[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2361 Reported in Senate (RS)]
<DOC>
Calendar No. 382
114th CONGRESS
2d Session
S. 2361
[Report No. 114-222]
To enhance airport security, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
December 7, 2015
Mr. Thune (for himself, Mr. Nelson, Ms. Ayotte, Ms. Cantwell, Mr.
Johnson, Ms. Klobuchar, and Mr. Carper) introduced the following bill;
which was read twice and referred to the Committee on Commerce,
Science, and Transportation
March 7, 2016
Reported by Mr. Thune, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To enhance airport security, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``Airport Security
Enhancement and Oversight Act''.</DELETED>
<DELETED>SEC. 2. FINDINGS.</DELETED>
<DELETED> Congress makes the following findings:</DELETED>
<DELETED> (1) A number of recent airport security breaches
in the United States have involved the use of Secure
Identification Display Area (referred to in this section as
``SIDA'') badges, the credentials used by airport and airline
workers to access the secure areas of an airport.</DELETED>
<DELETED> (2) In December 2014, a Delta ramp agent at
Hartsfield-Jackson Atlanta International Airport was charged
with using his SIDA badge to bypass airport security
checkpoints and facilitate an interstate gun smuggling
operation over a number of months via commercial
aircraft.</DELETED>
<DELETED> (3) In January 2015, an Atlanta-based Aviation
Safety Inspector of the Federal Aviation Administration used
his SIDA badge to bypass airport security checkpoints and
transport a firearm in his carry-on luggage.</DELETED>
<DELETED> (4) In February 2015, a local news investigation
found that over 1,000 SIDA badges at Hartsfield-Jackson Atlanta
International Airport were lost or missing.</DELETED>
<DELETED> (5) In March 2015, and again in May 2015,
Transportation Security Administration (referred to in this
section as the ``Administration'') contractors were indicted
for participating in a drug smuggling ring using luggage passed
through the secure area of the San Francisco International
Airport.</DELETED>
<DELETED> (6) The Administration has indicated that it does
not maintain a list of lost or missing SIDA badges, and instead
relies on airport operators to track airport worker
credentials.</DELETED>
<DELETED> (7) The Administration rarely uses its enforcement
authority to fine airport operators that reach a certain
threshold of missing SIDA badges.</DELETED>
<DELETED> (8) In April 2015, the Aviation Security Advisory
Committee issued 28 recommendations for improvements to airport
access control.</DELETED>
<DELETED> (9) In June 2015, the Inspector General of the
Department of Homeland Security reported that the
Administration did not have all relevant information regarding
73 airport workers who had records in United States
intelligence-related databases because the Administration was
not authorized to receive all terrorism-related information
under current interagency watchlisting policy.</DELETED>
<DELETED> (10) The Inspector General also found that the
Administration did not have appropriate checks in place to
reject incomplete or inaccurate airport worker employment
investigations, including criminal history record checks and
work authorization verifications, and had limited oversight
over the airport operators that the Administration relies on to
perform criminal history and work authorization checks for
airport workers.</DELETED>
<DELETED> (11) There is growing concern about the potential
insider threat at airports in light of recent terrorist
activities.</DELETED>
<DELETED>SEC. 3. DEFINITIONS.</DELETED>
<DELETED> (a) Administration.--The term ``Administration'' means the
Transportation Security Administration.</DELETED>
<DELETED> (b) Administrator.--The term ``Administrator'' means the
Administrator of the Transportation Security Administration.</DELETED>
<DELETED> (c) Appropriate Committees of Congress.--The term
``appropriate committees of Congress'' means--</DELETED>
<DELETED> (1) the Committee on Commerce, Science, and
Transportation of the Senate;</DELETED>
<DELETED> (2) the Committee on Homeland Security and
Governmental Affairs of the Senate; and</DELETED>
<DELETED> (3) the Committee on Homeland Security of the
House of Representatives.</DELETED>
<DELETED> (d) ASAC.--The term ``ASAC'' means the Aviation Security
Advisory Committee established under section 44946 of title 49, United
States Code.</DELETED>
<DELETED> (e) Secretary.--The term ``Secretary'' means the Secretary
of Homeland Security.</DELETED>
<DELETED> (f) SIDA.--The term ``SIDA'' means Secure Identification
Display Area as defined in section 1540.5 of title 49, Code of Federal
Regulations, or any successor regulation to such section.</DELETED>
<DELETED>SEC. 4. THREAT ASSESSMENT.</DELETED>
<DELETED> (a) Insider Threats.--</DELETED>
<DELETED> (1) In general.--Not later than 90 days after the
date of enactment of this Act, the Administrator shall conduct
