Strategic Five-Year Technology Investment Plan for Aviation Security

Transcription

1 Strategic Five-Year Technology Investment Plan for Aviation Security 2015 Report to Congress August 12, 2015 Transportation Security Administration

2 Message from the Administrator August 12, 2015 I am pleased to present the Strategic Five-Year Technology Investment Plan. The Plan was prepared pursuant to a requirement in Section 1611 of the Homeland Security Act of 2002 (P.L ), as amended by Section 3 of the Transportation Security Acquisition Reform Act (P.L ). It presents a forward-looking investment plan that supports implementation of best practices and improved transparency with regard to security technology acquisition programs that protect the Nation's aviation transportation systems from terrorist attack. The Act requires a biennial update; however, the scope of the Plan spans Fiscal Years The Transportation Security Administration led the development of the Plan in consultation with the Department of Homeland Security s Under Secretary for Management, Under Secretary for Science and Technology, and the Chief Information Officer, and with the participation of the Aviation Security Advisory Committee and other aviation industry stakeholders. Pursuant to Congressional requirements, this report is being provided to the following Members of Congress: The Honorable Michael McCaul Chairman, House Committee on Homeland Security The Honorable Bennie Thompson Ranking Member, House Committee on Homeland Security The Honorable John Thune Chairman, Senate Committee on Commerce, Science, and Transportation The Honorable Bill Nelson Ranking Member, Senate Committee on Commerce, Science, and Transportation Inquiries relating to this report may be directed to me at (571) Sincerely yours, Peter V. Neffenger Administrator i

3 Executive Summary The Transportation Security Administration (TSA) Strategic Five-Year Technology Investment Plan aims to achieve a shared vision among Congressional, industry, Department of Homeland Security (DHS), and TSA stakeholders to address security technology needs, deploy cutting-edge security capabilities, and increase efficiency and security effectiveness in American aviation security. This Plan builds on the May 2014 TSA Strategic Capability Investment Plan, which was the product of engagement with industry and was published in the interest of helping stakeholders understand the Agency s direction to align investments and product development initiatives accordingly. To support the implementation of best practices and to improve transparency with regard to technology acquisition programs, the Transportation Security Acquisition Reform Act of 2014 (P.L ) was enacted in December TSA has developed this Plan, in consultation with the DHS Under Secretary for Management, the DHS Under Secretary for Science and Technology, the DHS Chief Information Officer, and with the participation of the Aviation Security Advisory Committee, established by the TSA Administrator, per the requirements of the Act. TSA s mission is to protect the Nation s transportation systems to ensure freedom of movement for people and commerce. In support of TSA s goals for a risk-based approach to operations, internal and external engagement, and increased efficiency and operational effectiveness, the following themes anchor this Plan while meeting the requirements of the Act: Integrating Principles of Risk-Based Security in Capabilities, Processes, and Technologies; Enhancing Core Mission Delivery by Focusing on System of Systems; Streamlining Acquisitions, Requirements, and Test and Evaluation Processes; and, Increasing Transparency in Engagement with Stakeholders to Enable Innovation. The Plan intends to provide a cohesive approach for the development and successful transition of security technology solutions. The Plan lays the foundation for future innovation and meets the immediate technology demands of specific mission needs. TSA and the DHS Science and Technology Directorate (S&T) define research and development goals and objectives to closely align investments with TSA mission needs in efforts to drive tangible solutions and innovations in transportation security. This Plan is organized to provide relevant background information, describe TSA s framework for technology investment, delineate the current security technology profile as it exists today, and explore technical initiatives and partnerships that will lead to the Airport of the Future. A compliance matrix in Appendix D details where the requirements of the Transportation Security Acquisition Reform Act are fulfilled in the Plan. ii

4 The Plan is an important step to foster mutually beneficial dialogue and collaboration with industry, academic, and Federal Government partners. After the initial delivery of the Plan to Congress, biennial updates will be submitted as mandated by the Act. iii

5 Strategic Five-Year Technology Investment Plan Table of Contents I. Legislative Language...1 II. Background...4 III. Technology Investment Framework...8 IV. Current Security Technology Profile...18 V. Investing in the Airport of the Future...25 VI. Conclusion...33 VII. Appendices...34 iv

6 I. Legislative Language This document has been compiled to satisfy Section 3 of the Transportation Security Acquisition Reform Act of 2014 (P.L ), which amends Section 1611 of the Homeland Security Act of 2002 (P.L ), which states: Sec Five-Year Technology Investment Plan (a) In general The Administrator shall (1) not later than 180 days after the date of the enactment of the Transportation Security Acquisition Reform Act, develop and submit to Congress a strategic five-year technology investment plan, that may include a classified addendum to report sensitive transportation security risks, technology vulnerabilities, or other sensitive security information; and, (2) to the extent possible, publish the Plan in an unclassified format in the public domain. (b) Consultation The Administrator shall develop the Plan in consultation with (1) the Under Secretary for Management; (2) the Under Secretary for Science and Technology; (3) the Chief Information Officer; and, (4) the aviation industry stakeholder advisory committee established by the Administrator. (c) Approval The Administrator may not publish the Plan under subsection (a)(2) until it has been approved by the Secretary. (d) Contents of Plan The Plan shall include (1) an analysis of transportation security risks and the associated capability gaps that would be best addressed by security-related technology, including consideration of the most recent quadrennial homeland security review under section 707; (2) a set of security-related technology acquisition needs that 1

7 (A) is prioritized based on risk and associated capability gaps identified under paragraph (1); and, (B) includes planned technology programs and projects with defined objectives, goals, timelines, and measures; (3) an analysis of current and forecast trends in domestic and international passenger travel; (4) an identification of currently deployed security-related technologies that are at or near the end of their lifecycles; (5) an identification of test, evaluation, modeling, and simulation capabilities, including target methodologies, rationales, and timelines necessary to support the acquisition of the security-related technologies expected to meet the needs under paragraph (2); (6) an identification of opportunities for public-private partnerships, small and disadvantaged company participation, intra government collaboration, university centers of excellence, and national laboratory technology transfer; (7) an identification of the Administration s acquisition workforce needs for the management of planned security-related technology acquisitions, including consideration of leveraging acquisition expertise of other Federal agencies; (8) an identification of the security resources, including information security resources, that will be required to protect security-related technology from physical or cyber theft, diversion, sabotage, or attack; (9) an identification of initiatives to streamline the Administration s acquisition process and provide greater predictability and clarity to small, medium, and large businesses, including the timeline for testing and evaluation; (10) an assessment of the impact to commercial aviation passengers; (11) a strategy for consulting airport management, air carrier representatives, and Federal security directors whenever an acquisition will lead to the removal of equipment at airports, and how the strategy for consulting with such officials of the relevant airports will address potential negative impacts on commercial passengers or airport operations; and, (12) in consultation with the National Institutes of Standards and Technology, an identification of security-related technology interface standards, in existence or if implemented, that could promote more interoperable passenger, baggage, and cargo screening systems. 2

8 (e) Leveraging the private sector To the extent possible, and in a manner that is consistent with fair and equitable practices, the Plan shall (1) leverage emerging technology trends and research and development investment trends within the public and private sectors; (2) incorporate private sector input, including from the aviation industry stakeholder advisory committee established by the Administrator, through requests for information, industry days, and other innovative means consistent with the Federal Acquisition Regulation; and, (3) in consultation with the Under Secretary for Science and Technology, identify technologies in existence or in development that, with or without adaptation, are expected to be suitable to meeting mission needs. (f) Disclosure The Administrator shall include with the Plan a list of nongovernment persons that contributed to the writing of the Plan. (g) Update and report Beginning 2 years after the date the Plan is submitted to Congress under subsection (a), and biennially thereafter, the Administrator shall submit to Congress (1) an update of the Plan; and, (2) a report on the extent to which each security-related technology acquired by the Administration since the last issuance or update of the Plan is consistent with the planned technology programs and projects identified under subsection (d)(2) for that security-related technology. 3

9 II. Background In the aftermath of the 9/11 attacks, TSA was created to address the need to strengthen the security of the Nation s transportation systems. TSA provides capabilities that drive security across transportation modes and screen all commercial airline passengers and baggage while ensuring the freedom of movement for people and commerce. While utilizing a layered, riskbased strategy, TSA sets the standard for excellence in transportation security through its work with transportation, law enforcement, and intelligence communities. Although TSA has primary responsibility for all modes of transportation except maritime, the Strategic Five-Year Technology Investment Plan focuses on aviation security. TSA security capabilities operate 365 days a year across roughly 440 federally regulated airports, playing an integral part of a global commercial aviation industry with revenues in excess of $630 billion and $2.2 trillion in economic activity globally each year. On any given day, TSA and industry partners secure 1.8 million passengers, 1.2 million checked bags, 3 million carry-on bags, and 8.4 million pounds of cargo flying on 25,000 flights. As the aviation industry grows, TSA will need to secure and protect an increasing number of flights. The 2015 Federal Aviation Administration forecasts call for U.S. carrier system-wide passenger growth of an average of 2 percent per year in the next 20 years, totaling a predicted 1.1 billion passengers in System-wide commercial carrier capacity growth is projected to increase 2.5 percent per year from , totaling a predicted 1.7 billion available seat miles in This increase in commercial aviation traffic, coupled with a continuing terrorist threat, requires TSA to continually assess the effectiveness and efficiency of security screening to ensure limited resources are used to best manage risks across the aviation domain. A. Current Strategic Landscape TSA technology acquisition programs operate within complex environmental realities and considerations that influence not only the solutions that are procured, but how they are procured. Current realities and considerations of the security technology environment include: Risk-Based Security (RBS): RBS requires an interoperable and dynamic system across the underlying analytical, technical, and human capital processes required in order to align TSA s resources to risk-based needs. Technologies that augment and enhance RBS are sought to increase effectiveness and accuracy of the system. Security Effectiveness: Security Effectiveness is a measure of integrated, real-world performance in security screening according to a defined set of criteria designed to selectively identify and mitigate threats within a protected area. Coordination with Stakeholders: TSA interacts with various stakeholders as partners in aviation security and recognizes the impact TSA decisions can have on them. These 1 Federal Aviation Administration Aerospace Forecast Fiscal Years

