[House Report 116-298]
[From the U.S. Government Publishing Office]


116th Congress    }                                     {      Report
                        HOUSE OF REPRESENTATIVES
 1st Session      }                                     {     116-298

======================================================================



 
       COVERT TESTING AND RISK MITIGATION IMPROVEMENT ACT OF 2019

                                _______
                                

 November 19, 2019.--Committed to the Committee of the Whole House on 
            the State of the Union and ordered to be printed

                                _______
                                

 Mr. Thompson of Mississippi, from the Committee on Homeland Security, 
                        submitted the following

                              R E P O R T

                        [To accompany H.R. 3469]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security, to whom was referred 
the bill (H.R. 3469) to direct the Transportation Security 
Administration to carry out covert testing and risk mitigation 
improvement of aviation security operations, and for other 
purposes, having considered the same, report favorably thereon 
without amendment and recommend that the bill do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     1
Background and Need for Legislation..............................     2
Hearings.........................................................     2
Committee Consideration..........................................     2
Committee Votes..................................................     3
Committee Oversight Findings.....................................     3
C.B.O. Estimate, New Budget Authority, Entitlement Authority, and 
  Tax Expenditures...............................................     3
Federal Mandates Statement.......................................     4
Statement of General Performance Goals and Objectives............     5
Duplicative Federal Programs.....................................     4
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
  Benefits.......................................................
Advisory Committee Statement.....................................
Applicability to Legislative Branch..............................
Section-by-Section Analysis of the Legislation...................     5

                          PURPOSE AND SUMMARY

    H.R. 3469, the ``Covert Testing and Risk Mitigation 
Improvement Act of 2019,'' seeks to make improvements to the 
Transportation Security Administration (TSA)'s covert testing 
processes and requires TSA to identify, document, and mitigate 
risks found through these tests. H.R. 3469 was introduced by 
late-Representative Elijah Cummings (D-MD) to foster reforms to 
enhance TSA's capacity to identify and mitigate vulnerabilities 
to the security of U.S. transportation systems.

                  BACKGROUND AND NEED FOR LEGISLATION

    The Government Accountability Office (GAO) and the 
Department of Homeland Security (DHS) Office of Inspector 
General (OIG) have reported on the longstanding challenges TSA 
faces in addressing vulnerabilities in airport security 
operations. The DHS OIG, in addition to issuing public reports 
on security vulnerabilities in TSA operations, has issued 
several classified reports--including on September 27, 2017, 
October 24, 2017, and February 13, 2019--that identified 
security vulnerabilities.
    In April 2019, GAO issued a report which found that TSA did 
not use a risk-informed approach to guide its covert tests of 
its security operations and that TSA has limited assurance that 
its covert tests are targeted at the most likely threats. GAO 
also found that of the nine security vulnerabilities identified 
through covert tests by TSA since 2015, none had been formally 
resolved as of September 2018.
    The Committee on Homeland Security has received classified 
briefings from GAO, DHS, OIG, and TSA on these issues over the 
past several years which have reinforced the need for more 
formal covert testing and risk mitigation processes.

                                HEARINGS

    For the purposes of section 103(i) of H. Res 6. of the 
116th Congress, the following hearings were used to develop 
H.R. 3469:
           On April 9, 2019, the Committee held a 
        hearing entitled ``Securing America's Transportation 
        and Maritime Systems: A Review of the Fiscal Year 2020 
        Budget Requests for the Transportation Security 
        Administration and the U.S. Coast Guard.'' The 
        Committee received testimony from David P. Pekoske, 
        Administrator, Transportation Security Administration, 
        U.S. Department of Homeland Security; and Admiral Karl 
        L. Schultz, Commandant, U.S. Coast Guard, U.S. 
        Department of Homeland Security.
           On November 8, 2017, the Committee held a 
        hearing entitled ``Preventing the Next Attack: TSA's 
        Role in Keeping Our Transportation Systems Secure.'' 
        The Committee received testimony from David P. Pekoske, 
        Administrator, Transportation Security Administration, 
        U.S. Department of Homeland Security.

                        COMMITTEE CONSIDERATION

    The Committee met on October 23, 2019, with a quorum being 
present, to consider H.R. 3469 and ordered the measure to be 
reported to the House with a favorable recommendation, without 
amendment, by unanimous consent.

                            COMMITTEE VOTES

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the recorded 
votes on the motion to report legislation and amendments 
thereto.
    No recorded votes were requested during consideration of 
H.R. 3469.

                      COMMITTEE OVERSIGHT FINDINGS

    In compliance with clause 3(c)(1) of rule XIII of the Rules 
of the House of Representatives, the Committee advises that the 
findings and recommendations of the Committee, based on 
oversight activities under clause 2(b)(1) of rule X of the 
Rules of the House of Representatives, are incorporated in the 
descriptive portions of this report.

