[Senate Hearing 115-651]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 115-651

   SURFACE TRANSPORTATION SECURITY: ADDRESSING CURRENT AND EMERGING 
                                THREATS

=======================================================================

                                HEARING

                               BEFORE THE

                 SUBCOMMITTEE ON SURFACE TRANSPORTATION
                  AND MERCHANT MARINE INFRASTRUCTURE,
                          SAFETY AND SECURITY

                                 OF THE

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION
                               __________

                            JANUARY 23, 2018
                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation
                             

                  [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
                  
                                    
                  Available online: http://www.govinfo.gov
                  
                              ___________

                    U.S. GOVERNMENT PUBLISHING OFFICE
                    
37-297 PDF                  WASHINGTON : 2019                   
                  
       
       
       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                   JOHN THUNE, South Dakota, Chairman
ROGER F. WICKER, Mississippi         BILL NELSON, Florida, Ranking
ROY BLUNT, Missouri                  MARIA CANTWELL, Washington
TED CRUZ, Texas                      AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska                RICHARD BLUMENTHAL, Connecticut
JERRY MORAN, Kansas                  BRIAN SCHATZ, Hawaii
DAN SULLIVAN, Alaska                 EDWARD MARKEY, Massachusetts
DEAN HELLER, Nevada                  TOM UDALL, New Mexico
JAMES INHOFE, Oklahoma               GARY PETERS, Michigan
MIKE LEE, Utah                       TAMMY BALDWIN, Wisconsin
RON JOHNSON, Wisconsin               TAMMY DUCKWORTH, Illinois
SHELLEY MOORE CAPITO, West Virginia  MAGGIE HASSAN, New Hampshire
CORY GARDNER, Colorado               CATHERINE CORTEZ MASTO, Nevada
TODD YOUNG, Indiana                  JON TESTER, Montana
                       Nick Rossi, Staff Director
                 Adrian Arnakis, Deputy Staff Director
                    Jason Van Beek, General Counsel
                 Kim Lipsky, Democratic Staff Director
              Chris Day, Democratic Deputy Staff Director
                      Renae Black, Senior Counsel
                                 ------                                

      SUBCOMMITTEE ON SURFACE TRANSPORTATION AND MERCHANT MARINE 
                  INFRASTRUCTURE, SAFETY AND SECURITY

DEB FISCHER, Nebraska, Chairman      GARY PETERS, Michigan, Ranking
ROGER F. WICKER, Mississippi         MARIA CANTWELL, Washington
ROY BLUNT, Missouri                  AMY KLOBUCHAR, Minnesota
DEAN HELLER, Nevada                  RICHARD BLUMENTHAL, Connecticut
JAMES INHOFE, Oklahoma               TOM UDALL, New Mexico
RON JOHNSON, Wisconsin               TAMMY BALDWIN, Wisconsin
SHELLEY MOORE CAPITO, West Virginia  TAMMY DUCKWORTH, Illinois
CORY GARDNER, Colorado               MAGGIE HASSAN, New Hampshire
TODD YOUNG, Indiana
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on January 23, 2018.................................     1
Statement of Senator Fischer.....................................     1
Statement of Senator Peters......................................     3
Statement of Senator Nelson......................................     4
    Prepared statement...........................................     4
Statement of Senator Blunt.......................................     5
Statement of Senator Inhofe......................................    19
Statement of Senator Cortez Masto................................    20
Statement of Senator Hassan......................................    22
Statement of Senator Klobuchar...................................    24
Statement of Senator Cantwell....................................    26
Statement of Senator Thune.......................................    27

                               Witnesses

Hon. David P. Pekoske, Administrator, Transportation Security 
  Administration, U.S. Department of Homeland Security...........     5
    Prepared statement...........................................     7
John V. Kelly, Acting Inspector General, U.S. Department of 
  Homeland Security..............................................    10
    Prepared statement...........................................    11

                                Appendix

Response to written questions submitted to Hon. David P. Pekoske 
  by:
    Hon. John Thune..............................................    31
    Hon. Deb Fischer.............................................    33
    Hon. Bill Nelson.............................................    36
    Hon. Maria Cantwell..........................................    37
    Hon. Richard Blumenthal......................................    39
    Hon. Edward Markey...........................................    42
    Hon. Catherine Cortez Masto..................................    44
Response to written questions submitted to John V. Kelly by:
    Hon. Deb Fischer.............................................    46
    Hon. Bill Nelson.............................................    46
    Hon. Richard Blumenthal......................................    46
    Hon. Catherine Cortez Masto..................................    49

 
                    SURFACE TRANSPORTATION SECURITY:
                        ADDRESSING CURRENT AND 
                            EMERGING THREATS

                              ----------                              


                       TUESDAY, JANUARY 23, 2018

                               U.S. Senate,
         Subcommittee on Surface Transportation and
            Merchant Marine Infrastructure, Safety and Security,   
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 2:35 p.m., in 
room SR-253, Russell Senate Office Building, Hon. Deb Fischer, 
Chairman of the Subcommittee, presiding.
    Present: Senators Fischer [presiding], Thune, Blunt, 
Johnson, Inhofe, Gardner, Young, Peters, Nelson, Cantwell, 
Klobuchar, Duckworth, Markey, Hassan, and Cortez Masto.

            OPENING STATEMENT OF HON. DEB FISCHER, 
                   U.S. SENATOR FROM NEBRASKA

    Senator Fischer. The hearing will come to order.
    I am pleased to convene the Senate Subcommittee on Surface 
Transportation and Merchant Marine Infrastructure, Safety and 
Security for our first hearing of 2018, titled ``Surface 
Transportation Security: Addressing Current and Emerging 
Threats.''
    I also want to welcome Senator Peters, who is the new 
Ranking Member of this Subcommittee, and I look forward to 
working with him. A vote was just called. Senator Peters is 
voting and then will be coming up to the hearing. After I give 
my opening statement, I will be going to vote. Senator Inhofe 
will chair while I am gone, and then hopefully we'll have a 
pretty calm, good hearing following that.
    We must ensure the security of all modes of transportation. 
This includes our roads, rail, ports, pipeline, and mass 
transit systems. Several recent and tragic incidents have 
highlighted the need for greater attention to transportation 
security.
    In 2016, Europe saw terrible attacks that targeted 
transportation systems. In Nice, France, a member of ISIL drove 
a commercial truck into a crowded promenade, killing 84 people. 
Similarly, in March of that year, 16 people were killed in 
Brussels, Belgium, when a bomb detonated at a metro station.
    The United States is not immune to these kinds of attacks. 
On December 11, 2017, a man detonated an improvised explosive 
device in an underground subway terminal in New York City. 
Thankfully, there were no fatalities, although three people did 
sustain injuries. A similar event occurred in New York City's 
Chelsea neighborhood in September 2016, when a terrorist used a 
bomb to injure 31 people near the town's train station.
    These incidents are not exclusive to urban areas, either. 
Last October, an armed man was able to stop a California Zephyr 
Amtrak train near Oxford, Nebraska. He has since been charged 
with terrorism. We must be constantly vigilant against threats 
to our country, including on our Nation's transportation 
system. Al Qaeda has reportedly issued instructions for 
attacking our railroads, calling them our ``easiest targets.'' 
It's clear that our ports, highways, pipelines, and railroads 
are at risk.
    Today's hearing will focus on examining our response to 
threats to our surface transportation system. How we respond is 
vital to the security of passengers as well as our economic 
security.
    The witnesses today oversee our transportation security 
system. On August 3, 2017, the Senate confirmed David Pekoske 
to be Administrator of the Transportation Security 
Administration. The Administrator previously served as Vice 
Commandant of the United States Coast Guard. We will also hear 
testimony from the Department of Homeland Security, Acting 
Inspector General John Kelly, who was appointed Deputy 
Inspector General in June 2016 and became Acting Inspector 
General in December 2017.
    I thank you both for being here.
    In examining our transportation system's security, we 
should examine the risks to our network as well as the 
resources TSA has to address those risks and counter potential 
attacks. The TSA does not directly manage surface 
transportation security the way it manages our airport 
security. Instead, TSA provides guidance, oversight, 
intelligence, and assistance to system operators and law 
enforcement as they work to secure our Nation's surface 
transportation network. This role is critical to close the gaps 
in our transportation security.
    The men and women of TSA perform a tremendous service for 
our country, working night and day to keep passengers and 
freight secure. We must ensure TSA has the tools it needs to 
carry out its mission.
    This Congress, I was proud to cosponsor the Surface and 
Maritime Transportation Security Act, a comprehensive bill to 
address gaps in our surface transportation security. For 
example, in September 2016, the Department of Homeland Security 
Inspector General found that TSA lacked an intelligence-driven, 
risk-based security strategy. Our bill would instruct TSA to 
implement a risk-based strategy so that it can more quickly and 
completely respond to those threats. It expands canine 
explosive detection teams, authorizes computer vetting systems 
for passenger railroads, and establishes a program to train 
surface transportation security operators and inspectors to 
identify and respond to threats. Additionally, it reforms the 
credentialing process for Transportation Worker Identification 
Credential, or TWIC, to ensure clarity with other credentialing 
programs. We will also examine the types of threats that face 
our transportation system, what strategies and technology are 
available to address these threats, and how TSA works with 
industry to shore up our security.
    I look forward to the testimony of our witnesses.
    And I would now like to invite our new Ranking Member of 
the Committee, Senator Peters, to the Subcommittee hearing. And 
if you would like to give your opening statement, sir.

                STATEMENT OF HON. GARY PETERS, 
                   U.S. SENATOR FROM MICHIGAN

    Senator Peters. Well, thank you, Madam Chair. And it's 
wonderful to be here with you. I'll look forward to working 
closely with you in the months and years ahead, hopefully.
    Senator Fischer. Good.
    Senator Peters. So. Well, thank you, again, Madam Chairman, 
for your--for holding this hearing on surface transportation 
today. I'm honored to work in this position, and look forward 
to delving into the issues that the Subcommittee has 
jurisdiction over.
    Mr. Pekoske and Mr. Kelly, thank you both for your service 
to our country, and also thank you for being here today 
testifying before the Subcommittee.
    I look forward to working closely with the Transportation 
Security Administration to ensure that the 60,000 public 
servants who are committed to keeping the traveling public safe 
have the tools and, equally as important, the resources to 
address the ongoing and emerging threats in the transportation 
sector.
    As we have seen recently, surface transportation systems 
continue to be a target of terrorist attacks. Just last year, 
Inspire, an al Qaeda magazine, featured a cover story on how to 
derail trains, with the goal of wrecking or blowing up a train 
to create mass casualties. In December, a man carrying a pipe 
bomb attempted to detonate it in a crowded Port Authority bus 
terminal in New York City. And, tragically, we also saw, in New 
York City last year, how vehicles can be used effectively as 
weapons. In October, a man deliberately drove a rental truck 
down a bike path in Lower Manhattan, killing eight people and 
injuring 15 others. Abroad, we have, sadly, seen similar 
tragedies in England, Spain, Germany, and France. Vehicles have 
been used to cause injuries and casualties.
    These attacks are an example of how quickly everyday life 
can be brought to a shocking and horrific halt. It's a reminder 
that we must find ways to address emerging threats and to 
better protect our citizens. And we've heard this call before.
    We have known for years that our surface transportation 
system, particularly transit and rail, which attract large 
numbers of passengers, are particularly vulnerable. The 9/11 
Commission, in 2004, recognized that rail and transit could be 
an attractive target for terrorists. And it's not just rail and 
transit. All types of surface transportation could be at risk. 
With thousands of containers moving in and out of ports, 
hazardous materials moving through pipelines, and cargo moving 
on trucks and rails across the country, the transportation 
network is vast as well as it is open. These systems still 
present a serious security challenge. A catastrophic failure to 
our transportation system could have serious economic 
consequences that impact every American.
    We know this in Michigan, where an attack on line 5 
pipeline in the Straits of Mackinac could cause significant 
environmental damage, or the Detroit Ambassador Bridge, which 
carries trade between the United States and Canada. So, we must 
ensure that the Transportation Administration--the Security 
Administration is focusing its time and resources on developing 
and implementing new and innovative ways to adapt and meet the 
ever-changing threats to our transportation system.
    That's why I joined with Chairman Thune, Ranking Member 
Nelson, Senator Fischer, and Senator Booker to support the 
Surface Transportation and Marine Security Act, which, as you 
know, passed this committee in April of last year. This bill 
will take a step to close the gaps in that security and provide 
additional resources to enhance security across our 
transportation system.
    I look forward to hearing from our witnesses today on the 
actions that they have taken to adapt to security threats and 
what more we can do to secure our Nation's surface 
transportation system.
    So, with that, Ranking Member Nelson, do you have comments?

                STATEMENT OF HON. BILL NELSON, 
                   U.S. SENATOR FROM FLORIDA

    Senator Nelson. On behalf of the Committee and a lot of the 
things that Senator Peters has just mentioned, this Committee 
has considered and passed legislation to address it. For 
example, in 2016, we passed the Airport Security Enhancement 
Act. We took important steps to prevent insider threats to the 
aviation system. We increased random physical screenings and 
covert red-team testing. In addition, we have the TSA 
Modernization Act, which expands the use of explosives 
detection K9s, continues efforts to expand the TSA pre-check 
program, and extradites deployment of security screening 
technology.
    And, while these steps are critical, but the threat is 
ever-changing. This is evidenced by TSA's announcement that the 
flights originating from the UAE, from Jordan, Saudi Arabia, 
Egypt, and Qatar to the U.S., will undergo enhanced cargo 
screening. And we have discussed previously in this Committee, 
I'm concerned that our current strategy does not address the 
vulnerabilities that we face today, including getting your 
technology, Mr. Administrator, using the very best technology 
for screenings of passengers. And so, we had that also, that 
attempted attack in the New York City transit station. We're 
going to have to address these deficiencies to secure all of 
these transportation systems.
    So, I think it's time to reexamine our transportation 
security strategy and refocus our efforts.
    And, with that, Mr. Chairman, I will conclude my opening 
comments.
    [The prepared statement of Senator Nelson follows:]

   Prepared Statement of Hon. Bill Nelson, U.S. Senator from Florida
    I want to thank Chairman Fischer and Ranking Member Peters for 
holding this hearing about current and emerging threats to our Nation's 
surface transportation networks from terrorist attacks.
    A series of attacks over the last year or so--from attacks in 
London and Barcelona to those right here in the U.S.--have rung the 
alarm bell. We cannot be content.
    Transportation remains a very real target for terrorists and those 
wishing to do harm.
    This committee has heard that call. In 2016, we passed the Airport 
Security Enhancement and Oversight Act. In doing so, we took important 
steps to prevent insider threats to our aviation system. We increased 
random physical screenings and covert, red-team testing.
    In addition, we have the TSA Modernization Act, which expands the 
use of explosive detection canines, continues efforts to expand the TSA 
PreCheck program and expedites deployment of security screening 
technology.
    And while these steps are critical, the threat is ever changing. 
This is evidenced by the TSA's announcement that flights originating 
from the United Arab Emirates, Jordan, Saudi Arabia, Egypt and Qatar to 
the United States will undergo enhanced cargo screening.
    As we have discussed previously in this committee, I am concerned 
that our current strategy does not address the vulnerabilities we face 
today.
    Recent incidents and the attempted attack at the New York City 
transit station highlight the challenges we continue to face.
    We must continue to address deficiencies to secure our rail, 
transit, port and freight transportation systems.
    I believe it's time to reexamine our transportation security 
strategy and refocus our efforts.
    We also need to provide sufficient funding to meet these 
challenges.
    We cannot cut programs that help our communities prepare for and 
respond to threats.
    And we need transit and port grants to help agencies improve their 
security infrastructure.
    I want to thank the witnesses for coming today and I look forward 
to hearing from you on these issues.

                 STATEMENT OF HON. ROY BLUNT, 
                   U.S. SENATOR FROM MISSOURI

    Senator Blunt [presiding]. Well, thank you, Senator Nelson.
    We're glad to have these witnesses with us today. David 
Pekoske, the Administrator of Transportation Security 
Administration, was sworn into that job last August. His 
previous work includes serving as the Vice Commandant of the 
U.S. Coast Guard and, in the private sector, supporting 
government counterterrorism and security services. John Kelly, 
the Acting Inspector General for the Department of Homeland 
Security, was appointed to his job in June 2016. He was 
appointed to his current role in December 2017. So, he's also 
new to this current job. But, his previous work includes 
service as the Deputy Assistant Inspector General for the 
Emergency Management and Oversight, as well as the Assistant 
Director for Forensic Audits and Special Investigations at GAO.
    We're glad you're both here. And members will be returning 
from voting, but, Administrator Pekoske, if you want to go 
ahead and make your opening statement, followed by Mr. Kelly.

       STATEMENT OF HON. DAVID P. PEKOSKE, ADMINISTRATOR,

            TRANSPORTATION SECURITY ADMINISTRATION,

              U.S. DEPARTMENT OF HOMELAND SECURITY

    Admiral Pekoske. Thank you, sir.
    Chairwoman Fischer, Ranking Member Peters, and 
distinguished members of the Subcommittee, thank you for the 
opportunity to appear before you this afternoon alongside the 
Acting Inspector General.
    Surface transportation security is a key priority of mine, 
and I'm looking forward to obtaining your perspective as we 
work together to address current and emerging threats.
    First, let me acknowledge the outstanding men and women of 
TSA. It's my privilege to serve as Administrator to over 60,000 
dedicated professionals. They provide security for millions of 
Americans who use our transportation systems each and every 
day.
    Transportation security is an all-hands effort. Our 
aviation security checkpoint personnel are the most visible 
part of TSA, but there are thousands of other TSA employees 
working behind the scenes, in the air, around the globe, and 
with the owners and operators of our Nation's surface 
transportation systems. They all contribute to TSA's success 
and to our national security.
    On behalf of this team, I thank you for your support in 
enabling TSA to accomplish a mission so critical to the safety, 
security, and economic well-being of the American people.
    Madam Chairwoman, I have tremendous respect for the 
oversight role that this subcommittee performs. I highly value 
your perspective and opinions. You have made us stronger, and 
America safer. I appreciate the Subcommittee's work on the 
Surface and Maritime Transportation Security Act and the TSA 
Modernization Act.
    Since becoming Administrator, I have spent a majority of my 
time at the front lines of TSA, engaging with TSA employees at 
all levels of the organization and meeting with our partners. 
Everywhere I have visited, I have found a deep commitment to 
the mission. That's so important, because, as you know, we face 
a determined adversary. The current threat environment is 
complex, diverse, and persistent, as illustrated by two recent 
terror attacks in the United States, the attempted suicide 
bombing in the Port Authority of New York and New Jersey bus 
terminal on December 11 that injured four people, including the 
bomber, and the vehicle ramming attack a few weeks earlier, on 
the west side of Manhattan, that killed eight people and 
injured 11. They both illustrate the risk our surface 
transportation systems are facing.
    Unlike aviation, where TSA oversees and carries out day-to-
day security operations in our Nation's airport, our role in 
surface transportation security is one of support, 
collaboration, and partnership with surface transportation 
owners and operators. The owners and operators, not TSA, are 
primarily responsible for their security operations. And we are 
proud of the partnerships we have developed, and the security 
improvements that have resulted from those partnerships.
    While TSA's budget for surface transportation is small 
compared to the aviation sector, the Nation realizes a 
significant return from this investment when it is aligned, as 
it is, with the significant efforts being undertaken by our 
surface transportation partners. TSA's resources and personnel 
directly support ongoing security programs with committed 
security partners, who, in turn, dedicate millions of dollars 
to secure critical infrastructure, perform uniform law 
enforcement, public safety, and special security teams, and 
conduct regular operational activities and deterrence efforts.
    The 9/11 Act placed 42 requirements on TSA. All have been 
completed, with the exception of three rulemakings. As I 
testified during my confirmation hearing, completing these 
rules is a top priority of mine, and I know it is a concern of 
yours. To update, a Notice of Proposed Rulemaking for security 
training was released in December 2016. The final rule is 
slated for publishing this coming summer as part of our DHS 
unified rulemaking agenda. An Advance Notice of Proposed 
Rulemaking for vulnerability assessments and security plans was 
also published in December 2016, and I expect this rule will 
proceed to the Notice of Proposed Rulemaking stage in Fiscal 
Year 2019. Finally, the rule on employee vetting is in the 
final drafting stages and will undergo DHS and OMB review this 
year. I expect a Notice of Proposed Rulemaking to be issued by 
the end of calendar year 2018.
    It's important to note that, through the issuance of 
voluntary standards and guidelines developed collaboratively 
with industry, TSA has been able to effectively raise surface 
transportation security standards while the regulatory process 
proceeds. To support surface transportation owners and 
operators with their security needs, TSA focuses that--its 
efforts on regulatory oversight, system assessments, voluntary 
operator compliance with industry standards and TSA guidelines, 
collaborative law enforcement and security operations, accurate 
and timely exchange of intelligence information, intermodal 
training. And I'd note that we conduct intermodal security 
training and exercise programs, or called ISTEP programs, 
throughout the year, and we have a public area security summit 
scheduled for next month, here in Washington, D.C., dedicated 
to surface transportation security. Additionally, TSA performs 
technology development and testing. For example, we are testing 
a standoff person-borne IED detection system. This is in the 
final stages of operational testing and evaluation.
    Chairwoman Fischer, Ranking Member Peters, and members of 
the Subcommittee, in closing, I am deeply committed to securing 
the U.S. transportation system from terrorist attacks. Thank 
you for the opportunity to testify today. And I look forward to 
your questions and comments.
    [The prepared statement of Admiral Pekoske follows:]