10 stakeholders often have a variety of competing priorities that must be balanced in order to achieve maximum efficiency and effectiveness. Stakeholders include: o Passengers: Technology acquisitions are assessed against the trade space framework, which balances security considerations with passenger experience and operational efficiency. For example, checkpoint technology contributes to the overall passenger experience and is often the primary factor that influences public perception of TSA. o Airports: Because TSA does not own airport infrastructure, TSA must coordinate with airports and assess the impact of changes to integrate planned checkpoint and checked baggage technologies across varying physical layouts. Thus when analyzing Transportation Security Equipment (TSE) for acquisition and deployment, TSA critically considers footprint and installation needs. o Airline Groups and Air Carriers: TSA actions impact the flying experience and customer perception as well as operations of airlines. User Adoption of Planned Technology: Technology must be suitable for integration in operational processes, and enable or enhance security protocols. Technology design and development involves extensive consideration of the end user and weighing the benefits of the technology solution against operator implications. Diverse and Dynamic Adversaries: TSA faces diverse adversaries intent on attacking commercial aviation. These adversaries exist along a wide spectrum of resources, skills, thoughtful planning, and knowledge of security measures. TSA Budget Constraints: Budget appropriations for TSA s technology acquisition programs have been reduced by approximately one-third since 2012, and DHS continues to be influenced by budget constraints. However, even with budget constraints, TSA must plan for the targeted recapitalization of over 2,400 end-of-life items of TSE over the next five years to ensure TSA s suite of TSE continues to enable mission success. B. Strategic Priorities and Planning To address threats and increase security effectiveness in a complex environment, TSA is focused on deploying an effective, adaptive, and flexible system of security capabilities as described in this Plan. The Plan aims to achieve a shared vision among all stakeholders. Within TSA, the Electronic Baggage Screening Program and Passenger Screening Program are responsible for acquiring new and/or upgraded technologies to improve aviation security and align to the DHS Quadrennial Homeland Security Review s mission of preventing terrorism and enhancing security, illustrated in Figure 1. 5

11 Figure 1. Program Alignment with the 2014 DHS Quadrennial Homeland Security Review The following themes, aligned to TSA and DHS goals, anchor the Plan to TSA s mission: Integrating Principles of RBS in Capabilities, Processes, and Technologies: Comprehensive integration of RBS principles in mission capabilities enables security effectiveness throughout the screening process, cost and time efficiencies, and passenger satisfaction. Enhancing Core Mission Delivery by Focusing on a System of Systems: A push towards innovative concepts, such as interoperability and a system perspective, will help streamline technology investment and enhance delivery of security capabilities. Streamlining Acquisitions, Requirements, and Test and Evaluation Processes: Focused investment on process improvement and business maturation activities throughout the acquisition lifecycle enables TSA to more effectively and efficiently address evolving threats posed to the Nation s transportation network. Increasing Transparency in Engagement with Stakeholders to Enable Innovation: Increased transparency with industry stakeholders, those supporting both TSA and DHS S&T, will result in enhanced collaboration, increasing the opportunities for businesses of all sizes to compete and help advance the mission of TSA. TSA aims to build on priorities established by previous strategic planning documents, as depicted in Figure 2, with varying timelines and purposes. 2 The 2014 Quadrennial Homeland Security Review (June 18, 2014). 6

12 Figure 2. Strategic Plan Development Timelines 1 DHS S&T/TSA Research, Development, Test, and Evaluation Strategic Plan (October 2013). 2 Transportation Security Strategic Capability Investment Plan (June 2014). TSA and DHS S&T jointly developed the Research, Development, Test, and Evaluation (RDT&E) Strategic Plan to provide a high-level strategy for innovative transportation security capability development and enable the successful transfer of technology and/or security solutions. Alignment between stakeholder investments and TSA s strategic direction is critical to TSA s ability to respond quickly and effectively to emerging threats. In an effort to align interests and investments, TSA released the Transportation Security Strategic Capability Investment Plan in 2014, which builds on the RDT&E Strategic Plan from the perspective of TSA acquisition programs, and provides a cohesive vision for the development and successful transition of technology and security solutions over the next five years. The Strategic Five-Year Technology Investment Plan aligns to the goals and objectives of the jointly developed RDT&E Strategic Plan and the Transportation Security Strategic Capability Investment Plan, and adds additional information about the acquisitions process, specific status of technology programs, and avenues for stakeholder collaboration. 7

13 III. Technology Investment Framework TSA s technology investment framework consists of two main phases: the Pre-Need phase and the Acquisition Lifecycle. During the Pre-Need phase, TSA assesses risks and capability gaps through the use of the Transportation Security Capability Analysis Process (TSCAP). 3 If the gap analysis results in a planned acquisition, TSA transitions into the DHS Acquisition Lifecycle Framework mandated by DHS Acquisition Management Directive 102, 4 which provides a consistent framework to plan, manage, and evaluate a program s acquisition throughout the acquisition lifecycle. The Technology Investment Framework processes and elements described in the following sections inform and influence decisions for technologies currently deployed, as well as investment decisions that will shape the Airport of the Future, which is addressed separately later in the Plan. A. Pre-Need 1. Risk Assessment TSA assesses risk at various levels across the agency to inform both strategic and tactical decisions. The agency assesses risk to the transportation sector using a variety of sources, including intelligence and modeling and simulation capabilities. Adversary characterization models address the adversary and threat landscape to optimize TSA s design and engineering efforts. TSA also collaborates with other government intelligence and law enforcement agencies, such as the Federal Bureau of Investigation, in the areas of risk assessment and threat characterization. TSA also assesses risks through the Transportation Sector Security Risk Assessment, a modeling and simulation tool based on the risk assessment guidelines from DHS s National Infrastructure Protection Plan, which calculates risk based on three elements: threat, vulnerability, and consequence. Risk scores for scenarios are calculated, ranked, and compared to provide decision makers a comprehensive understanding of the transportation sector s terrorism risk landscape. Additional process detail and a comprehensive discussion and ranking of current risks to the transportation sector can be reviewed in the Fiscal Year 2014 Transportation Sector Security Risk Assessment 3.0 Congressional Report Capability Analysis In 2013, TSA began development of the TSCAP, outlined in Figure 3, to create a structured, repeatable, and transparent process for systematic requirements generation. This process strengthens TSA s analysis of the entire security system in the Pre-Need phase. The TSCAP identifies and prioritizes security capability deficiencies and proposes improvements on three 3 Transportation Security Capability Analysis Process Implementation Guide, Version 1.1 (May 1, 2014). 4 DHS Acquisition Management Directive , rev. 01 (January 20, 2010) and rev. 02 (February 21, 2013). 5 Fiscal Year 2014 Transportation Sector Security Risk Assessment 3.0 Congressional Report (July 28, 2014). 8

14 levels: holistically across TSA on an annual basis, at the program level to determine requirements for specific gaps, and on a targeted basis in response to specific needs. TSA is still working to integrate this process on a broad scale but has seen initial results. Figure 3. Overview of TSA s Capability Analysis Process The capability analysis process is an iterative process, and includes input from many stakeholders. Capability gaps are identified to demonstrate the differences between current TSA capabilities and the capabilities required to mitigate risks and meet other operational needs. A structured decision-making process, informed by subject matter experts and industry input, prioritizes the capability gaps across three main factors: the risk mitigation trade space, strategic alignment, and network effects. The Trade Space Framework, as seen in Figure 4, is used to quantify decision trade-offs, enabling comprehensive consideration of strategic alternatives across five objectives: Security Effectiveness, Operational Efficiency, Fiscal/Policy Issues, Passenger Experience, and Industry Vitality, as defined here: Security Effectiveness: Security Effectiveness is a measure of integrated, real-world performance in security screening according to a defined set of criteria designed to selectively identify and mitigate threats within a protected area. Operational Efficiency: Operational Efficiency is the capacity of systems (technology and process) to maintain Security Effectiveness by streamlining core processes and developing and implementing screening solutions in the most cost-effective manner possible. Fiscal/Policy Issues: Fiscal/Policy Issues include the planning and management and other costs associated with capital expenditures, testing, site preparation, deployment, 9

