TSA plays down GAO success at evading airport security

Transportation Security Administrator Kip Hawley Thursday played down a new report that undercover GAO investigators had smuggled bomb components past TSA screeners at 19 airports this year, calling the checkpoints one part of a multi-tiered risk management system.

On the eve of the busy holiday season, "the American public can be confident traveling," Hawley said at a House Oversight and Government Reform Committee hearing.

Using cheap components and public information on security weaknesses, GAO agents passed a detonator and materials for two types of liquid-based bombs past TSA checkpoints without being challenged, even though TSA screeners generally followed correct procedures. While details of methods used by both GAO and TSA were not released, the results show that recent TSA restrictions on carrying liquid and gels regularly fail. The restrictions were imposed after an apparent British-based plot to bomb trans-Atlantic flights.

The GAO report drew denunciations from committee Democrats and Republicans, with many members chiding TSA for failing to make improvements after similar GAO tests succeeded at 21 airports last year. TSA "has had six years and spent billions of taxpayer dollars, yet our airlines remain vulnerable," said Oversight and Government Reform Chairman Henry Waxman, D-Calif., who added, "That's an embarrassing and dangerous record."

But Hawley suggested the committee has unrealistic expectations. TSA seeks to reduce, not eliminate, the chances of a catastrophic attack, he said. "You can never get to zero," Hawley told CongressDaily. He said in testimony, "What we're engaged in is risk management, [which] looks at the capacity of getting an airplane down."

Hawley emphasized that TSA has a 19-layer system designed to stop terrorists before and after they pass through security. He noted that GAO did not smuggle assembled bombs onto the planes and said the devices were less powerful than those TSA focuses resources on detecting. "We know what terrorists work on," Hawley said. "We know their capabilities.... We look at what can do actual serious damage, not just damage a plane. I mean, my pen could do serious damage." He later added: "Yes, there are vulnerabilities. But we can't ... say, 'Oh, my goodness, they brought some firecrackers through.' "

GAO officials testified that while the smuggled devices, once assembled, would damage a plane, it was unclear if they would down it. Citing security concerns, Hawley and GAO officials declined to discuss details of the security process, including what rate of success in detecting liquid bomb components TSA considers acceptable. John Cooney, GAO assistant director for forensic audits and special investigations, acknowledged that the system cannot be fail-proof.

"If you have a terrorist ... with no regard for the life of anybody else, he could do damage," Cooney said.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.