      Prepared Statement of Hon. David P. Pekoske, Administrator,
                Transportation Security Administration,
                  U.S. Department of Homeland Security
    Good morning Chairman Fischer, Ranking Member Peters, and 
distinguished Members of the Committee. Thank you for inviting me here 
today to testify about the Transportation Security Administration's 
(TSA) role in surface transportation security.
    My colleagues at TSA and I appreciate the continued support of this 
Committee and its Members, as we carry out our vital security mission. 
We are grateful for the constructive relationship TSA enjoys with this 
Committee, and I look forward to building on this relationship during 
my tenure at the helm of TSA.
    The U.S. surface transportation system is a complex, interconnected 
network made up of mass transit systems, passenger and freight 
railroads, over-the-road bus operators, motor carrier operators, 
pipelines, and maritime facilities. These modes operate in close 
coordination with--and in proximity to--one another every day. To that 
point, the different modes of the surface transportation system often 
use the same roads, bridges, and tunnels to function. In short, the 
American economy and way of life depend on this network continuing to 
operate securely and safely.
    To put the size of the system into perspective, consider that over 
11 million passengers daily travel on the New York Metropolitan 
Transportation Authority (NY MTA) system alone. And more than 10 
billion trips are taken each year on 6,800 U.S. mass transit systems, 
ranging from very small bus-only systems in rural areas to very large 
multi-modal systems, like the NY MTA, in urban areas. More than 500 
individual freight railroads carrying essential goods operate on nearly 
140,000 miles of track. Eight million large capacity commercial trucks 
and almost 4,000 commercial bus companies travel on the four million 
miles of roadway in the United States and on more than 600,000 highway 
bridges greater than 20 feet in length and through 350 tunnels greater 
than 300 feet in length. Over-the-road bus operators carry 
approximately 750 million intercity bus passengers each year. The 
pipeline system consists of approximately 3,000 private companies, 
which own and operate more than 2.5 million miles of pipelines 
transporting natural gas, refined petroleum products, and other 
commercial products.
    As you can see, securing surface transportation is a critically 
important and complex undertaking. Recent terror attacks and plots--
like the attempted suicide bombing in the New York City Port Authority 
Bus Terminal and an increase in vehicle ramming incidents around the 
world, including the most recent attack also in New York City--provide 
compelling reminders of the difficulty in securing a ``system of 
systems'' that is designed to quickly move massive volumes of 
passengers and commodities.
    I look at three things when assessing risk in any particular 
transportation mode; the threat, the vulnerability, and the 
consequence, should an incident occur. When it comes to the surface 
mode, I take the threat very seriously. Because of the open nature of 
these systems, high ridership, and the types of commodities 
transported, the system is inherently vulnerable and the consequences 
of an attack would be high. Although we have invested significant 
resources and implemented numerous programs and policies to reduce 
identified vulnerabilities and minimize potential consequences, in the 
current climate, vigilance and preparation can only take us so far. I 
am actively assessing how best to leverage and enhance TSA's surface 
expertise to strengthen our partnership with surface stakeholders.
TSA's Role
    Unlike aviation, where TSA has been heavily involved in day-to-day 
security operations since its inception, surface transportation 
security has primarily been approached as a partnership with surface 
transportation owners and operators because they, not TSA, are 
primarily responsible for their own security operations. We believe 
this collaborative approach and relationship with surface owners and 
operators is appropriate. The interconnected, varied and expansive 
scope of the surface transportation system creates unique security 
challenges that are best addressed by system owners and operators and 
federally supported through stakeholder communication, coordination, 
and collaboration. TSA takes our security role for surface 
transportation very seriously. To best support surface transportation 
owners and operators with their security needs, we focus our efforts on 
system assessments, voluntary operator compliance with industry 
standards, collaborative law enforcement and security operations, 
accurate and timely exchange of intelligence information, and 
regulatory oversight. TSA's different role in security for surface 
transportation versus aviation is understandably reflected in its 
annual appropriation. Although TSA's budget for surface transportation 
is small compared to the aviation sector, the Nation realizes a 
significant return from this investment.
    TSA's resources and personnel directly support ongoing security 
programs with committed security partners who, in turn, dedicate 
millions of dollars to secure critical infrastructure, provide 
uniformed law enforcement and specialty security teams, and conduct 
operational activities and deterrence efforts. TSA invests its 
resources to help those partners identify vulnerabilities and risks in 
their operations, and works with specific owners/operators to develop 
and implement risk-mitigating solutions to address their specific 
vulnerabilities and risks.
    TSA is a co-Sector Specific Agency along with Department of 
Transportation (DOT) and United States Coast Guard (USCG) for the 
transportation sector. The USCG is the lead Federal agency for maritime 
security in the U.S., and TSA supports the USCG in its maritime 
security efforts and in coordinating interagency efforts for the 
maritime mode. DOT and TSA work collectively to integrate safety and 
security priorities for the other modes of surface transportation. 
Although DOT's regulations relate to safety, many safety activities and 
programs also benefit security and help to reduce overarching risk to 
the transportation system. In the surface environment, TSA has built 
upon those standards to improve the security posture with minimal 
regulations.
TSA's Approach
    Information and intelligence sharing is at the heart of TSA's 
approach to surface transportation security. Whether we are providing 
unclassified information about known tactics, or classified information 
about specific threats, TSA works to deliver information to the 
appropriate surface transportation security partners. We maintain a 
communication network that facilitates the timely dissemination of 
information to stakeholders so they can take appropriate actions to 
prepare for, prevent and defeat acts of terrorism.
    TSA also provides training and exercise support to surface 
transportation operators and their employees. The focus of those 
efforts is often on ensuring the effectiveness of communication 
channels, response plans, and other operational protocols. From 
frontline employees to security executives, TSA works to provide tools 
that enhance preparedness and close gaps in security planning. We host 
activities ranging from tabletop to full-scale exercises that focus on 
events associated with a single transit system to multi-modal regional 
events that bring federal, state, and local security and emergency 
response partners together.
    Without the partnership, collaboration, and initiative of surface 
owners and operators, TSA could not fulfill our surface transportation 
security mission in making systems as safe and secure as practical. I 
have met with many representatives of the surface transportation 
community to better understand their concerns and perspective on 
securing the transportation network and continue to make this type of 
open dialogue a priority. To that end, TSA is hosting a Surface Public 
Area Security Summit next month to discuss security best practices and 
promote additional collaboration. This event will bring together 
domestic and international surface transportation stakeholders to 
discuss security challenges, various approaches to addressing them, and 
opportunities for future collaboration.
Innovation and technology
    The inherently open and expansive scope of surface passenger 
transportation and the evolving threat to it requires TSA to continue 
researching and developing innovative processes and technologies to 
increase security without creating undesired financial or operational 
burdens. Partnership is the key to fostering innovation and ensuring 
the surface transportation system is secure both today and in the 
future.
    TSA incorporates partner needs and capability gaps into our work to 
influence and stimulate the development of new security technologies in 
the marketplace. This effort is designed to make more readily available 
innovative and advanced technologies useful for public area security. 
We try to keep pace with the fast-moving advancement of security 
technologies to address current and evolving threats by looking at 
emerging technologies, including from outside the transportation 
environment, to determine applicability to the surface transportation 
environment. TSA works closely with surface transportation owners and 
operators to introduce new technology and approaches to securing 
surface transportation through collaborative operational test beds for 
different modes of transportation (mass transit, highway motor carrier, 
pipeline, and freight rail), and critical infrastructure protection 
security technology projects to address the increasing threat 
demonstrated from attacks world-wide. For example, TSA is presently 
working with New Jersey Transit, Washington Metropolitan Transit 
Authority, Amtrak, and Los Angeles Metro to assess the effectiveness of 
technologies designed to address threats associated with person-and 
vehicle-borne improvised explosive devices.
Implementing 9/11 Recommendations
    We continue to work to address the remaining requirements of the 
Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 
Act, Public Law 110-53). To date, TSA has met over 90 percent of the 
mandates imposed by the 9/11 Act, including 39 of the 42 surface 
transportation security-related mandates. Completing the remaining 9/11 
Act requirements is among my highest priorities.
    These mandates include the issuance of regulations for surface 
transportation employee training and vetting, the conducting of 
vulnerability assessments and standards for security plans, and 
mandates for the technology work just described. In December 2016, TSA 
issued the Notice of Proposed Rulemaking (NPRM) for the Surface 
Employee Training Rule and the Advance Notice of Proposed Rulemaking 
(ANPRM) for the Vulnerability Assessment and Security Plan Rule; TSA 
anticipates publication of the final Training Rule this Fiscal Year. 
While working on these rulemakings, TSA has taken steps through 
collaborative initiatives and assessments to ensure that front line 
employees receive security training and that owners and operators have 
robust security programs which include security plans, employee vetting 
and exercises.
    Although the finalization of these rules is pending, TSA has worked 
diligently with stakeholders that would be affected by these rules to 
implement programs that meet, and in several instances exceed, what 
would be required by the rules. For example, TSA evaluates several 
areas required for a sound security program through our Baseline 
Assessment for Security Enhancement (BASE) program, including security 
training, security planning, and employee and contractor vetting. The 
majority of the higher-risk transit systems (those with daily passenger 
trips of 60,000 or higher) achieved a score of 90 percent or higher in 
the security planning, security training, and employee and contractor 
vetting areas in their most recent BASE reviews.
Conclusion
    In closing, I believe a reinvigorated strategy is an essential 
foundation for success in our mission, and I have engaged my executive 
staff, with their years of experience, to reexamine and re-envision 
TSA's strategy and to place a much greater emphasis on surface 
transportation security--both in organizational and mission focus. I 
have also engaged many private sector surface transportation owners and 
operators to improve strategic partnerships and promote effective 
collaboration, and look forward to ongoing engagement with members of 
this committee as we develop our strategic path forward for TSA.
    Chairman Fischer, Ranking Member Peters, and Members of the 
Committee, thank you for the opportunity to testify before you today. I 
am honored to serve in this capacity and I look forward to your 
questions.

    Senator Fischer [presiding]. Thank you, Administrator.
    Mr. Kelly.

  STATEMENT OF JOHN V. KELLY, ACTING INSPECTOR GENERAL, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Kelly. Chairman Fischer, Ranking Member Peters, members 
of the Subcommittee, thank you for inviting me to testify 
alongside the TSA Administrator.
    When the American public thinks of TSA, they think of a 
transportation security officer in a blue suit--or, I'm sorry, 
a blue shirt--instructing them to remove their belts and shoes 
before going through a security screening at an airport. The 
truth is that TSA has a much broader responsibility to also 
oversee and regulate our Nation's surface transportation modes, 
such as highways, freight, passenger rail, mass transit, and 
pipelines. Nevertheless, TSA dedicated only 2 percent of its 7-
plus-billion-dollar budget on direct surface transportation 
expenditures.
    In 2016, we were published--we published three reports that 
identified significant weaknesses in TSA's ability to secure 
surface transportation modes in the Nation's maritime 
facilities and vessels. Those reports identified a need for 
crosscutting, risk-based security strategy, the need for better 
controls in its background-check process, and delays in 
implementing passenger rail security regulations. My oral 
remarks highlight just a few of the key points from those 
reports.
    First, TSA's strategy needs--or TSA needs a crosscutting, 
risk-based security strategy. In 2011, TSA began publicizing 
that it uses an intelligence-driven, risk-based approach for 
all transportation modes. However, we found that was not 
correct. In 2016, we reported that TSA specifically designed 
this approach only for air passenger screening. TSA has said it 
is working on a cross-country--crosscutting, risk-based 
strategy, but will not be available to provide it to us until 
April 2018.
    As for the second report, TSA uses the Transportation 
Worker Identification Credential, or TWIC, to vet workers at 
our national ports and maritime facilities. The TWIC vetting 
process includes in immigration, criminal, and terrorism-
related checks to identify offenses that could preclude someone 
from being granted unescorted access to secure facilities. 
Unfortunately, the TWIC vetting lacks key internal controls 
that compromise the program's reliability. These weaknesses 
leave our Nation's seaports at risk for terrorists, 
exploitation, smuggling, insider threats, and internal 
conspiracies.
    Finally, TSA failed to develop and implement rail security 
regulations required by the 9/11 Act of 2007 that Congress 
passed 10 years ago. Surface transportation vulnerabilities can 
be best illustrated by the Ankara, Turkey, railway station 
bombing in 2015; the Brussels, Belgium, metro bombing in 2016; 
and the St. Petersburg, Russia, metro bombing in 2017.
    Passenger and freight rail and computer rail have unique 
security concerns. They operate in open infrastructures with 
multiple access points. That makes it impractical to subject 
all rail passengers to the type of screenings that air 
passengers undergo. Consequently, unlike TSA's security 
presence at airports, TSA's responsibility for rail passengers 
consists of assessing intelligence, sharing threat information 
with industry stakeholders, developing industry best practices, 
and enforcing regulations.
    Notwithstanding these differences, TSA could have taken 
actions to strengthen rail security. Unfortunately, neither--
TSA neither identified high-risk carriers nor issued 
regulations requiring those carriers to conduct vulnerability 
assessments and implement TSA-approved security plans. TSA also 
did not issue regulations that would require a railroad 
security training program and security background checks for 
front-line employees. Your Surface and Maritime Transportation 
Security Act addresses many of these issues.
    Madam Chairman, this concludes my oral testimony. I welcome 
any questions that you or other members may--might have.
    [The prepared statement of Mr. Kelly follows:]

