Security Policy Alert: Summary TSA Monthly Conference Call for Airport Stakeholders
April 1, 2021
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans, and Engagement (PPE). Following are highlights from today'™s call:
Policy Updates
Cyber Incidents: TSA reminded airports that the proposed ASP amendment (TSA NA 14-01A) to add cyber incidents to the incident and suspicious activities reporting requirements has been issued. The comment period closes on April 4, 2021, which is a Sunday so TSA will accept comments through April 5, 2021. AAAE will be submitting comments on behalf of our airport members so please share any feedback that you may have on the proposed ASP amendment.
Centralized Revocation Database: On March 23, TSA posted a technical correction to the final Airport Security Program amendment implementing the Centralized Revocation Database for Individuals with Revoked Identification Media. TSA-NA-21-01A can be found on HSIN. As AAAE reported earlier, the technical correction clarifies that individuals must be notified that they may be listed on the Centralized Revocation Database for up to five years if they commit an aviation security violation that results in badge revocation. TSA also changed the reference to 'œpermanent revocation' to 'œfinal revocation' to be more inclusive of airports' various revocation processes and timelines. Lastly, the technical correction extended the final implementation date from April 22, 2021, to June 20, 2021.
ASP Amendment on Employee Screening: The comment period on the employee screening ASP amendment closed on December 7, 2020. TSA received more than 2,500 comments, which they are reviewing. They hope to begin comment adjudication shortly and anticipate this will take at least 6 months. Alan Paterno believes that this ASP amendment would go out for a second round of notice and comment.
NIST Cybersecurity Framework Survey
Mike Jacobs informed participants on the call that the Transportation Systems Sector (TSS) agencies are conducting a survey to gauge the industry'™s voluntary adoption of the NIST cybersecurity framework and asked participants on the call to complete this survey. Feedback will help to better understand the cybersecurity posture within the nation'™s transportation systems, will be used to assess the need for potential policy, and to determine appropriate risk management tools, products, and services that are needed to build upon the work already being done to reduce cyber risk within the TSS. The survey was widely distributed on March 10, 2021. It will take about 10 minutes and must be completed by Friday, April 30, 2021. All responses to the survey are anonymous. To participate, the survey can be found on HSIN'™s 200 Board or click on the following link: www.surveymonkey.com/r/TSS_Voluntary_NIST_Cybersecurity_Framework_Use_Survey
You can also reach out to Mike Jacobs directly for the survey at michael.jacobs@tsa.dhs.gov
Safe Skies
Jessica Grizzle from Safe Skies provided an update on the organization'™s recent PARAS reports, which are now available for download on the Safe Skies website.
Safe Skies recently issued the following ASSIST reports:
Airport Security Coordinators who wish to request ASSIST reports may email anna.hamilton@sskies.org or navigate to the Safe Skies Conference area on HSIN to download them.
Enrollment Services and Vetting Programs Update
Sam Smith from TSA'™s Enrollment Services and Vetting Programs (ESVP) provided an update on eBadge and Rap Back programs.
eBadge: Twenty-two airports are participating in the eBadge program and over 40,000 eBadge submissions have been successfully processed.
Rap Back: There are 234 airports currently participating in Rap Back, which represents over 67% of eligible federal airports. For the remaining eligible airports, Smith urged them to contact their Designated Aviation Channeler (DAC) to begin the process. The steps are straightforward: complete the Privacy Informational Briefing, submit a signed Statement of Responsibilities, and complete your DAC training. Please reach out to your DAC or TSA at rapback@tsa.dhs.gov with any questions about getting started in the Rap Back program.
In 2020, TSA lost over 40,000 Rap Back subscriptions but with the help of airports and associations, they were able to end the year with a net gain of 10,000. Smith thanked everyone for their continued support of the Rap Back program and noted that they have seen ten straight weeks of active subscription increases.
This week, TSA released a 'œBest Practices' aviation worker bulletin to curb inadvertent subscription expirations. TSA was seeing many subscription renewals submitted just minutes before the expiration, which they could not accommodate that quickly. Smith urged airport operators to consider implementing the 'œbest practice' process of submitting a Rap Back maintenance cancel or renewal transaction one to five days before the Rap Back subscription expiration date. If the individual renews their badge and the subscription was canceled, the airports have the option to take either of the following actions:
If the badge is not renewed, and the subscription was canceled, the cancel transaction stands. If the badge is not renewed and the subscription was renewed, then the airport should submit an RBMNT-C transaction to cancel the Rap Back subscription. In either scenario, make sure to update the badge information in your DAC system. This process may vary for airports with Identity Management Service Providers.
A new version of the Rap Back User Guide will soon be available on HSIN and FPRD. The new language includes the 'œBest Practices''™ from the AW Bulletin.
