attendant
comes to the cockpit, says the cabin is secure. The captain
then gives her permission to close the door. She or he closes
the door, and then we check the security of the door.
It will remain in that case closed and locked for all
purposes, except for physiological needs of the crew or if
there is some maintenance need that requires a pilot to go back
to check the extension of the landing gear or the condition of
the wings during de-icing conditions, until you arrive at the
gate and the engines are shut down and the shutdown checklist
is complete. Then the cockpit crew will open the door.
Mrs. Lesko. Thank you. The reason I ask that is because I
was recently on a flight, and I was kind-of surprised because I
used the lavatory right at the front by the cockpit door, and
the cockpit door was open and there was a bunch of passengers
on-board. We hadn't taken off yet. So I was just curious when
do you close the door. I don't know what you mean by when they
have cleared the plane.
Mr. Canoll. So it is when the boarding is complete, the
passenger boarding door is closed, and the flight attendants
are assured that everyone is in their seats with their
seatbelts fastened. That is when the cockpit doors close,
before the aircraft moves off the gate for the purpose of going
to takeoff.
Mrs. Lesko. Thank you very much.
Thank you, Mr. Chair.
Mr. Katko. Thank you, Mrs. Lesko.
The Chair now recognizes Mr. Estes for 5 minutes of
questioning. I will note that Mr. Estes also got a bill passed
as part of the FAA reauthorization, and we are happy for that
bill as well.
Mr. Estes. Thank you, Mr. Chairman.
I have got a couple questions that I wanted probably
several people maybe to chime in on. The first one just deals
with when an incident happens at an airport or a particular
airline notices that, how do the details of the incident and
the results and the findings and the action plan for corrective
action get communicated through the airport community and
through the airline community as well?
Maybe I will just start from an airport standpoint and go
from there.
Ms. Reiter. Thank you for asking.
So what we did immediately after the incident was contact
our associations, ACI and AAAE, and they immediately got a
phone call together with all of the airports so that we could
talk to the airports about what had happened and we could talk
about anything that we felt that we could tighten up at our
airport and also that perhaps other airports could glean and
help them as well.
We then also contacted A4A, and we got a meeting together
with them. That is where we decided that it would be really
applicable for us to get a group together to talk about this
and also be part of ASAC.
So we also have learned from the events from San Francisco,
Los Angeles, and Fort Lauderdale that it made sense for us to
do an after-action report because of the event and to hire an
outside consultant to do that after-action report. So that is
immediately what we had done.
Mr. Estes. Is that becoming a standard operating practice
within the association maybe to communicate that? I mean, just
share that information.
Ms. Reiter. Yes, it makes sense to go through your
associations, yes.
Mr. Estes. OK. Thank you.
Maybe you can.
Ms. Beyer. Sure. I would just add from the airline
perspective, very similar to what my colleague already
highlighted, we immediately had calls amongst not only the A4A
member airlines, but also our partners at the Regional Airline
Association and NACA to discuss the incident so that everyone
had the facts about what we knew at that time and what happened
and could take any measures that they deemed appropriate.
Also, I think immediate conversation certainly with our TSA
partners and other law enforcement officials is very critical.
Mr. Estes. Thank you.
I don't know if there is anything from a cargo standpoint
that might----
Mr. Alterman. I think a couple of things.
No. 1, what you are hearing is very true, and that is the
associations within Washington that represent all the segments
of the industry work very closely with each other. When
something like this happens, believe me, we are on the phone
with each other right away.
The other thing, which goes back perhaps one step to your
question and it sort-of developed more primacy after the Fort
Lauderdale incident, was the question not of the after-action,
but what have we learned in terms of when an incident is in
progress, who is in charge, who does what, how do we
communicate that, how do the various parties, whether it is
TSA, law enforcement, airlines, airports, how do they all work
together as an incident is happening before we get to the
after-action things?
I think there has been a lot of progress in that area, too,
because I think a lot of airports--and Wendy can chime in on
this--a lot of airports learned that maybe you have got to have
one central command center so that when something is happening
all the information goes to one place and you have got a
process in place. I am not talking about specific things, but a
process in place so that while these things are happening there
is better coordination among all the people.
Mr. Estes. All right. Thank you.
Another question that we kind-of talked about in your
opening statements is that we are much more engaged in the use
of biometrics, particularly as we move forward, and some of the
things were just rolling out in terms of how we use that and
what do we do.