    Prepared Statement of John V. Kelly, Acting Inspector General, 
                  U.S. Department of Homeland Security
    Chairman Fischer, Ranking Member Peters, and members of the 
Subcommittee, thank you for inviting me to testify at today's hearing 
regarding the security of our surface transportation security.
    When the American public thinks of TSA, they think of the 
Transportation Security Officer in a blue shirt instructing them to 
remove their belts and shoes before going through security screening at 
the airport. The truth is that TSA has a much broader responsibility to 
also oversee and regulate our Nation's surface transportation modes--
highway, freight and passenger rail, mass transit, and pipelines--to 
ensure the freedom of movement for people and commerce. Recent 
history--the October 2015 bombing of a railway station in Ankara, 
Turkey; the March 2016 metro bombing in Brussels, Belgium; and the 
April 2017 metro bombing in St. Petersburg, Russia--depicts how 
vulnerable surface transportation can be. However, TSA's budget 
reflects the public perception of its mission, allocating most of its 
resources to air passenger screening and dedicating only a small 
portion to these vulnerable areas of non-aviation.
    In 2016, the OIG published three reports \1\ that identify 
significant weaknesses in TSA's ability to secure surface 
transportation modes and the Nation's maritime facilities and vessels. 
Specifically, we identified issues with TSA's ability to identify risk 
across all modes of transportation, the reliability of background 
checks for port workers, and passenger rail security.
---------------------------------------------------------------------------
    \1\ TSA Oversight of National Passenger Rail System Security (OIG-
16-91); TWIC Background Checks are Not as Reliable as They Could Be 
(OIG-16-128); and Transportation Security Administration Needs a 
Crosscutting Risk-Based Security Strategy (OIG-16-134).
---------------------------------------------------------------------------
TSA Needs a Crosscutting Risk-Based Security Strategy
    TSA has many responsibilities beyond air travel, and is 
responsible, generally through the use of regulation and oversight, for 
surface transportation security. However, TSA focuses primarily on air 
transportation security and largely ignores other modes. We found that 
TSA does not have an intelligence-driven, risk-based security strategy 
to inform security and budget needs across all types of transportation.
    In 2011, TSA began publicizing that it uses an ``intelligence-
driven, risk-based approach'' across all transportation modes. However, 
we found this not to be true. In an audit we released in September 
2016, we reported that TSA specifically designed this approach to 
replace its one-size-fits-all approach to air passenger screening but 
did not apply it to other transportation modes.
    Additionally, TSA's agency-wide risk management organizations 
provide little oversight of TSA's surface transportation security 
programs. TSA established an Executive Risk Steering Committee charged 
with creating a crosscutting, risk-based strategy, which would drive 
resource allocations across all modes. However, neither it, nor any of 
these entities place much emphasis on non-air transportation modes.
    In September 2017, TSA reported that it created a crosscutting 
risk-based strategy based on our recommendations and expected to 
finalize the strategy in October 2017. However, TSA did not submit this 
strategy to the OIG. Instead, in January 2018, TSA reported that it 
intends to submit its pending 2018 National Strategy for Transportation 
Security (NSTS) as its response to our recommendation for a 
crosscutting risk-based security strategy. The 2018 NSTS is due to 
Congress on April 1, 2018 and TSA expects to provide us with a copy by 
the same date.
    We also reported that TSA lacked a formal process to incorporate 
risk into its budget formulation decisions. Despite the disparate 
requirements on the agency, TSA dedicated 80 percent of its nearly $7.4 
billion FY 2015 budget to direct aviation security expenditures, and 
only about 2 percent to direct surface transportation expenditures. Its 
remaining resources were spent on support and intelligence functions. 
We recommended that TSA establish a formal budget planning process that 
uses risk to help inform resource allocations.
    In September 2017, TSA provided documentation of the steps it has 
taken to establish a formal budget process that incorporates risk. This 
includes the development of a formal Planning, Programming, Budgeting, 
and Execution framework, standing up the Planning and Programming 
Analysis Branch, and creating five resource portfolios that, among 
other things, prioritize mission needs across the agency. However, we 
cannot close this recommendation until we receive TSA's risk-based 
security strategy and ensure that the strategy's guidelines for 
aligning resources with risk correspond with its new budget process.
TSA Missing Key Controls within the TWIC Background Check Process
    TSA--responsible for safeguarding our Nation's ports and maritime 
facilities through the Transportation Worker Identification Credential 
(TWIC) program--lacks key internal controls and this compromises the 
TWIC program's reliability. These weaknesses leave our Nation's 
seaports at risk for terrorist exploitation, smuggling, insider 
threats, and internal conspiracies.
    TSA provides background checks, or security threat assessments, for 
individuals who need unescorted access to secure port facilities; and 
issues a biometric identification card, also known as a TWIC. The 
background check process for TWICs is the same as that of aviation 
workers \2\ and drivers who need a Hazmat Materials Endorsement.\3\ It 
includes a check for immigration-, criminal-, and terrorism-related 
offenses that would preclude someone from being granted unescorted 
access to secure facilities at seaports.
---------------------------------------------------------------------------
    \2\ TSA Can Improve Aviation Worker Vetting (OIG-15-98)
    \3\ Commercial drivers required to transport hazardous materials 
must undergo a background check by TSA prior to receiving a hazardous 
material endorsement on their Commercial Driver's License.
---------------------------------------------------------------------------
    In 2011, the Government Accountability Office (GAO) identified key 
internal control weaknesses in TSA's management of the TWIC background 
check process and recommended the Department take significant steps to 
improve the effectiveness of the program as a whole.\4\ Although TSA 
took some steps to address GAO's concerns, our review--five years 
later--found that TSA did not adequately integrate the security 
measures intended to identify fraudulent applications into the 
background check process. For example, TSA required enrollment staff to 
use a digital scanner that could evaluate security features present on 
identification documents and generate a score to help TSA determine if 
the document was authentic. However, TSA did not collect or use these 
scores when completing its background checks--nullifying the 
effectiveness of this security measure. For those documents that could 
not be electronically scanned, TSA required the staff at the enrollment 
centers to manually review identity documents. However, TSA did not 
require that the staff be trained at detecting fraudulent documents. 
When the enrollment staff documented their observations of suspicious 
identity documents in TSA's system, TSA did not have a standardized 
process for collecting, reviewing, or using the notes when completing 
the background checks.
---------------------------------------------------------------------------
    \4\ Transportation Worker Identification Credential: Internal 
Control Weaknesses Need to be Corrected to Help Achieve Security 
Objectives (GAO-11-657).
---------------------------------------------------------------------------
    We determined TSA management's lack of oversight was the primary 
reason the TWIC background check process had many control weaknesses. 
At the time of our review, the TWIC background check process was 
divided among multiple program offices so that no single entity had 
complete oversight and authority over the program. In addition, the 
TWIC program lacked key metrics to measure TSA's success in achieving 
program core objectives. For example, the measures in place focused on 
customer service, such as enrollment time and help desk response time, 
rather than the accuracy of the background check itself.
    As of November 2016, TSA realigned its operations and assigned the 
Assistant Administrator for the Office of Intelligence and Analysis as 
the single point of accountability within TSA for the TWIC program's 
management and operations with the functional oversight over all of the 
security threat assessment process.
    Additionally, since our review, TSA completed a comprehensive risk 
analysis that reviewed existing controls, identified and analyzed 
risks, and promoted control activities. TSA is in the process of 
addressing the concerns identified by the study. TSA also updated its 
program charter and objectives to focus on (1) efforts to positively 
verify the identity of applicants; (2) conduct of the TSA Security 
Threat Assessment; and (3) actions to recurrently vet and revoke TWIC 
validity. TSA intends to update its performance metrics to better align 
with the revised objectives. We will continue to monitor TSA's progress 
in implementing corrective actions to strengthen the TWIC program.
TSA Delays Implementing Passenger Rail Security Regulations
    TSA has failed to develop and implement regulations governing 
passenger rail security required more than nine years ago by the 
Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 
Act).\5\ Unlike the security presence that TSA provides air passengers 
in airports, its responsibility for rail passengers rests in assessing 
intelligence, sharing threat information with industry stakeholders, 
developing industry best practices, and enforcing regulations. This is 
particularly important due to the volume of passengers using this mode 
of transportation and the unique challenges in the rail environment.
---------------------------------------------------------------------------
    \5\ Public Law 110-53.
---------------------------------------------------------------------------
    In Fiscal Year 2015 alone, Amtrak carried 31 million passengers 
across the continental United States and Canada, and operated more than 
300 trains daily. Additionally, Amtrak and other passenger rail 
carriers operate in an open infrastructure with multiple access points 
that make it impractical to subject all rail passengers to the type of 
security screening that passengers undergo at airports. Notwithstanding 
this, there were actions that TSA could have taken, but did not, that 
would have strengthened rail security. Specifically, although required 
to by the 9/11 Act, TSA neither identified high-risk carriers nor 
issued regulations requiring those carriers to conduct vulnerability 
assessments and implement DHS-approved security plans. TSA also did not 
issue regulations that would require a railroad security training 
program and security background checks for frontline employees. 
Regulations to implement a training program are important to ensure 
rail carriers have a mechanism in place to prepare rail employees for 
potential security threats.
    Furthermore, unlike aviation and maritime port workers, TSA did not 
develop regulations requiring security background checks for rail 
workers. TSA vets airport and maritime port workers who need unescorted 
access to secure areas against the terrorist watchlist and immigration 
status and criminal history information, and these processes are 
consistent with the requirements in the 9/11 Act.
    These very issues were identified in 2009 by GAO, which reported 
that TSA had only completed one of the key passenger rail requirements 
from the 9/11 Act. Seven years later, we identified that the same rail 
requirements--a regulation for rail carriers to complete security 
assessments, a regulation for rail security training, and a program for 
conducting background checks on rail employees--remain incomplete.
    Following the 2004 terrorist attack on a passenger train in Madrid, 
Spain, TSA issued a security directive for Amtrak. That directive 
required carriers to improve security procedures by designating a rail 
security coordinator, reporting significant security concerns to TSA, 
and allowing TSA to conduct inspections for any potential security 
threats. TSA does conduct some limited inspections to verify carrier 
compliance with these requirements. However, TSA does not enforce other 
aspects of the security directive, such as the use of bomb-resistant 
trash receptacles, canine teams, rail car inspections, and passenger 
identification checks to enhance security and deter terrorist attacks. 
Instead, TSA relies on Amtrak and other transit entities to implement 
security measures if resources permit, and is even considering 
rescinding these minimal requirements from the directive. Without 
enforcing all security requirements, TSA diminishes the directives 
importance and carriers ability to prevent or deter acts of terrorism.
    Since the issuance of our report in May 2016, TSA has taken steps 
to implement two of the three remaining requirements. TSA issued a 
Notice of Proposed Rulemaking requiring security training for employees 
of higher-risk and anticipates a final rule by the end of the fiscal 
year. In the spring of 2018 TSA plans to issue a Notice of Proposed 
Rulemaking requiring security vetting for certain rail employees. TSA 
asserts that Executive Order 13771 (which establishes a requirement 
where an agency must eliminate two existing regulations for any new 
regulation the agency wishes to issue), is complicating the issuance of 
the agency's new rulemakings. If TSA does not fulfill these 
requirements, it cannot ensure that passenger rail carriers will 
implement security measures that may prevent or deter acts of 
terrorism.
Pending Legislation
    Many of the issues I've discussed today are addressed in the S. 
763, Surface and Maritime Transportation Security Act. I want to thank 
the Committee for introducing legislation to address a number of the 
challenges facing the Department. We believe that if enacted, this 
legislation will direct numerous improvements to our Nation's security. 
However, I must emphasize that the Department and TSA have demonstrated 
a pattern of being dismissive and lax on implementing requirements 
related to non-aviation security. Under these circumstances, change 
will require significant attention by Congress, the Inspector General, 
and the Comptroller General to ensure that TSA and the Department take 
timely actions to implement these improvements.
Future work
    We will continue to audit and evaluate the Department's aviation 
and non-aviation-related programs, report our results, and closely 
track report recommendations. Currently, we are reviewing the 
effectiveness of access controls to secured airport areas; Federal Air 
Marshal Service international flight operations and ground-based 
assignments; TSA's efforts to hire, train, and retrain its employees; 
and TSA's use of the Sensitive Security Information designation. We are 
also planning reviews on the security of rail facilities; TSA's canine 
program; and a review of TWIC that is mandated by P.L. 114-244, 
Essential Transportation Worker Identification Credential Assessment 
Act.
    Madame Chairman, this concludes my testimony. I welcome any 
questions you or any other members of the Subcommittee may have.

    Senator Fischer. Thank you very much.
    We'll begin our first round of questions.
    Mr. Kelly, as you noted in your testimony, TSA lacks an 
intelligence-driven, risk-based security strategy across all 
modes of transportation, and does not incorporate risk into its 
budgetary decision-making. So, what should be included in this 
strategy? And what effect do you expect incorporating risk into 
the TSA's budget formulation decisions will have on the 
agency's allocation of resources between all those different 
modes of transportation?
    Mr. Kelly. To answer your second question first, I think 
there will be an increase in allocations toward surface 
transportation. While air transportation is very risky, I think 
the number of recent attacks on surface transportation areas 
are going to demonstrate that there's a much greater risk 
associated with surface transportation, and that there needs to 
be additional emphasis put in those areas.
    Senator Fischer. Administrator, can you give us, here on 
the Committee, an update on the work that you're doing to 
develop that risk-based security strategy so it does 
incorporate all modes of transportation?
    Admiral Pekoske. Yes, ma'am. We're working on a national 
strategy for transportation security required by law. The two-
year update is due on August 1 to the Congress. That's well in 
process. We're putting the final touches on that. That does 
embed a risk-based look across all modes.
    The Acting IG is correct, when we talk about risk-based, 
it's only within the aviation sector, not across all the 
surface sectors. This national transportation security strategy 
will begin to do that.
    Senator Fischer. In previous hearings, I've tried to 
highlight my concern about the really very small percentage of 
TSA's resources that are dedicated to surface transportation 
responsibilities. What is your priority for surface 
transportation security? And do you have plans so that you can 
make adjustments to that allocation of resources?
    Admiral Pekoske. Yes, ma'am. Our priority, we--you know, we 
have a very, very good partnership and working relationship 
with the owners and operators of surface transportation 
systems. And really our investment helps leverage the 
investments that they make all around the country. We've 
established several frameworks and a good set of guidelines 
across the different modes of surface transportation that our 
partners use really as their standards for performance. And so, 
while we don't have regulations in place in all cases, the 
guidelines we do have in place have allowed us to raise the 
bar, if you will, on surface transportation security.
    I will look, as we look at developing our fiscal 2020 
budget, so the--you know, I came into office in August. The 
fiscal 2019 budget was largely complete at that point. The 
fiscal 2020 budget begins its development over the next couple 
of months. We've already set up some initial standards, if you 
will, or guidance, for developing that fiscal 2020 budget. And, 
with that guidance, I--you know, I hope to use that risk-based 
approach to look at our allocation of resources to surface 
transportation across the modes of surface transportation, 
particularly as it relates to aviation security.
    Senator Fischer. If we look at other modes of 
transportation, though, besides aviation security for example, 
the Amtrak train that was attacked in the State of Nebraska in 
a very rural part of our state; a passenger train was attacked, 
and it has been determined it was a terrorist attack: how do 
you address that now? I know it would be very difficult, very 
costly to try to monitor all of rail across this country, let 
alone all of our highways, roads, city streets where these 
attacks can happen at any time. But, right now focus 
specifically on rail and how, or if, you work with Amtrak, how 
you coordinate on security to make sure that rail 
transportation is secure, please.
    Admiral Pekoske. Yes, ma'am. We work very closely with 
Amtrak, and we have a program called Rail Safe, where Amtrak 
sponsors a--an exercise, where we bring in all the partners. 
Because, of course, Amtrak, as the--as the train moves down the 
rails, it impacts many, many jurisdictions and many other 
partners along the way. And so, these--that program has been 
very successful. Amtrak has done a very good job of training 
their employees. And Amtrak has a random process wherein they 
check baggage of their passengers and also the identity of 
their passengers.
    But, it really goes to trying to work collaboratively with 
Amtrak and passenger rail, in general, because we provide an 
intelligence basis, due to our ability to query the U.S. 
intelligence community, and provide information to them. And 
so, a big part of our role is to ensure that we provide that 
information on a timely basis, and also look at best practices 
across other transportation modes. You know, there may be a 
best practice in mass transit that might be very applicable to 
Amtrak, for example. And so, we work very hard to make sure we 
make those connections.
    Senator Fischer. And do you receive information on a fairly 
regular basis from our intelligence community?
    Admiral Pekoske. We do. And we also have the ability to 
query the community. So, if Amtrak has a concern about a 
particular issue, we can query the community, and the community 
has been very responsive to those queries. For example, that 
issue that you raised with the magazine from ISIS that talked 
about ways to affect train travel in the United States. We, 
basically, went back to the intelligence community, asked them 
for their--that assessment, and provided that back to Amtrak.
    Senator Fischer. OK. Thank you, sir.
    Senator Peters.
    Senator Peters. Thank you, Madam Chair.
    And thank you, to our witnesses again, for being here 
today. Appreciate it.
    I think it's fairly clear that the surface transportation 
system is at risk, and there's significant risk. And I outlined 
them--Chair, I, myself, outlined some of the attacks that the 
American public is very aware of. Mr. Pekoske, you mentioned 
them, as well, in your opening comments, as well. So--and these 
attacks aren't going to go away. If anything, we're seeing an 
escalation of them, as well. And more and more devastating, as 
well. But, despite these continued threats to our 
transportation system, President Trump's budget request would 
have significant cuts to what is already a small percentage of 
your budget. In fact, if I look at the President's budget, 
public transportation, rail and bus, about 100 million is spent 
now. That would be cut in half, roughly, to 48 million. Over 
half. While the risks are clearly going up, a cut of half. 
Ports, the same situation, 100 to 48. Surface programs, 
generally, from 122 to 86.
    Mr. Pekoske, just give me a sense. We are already 
stretched, I believe. It's already a very small part of your 
budget. And then to now have to take budget cuts of roughly 
half to surface transportation, what is that going to mean to 
the safety of the American public?
    Admiral Pekoske. Well, the cuts in the budget that you 
cite, sir, are cuts that are primarily directed at the Viper 
Teams, which are teams that we provide that provide a visible 
deterrent presence aboard surface transportation systems. It 
does not affect our communications, our collaboration, our 
establishment of guidelines, our training, our provision of 
intelligence information, our sponsorship of exercises, and 
things like that. But, the Viper reduction in the Fiscal Year 
2018 budget was a big part of the reduction overall in surface 
transportation.
    I'd also say, sir, that, in the budget, there's never 
enough there, for sure. And, as I look at the threats across 
the entire transportation spectrum, the threats to aviation are 
so significant and so prevalent. And I'm not minimizing in any 
way, shape, or form, the threats to surface, but we need to 
keep our focus there, as well. So, within a--if you look at the 
top line of TSA, that top line is not growing, it's shrinking, 
which requires some very hard decisions, in terms of how you 
fit into that top-line number.
    Senator Peters. Well, I think we all recognize that the 
aviation threat is significant. But, given the fact that--is it 
2 percent for surface? Is--what I understand is, 2 percent of 
your budget goes for surface. And yet, a lot of the attacks 
that we have seen of late are really involved with surface 
transportation. I know you're in the process of doing a risk-
based analysis as to how we prioritize. And that's just good 
management. And, obviously, we need to do be doing that. But, 
still, does it just make sense, in your professional capacity, 
that, really, is 98 percent of the risk in the aviation 
community, or do we need to be focusing more on increasing that 
2 percent to the surface transportation area?
    Admiral Pekoske. Yes, sir. I think, overall, the 2 
percent--2 or 3 percent does need to go up, for sure. But, 
there is a major difference between what we provide in surface 
transportation, as far as security goes, and aviation. Because 
we actually provide the security in the aviation sector. So, a 
great proportion of the TSA workforce, all those salaries, all 
that training, all that support, is in the aviation sector 
because we actually directly provide the security there. So, 
it's kind of hard to compare the two from an absolute-dollars-
to-absolute-dollars perspective.
    Additionally, there's significant investment on the part of 
the owners and operators of these surface transportation 
systems, that, if you were to make that--try to make that 
direct comparison, you really would have to wrap in that 
investment, as well.
    Senator Peters. Mr. Kelly, in--your testimony included 
comments about TSA's lack of attention to surface security. And 
I read that very closely. Specifically, you warned that the TSA 
was dismissive and lacks on implementing requirements related 
to non-aviation security. If you could elaborate on that, and 
perhaps comment on Mr. Pekoske's testimony, as well, I'd 
appreciate it.
    Mr. Kelly. Certainly. Out of the ten recommendations that 
were re-issued on the three reports that I referenced, only 
three of those recommendations have been closed. Those 
recommendations were made anywhere from 19 to 20 months ago. 
And it has been taking an extended period of time for them to 
implement those recommendations.
    The three recommendations that they implemented were 
relatively easy to achieve, because it only required them to 
identify certain things or work within their own organization--
didn't require them to move outside of TSA.
    The--I will tell you, though, in working with the 
Administrator, my predecessor and I have noticed that he's very 
committed to improving the TSA, and he has only been on the job 
for less than 6 months, and attacking some of these issues are 
going to take extended working with his staff to actually 
implement them. So, I'm encouraged with his actions to move in 
the right direction.
    Senator Peters. Right. Thank you, Mr. Kelly.
    Senator Fischer. Thank you, Senator Peters.
    We've been joined by the Ranking Member of the Committee.
    Senator Nelson.
    Senator Nelson. Thank you, Madam Chair.
    What I want to talk to you about is the red team that went 
in to do a covert test. And, needless to say, the results were 
disappointing. So, what has TSA done to address the fact that 
huge numbers of people got through TSA screening with weapons? 
And, further, how about the CT scanners? Talk about the next 
generation that would solve the problem.
    Admiral Pekoske. Yes, sir. Let me start with the CT 
scanners first, because you can solve the problem by--in three 
ways: with technology, with a change in procedures, or a change 
in training. In my opinion, the technology piece is the one 
that will have, on the margin, the greatest impact on security 
effectiveness. And so, that's my clear focus for aviation 
security. We've stood up a project for--to begin to deploy CT 
technology to the checkpoints. We should begin to see some CT 
machines in checkpoints around the country for testing purposes 
this year. And we hope to complete the initial testing by the 
end of the summer, and then begin to deploy larger numbers of 
CT machines in Fiscal Year 2019. President's budget is due to 
be released on the fifth of February, and that will contain an 
investment on CT equipment at the checkpoint.
    And also, sir, with respect to procedures, once we saw the 
intelligence information, examined the threats, and also had 
the benefit of the IG's covert testing results and our own 
covert testing results, we saw a need to change the procedures 
at our checkpoint. And so, many passengers, from August all the 
way through today, have noticed a change in procedures at the 
checkpoint, where we ask passengers to take more things out of 
their carry-on bags and put it in the bins. The reason for that 
is, it declutters the X-ray image for us, and makes the 
examination of the X-ray image much more effective. But, that's 
not the only part of that changed procedure. We also changed 
the procedure that our officers use to examine that X-ray image 
that we found to be much more effective, and the way we search 
the bags that we need to search. And so, overall, that 
procedural change, alone, in our own covert testing that is 
very akin to the IG's red-team testing, is an improvement of 
about 20 percent in security effectiveness at the checkpoint. 
So, that was a big improvement that we made right away.
    Additionally, we increased the training for our TSA 
workforce, where we conducted more training that's instructor-
led training, and led by instructors who are, typically, 
explosives experts. And so, we can show, for example, what 
we're seeing in the intelligence streams, and actually 
demonstrate to our officers what it is we're concerned about 
and what they should look at, not just for that particular 
piece of equipment, but what its variance might be, so they're 
alert for that as it might be going through the stream of 
commerce that goes through the checkpoints.
    So, overall, we've made substantial improvements in our 
checkpoint operations. But, sir, to your point, the biggest 
improvement will be that technology infusion, which I think is 
right on the doorstep for us.
    Senator Nelson. That red team test was done before you were 
the TSA Administrator?
    Admiral Pekoske. Yes, sir.
    Senator Nelson. Upon taking office, what did you say to 
your leadership team that you had to do to improve? Because the 
results of the surprise tests were appalling.
    Admiral Pekoske. Yes, sir. The first thing we said is, we 
need to make immediate changes to be able to address these test 
results. And second--and it was my opinion, as a passenger 
before I became the TSA Administrator--that we need to make a 
significant technology change at that checkpoint. And so, that 
was a--the two-pronged approach that--the training piece was 
already underway, we just enhanced that over the course of the 
fall. But, I think those three items will result in a 
significant improvement in our performance at the checkpoint.
    Senator Nelson. Thank you.
    Senator Fischer. Thank you, Senator Nelson.
    Senator Inhofe.

