[Congressional Record Volume 165, Number 196 (Monday, December 9, 2019)]
[House]
[Pages H9366-H9367]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                              {time}  1600
       COVERT TESTING AND RISK MITIGATION IMPROVEMENT ACT OF 2019

  Ms. CLARKE of New York. Mr. Speaker, I move to suspend the rules and 
pass the bill (H.R. 3469) to direct the Transportation Security 
Administration to carry out covert testing and risk mitigation 
improvement of aviation security operations, and for other purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 3469

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Covert Testing and Risk 
     Mitigation Improvement Act of 2019''.

     SEC. 2. TSA COVERT TESTING AND RISK MITIGATION IMPROVEMENT.

       (a) In General.--Not later than 180 days after the date of 
     the enactment of this Act and annually thereafter, the 
     Administrator of the Transportation Security Administration 
     shall implement the following:
       (1) A system for conducting risk-informed headquarters-
     based covert tests of aviation security operations, including 
     relating to airport passenger and baggage security screening 
     operations, that can yield statistically valid data that can 
     be used to identify and assess the nature and extent of 
     vulnerabilities to such operations that are not mitigated by 
     current security practices. The Administrator shall execute 
     annually not fewer than three risk-informed covert testing 
     projects designed to identify systemic vulnerabilities in the 
     transportation security system, and shall document the 
     assumptions and rationale guiding the selection of such 
     projects.
       (2) A long-term headquarters-based covert testing program, 
     employing static but risk-informed threat vectors, designed 
     to assess changes in overall screening effectiveness.
       (b) Mitigation.--
       (1) In general.--The Administrator of the Transportation 
     Security Administration shall establish a system to address 
     and mitigate the vulnerabilities identified and assessed 
     pursuant to the testing conducted under subsection (a).
       (2) Analysis.--Not later than 60 days after the 
     identification of any such vulnerability, the Administrator 
     shall ensure a vulnerability described in paragraph (1) is 
     analyzed to determine root causes.
       (3) Determination.--Not later than 120 days after the 
     identification of any such vulnerability, the Administrator 
     shall make a determination regarding whether or not to 
     mitigate such vulnerability. The Administrator shall 
     prioritize mitigating vulnerabilities based on their ability 
     to reduce risk. If the Administrator determines--
       (A) to not mitigate such vulnerability, the Administrator 
     shall document the reasons for the decision; or
       (B) to mitigate such vulnerability, the Administrator shall 
     establish and document--
       (i) key milestones appropriate for the level of effort 
     required to so mitigate such vulnerability; and
       (ii) a date by which measures to so mitigate such 
     vulnerability shall be implemented by the Transportation 
     Security Administration.
       (4) Retesting.--Not later than 180 days after the date on 
     which measures to mitigate a vulnerability are completed by 
     the Transportation Security Administration pursuant to 
     paragraph (3)(B)(ii), the Administrator shall conduct a 
     covert test in accordance with subsection (a) of the aviation 
     security operation with respect to which such vulnerability 
     was identified to assess the effectiveness of such measures 
     to mitigate such vulnerability.
       (c) Compilation of Lists.--
       (1) In general.--Not later than 60 days after completing a 
     covert testing protocol under subsection (a), the 
     Administrator of the Transportation Security Administration 
     shall compile a list (including a classified annex if 
     necessary) of the vulnerabilities identified and assessed 
     pursuant to such testing. Each such list shall contain, at a 
     minimum, the following:
       (A) A brief description of the nature of each vulnerability 
     so identified and assessed.
       (B) The date on which each vulnerability was so identified 
     and assessed.
       (C) Key milestones appropriate for the level of effort 
     required to mitigate each vulnerability, as well as an 
     indication of whether each such milestone has been met.
       (D) An indication of whether each vulnerability has been 
     mitigated or reduced and, if so, the date on which each such 
     vulnerability was so mitigated or reduced.
       (E) If a vulnerability has not been fully mitigated, the 
     date by which the Administrator shall so mitigate such 
     vulnerability or a determination that it is not possible to 
     fully mitigate such vulnerability.
       (F) The results of any subsequent covert testing undertaken 
     to assess whether mitigation efforts have eliminated or 
     reduced each vulnerability.
       (2) Submission to congress.--The Administrator shall submit 
     to the Committee on Homeland Security of the House of 
     Representatives and the Committee on Commerce, Science, and 
     Transportation of the Senate a comprehensive document 
     tracking the status of the information required under 
     paragraph (1) together with the Transportation Security 
     Administration's annual budget request.
       (d) GAO Review.--Not later than three years after the date 
     of the enactment of this Act, the Comptroller General of the 
     United States shall review and submit to the Administrator of 
     the Transportation Security Administration and the Committee 
     on Homeland Security of the House of Representatives and the 
     Committee on Commerce, Science, and Transportation of the 
     Senate a report on the effectiveness of the Transportation 
     Security Administration's processes for conducting covert 
     testing projects that yield statistically valid data that can 
     be used to assess the nature and extent of vulnerabilities to 
     aviation security operations that are not effectively 
     mitigated by current security operations.