As of today, April 1, 2021, TSA will no longer accept any form (i.e., FPRD 3.1) except for FPRD 4.0.
PreCheck
The good news is that PreCheck enrollment continues to increase but they are below the pre-COVID levels. Since the inception of PreCheck in December 2013, there have been over 10,806,000 enrollments. Currently, there are more than 10,315,000 active PreCheck members. TSA is seeing an average of 4,396 new enrollments over the last five business days or 22,422 enrollments per week. Over 2,133,000 PreCheck members have already renewed their five-year membership, which reflects a 69 percent renewal rate. PreCheck enrollment centers are open at 38 airports and 374 off-airport locations.
TSA is working to onboard two new PreCheck enrollment providers'”Telos and Clear'”but do not have a 'œgo live' date yet. TSA will provide more information when this becomes available.
Given the anticipated increase in leisure travelers this summer, TSA has begun to change its PreCheck marketing strategy to 'œenroll now before it is time to travel'. This message will focus on the newer audience that is currently traveling. New messaging will include that you can skip the screening bins and have a more touchless screening process. New images and social media posts are continuously updated and will focus on families and leisure travelers. These campaigns are flexible and can easily add more business traveler messaging when they return in larger numbers.
Domestic Violent Extremism (DVE)
John Bennet from TSA'™s Intelligence and Analysis (I&A) office discussed a three-year review on the likelihood of domestic violent extremists conducting attacks on aviation and surface transportation systems in the homeland. I&A found that the threat from DVEs was low and would likely be opportunistic. Bennett provided more detailed information that was security sensitive.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, May 6 at 1:00 p.m. ET. Please note the new conference call number and passcode: 1-800-857-5826 and passcode 9596778.
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans, and Engagement (PPE). Following are highlights from today'™s call:
Policy Updates
Cyber Incidents: TSA reminded airports that the proposed ASP amendment (TSA NA 14-01A) to add cyber incidents to the incident and suspicious activities reporting requirements has been issued. The comment period closes on April 4, 2021, which is a Sunday so TSA will accept comments through April 5, 2021. AAAE will be submitting comments on behalf of our airport members so please share any feedback that you may have on the proposed ASP amendment.
Centralized Revocation Database: On March 23, TSA posted a technical correction to the final Airport Security Program amendment implementing the Centralized Revocation Database for Individuals with Revoked Identification Media. TSA-NA-21-01A can be found on HSIN. As AAAE reported earlier, the technical correction clarifies that individuals must be notified that they may be listed on the Centralized Revocation Database for up to five years if they commit an aviation security violation that results in badge revocation. TSA also changed the reference to 'œpermanent revocation' to 'œfinal revocation' to be more inclusive of airports' various revocation processes and timelines. Lastly, the technical correction extended the final implementation date from April 22, 2021, to June 20, 2021.
ASP Amendment on Employee Screening: The comment period on the employee screening ASP amendment closed on December 7, 2020. TSA received more than 2,500 comments, which they are reviewing. They hope to begin comment adjudication shortly and anticipate this will take at least 6 months. Alan Paterno believes that this ASP amendment would go out for a second round of notice and comment.
NIST Cybersecurity Framework Survey
Mike Jacobs informed participants on the call that the Transportation Systems Sector (TSS) agencies are conducting a survey to gauge the industry'™s voluntary adoption of the NIST cybersecurity framework and asked participants on the call to complete this survey. Feedback will help to better understand the cybersecurity posture within the nation'™s transportation systems, will be used to assess the need for potential policy, and to determine appropriate risk management tools, products, and services that are needed to build upon the work already being done to reduce cyber risk within the TSS. The survey was widely distributed on March 10, 2021. It will take about 10 minutes and must be completed by Friday, April 30, 2021. All responses to the survey are anonymous. To participate, the survey can be found on HSIN'™s 200 Board or click on the following link: www.surveymonkey.com/r/TSS_Voluntary_NIST_Cybersecurity_Framework_Use_Survey
You can also reach out to Mike Jacobs directly for the survey at michael.jacobs@tsa.dhs.gov
Safe Skies
Jessica Grizzle from Safe Skies provided an update on the organization'™s recent PARAS reports, which are now available for download on the Safe Skies website.
- PARAS 0024 Consolidated Receiving and Distribution Facilities at Airports - This document provides airport executives and aviation industry professionals with guidance on the key features, planning, development, and operations of a CRDF. The document intends to provide information and resources for a broad range of airport types, sizes, and needs in addressing the movement of goods into a secure airport area for a wide range of airport stakeholders.