or update an assessment to determine the level of risk posed to
the domestic air transportation system by individuals with
unescorted access to a secure area of an airport (as defined in
section 44903(j)(2)(H)) in light of recent international
terrorist activity.</DELETED>
<DELETED> (2) Considerations.--In conducting or updating the
assessment under paragraph (1), the Administrator shall
consider--</DELETED>
<DELETED> (A) domestic intelligence;</DELETED>
<DELETED> (B) international intelligence;</DELETED>
<DELETED> (C) the vulnerabilities associated with
unescorted access authority granted to domestic airport
operators and air carriers, and their
employees;</DELETED>
<DELETED> (D) the vulnerabilities associated with
unescorted access authority granted to foreign airport
operators and air carriers, and their
employees;</DELETED>
<DELETED> (E) the processes and practices designed
to mitigate the vulnerabilities associated with
unescorted access privileges granted to airport
operators and air carriers, and their
employees;</DELETED>
<DELETED> (F) the recent security breaches at
domestic and foreign airports; and</DELETED>
<DELETED> (G) the recent security improvements at
domestic airports, including the implementation of
recommendations made by relevant advisory
committees.</DELETED>
<DELETED> (b) Reports to Congress.--The Administrator shall submit
to the appropriate committees of Congress--</DELETED>
<DELETED> (1) a report on the results of the assessment
under subsection (a), including any recommendations for
improving aviation security;</DELETED>
<DELETED> (2) a report on the implementation status of any
recommendations made by the ASAC; and</DELETED>
<DELETED> (3) regular updates about the insider threat
environment as new information becomes available and as
needed.</DELETED>
<DELETED>SEC. 5. OVERSIGHT.</DELETED>
<DELETED> (a) Enhanced Requirements.--</DELETED>
<DELETED> (1) In general.--Subject to public notice and
comment, and in consultation with airport operators, the
Administrator shall update the rules on access controls issued
by the Secretary under chapter 449 of title 49, United States
Code.</DELETED>
<DELETED> (2) Considerations.--As part of the update under
paragraph (1), the Administrator shall consider--</DELETED>
<DELETED> (A) increased fines and advanced oversight
for airport operators that report missing more than 5
percent of credentials for unescorted access to any
SIDA of an airport;</DELETED>
<DELETED> (B) best practices for Category X airport
operators that report missing more than 3 percent of
credentials for unescorted access to any SIDA of an
airport;</DELETED>
<DELETED> (C) additional audits and status checks
for airport operators that report missing more than 3
percent of credentials for unescorted access to any
SIDA of an airport;</DELETED>
<DELETED> (D) review and analysis of the prior 5
years of audits for airport operators that report
missing more than 3 percent of credentials for
unescorted access to any SIDA of an airport;</DELETED>
<DELETED> (E) increased fines and direct enforcement
requirements for both airport workers and their
employers that fail to report within 24 hours an
employment termination or a missing credential for
unescorted access to any SIDA of an airport;
and</DELETED>
<DELETED> (F) a method for termination by the
employer of any airport worker that fails to report in
a timely manner missing credentials for unescorted
access to any SIDA of an airport.</DELETED>
<DELETED> (b) Temporary Credentials.--The Administrator may
encourage the issuance by airport and aircraft operators of free one-
time, 24-hour temporary credentials for workers who have reported their
credentials missing, but not permanently lost, stolen, or destroyed, in
a timely manner, until replacement of credentials under section
1542.211 of title 49 Code of Federal Regulations is
necessary.</DELETED>
<DELETED> (c) Notification and Report to Congress.--The
Administrator shall--</DELETED>
<DELETED> (1) notify the appropriate committees of Congress
each time an airport operator reports that more than 3 percent
of credentials for unescorted access to any SIDA at a Category
X airport are missing or more than 5 percent of credentials to
access any SIDA at any other airport are missing; and</DELETED>
<DELETED> (2) submit to the appropriate committees of
Congress an annual report on the number of violations and fines
related to unescorted access to the SIDA of an airport
collected in the preceding fiscal year.</DELETED>
<DELETED>SEC. 6. CREDENTIALS.</DELETED>
<DELETED> (a) Lawful Status.--Not later than 90 days after the date
of enactment of this Act, the Administrator shall issue guidance to
airport operators regarding placement of an expiration date on each
airport credential issued to a non-United States citizen no longer than
the period of time during which that non-United States citizen is
lawfully authorized to work in the United States.</DELETED>