                 STATEMENT OF HON. JIM INHOFE, 
                   U.S. SENATOR FROM OKLAHOMA

    Senator Inhofe. Thank you, Madam Chair.
    Admiral, numerous times last year, I and other members had 
gotten involved in this issue--the canines and what they're 
going to be doing, and the concern that we need to be using K9 
teams. I think there is, kind of, unanimity on this Committee, 
when we had a hearing on this for air passenger and air cargo 
screening, and the current high demand for additional teams at 
the airport across the country.
    Now, I don't know whether you were here or familiar with 
the hearing that we had when we had a witness, Steve Alterman. 
He's of the Cargo Airline Associations. And he said, quote, ``I 
think one of the reasons that we do not yet have a K9 program 
is the lack of coordination between the various parts of TSA, 
and nobody seems to be totally in charge that can bang heads 
together and actually get it done.'' So, we're here to bang 
heads, this morning. What is your thought? Are you familiar 
with that statement that was made?
    Admiral Pekoske. Yes, sir, I'm familiar. And I'm very, very 
familiar with the K9 program. I'm a huge fan of the K9 program. 
I think we need to expand it significantly from its current 
state. And literally, I look at the K9 program on a week-to-
week basis. I'm totally focused on that.
    Senator Inhofe. What seems to be the obstacle?
    Admiral Pekoske. The obstacle is getting canines through 
our training program, down in San Antonio, which we have 
changed. We've changed the throughput of that training center 
from 300 canines per year to 350. And also, we're looking at 
sourcing our canines more domestically than internationally 
than we have in the past.
    Senator Inhofe. Yes. Well, there's a lot of interest in 
that.
    Admiral Pekoske. Yes, sir.
    Senator Inhofe. Because we've talked about that before.
    Mr. Kelly, I mentioned to you that I was going to bring 
this up, not expecting you'd necessarily have specific answers 
today, or thoughts today, that you may want to do it for the 
record. But, it's something that's of great concern to me. Now, 
China's state-owned rail business, the CRRC, is larger than all 
United States rails combined, and it benefits from the infinite 
subsidies. China's very good at that, once they get any 
competition. So, that's what we're faced with right now. In 
2016, they sought to acquire Virtex. That's a United States 
railway. I sent a letter. I think some others did, too, but, I 
remember, I sent a letter to Jack Liu--at that time, he was the 
Treasury Secretary--highlighting my concerns and asking the 
Committee on Foreign Investment in the United States--that's 
CFIUS--to review this transaction. Now, that happened in June 
of what year was that? Yes, 2016. And 6 months later, without 
any notice to us--now, keep in mind, the Department of 
Transportation, I don't believe, is one of the organizations 
that's on CFIUS. But, they didn't know anything that was going 
on that I was even aware of. Then, all of a sudden, they 
approved the sale--they approved the sale without any 
notification, and so forth.
    Now, this has happened before. And I'm concerned about the 
way this process works. I would think that, certainly, the 
Members of the House and the Senate would like to have a voice 
in this and at least get a response before approving a sale. 
Are you into this issue? Is this something you're familiar 
with?
    Mr. Kelly. Senator, I'm a little bit familiar with this 
issue, because your staff rose it--brought that to our 
attention of our staff. I did notice that there were a number 
of Senators that co-signed that letter; I think many of them 
here on this Committee. And I think the concerns that you've 
raised are significant concerns. However, I'm not sure that's--
the role that the Department of Homeland Security has in this 
area. I will bring this up to our staff and try to get back to 
you on this.
    Senator Inhofe. Yes.
    Mr. Kelly. But, I question if this is the role of Homeland 
Security or if it's a bigger of a role for the Department of 
Treasury.
    Senator Inhofe. Yes. And, you know, all due respect, I 
don't care whose role it is, but----
    Mr. Kelly. Yes.
    Senator Inhofe.--it's going to be something that's going to 
have to be addressed.
    Now, you've refreshed my memory, and I do recall now, we 
had several people that were on this Committee that signed this 
letter with me. It was a letter from me. And it said that we 
have problems with this transaction. And, to my knowledge, it 
was done without any notification at all for any of the Members 
here. So, anything that you can do--there are several of us who 
are going to pursue a correction to this, or maybe a change in 
the way CFIUS works. But, I think it's important, particularly 
right now it's more significant, with what's happened in China 
in the recent years, than it was at that time. So, I just want 
to call that to the Committee's attention, and to yours, and 
anyone else out there who has an idea.
    Thank you, Madam Chairman.
    Senator Fischer. Thank you, Senator Inhofe.
    Senator Cortez Masto.

           STATEMENT OF HON. CATHERINE CORTEZ MASTO, 
                    U.S. SENATOR FROM NEVADA

    Senator Cortez Masto. Thank you, Madam Chairwoman.
    Mr. Kelly, you noted, in your testimony, the lack of key 
metrics to measure the success of the Transportation Worker 
Identification Credential Program's core objectives. And I'm a 
firm believer in data and metrics. And I'm wondering, in your 
opinion, are there other TSA programs or spending that also 
struggle with these lack of proper performance metrics? And 
would you elaborate on that, a little bit, if you would.
    Mr. Kelly. I think some of the questions concerning the 
covert testing is an area on the metrics on how well some of 
the screeners do in achieving the goals. That would be another 
area that I think there could be better metrics. If that 
answers your question.
    Senator Cortez Masto. Administrator, you agree?
    Admiral Pekoske. I agree. We can do a lot better job with 
our metrics and really having outcome-focused metrics in place. 
With respect to the TSA workforce, we're making a significant 
number of changes in that regard, particularly the way we 
evaluate TSO performance. It had been a series of tests that 
were done over the course of the year, that, if a 
transportation security officer did not succeed in those tests, 
he or she was given a limited number of chances to pass it 
before they potentially lost their job. What we're doing now 
is, we're, over the course of the year, measuring their 
performance, so, at the end of the year, we can say, ``Hey, 
this person has performed in an outstanding manner over the 
course of the year; so, therefore, they're recertified for 
their position.'' So, we've got a continuous stream of metrics 
and a lot less anxiety on the part of the workforce.
    Senator Cortez Masto. Thank you. And then, the last time we 
spoke, we also--and I appreciate you having a conversation with 
me--the concern about the budget for surface transportation and 
security. And I know you wanted time to get in there and take a 
look and figure out your priorities. And I heard a little bit 
today, but do you mind--I know you talked about Fiscal Year 
2019 budget that you were involved with--can you talk a little 
bit more about your priorities, particularly as it pertains to 
what we're talking about for surface transportation?
    Admiral Pekoske. Yes, ma'am. Appreciate the question.
    And, you know, as I look at risk, I look at risk as being a 
combination of the threat, the vulnerability, and the 
consequence, should an attack occur in any particular mode of 
transportation. And I think we need to look at our risk 
quotient overall within the transportation system, and then 
allocate the resources where we see the greatest risk, 
currently, but also where risk might be developing in the 
future. And that's where the intelligence piece comes in mind, 
because I--I really don't want to see us in a position where we 
look at things in a static environment and say, ``OK, the risk 
is here today,'' and we put resources--we allocate resources 
based on that, when the trending might be----
    Senator Cortez Masto. And so, can I just----
    Admiral Pekoske. Right.
    Senator Cortez Masto. I'm sorry----
    Admiral Pekoske. Sure.
    Senator Cortez Masto.--I only have 5 minutes.
    Admiral Pekoske. Yes.
    Senator Cortez Masto. So, does that mean you're looking at 
that now to determine staffing needs----
    Admiral Pekoske. Yes, ma'am.
    Senator Cortez Masto.--resource needs for technology, 
resource needs that you will need, particularly in this budget 
area, for surface transportation?
    Admiral Pekoske. Yes, ma'am.
    Senator Cortez Masto: Is that correct?
    Admiral Pekoske. Yes, ma'am.
    Senator Cortez Masto. Can you talk a little bit about new 
technologies? For--and let me just put this in perspective. We 
have seen, from smart buildings to smart technology in our 
transportation sector--and, particularly in Nevada, this is 
really exciting area for us and across the country. I'm 
wondering if you can talk a little bit about these new 
technologies that show promise for safety and security, that 
you underscored in your testimony, when it comes to smart 
transportation technology?
    Admiral Pekoske. Yes, ma'am. The one that I highlighted in 
my testimony and in my oral statement was the standoff 
detection equipment that allows us to see if a person might 
be--might have a--an IED on their body. And what this does is, 
it doesn't transmit any energy toward the individual 
whatsoever, it just reads the energy that somebody's body is 
transmitting. And I took a demonstration of it a couple of 
weeks ago. It's very, very good. And this is one of the things 
that TSA does well, I think, is, we look at technology that's 
out there, in combination with the Department of Homeland 
Security science and technology directorate, and we do testing 
for the industry, and we complete testing and then give them a 
list of manufacturers whose results conform to what our 
standards are. And then they can go buy it off of our list of 
certified equipment, if you will. So, that's a very promising 
area of work for us.
    Senator Cortez Masto. And is this something you're also 
looking at to incorporate into your budget, this new technology 
that you think might be helpful with security?
    Admiral Pekoske. What we incorporate into our budget, 
Senator, there is really the testing of the technology, not the 
purchase----
    Senator Cortez Masto. OK.
    Admiral Pekoske.--of the technology.
    Senator Cortez Masto. OK.
    Admiral Pekoske. Right.
    Senator Cortez Masto. Appreciate that.
    Admiral Pekoske. Right.
    Senator Cortez Masto. Thank you.
    Admiral Pekoske. But, I look--be looking for technology 
overall, anything that might apply in aviation certainly into 
surface would be a bonus, as well.
    Senator Cortez Masto. I appreciate that.
    Thank you both.
    Senator Fischer. Thank you, Senator Cortez Masto.
    Senator Hassan.

               STATEMENT OF HON. MAGGIE HASSAN, 
                U.S. SENATOR FROM NEW HAMPSHIRE

    Senator Hassan. Well, thank you, Senator Fischer and 
Senator Peters.
    And welcome, to our witnesses, this afternoon.
    Administrator Pekoske, I wanted to start with you. One 
challenge we faced in New Hampshire is the need to ensure that 
our first responders in the Granite State have enough 
information about what dangerous chemicals or other products 
are traveling through by freight rail. Back in 2013, there was 
an awful derailment and explosion in Lac-Megantic, Quebec, 
which is just over the border from New Hampshire, in Canada, 
killing over 40 people and--after a huge fire, petroleum and 
petroleum byproducts polluting an entire town. So, first 
responders need this information in order to adequately respond 
if a derailment or terrorist attack were to happen. And we have 
seen some improvement in sharing information over recent years, 
but I'd like to hear your thoughts on how Federal, State, and 
local entities can continue to collaborate with industry to 
share information and best practices so that local first 
responders aren't caught off-guard when a security incident 
occurs.
    Admiral Pekoske. Yes, ma'am. I think it's very important 
that everybody, like you said, collaborates on this, because 
the first responders, maybe at the State level, the local 
level----
    Senator Hassan. Yes.
    Admiral Pekoske.--they may be at the Federal level--if 
they're at the Federal level, they may be from multiple Federal 
agencies.
    Senator Hassan. Right.
    Admiral Pekoske. And we do a process called the ISTEP, 
Intermodal Security Exercise Training Program. And part of it 
is training. But, where training really becomes embedded is in 
exercises, as well. And so, as we run exercises, we can see 
where there might be some shortcomings across the spectrum of 
first responders, and be able to bridge that.
    Senator Hassan. Well, I would appreciate--you know, I'd 
look forward to talking with you more about it, because it 
became--I think, for all states, it's a real issue. Sometimes, 
the owners of the railroads or their customers don't want to 
share specific information because it's proprietary. And we 
need to figure out a way to make sure they do that and we all 
understand the limits of the information-sharing.
    To both of you, TSA has also coordinated with the 
Department of Transportation to assess critical infrastructure, 
such as tunnels and bridges. As of September 2015, TSA reported 
it had provided remediation recommendations to 81 of 100 high-
risk bridges. Our crumbling infrastructure poses a really 
significant and serious security threat. That's one of the 
reasons my senior Senator, Senator Shaheen, and I introduced 
the Safe Bridges Act, which would provide much needed funding 
for repairing and replacing bridges categorized as structurally 
deficient. So, how important is infrastructure investment to 
our Nation's security? And we'll start with you, Administrator, 
and then Mr. Kelly. Either one of you----
    Admiral Pekoske. Sure. I think infrastructure investment's 
critical to security, because--I mean, I think we should look 
at infrastructure investment as a way to build in security into 
that infrastructure as we're renewing it. It's a significant 
effort on our part, with respect to airports, and certainly 
with surface transportation systems. And, you know, the earlier 
we can have a dialogue with owners and operators of systems 
that are considering an infrastructure investment, the more we 
can put our design desires into the build of that 
infrastructure. And that gets to good pricing and good project 
management.
    Senator Hassan. Thank you.
    Mr. Kelly.
    Mr. Kelly. I agree with the Administrator. If you have a 
crumbling infrastructure, it's much easier to break those----
    Senator Hassan. Yes.
    Mr. Kelly.--than it is to have the infrastructure that's 
designed to actually withstand some things. Just look at the 
way the building codes in San Francisco has enhanced the 
buildings to deal with earthquakes.
    Senator Hassan. Sure. Well, thank you for that.
    I want to go back, for a minute, on the issue of our rail 
system and our security. To Administrator Pekoske, I--as I 
understand it, TSA is working to employ--and you guys have been 
talking about it--a risk-based approach to securing the 
passenger rail system. Part of that risk-based approach is to 
assess whether the intelligence points to the likelihood or 
probability that terrorist actors would select passenger rail 
systems as a target. The other part of risk-based approach is 
understanding passenger rail's vulnerability to an attack and 
working to mitigate the effects of a successful attack. While 
intelligence may not indicate the likelihood of an attack, 
intelligence isn't foolproof, right? We all know that. So, what 
measures are currently in place that would seek to prevent a 
terrorist attack on passenger rail as a contingency plan in the 
event that our intelligence underestimates the likelihood of 
attack?
    Admiral Pekoske. Senator, I think, you know, a good part of 
that is look--is doing vulnerability assessments and figuring 
out where you might make some enhancements to your security. 
And we have a program that's called BASE. It stands for 
Baseline Assessment for Security Enhancement. So, essentially, 
we look at a system and say, ``Hey, here's where it is from a 
security perspective. Here's where we can enhance it. And, on 
the margin, what's our greatest return per enhancement so that 
the investment goes the furthest?''
    Senator Hassan. Well, thank you. And seeing my time is up, 
Mr. Kelly, I will follow up with you more about some of the 
progress or delays on the crosscutting, risk-based approach 
that the Department is supposed to be undertaking.
    Mr. Kelly. OK.
    Senator Hassan. Thank you.
    Senator Fischer. Thank you, Senator Hassan.
    Senator Klobuchar.

               STATEMENT OF HON. AMY KLOBUCHAR, 
                  U.S. SENATOR FROM MINNESOTA

    Senator Klobuchar. Thank you very much, Madam Chairman. And 
thank you, to you, as well, Senator Peters, this important 
hearing.
    And, in Minnesota, we host a lot of big events, including 
the Super Bowl, which is coming up. Just wanted to do a little 
advertisement there, even though, sadly, our team won't be in 
it. But, we will be hosting a million people in less than 2 
weeks. So, league officials have said that it's going to be 
one--the most transportation-centric event in NFL history. 
You're nodding your head, Mr. Pekoske. What steps are you 
taking to efficiently screen people at the airport and people 
at the game? And I know you can't go into all the details, but 
I would assume that this is--a general answer would apply to 
all events that you do.
    Admiral Pekoske. Yes, Senator. It's--we're doing an awful 
lot with respect to Super Bowl, as you might imagine. First 
off, on the airport side, we work very closely with the 
airports and the airlines to figure out when the bulk of 
passengers will be arriving--actually which flights at which 
times--so that we can put the right resources in place to be 
able to handle them as they come into the airport and certainly 
as they depart the airport once the game is over. This is, as 
you said, a very transportation-centric Super Bowl. Some of our 
Viper Teams will be present in Minneapolis for that, assisting 
State and local, and coordinating very carefully with them.
    And, of course, with respect to screening, we have 
expertise in screening, and provide that expertise to the 
stadium owners and operators.
    Senator Klobuchar. Very good. And I've always been a big 
fan of the Viper units, and including the K9 units. As you 
know, we had some issues at the airport, a while back, due to a 
number of factors. And it was the K9 units that came in. I 
maybe have told you that two dogs were flown in from Maui, so 
they came to Minnesota from Maui; kind of wrecked their life, 
but that's OK. They seem happy now. And so, around 50 percent 
of the guests at the Super Bowl are going to arrive on the 
metro transit's lite rail. Could you talk about how the Viper 
Teams will help secure the metro transit train stations that'll 
be used to get guests to and from the game?
    Admiral Pekoske. Well, Viper Teams, Senator, are married up 
with K9s, so that provides a very good force multiplier for the 
Viper Teams. Additionally, the Viper Teams provide that visible 
presence so that people see that, they get--you know, comforted 
by the fact that there is a security presence there. But, key 
to the Viper Team's success is the good coordination they have 
with State and local officials. And part of this process is to 
talk a lot, and coordinate a lot before the event occurs.
    Senator Klobuchar. During your confirmation hearing last 
year, I asked you about the greatest challenges TSA faces. In 
response, you stated that ``workforce training and developing 
and deploying new technology were at the top of your list.'' 
Where does TSA stand with its workforce training now? What 
things have you done?
    Admiral Pekoske. We place an awful lot of emphasis on the 
workforce, period, and workforce training, in particular. And 
we've got in place now, as we're--we're beginning to roll out a 
new career progression for our transportation security officer 
workforce, which essentially lays out for that work force, 
which is the bulk of the Transportation Security 
Administration, what a progression would be from an entry-level 
transportation security officer to a transportation security 
manager, the most senior person at the checkpoint. And along 
the way, we provide required in-person and onsite training, in 
addition to pay increases, once the training is achieved and 
certifications are acquired. So, the whole idea was to really 
map out for our workforce what a career in TSA, and what a 
career progression would look like, and what kind of training 
that we were committing, as an organization, to provide to 
them.
    Senator Klobuchar. Very good.
    The freight rail system, one question on this, with over 
4,400 route miles, 20 railroad companies are critical to 
efficient movement of goods. We have a lot coming through, as 
you can imagine, being next to North Dakota, where the oil is. 
We've got biofuels coming through. We've got things coming 
through Canada. And I think people would be surprised at how 
much rail we have in Minnesota. According to your testimony, 
TSA will be hosting this Surface Public Area Security Summit 
next month to discuss best practices, to--collaboration with 
the industry. Could you talk about the security of freight 
rail?
    Admiral Pekoske. We've invited freight rail to attend, and 
I expect that we'll have a good representation from freight 
rail. And we'll have a good representation from across the 
board, including a good number of people from the aviation 
sector. So, it's a really great opportunity to spend a day, 
talk about overall public-area security, and move it forward, 
getting best practices from the different modes of 
transportation.
    Senator Klobuchar. All right. Thank you very much.
    Senator Fischer. Thank you, Senator Klobuchar.
    Senator Cantwell.

               STATEMENT OF HON. MARIA CANTWELL, 
                  U.S. SENATOR FROM WASHINGTON

    Senator Cantwell. Thank you, Madam Chair. And thank the 
witnesses. And thank you to Ranking Member Peters for holding 
this hearing.
    All of these issues are so important. And I think you've 
heard from many members: dogs, dogs, dogs. Because we know the 
effectiveness of the K9 units. And we're using them even at our 
ports as it relates to our ferry transportation system. And I'm 
sure people are using them on security for other aspects of 
rail and other things.
    But, I have a letter from the Sea-Tac folks, because you 
know that Sea-Tac is one of our fastest-growing airports in the 
United States. And I quote from it. And they say they deeply 
value the good relationship with TSA and believe that their 
solutions continue to require some engagement from top TSA 
leadership. I would assume they mean you. So, their issue, 
which we have seen, is, when we have the K9 units that we need, 
the airport functions well. When we don't have the K9 units, it 
struggles to really reach capacity.
    Admiral Pekoske. Right.
    Senator Cantwell. So, we've had some TSA staffing 
reductions because of those checkpoint issues, given, you know, 
the new technology that's being implemented. But, we're down 
from ten--nine K9 units, ten that were allocated, to five. And 
this growth that we are seeing is just phenomenal. So, I 
wondered if I could get your comments on how you could help us 
with that?
    Admiral Pekoske. Yes, ma'am. You should have all of your K9 
teams back in full force by the end of March. So, that's good 
news. And that's part of our effort to try to increase the 
throughput through our training center, and really very 
carefully monitoring the allocation of K9 resources across the 
board. As you and I have discussed, you know, as you know, we 
have 372 passenger screening K9 teams authorized in the TSA 
budget. I think that number needs to go up, and up 
substantially. And so, I--you know, I would like to see that go 
up over the course of successive years so we get much more 
capacity, because canines are so critical to security 
effectiveness, for sure, and also to helping us manage 
throughput issues at the airport.
    Senator Cantwell. And does that include the training 
partnership program language, as well?
    Admiral Pekoske. The----
    Senator Cantwell. Ability to do training verification by 
third parties.
    Admiral Pekoske. Yes, ma'am. In fact, we have a----
    Senator Cantwell. I mean, to reach that number, do we need 
to do both of those things?
    Admiral Pekoske. I think to reach the number--I think we 
can reach the number with the current training center that we 
have, the initial step up, in a couple of years. But, the 
third-party process is moving along pretty vigorously. And we 
have an industry day scheduled for a week from today, actually. 
And I'm very optimistic about that third-party K9 program. It's 
got my attention, as do K9s overall. And I would expect that 
we'll be able to launch that program in the next couple of 
months, once we get----
    Senator Cantwell. And what about the----
    Admiral Pekoske.--once we get industry----
    Senator Cantwell. And what about the staffing levels of 
TSA? Could you look at that for me, please, and give me 
comments at Sea-Tac?
    Admiral Pekoske. Yes, ma'am.
    Senator Cantwell. Thank you.
    Well, Mr. Chairman--I mean, Madam Chairman, I definitely 
think that we need to take today's hearing as an opportunity to 
work with TSA on increasing those K9 units. They do such 
fabulous work. And it is just an amazing level of deterrence 
that we need to have everywhere. And so, look forward to 
working with the Chairman and everybody on how we get that over 
the goal line.
    Thank you.
    Senator Fischer. Thank you, Senator.
    We've been joined by the Chair of the Committee, Senator 
Thune.

