Security Policy Alert: TSA Monthly Conference Call Summary for October 2021
October 7, 2021
TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans and Engagement (PPE). Paterno introduced his new boss Robert Rottman, who will be serving as PPE'™s Branch Manager for Industry Engagement. Rottman has held a variety of positions within both TSA and DHS since 2002 and most recently served as a Director of Transportation Security at the National Security Council. Following are highlights from today'™s call:Centralized Revocation Database
TSA appreciates the efforts of airport operators using the Centralized Revocation Database (CRD) established under TSA-NA-21-01A. To date, there have been close to 90 entries into the database.
Upon TSA review of the entries, several will have to be removed because they were entered before the effective date of the ASP amendment establishing the CRD. In addition, TSA noticed several entries where an individual had a disqualifying crime and was not even issued a SIDA badge; a disqualifying crime does not equate to entry into the database. TSA also encouraged airport operators to use the open form field to provide additional information about the reason an individual is being entered into the database. For example, one entry appeared to list an individual because of a single instance of a piggybacking violation, which TSA does not consider significant enough to include in the CRD. However, upon further investigation, the individual had repeated security violations, including piggybacking, that led to the revocation and entry into the CRD. Again, TSA encourages airports to include such supporting information in the initial submission.
TSA plans to update their FAQs on the CRD to provide additional guidance and best practices for using the CRD. TSA also plans to host a dedicated conference call on the topic in early November.
Rap Back Program
The final ASP amendment to make the Rap Back program mandatory for airport operators was issued on September 29. It becomes effective on March 29, 2022. Over 240 airports already voluntarily participate in the Rap Back program and an overwhelming majority of aviation workers are already subscribed. However, if needed, TSA will host a conference call focused on Rap Back and the final ASP amendment to answer any questions airports operators may have.
Fiscal Year 2022 Resource Allocation Plan
Mike Coffman, Director, Staffing & Scheduling Division, Security Operations, provided an overview of the agency Resource Allocation Plan (RAP) for Fiscal Year 2022, which was shared with Federal Security Directors (FSDs) last week.
The RAP was provided to FSDs as a full year allocation; last year, TSA issued quarterly allocations because of uncertainty regarding passenger volume. There is a process in place to adjust the allocations throughout the year as needed, such as if there are changes in volume, checkpoint construction, etc. Allocations are based on robust volume projections '“ TSA used the high watermark from either 2019, early 2020 or 2021, whichever was greatest. For airports that have already exceeded peak numbers from 2019, TSA added 4 percent growth. In most cases, TSA staffed to peak summer volumes.
TSA did adjust a few COVID related provisions from last year. The Infection Control Monitor (ICM) position is no longer a line item in the budget. The ICM was a checkpoint position dedicated to enforcing COVID related protocols for both staff and passengers, such as masks, social distancing, and PPE. In addition, TSA has increased its throughput rates to reflect a decrease in social distancing.
The RAP also includes hiring goals both annually and per pay period. The annualized budget goal provides understaffed airports flexibility to hire throughout the year but still realize budget efficiencies before new hires are on-boarded. TSA increased the training allocation for FY22, realizing that additional training may be necessary if personnel transition to Title V for federal employee protections. Funding for FSDs, canines and explosive teams remain constant for FY22. ATLAS, which conducts insider threat mitigation, particularly employee screening, was increased by 25 percent from 2019 levels (pre-COVID) to reflect requested funding in the Administration'™s FY 22 budget. TSA also increased the Transportation Security Manager allocation to be commensurate with the increase in staffing.
Finally, the FY22 RAP includes an increase in the National Deployment Force, which was doubled last year and will now be tripled from 2019 levels to provide support at understaffed or hard-to-hire airports (in addition to providing staff for special events or in the wake of natural disasters).
Mobile Driver'™s Licenses (mDL)
Anurag Maheshwary from TSA'™s Office of Chief Counsel explained that mobile driver'™s licenses are digital representations of physical state issued driver'™s licenses that can be displayed on phones or watches; mDLs are also referred to as digital driver'™s licenses. mDLs are intended to be read electronically without physical touch of the credential or device. Twelve states are currently issuing and using mDLs.