<DELETED> (b) Review of Procedures.--</DELETED>
<DELETED> (1) In general.--Not later than 90 days after the
date of enactment of this Act, the Administrator shall--
</DELETED>
<DELETED> (A) issue guidance for transportation
security inspectors to annually review the procedures
of airport operators and air carriers for applicants
seeking unescorted access to any SIDA of an airport;
and</DELETED>
<DELETED> (B) make available to airport operators
and air carriers information on identifying suspicious
or fraudulent identification materials.</DELETED>
<DELETED> (2) Inclusions.--The guidance shall require a
comprehensive review of background checks and employment
authorization documents issued by the Citizenship and
Immigration Services during the course of a review of
procedures under paragraph (1).</DELETED>
<DELETED>SEC. 7. VETTING.</DELETED>
<DELETED> (a) Eligibility Requirements.--</DELETED>
<DELETED> (1) In general.--Not later than 180 days after the
date of enactment of this Act, and subject to public notice and
comment, the Administrator shall revise the regulations issued
under section 44936 of title 49, United States Code, in
accordance with this section and current knowledge of insider
threats and intelligence, to enhance the eligibility
requirements and disqualifying criminal offenses for
individuals seeking or having unescorted access to a SIDA of an
airport.</DELETED>
<DELETED> (2) Disqualifying criminal offenses.--In revising
the regulations under paragraph (1), the Administrator shall
consider adding to the list of disqualifying criminal offenses
and criteria the offenses and criteria listed in section
122.183(a)(4) of title 19, Code of Federal Regulations and
section 1572.103 of title 49, Code of Federal
Regulations.</DELETED>
<DELETED> (3) Waivers.--In revising the regulations under
paragraph (1), the Administrator shall provide an adequate
redress process for an aviation worker subjected to an adverse
employment decision, including removal or suspension of the
aviation worker, due to a disqualifying criminal offense
described in this section.</DELETED>
<DELETED> (4) Look back.--In revising the regulations under
paragraph (1), the Administrator shall propose that an
individual be disqualified if the individual was convicted, or
found not guilty by reason of insanity, of a disqualifying
criminal offense within 15 years before the date of an
individual's application, or if the individual was incarcerated
for that crime and released from incarceration within 5 years
before the date of the individual's application.</DELETED>
<DELETED> (5) Certifications.--The Administrator shall
require an airport or aircraft operator, as applicable, to
certify for each individual who receives unescorted access to
any SIDA of an airport that--</DELETED>
<DELETED> (A) a specific need exists for providing
that individual with unescorted access authority;
and</DELETED>
<DELETED> (B) the individual has certified to the
airport or aircraft operator that the individual
understands the requirements for possessing a SIDA
badge.</DELETED>
<DELETED> (6) Report to congress.--Not later than 90 days
after the date of enactment, the Administrator shall submit to
the appropriate committees of Congress a report on the status
of the revision to the regulations issued under section 44936
of title 49, United States Code, in accordance with this
section.</DELETED>
<DELETED> (7) Rule of construction.--Nothing in this
subsection may be construed to affect existing aviation worker
vetting fees imposed by the Administration.</DELETED>
<DELETED> (b) Recurrent Vetting.--</DELETED>
<DELETED> (1) In general.--Not later than 90 days after the
date of enactment of this Act, the Administrator and the
Director of the Federal Bureau of Investigation shall fully
implement the Rap Back service for recurrent vetting of
eligible Administration-regulated populations of individuals
with unescorted access to any SIDA of an airport.</DELETED>
<DELETED> (2) Requirements.--As part of the requirement in
paragraph (1), the Administrator shall ensure that--</DELETED>
<DELETED> (A) any status notifications the
Administration receives through the Rap Back service
about criminal offenses be limited to only
disqualifying criminal offenses in accordance with the
regulations promulgated by the Administration under
section 44903 of title 49, United States Code, or other
Federal law; and</DELETED>
<DELETED> (B) any information received by the
Administration through the Rap Back service is provided
directly and immediately to the relevant airport and
aircraft operators.</DELETED>
<DELETED> (3) Report to congress.--Not later than 60 days
after the date of enactment of this Act, the Administrator
shall submit to the appropriate committees of Congress a report
on the implementation status of the Rap Back service.</DELETED>
<DELETED> (c) Access to Terrorism-Related Data.--Not later than 30
days after the date of enactment of this Act, the Administrator and the