                 STATEMENT OF HON. JOHN THUNE, 
                 U.S. SENATOR FROM SOUTH DAKOTA

    The Chairman. Thank you, Chairman Fischer, for holding 
today's hearing.
    And thanks, to Admiral Pekoske and to Mr. Kelly, for being 
here.
    Admiral, I would also like to recognize the hard work of 
your TSA officers. Like most people here, I travel between 
South Dakota and Washington, D.C., weekly, and I always 
appreciate the professionalism and the diligence of your TSA 
teams. So, please thank them for all that they do in keeping us 
safe.
    And I also want to just say a quick word about both the 
Surface and Maritime Transportation Security Act and the TSA 
Modernization Act that this Committee has approved on a 
bipartisan basis. Both bills seek to strengthen our 
transportation security, guarding against terrorist threats to 
our infrastructure and the traveling public by modernizing the 
way TSA is organized and ensuring that resources are allocated 
through a risk-based strategy. I remain committed to these 
important pieces of legislation. I'm hopeful that the full 
Senate will consider them, sooner rather than later.
    Admiral, let me just ask you. You've been in the position 
now for 5 months. Can you describe what you see as your biggest 
challenge in the surface security area?
    Admiral Pekoske. Sir, thank you. And thank you for the 
comments about the TSA workforce. It's greatly appreciated. And 
I know a number of the transportation security officers and 
other staff in TSA watch this hearing, and they really 
genuinely appreciate your comments and the comments of the rest 
of the Committee members on their performance.
    In terms of challenges overall, I think the--one of the 
biggest challenges we face is getting more technology into the 
organization. And it goes across the board, whether it's 
aviation or surface. And the other challenge is--and you'll see 
in the strategy, that I have in draft form right now--that I 
would like to bring to all the members of the Committee in 
draft form to get your feedback on--but, one of the key tenets 
of that strategy is to lead transportation security, emphasis 
on ``lead.'' And the second is to accelerate action on the part 
of TSA. And that's been a theme I've seen since I've been in 
the position for 5 months. And certainly I've heard from our 
industry stakeholders, from Members of Congress, both on the 
authorization and the appropriations side, is, we just need to 
get, as a business that we're about, in a much quicker way, get 
the decisions faster and get the solutions faster so that we 
can get more K9 teams deployed quicker, that we can get more CT 
technology at the checkpoint quicker, that we can test more 
technology for surface transportation quicker than what we do 
today.
    The Chairman. Yes.
    Mr. Kelly, thank you for your testimony updating us on 
TSA's actions to address your recommendations. I understand 
that some progress has been made, but there are still some 
actions that need to be completed.
    Mr. Kelly. That is correct, Senator.
    The Chairman. I also am pleased to hear that you think that 
our bill, the Surface and Maritime Transportation Security Act, 
addresses many of the remaining issues. Going forward, what do 
you believe TSA's top priority should be for improving surface 
security?
    Mr. Kelly. For surface security, I believe that they need 
to focus on a risk-based strategy for all of--all surfaces. 
That will likely reallocate additional money toward surface-
based transportation, and that will provide greater resources 
and oversights in those areas, which should improve security on 
surface transportation.
    The Chairman. Admiral, we've heard, in the past, complaints 
from stakeholders of redundant checks, and from multiple 
Federal agencies. What is TSA doing to coordinate with other 
Federal, State, and local agencies to ensure the proper level 
of security is in place, but, at the same time, prevent overly 
burdensome and repeated inspections by multiple government 
agencies?
    Admiral Pekoske. Mr. Chairman, you know, one of our key 
areas of focuses is the passenger experience and our 
relationships with industry. And, you know, I'd be interested 
in any examples that any partner has where they might see some 
duplication between what TSA does and what another agency does. 
Additionally, it's incumbent upon me to coordinate, without 
even any of that information, with my other partners, certainly 
in the Federal Government, to make sure that we eliminate or 
reduce as much as possible any redundancies between our 
efforts. Because it's just not efficient, and it's really not 
good for our stakeholders to see things coming from multiple 
different directions. We ought to be able to coordinate that 
better.
    The Chairman. OK.
    Madam Chair, thank you.
    Senator Fischer. Thank you, Senator Thune.
    I would like to thank the panelists for being here today. 
Administrator, Mr. Kelly, we appreciate the information that 
you've provided to us.
    The hearing record will remain open for 2 weeks. And, 
during this time, Senators are asked to submit any questions 
for the record. Upon receipt, the witnesses are requested to 
submit their written answers to the Committee as soon as 
possible.
    Again, thank you, gentlemen.
    The hearing is adjourned.
    [Whereupon, at 3:40 p.m., the hearing was adjourned.]

                            A P P E N D I X

     Response to Written Questions Submitted by Hon. John Thune to 
                         Hon. David P. Pekoske
    Question 1. Amid public calls by Al Qaeda and other terrorist 
groups to target our rail systems, what more can be done to better 
secure our passenger and freight rail infrastructure?
    Answer. The Transportation Security Administration (TSA) addresses 
the risks to freight and passenger railroads through information 
sharing, including classified information (ensuring that railroad 
security officials are aware of threats), planning (preparing plans for 
countermeasures that can be employed when the level of threat is 
elevated), training (providing training for employees to enhance their 
awareness and understanding), and exercises (providing venues and 
opportunities to test plans and operational practices in order to be 
better prepared). TSA evaluates technology on behalf of industry to 
provide products to help identify and or mitigate threat on passenger 
and freight rail systems.
    For over 12 years TSA has partnered with passenger and freight rail 
industry stakeholders to establish ongoing testbeds that provide 
critical data and information that stakeholders can use to improve 
their infrastructure protection. These testbeds assess both marketplace 
and emerging technology, integrated into sophisticated, layered 
systems; thereby expanding and encouraging the technology marketplace 
while providing industry with proven solutions and concepts of 
operation that they can adapt to their particular needs. Examples of 
these testbeds include a comprehensive intrusion detection and 
protection testbed in the Northern New Jersey/Newark area and advanced 
technology at the Tennessee River and Plattsmouth railroad bridges.
    In response to Al Qaeda in the Arabian Peninsula's (AQAP) Inspire 
17 magazine published in August 2017, which gave detailed instructions 
on how to build and deploy a train derail device and encouraged would-
be jihadists to use it:

   TSA convened a meeting of subject matter experts from the 
        Federal Bureau of Investigation (FBI) and the Federal Railroad 
        Administration (FRA) to ascertain the possible consequences 
        associated with the use of this device. TSA and the FBI 
        determined it would be beneficial to construct and test the 
        Inspire derail device.

   TSA's Office of Requirements and Capabilities Analysis 
        conducted tests of the improvised derail device at the 
        Transportation Technology Test Center in Pueblo, CO in December 
        2017, with representatives from the FBI, FRA, and the National 
        Transportation Safety Board in attendance to observe the tests. 
        The full results of the tests are Sensitive Security 
        Information and can be provided upon request.

    Question 2. Given recent incidents of terrorists targeting public 
spaces, what is TSA doing and what more can be done to protect those 
transportation open spaces?
    Answer. The Transportation Security Administration (TSA) partners 
closely with stakeholders in all modes of transportation to discuss and 
develop best practices to enhance security in public areas. In 
September 2016, TSA began hosting Public Area Security Summits with 
industry, government, academic, and international stakeholders to 
devise a strategy for information sharing, and protecting 
infrastructure from emerging threats to public spaces of transportation 
venues. Participation of both government and industry executives 
provides a unique opportunity to leverage expertise and resources, and 
collaborate on security plans moving forward. This program also enables 
strategic alignment and unity of effort across numerous entities within 
the public spaces. The work of the group resulted in the publication of 
a Public Area Security National Framework in May 2017, with 11 
corresponding recommendations. Additionally, the group continues to 
meet--most recently in early February 2018--to discuss the 
implementation of the recommendations and share best practices and 
lessons learned. The Public Area Security Summits will continue bi-
annually, with the next meeting scheduled for fall 2018.
    Various airports have adopted many of the recommendations and the 
continued meetings provide a forum to share best practices. For 
example, in 2017 MASSPORT hosted an Aviation Security Meta-Leadership 
Symposium for their employees as well as local stakeholders for threat 
awareness education as a direct result of the public area security 
summits and framework.
    The Framework recommendations included: Cultivate Relationships; 
Develop Communication Strategies to Enhance Information Exchanges; 
Enhance Situational Awareness; Expand Threat Awareness Education; 
Develop Joint Risk Frameworks & Enhance Joint Vulnerability 
Assessments; Establish Airport Operations Centers; Conduct Background 
Checks & Threat Assessments of Public Area Workers; Conduct Workforce 
Employee Training; Develop, Conduct, and Practice Exercises & Response 
Drills; Invest in Innovative Construction Designs; and Coordinate 
Response Planning.

    Question 3. As a former Vice Commandant of the Coast Guard, I know 
you are familiar with the Coast Guard's roles and missions, can you 
discuss what steps you are taking to ensure there are no seams that 
terrorists can exploit between where the Coast Guard's maritime and 
TSA's transportation responsibilities meet?
    Answer. The Transportation Security Administration (TSA) supports 
the U.S. Coast Guard (USCG) in the maritime mode, as the USCG is the 
lead Federal agency for maritime security. TSA leverages its expertise 
in passenger screening, explosives detection, transportation worker 
credentialing, and multi-modal security to support the USCG in 
coordinating and conducting interagency security efforts for the 
maritime mode. As the USCG is the lead Federal agency for maritime 
security, TSA supports the USCG in its maritime security efforts and in 
coordinating interagency efforts for the maritime mode. TSA works 
closely with the USCG, as well as other government agency maritime 
partners, to provide subject matter expertise to Federal working 
groups, disseminate security information to the public, and review 
interagency documents. TSA supports the USCG by providing TSA-developed 
maritime security training materials and coordinating maritime security 
exercises with maritime stakeholders to strengthen security plans, 
policies and procedures. TSA also works closely with USCG HQ offices in 
support of their cybersecurity efforts, providing information on 
cybersecurity measures and resources to the maritime industry.

    Question 4. Administrator Pekoske, I am aware of several overdue 
letters of response and reports that TSA owes to this Committee; 
including five overdue reports required by the FAA Extension, Safety, 
and Security Act of 2016, two from the Homeland Security Act of 2002, 
as amended by section 3 of the Transportation Security Acquisition 
Reform Act, and the 2017 Annual Report on Transportation Security.
    a. Has TSA sent these reports to DHS for clearance?

    b. When can we expect to see these reports?
    Answer. The Transportation Security Administration (TSA) currently 
does not have any outstanding overdue reports to the Senate Committee 
on Commerce, Science and Transportation. In 2017, TSA submitted to the 
Committee the reports required by the FAA Extension, Safety, and 
Security Act of 2016, the Homeland Security Act of 2002, as amended by 
section 3 of the Transportation Security Acquisition Reform Act, and 
the 2017 Annual Report on Transportation Security. Included in those 
submissions were the following eight reports:

  1.  Implementation of the Rap Back Service for Recurrent Vetting of 
        TSA-Regulated Populations on April 5, 2017

  2.  TSA Report on the Insider Threat to Aviation on May 4, 2017

  3.  TSA Office of Global Strategies Comprehensive Workforce 
        Assessment on May 25, 2017

  4.  TSA Security Coordination Enhancement Plan on June 28, 2017

  5.  TSA Pre3 Application Program Fee Revenue and Investments on 
        September 29, 2017

  6.  Small Business Contracting Goals Report on April 7, 2017

  7.  Strategic Five-Year Technology Investment Plan Biennial Refresh 
        on December 19, 2017

  8.  2017 Annual Report on Transportation Security on December 20, 
        2017

    TSA remains committed to ensuring the timely submission of all 
required letters and reports.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Deb Fischer to 
                         Hon. David P. Pekoske
    Question 1. Administrator Pekoske, can you give the Committee an 
update on TSA's efforts to review and reform the TWIC program as a 
result of the agency's comprehensive risk analysis?
    Answer. The Transportation Worker Identification Credential (TWIC) 
program is a jointly managed program between the Transportation 
Security Administration (TSA) for the security threat assessment and 
card issuance and the United States Coast Guard for the use and access 
at regulated maritime ports and facilities. In 2017, the TSA 
commissioned the Homeland Security Operational Analysis Center (HSOAC), 
a federally funded research and development center operated by the RAND 
Corporation, to conduct an independent review of its Security Threat 
Assessment (STA) controls and risks. The review found that while TWIC 
controls are in line with Federal best practices and standards, 
possible improvements were identified for each phase of the TSA STA 
process. Where controls were less developed, HSOAC, provided 
recommendations on new controls or areas where controls could be 
strengthened for ensuring the security of the TWIC program. TSA is 
using the recommendations from this review to develop a control and 
quality management plan to augment its risk management processes. By 
improving its framework for actively identifying and managing controls 
and risk tolerances, the TSA TWIC program will minimize security 
vulnerabilities to the STA process and provide reasonable assurance 
that the program achieves its security objectives. TSA will brief the 
Committee on the enhancements to its risk management process after it 
has implemented the management plan, including an internal control 
framework and enhanced adjudication and security controls for 
conducting STAs. TSA plans to complete implementation in by the end of 
calendar year 2018.

    Question 2. Administrator Pekoske, during a Surface Transportation 
and Merchant Marine Infrastructure, Safety, and Security Subcommittee 
hearing in 2016 we heard testimony that TSA has much to learn in the 
cybersecurity realm. What actions have you taken, or plan to take, to 
improve TSA's cybersecurity posture?
    Answer. In accordance with all the cybersecurity Executive Orders, 
Binding Operational Directives, and Policy Memos the Transportation 
Security Administration (TSA) has continued to evolve its cybersecurity 
posture, personnel, and capabilities. TSA is mitigating the 
cybersecurity risks to TSA's data, systems, and networks through the 
implementation of tools that: monitor privileged user activity; detect 
malicious content in web traffic and e-mails; and accelerate the 
detection of Indicators of Compromise (IOC). In 2017 TSA awarded three 
strategic cybersecurity contracts. These contracts have enabled TSA to 
augment its cybersecurity workforces in the areas of: Monitoring and 
Cybersecurity Network Defense; Security Infrastructure and 
Vulnerability Assessments; Digital Forensics; and Cybersecurity 
Governance Risk Compliance.
    For Surface Transportation Systems, TSA's Office of Security Policy 
and Industry Engagement (OSPIE) works in coordination with TSA's 
Offices of Intelligence and Analysis, Information Technology, Security 
Operations, and with the other Sector Specific Agencies (SSA), 
Department of Transportation and the U.S. Coast Guard with the 
objective of awareness and outreach. Support for the Sector's cyber 
risk management efforts is done through a non-operational approach 
centered on education, facilitation, and information sharing. The 
purpose of these efforts are to develop, deploy, and promote Sector-
focused cybersecurity initiatives, programs, tools, strategies, and 
threat and intelligence information sharing products that support the 
implementation of national mandates, strategies, policies, directives, 
and priorities.
Current Initiatives:
   Facilitate collaboration between industry and government 
        partners to promote cybersecurity risk management programs and 
        resources with the goals of:

     Supporting the increased use of existing government 
            resources.

     Increasing the industries' operational resilience and 
            ability to manage cyber risk.

              Regional Surface Transportation Cybersecurity 
        Workshops--Partner with the DHS Office of Cybersecurity & 
        Communications and TSA Regional Surface Inspectors to deliver 
        facilitated workshops highlighting the many DHS and Federal 
        cyber-risk management resources that are available to critical 
        infrastructure partners.

                        We continue to practice an approach of 
                continuous improvement based on feedback received 
                during our workshops and hot-wash sessions.

                        As a result, industry stakeholders were 
                added as speakers at the last two workshops to share a 
                recent incident they have experienced and/or their 
                cybersecurity risk management strategy. We also added 
                in-depth discussion and Q&A about their take-aways from 
                their workshop participation.

                        On December 13, 2017, one workshop took 
                place in Cleveland, OH. There are five more workshops 
                planned for Fiscal Year (FY) 2018:

                                 Atlanta, GA on March 14, 
                        2018

                                 Washington, DC on March 
                        21, 2018

                                 Dallas, TX in late April/
                        May 2018

                                 Los Angeles, CA in late 
                        June/July 2018

                                 Pacific Northwest in late 
                        July/August 2018

              Past participants have included stakeholders from 
        Surface, Aviation and Maritime modes.

     Distribute Cyber Security Awareness guides and the 
            Surface Transportation Cybersecurity Toolkit.

     Sponsor and participate as a member on the American 
            Public Transportation Association (APTA), Enterprise 
            Cybersecurity Working Group (ECSWG), and Control and 
            Communications Systems Working Group (CCSWG) Recommended 
            Practice Working Groups. Current projects include:

     Guidance document for a transit agency's CIO, CISO, 
            and HR to use to gain buy-in from their Management, C-Suite 
            and/or Board of Directors that:

              Provides rationale for creating an active 
        cybersecurity awareness program.

              A call to action that cybersecurity is everyone's 
        job.

     Update to Recommended Practice Part 2 (2013)--
            ``Defining a Security Zone Architecture for Rail Transit 
            and Protecting Critical Zones'' to align to the Framework.

     Rail Car Cybersecurity White Paper.

     Transit Bus Cybersecurity White Paper.

     Revising the TSA Pipeline Cybersecurity Guidelines 
            (2011) to align with the NIST Cyber Security Framework and 
            we expect to release in 2018.

     Developing cybersecurity incident reporting guidelines 
            for Mass Transit and Freight Rail operators that both align 
            with existing regulations and support more robust Federal 
            incident response processes.

     Expand partnerships and coordination efforts with our 
            DOT/NHTSA and industry stakeholders on vehicle 
            cybersecurity issues.
Recent Accomplishments:
   Planned and facilitated a series of four regional 
        Cybersecurity Workshops in FY 2017. The workshops provided a 
        baseline awareness of existing U.S. Government cybersecurity 
        support programs and allowed stakeholders to share best 
        practices and lessons learned with one another. Additionally, 
        the facilitated discussion component served as an opportunity 
        for participants to both discuss industry's cybersecurity 
        challenges and for them to share their organization's best 
        practices.

     FY 2017 Workshop locations:

              Arlington, VA (DC Metro Area), co-hosted by 
        Arlington County--ART

              Pittsburgh, PA, co-hosted by Port Authority of 
        Allegheny County

              St. Louis, MO, co-hosted by Bi-State Development 
        Agency/Metro Transit

              Oakland, CA (San Francisco Bay Area), co-hosted 
        by Bay Area Rapid Transit

   Finalized and distributed over 56,000 thousand 
        cybersecurity-specific awareness guides.

   Developed, promoted, and disseminated the Surface 
        Transportation Cybersecurity Resource Toolkit for Small & 
        Midsize Business (SMB) that provides guidance on how to 
        incorporate cyber risk into an organization's existing risk 
        management and governance process.

   Developed and disseminated Cybersecurity Awareness Messages 
        (CAMs) and Surface Information Bulletins that covered:

     Cyber Petya Ransomware Attacks.

     Observance of 13th National Cybersecurity Awareness 
            Month.

     Ransomware Attack Awareness: how to protect & how to 
            respond.

   Collaborated with industry partners to provide cybersecurity 
        focused support at various industry sponsored modal meetings, 
        workshops, and conferences.

   Participated as a member and collaborated on various 
        internal and joint public/private TSS cybersecurity working 
        groups that included:

     Transportation Systems Sector Cyber Working Group 
            (TSSCWG).

    Bi-weekly TSA Cyber Coordination working group.

    Question 3. Administrator Pekoske, I understand TSA is testing a 
system that could detect concealed explosives and suicide vests in 
crowded areas like public transit systems.