15 staffing and operating costs, maintenance and training, upgrades, decommissioning, and disposal of screening solutions as well as policy considerations. Passenger Experience: Passenger Experience is minimally invasive and unobtrusive screening that preserves privacy, dignity, and can be intuitively regarded as necessary and thoughtful without explanation. Industry Vitality: Industry Vitality can be described as maintaining a supplier pool with adequate capacity that is willing to innovate, manufacture, deploy, update, and maintain screening solutions in accordance with TSA s mission requirements. Figure 4. Trade Space Framework Modeling and Simulation Tools TSA utilizes a variety of modeling and simulation tools, including: Network-Enabled Security Checkpoint Optimizer: A discrete event simulation that provides the ability to assess operational efficiency based upon input parameters; Aviation System Security Effectiveness Tool: A probability model that provides the capability to assess security effectiveness based upon detection probabilities; and, Enhanced Screening Model: A queuing model that provides the capability to assess wait times and impacts to passenger satisfaction. to comprehensive countermeasures. Trade space analysis is supported by analytical case studies, including Analysis of Alternatives and Return on Investment/Cost Benefit Analysis that incorporate modeling and simulation capabilities. Examples of these capabilities are demonstrated in the callout to the left. Analyses of Alternatives analyze proposed changes to screening procedures or policies to determine the best option, and Return on Investments/Cost Benefit Analyses monetize the security value of a capability and compare benefits to the program cost. Returns on Investments/Cost Benefit Analyses inform pre-analysis for acquisition and procurement or budget and policy justifications. Finally, network effects are analyzed to understand the potential system impact of closing the capability gap in question. More value is assigned The result of this analysis is a prioritized capability gap list used to inform technology-related acquisitions. When the capability gap list is finalized, TSA will socialize the gaps with relevant 10

16 stakeholders. Due to the sensitivity of the prioritized capability gap list, an unprioritized list of the most recent annual capability gap results are provided later in this document. TSA explores options to close the gaps on the prioritized capability gap list by generating and analyzing a list of alternatives. As shown in Figure 3, the focus of the Strategic Five-Year Technology Investment Plan is security-related technology materiel solutions. If the security-related technology materiel solutions are not yet at a sufficient maturity level to initiate the Acquisition Lifecycle, TSA collaborates with DHS S&T and other partners to advance the technology, as seen in the Mass Spectroscopy Case Study. If it is determined that a capability gap can be addressed through a non-materiel solution, TSA will explore options such as enhancing Standard Operating Procedures and in doing so, will engage industry as necessary. A summary of avenues for innovative technology development, including targeted Broad Agency Announcements, is discussed later in the Plan. If mature security-related technology exists to close the capability gap, then an acquisition following the Acquisition Management Directive 102 framework may be implemented. The acquisition will take advantage of the high-level requirements in the Preliminary Mission Need Statement, Preliminary Concept of Operations, and Preliminary Operational Requirements Document produced from the TSCAP. B. Acquisition Lifecycle 1. Aligning Resources Case Study: Maturing Technologies through Collaboration Mass Spectroscopy Situation: DHS S&T has awarded contracts to vendors to enhance the detection capabilities of Mass Spectroscopy as opposed to the currently deployed systems, which all use Ion Mobility. In a cooperative effort with DHS S&T and the vendors, the TSA Systems Integration Facility has tested three models of Mass Spectroscopy Explosives Trace Detectors and has provided early operational and functional feedback to the vendors on their systems by testing them against TSA s Functional Requirements Document. These are the same requirements that are used to evaluate vendors seeking to be placed on a TSA Qualified Products List as part of the Acquisition Process. Impact: By testing Mass Spectroscopy Explosives Trace Detectors in the Developmental Phase, TSA has provided early guidance to the vendors for changes needed to their system to be able to meet TSA s functional requirements. TSA Transportation Security Officers participated in Transportation Security Officer in-the-loop testing which gave operational feedback from the end users who were familiar with the operational scenarios in which Explosives Trace Detectors are used in airports. As a prerequisite to transitioning into an acquisition, TSA must ensure adequate resources with the correct skillsets are available to support the execution of the potential acquisition. TSA completed a DHS-required Acquisition Workforce study in 2014 that established the personnel needed to support their acquisition programs as determined by the Program Managers. This data was compared to DHS s interpretation of Government Accountability Office guidance on 11

17 acquisition program staffing to ensure the programs were properly staffed. 6 The staffing data is being further evaluated to determine the necessary certification levels for different job series and grades. The end goal of this study is to have a clear picture of TSA s complete acquisition program workforce and to ensure those persons are trained at the necessary level. In addition, TSA currently has over 20 workshops to support the development of its acquisition workforce. These training packages have been reviewed by DHS and determined to be of high enough quality to be substitute courses for obtaining DHS Program Manager Level I certification. TSA has also briefed other DHS components, such as the U.S. Secret Service and the Federal Emergency Management Agency, on these workshops. TSA is an active participant in the DHS Component Acquisition Career Manager Council. The Council is the platform for exchanging best practices, increasing awareness, and identifying components needs and priorities. This forum provides TSA the ability to leverage expertise of other DHS components in improving the tools for TSA s acquisition workforce. The goals of the Acquisition Career Manager include the following: improve workforce identification and tracking, formalize acquisition workforce career paths, enhance training and professional development, improve recruitment and hiring processes, and improve communication and collaboration. 2. Identifying Needs The acquisition workforce is an integral component of technology-related acquisitions. When security-related technology transitions into the framework established by Acquisition Management Directive 102 (summarized in Figure 5), the high-level technology requirements produced by the TSCAP are refined through consultation with stakeholders. The result of this phase is a formal Mission Need Statement that documents the capability need an acquisition program will address. 6 DHS, Under Secretary for Management Memorandum, Major Acquisition Program Staffing (June 13, 2014); responding to GAO of April 2014 titled, Homeland Security Acquisitions, DHS Could Better Manage its Portfolio to Address Funding Gaps and Improve Communications with Congress. 12

18 Figure 5. Overview of the Acquisition Lifecycle 3. Analyzing and Selecting Alternatives Once a need has been defined, TSA re-engages with industry to solicit input through a variety of means, including releasing Requests for Information and hosting Industry Days. By engaging industry, TSA can validate its capability need and better inform its path forward. Furthermore, TSA can inform industry of its proposed acquisition strategy and solicit feedback on early-stage, draft requirements, and potential Concepts of Operations. Using input from industry, as well as feedback from the user/operator, a Concept of Operations, and an Operational Requirements Document are developed. The Concept of Operations describes a proposed asset, system, or capability in terms of the user needs it will fulfill, its relationship to existing assets, systems, capabilities or procedures, and the ways it will be used in operations or business processes. The Operational Requirements Document provides the operational performance parameters that need to be met to ensure a useful capability is delivered to the user. A Functional Requirements Document is then developed to provide more detailed equipmentlevel performance requirements. TSA is continuing to evolve the way industry is involved in the requirements development process, and intends to host requirements development workshops as well as continue to share draft requirements with industry prior to finalization. As a result of continued industry engagement, TSA is working to present prioritized requirements with established minimum thresholds and objectives that are critical to TSA s mission. As part of the requirements review process, multiple steps are taken to engage stakeholders from TSA and other DHS components. A critical, improved element is the implementation of the Requirements Guidance Team to provide an ability to vet requirements across TSA offices. 13

19 Additionally, as appropriate, requirements documents are shared with the DHS Joint Requirements Council to provide similar vetting across DHS components. This allows acquisition programs access to best practices from other programs, the ability to leverage all of DHS and TSA to validate needs, and an avenue to coordinate joint ventures if multiple offices are interested in the same capability. 4. Leveraging Department Efficiencies The DHS Strategic Sourcing Vehicle provides DHS components economic and performance benefits through collaboration and enterprise planning for acquisition initiatives. 7 Strategic sourcing is a proven best practice that saves money, reduces redundancy, drives standardization, streamlines procurements, and improves business efficiency. TSA will leverage the DHS Strategic Sourcing Vehicle during planned Next Generation Explosives Trace Detector and Enhanced Metal Detector procurements. 5. Obtaining Security-Related Technology After the need has been identified and requirements are defined, TSA develops, vets, and approves a procurement strategy. The procurement strategy ensures that TSA has considered all factors, including but not limited to strategic sourcing considerations, market research, small business considerations, and competition considerations. In the past, TSA has employed two different strategies to procure new system solutions, both of which solicit systems through the Federal Business Opportunities website, accept proposals/qualification data packages, and evaluate the proposed information. The different strategies then either include executing the Test and Evaluation process prior to making a contract award, or executing the testing process after negotiating and making a contract award. In both situations, TSA typically awards Indefinite Delivery Indefinite Quantity contracts for systems and services to multiple offerors. While not used in all cases, multiple-award Indefinite Delivery Indefinite quantity contracts provide for continued competition among vendors as well as flexibility on both the timing and quantity of orders. The purpose of the Test and Evaluation process is to verify a system conforms to functional and operational requirements and to validate that the system achieves its intended purpose in the operational environment. Test and Evaluation is supported by three major phases: Developmental Testing, including formal Qualification/Certification Testing; Operational Testing; and, Acceptance Testing. These phases provide TSA with reliable test data, which reduces the risk of system failure and enables greater confidence in acquisition decisions. 7 DHS Instruction No , rev. 01, Instruction for the Development and Use of Strategic Sourcing Contract Vehicles (February 20, 2013). 14