Director of National Intelligence shall coordinate to ensure that the
Administrator is authorized to receive automated, real-time access to
additional Terrorist Identities Datamart Environment (TIDE) data and
any other terrorism related category codes to improve the effectiveness
of the Administration's credential vetting program for individuals that
are seeking or have unescorted access to a SIDA of an
airport.</DELETED>
<DELETED> (d) Access to E-Verify and SAVE Programs.--Not later than
90 days after the date of enactment of this Act, the Secretary shall
authorize each airport operator to have direct access to the E-Verify
program and the Systematic Alien Verification for Entitlements (SAVE)
automated system to determine the eligibility of individuals seeking
unescorted access to a SIDA of an airport.</DELETED>
<DELETED>SEC. 8. METRICS.</DELETED>
<DELETED> (a) In General.--Not later than 1 year after the date of
enactment of this Act, the Administrator shall develop and implement
performance metrics to measure the effectiveness of security for the
SIDAs of airports.</DELETED>
<DELETED> (b) Considerations.--In developing the performance metrics
under subsection (a), the Administrator may consider--</DELETED>
<DELETED> (1) adherence to access point
procedures;</DELETED>
<DELETED> (2) proper use of credentials;</DELETED>
<DELETED> (3) differences in access point requirements
between airport workers performing functions on the airside of
an airport and airport workers performing functions in other
areas of an airport;</DELETED>
<DELETED> (4) differences in access point characteristics
and requirements at airports; and</DELETED>
<DELETED> (5) any additional factors the Administrator
considers necessary to measure performance.</DELETED>
<DELETED>SEC. 9. INSPECTIONS AND ASSESSMENTS.</DELETED>
<DELETED> (a) Model and Best Practices.--Not later than 180 days
after the date of enactment of this Act, the Administrator, in
consultation with the ASAC, shall develop a model and best practices
for unescorted access security that--</DELETED>
<DELETED> (1) use intelligence, scientific algorithms, and
risk-based factors;</DELETED>
<DELETED> (2) ensure integrity, accountability, and
control;</DELETED>
<DELETED> (3) subject airport workers to random physical
security inspections conducted by Administration
representatives in accordance with this section;</DELETED>
<DELETED> (4) appropriately manage the number of SIDA access
points to improve supervision of and reduce unauthorized access
to these areas; and</DELETED>
<DELETED> (5) include validation of identification
materials, such as with biometrics.</DELETED>
<DELETED> (b) Inspections.--Consistent with a risk-based security
approach, the Administrator shall expand the use of transportation
security officers and inspectors to conduct enhanced, random and
unpredictable, data-driven, and operationally dynamic physical
inspections of airport workers in each SIDA of an airport and at each
SIDA access point--</DELETED>
<DELETED> (1) to verify the credentials of airport
workers;</DELETED>
<DELETED> (2) to determine whether airport workers possess
prohibited items, except for those that may be necessary for
the performance of their duties, as appropriate, in any SIDA of
an airport; and</DELETED>
<DELETED> (3) to verify whether airport workers are
following appropriate procedures to access a SIDA of an
airport.</DELETED>
<DELETED> (c) Screening Review.--</DELETED>
<DELETED> (1) In general.--The Administrator shall conduct a
review of airports that have implemented additional airport
worker screening or perimeter security to improve airport
security, including--</DELETED>
<DELETED> (A) comprehensive airport worker screening
at access points to secure areas;</DELETED>
<DELETED> (B) comprehensive perimeter screening,
including vehicles;</DELETED>
<DELETED> (C) enhanced fencing or perimeter sensors;
and</DELETED>
<DELETED> (D) any additional airport worker
screening or perimeter security measures the
Administrator identifies.</DELETED>
<DELETED> (2) Best practices.--After completing the review
under paragraph (1), the Administrator shall--</DELETED>
<DELETED> (A) identify best practices for additional
access control and airport worker security at airports;
and</DELETED>
<DELETED> (B) disseminate the best practices
identified under subparagraph (A) to airport
operators.</DELETED>
<DELETED> (3) Pilot program.--The Administrator may conduct
a pilot program at 1 or more airports to test and validate best
practices for comprehensive airport worker screening or
perimeter security under paragraph (2).</DELETED>
<DELETED>SEC. 10. COVERT TESTING.</DELETED>
<DELETED> (a) In General.--The Administrator shall increase the use
of red-team, covert testing of access controls to any secure areas of
an airport.</DELETED>
<DELETED> (b) Additional Covert Testing.--The Inspector General of
the Department of Homeland Security shall conduct red-team, covert
testing of airport access controls to the SIDA of airports.</DELETED>
