Congressional Record, Volume 165 Issue 196 (Monday, December 9, 2019)

[Congressional Record Volume 165, Number 196 (Monday, December 9, 2019)]
[House]
[Pages H9366-H9367]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

{time} 1600
COVERT TESTING AND RISK MITIGATION IMPROVEMENT ACT OF 2019

Ms. CLARKE of New York. Mr. Speaker, I move to suspend the rules and
pass the bill (H.R. 3469) to direct the Transportation Security
Administration to carry out covert testing and risk mitigation
improvement of aviation security operations, and for other purposes.
The Clerk read the title of the bill.
The text of the bill is as follows:

H.R. 3469

Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Covert Testing and Risk
Mitigation Improvement Act of 2019''.

SEC. 2. TSA COVERT TESTING AND RISK MITIGATION IMPROVEMENT.

(a) In General.--Not later than 180 days after the date of
the enactment of this Act and annually thereafter, the
Administrator of the Transportation Security Administration
shall implement the following:
(1) A system for conducting risk-informed headquarters-
based covert tests of aviation security operations, including
relating to airport passenger and baggage security screening
operations, that can yield statistically valid data that can
be used to identify and assess the nature and extent of
vulnerabilities to such operations that are not mitigated by
current security practices. The Administrator shall execute
annually not fewer than three risk-informed covert testing
projects designed to identify systemic vulnerabilities in the
transportation security system, and shall document the
assumptions and rationale guiding the selection of such
projects.
(2) A long-term headquarters-based covert testing program,
employing static but risk-informed threat vectors, designed
to assess changes in overall screening effectiveness.
(b) Mitigation.--
(1) In general.--The Administrator of the Transportation
Security Administration shall establish a system to address
and mitigate the vulnerabilities identified and assessed
pursuant to the testing conducted under subsection (a).
(2) Analysis.--Not later than 60 days after the
identification of any such vulnerability, the Administrator
shall ensure a vulnerability described in paragraph (1) is
analyzed to determine root causes.
(3) Determination.--Not later than 120 days after the
identification of any such vulnerability, the Administrator
shall make a determination regarding whether or not to
mitigate such vulnerability. The Administrator shall
prioritize mitigating vulnerabilities based on their ability
to reduce risk. If the Administrator determines--
(A) to not mitigate such vulnerability, the Administrator
shall document the reasons for the decision; or
(B) to mitigate such vulnerability, the Administrator shall
establish and document--
(i) key milestones appropriate for the level of effort
required to so mitigate such vulnerability; and
(ii) a date by which measures to so mitigate such
vulnerability shall be implemented by the Transportation
Security Administration.
(4) Retesting.--Not later than 180 days after the date on
which measures to mitigate a vulnerability are completed by
the Transportation Security Administration pursuant to
paragraph (3)(B)(ii), the Administrator shall conduct a
covert test in accordance with subsection (a) of the aviation
security operation with respect to which such vulnerability
was identified to assess the effectiveness of such measures
to mitigate such vulnerability.
(c) Compilation of Lists.--
(1) In general.--Not later than 60 days after completing a
covert testing protocol under subsection (a), the
Administrator of the Transportation Security Administration
shall compile a list (including a classified annex if
necessary) of the vulnerabilities identified and assessed
pursuant to such testing. Each such list shall contain, at a
minimum, the following:
(A) A brief description of the nature of each vulnerability
so identified and assessed.
(B) The date on which each vulnerability was so identified
and assessed.
(C) Key milestones appropriate for the level of effort
required to mitigate each vulnerability, as well as an
indication of whether each such milestone has been met.
(D) An indication of whether each vulnerability has been
mitigated or reduced and, if so, the date on which each such
vulnerability was so mitigated or reduced.
(E) If a vulnerability has not been fully mitigated, the
date by which the Administrator shall so mitigate such
vulnerability or a determination that it is not possible to
fully mitigate such vulnerability.
(F) The results of any subsequent covert testing undertaken
to assess whether mitigation efforts have eliminated or
reduced each vulnerability.
(2) Submission to congress.--The Administrator shall submit
to the Committee on Homeland Security of the House of
Representatives and the Committee on Commerce, Science, and
Transportation of the Senate a comprehensive document
tracking the status of the information required under
paragraph (1) together with the Transportation Security
Administration's annual budget request.
(d) GAO Review.--Not later than three years after the date
of the enactment of this Act, the Comptroller General of the
United States shall review and submit to the Administrator of
the Transportation Security Administration and the Committee
on Homeland Security of the House of Representatives and the
Committee on Commerce, Science, and Transportation of the
Senate a report on the effectiveness of the Transportation
Security Administration's processes for conducting covert
testing projects that yield statistically valid data that can
be used to assess the nature and extent of vulnerabilities to
aviation security operations that are not effectively
mitigated by current security operations.

