Security Policy Alert: TSA Awards Additional PreCheck Enrollment Vendors and Summary of TSA's Monthly Conference Call for Airport Stakeholders
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Plans, Policy and Engagement (PPE).
TSA PreCheck Program
Although not discussed on the call, TSA announced shortly after the call that the agency awarded PreCheck Expansion Other Transactional Agreements (OTAs) to three vendors. According to TSA, the agency continuously seeks to improve security while streamlining the passenger experience and increasing the trusted traveler flying population. In compliance with the TSA Modernization Act of 2018, TSA is increasing the number of enrollment providers for the TSA PreCheck Application Program to foster innovative enrollment methods, improve competition, and provide more convenience to applicants by expanding the TSA PreCheck enrollment network.
TSA anticipates that these companies will begin enrolling applicants in late 2020. Please see additional information below:
- Enrollment providers will now identify new enrollment locations and develop their TSA PreCheck enrollment systems, which TSA must review to ensure they meet the latest cybersecurity requirements before the first customers can enroll with them.
- Applicants can continue to enroll in the TSA PreCheck Application Program via the Universal Enrollment Services contractor (Idemia Identity & Security USA, LLC).
- Approved applicants that have enrolled through a TSA PreCheck Expansion enrollment provider will receive the same TSA PreCheck benefit as applicants that have enrolled through the Universal Enrollment Services contractor.
- The selected TSA PreCheck Expansion companies have the ability to create their own enrollment offerings, to include pricing, partnership, bundles, etc., which could attract new applicant populations and increase enrollment volume.
- Individuals with an existing TSA PreCheck benefit will have the flexibility to select any of the TSA PreCheck Expansion enrollment providers or the Universal Enrollment Services contractor to complete their renewal applications, considering both enrollment convenience as well as enrollment offerings.
TSA also shared that in 2019 there were more than 2.2 million new enrollees into the PreCheck program, which was a 21 percent growth rate from 2018. 2019 was the second highest year in terms of new enrollments, second only to 2016, which also saw more than 2.2 million enrollments. In addition, through December 2019, TSA has seen a 72 percent renewal rate among existing participants - with 95 percent of those renewals being done on-line.
The following is a summary of the highlights from today's call:
Update from Policy, Plans and Engagement
TSA National Amendment 19-02 Airport ID Media Audits went into effect on January 1, 2020. As a result, TSA reissued the Security Directive 1542-04-08 series to remove Attachment B, which previously included requirements related to airport ID media audits. SD 1542-04-08P also went into effect on January 1, 2020.
Comments are due on January 20, 2020 for the proposed TSA National Amendment 19-03 CHRC and the FBI's Rap Back Program, which was issued on December 6 and proposes to make the Rap Back program mandatory for airport operators (as well as air carriers and all-cargo carriers under separate proposed air carrier and all-cargo carrier security program changes). TSA encouraged airports to use the password provided to protect security sensitive comments submitted by e-mail. AAAE will be submitting comments on behalf of our airport members and we will also be discussing our comments on the AAAE Transportation Security Services Committee conference call next week.
TSA has drafted a proposed update to TSA National Amendment 14-01 regarding suspicious incident reporting to expand coverage to include cyber incidents and disruptions caused by Unmanned Aerial Systems (UAS). The proposed ASP change is in internal TSA coordination now. Once finalized, it will be issued with a notice and comment period of 30 days. Related to cybersecurity, TSA will also reissue the information circular on cybersecurity (IC 17-03A) as Information Circular 17-03B to expand the current expiration date of January 15, 2020.
As AAAE previously reported, on January 4, DHS released an updated National Terrorism Advisory System (NTAS) bulletin related to escalating tensions between the U.S. and Iran. On today's call, TSA reviewed the regulatory requirements under TSA NA 17-01 regarding the NTAS system. If an elevated NTAS were issued, airport operators are required to comply with any Security Directives issued as a result of the elevated NTAS. If an imminent NTAS were issued, airport operators would be required to institute the security measures outlined in the AVSEC contingency plan under Section 3 of TSA NA 17-01, as well as any measures contained in their ASP, until such time as TSA issued a Security Directive addressing the specific threat that caused the imminent alert. To be clear, the January 4 NTAS bulletin was just a bulletin to share information and encourage increased vigilance - it did not raise the alert level to elevated or imminent. TSA was simply reviewing the regulatory measures as a reminder to airports in the event that the alert level is raised. However, according to TSA, there are no current discussions to indicate that the alert level may be raised anytime in the near future.