20 In an effort to streamline the overall Test and Evaluation timeline, TSA has developed the following processes to enable greater transparency and accelerate capability delivery and reduce cost: Transparency o TSA shares Testing Documents and Test Plans with TSA stakeholders and has implemented policies to ensure system maturity prior to entering formal testing by TSA. o The Test and Evaluation Policy outlines the procedural requirements for TSA s Test and Evaluation process in support of acquisition and non-acquisition programs and lists the policies, plans, and reports which support acquisition decisions. This policy established a formal Test and Evaluation process and clarified Test and Evaluation policies, thereby providing more transparency for Test and Evaluation stakeholders. o The Test and Evaluation Process Guide provides details on the current state of TSA s Test and Evaluation process to reduce programmatic, financial, schedule, and performance risks associated with the development, procurement, deployment, and operation of security systems. This guide increases transparency into the DHS Acquisition Lifecycle Framework and provides stakeholders with a complete understanding of TSA s Test and Evaluation process. o The Test/Training Article Action Committee is a cross-office collaborative effort that will respond rapidly to evolving threats, deploying consistent articles across TSA and identifying high-quality lower-cost vendors for article procurement. Accelerating Capability Delivery and Reducing Cost o A Third Party Testing Strategy is being developed to reduce the length and cost of the acquisition lifecycle for new systems. The strategy standardizes TSA s management of testing failures, and formalizes the process for retesting of systems that have experienced failure(s) during Qualification Testing and/or Operational Testing. Additionally, the strategy recommends vendors entering the Test and Evaluation process use Third Party Testing to support their Qualification Data Package, which is the vendorprepared document that shows a system s compliance with functional requirements. These efforts will result in a more mature system and a higher quality Qualification Data Package. TSA acknowledges the benefits of Third Party Test certification to TSA and industry Case Study: Third Party Testing Situation: During the qualification of a vendor s Explosives Detection System, the system received a rating of not suitable due to an operational availability issue. Multiple modifications to the system were made and the vendor elected to have an independent Third Party Test agency verify the improved operational availability. Impact: Third Party Testing was effective in demonstrating the reliability of the system, and testing results enabled a DHS ARB acquisition decision without requiring additional TSA supported testing. The ability to use Third Party Testing data streamlined the acquisition timeline and reduced cost and resources for TSA. and is exploring certification options. TSA will also invite industry input on this topic. Use of Third Party Testing will have the potential to inform and reduce the 15

21 designed scope of Qualification Testing, and decrease the risk of additional testing required by significant failures. o A Statistical Methodology Policy is being developed to improve the evaluation of test data and increase confidence in acquisition decisions. This policy intends to modify the way a system s technical requirements are evaluated to prevent the likelihood of a significant technical modification being required as a result of poor performance during Operational Testing. This policy applies industry best practices and establishes a more defendable approach for validating and verifying testing results. Additionally, TSA is enhancing its Qualification Management Plans, which provide guidance to vendors on how to prepare and submit the Qualification Data Package to streamline requirements development and communication. TSA has improved the efficiency and effectiveness of the Test and Evaluation process and will continue to do so by exploring innovative concepts: Innovative Concepts o A Modeling and Simulations Lab is planned for development to provide a modeling and simulation environment that enables combining software emulators with existing sensors and systems. The lab will enable simulations to assess security performance, security risk, and flow of commerce impacts throughout the development and integration lifecycle. o A System Architecture Testbed will be established and used to incrementally explore, validate, and demonstrate alternative screening solution concepts that advance TSA's RBS vision. The architecture testbed will serve as a development and demonstration platform of an integrated screening concept. The testbed will be developed to support experimentation, integration, and demonstration of next-generation security solutions and will advance TSA s organizational capacity to rapidly design and architect emerging technology solutions. Additionally, TSA believes collaboration with stakeholders is key in developing approaches and identifying strategies for increasing transparency, reducing time-to-deploy and cutting cost. TSA will continue to work with stakeholders to gather feedback in earlier phases of testing, as well as identify ways to provide more access to real-world environments such as through additional opportunities for Cooperative Research and Development Agreements or other arrangements. 6. Deploying and Supporting Security-Related Technology Once a production contract has been awarded, TSA provides airports with the capabilities necessary to screen baggage and passengers. This support includes deployment of Transportation Security Officers to operate the TSE. For checkpoint and less complex checked baggage screening operations, TSA partners with system integrator contractors to deploy capabilities to the field. For checked baggage equipment to be integrated into airports with substantial infrastructure requirements, TSA enters into Other Transactional Agreements with airports to provide funds for airports to prepare facilities for the TSA security equipment that is to be purchased and installed. Other Transactional Agreements establish a funding cost share percentage with the Airport Authority, define the roles and responsibilities of TSA and the airport, and fund the airport for allowable project costs. 16

22 TSA follows a documented methodology to deploy, remove, and/or relocate TSE focusing on efficiency, security, and surge capability. This methodology accounts for TSA s procurement planning and risk-based screening goals. If TSA has identified the need to replace, supplement, or relocate a piece of TSE, TSA will conduct site validation and seek input from the Federal Security Director, who is responsible for socializing plans at the local level. When finalized, TSA informs the airport of the decision through a memo and follow-on communication as needed. The Federal Security Director notifies and coordinates with the Airport Operators and air carrier representatives. TSA works with the Federal Security Director to address potential negative impacts on commercial passengers or airport operations by providing additional data and operational justification to substantiate the decision. If approved, TSA begins the coordination and scheduling of the equipment deployment, removal, or relocation. During the Deploy and Support phase, there are a variety of modeling and simulation tools that support the efficient and effective operationalization of new technology. Prior to deployment, TSE allocation analyses help determine how to best allocate a security capability across airport categories and provide a risk-based allocation of limited resources, as well as short-term solutions for replacing, discontinuing, or retiring countermeasures. After deployment, existing tools augment daily operations by prioritizing daily resources, scheduling, and understanding the characteristics, relationships, and management of checkpoint and checked baggage operations. TSA is exploring ways to enhance the information provided to vendors regarding the performance of their equipment in the field, particularly operational data and user feedback. 17

23 IV. Current Security Technology Profile TSA s current security technology profile includes over 15,000 total deployed TSE across three acquisition programs. TSA identifies tests, procures, deploys, and maintains equipment that is capable of detecting threats concealed on passengers and in their baggage. The Electronic Baggage Screening Program (EBSP), Passenger Screening Program (PSP), and Security Technology Integrated Program (STIP) are responsible for acquiring new and/or upgraded technologies to improve aviation security. The EBSP procures and supports technology to screen passenger checked baggage. The PSP acquires and supports technology at the passenger screening checkpoint to screen passengers and their carry-on luggage for potential threats. The STIP is an Information Technology (IT) program that works to address the need for the automated exchange of information between TSE and TSA stakeholders. The STIP enables needs identified by the EBSP and the PSP and supports RBS principles. The EBSP and the PSP will be discussed in detail per the Plan s security technology scope. Additionally, TSA continues to address IT security challenges through cybersecurity initiatives. The EBSP and PSP goals align to the 2014 DHS Quadrennial Homeland Security Review s mission, as demonstrated in Figure 6. Figure 6. Passenger Screening Program and Electronic Baggage Screening Program Alignment to the 2014 DHS Quadrennial Homeland Security Review 18

24 A. EBSP Current State In accordance with the Aviation and Transportation Security Act of 2001 (P.L ), TSA screens 100 percent of checked baggage to ensure explosives are not being brought onto an aircraft. TSA accomplishes this mission by testing, acquiring, deploying, integrating, and maintaining technology that screens checked baggage to deter, detect, mitigate, and prevent transportation of explosives or other prohibited items on commercial aircraft, while ensuring freedom of movement for people and commerce. The EBSP measures program performance on an ongoing basis. Internal targets are established for program managers to assess the health of the program and inform decision-making during program execution. Sample metrics include: Maintaining 100 percent screening capability; Customer satisfaction; Operational availability of screening technology; and, Cost per checked bag screened. Metrics are reevaluated on a regular basis to ensure they adequately represent the health, effectiveness, and efficiency of TSA s investments. EBSP Current Technologies: TSA accomplishes its checked baggage security mission and the 100 percent screening mandate through the use of Explosives Detection Systems (EDS) and Explosives Trace Detectors (ETD) o EDS: The primary component of checked baggage screening, provides imaging, screening, and detection capabilities through Computed Tomography X-ray technology to identify possible threats and create images of the bag contents. EDS equipment can exist in two configurations: stand alone or in-line. Stand-alone systems are currently located in airport lobbies and baggage handling areas. In-line configurations integrate the EDS equipment into the baggage handling system. o ETD: Used both as primary and secondary screening methods (i.e., resolving EDS alarms) and are designed to detect trace explosives residue left on an item. ETDs are highly sensitive devices developed to detect various types of commercial and military explosives. ETDs are designed to be used as stand-alone systems or in conjunction with other technologies, such as the EDS, to provide a comprehensive program to screen for explosives. B. PSP Current State The PSP identifies, tests, procures, deploys, and maintains equipment that identifies threats concealed on people and in their carry-on items as they attempt entry into the sterile area of the airport terminal. The PSP goals include enhancing and automating threat detection, further integrating technology and processes, promoting a positive passenger experience and enhancing collaboration with 19