Are there particular things, have we gotten to the point
yet or are we still kind-of in the preliminary stages of, are
there additional rules and regulations that need to be put in
place for use of biometric, maybe even additional statutory
changes that need to be done to allow that effective use?
Ms. Beyer. Sure. So biometrics is a really important issue,
as you have correctly noted. You know, I think that I would
say, in terms of use in the airports, it can be a very
effective tool.
I know, as our colleague Wendy has noted, they use those at
employee access points at Seattle Airport. Many other airports
have similarly used or implemented biometric systems in a
similar fashion.
What works at one airport may or may not work at another,
depending on that environment. But certainly it is one
effective tool.
Mr. Estes. Thank you.
Ms. Reiter. Yes, I would say I agree with Lauren. It is
very successful for us. However, it is based on layers of
security for different airports. So it is very successful for
us.
Mr. Estes. All right. Thank you.
Mr. Chairman, I yield back.
Mr. Katko. Thank you. You will have an opportunity for a
second round, Mrs. Lesko and Mr. Estes, if you are so inclined.
I have several questions, no particular order of
importance. But as I think about all this and I think about all
the efforts that are going on in the United States, obviously,
I think our airports do an extraordinary job of protecting
people, but it is our job to constantly probe the
vulnerabilities and help you address them.
I am wondering if anyone has an opinion on what they see,
for example, in the Caribbean, which I think is an often very
ignored part of our air traffic as far as security issues. But
somebody was talking about breaching the fence and what goes
on. I remember landing in Caribbean airports, I don't ever see
a fence, or if it was, it was minimal.
So I would like to hear does anyone have security concerns
about what is going on in the Caribbean Basin airports?
Ms. Beyer. So I guess how I would approach that would be
there are, of course, a number of our airlines that operate
many flights in the Caribbean. There are two important pieces
of that puzzle from a U.S. perspective. I think one, of course,
is TSA responsibilities for assessing those airports. In
certain cases, not just in the Caribbean, in other places of
the world, they then impose additional requirements when they
believe the security is not adequate.
But I would also add that in many instances, not
necessarily specific to the Caribbean, in fact at all locations
where airlines operate overseas, we conduct our own risk
assessments of those airports and the particular dynamics in
that environment, and in many instances may choose to, on our
own accord, implement additional security requirements around
our aircraft, passengers, cargo, et cetera, to ensure that
anything put on-board our aircraft en route to the United
States is secure.
Mr. Katko. We are contemplating a review, first-hand review
of those airports, because there are some concerns from the
security standpoint that I think need to be addressed. So if
you feel more comfortable talking about some of these in a
secure setting, I am happy to hear that. But I am just trying
to get a general feel whether there are some concerns about
those airports.
Anybody else want to offer anything?
Mr. Alterman. Not necessarily with the Caribbean airports.
A lawyer never does this, but I don't know.
But I think what Lauren said is very true about
international operations. We all try to base our judgments in
what we do based on the risk inherent in any particular
operation. When we are operating from dangerous areas or from
airports that have a security that is less than others, we take
extraordinary steps to make sure those are secure.
Freight moving into the United States is given much more
security when they come from an Afghanistan than they do from
an Iceland. We are always looking at the risk inherent in
operating in various places, and the measures we take are
tailored to those risks.
So if there are problems in the Caribbean, and I don't know
of exactly what those are, I am sure our operators do and are
taking the steps. All of our security programs are in force in
all of those places.
Mr. Katko. OK. Thank you.
I am going to switch gears here a bit. I know we are going
to study this, we are going to get an after-action report, we
are going to get all the discussions down the road. But the
fact remains is a maintenance worker walked into a plane,
started it up, and took off. Is there something we can do now
to kind-of prevent a possible copycat from happening between
now and the time we get your detailed input?
I mean, how it is that a ground guy can walk up into a
plane and turn it on and take off? I mean, forgive my
ignorance, are there any biometrics that help you with the
plane? Who has access to the plane? Is that something that is
of concern? There are not even keys to planes.
Also I understand that in this particular instance the
individual was getting some training within the airport for
flying, if I am not mistaken, having access on his down time. I
am just curious about all of that.
So I don't know who wants to start with that. That is a lot
of stuff there to cover.
Mr. Canoll. So I will start, Mr. Chairman.
