GAO Report Targets TSA’s Ability to Keep Up with Tech Changes

A Government Accountability Office (GAO) report released this month indicated that the Transportation Security Administration (TSA) needs to grant additional focus on updating detection technology already sent to airports for use. The report, called for through the TSA Modernization Act, addressed how TSA operationalizes detection standards, the extent to which TSA considers risk when making technology deployment decisions, and the extent to which TSA ensures technologies continue to meet detection requirements after deployed to airports.

The report found that TSA has a process for developing new detection standards. This process involves determining if a new standard is needed by characterizing existing threats; drafting new detection standards that specify the minimum threat mass and density range to be detected, the acceptable probability of detection, and probability of false alarm. The draft standard is reviewed by TSA senior management before being approved.

While these procedures are consistently used, GAO noted that they have not been updated since 2015. Guidance says these procedures should be updated annually, but TSA officials noted that more frequently emerging threats and intelligence are processed on an ongoing basis. Other TSA officials explained that they had begun revising procedures but revisions have not been finalized.

Another criticism from GAO noted that TSA failed to document all key information leading to decisions about the development of detection standards. In four cases, TSA did not clearly document why certain materials were sent for additional testing. This lack of documentation made it difficult to determine the extent to which risk was considered.

GAO found that while technologies require certification prior to deployment, this certification does not ensure that the technology continues to meet detection standards once it has been deployed. When detection systems were randomly selected for review in 2015 and 2016, TSA found several no longer met standards.

While TSA officials claimed there is no requirement to ensure screening technology is continually meeting detection requirements, GAO cited the Standards for Internal Control in the Federal Government, which calls for agencies to establish and operate a system to continuously monitor the quality of performance over time.

The report explains, “Without taking additional steps to ensure screening technologies are meeting detection requirements, TSA may run the risk that its deployed screening technologies are not detecting explosives and other prohibited items. Developing and implementing a process to monitor screening technologies’ detection performance over time would help provide TSA assurance that screening technologies continue to meet detection requirements, as appropriate, after deployment. In doing so, TSA would also be better positioned to take any necessary corrective actions if or when screening technologies no longer operate as required.”