The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from
New York (Ms. Clarke) and the gentleman from Louisiana (Mr. Higgins)
each will control 20 minutes.
The Chair recognizes the gentlewoman from New York.

General Leave

Ms. CLARKE of New York. Mr. Speaker, I ask unanimous consent that all
Members may have 5 legislative days to revise and extend their remarks
and to include extraneous material on this measure.
The SPEAKER pro tempore. Is there objection to the request of the
gentlewoman from New York?
There was no objection.

[[Page H9367]]

Ms. CLARKE of New York. Mr. Speaker, I yield myself such time as I
may consume.
Mr. Speaker, I rise today in strong support of H.R. 3469, the Covert
Testing and Risk Mitigation Improvement Act of 2019.
Before I begin, I would like to take a moment to recognize my dear
friend and colleague, Chairman Elijah Cummings, who sponsored this
legislation. Less than 2 months ago, the House lost a great leader.
Chairman Cummings dedicated his life to fighting for justice and
democracy for his constituents in his native city of Baltimore and for
the American people.
Today, the House will honor his legacy in the best way we can: by
passing a bill he wrote to ensure that TSA does effective oversight of
its airport screening operations that are essential to protecting
American lives.
Mr. Speaker, the Transportation Security Administration faces serious
challenges in identifying and resolving security vulnerabilities in its
airport security operations. Specifically, in April 2019, the
Government Accountability Office found that TSA was not conducting its
covert testing of screening operations in a risk-informed way and that
TSA has limited assurance that its tests were targeted at the most
likely threats.
H.R. 3469 seeks to make major improvements to TSA's covert testing
processes by requiring TSA to identify, document, and mitigate security
vulnerabilities found through these tests.
It requires TSA to develop a risk-informed process for its covert
testing program and conduct at least three tests a year to identify
vulnerabilities in the transportation security system.
Importantly, H.R. 3469 requires TSA to document all vulnerabilities
it identifies and how it plans to mitigate them.
Finally, it requires GAO to submit a report on the effectiveness of
TSA's covert testing program within 3 years of enactment.
Simply put, H.R. 3469 seeks to enhance TSA's capacity to identify and
mitigate vulnerabilities to the security of our transportation systems.
I urge my House colleagues to support this legislation, sponsored by
our beloved, departed colleague, to help ensure our transportation
security systems are as effective as they can be.
Mr. Speaker, I reserve the balance of my time.
Mr. HIGGINS of Louisiana. Mr. Speaker, I yield myself such time as I
may consume.
Mr. Speaker, I rise today in support of H.R. 3469, the Covert Testing
and Risk Mitigation Improvement Act of 2019, sponsored by our late
colleague, the greatly admired Elijah Cummings.
H.R. 3469 responds to identified gaps in the covert testing conducted
by the Transportation Security Administration on aviation security
concerns. It is critical that our bipartisan congressional oversight be
aimed at improving the security of the traveling public and the
effectiveness of TSA operations.
This legislation not only requires TSA to develop a system for
conducting risk-informed covert tests but also holds TSA accountable
for retesting and risk mitigation efforts. The traveling public
deserves the most effective security, and I support the efforts of H.R.
3469 to improve the public's confidence in aviation security.
I urge my colleagues to support this bill and honor the legacy of
leadership left by Chairman Cummings.
Mr. Speaker, I reserve the balance of my time.
Ms. CLARKE of New York. Mr. Speaker, I have no more speakers, and I
am prepared to close after the gentleman from Louisiana closes.
Mr. Speaker, I reserve the balance of my time.
Mr. HIGGINS of Louisiana. Mr. Speaker, I would like to make the
congresswoman from New York, my colleague, aware that I have no further
speakers, and I am prepared to close.
Mr. Speaker, I urge adoption of the bill, and I yield back the
balance of my time.
Ms. CLARKE of New York. Mr. Speaker, I yield myself such time as I
may consume.
Mr. Speaker, we all know that the threats to our Nation's
transportation security are real. We also know that, as the main
Federal agency responsible for the security of our transportation
system, TSA has a critical mission for identifying and mitigating such
threats. To be effective, TSA must have a risk-informed covert testing
regime that allows it to do effective oversight of its security
operations.
H.R. 3469 would improve TSA's testing programs to ensure they can
identify vulnerabilities to the transportation system and properly
address them to keep our Nation safe.
Mr. Speaker, as such, I urge my colleagues to support this bipartisan
legislation, H.R. 3469, and I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentlewoman from New York (Ms. Clarke) that the House suspend the rules
and pass the bill, H.R. 3469.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill was passed.
A motion to reconsider was laid on the table.

____________________