As mentioned before, there isn't any key to the airplane or
any biometric loop you have to check off before you----
Mr. Katko. Not just cargo, any airplane, right?
Mr. Canoll. Any airplane. They are just not designed that
way.
But there are things that the industry groups are working
on that are relatively quick to implement. Most of them we
can't really discuss here because it would disclose what the
countermeasure would be. But some are very simple, like
blocking access to the runway once there is an unauthorized
movement on the aircraft. It is relatively simple. You can say
it, but, of course, the configuration geometry at each airport
might be different. If there is a ramp very close to the
airport, you may not have time to block the access to the
runway.
But those are the ideas that are being bantered about. I
think there are some solutions. It is not going to be fool-
proof, but it is going to be a really good layer to prevent
this from happening again.
Mr. Katko. Does anybody else want to add to that?
Ms. Beyer. Go ahead, Wendy.
Ms. Reiter. Sorry, Lauren.
So to talk a little bit about this particular case. First
of all, he was viewing the simulation of this particular
aircraft in the break room on several occasions, so he did
clearly understand--or wanted to understand how to fly this
aircraft. He was not a pilot by any means and this is how he
learned how to fly the aircraft.
The aircraft was extremely close to the runway. It was at
the north end of the airfield that was very close to our
runway. From the time that he got into the airplane--by the
time that he started the engines, pushed the aircraft back, and
got into the air was less than 4 minutes. So it was extremely
close to the airfield.
There are multiple things that we have done to increase or
to make security more visible since then. We have more
uniformed and nonuniformed personnel down at that end of the
airfield. It is quite remote comparatively.
We also are looking at other technologies. You know,
perimeter. There is some video technology that you can purchase
for a fence line that we are currently looking at to have done
within the next 6 to 8 months. Rap Back is another, which would
not have helped us in this case because he didn't have anything
in his background anyways. However, the next case it could help
us, right? So there are other things that we are doing to help
as well.
Alaska Airlines, it has increased their ``see something,
say something,'' have met with every single one of their
employees to talk about if you see something that is not the
same or out of the ordinary, or if you see an employee that is
acting differently, please alert us. Stop the operation. It is
OK to stop the operation if you see something.
So we definitely have increased our visibilities, and so
has Alaska Airlines and other airlines, for that matter.
Mr. Katko. Just out of curiosity, why was a flight
simulator for that particular plane in a break room?
Ms. Reiter. He was viewing it on one of the computers in
the break room.
Mr. Katko. Oh. So, in other words, he just had access over
the internet to it.
Ms. Reiter. Right.
Mr. Katko. Oh, I gotcha. OK. OK. I thought it was like
``here is how to fly this plane'' in a break room.
Ms. Reiter. No. No, not at all.
Mr. Katko. Whew. OK. All right. We are good.
All right. Thank you.
Anybody else want to add anything?
Ms. Beyer. I would just add to Wendy's point, the airlines
operating in Seattle have worked very closely with Wendy and
her team on a number of the short-term changes that she already
outlined. But some of the airlines have also implemented their
own measures, such as increased police or management presence
around aircraft, particularly at remote locations.
I would just say I firmly believe, though, while it is
important to evaluate the facts of individual incidents, that
we shouldn't just focus on the one or two incidents. I believe
our approach should be to evaluate insider threats globally.
Airlines, as I know airports do as well, the airlines already
have robust insider threat programs that are tailored to the
unique needs of their companies.
That being said, we are constantly evaluating how we can be
better and if we need to change some of our practices, and that
is why we initiated the working group that has been mentioned a
lot today, and that is why we are actively participating in the
ASAC effort.
Mr. Katko. I think the ASAC effort is going to be
critically important. You have a long list of things to look
at. I mean, if this bill gets signed, gets through the Senate,
it is going to direct you to do that.
So, I mean, I look at the mental health component, which I
am asking you to specifically take a look at. The ground
component. How do you stop a plane if it is going to go? Is
blocking a technique to be used? Plane access. Who is getting
access? Why? What are best practices for that?
Then, in addition to all the other access control issues,
like the smuggling, let's not forgot something this size can
take down an airplane now. We know that. It is going to take an
awful lot of really good, hard critical thinking to fix that.
We have gaps that are gaping, and a lot of it is from the
insider threat perspective, that we keep an eye on.
