recommended reading

Experts chide TSA for poor risk assessment of security measures

This story has been updated.

Control over passenger screening technology should be shifted to airlines because the private sector is better than the Transportation Security Administration at making economical security choices based on risk management analyses, officials from a libertarian think tank said during a Capitol Hill briefing Friday.

Jim Harper, the Cato Institute's director of information policy, said he wished he had an opinion about the risk management study that TSA has conducted on body scanners, but "TSA does not do risk management studies or cost benefit studies -- or is not doing anything that it publishes."

On Sept. 22, a Government Accountability Office auditor testified that the agency does not routinely consider costs and benefits when acquiring new technologies. "In October 2009, we reported that TSA had not yet completed a cost-benefit analysis to prioritize and fund its technology investments for screening passengers at airport checkpoints," Steve Lord, GAO director for homeland security and justice issues told a House Homeland Security subcommittee.

"Done well, cost-benefit analysis will guide government efforts, as well as it will guide private efforts at security," Harper said during the briefing titled Abolish the Transportation Security Administration. "Cost-benefit analysis is basically about trade-offs . . . [In the security arena], that's hard because you're trading dollars for security."

This summer, the U.S. Court of Appeals for the District of Columbia Circuit effectively ordered TSA to examine such tradeoffs in response to a lawsuit filed by the nonprofit Electronic Privacy Information Center.

According to the ruling, TSA must issue a public notice justifying its body scanning rules and allow for comment. "That essentially means that the TSA has to put its thinking on the record," Harper said. "That means essentially going through the risk management steps."

On Friday, he also questioned a government project that is developing sensors to detect physical cues indicative of malicious intent, or the desire to cause harm. "We're talking about shining lasers and using cameras that will detect people's biorhythms, bioactivities to determine whether they plan on doing something bad," Harper said of the Future Attribute Screening Technology project.

"There is no science behind this -- no good science," he added.

Prior to the brouhaha over body scanners, the agency took heat for wasting about $30 million dollars on "puffer machines" that would blow air on people to check the particles emitted for residue from bomb-making or other dangerous substances. TSA "couldn't get people through the puffer machines . . . they broke down regularly" and millions of dollars were wasted that could have been saved had the agency spent a little money on risk management, Harper said.

He expects the transitioning of technical operations to airlines could happen in a year if Congress passes a law to strip TSA of authority over that jurisdiction. "We're talking about doing much of the same security, but doing it better," Harper said.

Seth Stodder, former policy and planning director for U.S. Customs and Border Protection, objected to granting companies responsibility for selecting screening technologies at a time when Al Qaeda members, including those trained by recently assassinated Anwar al-Aulaqi, are still targeting commercial airlines.

"That's essentially back to the future or back to the pre-9/11 world," he said. "The basic point is, after 9/11 we needed to have a TSA, because the airlines were not doing a good job, so we needed to have a federal presence to secure mass forms of transportation . . . There has to be a federal standard for what types of machines are used."

While the agency may have made some bad choices along the way, it still is a relatively young agency and is trying to fix past errors, said Stodder, now a senior fellow at The George Washington University's Homeland Security Policy Institute. He pointed to common sense measures TSA Administrator John Pistole is taking at intake lines, such as letting frequent fliers keep on their shoes.

"The administrator I think is recognizing the need for TSA to be smarter about how it manages risks and processes people through screening check points in terms of moving away from the screening-every-grandmother approach," he said.

TSA officials were unavailable for comment.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.