<DELETED> (c) Reports to Congress.--</DELETED>
<DELETED> (1) Administrator report.--Not later than 90 days
after the date of enactment of this Act, the Administrator
shall submit to the appropriate committee of Congress a report
on the progress to expand the use of inspections and of red-
team, covert testing under subsection (a).</DELETED>
<DELETED> (2) Inspector general report.--Not later than 180
days after the date of enactment of this Act, the Inspector
General of the Department of Homeland Security shall submit to
the appropriate committee of Congress a report on the
effectiveness of airport access controls to the SIDA of
airports based on red-team, covert testing under subsection
(b).</DELETED>
<DELETED>SEC. 11. SECURITY DIRECTIVES.</DELETED>
<DELETED> (a) Review.--Not later than 180 days after the date of
enactment of this Act, and annually thereafter, the Administrator, in
consultation with the appropriate regulated entities, shall conduct a
comprehensive review of every current security directive addressed to
any regulated entity--</DELETED>
<DELETED> (1) to determine whether the security directive
continues to be relevant;</DELETED>
<DELETED> (2) to determine whether the security directives
should be streamlined or consolidated to most efficiently
maximize risk reduction; and</DELETED>
<DELETED> (3) to update, consolidate, or revoke any security
directive as necessary.</DELETED>
<DELETED> (b) Notice.--For each security directive that the
Administrator issues, the Administrator shall submit to the appropriate
committees of Congress notice of the extent to which the security
directive--</DELETED>
<DELETED> (1) responds to a specific threat or emergency
situation; and</DELETED>
<DELETED> (2) when it is anticipated that it will
expire.</DELETED>
<DELETED>SEC. 12. IMPLEMENTATION REPORT.</DELETED>
<DELETED> Not later than 1 year after the date of enactment of this
Act, the Comptroller General shall--</DELETED>
<DELETED> (1) assess the progress made by the Administration
and the effect on aviation security of implementing the
requirements under sections 4 through 11 of this Act;
and</DELETED>
<DELETED> (2) report to the appropriate committees of
Congress on the results of the assessment under paragraph (1),
including any recommendations.</DELETED>
<DELETED>SEC. 13. MISCELLANEOUS AMENDMENTS.</DELETED>
<DELETED> (a) ASAC Terms of Office.--Section 44946(c)(2)(A) of title
49, United States Code is amended to read as follows:</DELETED>
<DELETED> ``(A) Terms.--The term of each member of
the Advisory Committee shall be 2 years, but a member
may continue to serve until the Assistant Secretary
appoints a successor. A member of the Advisory
Committee may be reappointed.''.</DELETED>
<DELETED> (b) Feedback.--Section 44946(b)(5) of title 49, United
States Code, is amended to read as follows:</DELETED>
<DELETED> ``(5) Feedback.--Not later than 90 days after
receiving recommendations transmitted by the Advisory Committee
under paragraph (2) or paragraph (4), the Assistant Secretary
shall respond in writing to the Advisory Committee with
feedback on each of the recommendations, an action plan to
implement any of the recommendations with which the Assistant
Secretary concurs, and a justification for why any of the
recommendations have been rejected.''.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Airport Security Enhancement and
Oversight Act''.
SEC. 2. FINDINGS.
Congress makes the following findings:
(1) A number of recent airport security breaches in the
United States have involved the use of Secure Identification
Display Area (referred to in this section as ``SIDA'') badges,
the credentials used by airport and airline workers to access
the secure areas of an airport.
(2) In December 2014, a Delta ramp agent at Hartsfield-
Jackson Atlanta International Airport was charged with using
his SIDA badge to bypass airport security checkpoints and
facilitate an interstate gun smuggling operation over a number
of months via commercial aircraft.
(3) In January 2015, an Atlanta-based Aviation Safety
Inspector of the Federal Aviation Administration used his SIDA
badge to bypass airport security checkpoints and transport a
firearm in his carry-on luggage.
(4) In February 2015, a local news investigation found that
over 1,000 SIDA badges at Hartsfield-Jackson Atlanta
International Airport were lost or missing.
(5) In March 2015, and again in May 2015, Transportation
Security Administration (referred to in this section as the
``Administration'') contractors were indicted for participating
in a drug smuggling ring using luggage passed through the
secure area of the San Francisco International Airport.
(6) The Administration has indicated that it does not
maintain a list of lost or missing SIDA badges, and instead
relies on airport operators to track airport worker
credentials.
(7) The Administration rarely uses its enforcement
authority to fine airport operators that reach a certain
threshold of missing SIDA badges.