So I hope and pray that you are going to do a very thorough
report on this because we are definitely going to have to talk
more about this.
Mr. Alterman. Yes. Thank you, Mr. Chairman.
We are, and I hope we can do the good job. I think that we
have the right people in the room on the new Insider Threat
subcommittee. We are looking at all the issues you mentioned.
We are looking at the requirements from the FAA Act when it is
passed.
We understand the seriousness of it. We have a very good
TSA team working with us. They have something called the ITAG
that they have had for several years, which is the Insider
Threat Advisory Group. That has now been rolled into the--not
rolled into, but is cooperating with and working with the ASAC
team on this so that we now have all the information we hope in
one place.
Several meetings have been held already, and we hope to get
something by the end of the year. This is difficult. Once you
even decide what to do, writing a report and getting it through
everybody is difficult. But we understand that.
I might say, sort-of as an aside, I actually counted, and
the FAA bill has 9 separate tasks for ASAC, and 2 or 3 others
that relate to the work we are already doing. We understand
that, and we appreciate your confidence in us. We may need
mental health training for all the ASAC members before we are
through.
But thank you.
Mr. Katko. Listen, that is part of it. Your credibility has
skyrocketed because you are producing, and you are
collaborating. You take into account everyone's concerns. From
that come good things. I think we could learn in Congress from
that, to be quite frank with you.
So it is something that is going to take an awful lot, but
I can't think of a more important issue for the airline
industry right now than this. We are doing a pretty good job of
securing things.
The other big thing I can think of is 3-D scanners. How are
we going to get those to the front line fast enough? We are
going to have to think outside box on that, but that is for
another day.
But I do have a follow-up question for you, Mr. Alterman.
That is, I know TSA and ASAC's current actions are relating to
insider threat. You have been doing something with them, I
believe it is a two-part task that Administrator Pekoske has
come to talk to you about. Could you describe for a little bit
what that is and where you are with it?
Mr. Alterman. Yes. We received a tasking from the
administrator to do basically a two-step process. The first
step in that was basically a research project. That project was
finished and delivered to the administrator on July 19 of this
year. It involved looking, as far as we could in the time frame
allowed, at not only what domestic people are doing on insider
threat, what are some of the practices they are doing, but also
looking overseas at various airports and trying to determine,
to the extent that they would talk to the committee, to
determine what is going on internationally that might inform us
on what we are doing.
That report was submitted to the administrator on July 19.
I was hoping that perhaps I could just attach it to my
testimony, but I am not sure it has been made public.
Mr. Katko. It hasn't been made public, and I am wondering
why.
Mr. Alterman. I have no idea.
Mr. Katko. It is not yours to answer. We are going to have
to talk to Mr. Pekoske.
Mr. Alterman. Yes. I don't think there is anything in it
that is SSI, frankly. But I think it might be useful for you to
understand the depth of that report to get it from----
Mr. Katko. That would be great.
Mr. Alterman. I just feel unconformable giving it to you
without the authority to do it.
Mr. Katko. I understand. We will get it from him.
Mr. Alterman. The second part, the second tasking, which we
think we know what it is going to say but we haven't yet
formally received from the administrator, is looking at what
the research was. What are the next steps? How do we define the
mitigation efforts that we might take based on what we have
already learned?
That has gone over to the Insider Threat subcommittee to
start working on even though we don't formally have the letter.
That involves access controls. It involves all the things we
have talked about this morning.
Mr. Katko. It dovetails with what is going to be in the FAA
bill as well. So that is good you are going to jump on that.
Mr. Alterman. Yes. Exactly.
Mr. Katko. That is encouraging. Good.
I understand the position you are in and I am not going to
ask you to disclose it. But we will have a discussion with Mr.
Pekoske, and I am sure we will come to a conclusion on that.
The Chair now recognizes Mrs. Lesko for as many questions
as she wants to ask. We have some flexibility here.
Mrs. Lesko. Mr. Chairman, I have no more questions.
Mr. Katko. OK.
Is there something, as long as we have a few minutes, is
there something that you wanted us to bring up that we haven't
brought up? I am asking any of the witnesses.
Mr. Canoll. So I just want to emphasize one element here.
If you are viewing the entire global view of insider threat, I
really want to emphasize for the committee the soft underbelly,
in our opinion, is the disparate regulations within the cargo
world.