25 stakeholders. The PSP focuses on technologies that effectively and efficiently support TSA s RBS initiative and expansion of the TSA Pre program. As TSA Pre continues to expand, the employment of PSP TSE will continue to evolve in alignment with RBS-enabling technologies and processes. The PSP measures program performance on an ongoing basis. Internal targets are established for program managers to assess the health of the program and inform decision-making during program execution. Sample metrics include:: Operational availability for carry-on baggage screening equipment; Customer satisfaction; Cost per passenger screened; Percent of checkpoint lanes with Advanced Technology X-ray; Percent of checkpoint lanes with Advanced Imaging Technology; and, Percent of passengers screened by Advanced Imaging Technology. Metrics are reevaluated on a regular basis to ensure they adequately represent the health, effectiveness, and efficiency of TSA s investments. PSP Current Technologies: Checkpoint security utilizes a combination of technologies to screen passengers and their carry-on baggage: o Advanced Imaging Technology: Designed to increase security by screening passengers for metallic and non-metallic threats, including weapons, explosives, and other objects concealed under layers of clothing. Advanced Imaging Technology systems continue to replace legacy Enhanced Metal Detectors in checkpoint standard screening lanes as the primary passenger screening tool. Enhanced Metal Detectors and Advanced Imaging Technology are used intsa Pre lanes as part of the expanding RBS initiatives. The Next Generation Advanced Imaging Technology systems demonstrate faster processing time, have a smaller physical footprint at the checkpoint, and are planned for procurement in Fiscal Year o Boarding Pass Scanner: A device employed to read a passenger s boarding pass and display the passenger s name, flight information, and risk status to the Travel Document Checker. With this information, the Travel Document Checker is able to ensure that a passenger is routed through the checkpoint to receive the appropriate level of security screening. o Bottled Liquid Scanners: Units are used to discriminate explosive or flammable liquids from common, benign liquids carried by passengers. Bottled Liquid Scanners analyze substances within a container, measuring particular characteristics of a container s contents. The device can analyze substances within a container in seconds without having to open the container, and can also be used to screen medically exempt liquids. o Credential Authentication Technology: Is currently under development and qualification testing is planned for this year; it will be used to verify the authenticity of passenger identification while displaying a passenger s vetting status, which is obtained through a network connection to Secure Flight through the STIP. Secure Flight is a program that enhances the security of domestic and international commercial air travel through the use 20

26 of improved watch list matching. TSA plans to use Credential Authentication Technology to verify the authenticity of passenger identification and check passenger travelling status and risk in near real-time through a connection to Secure Flight. The Credential Authentication Technology is a pivotal TSA investment, as it is the first technology planned to introduce passenger risk into the checkpoint in near real-time to enhance RBS. Automating and fully controlling the identity verification process, which is currently dependent on manual reviews and air carrier provided boarding passes, also streamlines operations and mitigates potential risks. o Enhanced Metal Detectors: Also referred to as Walk-Through Metal Detectors, serve as a primary screening device of airline passengers for prohibited metallic objects at fixed checkpoints at the Nation s airports. Enhanced Metal Detectors are collocated with Advanced Imaging Technology in standard lanes and are the primary peoplescreening capability used in TSA Pre lanes. o ETDs: Previously described in the EBSP Current State section, are also used for checkpoint operations. o X-ray Technology: Threat Image Projection Ready X-ray: First generation X-ray devices deployed by TSA that are currently being recapitalized and replaced with Next Generation Advanced Technology X-ray systems. These systems do not offer the enhanced functionalities that Advanced Technology X-ray or Next Generation Advanced Technology X-ray systems provide, such as automated detection and dual-energy sensing capabilities. Advanced Technology X-ray: TSA utilizes Advanced Technology X-ray systems at the checkpoints to screen roughly three million carry-on bags for explosives each day. Advanced Technology X-ray technology detects threats in carry-on baggage by providing a clear, higher resolution X-ray image. These systems provide various views of the contents in a carry-on bag. Next Generation Advanced Technology X-ray systems provide an enhanced detection capability with multi-dimensional visual screening and improved image resolution on bags. C. Recapitalization and Growth As of April 2015, TSA includes over 15,000 total deployed TSE, as shown in Figure 7: Figure 7. Currently Deployed TSE Useful Life Number Deployed Number of Airports Explosives Detection System 15 years ETD (for both EBSP and PSP) 10 years Advanced Imaging Technology 10 years Advanced Technology X-ray 10 years Boarding Pass Scanner N/A Bottled Liquid Scanner 10 years Enhanced Metal Detectors 10 years Threat Image Projection Ready X-ray end-of-life As the deployed equipment reaches the end of its useful life, and as evolving technology afford opportunities for enhancement or optimization, equipment replacement options that fulfill the 21

27 mission need will be evaluated and executed. Useful life analysis is conducted to determine the duration for which TSE can be used for its intended screening purpose. The methodology consists of a unique balance of service life metrics and associated program drivers. Examples of program drivers include the third party maintenance concept and enhanced detection upgrade initiatives. The estimates are dynamic programmatic metrics that are incorporated yearly into acquisition, disposition, and budget planning activities. Of the currently deployed technologies, TSA is recapitalizing and replacing Threat Image Project Ready X-rays as discussed previously. Additionally, TSA is actively procuring and deploying next-generation ETDs to replace legacy units that have reached the end of their projected lifecycle. These improved ETDs have enhanced explosives detection sensitivity and the ability to detect a wider range of explosives threats. On a broader scale, TSA is transitioning into sustainment mode; it is purchasing technology for recapitalization and growth to optimize security effectiveness and operational efficiency. In order to determine long-term budget implications, and in accordance with DHS guidance, TSA actively uses Lifecycle Cost Estimates for its major acquisition programs to manage anticipated and acceptable cost baselines and prioritize requirements. The currently approved EBSP and PSP recapitalization figures can be seen in Figure 8, which represents planned purchases for Fiscal Year 2016 through Fiscal Year 2020 based on the July 2015 EBSP Lifecycle Cost Estimate and May 2014 PSP Lifecycle Cost Estimate. The Lifecycle Cost Estimates that contribute to this report undergo continuous revision as priorities and funding profiles change. TSA will publish an updated appendix upon DHS approval of each Lifecycle Cost Estimate. This information is subject to change. Actual purchase quantities will be based on available funding and changing realities of the security environment. Figure 8. Approved PSP and EBSP Recapitalization PSP Advanced Imaging Technology Next Generation Advanced Technology X-Ray Full Operational Capability Fiscal Year 2016 Fiscal Year 2017 Fiscal Year 2018 Fiscal Year 2019 Fiscal Year , Bottled Liquid Scanner 1, Credential Authentication Technology 1, Enhanced Metal Detector 1, ETD 5, EB SP EDS This is a combined PSP/EBSP ETD Count, as they are now a shared resource. 2,480 for PSP; 2,635 for EBSP. 2 EBSP met initial Full Operational Capability in 2003 upon deploying enough ETDs and EDS to screen 100 percent of checked baggage. There are presently 1,706 EDS deployed. Given the improved capabilities of new EDS, such as throughput, and the extended useful life of EDS (currently fifteen years), total quantity of deployed EDS fluctuates as operational conditions require. 3 FY 2016 FY 2020 EDS recaps are based off of projected purchase quantities in the EBSP Lifecycle Cost Estimate. Actual purchase quantities will be based off of available funding. 22

28 To enable recapitalization and growth, TSA establishes necessary vehicles for competitive procurement. TSA will also continue to invest in the integration of recapitalized systems through other transactional agreements or acquisition. Due to increased passenger travel and increased capacity at some airports, security technology needs may increase and require the purchase of additional units for addition to existing systems or for the development of new inline systems. EBSP and PSP will fully fund any recapitalization effort and work to reduce cost and impact on airports. D. Cybersecurity As TSA continues to move towards a network-connected screening environment, many IT security challenges need to be addressed proactively to ensure the security of the deployed TSE inventory. IT security challenges for TSE can be organized into three general areas: compliance with DHS/TSA information technology security policy, physical security of TSE, and access control: Compliance with IT Security Policy: Compliance with IT security policy, including DHS Policy Directive 4300A and where applicable, 4300B, TSA Management Directive , and relevant technical standards/configuration guidelines, as well as acknowledgement of cyber threats affecting TSE can be effected in part via IT security requirements for vendors. The following capabilities, configurations, and settings ensure TSE compliance with existing TSA security policies: Anti-Virus software and definition updates, Operating System security patching, compliance with DHS Hardening Guidelines, Original Equipment Manufacturer Information System Security Officer designation, inclusion of technical obsolescence clauses in TSE contracts, and support for the ongoing assessment of TSE. Physical Security of TSE: To mitigate physical security threats, revised guidelines informed by National Institute of Standards and Technology Special Publication are included in the Checkpoint Design Guide and Planning Guidelines and Design Standards for Checked Baggage Inspection Systems to ensure the physical security of TSE and its supporting infrastructure. Access Control: Continued coordination with airports and the Transportation Security Officer workforce is needed to ensure access is controlled and that existing/new Standard Operating Procedures and similar policies are created and enforced at the operational level. TSA is working to develop a comprehensive IT security framework for security technology, including enhanced testing methodologies during both qualification and operational testing to ensure vendors are compliant with IT security requirements. In the future, TSA cybersecurity testing will include cyber red team testing of TSE. This type of testing goes beyond the legal requirements of compliance. Cyber red team testing is designed to find previously unknown vulnerabilities in the technology in its final configured state before an adversary locates the same vulnerability in the field. In addition, the TSE IT Security framework will take Supply Chain Risk Management into consideration in order to align to the NIST SP Supply Chain 23

29 Risk Management Practices for Federal Information Systems and Organizations documentation. Implementation of the aforementioned IT security requirements for vendors and the outlined mitigation plans for physical security and access control vulnerabilities will safeguard TSE against the continuously evolving cyber and physical threat atmosphere. 24