(8) In April 2015, the Aviation Security Advisory Committee
issued 28 recommendations for improvements to airport access
control.
(9) In June 2015, the Inspector General of the Department
of Homeland Security reported that the Administration did not
have all relevant information regarding 73 airport workers who
had records in United States intelligence-related databases
because the Administration was not authorized to receive all
terrorism-related information under current interagency
watchlisting policy.
(10) The Inspector General also found that the
Administration did not have appropriate checks in place to
reject incomplete or inaccurate airport worker employment
investigations, including criminal history record checks and
work authorization verifications, and had limited oversight
over the airport operators that the Administration relies on to
perform criminal history and work authorization checks for
airport workers.
(11) There is growing concern about the potential insider
threat at airports in light of recent terrorist activities.
SEC. 3. DEFINITIONS.
(a) Administration.--The term ``Administration'' means the
Transportation Security Administration.
(b) Administrator.--The term ``Administrator'' means the
Administrator of the Transportation Security Administration.
(c) Appropriate Committees of Congress.--The term ``appropriate
committees of Congress'' means--
(1) the Committee on Commerce, Science, and Transportation
of the Senate;
(2) the Committee on Homeland Security and Governmental
Affairs of the Senate; and
(3) the Committee on Homeland Security of the House of
Representatives.
(d) ASAC.--The term ``ASAC'' means the Aviation Security Advisory
Committee established under section 44946 of title 49, United States
Code.
(e) Secretary.--The term ``Secretary'' means the Secretary of
Homeland Security.
(f) SIDA.--The term ``SIDA'' means Secure Identification Display
Area as defined in section 1540.5 of title 49, Code of Federal
Regulations, or any successor regulation to such section.
SEC. 4. THREAT ASSESSMENT.
(a) Insider Threats.--
(1) In general.--Not later than 90 days after the date of
enactment of this Act, the Administrator shall conduct or
update an assessment to determine the level of risk posed to
the domestic air transportation system by individuals with
unescorted access to a secure area of an airport (as defined in
section 44903(j)(2)(H)) in light of recent international
terrorist activity.
(2) Considerations.--In conducting or updating the
assessment under paragraph (1), the Administrator shall
consider--
(A) domestic intelligence;
(B) international intelligence;
(C) the vulnerabilities associated with unescorted
access authority granted to domestic airport operators
and air carriers, and their employees;
(D) the vulnerabilities associated with unescorted
access authority granted to foreign airport operators
and air carriers, and their employees;
(E) the processes and practices designed to
mitigate the vulnerabilities associated with unescorted
access privileges granted to airport operators and air
carriers, and their employees;
(F) the recent security breaches at domestic and
foreign airports; and
(G) the recent security improvements at domestic
airports, including the implementation of
recommendations made by relevant advisory committees.
(b) Reports to Congress.--The Administrator shall submit to the
appropriate committees of Congress--
(1) a report on the results of the assessment under
subsection (a), including any recommendations for improving
aviation security;
(2) a report on the implementation status of any
recommendations made by the ASAC; and
(3) regular updates about the insider threat environment as
new information becomes available and as needed.
SEC. 5. OVERSIGHT.
(a) Enhanced Requirements.--
(1) In general.--Subject to public notice and comment, and
in consultation with airport operators, the Administrator shall
update the rules on access controls issued by the Secretary
under chapter 449 of title 49, United States Code.
(2) Considerations.--As part of the update under paragraph
(1), the Administrator shall consider--
(A) increased fines and advanced oversight for
airport operators that report missing more than 5
percent of credentials for unescorted access to any
SIDA of an airport;
(B) best practices for Category X airport operators
that report missing more than 3 percent of credentials
for unescorted access to any SIDA of an airport;
(C) additional audits and status checks for airport
operators that report missing more than 3 percent of
credentials for unescorted access to any SIDA of an
airport;
(D) review and analysis of the prior 5 years of
audits for airport operators that report missing more
than 3 percent of credentials for unescorted access to
any SIDA of an airport;
(E) increased fines and direct enforcement
requirements for both airport workers and their
employers that fail to report within 24 hours an
employment termination or a missing credential for
unescorted access to any SIDA of an airport; and
(F) a method for termination by the employer of any
airport worker that fails to report in a timely manner
missing credentials for unescorted access to any SIDA
of an airport.
(b) Temporary Credentials.--The Administrator may encourage the
issuance by airport and aircraft operators of free one-time, 24-hour
temporary credentials for workers who have reported their credentials
missing, but not permanently lost, stolen, or destroyed, in a timely
manner, until replacement of credentials under section 1542.211 of
title 49 Code of Federal Regulations is necessary.
