The Transportation Security Administration (TSA) released a 23-page report in October outlining proposed major changes for how it wants to screen passengers at airports to help keep them safe from terrorism. The changes include far greater reliance on biometric technology and intelligence analysis to move people through screening points more quickly.
This comes after the Department of Homeland Security’s Inspector General reported in September that TSA failed to detect more than 70 percent of fake explosives, firearms and other prohibited items during snap testing earlier this year. Yet the testing also showed that TSA is getting better at detection, improving greatly from an early test in 2015.
TSA released a new strategic plan earlier this year that lays out just how the administration plans to utilize advanced intelligence tools and methodologies to identify and stop terror threats across all national modes of transportation. Its capabilities to manage threat and facilitate the movement of people and goods during the holiday season are extraordinarily complex and dynamic.
Patricia Cogswell is the Acting Deputy Administrator at the Transportation Security Administration. She is a homeland security professional with vast experience at DHS, its predecessors and the White House. The Cipher Brief’s Todd Rosenblum sat down with her to talk about how TSA plans to continue to counter threats to the homeland, especially during this time of increased travel.
The Cipher Brief: It used to be that terrorists were intent on bringing down commercial aircraft. Are those still top targets and do you see the threat landscape expanding to other modes of transportation?
Cogswell: Once upon a time, aviation was the crown jewel. A big explosion of an airliner was the element everybody sought after 9/11. We've seen real change in how terrorists operate over the last number of years. The first is we no longer have one big group, we have a lot of splinter cells. We also have a move from a belief that only a large-scale attack matters, to a belief that radicalizing in place is good enough. We have to fight it on both ends. We don't get to pick and choose, and just only protect against one. We don't tier our risks or look at them differently. We say we have to address each and every one of them. We just address them differently based on what our authorities are.
In an aviation environment, we have greater authorities and tools because we operate the checkpoints and can issue a specific type of regulatory process with foreign carriers flying to the homeland. Then we can talk about how bus, rail or a pipeline operates. We are a regulatory entity, we don't own and operate these so the way we would mitigate that is very different. There, you're talking about threat briefs to help people build, exercise and inspect plans. It’s a very different type of environment.
The Cipher Brief: How is TSA adjusting its intelligence and information sharing protocols, identifying threat and doing risk management? Can you walk through what data is critical and the role of intelligence in your decision making?
Cogswell: One is the one you just alluded to, understanding what the threats are. This can be the threat of a specific terrorist element, or a person wanting to build X way or move it in Y fashion. It can also mean the vetting of individuals.
In the first instance, we look at intelligence very closely, at what persons or groups are directly talking about, or interested in. The secondary piece is much more of ‘what else do we see out in the ecosystem that could be coming to an aviation or transportation mode in the not terrifically distant future’? Some of this is understanding what's out in the ether, what's out in the domain of wider knowledge that people can get to relatively easily in terms of the way to construct portable devices or descriptions of plans. Some of it is very much along the lines of understanding all that. How realistic is it that their plan can become actionable? What would they have to do? We need to game that through. And those are hugely important conversations for us and the intelligence community to walk through together.
The other half is the vetting side. The ability to know what derogatory information is known about individuals. The secondary piece is not specifically knowing individuals, but derogatory information that might indicate something about where someone is moving.
The Cipher Brief: What would you like to convey to the public at large about why it's important to go through the screening process? Have you found there are certain ways to relate this information to the public that increase understanding and cooperation?
Cogswell: This is a daily effort that we strive towards, that we never can take the foot off the gas, and always continue to look for different ways to explain it. People somehow take inspection as something that is aimed against them, as opposed to understanding that you must look at everybody for the health of the system. You can't just exempt certain people or focus on somebody else. We watch the intel, and frankly, have enough information indicating threats from a variety of different angles. I would say the place that we're probably best at doing some of this is on our social media presence. We won three Webby Awards in 2018, which is pretty exciting for us.
The Cipher Brief: What are the technology trends you're seeing? Are there breakthrough level technologies as you look out one to five years? Will changes in types of technology be incremental?
Cogswell: It will be a combination of both. There are certain things, and I'll point to computer tomography as the big one, in many ways we're looking at it as evolutionary change using the same underlying technology. Tomography uses the same technology as an MRI. We've been using it to inspect checked bags for a long-time, but its size and power requirements have limited its potential. It was too big to use at a checkpoint. We finally got the size and power supply demand down so that it can be used at checkpoint lanes in most airports today. We're going to look at slightly bigger options for screening cargo pallets. And smaller: we have some very small airports. Here we need this technology to be even smaller and use less power. There are other evolving technologies like biometrics and biometric exit.