    Question 3a. Could you provide background and an update on this 
program?
    Answer. TSA has been actively exploring ways to detect threats on 
persons within the public transportation environment for a number of 
years. Recent advances in technology have dramatically improved 
performance while reducing system cost. TSA continuously assesses the 
technology marketplace and collaborates with technology providers to 
improve their products. Technology involving standoff detection of 
concealed threats is always of significant interest.
    TSA has worked with several leading standoff detection technologies 
since the first prototypes appeared around 2005. Two leading vendors' 
units should be available for sale to the security industry by early to 
mid-summer of 2018.

    Question 3b. What is the program's detection rate?
    Answer. Both systems have shown extremely high rates of detection 
against a wide range of explosive threats, with very low rates of false 
positives. While precise detection rates are classified, upon request 
TSA can provide a briefing in an appropriate venue.

    Question 3c. Would adoption of this technology slow the movement of 
people going into or out of a public transit system?
    Answer. No. The two standoff detection technologies being assessed 
operate in real time, generally requiring only about one second of 
visibility to detect. Under many circumstances, they can also screen 
several persons at the same time. TSA surface security technologies are 
focused on the ability to detect threats without impeding the free 
movement of people through the venue.

    Question 4. Administrator Pekoske, as part of its surface 
transportation security portfolio, TSA does work to identify and issue 
recommendations to the pipeline industry related to system security. 
For example, in 2016, TSA completed a review, required by the 9/11 
Commission Act, to review the security of the Nation's top 100 pipeline 
systems. Do you have any updates on TSA's work to detect threats and 
provide support for pipeline security? Additionally, TSA has a 
memorandum of understanding with the Pipeline and Hazardous Materials 
Safety Administration (PHMSA) to cooperate on pipeline security 
threats. Have you worked to develop a relationship with PHMSA and 
Administrator Skip Elliott to support PHMSA's work on pipeline 
security?
    Answer. The Transportation Security Administration (TSA) continues 
to work collaboratively with the pipeline industry to identify threats 
and provide support for pipeline security.
    Some of these TSA initiatives include:

   Regular pipeline threat assessments and briefings 
        administered by TSA's Office of Intelligence and Analysis 
        (OIA). Threat updates are provided, at a minimum during monthly 
        stakeholder conference calls and annually to over 100 industry 
        security representatives at the International Pipeline Security 
        Forum.

   Issuing Pipeline Security Guidelines (dated 2011) for 
        enhancing physical and cybersecurity. TSA worked with industry 
        stakeholders to update these Guidelines specifically with 
        regard to cybersecurity and we expect to release in 2018.

   TSA Evaluates corporate security policies and procedures of 
        the Nation's top 100 pipeline systems and provides 
        recommendations for a more robust corporate security program.

   The TSA Critical Facility Security Review (CFSR) program 
        focuses on the collection of site-specific facility 
        information, and provides recommendations for improving the 
        security posture of critical pipeline facilities. In FY2017, 
        TSA conducted 70 CFSRs.

   TSA maintains ongoing security technology testbeds at two 
        major pipeline sites, in partnership with a major U.S. pipeline 
        company.

   The TSA Intermodal Security Training and Exercise program 
        provides exercise, training, and security planning tools in a 
        variety of formats (table top exercises, full scale exercise, 
        workshops).

   TSA distributed over 10,800 Pipeline Counterterrorism Guides 
        in FY2017 to pipeline owners/operators as a means to enhance 
        security awareness and employee vigilance.

   TSA uses multiple platforms to share timely and relevant 
        information including monthly stakeholder calls, security and 
        incident awareness messaging, collaboration with industry trade 
        associations, and active involvement with industry's Oil and 
        Natural Gas Sector Coordinating Council and their initiatives.

    Indicative of TSA's active and longstanding partnership with PHMSA 
on pipeline safety and security matters, TSA's Surface Division 
Director recently met with PHMSA Administrator Skip Elliott. TSA and 
PHMSA have a memorandum of understanding detailing the various ways the 
agencies cooperate on matters relating to pipeline security.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Bill Nelson to 
                         Hon. David P. Pekoske
    Reimbursements to Airports. Following the September 11th terrorist 
attacks, several airports across the country, including many in 
Florida, installed in-line baggage screening systems with the 
understanding that they would be reimbursed by the TSA. My 
understanding is that these airports are owed at least 217 million 
dollars.
    Question 1. When can we expect the TSA to begin the process for 
reimbursing these airports?
    Answer. In November 2017, the Transportation Security 
Administration (TSA) completed the seven-step process, and finalized 
the Airport Reimbursement List, as outlined in the TSA Reimbursement 
Review and Validation Plan for In-Line Baggage Screening Systems, 
Fiscal Year (FY) 2016 Report to Congress (June 16, 2016). The list 
identifies 16 projects across 14 airports eligible for funding totaling 
$217,879,014.36. With the passage of the Fiscal Year 2018 Consolidated 
Appropriations Act, (Public Law 115-141), $50 million was made 
available to begin satisfying these claims. TSA intends to implement a 
pro rata distribution of the funds allocated toward reimbursement. This 
allocation process was determined by TSA to be an objective, 
transparent and equitable distribution of the discretionary 
appropriations made available for the purpose of reimbursing airports 
for eligible projects. Under the pro rata allocation method, each 
airport is equally entitled to a share of their eligible costs on a pro 
rata basis.
    Using this methodology, an individual airport's reimbursement will 
be based on the airport's eligible reimbursable amount as a percentage 
of the total eligible amount for all airports. This percentage will 
then be applied against the total amount of funding available to 
determine the amount that will be reimbursed to a specific airport. The 
distribution of the $50 million will be implemented in FY 2018.

    Funding For Surface Security. We see the very real threats to our 
surface security systems, yet less than two percent of the TSA's budget 
is devoted to surface transportation. And more problematically, the 
administration has proposed cuts to grant programs and VIPER teams that 
support surface transportation security.
    Question 2. Given the recent and continued incidents, shouldn't we 
reexamine the amount of funding for surface security systems?
    Answer. The primary responsibility for security in surface 
transportation lies with the owners and operators of those systems and 
companies, because the components of the transportation network are 
largely privately owned and operated. Consistent with its authorities 
and responsibility for transportation security, the Transportation 
Security Administration (TSA) supports security of surface 
transportation by developing policies and resources, as well as working 
with system owners/operators in identifying, developing, and 
implementing remediation strategies to include unpredictable 
operational deterrence, preparedness and response exercises, improving 
critical infrastructure resilience, front line employee security 
training, and public awareness campaigns and materials.
    Combined total funding for surface transportation security is much 
greater than reflected in the TSA budget. Operators and local/regional 
authorities commit funding to security and the Department of Homeland 
Security is appropriated funding for surface transportation security 
grant programs, which has totaled over $2.5 billion since Fiscal Year 
2006.
    Although TSA's budget for surface transportation is small compared 
to the aviation sector, the Nation realizes a significant return from 
this investment. TSA's resources and personnel directly support ongoing 
security programs with committed security partners who, in turn, 
dedicate millions of private sector dollars to secure critical 
infrastructure, provide uniformed law enforcement and specialty 
security teams, and conduct operational activities and deterrence 
efforts. TSA invests its resources to help these partners identify 
vulnerabilities and risks in their operations, and works with specific 
owners/operators to develop and implement risk-mitigating solutions to 
address their specific vulnerabilities and risks.

    Question 3. How will the cuts impact surface transportation 
security?
    Answer. Canine Team. When discussing canine security teams, former 
TSA Administrator Neffenger said that ``there is no better overall 
detector of explosives than a dog's nose'' and that they ``work an 
environment like no technology can.''

    Question 4. What benefits have you seen from the use of canine 
teams?
    Answer. Canine teams are a highly mobile, reliable, and effective 
tool when properly trained and utilized. The benefits derived from all 
of our canine teams across all modes of transportation (Aviation, 
Surface, Maritime and PSC) is immeasurable. From providing a clearly 
visible deterrent, to their unmatched detection capabilities, to the 
many and varied environments in which they operate, the presence of a 
well-trained canine team has proven to significantly enhance the 
overall security footprint.

    Question 5. How would funding for additional teams help improve 
security?
    Answer. Increasing the number of canine teams would not only 
provide for greater coverage and additional detection capability in the 
transportation network, but also directly increases the deterrence 
factor, possibly altering or preventing a terrorist attack.

    Question 6. Are there other ways that the Federal Government can 
help incentivize the use of canine teams?
    Answer. TSA maintains a list of current law enforcement 
participants who have requested to increase their current canine team 
allocation, as well as non-participating agencies that have requested 
to join TSA's National Explosives Detection Canine Team Program 
(NEDCTP). Most agencies do not have sufficient discretionary funding to 
support an increase in their current canine allocation or to establish 
a canine program, and therefore appeal to the Federal Government for 
assistance. The TSA program currently covers the costs associated with 
the procurement of canines, handler training, yearly evaluations/
certifications of teams and provides participants a $50,000 per team, 
per year reimbursement stipend. All other costs related to maintaining 
and operating the canine are the responsibility of the participant. In 
return, the participant agrees to spend 80 percent of their duty time 
in their assigned area of responsibility conducting explosive detection 
activities. One alternative solution is for TSA to stop providing the 
$50,000 stipend and for participants to bear all costs associated with 
maintaining and operating the canine teams. TSA would still provide the 
canines, explosives training aids, handler training, and yearly 
evaluation/certification of the teams.
                                 ______
                                 
   Response to Written Question Submitted by Hon. Maria Cantwell to 
                         Hon. David P. Pekoske
    Port Security Grant Program. America's seaports and airports must 
be prepared to face a wide range of threats and vulnerabilities, both 
natural and manmade. Yet the Port Security Grant Program, in which TSA 
is a partner, and other Federal programs that support ports' efforts 
are limited to preventing terrorist and criminal activity or providing 
assistance after an emergency has already occurred.
    More and more, security experts are advocating for an all-hazards 
approach to protecting our citizens and critical infrastructure. Such 
an approach seeks to prevent a wider range of potential threats and to 
make our communities more resilient when incidents occur.
    Question. To your knowledge, is DHS considering adjusting its 
practices to reflect this evolving consensus port security and threat 
management? Would you agree that there would be value in introducing 
more flexibility into the Port Security Grant Program to accommodate an 
all hazards approach?
    Answer. The Port Security Grant Program (PSGP) is administered by 
the Federal Emergency Management Agency (FEMA) in accordance with the 
legislative requirements of 46 United States Code (USC) 70107.
    Specifically:

    (b) Eligible Costs.--The following costs of funding the correction 
of Coast Guard identified vulnerabilities in port security and ensuring 
compliance with Area Maritime Transportation Security Plans and 
facility security plans are eligible to be funded:

  (1)  Salary, benefits, overtime compensation, retirement 
        contributions, and other costs of additional Coast Guard 
        mandated security personnel.

  (2)  The cost of acquisition, operation, and maintenance of security 
        equipment or facilities to be used for security monitoring and 
        recording, security gates and fencing, marine barriers for 
        designated security zones, security-related lighting systems, 
        remote surveillance, concealed video systems, security vessels, 
        and other security-related infrastructure or equipment that 
        contributes to the overall security of passengers, cargo, or 
        crewmembers. Grants awarded under this section may not be used 
        to construct buildings or other physical facilities, except 
        those which are constructed under terms and conditions 
        consistent with the requirements under section 611(j)(8) of the 
        Robert T. Stafford Disaster Relief and Emergency Assistance Act 
        (42 U.S.C. 5196(j)(8)), including those facilities in support 
        of this paragraph, and specifically approved by the Secretary. 
        Costs eligible for funding under this paragraph may not exceed 
        the greater of--

      (A)  $1,000,000 per project; or

      (B)  such greater amount as may be approved by the Secretary, 
            which may not exceed 10 percent of the total amount of the 
            grant.

  (3)  The cost of screening equipment, including equipment that 
        detects weapons of mass destruction and conventional 
        explosives, and of testing and evaluating such equipment, to 
        certify secure systems of transportation.

  (4)  The cost of conducting vulnerability assessments to evaluate and 
        make recommendations with respect to security.

  (5)  The cost of conducting exercises or training for prevention and 
        detection of, preparedness for, response to, or recovery from 
        terrorist attacks.

  (6)  The cost of establishing or enhancing mechanisms for sharing 
        terrorism threat information and ensuring that the mechanisms 
        are interoperable with Federal, State, and local agencies.

  (7)  The cost of equipment (including software) required to receive, 
        transmit, handle, and store classified information.

  (8)  The cost of training law enforcement personnel--

      (A)  to enforce a security zone under section 70132 of this 
            title; or

      (B)  assist in the enforcement of a security zone.

    The legislation primarily directs the program to provide security 
related capabilities. Funding priorities under the PSGP are continually 
informed by risk and threat assessments provided by the United States 
Coast Guard (USCG), as the lead Federal agency for maritime security. 
Having USCG as lead ensures that the program is flexible in evolving to 
reflect the most current maritime security risks facing American ports 
and waterways. TSA defers to the USCG, as the lead for Maritime 
Security, regarding introducing more flexibility in the PSGP to 
accommodate an all hazards approach, however many security mitigation/
response capabilities are by nature all-hazards in nature.
    Note: On May 21, 2018, FEMA released the Notice of Funding 
Opportunity and allocations for the Port Security Grant Program. In FY 
2018, the PSGP provides $100,000,000 for transportation infrastructure 
security activities to implement Area Maritime Transportation Security 
Plans and facility security plans among port authorities, facility 
operators, and State and local government agencies required to provide 
port security services. The intent of the FY 2018 PSGP is to 
competitively award grant funding to assist ports in obtaining the 
resources required to support the development and sustainment of core 
capabilities identified in the National Preparedness Goal of a secure 
and resilient Nation.
                                 ______
                                 
 Response to Written Questions Submitted by Hon. Richard Blumenthal to 
                         Hon. David P. Pekoske
    Whether TSA has technology ready to deploy that can detect 
explosives at rail and transit stations. In recent weeks, we have been 
tragically reminded of the security threats facing our rail and transit 
network.
    On December 11, 2017, a terrorist detonated a homemade pipe bomb 
affixed to his torso with the aim of inflicting as much death as 
possible in a New York City subway station. Fortunately, the bomb only 
partially detonated, no one was killed, and injuries were at a minimum.
    TSA must take action to protect critical transportation hubs 
immediately--like rolling out non-invasive technology that can find and 
detect concealed explosives by identifying objects that block the 
natural emissions from a person's body.
    I understand that this technology is being tested in Los Angeles, 
and some of my colleagues have publicly wondered whether it can be 
deployed.
    I urge you to expedite the testing process to ensure its efficacy 
so this technology can be deployed nationally. It is critical that we 
ensure safety without imposing any unnecessary screening burdens on 
passengers.

    Question 1. What is the status of this technology? When will it be 
ready for use and deployment? Can you confirm that you're working to 
roll out technology without imposing any unnecessary new screening 
burdens?
    Answer. TSA continues to collaborate with the technology 
marketplace to gain new capabilities and enhance existing ones. Two 
vendors have systems proven to be effective and suitable when used in 
accordance with their known capabilities and limitations and with 
appropriate concepts of operations. TSA has completed its assessment of 
the two systems and they are ready to be purchased by appropriate users 
directly from the vendors. The local and regional surface 
transportation systems, privately owned and operated, are the 
appropriator buyers and users of the technology. TSA will continue to 
seek improvements and expand capabilities of this type of technology. 
Several major transportation systems are expressing an interest in 
either applying for grants funding to purchase or purchasing with their 
own capital funds.
    Checkpoint style screening is not feasible in high volume mass 
transit/passenger rail environments. The technologies are designed to 
accommodate high volumes of passengers moving in diverse directions 
without unnecessarily impeding passenger flow.
    TSA is continuing its programs energizing the marketplace to 
provide security technologies that meet the needs of the surface 
transportation industry.

    Question 2. When and if the technology is ready and helpful--not 
harmful--can you commit to putting it in commuter rail, not just 
subways?
    Answer. TSA provides assessments and testing/pilot data and 
information in order to verify technology. This data and testing can 
assist in drafting of grants proposals and industry procurement 
decisions of technology for surface security. TSA is not funded to 
procure or field security technologies for the surface transportation 
industry. That includes both subways and commuter rail. Industry 
purchases technology directly from the marketplace or through the 
various Federal grant programs.
    The need to address the growing menace of terrorists, trucks and 
``vehicle ramming incidents''. In recent years we've seen a growing 
menace: terrorists getting hold of large trucks and vans and using them 
as weapons to kill and maim many.
    Perhaps the most high-profile was the attack in France in 2016 in 
which 86 were killed. But there have been many others, for instance:
    In June 2017, terrorists used a van to kill pedestrians on London 
Bridge, killing eight.
    In August, a terrorist used a van to drive over pedestrians in 
Barcelona, killing 14.
    In October, close to home, a terrorist used a truck to drive over 
pedestrians in New York City, killing eight.

    Question 3. I asked about this issue at your confirmation hearing 
in June. I recall your having said that you would look at this very 
closely. What efforts have you made to address this issue? How are you 
addressing these terrifying scenarios?
    Answer. The Department of Homeland Security's (DHS) Office of 
Operations Coordination collects information on more than 15,000 
special events annually and performs a comparative risk analysis to 
assess the likelihood of a terrorist attack at these events. The 
results of this objective analysis are used across the Federal 
Government for situational awareness and to make policy decisions about 
how to support state, local, tribal, and territorial authorities. 
Higher risk events may receive support from DHS and other Federal 
agencies. For example, DHS's field-based Protective Security Advisors 
(PSAs) serve as security subject matter experts who engage with state, 
local, tribal, and territorial government mission partners and members 
of the private sector stakeholder community to protect the Nation's 
critical infrastructure. When directed, PSAs work with venue managers 
to mitigate their security vulnerabilities, which includes the threat 
of a vehicle ramming scenario.
    DHS is in the process of establishing a comprehensive program 
specifically focused on the security of soft targets-crowded places. 
The focus of the program is to develop and implement innovative 
solutions to reduce the probability of a successful attack by 
adversaries who may be utilizing a variety of tactics, from simple 
methods to more sophisticated weapons. The program will include the 
development of enhanced security protocols, standards, guidance, 
technology, and security-by-design approaches.
    As part of this effort, continuing with existing authorities and 
requirements, the Department's National Protection and Programs 
Directorate (NPPD) is expanding upon its capabilities to assist the 
critical infrastructure community in mitigating risks associated with 
vehicle ramming attacks through a variety of means:

    Protection Operations: In May 2018 the Federal Protective Service 
(FPS) implemented its concept of operations for the protection of 
Federal facilities identified as soft targets and crowded places that 
are located adjacent to or near Federal facilities (sports venues, bus, 
subway and train transit hubs, etc.) across the United States. Formally 
known as Operation Resilient Protection (ORP), these operations provide 
enhanced law enforcement, intelligence analysis, criminal 
investigations, and physical security for pre-selected soft targets and 
crowded places. Additionally, FPS implements ORP at Federal facilities 
during NSSEs, and SEAR Levels I, II, and III. ORP was specifically 
developed and implemented in response to international and domestic 
incidents of vehicle ramming, mass shootings, sniper attacks, and other 
terrorism-related tactics affecting soft targets and crowded places. 
Furthermore, in partnership with the General Services Administration, 
FPS also conducts Operation Reduce Risk, a program to identify, 
interdict and recover counterfeit, stolen and lost government license 
plates reducing the likelihood that an official looking vehicle can 
gain access to be used in a vehicle based attack.

    Partnership: As the executor of the Commercial Facilities Sector-
Specific Agency responsibilities, NPPD expanded its partnership base to 
more effectively address vehicle ramming impacts to commercial 
facilities. The American Car Rental Association (ACRA) and the Truck 
Rental and Leasing Association (TRALA) are working closely with NPPD to 
identify methods of enhanced security measures, which may reduce the 
vulnerability of rental vehicles being used for attacks. These 
partnerships include coordination with the Transportation Security 
Administration (TSA) and Federal Bureau of Investigation (FBI). As Task 
Force Officers assigned to FBI Joint Terrorism Task Forces across the 
United States, FPS criminal investigators continually partner with the 
FBI and state and local police and sheriffs' departments. FPS uniformed 
police officers and commanders routinely partner with state and local 
police and sheriffs' departments to protect Federal facilities from 
vehicle ramming and other terrorism-related tactics.

    Exercises: NPPD incorporates vehicle ramming attacks into exercise 
scenarios conducted with the critical infrastructure community. These 
exercises provide the opportunity to test response protocols along with 
pre-incident information sharing processes, emergency response plans, 
and recovery procedures involving soft targets-crowded places. So far 
in Fiscal Year (FY) 2018, NPPD has conducted 14 tabletop exercises with 
public and private sector stakeholders that included vehicle ramming as 
part of the scenarios.