CONGRESSIONAL BUDGET OFFICE ESTIMATE, NEW BUDGET AUTHORITY, ENTITLEMENT 
                    AUTHORITY, AND TAX EXPENDITURES

    With respect to the requirements of clause 3(c)(2) of rule 
XIII of the Rules of the House of Representatives and section 
308(a) of the Congressional Budget Act of 1974 and with respect 
to requirements of clause (3)(c)(3) of rule XIII of the Rules 
of the House of Representatives and section 402 of the 
Congressional Budget Act of 1974, the Committee adopts as its 
own the estimate of the estimate of new budget authority, 
entitlement authority, or tax expenditures or revenues 
contained in the cost estimate prepared by the Director of the 
Congressional Budget Office.

                                     U.S. Congress,
                               Congressional Budget Office,
                                 Washington, DC, November 18, 2019.
Hon. Bennie G. Thompson,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 3469, the Covert 
Testing and Risk Mitigation Improvement Act of 2019.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Aaron 
Krupkin.
            Sincerely,
                                         Phillip L. Swagel,
                                                          Director.
    Enclosure.

              [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    

    H.R. 3469 would require the Transportation Security 
Administration (TSA) to perform the following activities 
related to its covert testing program, under which the agency 
conducts tests to identify vulnerabilities in airport security 
operations.
     Conduct at least three covert testing projects 
each year designed to identify vulnerabilities in aviation 
security;
     Implement a long-term covert testing program;
     Establish a system to address, assess, and 
mitigate the identified vulnerabilities;
     Conduct additional covert tests to assess the 
effectiveness of mitigation efforts; and
     Report to the Congress on the status of the covert 
testing program.
    The bill also would require the Government Accountability 
Office (GAO) to study the effectiveness of the program's 
processes and report to the Congress.
    According to TSA, most of the requirements in the bill, 
other than the reporting requirements for TSA and GAO, are 
already being planned and implemented. Based on the cost of 
similar reports, CBO estimates that implementing H.R. 3469 
would have no significant cost over the 2020-2024 period.
    The CBO staff contact for this estimate is Aaron Krupkin. 
The estimate was reviewed by H. Samuel Papenfuss, Deputy 
Assistant Director for Budget Analysis.

                       FEDERAL MANDATES STATEMENT

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                      DUPLICATIVE FEDERAL PROGRAMS

    Pursuant to clause 3(c) of rule XIII, the Committee finds 
that H.R. 3469 does not contain any provision that establishes 
or reauthorizes a program known to be duplicative of another 
Federal program.

                    PERFORMANCE GOALS AND OBJECTIVES

    Pursuant to clause 3(c)(4) of rule XIII of the Rules of the 
House of Representatives, the objective of H.R. 3469 is to 
improve the effectiveness of TSA's covert testing program and 
TSA's efforts to identify security vulnerabilities and mitigate 
risk. The bill seeks to strengthen TSA's tracking and reporting 
of vulnerabilities and requires TSA to document and report to 
Congress on its plans to mitigate such vulnerabilities. In sum, 
the objective is to improve TSA's covert testing and risk 
mitigation processes to enhance our nation's transportation 
security.

                          ADVISORY ON EARMARKS

    In compliance with rule XXI of the Rules of the House of 
Representatives, this bill, as reported, contains no 
congressional earmarks, limited tax benefits, or limited tariff 
benefits as defined in clause 9(d), 9(e), or 9(f) of the rule 
XXI.

             SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION

Section 1. Short title

    This section provides that this bill may be cited as the 
``Covert Testing and Risk Mitigation Improvement Act of 2019.''

Sec. 2. TSA Covert testing and risk mitigation improvement

    This section requires TSA to create a system for conducting 
risk-informed headquarters-based covert tests of aviation 
security operations that can yield statistically valid data. On 
an annual basis TSA is required to conduct at least three risk-
informed projects that can identify systematic vulnerabilities 
in the transportation security system.
    Section 2 also establishes requirements for TSA to mitigate 
vulnerabilities that are found through the risk-informed 
projects. TSA is required to analyze each vulnerability and, 
within 120 days, document its rationale for mitigating or not 
mitigating a vulnerability. If TSA decides to mitigate a 
vulnerability, TSA is required to conduct additional covert 
testing on that vulnerability within 180 days to determine the 
effectiveness of its mitigation efforts.
    This section also requires TSA to comprehensively track all 
vulnerabilities it identifies, how it plans to mitigate the 
vulnerabilities, and the results of any covert testing that was 
conducted on that vulnerability. TSA is required to present 
this information with TSA's annual budget request.
    Finally, this section requires the Government 
Accountability Office (GAO) to submit to TSA and Congress a 
report on the effectiveness of TSA's covert testing programs 
within three years of enactment.
    In sum, this section will formalize and enhance TSA's 
covert testing and risk mitigation efforts. It will also 
provide Congress with additional insight to hold TSA 
accountable for its efforts to address vulnerabilities.

                                  [all]