- PARAS 0026 Insider Threat Mitigation at Airports - This guidebook is an all-encompassing source for information on insider threat mitigation at airports. Information in the guidebook aligns with the six ASAC focus areas of Threat Detection, Assessment, and Response; Aviation Worker Vetting and Evaluation; Aviation Worker Screening and Access Control; Training and Engagement; Information Sharing; and Governance and Internal Controls.
Safe Skies recently issued the following ASSIST reports:
- Senstar FiberPatrol® FP1150 Fence-Mounted Intrusion Detection System - Hartsfield-Jackson International Airport, and
- CrisisGo, Inc. Emergency Communication Platform - Safe Skies Headquarters.
Airport Security Coordinators who wish to request ASSIST reports may email anna.hamilton@sskies.org or navigate to the Safe Skies Conference area on HSIN to download them.
Enrollment Services and Vetting Programs Update
Sam Smith from TSA'™s Enrollment Services and Vetting Programs (ESVP) provided an update on eBadge and Rap Back programs.
eBadge: Twenty-two airports are participating in the eBadge program and over 40,000 eBadge submissions have been successfully processed.
Rap Back: There are 234 airports currently participating in Rap Back, which represents over 67% of eligible federal airports. For the remaining eligible airports, Smith urged them to contact their Designated Aviation Channeler (DAC) to begin the process. The steps are straightforward: complete the Privacy Informational Briefing, submit a signed Statement of Responsibilities, and complete your DAC training. Please reach out to your DAC or TSA at rapback@tsa.dhs.gov with any questions about getting started in the Rap Back program.
In 2020, TSA lost over 40,000 Rap Back subscriptions but with the help of airports and associations, they were able to end the year with a net gain of 10,000. Smith thanked everyone for their continued support of the Rap Back program and noted that they have seen ten straight weeks of active subscription increases.
This week, TSA released a 'œBest Practices' aviation worker bulletin to curb inadvertent subscription expirations. TSA was seeing many subscription renewals submitted just minutes before the expiration, which they could not accommodate that quickly. Smith urged airport operators to consider implementing the 'œbest practice' process of submitting a Rap Back maintenance cancel or renewal transaction one to five days before the Rap Back subscription expiration date. If the individual renews their badge and the subscription was canceled, the airports have the option to take either of the following actions:
- Submit a Subsequent Rap Back Subscription transaction (RBSCVL) to establish a new subscription. The RBSCVL will return any new criminal information received by the FBI since the date of cancellation.
- Submit a Rap Back Maintenance Un-cancel transaction (RBMNT-U) to un-cancel the subscription, and then submit a Rap Back Maintenance Replace transaction with a new subscription expiration date to restore the subscription to an active status. The RBMNT-U will return any new criminal information received by the FBI since the date of cancellation.
If the badge is not renewed, and the subscription was canceled, the cancel transaction stands. If the badge is not renewed and the subscription was renewed, then the airport should submit an RBMNT-C transaction to cancel the Rap Back subscription. In either scenario, make sure to update the badge information in your DAC system. This process may vary for airports with Identity Management Service Providers.
A new version of the Rap Back User Guide will soon be available on HSIN and FPRD. The new language includes the 'œBest Practices''™ from the AW Bulletin.
As of today, April 1, 2021, TSA will no longer accept any form (i.e., FPRD 3.1) except for FPRD 4.0.
PreCheck
The good news is that PreCheck enrollment continues to increase but they are below the pre-COVID levels. Since the inception of PreCheck in December 2013, there have been over 10,806,000 enrollments. Currently, there are more than 10,315,000 active PreCheck members. TSA is seeing an average of 4,396 new enrollments over the last five business days or 22,422 enrollments per week. Over 2,133,000 PreCheck members have already renewed their five-year membership, which reflects a 69 percent renewal rate. PreCheck enrollment centers are open at 38 airports and 374 off-airport locations.
TSA is working to onboard two new PreCheck enrollment providers'”Telos and Clear'”but do not have a 'œgo live' date yet. TSA will provide more information when this becomes available.
Given the anticipated increase in leisure travelers this summer, TSA has begun to change its PreCheck marketing strategy to 'œenroll now before it is time to travel'. This message will focus on the newer audience that is currently traveling. New messaging will include that you can skip the screening bins and have a more touchless screening process. New images and social media posts are continuously updated and will focus on families and leisure travelers. These campaigns are flexible and can easily add more business traveler messaging when they return in larger numbers.
Domestic Violent Extremism (DVE)
John Bennet from TSA'™s Intelligence and Analysis (I&A) office discussed a three-year review on the likelihood of domestic violent extremists conducting attacks on aviation and surface transportation systems in the homeland. I&A found that the threat from DVEs was low and would likely be opportunistic. Bennett provided more detailed information that was security sensitive.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, May 6 at 1:00 p.m. ET. Please note the new conference call number and passcode: 1-800-857-5826 and passcode 9596778.