    Resources: In February 2018, NPPD produced a ``Vehicle Ramming 
Attack Mitigation'' video, which provides information to assist the 
critical infrastructure community in mitigating this evolving threat 
with technical analysis from public and private sector subject matter 
experts. The video leverages real-world events, and provides 
recommendations aimed at protecting organizations as well as 
individuals against potential vehicle ramming incidents.

    Intelligence Bulletin: In November 2017, FPS released a revised 
Operational Readiness Bulletin (ORB) to all assigned law enforcement 
officers, providing guidance regarding strategies, tactics, techniques, 
and procedures for mitigating vehicle ramming attack vulnerabilities. 
In December 2017, FPS released an Intelligence Bulletin that provided 
an in-depth study of criminal and terrorist vehicle ramming incidents, 
highlighting terrorist attack tactics, indicators to recognize 
developing incidents, and countermeasures to mitigate the effects of 
vehicle ramming attacks. NPPD also used analysis of Foreign Terrorist 
Organization-inspired vehicle ramming operations in the west since 2016 
to develop a product that informed the critical infrastructure 
community on common characteristics of these operations, and 
recommended mitigation strategies to improve resilience against future 
attacks. FPS routinely publishes intelligence bulletins related to 
vehicle ramming and other terrorism-related tactics. Depending on 
information classification, the bulletins are provided to partner 
intelligence and law enforcement agencies, Federal Executive Boards, 
and Federal agency leaders.

    Webinars: NPPD conducted two webinars in 2017. The soft targets-
crowded places webinar provided an overview of select attacks and 
corresponding tactics, techniques, and procedures. In attendance were 
1091 registrants from the Critical Infrastructure Sector as well as 
representatives from Federal and local governments and the private 
sector. The second webinar focused on vehicle ramming, leveraging the 
information within the intelligence product mentioned above. This 
webinar was attended by 441 registrants from the Critical 
Infrastructure Sector as well as representatives from Federal and local 
government and private sector.

    Resource Development: To raise awareness in the commercial vehicle 
industry, TSA worked with public and private sector partners to develop 
an informational product on vehicle ramming attacks released in June 
2017. This product included information on the threat landscape, 
indicators, and countermeasures that could be implemented to prevent 
and prepare for this evolving threat. This document is scheduled to be 
updated in May 2018.

    Preventive Measures: Although TSA's primary focus is on 
transportation security, it also coordinates with public and private 
sector partners to develop physical security measures to prevent 
vehicle ramming attacks against soft targets. This includes scenario-
driven security exercises and the implementation of physical security 
countermeasures to protect mass gatherings at public events. In April 
2018, TSA facilitated a vehicle ramming seminar at the Kentucky 
Department of Criminal Justice Training with the Kentucky State Police 
(KSP) and Kentucky Trucking Association. This seminar focused on 
intelligence briefings, a table-top-exercise with a vehicle ramming 
scenario, and a live demonstration by the KSP, Metro SWAT, and the 
State Bomb Squad to exercise response to a vehicle ramming attack. TSA 
is in discussions with other state level associations and law 
enforcement agencies to replicate this effort. TSA is currently working 
with the American Trucking Association and state associations in New 
York and Tennessee to conduct up to three full-scale exercises in 
FY2019. FPS recently developed and is testing a risk analysis modeling 
tool to determine the most effective risk-reduction physical security 
measures and protection activities relative to vehicle ramming and 
terrorism-related tactics. Validation of this methodology will continue 
through Fiscal Year 2019.

    Security Information Sharing: TSA collaborated with ACRA and TRALA 
to share relevant security information to prevent the use of rental 
vehicles in vehicle ramming attacks. Through this partnership, TSA and 
the industry developed a report, titled ``Security Indicators for the 
Vehicle Rental Industry,'' which was released in August 2017 to nearly 
500 public and private stakeholders who have further distributed the 
messages within their industries and communities. TSA also leverages 
ongoing engagement opportunities, including webinars, meetings, and 
industry conferences to promote vehicle security and countermeasures 
against vehicle ramming attacks, to reduce the likelihood and 
consequences of vehicle ramming events. Additionally, TSA continues to 
promote security through Security Awareness Messages and industry calls 
surrounding worldwide attacks, including vehicle ramming, to address 
the ever evolving threat landscape, current tactics being deployed, and 
potential countermeasures. In February 2018, TSA hosted a Public Area 
Security Summit to discuss ways to mitigate the risk to public areas, 
including the risks from vehicle ramming attacks. Attendees included 
stakeholders from domestic and international surface transportation 
industry, aviation industry stakeholders, and other Federal agencies.

    The significance of protecting ports. As you likely know from your 
Coast Guard experience--including many years in Connecticut, the U.S. 
has more than 1,000 harbor channels and 25,000 miles of inland, intra-
coastal, and coastal waterways that serve over 360 ports.
    U.S. seaports handle more than two billion tons of domestic, import 
and export cargo annually.
    TSA has an important role in port security. Connecticut has three 
ports--which are vital to our economy, just like our country's hundreds 
of other ports.

    Question 4. How secure is our maritime economy? What else can we do 
to ensure our ports are as secure as they need to be?
    Answer. In contrast to the other surface modes of transportation, 
the Transportation Security Administration (TSA) is not the lead 
Federal agency for security in the maritime mode. The United States 
Coast Guard (USCG) is the lead Federal agency for maritime security in 
the United States, and TSA supports the USCG in its maritime security 
efforts and in coordinating interagency efforts for the maritime mode.
    TSA supports the USCG in maritime security via the jointly 
administered Transportation Worker Identification Credential (TWIC) 
program. For the TWIC program, TSA conducts a security threat 
assessment of individuals who are seeking unescorted access to secure 
areas of maritime facilities and vessels. The assessment includes 
recurrent vetting against intelligence databases for ties to terrorism, 
fingerprint-based criminal history records checks, and an immigration 
status check. TSA issues a biometric credential to the individuals who 
successfully complete this process. While the USCG manages the physical 
access requirements and the associated enforcement and usage of the 
TWIC at the ports as part of USCG's overall maritime security mission, 
TSA and USCG jointly manage an enforcement program to ensure that only 
properly vetted personnel are entering secure areas of port facilities. 
TSA prioritizes High Threat Urban Areas. In Fiscal Year (FY) 2017, TSA 
Inspectors visited U.S. port facilities 1,695 times and inspected 
59,790 TWICs. As a result, 180 Civil Enforcement Actions were taken, 
resulting in 67 fines and 113 warning letters. In FY 2018 to date, TSA 
Inspectors have visited U.S. port facilities 1,085 times and inspected 
36,849 TWICs. TSA exceeded its target for inspections in FY 2017, so 
far for FY 2018, and continues to increase its targets.

    How a passenger with neither a ticket nor passport was able to 
glide past security checkpoints and fly from Chicago to London. I 
understand this hearing concerns surface transportation security--an 
issue I want to be sure we address.
    But I would be remiss if I didn't raise an issue that rightfully 
garnered significant headlines over the past week.
    The headlines concerned an individual named Marilyn Hartman--
apparently well-known to law enforcement officials in the aviation 
community. According to reports and statements from police and security 
officials, she was able to get past security officials at O'Hare in 
Chicago and onto a flight bound for London, where she landed before 
being apprehended and flown back to the U.S. last week.
    No one was hurt. And her efforts raise concerns as well about 
mental health.
    But nonetheless the episode raises very serious concerns about 
glaring, gaping holes in TSA's oversight. It gives me tremendous pause 
and makes me nervous about what someone with more nefarious motives 
could achieve.

    Question 5. How do you respond to this incident? Does it worry you 
as much as it worries me? What steps have you taken to make sure it 
never happens again? How can we be sure it will not recur?
    Answer. The incident at O'Hare International Airport (ORD) was 
investigated and lapses in security procedures were discovered both at 
the checkpoint and at the boarding gate. At ORD, physical barriers were 
added and ticket document checking locations were repositioned for 
optimal viewing of passengers. TSA worked with stakeholders to address 
other lapses in security procedures. An after action meeting of all law 
enforcement entities, airport authorities and air carriers was 
conducted on
    February 5, 2018 to finalize changes and ensure success in the 
future. These efforts proved effective when Ms. Hartman was detected 
and arrested at ORD shortly after being released from custody following 
the first incident in question. Additionally, a different individual 
was detected and arrested at ORD when that subject attempted to bypass 
the Travel Document Check position.
    TSA continues to provide training and national briefings on the 
importance of area security to prevent future incidents like this. We 
also routinely conduct inspections and testing during the airline 
boarding process to ensure that the proper security procedures are in 
place. While there is no guarantee that this type of incident will not 
occur again, the specific efforts taken at ORD, incorporation of 
lessons learned in national guidance and training, and inspection 
regime should reduce the likelihood of recurrence.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Edward Markey to 
                         Hon. David P. Pekoske
    Transit Security Grant Program. When it comes to surface 
transportation security, we need a layered approach--technology, 
personnel, canines, public engagement. An all the above strategy.
    That's why Congress established the Transit Security Grant Program, 
which provides transit systems with Federal resources to protect 
critical surface transportation infrastructure and the traveling public 
from acts of terrorism.
    But since 2009, funding for this critical program has been slashed 
by over 80 percent, putting a tremendous strain on our public transit 
systems to address national security threats.

    Question 1. Administrator Pekoske, would our transit systems be 
better able to address surface transportation security threats if 
Congress provided more funding for the Transit Security Grant Program?
    Answer. The Department of Homeland Security's (DHS) Transit 
Security Grant Program (TSGP), administered by the Federal Emergency 
Management Agency (FEMA), is an instrumental component of public 
transit systems' security programs. The Transportation Security 
Administration (TSA) works very closely with FEMA to ensure that the 
TSGP funding priorities and framework are structured to buy-down the 
most risk.
    In FY 2018, the Transit Security Grant Program (TSGP) provides 
$88,000,000 to the Nation's High-Threat Urban Areas for enhancement of 
security measures at critical transit infrastructure including bus, 
ferry, and rail systems. The intent of the FY 2018 TSGP is to 
competitively award grant funding to assist transit systems in 
obtaining the resources required to support the development and 
sustainment of core capabilities identified in the National 
Preparedness Goal of a secure and resilient Nation.
    As your question notes, we need a layered approach to security to 
protect our Nation's surface transportation systems from terrorist 
threats. While TSGP funding is an important component in many transit 
systems' approach to security, we must focus on the ways in which the 
security layers fit and work together instead of on one layer in and of 
itself. Effective security projects, including those funded through the 
TSGP, are the result of several activities, many of which TSA helps 
support at no cost to transit systems. Security projects should be 
based on a threat and vulnerability assessment and tied into a security 
planning process, as TSA's Baseline Assessment for Security Enhancement 
(BASE) program helps public transportation systems accomplish; the BASE 
program is a voluntary security assessment of national mass transit and 
passenger rail MTPR that informs development of risk mitigation 
priorities and helps influence TSA allocations and resources. Projects 
can also be the result of lessons learned and areas for improvement 
identified in exercise After Action Reports, such as those from TSA's 
Intermodal Security Training and Exercise Program (I-STEP), which 
provides exercises, training, and security planning tools to public 
transportation agencies to strengthen company security plans, policies 
and procedures, and the Exercise Information System online tool.
    The threat environment is ever-changing, and TSA puts a priority on 
disseminating intelligence information to appropriate entities through 
monthly industry conference calls, and via ``as-needed'' calls when 
real-life events occur.

    Canine Teams. Man's best friend is also one of our greatest allies 
in our efforts to defeat terrorism at home.
    The MBTA--Massachusetts Bay Transportation Authority--has eight 
canines.
    But we need more than eight canine teams to protect the Nation's 
fourth largest transit system, with 145 rail stations and 177 bus 
routes.

    Question 2. Administrator Pekoske, will you work with me to ensure 
we address the MBTA's canine needs? What steps can we take to ensure we 
are providing our transit agencies and airports with the canines they 
need to address security threats?
    Answer. TSA continually performs risk analyses on the 
transportation network and maintains a list of participating state/
local agencies who request additional canine team allocations. In 
addition, TSA tracks all requests from agencies that are not a 
participant in TSA's Canine Program but have expressed interest in 
joining this voluntary program. In both cases, TSA strives to provide 
canine team allocations as funding permits.
    MBTA has played a critical role in the TSA Canine Program since 
2005, when they were first allocated three canine teams. Over time, TSA 
has been able to increase MBTA's canine team allocation.
    TSA is funded for 1,047 canine teams, (372 proprietary teams and 
675 state and local canine teams) all of which are currently assigned 
to specific participants. One measure TSA is looking at to expand the 
canine program is to offer participating state/local agencies the 
ability to increase the number of canine teams they deploy through the 
following proposal: TSA would provide the canines, explosives training 
aids, handler training, and yearly evaluation/certification of the 
teams; however, TSA would not provide the $50,000 per team stipend 
currently allotted to program participants. The participant would bear 
all costs associated with the care and maintenance of the canine team.
    Due to the continued demand for canines, TSA has been working to 
increase capacity in both training and fielded teams. TSA is piloting 
new training models, adding a new procurement contract to purchase 
canines with varying levels of training to assist in meeting future 
needs, and working closely with the Department of Defense Military 
Working Dog School to expand capacity at the Joint Base San Antonio-
Lackland facility. TSA is committed to supporting our transit agencies 
and airports with the canines they need to address security threats.

    Vehicle Ramming Attacks--Protecting Public Spaces. In recent years, 
terrorists have added another weapon into their arsenal--large 
vehicles.
    Whether it be a promenade in France, a bridge in London, or a 
bicycle path in New York, terrorists have launched vehicle ramming 
attacks to kill hundreds and instill fear.
    Administrator Pekoske, Massachusetts has many wonderful public 
spaces where my constituents congregate.

    Question 4. How can we maintain the accessibility these public 
spaces while also protecting the public from vehicle ramming attacks?
    Answer. The cornerstone of our thriving democracy is an open 
society that provides the means to freely engage in many activities 
without the fear of harm. Recent events such as vehicular attacks on 
pedestrians and shootings in schools, nightclubs, and at concerts; 
exemplify the importance of enhancing security at soft targets and 
crowded places. Protecting these areas from terrorists and other 
extremist actors, who are more prominently leveraging low 
sophistication attack methods, such as vehicle-ramming attacks to cause 
mass casualties, is a challenge that the department is meeting directly 
and forcefully.
    The DHS National Protection and Programs Directorate (NPPD) is at 
the forefront of soft targets-crowded places efforts. In January 2018, 
the Department developed a plan to support and strengthen direct 
security operations, intelligence and information sharing, capability 
and capacity building, and research and development.
    NPPD is also assisting the critical infrastructure community in 
mitigating risks associated with vehicle ramming attacks through a 
variety of means. Protective Security Advisors support security 
planning in coordination with federal, state, local, and private sector 
partners. They frequently conduct security assessments, coordinate 
training, and provide situational awareness of critical infrastructure 
in public gathering locations.

    Vehicle Ramming Attacks--Technology. Technology can be part of the 
solution.
    In 2016, a vehicle ramming attack in Berlin was eventually stopped 
when the truck's automatic braking technologies were triggered.
    These safety innovations intervene when a collision is imminent, 
taking control of the brakes to avoid crashes.
    While the European Union requires automatic braking systems on 
large trucks, the United States has not mandated that these life-saving 
technologies be adopted by larger vehicles.

    Question 5. Administrator Pekoske, could broader adoption of 
automatic braking technologies help address the threat posed by vehicle 
ramming attacks?
    Answer. Technologies now making their way into the vehicle industry 
could reduce the frequency and consequence of vehicle ramming attacks. 
The Transportation Security Administration supports further research 
into collision avoidance and other emerging technologies that may 
mitigate this risk.
    We stand ready to work with our Federal partners at the Department 
of Transportation and the National Highway Traffic Safety 
Administration as they set standards for future safety devices and 
technologies for collision avoidance and remote vehicle disabling 
technologies.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Catherine Cortez Masto 
                        to Hon. David P. Pekoske
    Aviation. While I know you were both before the Committee to 
discuss surface transportation security specifically, I wanted to note 
that in October 2017, Mr. Kelly's office completed audits of several of 
TSA's most critical aviation security programs. The results of those 
audits are classified so I will not go into them further here, but I 
wanted to underscore just how seriously I and my colleagues take such 
reviews and the urgent importance of TSA running state of the art 
security programs across all modes of transportation.
    As we all saw recently, a woman by the name of Marilyn Hartman 
successfully boarded a flight in Chicago without a ticket. She managed 
to make it all the way to London before she was stopped. Worse yet, she 
has successful boarded planes without a ticket multiple times since 9/
11.
    These security breaches have also impacted flights coming into 
Nevada. In 2013, a 9-year old boy managed to board a flight in 
Minneapolis and fly all the way to Las Vegas without being stopped.

    Question 1. Administrator Pekoske, you spoke in your testimony 
about innovation. Can you outline the specific programs and processes 
your Administration have put in place to ensure TSA is regularly 
reviewing its standard operating procedures in both ground and aviation 
transportation systems to ensure state of the art practices? Are there 
other processes your organization has identified that would ensure TSA 
is using resources to maximize efficacy and adopt global best practices 
in transportation security?
    Answer. The Transportation Security Administration (TSA) has 
implemented a Standard Operating Procedures (SOP) Review, Impact 
Analysis, and Maintenance Plan, which provides guidance and direction 
for the review and impact analysis process for SOPs. Reviews are 
recurrent (annually, semi-annually, or quarterly) and also conducted 
as-needed to ensure procedures align with or responds to current 
security policies and the evolving threat environment. The SOP review 
process includes reviewing intel-based requirements, new technologies, 
test outcomes, and audit recommendations, to improve overall detection 
and performance.
    The review process was first implemented in August 2017. Since that 
time, as it relates to identity verification, the Travel Document Check 
SOP was updated and released on September 28, 2017 with an 
implementation date of October 12, 2017. Additionally, another interim 
change was released on January 22, 2018 with an implementation date of 
February 5, 2018. Both SOP releases supported the need for policy 
updates based on law making requirements (REAL ID) and identified areas 
of required clarification for the frontline workforce.

    Hiring/Recruitment.
    Question 3. We have seen with Customs and Border employment that 
recruitment can be a challenge. Have you seen similar barriers to 
bringing in qualified personnel who stay long enough to keep a 
consistent and high-level team together on both aviation, as well as 
surface transportation security?
    Answer. Yes, with regard to our Transportation Security Officer 
(TSO) positions, TSA experiences many challenges in attracting and 
retaining qualified personnel as the compensation level of the TSO 
position is considerably lower than other positions in the field of 
homeland security. As the U.S. economy has improved and local minimum 
wages have substantially increased in recent years, the pay of the TSO 
position is becoming less and less competitive. In an effort to recruit 
quality applicants, we are doing our best to market the benefits of 
Federal employment.
    To align with airline flight schedules, TSA is required to hire 
thousands of part-time TSOs each year. Hiring part-time employees with 
schedules of 20-25 hours per week poses challenges as many employers 
are currently offering full-time positions at comparable or higher 
starting hourly wages. In many instances, we are losing quality TSOs to 
other full-time jobs that offer the same, or sometimes, lower hourly 
rates. Thus, we try to adjust our recruitment and advertising to reach 
ideal part-time applicant pools, such as individuals who are going to 
school and in need of part-time employment.
    More recently, we have seen a significant increase in the number of 
TSOs that have left TSA to transfer to other Federal agencies such as: 
data entry clerks for United States Citizenship and Immigration 
Services, call center agents for Federal Emergency Management Agency, 
and claims processors at the VA. For many, these entry-level positions 
at other agencies are promotions and typically offer traditional 
schedules without requiring early morning/evening/weekend/holiday 
shifts or needing to be flexible with personal schedules due to the TSO 
position being designated as emergency essential.\1\ For what is 
considered an entry-level position, a great deal is expected and 
required from our TSOs.
---------------------------------------------------------------------------
    \1\ Emergency essential personnel are not excused from duty if an 
emergency arises because the employee encumbers a position that is 
identified as necessary to sustain a facility or function for 
continuity of TSA operations during an emergency.
---------------------------------------------------------------------------
    TSA always looks to build on the strengths of our employees and 
advance their profession. TSA has created a road map for career 
progression that details the skills and certifications an officer needs 
to advance in their TSA careers. This roadmap provides a structured 
progression for officers to see their career trajectory, incentivizes 
on-the-job expertise in critical areas, and helps the agency retain our 
highest skilled workers.
                                 ______
                                 
     Response to Written Question Submitted by Hon. Deb Fischer to 
                             John V. Kelly
    Question. Mr. Kelly, as you noted in your testimony, the background 
check process for the TWIC program is the same as that for aviation 
workers and the Hazmat Materials Endorsement. The Surface and Maritime 
Transportation Security Act would reduce duplicative background checks 
by allowing a person who has been approved for a TWIC credential to 
also be considered to have met the requirements for a hazardous 
materials endorsement. Would removing duplication across these 
credentials improve the effectiveness of the background check process 
for transportation facility access?
    Answer. The Hazard Materials Endorsement (HME) is a state driver's 
license endorsement. The Transportation Security Administration (TSA) 
performs the background check to ensure consistent background check 
reviews across state lines. Based on our audit, we learned that TSA has 
already taken into consideration and adjusted its fees for individuals 
with the need for both a TWIC and an HME endorsement. According to TSA, 
applicants with HMEs do not have to repeat the security threat 
assessment if they are applying for a TWIC, and as a result the fee for 
the TWIC is reduced. Eliminating the requirement for additional 
background checks may not impact the effectiveness of the background 
check process because in most cases individuals who have received a 
TWIC will be automatically processed by TSA's system in less than one 
day. Since HME is a state generated endorsement we do not have 
jurisdiction to review the endorsement or its processes.
                                 ______
                                 
     Response to Written Question Submitted by Hon. Bill Nelson to 
                             John V. Kelly
    Customs and Border Protecting Staffing at MCO. Mr. Kelly, I have 
been told by the Orlando International Airport that U.S. Customs and 
Border Protection (CBP) officers there are being reassigned to the 
Southwest border as part of a continuing rotation.