If you are looking to do something evil with a jumbo wide-
body aircraft--and I want to be clear, most of the jumbo wide-
body aircraft in the United States are cargo aircraft. They are
cargo and not passenger aircraft. Many of them, soon to be
hundreds of them, are going to be flying around without cockpit
doors.
All of our tactics, procedures, and policies are built
around defending that cockpit with a cockpit door. There are no
published procedures or training for how do you defend the
cockpit without a cockpit door.
As a reminder, these cargo aircraft are not all-cargo. They
have people on board. They have animal handlers, couriers,
other employees on board with unfettered access to the pilots
at the controls of the aircraft at any given moment.
So we need to do some serious thinking about that
vulnerability, because, in our opinion, that is by far the most
critical one. It is growing. It is not just a static
vulnerability we see today. There are hundreds of aircraft
being delivered in this configuration in the future. This
vulnerability will grow over time.
Mr. Alterman. Mr. Chairman.
Mr. Katko. Yes.
Mr. Alterman. May I respond?
Mr. Katko. Sure.
Mr. Alterman. I hadn't planned on it, but I need to respond
to that.
Mr. Katko. Sure.
Mr. Alterman. We love our pilots. They are very
professional. We work tremendously with ALPA on a bunch of
issues. They are simply wrong on this one.
Let me explain the hardened door, because I just want to
put it in the record so it is not a one-sided--I don't want to
have an argument here. It is not appropriate.
Mr. Katko. I understand.
Mr. Alterman. The all-cargo industry has a completely
different operational model than the passenger industry. Our
security are designed around that operational model.
We don't carry passengers in any normally accepted use of
that term. We do carry individuals, very limited amount of
individuals. If there is any inference that we are not
regulated in the security of the cockpit, that is incorrect.
We do two things. No. 1, the regulations require us to
screen for stowaways, and we do that. We haven't found any. We
continue to do that. But directly with what Captain Canoll has
said, the regulations require that the all-cargo industry
either have an installed door or have a program, an alternative
program, that is approved by TSA. All of them have that
program.
It is important to note that these alternative procedures
that are applied that protect the plane against the limited
individuals that are on there, whether they be other pilots,
whether they be animal handlers, whether they be couriers, they
are extensive, they have proved effective. Each company may
have a different procedure to deal with it. But all of them
include extensive background checks of every passenger that
gets on that plane and extensive screening of every passenger
on that plane.
In fact, the only incident that I know of that has
developed on a cargo plane in recent years has been a deranged
pilot. That is not to say anything bad about pilots. But we
have been operating millions of flights over many years and
have never had a problem there. We are regulated.
I just wanted to put that on the record. I don't want to
have a debate with Mr. Canoll.
Mr. Katko. I appreciate it. This is not what we are here
for, to have a debate. But, I mean, I guess he is calling into
question the adequacy of the current TSA regulations, and we
will take a look. You are welcome to follow up with us in
writing.
Mr. Canoll. Steve and I have had that debate many times.
Mr. Katko. I understand. I understand completely.
Mr. Alterman. Usually over a beer.
Mr. Katko. That sounds good.
Anything else anyone wants to add that we haven't
discussed?
I do appreciate the frankness of Ms. Reiter to come here
based on a tough situation. As always, she displays a
tremendous amount of professionalism, as have all of you. So I
appreciate all your candid testimony today.
Listen, we are all on the same page here. We are all just
trying to keep people safe, keep pilots safe, keep airplanes
safe, keep our country safe.
It is our duty to do the oversight. We are going to
continue to do it. We have an extraordinary number of hearings
in the subcommittee because we take it very seriously. But we
do appreciate the collaborative nature, and we appreciate the
input of all of you.
So with that, the hearing remains--I have magic words I
have got to say here. Excuse me a second. This is what happens
when you go off script.
Members of the committee may have some additional questions
and we will ask you to respond to those in writing. Pursuant to
Committee Rule VII(D), the hearing record will be held open for
10 days.
Without objection, the subcommittee stands adjourned.
[Whereupon, at 11:24 a.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Question From Honorable Brian K. Fitzpatrick for Tim Canoll
Question. Captain Canoll, given the security discrepancies between
security for passenger versus cargo operation at airports, is there a
real risk associated with cargo operations that we are overlooking?
Answer. Response was not received at the time of publication.
[all]