(c) Notification and Report to Congress.--The Administrator shall--
(1) notify the appropriate committees of Congress each time
an airport operator reports that more than 3 percent of
credentials for unescorted access to any SIDA at a Category X
airport are missing or more than 5 percent of credentials to
access any SIDA at any other airport are missing; and
(2) submit to the appropriate committees of Congress an
annual report on the number of violations and fines related to
unescorted access to the SIDA of an airport collected in the
preceding fiscal year.
SEC. 6. CREDENTIALS.
(a) Lawful Status.--Not later than 90 days after the date of
enactment of this Act, the Administrator shall issue guidance to
airport operators regarding placement of an expiration date on each
airport credential issued to a non-United States citizen no longer than
the period of time during which that non-United States citizen is
lawfully authorized to work in the United States.
(b) Review of Procedures.--
(1) In general.--Not later than 90 days after the date of
enactment of this Act, the Administrator shall--
(A) issue guidance for transportation security
inspectors to annually review the procedures of airport
operators and air carriers for applicants seeking
unescorted access to any SIDA of an airport; and
(B) make available to airport operators and air
carriers information on identifying suspicious or
fraudulent identification materials.
(2) Inclusions.--The guidance shall require a comprehensive
review of background checks and employment authorization
documents issued by the Citizenship and Immigration Services
during the course of a review of procedures under paragraph
(1).
SEC. 7. VETTING.
(a) Eligibility Requirements.--
(1) In general.--Not later than 180 days after the date of
enactment of this Act, and subject to public notice and
comment, the Administrator shall revise the regulations issued
under section 44936 of title 49, United States Code, in
accordance with this section and current knowledge of insider
threats and intelligence, to enhance the eligibility
requirements and disqualifying criminal offenses for
individuals seeking or having unescorted access to a SIDA of an
airport.
(2) Disqualifying criminal offenses.--In revising the
regulations under paragraph (1), the Administrator shall
consider adding to the list of disqualifying criminal offenses
and criteria the offenses and criteria listed in section
122.183(a)(4) of title 19, Code of Federal Regulations and
section 1572.103 of title 49, Code of Federal Regulations.
(3) Waiver process for denied credentials.--Notwithstanding
section 44936(b) of title 49, United States Code, in revising
the regulations under paragraph (1) of this subsection, the
Administrator shall--
(A) ensure there exists or is developed a waiver
process for approving the issuance of credentials for
unescorted access to the SIDA, for an individual found
to be otherwise ineligible for such credentials; and
(B) consider, as appropriate and practicable--
(i) the circumstances of any disqualifying
act or offense, restitution made by the
individual, Federal and State mitigation
remedies, and other factors from which it may
be concluded that the individual does not pose
a terrorism risk or a risk to aviation security
warranting denial of the credential; and
(ii) the elements of the appeals and waiver
process established under section 70105(c) of
title 46, United States Code.
(4) Look back.--In revising the regulations under paragraph
(1), the Administrator shall propose that an individual be
disqualified if the individual was convicted, or found not
guilty by reason of insanity, of a disqualifying criminal
offense within 15 years before the date of an individual's
application, or if the individual was incarcerated for that
crime and released from incarceration within 5 years before the
date of the individual's application.
(5) Certifications.--The Administrator shall require an
airport or aircraft operator, as applicable, to certify for
each individual who receives unescorted access to any SIDA of
an airport that--
(A) a specific need exists for providing that
individual with unescorted access authority; and
(B) the individual has certified to the airport or
aircraft operator that the individual understands the
requirements for possessing a SIDA badge.
(6) Report to congress.--Not later than 90 days after the
date of enactment, the Administrator shall submit to the
appropriate committees of Congress a report on the status of
the revision to the regulations issued under section 44936 of
title 49, United States Code, in accordance with this section.
(7) Rule of construction.--Nothing in this subsection may
be construed to affect existing aviation worker vetting fees
imposed by the Administration.
(b) Recurrent Vetting.--
(1) In general.--Not later than 90 days after the date of
enactment of this Act, the Administrator and the Director of
the Federal Bureau of Investigation shall fully implement the
Rap Back service for recurrent vetting of eligible
Administration-regulated populations of individuals with
unescorted access to any SIDA of an airport.