    Question. Has your office been made aware of these rotations and 
can you comment on why it is necessary to shift resources from ports of 
entry already experiencing C.B.P. staffing shortages?
    Answer. We are not aware of any specific rotations from Orlando 
International Airport to the Southwest border. As part of an ongoing 
audit, we have received information which indicates CBP's Office of 
Field Operations has fallen short of its staffing targets for Fiscal 
Year (FY) 2016, FY 2017, and FY 2018. According to CBP, it is working 
to address the shortages.
                                 ______
                                 
 Response to Written Questions Submitted by Hon. Richard Blumenthal to 
                             John V. Kelly
    The need for an aggressive, extensive review of the 
administration's handling--or mishandling--of Puerto Rico recovery 
efforts. I understand this hearing concerns surface transportation 
security, an issue with critical importance in Connecticut. I want to 
briefly mention another issue while the DHS IG is with us here today.
    I'm proud to represent the state with the highest concentration of 
Puerto Ricans in the U.S. In the days after the hurricane, my 
constituents and I grew very concerned over FEMA's oversight of the 
recovery. Our concerns remain.
    I've now been to Puerto Rico twice since Hurricane Maria hit. I 
have seen little real, robust progress. As I wrote in October to the 
DHS IG, the American people need to know whether the Trump 
administration is truly focused on helping the millions of Americans 
now suffering in Puerto Rico.

    Question 1. What steps is your office taking to investigate the 
effectiveness of the response in Puerto Rico?
    Answer. In my recent trips to Puerto Rico, I also witnessed first-
hand the devastation and hardship that Hurricane Maria caused to the 
citizens of the United States that call Puerto Rico home. When 
Hurricane Maria hit Puerto Rico, our office's first order of business 
was to deploy auditors and investigators to FEMA's Joint Field Office 
in Puerto Rico. Currently, we have four auditors and five investigators 
in Puerto Rico. Having Office of Inspector General (OIG) staff on the 
ground serves multiple purposes: to serve as an independent unit for 
oversight of disaster response and recovery activities; to detect and 
alert FEMA of systemic problems; and to help ensure accountability over 
Federal funds. We focus our deployment activities on identifying 
potential risks and vulnerabilities and providing our stakeholders with 
timely, useful information to address emerging challenges and ongoing 
operations.
    Specifically, our auditors have begun, or are planning, a variety 
of reviews both at the Federal and local level, intended to improve 
FEMA's programs and operations. For instance, we plan to start capacity 
audits in Puerto Rico during this Fiscal Year. Capacity audits and 
early warning audits identify areas where FEMA public assistance grant 
recipients and sub-recipients may need additional technical assistance 
or monitoring to ensure compliance with Federal requirements. By 
undergoing an audit early in the grant cycle, grant recipients and sub-
recipients have the opportunity to correct noncompliance before they 
spend the majority of their grant funding. It also allows them the 
opportunity to supplement deficient documentation or locate missing 
records before too much time elapses.
    The other audit work we have underway or planned in Puerto Rico 
focuses on a range of issues, including:

   challenges with providing Puerto Rico disaster survivors 
        roof coverings to reduce further damage to their homes and 
        property;

   review of disaster-related contracting including the 
        contracts with Whitefish Energy, Cobra Acquisitions, Bronze 
        Star LLC (blue tarps) and Tribute Contracting LLC (meals), 
        among others;

   additional controls for Puerto Rico's high-risk grant 
        applicants;

   FEMA's preparedness, management, and distribution of 
        supplies;

   lessons learned from repair versus replacement funding 
        decisions;

   FEMA's plan to use alternative procedures for the Public 
        Assistance Program;

   police overtime pay;

   Federal considerations relating to the privatization of the 
        Puerto Rico Electric Power Authority;

   duplication of Federal benefits (in coordination with HUD 
        OIG); and

   key infrastructure repair costs (such as for the Guajataca 
        Dam).

    We will continue to work with FEMA, its partners, and our oversight 
community to help ensure challenges are timely identified and 
addressed.
    With respect to our investigative work, our law enforcement 
investigators' efforts in Puerto Rico have already yielded results, 
uncovering serious schemes aimed at defrauding FEMA and turning 
disaster survivors into victims. For example:

   We are investigating a widespread identity theft ring in 
        which numerous individuals used the stolen identities of 
        hurricane victims to fraudulently apply for benefits, thereby 
        defrauding FEMA and victimizing hurricane survivors.

   We have arrested an individual--in coordination with U.S. 
        Immigration and Customs Enforcement--for False Impersonation of 
        a Federal Officer or Employee. This individual attempted to 
        procure work at an Emergency Management Center as a voluntary 
        staff member for Hurricane Maria relief efforts. At the time of 
        the arrest, the individual was wearing a Homeland Security 
        Investigations Special Agent t-shirt, a DHS cap, and had a fake 
        DHS badge in his possession. Our agents obtained consent to 
        search the person's residence where they found additional t-
        shirts with Homeland Security Investigations logos.

    We will continue to review and triage the many complaints and 
allegations that we receive each day, and judiciously expend our 
limited investigative resources on those matters that pose the greatest 
threats or risks to FEMA programs and operations. We will conduct our 
investigative work in close and timely coordination with our 
investigative partners, FEMA, and our oversight community with the aim 
of protecting disaster survivors and the billions of taxpayer dollars 
entrusted to the critical efforts of disaster response and recovery.

    Question 2. When will we see a final investigative report?
    Answer. With respect to our audit work, we anticipate finalizing 
audit reports on the following issues this summer:

   challenges with providing Puerto Rico disaster survivors 
        roof coverings to reduce further damage to their homes and 
        property;

   review of disaster-related contracting including the 
        contracts with Bronze Star LLC (blue tarps) and Tribute 
        Contracting LLC (meals); and

   additional controls for Puerto Rico's high-risk grant 
        applicants.

    We anticipate completing additional audit work in Puerto Rico by 
the end of the year.
    With respect to our investigative work, while the results of our 
law enforcement investigative reports in Puerto Rico will not be made 
public, we would be happy to brief the Committee on our efforts once 
the investigations have closed.

    The need for greater review of DHS' sensitive locations policy. 
Both CBP and ICE are bound by policies that enforcement operations 
should not be undertaken in sensitive locations such as churches, 
hospitals and schools, absent exigent circumstances. Nonetheless, there 
are widespread reports of violations of these policies.
    I have led two letters to DHS asking to clarify DHS policies on 
sensitive locations and provide basic statistical data on compliance 
with existing DHS policy regarding sensitive locations. One letter was 
dated October 17, 2017, and the other was dated November 13, 2017.
    The letters were driven by two particularly horrific reports of 
apparent violations of DHS policies regarding sensitive locations. Last 
May, CBP officers apprehended young parents Irma and Oscar Sanchez from 
a hospital while their baby awaited emergency surgery. In October, Rosa 
Hernandez, a 10-year-old girl with cerebral palsy, was detained by CBP 
on her way to the hospital.

    Question 3. Are you reviewing DHS' flouting of these policies?
    Answer. Although we do not have any past or ongoing work on this 
issue, our office is considering including an audit, inspection, or 
special review of DHS policies, training, and actions at or near 
sensitive locations to our Fiscal Year 2019 plan.

    Question 4. Do you have any insight on whether that has been any 
disciplinary or accountability measures taken against the officers 
involved in those cases?
    Answer. No, because we have not yet undertaken work in this area, 
we are not aware of any disciplinary or accountability measures the 
Department may have taken in connection with the cases you referenced.

    Question 5. Do you have any insight into what measures are in place 
to ensure that ICE and CBP track enforcement actions taken in sensitive 
locations and document the exigent circumstances that justify them?
    Answer. To the extent we initiate work on this issue, an evaluation 
of ICE and CBP's system for tracking enforcement actions in sensitive 
locations would likely feature in that review.

    Question 6. Do you have any insight into training to ICE and CBP 
officers receive on the sensitive locations policy of the Department?
    Answer. To the extent we initiate work on this issue, an evaluation 
of the training ICE and CBP officers receive on conducting enforcement 
actions in sensitive locations would likely feature in that review.

    Recent DHS IG report on Trump's immigration order. The DHS IG 
released a long-awaited report on DHS' implementation of Executive 
Order #13769--the President's first Muslim ban. The report stated that 
DHS was totally unprepared for even the most basic and obvious 
consequences of the Muslim ban. In addition, the report found that CBP 
was aggressive in preventing affected travelers from boarding planes 
headed to the U.S., in violation of two separate court orders.
    In a department memo issued on January 12--in anticipation of the 
release of the report--DHS management criticized the report, saying 
that it ``contains a number of legal and factual inaccuracies and is 
methodologically flawed.''
    This report was completed months ago but was not publicly released 
until last week. Your predecessor, John Roth, resigned after saying he 
was troubled by attempts by the Department to redact information that 
would cast the Department's response in a negative light.

    Question 7. Do you stand by the assertions and conclusions in this 
report?
    Answer. Yes.

    Question 8. Why did this report take months to be released in its 
entirety?
    Answer. DHS OIG's standard process typically includes providing the 
Department an opportunity to review a draft report prior to publication 
to identify information the Department believes should be withheld from 
public release on the basis of, among other things, a statute or 
Executive Order mandating nondisclosure (e.g., the Privacy Act). 
Pursuant to this standard process, a draft of the report in question 
was provided to the Department on October 6, 2017. Former Inspector 
General Roth requested that the Department complete its sensitivity 
review within two weeks of receipt. Just before the deadline passed, 
the Department advised DHS OIG that it had sensitivity concerns 
regarding the content of the report, but did not identify what portions 
of the report were potentially sensitive. Over the next few weeks, DHS 
OIG engaged the Department in discussions regarding the Department's 
sensitivity concerns and proposed redactions.
    As you are likely aware from Mr. Roth's November 20, 2017 letter to 
the congressional requestors of the review and related press release 
from our office, DHS OIG was troubled by the Department's delays in 
articulating its sensitivity concerns with respect to this report. 
Ultimately, the Department sought a privilege review by the Department 
of Justice and eventually provided a draft of the report with its final 
proposed redactions after close of business on Friday, January 12, 
2018--more than three months after DHS OIG had provided the draft to 
the Department. The following Monday, January 15, was a Federal 
holiday. When business resumed on January 16, 2018, DHS OIG worked 
expediently to analyze and incorporate the Department's management 
response. We published the report on Thursday, January 18, 2018.

    Question 9. Some information in the report has been redacted. Was 
any information redacted as a result of interference by Trump political 
appointees who sought to remove text that would have painted the 
Department in a negative light?
    Answer. As noted above, DHS OIG's standard process typically 
includes soliciting input from the Department regarding information in 
draft OIG reports the Department believes is not subject to public 
release. Pursuant to this standard process, a draft of the report in 
question was provided to the Department in October 2017. The Department 
ultimately claimed privileges on various grounds, including 
deliberative process and attorney-client privilege. Although DHS OIG 
believes many of the Department's withholdings are overly broad and 
would not withstand judicial scrutiny, the Department has made what it 
claims to be good faith redactions pursuant to these privileges; 
accordingly, we are bound to publish the report with the Department's 
redactions.

    Question 10. Do you stand by the report's finding that DHS was 
``largely caught by surprise by the signing of the [Executive Order] 
and its requirement for immediate implementation?''
    Answer. Yes.

    Question 11. Do you stand by the report's finding that the DOJ 
Office of Legal Counsel failed to analyze the due process rights of 
legal permanent residents or Special Immigrant Visa holders when it 
approved the Executive Order?
    Answer. We did not review the DOJ Office of Legal Counsel's (OLC) 
process for approving the Executive Order, as DHS OIG does not have 
jurisdiction to review the actions of DOJ employees. Accordingly, we 
are not in a position to say whether DOJ OLC analyzed the due process 
rights of legal permanent residents or Special Immigrant Visa holders 
as part of its approval determination. Our report notes, however, that 
the memorandum DOJ OLC ultimately issued approving the Executive Order 
did not include any analysis of due process rights--in fact, it did not 
include any analysis at all to support the conclusion that the 
Executive Order was proper in terms of ``form and legality.'' We stand 
by our report's description of DOJ OLC's memorandum.

    Question 12. Do you stand by the report's finding that CBP did not 
detect ``any traveler linked to terrorism based solely on the 
additional procedures required by the [Executive Order]''?
    Answer. Yes, based on the information available to us at the time 
of our review, we stand by the report's finding that CBP did not detect 
``any traveler linked to terrorism based solely on the additional 
procedures required by the [Executive Order].''
                                 ______
                                 
Response to Written Questions Submitted by Hon. Catherine Cortez Masto 
                            to John V. Kelly
    Aviation. While I know you were both before the Committee to 
discuss surface transportation security specifically, I wanted to note 
that in October 2017, Mr. Kelly's office completed audits of several of 
TSA's most critical aviation security programs. The results of those 
audits are classified so I will not go into them further here, but I 
wanted to underscore just how seriously I and my colleagues take such 
reviews and the urgent importance of TSA running state of the art 
security programs across all modes of transportation.
    As we all saw recently, a woman by the name of Marilyn Hartman 
successfully boarded a flight in Chicago without a ticket. She managed 
to make it all the way to London before she was stopped. Worse yet, she 
has successful boarded planes without a ticket multiple times since 9/
11. These security breaches have also impacted flights coming into 
Nevada. In 2013, a 9-year old boy managed to board a flight in 
Minneapolis and fly all the way to Las Vegas without being stopped.

    Question 1. Mr. Kelly, where do you assess TSA stands in 
implementing some of the related recommendations you mentioned: 
creating a risk-based strategy and incorporating risk into its 
budgeting process?
    Answer. TSA issued a 2018 National Strategy for Transportation 
Security (the Strategy) that purports to address the security of 
``transportation assets in the United States . . . from attack or 
disruption by terrorist or other hostile forces.'' The Strategy 
presents a base plan that outlines a risk-based foundation for the 
Strategy, and appends security plans that provide mode-specific and 
intermodal activities to reduce terrorism risks and to protect 
transportation systems. We continue to follow up with TSA on the 
implementation of its Strategy.
    While TSA has taken steps to formalize its budgeting process, it 
still lacks a formal process to incorporate risk in its budget 
formulations. TSA guidelines do not currently direct TSA transportation 
modes to align resources with risk. Incorporating risk into the 
budgeting process would help TSA decision-makers align resources more 
effectively.

    Question 2. Are there other processes your organization has 
identified that would ensure TSA is using resources to maximize 
efficacy and adopt global best practices in transportation security?
    Answer. Through our hard-hitting audit work, which has resulted in 
numerous recommendations, we have attempted to direct TSA to adopt 
global best practices in transportation security. For example, during 
one of our audits, we found that TSA did not receive all terrorism-
related information to vet aviation workers, and had multiple quality 
issues in the biographic data it used to vet those workers. In response 
to our report, TSA has implemented our recommendations with the effect 
of increasing the quantity and quality of information used for vetting.
    We have also identified areas where TSA could utilize its resources 
more effectively. For instance, we recently identified limitations with 
the Federal Air Marshal Service (FAMS) contributions to aviation 
security. While details related to FAMS operations and flight coverage 
presented in our work are classified or designated as Sensitive 
Security Information, we identified a part of FAMS operations where, if 
discontinued, funds could be put to better use. In addition, we are 
drafting a report on our recent access control testing which will 
provide recommendations to the agency to strengthen access controls and 
security breaches.

    Travel Ban for the DHS IG. Mr. Kelly, recently your office released 
a report on the implementation of Executive Order 13769, which is 
better known as President Trump's first attempt at implementing a 
Muslim Travel Ban. The report, prepared by your predecessor, concludes 
that Customs and Border Patrol was unprepared for the roll out of the 
travel ban, and that the resulting chaos harmed the agency's 
reputation. Further, although the report found that CBP agents at U.S. 
ports of entry made good faith efforts to comply with court orders 
blocking the executive order, there were still violations.
    Although this report was completed in early October, it was only 
released in mid-January, reportedly because DHS and the Department of 
Justice slow-walked the sensitivity and privilege reviews.

    Question 3. Mr. Kelly, when did your office learn that DHS and DOJ 
had completed their reviews?
    Answer. On November 29, 2017, we learned that DOJ had completed its 
review. The Department has not shared a copy of DOJ's analysis with DHS 
OIG. On January 12, 2018, we received the Department's final redacted 
version of the report along with its official Management Response.

    Question 4. Mr. Kelly, you've been with the Office of the Inspector 
General within DHS since 2008. In your experience, is it common for the 
Department of Homeland Security to claim deliberative process privilege 
in order to redact significant portions of a report by an Inspector 
General?
    Answer. It is extremely rare for the Department to claim the 
deliberative process privilege to redact any portions of an Inspector 
General report. As former Inspector General Roth noted in his November 
20, 2017 letter to Congress, this was the first time in his tenure as 
Inspector General that the Department had indicated it may assert this 
privilege in connection with one of our reports or considered 
preventing the release of a report on that basis. We regularly have 
published dozens of reports that delve into the Department's rationale 
for specific policies and decisions, and comment on the basis and 
process on which those decisions were made.

    Question 5. I have to say, I find it disturbing that this report, 
which was made necessary by the secrecy and confusion surrounding the 
implementation of the President's Muslim travel ban, is now itself 
mired in secrecy and confusion. At minimum, the extreme delay in 
releasing the report, and the unusual scope and breadth of the 
redactions create the appearance that DHS and DOJ exerted improper 
influence over the Office of the Inspector General and sought to limit 
the impact of the report's critical conclusions. I think the American 
people deserve transparency and accountability. Mr. Kelly, will you 
release an un-redacted copy of this report?
    Answer. While transparency and accountability are paramount to our 
mission, those important objectives must be balanced against other 
important interests, including personal privacy, national security, and 
law enforcement interests. As a general matter, the Department has the 
legal right to protect from public disclosure certain sensitive 
information concerning the Department's operations subject to various 
statutory exclusions and common law privileges. In this case, the 
Department has made what it claims to be good faith withholdings 
pursuant to these bases. Accordingly, despite continuing to believe 
that the Department's claims of privilege may be overbroad, we are 
bound to issue our report with the Department's redactions. Unless the 
Department decides to peel back its redactions, we will not be 
releasing an unredacted copy of this report.

    Hiring/Recruitment.

    Question 6. We have seen with Customs and Border employment that 
recruitment can be a challenge. Have you seen similar barriers to 
bringing in qualified personnel who stay long enough to keep a 
consistent and high-level team together on both aviation, as well as 
surface transportation security?
    Answer. We are currently conducting an audit on TSA's efforts to 
hire, train and retain employees. We anticipate completing our audit by 
the end of the Fiscal Year and would be happy to brief your office on 
the results of the final report.

                                  [all]