30 V. Investing in the Airport of the Future Security screening must continue to adapt to meet evolving security threats and changes within the aviation industry. During its first decade, TSA employed a one-size-fits-all method to aviation security while building a layered security system and deploying more capable technologies. TSA began to implement RBS procedures for security screening of passengers and their property with the introduction of the first TSA Pre lanes in October RBS increases operational efficiency and security effectiveness by allowing TSA to focus less on lower risk passengers and more on higher risk passengers or those about whom TSA knows less. Under the current passenger-centric RBS approach, TSA conducts pre-screening to segment passengers by risk and affords expedited physical screening to passengers assessed as lower risk. To continue to enhance RBS, TSA has invested in establishing a shared vision for the future of aviation security and envisions a future defined by intelligence-driven, risk-based screening procedures and enhanced technology that will enable TSA to employ a flexible, adaptable, and robust multi-layered approach to detecting an evolving range of threats. The key to this vision is a system of systems perspective, which integrates technology, data, and processes within and across airports to fully deliver on the RBS vision. TSA is in the early stages of developing a system architecture that will facilitate the development of new capabilities across four architecture domains: Business: the business strategy, processes, and operations as they align to the agency function, mission, goals, and performance metrics; Information: the data collected along with the structure and design of data and interfaces; Applied (IT): the IT infrastructure (hardware and software), information housing, and data flow; also includes interactions between individual applications and relationship to the core business process of the organization; and, TSE: includes all of the components of the security screening system along with their functionality and capabilities. System architecture allows for the creation of conceptual models that describe the existing and future structures of a particular system, as well as their components and the relationships between each component. Since the Strategic Five-Year Technology Investment Plan focuses on technology investments, the focus will be the security screening equipment architecture domain. However, the other architecture domains and their relationship and impact to the security screening system must be addressed to create a comprehensive system that connects the business needs, information, and IT infrastructure. This architecture will enable expanded implementation of RBS by developing an integrated and modularized security screening system that defines business rules, TSE functionality, information exchange, and decision making. Risk and impact analyses examining the effect of acquiring and implementing new screening countermeasures can be done at the system level rather than the component level, enabling comprehensive analyses rather than stove-piped decision making. 25

31 Over the next few years, TSA will focus on developing a comprehensive system architecture that will allow TSA to proactively identify gaps and define capabilities at a system level. TSA will collaborate with industry to develop this shared vision for the future state of aviation security where business, data, and next-generation platforms combine to enable near real-time decisionmaking and response capabilities to combat emerging and evolving threats. TSA is continuing to pursue advanced concepts and capabilities to enable TSA s vision of the future of security screening. To focus these investments, as discussed previously, TSA generates a list of capability gaps to drive continued technology development and enhancement using a structured, repeatable process. Technology solutions are developed in order to close capability gaps, bolster aviation security, and drive toward the Airport of the Future. A. Technology Capability Gaps In relation to risks and capability gaps, TSA considers how securing against terrorism threat priority areas align to the homeland security missions, as articulated in the 2014 Quadrennial Homeland Security Review. TSA is currently focused on the following technology capability gaps, identified by the risk and capability analysis processes discussed in the Pre-Need phase of the Technology Investment Framework. Although risks and capability gaps across TSA were considered, the Strategic Five-Year Technology Investment Plan presents technology capability gaps as they are specifically related to technology acquisitions. Because the capability gaps are tied to specific vulnerabilities, the list below has been generalized for public release. While prioritization is a key driver of technology investment planning, a list of prioritized capability gaps is sensitive and is not disclosed in this Plan. As of 2015, the non-prioritized capability gaps driving technology and investment development include: Enhance the ability to resolve alarms; Enhance operators' ability to screen passengers carry-on and checked baggage; Support risk-based screening throughput goals; Enhance the ability to verify a passenger s identification and determine vetting status; Minimize physical contact with passengers; Reduce divestiture screening requirements; Enhance the ability to identify and screen a passenger and his baggage based on an assigned risk level; Enhance the ability to integrate systems to support risk-based screening; Support remote access and data collection from TSE; and, Enhance the ability to adjust security posture based on risk. B. Ongoing Technology Initiatives and Innovative Concepts Recognizing that the threat environment is constantly evolving, TSA pursues enhanced capability development to address capability gaps, optimize existing technologies, and develop future technologies. Capability development occurs in tandem with the recapitalization and 26

32 upgrades to existing technology. This allows TSA to procure technologies and upgrade existing machines by improving detection algorithms (or other similar methods) as new capabilities arise instead of requiring complete system replacements. Some significant initiatives and concepts are: 1. APEX Screen at Speed APEX Screen at Speed, a program led by DHS S&T in collaboration with TSA, was formed to help field solutions for TSA s capability gaps. APEX Screen at Speed has developed a checkpoint vision that includes the goals of deployable aviation security checkpoint technology that screens 300 passengers and their carry-on belongings per lane, per hour at a high detection level with no divestiture of liquids or electronics and dynamic adaptation to support RBS. DHS S&T will work closely with TSA to create a checkpoint architecture evolution plan, and screening device development spirals will be coordinated with TSA s recapitalization plans to ensure smooth and timely technology insertion. 2. Dynamic Aviation Risk Management Solution The Dynamic Aviation Risk Management Solution is a unified framework that supports highly effective and efficient security by assessing risk on a flight-by-flight basis. The vision is to unify, quantify, and integrate risk information across the aviation domain to comprehensively assess risk on an individual, per flight basis. The Dynamic Aviation Risk Management Solution will also enable TSA to adjust risk levels within established risk tolerance limits by applying dynamic security capabilities. The Dynamic Aviation Risk Management Solution will integrate information across five threat vectors: passengers, checked baggage, cargo, aircraft operator, and airport/perimeter. This approach will provide a more comprehensive picture of total flight risk, enabling TSA to reduce risk, allowing for more dynamic allocation of resources. The Dynamic Aviation Risk Management Solution creates a dynamic, agile, effective and resilient aviation security system that increases value to the American people and expedites the legitimate movement of travelers and commerce. Successful implementation of this holistic approach to RBS: Performs proactive risk assessments across the threat vectors; Provides a more complete picture of total flight risk; Uses multiple dimensions to assess risk; and, Allocates resources according to emerging threats and total risk picture. 3. Open Threat Assessment Platform Dynamic risk-based screening leverages passenger risk information to screen each passenger at a level commensurate with that person s vetting status and the current operational environment. The transition to dynamic RBS will result in higher-efficiency screening, improved security, improved passenger experience, and flexible screening that can be adjusted on the fly. Sandia 27

33 National Labs is developing the Open Threat Assessment Platform, a limited-scope prototype X- ray detection platform that utilizes an open Application Programming Interface, standard data formats, and human-annotated images to aid machine learning and human factors experts in developing algorithms that assist Transportation Security Officers. 4. Biometrics TSA is investigating the expansion of the use of biometrics, which could be applied to significant capability needs identified by DHS s Preliminary Mission Need Statement for the DHS Joint Biometrics Program. TSA can explore more robust applications of biometrics in the operational environment, including streamlined and expedited access control for crew members, and identity verification at the checkpoint for passenger authentication. A biometrics solution could be networked to facilitate near-real time exchange of the passengers risk levels once integrated with screening equipment, therefore enabling RBS. 5. Enhanced Access to Operational-Like Environments One of the difficulties with the development and integration of new capabilities is successful system integration within TSA s operational environment. TSA will continue to explore avenues for increasing enhanced access to operational-like environments, potentially exploring the concept of innovation lanes at pilot airports. Increasing access to operational environments could help provide real-life operational experience and reduce technology transition time and cost. Figure 9 details ongoing near-term (one to three years) and far-term (three to five years) functional enhancements, including detailed technology initiatives within DHS and TSA, which support addressing the previously identified capability gaps. This is not a comprehensive list of all the relevant technology initiatives but rather a selection of significant initiatives that will address existing capability gaps over the next five years. 28

34 Figure 9. Functional Enhancements 29

35 Pre-Decisional DRAFT C. Avenues for Innovative Technology Development TSA works with a number of partners, including government agencies, industry, and academia, to address innovative technology development to solve some of the Nation s toughest security challenges. TSA works with DHS S&T through the RDT&E programs for the development and testing of enhanced security equipment and improved operational processes. Coordination and oversight of the range of RDT&E activities associated with supporting TSA requirements is the responsibility of the RDT&E Program Coordination Steering Group. 1. DHS S&T TSA actively collaborates with DHS S&T to develop and transition cutting edge aviation security capabilities. Congress created DHS S&T under the Homeland Security Act of 2002 (P.L ) to, [conduct] basic and applied research, development, demonstration, testing, and evaluation activities relevant to any or all elements of the Department. In addition to helping develop new capabilities and knowledge products, DHS S&T serves as the primary interface with the Transportation Security Laboratory, which provides research, development, and validation of solutions to detect and mitigate the threat of improvised explosive devices. DHS S&T also serves as a pathway to research and development partners and networks both internal and external to DHS and the U.S. Government. 2. National Institute of Standards and Technology (NIST) To enhance interoperability, TSA works with NIST through the DHS Standards Executive. TSA specifications and solicitations are developed in consultation with NIST to reference relevant standards. Specifically, through sponsorship by the DHS Standards program, NIST is collaborating with TSA to provide subject matter expertise and traceable, standard explosive material in support of quality assurance on TSA s fielded ETD Systems. NIST has also provided on-site support for TSA s test and evaluation program and collaboration with TSA to develop Non-Contact Scanner Testing. 3. National Labs Through TSA s partnership with DHS S&T, TSA has been engaging with the Department of Energy National Labs for several years. One example is the NEXUS collaboration for explosives characterization work. Another example is the Transportation Systems Analysis Lab Team, which is a collaborative effort between TSA and the National Labs that works to provide systems analysis tools and capabilities that can assist in the design and development of a future TSA screening architecture capable of defending against an evolving threat. TSA also collaborates with the National Labs in the execution of field evaluations to understand the varied use of key resources in managing screening operations and mitigating potential threats. Additionally, TSA works with National Labs to conduct human factors analysis to obtain an understanding of perceptual capabilities, cognition, image interpretation, and decision-making strategies that will inform TSA technology decisions, procedures, and training. 30