In April, the Department of Homeland Security (DHS) issued a Request for Information (RFI) to solicit industry comments and solutions for how REAL ID should be amended to allow for the acceptance of mDLs. Responses are due on October 18. DHS is also working on a rulemaking to allow electronic submission of documents required for the issuance of REAL IDs but does have an expected release date at this time.
TSA is exploring technology solution to determine how mDLs will be implemented and accepted at the checkpoint. Apple made several recent announcements on how the company is working with both states and TSA to implement technology to accept mDLs. TSA did state on the call that agency does not plan on a widespread implementation of accepting mDLs at the checkpoint until after May 3, 2023, the current effective date for REAL ID.
Jason Lim, TSA'™s Capability Manager for Identity Management, provided further details on the technology solutions being reviewed by TSA for acceptance of mDLs. Lim noted that there are several benefits to accepting mDLs, including enhanced security, privacy, identity verification, and health and safety. The agency is coordinating with AAMVA, NIST and DHS S&T, among others, to make sure TSA'™s identity management strategy aligns with industry standards.
Specifically, TSA has integrated a mDL into the next version of the Credential Authentication Technology (CAT) unit. The CAT-2 will include a digital ID reader that will automate identification matching using a one-to-one facial match from a photo taken by the CAT-2 camera with the picture on the mDL (biometrics), a self-scanning feature, a wider user interface and plexiglass to protect the operator. To use, passengers will tap the CAT-2 to start the transmission of the mDL data. The reader will share only the information TSA needs instead of everything on the driver'™s license and Transportation Security Officers will not need to touch a passenger'™s mobile device or review their ID. Officer.
TSA has posted two videos on HSIN to highlight the technology options for mDL acceptance.
Cybersecurity
Anthony Militano and Chris Hild from DHS'™ Cybersecurity and Infrastructure Security Agency (CISA) provided a detailed brief on cybersecurity threats and vulnerabilities in aviation.
The cyber threat to aviation and the transportation sector overall is significant. Cyber threat actors include nation-states, hacktivists, insiders, and cyber criminals '“ all of which have different ranges of resources, training, and support for their activities and therefore different capabilities and levels of sophistication.
Cyber criminals are largely responsible for ransomware or employing ransomware as a service. Cybercrime actors represent a high-frequency and intensity threat to the transportation sector. As with other transportation subsectors, CISA has increasingly observed actors monetize access to compromised corporate networks and databases via access brokers, and CISA assesses with high confidence that this trend will continue for at least the near to midterm.
Recent TSA reporting focused on cyber incidents affecting aviation and surface related transportation assets during the first quarter of 2021. The report highlights 55 separate cyber-attacks directed toward the transportation industry over a 90-day period. Of those 55 incidents, 48 were directed at the aviation. The most frequent type of attack was ransomware, which accounted for nearly a quarter of all incidents.
More information on cyber threat can be found in the CISA slides provided before the call, which have also been posted on HSIN.
CISA also briefed on cyber vulnerabilities and how vulnerability remediation can significantly reduce cyber risk. Based on findings from CISA-conducted cyber hygiene and vulnerability assessments across the transportations sector, top vulnerabilities include risky services on internet accessible hosts, unsupported Windows operating systems and spear phishing weaknesses. Vulnerability remediation recommendations include defending against ransomware, improving phishing defenses, improving patch management, and securing risky services.
Given the level of detail provided on the call and based on requests from AAAE and ACI-NA, TSA will also post the CISA Cyber Risk Summary presentation on HSIN along with the supporting CISA Cyber Risk Summary for the Transportation Systems Sector Report covering October 2020 to July 2021.
CISA offers free cybersecurity services to transportation sector entities, including:
· Vulnerability Scanning: Persistent scanning of internet-accessible systems for vulnerabilities, configuration errors, and suboptimal security practices.
· Web Application Scanning: Assesses the 'œhealth' of publicly accessible web applications by checking for known vulnerabilities and weak configurations.
· CISA Assessments: Agency cybersecurity assessments (e.g., RPT) provide actionable and risk-informed recommendations.
Email vulnerability_info@cisa.dhs.gov for more information and to sign up.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, November 4 at 1:00 p.m. ET. Please note the conference call number is 1-800-857-5826 and passcode is 9596778.