Finally, TSA's Policy, Plans and Engagement discussed their 2020 work plan which continues to focus on reviewing and modernizing existing and long-standing Security Directives and regulatory requirements, including the old FAA AP documents that are still in effect. Specifically, TSA plans to focus on the Security Directive 18-01 series, which in 2018 combined two other SDs (SD 1542-07-01 and SD 1542-06-01). TSA plans to break out the SD into several ASP amendments focused on the following areas, among others: law enforcement officer procedures, sterile area lockers and public storage, vehicle inspections, and access control. TSA also plans to review accountability and audit requirements for access media such as locks and keys.
National Safe Skies Alliance
Jessica Grizzle from the National Safe Skies Alliance provided an update on several recently completed and on-going PARAS and ASSIST reports. Additional information on all of these reports can be found on the Safe Skies website: sskies.org.
For the Program for Applied Research in Airport Security (PARAS), Safe Skies recently released PARAS 020 Strategies for Effective Airport Identification Media Accountability and Control. This document assists airports of all sizes in enhancing controls and accountability of airport-issued ID media. The document covers security controls during badge issuance and renewal; audit strategies; suggestions to mitigate lost, stolen, not returned, and unaccounted-for badges; strategies to enhance badge retrieval; and Trusted Agent considerations. Safe Skies is also nearing completion on PARAS 018 Airport Security Training for Law Enforcement and Security Personnel (expected to be released in late January or early February) and PARAS 019 Employee/Vendor Physical Inspection Program Guidance (expected to be released before the end of February). Work continues on several additional research topics and airports may hear from researchers working to compile the following reports: PARAS 023 Exit Lane Strategies and Technology Applications, PARAS 025 Security Regulatory Compliance at Tenant Facilities, and PARAS 027 Guidance for Root Cause Analysis in Aviation Security.
For the Airport Security System Integrated Support Testing (ASSIST)program, three new reports have been posted to HSIN under the Safe Skies folder - two related to perimeter intrusion detections systems from OPTIC and one related to exit lane technology tested at Corpus Christi Airport.
Rap Back
Sonya Badgley, TSA's Aviation Worker Program Manager from the Enrollment Services and Vetting Programs office, provided an update on Rap Back. There are currently 195 participants in the program, including six air carriers. TSA continues to see one Rap Back notification per every 1,000 or so subscriptions. TSA did note an increase in Rap Back activity when states are working to update and upload old records to the FBI system. TSA reported that approximately half of the Rap Back notifications have been related to criminal activity and arrest warrants. TSA also encouraged airports to work closely with their Designated Aviation Channelers to ensure that Rap Back subscriptions are renewed in a timely manner. TSA issues renewal notifications for Rap Back subscriptions 10 days before they expire through the FPRD. Rap Back subscriptions expire every two years and must be renewed. In response to a question from DFW's Chad Makovsky, TSA continues to work with the FBI about possible discrepancies between the TSA and FBI privacy statements regarding Rap Back and promised to follow-up by the end of January.
Credential Authentication Technology (CAT)
TSA has deployed 389 Credential Authentication Technology (CAT) units to 31 airports. TSA plans to deploy a total of 505 units in Fiscal Year 2020. TSA did report that some issues are being discovered as more units are installed. CAT provides identification authentication and a near real-time check of the Secure Flight system and, as a result, a boarding pass in not required at the CAT unit. In some cases, individuals who have not checked into their flight have gone through CAT (and subsequent checkpoint screening) but are not able to board their flight due to the lack of a boarding pass. In such cases, passengers are directed back to the checkpoint to retrieve a boarding pass. In response to a question, TSA did note that the CAT machines are networked and do have physical port requirements. A wireless model is being explored. TSA is also updating the CAT software to recognize REAL ID-compliant identification and that update is expected to be complete before the October 1 REAL ID deadline. On a REAL ID related note, TSA expects that DHS will be issuing a press release shortly with state-specific REAL ID adoption rates. TSA deferred a question related to the impact of CAT units on the CLEAR program, stating only that TSA is currently working closely with CLEAR on what the process will look like in the future with widescale CAT deployment.
Intelligence Update
TSA provided an intelligence update that included an overview of the situation with Iran, including extensive background on the escalating tensions between the U.S. and Iran since 2018. TSA also reported on recent UAS reports near airports and critical infrastructure and insider threat related incidents at airports across the country.
Next TSA Conference Call
The next TSA monthly conference call for airport stakeholders is scheduled for Thursday, February 6, 2020 at 1 p.m. ET.