36 Pre-Decisional DRAFT 4. University Centers of Excellence DHS S&T has an established relationship with University Centers of Excellence to help develop customer-driven homeland security science and technology solutions and educate the next generation of homeland security experts. Since 2007, the Centers of Excellence have received $74.5 million in follow-on funding from DHS S&T and other sources. TSA will continue to leverage this relationship through its partnership with DHS S&T to enhance current partnerships and explore new opportunities with Centers of Excellence, such as the National Center for Risk and Economic Analysis of Terrorism Events, the Center for Visualization and Data Analytics, the National Consortium for the Study of Terrorism and Response to Terrorism, and the Center for Awareness and Localization of Explosives-Related Threats. The Center for Awareness and Localization of Explosives-Related Threats currently works with a number of partners in the aviation security industry to study the feasibility of using new concepts within operational environments. TSA will look to explore new ways to enhance these partnerships and encourage participation from a broader range of academic institutions, particularly in multi-disciplinary fields. 5. Inter-Agency Collaboration and Partnerships TSA utilizes inter-agency agreements with many government partners to advance and supplement their capabilities. The majority of these agreements, as well as the associated funding, are with DHS S&T for analysis, verification, and research and development; however, TSA also funds certain agreements with other agencies. Technical Support for the TSA Checkpoint Division, an inter-agency agreement conducted with The Johns Hopkins University Applied Physics Laboratory, contributed to the identification and assessment of screening and surveillance technologies, developed test articles and surrogates for future technology assessments, and provided general systems engineering technical support during the development of aviation-related screening and surveillance technologies. In addition to leveraging its relationship with DHS S&T, TSA should increase engagement with other interagency partners, specifically the Federal Bureau of Investigation, the Defense Advanced Research Projects Agency, the Joint Improvised Explosive Device Defeat Organization, and the Defense Threat Reduction Agency. By leveraging existing relationships with these and other similar agencies, TSA can gain exposure to new technological innovations in different fields such as medicine, electronics, and computing. 6. Public-Private Partnerships and Small and Disadvantaged Company Participation TSA is continuing to explore new ways to expand and increase integration with industry, and will look to increase open dialogue regarding future collaboration and partnerships. The Transportation Security Innovative Concepts Broad Agency Announcement is a solicitation through FedBizOpps.gov that seeks to accelerate the design, realization and delivery of new capabilities to the field by focusing on advancing state-of-the-art technology and increasing knowledge or understanding related to transportation security. TSA also intends to issue targeted Broad Agency Announcements and allocate dedicated funding in order to solicit focused offers that target a specific domain of interest. Broad Agency Announcements and targeted Broad 31

37 Pre-Decisional DRAFT Agency Announcements provide an open platform that encourages and enables small and disadvantaged company participation. TSA also continues to work with and pursue additional relationships with alternative investment organizations, such as In-Q-Tel. TSA can also explore additional ways to encourage small business participation through other avenues, such as pairing small businesses with mentors to guide through the process, or developing a manual to provide education on the operational landscape and requirements. Additionally, the development of standards-based, interoperable data architecture can also encourage the participation of small and disadvantaged companies by lowering the barrier to entry and creating new avenues for competition, such as the development of third party algorithms. Leveraging small businesses with local presence could enhance TSA s ability to coordinate more effectively, enhance relationships with local airports, and increase responsiveness. Small Business ETD In March 2015, TSA awarded a contract for 1,170 ETD units to a new entrant Small Business, a prime example of a small business introducing new ETD technology into aviation security and achieving approval through the TSA Qualified Products List process. TSA is investigating ways to implement contract strategies that provide more predictability and clarity to businesses of all sizes. A significant challenge with providing opportunities to smaller businesses for security-related technology is that the commercial marketplace for security related technology is incredibly limited, with only a handful of vendors. The amount of fiscal capital and time required to develop, qualify, and produce these highly complex and expensive technologies represents a significant barrier to entry. TSA frequently works with small businesses interested in the market and will continue to investigate opportunities to work with DHS S&T to support development of new technologies. 32

38 Pre-Decisional DRAFT VI. Conclusion Over the next five years, TSA will invest a significant portion of its security capability acquisition budget of $3.6 billion in technologies to secure the Nation s transportation system. Additionally, DHS S&T will contribute over $300 million to advancing security technologies. Forging a strategy to guide investment decisions for security technologies relies upon a shared awareness and understanding of the TSA mission and realities. The Strategic Five-Year Technology Investment Plan informs Congressional, industry, DHS, and TSA stakeholders on current and future state realities while supporting the implementation of best practices and increased transparency. The four themes of the Strategic Five-Year Technology Investment Plan align closely to TSA s goals and the requirements set forth in the Transportation Security Acquisition Reform Act of 2014: Integrating Principles of RBS in Capabilities, Processes, and Technologies; Enhancing Core Mission Delivery by Focusing on a System of Systems; Streamlining Acquisitions, Requirements, and Test and Evaluation processes; and, Increasing Transparency in Engagement with Stakeholders to Enable Innovation. TSA will embrace and leverage relationships with stakeholders across industry and government to solicit innovative input and inform future investment decisions. The resulting outputs will guide investment decisions for future capabilities that enable TSA to adapt to evolving security threats in the most effective and efficient ways possible. 33

39 Pre-Decisional DRAFT VII. Appendices A. Process and Stakeholder Engagement Activities This appendix details TSA s approach to development of the Strategic Five-Year Technology Investment Plan, inclusive of TSA s stakeholder engagement strategy. Timeline 1. Response Process The Transportation Security Acquisition Reform Act (P.L ) was signed into effect on December 18, 2014, requiring the submission of a Strategic Five-Year Technology Investment Plan to Congress within 180 days by June 17, Phases The process to write the Plan included four phases: (1) Response Preparation; (2) Stakeholder Engagement and Input Gathering; (3) Analysis and Writing; and, (4) Approval and Release. The Response Preparation phase took place in December and January and included analysis of the Transportation Security Acquisition Reform Act s requirements and formalization of the response effort, including points of contact and required or suggested stakeholders. The Stakeholder Engagement and Input Gathering Phase began in January and extended throughout the duration of the effort. This phase involved engaging internal and external stakeholders in TSA, DHS, and industry via briefings, input gathering sessions, review and feedback periods, industry forums and working groups, and the release of a Request for Information. Occurring concurrently and immediately after this phase was the Analysis and Writing phase. In addition to the writing process, this phase included the use of an input deliberation framework to analyze stakeholder inputs to the Plan. The framework included the following strategies: Understand the Act s requirements and scope Consider how the inputs in question address the Act s requirements and the scope of the Plan. Acknowledge key decisions and themes Determine whether the input acknowledges the Plan s key themes and strategic considerations, including the current state of the TSA acquisitions process (including budget, timelines, and ongoing initiatives). Engage TSA, DHS, and Industry Subject Matter Experts Engage TSA, DHS, and industry subject matter experts to assess the input, and validate with TSA Leadership. Determine if and where to incorporate Adjudicate input with a rationale for inclusion or exclusion; if included, determine the correct placement and context. 34

40 Pre-Decisional DRAFT The Approval and Release phase occurred from March through June and incorporated various review cycles with TSA, DHS, and industry. This phase and the creation of the Plan culminated with submission of the Plan to Congress. 2. Stakeholder Engagement Process TSA actively engaged industry and government stakeholders in order to develop next generation technologies in an effective and efficient way. TSA solicited stakeholder input throughout the creation of the Plan. TSA Internal stakeholders within the TSA participated in the creation of the Plan with the intent of collecting knowledge from each office and division and aligning vision for the Plan through review and feedback sessions. Engaged teams included the Office of Security Capabilities, Office of Acquisition, Office of Security Operations, Office of Information Technology, Office of Security Policy and Industry Engagement, Office of Finance and Administration/Chief Financial Officer, and Executive Secretariat. Input gathering forums included various briefings, input gathering meetings, and review/feedback sessions. During input gathering meetings, divisions were solicited to provide their thoughts and strategic vision for specific requirements that fall under their jurisdiction. The Department of Homeland Security and Other Government Agencies DHS headquarters stakeholders were engaged with the intent of coordinating and collaborating with counterparts to inform the Plan s strategic and technological components. Engaged teams included DHS S&T and DHS Management Directorate. Industry Industry was engaged throughout the Stakeholder Engagement and Input Gathering phases, with the intent of establishing a dialogue to shape the Plan and inform future requirements and investment. Engagement varied from current TSA vendors to companies that have not done business with TSA. Input gathering sessions included the WHSR/SMC Industry Forum Kickoff and four subsequent Working Groups focused on specialized topic areas, and a Request for Information. The WHSR/SMC Industry Forum Kickoff outlined TSA s response to the Transportation Security Acquisition Reform Act and key requirements, established a vision and cadence for the WHSR/SMC Industry working groups, and provided briefings on topics of interest to industry. Upon the kickoff s closing, industry attendees signed up for one of four working groups: (1) Systems Architecture; (2) Acquisitions, Requirements, and Test and Evaluation; (3) Checked Baggage Screening Technologies; and, (4) Passenger Screening Technologies. Each subsequent working group provided a program brief or status update to industry attendees, and delved into relevant and key discussion questions. Inputs were aggregated using the aforementioned input 35