  The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from 
New York (Ms. Clarke) and the gentleman from Louisiana (Mr. Higgins) 
each will control 20 minutes.
  The Chair recognizes the gentlewoman from New York.


                             General Leave

  Ms. CLARKE of New York. Mr. Speaker, I ask unanimous consent that all 
Members may have 5 legislative days to revise and extend their remarks 
and to include extraneous material on this measure.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentlewoman from New York?
  There was no objection.

[[Page H9367]]

  

  Ms. CLARKE of New York. Mr. Speaker, I yield myself such time as I 
may consume.
  Mr. Speaker, I rise today in strong support of H.R. 3469, the Covert 
Testing and Risk Mitigation Improvement Act of 2019.
  Before I begin, I would like to take a moment to recognize my dear 
friend and colleague, Chairman Elijah Cummings, who sponsored this 
legislation. Less than 2 months ago, the House lost a great leader. 
Chairman Cummings dedicated his life to fighting for justice and 
democracy for his constituents in his native city of Baltimore and for 
the American people.
  Today, the House will honor his legacy in the best way we can: by 
passing a bill he wrote to ensure that TSA does effective oversight of 
its airport screening operations that are essential to protecting 
American lives.
  Mr. Speaker, the Transportation Security Administration faces serious 
challenges in identifying and resolving security vulnerabilities in its 
airport security operations. Specifically, in April 2019, the 
Government Accountability Office found that TSA was not conducting its 
covert testing of screening operations in a risk-informed way and that 
TSA has limited assurance that its tests were targeted at the most 
likely threats.
  H.R. 3469 seeks to make major improvements to TSA's covert testing 
processes by requiring TSA to identify, document, and mitigate security 
vulnerabilities found through these tests.
  It requires TSA to develop a risk-informed process for its covert 
testing program and conduct at least three tests a year to identify 
vulnerabilities in the transportation security system.
  Importantly, H.R. 3469 requires TSA to document all vulnerabilities 
it identifies and how it plans to mitigate them.
  Finally, it requires GAO to submit a report on the effectiveness of 
TSA's covert testing program within 3 years of enactment.
  Simply put, H.R. 3469 seeks to enhance TSA's capacity to identify and 
mitigate vulnerabilities to the security of our transportation systems.
  I urge my House colleagues to support this legislation, sponsored by 
our beloved, departed colleague, to help ensure our transportation 
security systems are as effective as they can be.
  Mr. Speaker, I reserve the balance of my time.
  Mr. HIGGINS of Louisiana. Mr. Speaker, I yield myself such time as I 
may consume.
  Mr. Speaker, I rise today in support of H.R. 3469, the Covert Testing 
and Risk Mitigation Improvement Act of 2019, sponsored by our late 
colleague, the greatly admired Elijah Cummings.
  H.R. 3469 responds to identified gaps in the covert testing conducted 
by the Transportation Security Administration on aviation security 
concerns. It is critical that our bipartisan congressional oversight be 
aimed at improving the security of the traveling public and the 
effectiveness of TSA operations.
  This legislation not only requires TSA to develop a system for 
conducting risk-informed covert tests but also holds TSA accountable 
for retesting and risk mitigation efforts. The traveling public 
deserves the most effective security, and I support the efforts of H.R. 
3469 to improve the public's confidence in aviation security.
  I urge my colleagues to support this bill and honor the legacy of 
leadership left by Chairman Cummings.
  Mr. Speaker, I reserve the balance of my time.
  Ms. CLARKE of New York. Mr. Speaker, I have no more speakers, and I 
am prepared to close after the gentleman from Louisiana closes.
  Mr. Speaker, I reserve the balance of my time.
  Mr. HIGGINS of Louisiana. Mr. Speaker, I would like to make the 
congresswoman from New York, my colleague, aware that I have no further 
speakers, and I am prepared to close.
  Mr. Speaker, I urge adoption of the bill, and I yield back the 
balance of my time.
  Ms. CLARKE of New York. Mr. Speaker, I yield myself such time as I 
may consume.
  Mr. Speaker, we all know that the threats to our Nation's 
transportation security are real. We also know that, as the main 
Federal agency responsible for the security of our transportation 
system, TSA has a critical mission for identifying and mitigating such 
threats. To be effective, TSA must have a risk-informed covert testing 
regime that allows it to do effective oversight of its security 
operations.
  H.R. 3469 would improve TSA's testing programs to ensure they can 
identify vulnerabilities to the transportation system and properly 
address them to keep our Nation safe.
  Mr. Speaker, as such, I urge my colleagues to support this bipartisan 
legislation, H.R. 3469, and I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentlewoman from New York (Ms. Clarke) that the House suspend the rules 
and pass the bill, H.R. 3469.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill was passed.
  A motion to reconsider was laid on the table.

                          ____________________