At the same time as you're seeing growth in the aviation industry, we want to transform what the experience looks like from curb-to-gate, and that's opening a completely different world, too. What about a different way of helping people get their boarding passes? That wasn't really an option before when we were trying to go it alone because we didn't have a partner who had the funds necessary to invest in that kind of holistic experience.
The Cipher Brief: What is TSA’s relationship with the technology sector? How would you characterize that relationship right now?
Cogswell: There is a robust domestic and international collaboration in these areas. We have an Innovation Task Force looking across six different categories of areas that we're interested in. We have a lot of entities showing up at our industry days wanting to know where we are going, where can they work directly with us. And they’re working directly with airports, too.
The Cipher Brief: Do you have a research lab at TSA for looking at these sorts of things?
Cogswell: Yes. I think you know about the transportation security lab that's managed by the DHS S&T Directorate. And then there's a second part within the TSA that we manage here directly. We work it as a holistic stream. So, there is an entry point. You get on a qualify products list. We do operational test processes both at our lab and then out in the field, so that it's not just equipment in a pure lab environment. We have certain standards for when you get it closer and closer to being used operationally.
The Cipher Brief: What went into pulling together the TSA strategy for 2018 – 2026? What are its core points?
Cogswell: The first thing to note is that there are three primary themes. The first one is improving security and safeguarding the transportation system, which has been a mainstay and a continuing element. The second is accelerating action. We want to make sure that we are institutionalizing all the processes we need without losing any of the speed and agility that goes with it. The third is committing to our people. We need to invest and build real career paths for our people that see them through the life of the agency and offer them opportunities across all of our various disciplines.
We made other changes, too. Most importantly is changing our motto. It used to be ‘Not on my watch’. It became ‘Not on our watch’. We really wanted to refocus and emphasize the idea that this is a joint function of all of our key stakeholders; airports, airlines, private sector partners and foreign partners. This flows directly from the strategy.
We also have published the administrator’s intent, which outlines what we're going to achieve between now and 2020. It’s pretty specific, and has significant deadlines associated with achieving certain elements of that strategy. Finally, we have a first-ever five year capital investment plan. This is a big switch for us as an agency.
The Cipher Brief: What are the roles and missions for TSA and others when someone pulls up at the airport? Most people see someone in uniform and don't understand who does what.
Cogswell: It's not even easy for people who do this on a regular basis to understand, in part because it can vary by airport. Sometimes airports are owned by municipalities, sometimes by private entities. There is a wide range of physical infrastructure. Then there are the air carriers. Sometimes airlines are the terminal or airport operator. Sometimes security comes from local police from the city municipality, county or directly on behalf of the airport. Metropolitan Washington Airport Authority has its own police force separate and apart from Virginia Fairfax County. You need protocols in basically every airport.
And then you have all of our federal partners who are in that space. FAA is a hugely important and close partner. CBP, ICE, and FBI all operate at airports. There are several associations both on behalf of the airports, the airlines, the pilots and the flight attendants.
The Cipher Brief: What worries you the most? What are the patterns and trends in transportation writ large that you see as most challenging to meet your mission?
Cogswell: Cyber is pretty high on my list. We rely on interconnected information. It is absolutely critical. And we are becoming more connected through the Internet of Things devices. We must have understanding of your information ecosystem as you're bringing in more data and new items into your supply chain. I need to know that at the starting point I have faith and confidence in the initiation. If I don't have confidence at the starting point, it doesn't ring true.
I would say the other piece is how the adversary is encouraging people to take action with little training. Radicalization can take hold in a short window of time. Our ability to detect that in advance is harder, which means we need to put more and greater emphasis on immediate steps to respond.
The Cipher Brief: You've had the opportunity to hold positions of responsibility across DHS and at the White House. What do you see as the most promising sign of progress towards integrating the department?
Cogswell: I'm really enjoying how well the components are working together on common items of interest. When DHS started, all the components were running so hard because they had so much to do, that they didn't have time to cross proliferate. We spent a lot of time introducing people to each other for the first time. Now, this many years in, I met all of the other deputies before I ever got to this job. I know people in pretty much every part of the department. You recognize a commonality. You recognize a common interest. You're on the phone. You're asking ‘Is this hitting the top of your list? Do you want to work together to solve this?’ I love that fact that we have gotten to the point that we're mature enough and have a shared history so that we can work that way.
Get more Cipher Brief columns and interviews dedicated to Homeland Security...