41 Pre-Decisional DRAFT deliberation framework. Overall, over 70 participants from over 60 different companies attended the kickoff and working groups and provided their input. In late-february and March, industry had further opportunity to provide input through a Request for Information on key discussion points of the Plan, including key trends, proposed process improvements, opportunities for intergovernmental and industry collaboration, security concerns, and interoperability. TSA received 11 responses to the RFI; these responses were analyzed using the input deliberation framework and used to inform the Plan. The WHSR and the SMC hosted an Industry Debrief in late March to discuss inputs gathered from industry across channels. TSA reviewed ideas that were incorporated into the Plan and ideas that are documented for future implementation. TSA is also creating a sustainable industry engagement model to continue post publication of the Plan with the goal of executing upon the ideas and concepts detailed during the working groups and RFI. As mandated, TSA will revisit the Plan every two years. Enacting ongoing engagement initiatives will help TSA ensure compliance with the Plan and progress along the Plan s priorities. In addition, TSA provided a draft copy of the plan for review and comment to the Aviation Security Advisory Committee. The response process and stakeholder engagement strategy utilized to inform the Strategic Five-Year Technology Investment Plan proved successful in achieving collaboration and unification on key themes in a prompt and efficient manner. 3. Non-Government Contributors The following individuals, listed in Figure 10, contributed to the Plan through the WHSR/SMC Industry Forum Kickoff and subsequent Working Groups, submission of RFIs, or participation in review rounds. Figure 10. List of Non-Government Contributors Name Firm Involvement Kate Abrey Accenture WHSR/SMC Industry Working Group: Passenger Screening Technologies Kenny Lawhorn Accenture WHSR/SMC Industry Forum Kickoff Mark Tropea Adobe WHSR/SMC Industry Forum Kickoff Larry Studdiford Andreas (Andy) Gruendel AECOM Alelo Inc. Group: Checked Baggage Technologies POC for RFI Response Beth Fleshman Alion Science and Technology Group: Systems Architecture Sten Peeters Analogic Group: Passenger Screening Technologies Tim Faulkner Arc Aspicio Group: Passenger Screening Technologies Christine Kraft AT&T Group: Passenger Screening Technologies Ed Yost Axxum Tech Group: Systems Architecture Robert Gaona Ball Aerospace Administrative POC for RFI Response 36

42 Pre-Decisional DRAFT Michael Garramone Ball Aerospace Group: Systems Architecture; Technical POC for RFI Response Don Lamonaca Battelle WHSR/SMC Industry Working Group: Checked Baggage Technologies Andrea Marsh Battelle WHSR/SMC Industry Forum Kickoff Nick Incontrera Black Diamond Consulting Group: Systems Architecture Fred Schwien Boeing Group: Systems Architecture Loucinda "Cindy" Carey Bruker Detection Corporation Group: Passenger Screening Technologies Chris James CCSi Group: Systems Architecture Charles McKee Definitive Logic Corporation Group: Systems Architecture Steve Mikolaski Deloitte TSA Contractor; WHSR/SMC Industry Forum Kickoff; WHSR/SMC Industry Working Group: Systems Architecture; Plan reviewer Susan Hopkins DSCI Group: Systems Architecture Adam Freimanis E3 Federal Solutions WHSR/SMC Industry Forum Kickoff Brian Silverio E3 Federal Solutions WHSR/SMC Industry Working Group: Systems Architecture Gunvir Baveja evigilant Security, Inc Group: Systems Architecture Dave Cullin FLIR Systems WHSR/SMC Industry Forum Kickoff Aimee Rose FLIR Systems WHSR/SMC Industry Working Group: Systems Architecture Rick Hayes GD IT Group: Systems Architecture Michael Saunders GD Mission Systems Group: Systems Architecture Andrea Carroll General Dynamics Advanced Information POC for RFI Response Systems (GDAIS) Don Fenhagen IBM WHSR/SMC Industry Forum Kickoff Michael Preis IBM WHSR/SMC Industry Working Group: Passenger Screening Technologies Robert Liscouski Implant Sciences WHSR/SMC Industry Working Group: Passenger Screening Corporation Technologies Todd Swearingen Implant Sciences Corporation WHSR/SMC Industry Forum Kickoff Ralph Riddle IT TechDirect Group: Passenger Screening Technologies Rodger Moore K2 Solutions Inc. WHSR/SMC Industry Working Group: Passenger Screening Technologies David Whitmire K2 Solutions Inc. WHSR/SMC Industry Forum Kickoff Paul Erhard L-3 Communications Group: Passenger Screening Technologies Stan DeFilippis Leidos Group: Checked Baggage Technologies Jason Ludicke LexisNexis Group: Passenger Screening Technologies 37

43 Pre-Decisional DRAFT Robert L. Morgan III Lockheed Martin POC for RFI Response Elmer Nelson Lockheed Martin WHSR/SMC Industry Forum Kickoff Sallie Vollmer Lockheed Martin WHSR/SMC Industry Working Group: Systems Architecture Karthik Srinivasan ManTech Group: Systems Architecture Joe O Neill MITRE Group: Systems Architecture Maurine Fanguy MorphoTrust Group: Passenger Screening Technologies; POC for RFI Response Suzanne Liscouski NCI Group: Checked Baggage Technologies Jeremias Alvarez PwC Public Sector WHSR/SMC Industry Forum Kickoff Ashley Mattison PwC WHSR/SMC Industry Working Group: Systems Architecture Jerek Knight Rapiscan Group: Passenger Screening Technologies; POC for RFI Response Michael Dougherty Raytheon WHSR/SMC Industry Forum Kickoff Edward Olin Raytheon WHSR/SMC Industry Working Group: Checked Baggage Technologies Paul Bander Salient WHSR/SMC Industry Forum Kickoff Frank Sorbo SAS Federal Group: Systems Architecture Erin Gallagher Schafer Group: Systems Architecture Merv Leavitt SCRA Group: Systems Architecture Carolyn Muir SE Solutions WHSR/SMC Industry Forum Kickoff Joshua Kersey Sentinel Group: Passenger Screening Technologies T.J. Schultz SMC WHSR/SMC Industry Forum Kickoff and all Working Sessions Luke Olsen Smiths Detection WHSR/SMC Industry Working Group: Checked Baggage Technologies; Sales POC for RFI Response Sissy Pressnell Smiths Detection Group: Acquisitions, Requirements, and Test and Evaluation; Government Relations POC for RFI Response Chris Allen SRA International WHSR/SMC Industry Working Group: Systems Architecture; POC for RFI Response Eli Hammerman SRA International POC for RFI Response Pembroke Washington SRA International WHSR/SMC Industry Forum Kickoff LeeAnn Levesque SureScan Group: Checked Baggage Technologies Steven Whitcomb TASC Group: Systems Architecture Scott Hanlon Teradata Government Systems WHSR/SMC Industry Forum Kickoff Peter Ettinger The Spectrum Group Group: Checked Baggage Technologies Lee Plumb Triumph Group: Systems Architecture Chris Leonard Vencore Group: Systems Architecture 38

44 Pre-Decisional DRAFT Rowdy Adams Vivek Malhotra ViON VMD Systems Integrators, Inc. Group: Systems Architecture; POC for RFI Response WHSR/SMC Industry Forum Kickoff Robin Baughman VTC Group: Systems Architecture Metra Horetsky WHSR WHSR/SMC Industry Forum Kickoff and all Working Sessions Seton Parsons WHSR WHSR/SMC Industry Forum Kickoff and all Working Sessions David Olive WHSR WHSR/SMC Industry Forum Kickoff Kay Olive WHSR WHSR/SMC Industry Forum Kickoff and all Working Sessions 39

45 Pre-Decisional DRAFT B. Airport Other Transactional Agreement List TSA strives to ensure checked baggage screening zones utilize screening equipment capable of meeting the existing baggage demand in the most operationally efficient manner. Figure 11 details the location of planned checked baggage inspection system projects for FY 2015 and FY 2016, including recapitalization and optimization projects, as well as proposed airport projects beyond FY FY 2017 projects may include both recapitalization and efforts to bring optimal solutions to certain baggage screening areas. For example, based on baggage demand, TSA may migrate a zone from stand-alone screening to an in-line system, or introduce standalone EDS into previously ETD-only screening zones. Final planning for airport projects in FY 2017 and beyond is ongoing, and projects will be considered according to the strength of their contribution toward fulfilling the agency's mission to protect the Nation s transportation systems. This preliminary information is provided for contextual awareness and changes to this information should be anticipated. Other FY 2017 checked baggage screening enhancements will include efforts to fund development and possible deployment of RBS capabilities. The RBS effort has made tremendous progress towards implementation in checked baggage technologies, with active pilots evaluating proofs of concept. Decisions to deploy RBS capabilities in the checked baggage screening environment will be made after appropriate analysis and alternatives are considered. Figure 11. Planned or Proposed EDS Projects: FY 2015 FY