(2) Requirements.--As part of the requirement in paragraph
(1), the Administrator shall ensure that--
(A) any status notifications the Administration
receives through the Rap Back service about criminal
offenses be limited to only disqualifying criminal
offenses in accordance with the regulations promulgated
by the Administration under section 44903 of title 49,
United States Code, or other Federal law; and
(B) any information received by the Administration
through the Rap Back service is provided directly and
immediately to the relevant airport and aircraft
operators.
(3) Report to congress.--Not later than 60 days after the
date of enactment of this Act, the Administrator shall submit
to the appropriate committees of Congress a report on the
implementation status of the Rap Back service.
(c) Access to Terrorism-Related Data.--Not later than 30 days after
the date of enactment of this Act, the Administrator and the Director
of National Intelligence shall coordinate to ensure that the
Administrator is authorized to receive automated, real-time access to
additional Terrorist Identities Datamart Environment (TIDE) data and
any other terrorism related category codes to improve the effectiveness
of the Administration's credential vetting program for individuals that
are seeking or have unescorted access to a SIDA of an airport.
(d) Access to E-Verify and SAVE Programs.--Not later than 90 days
after the date of enactment of this Act, the Secretary shall authorize
each airport operator to have direct access to the E-Verify program and
the Systematic Alien Verification for Entitlements (SAVE) automated
system to determine the eligibility of individuals seeking unescorted
access to a SIDA of an airport.
SEC. 8. METRICS.
(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Administrator shall develop and implement performance
metrics to measure the effectiveness of security for the SIDAs of
airports.
(b) Considerations.--In developing the performance metrics under
subsection (a), the Administrator may consider--
(1) adherence to access point procedures;
(2) proper use of credentials;
(3) differences in access point requirements between
airport workers performing functions on the airside of an
airport and airport workers performing functions in other areas
of an airport;
(4) differences in access point characteristics and
requirements at airports; and
(5) any additional factors the Administrator considers
necessary to measure performance.
SEC. 9. INSPECTIONS AND ASSESSMENTS.
(a) Model and Best Practices.--Not later than 180 days after the
date of enactment of this Act, the Administrator, in consultation with
the ASAC, shall develop a model and best practices for unescorted
access security that--
(1) use intelligence, scientific algorithms, and risk-based
factors;
(2) ensure integrity, accountability, and control;
(3) subject airport workers to random physical security
inspections conducted by Administration representatives in
accordance with this section;
(4) appropriately manage the number of SIDA access points
to improve supervision of and reduce unauthorized access to
these areas; and
(5) include validation of identification materials, such as
with biometrics.
(b) Inspections.--Consistent with a risk-based security approach,
the Administrator shall expand the use of transportation security
officers and inspectors to conduct enhanced, random and unpredictable,
data-driven, and operationally dynamic physical inspections of airport
workers in each SIDA of an airport and at each SIDA access point--
(1) to verify the credentials of airport workers;
(2) to determine whether airport workers possess prohibited
items, except for those that may be necessary for the
performance of their duties, as appropriate, in any SIDA of an
airport; and
(3) to verify whether airport workers are following
appropriate procedures to access a SIDA of an airport.
(c) Screening Review.--
(1) In general.--The Administrator shall conduct a review
of airports that have implemented additional airport worker
screening or perimeter security to improve airport security,
including--
(A) comprehensive airport worker screening at
access points to secure areas;
(B) comprehensive perimeter screening, including
vehicles;
(C) enhanced fencing or perimeter sensors; and
(D) any additional airport worker screening or
perimeter security measures the Administrator
identifies.
(2) Best practices.--After completing the review under
paragraph (1), the Administrator shall--
(A) identify best practices for additional access
control and airport worker security at airports; and
(B) disseminate the best practices identified under
subparagraph (A) to airport operators.
(3) Pilot program.--The Administrator may conduct a pilot
program at 1 or more airports to test and validate best
practices for comprehensive airport worker screening or
perimeter security under paragraph (2).
SEC. 10. COVERT TESTING.
(a) In General.--The Administrator shall increase the use of red-
team, covert testing of access controls to any secure areas of an
airport.
(b) Additional Covert Testing.--The Inspector General of the
Department of Homeland Security shall conduct red-team, covert testing
of airport access controls to the SIDA of airports.
(c) Reports to Congress.--
(1) Administrator report.--Not later than 90 days after the
date of enactment of this Act, the Administrator shall submit
to the appropriate committee of Congress a report on the
progress to expand the use of inspections and of red-team,
covert testing under subsection (a).
(2) Inspector general report.--Not later than 180 days
after the date of enactment of this Act, the Inspector General
of the Department of Homeland Security shall submit to the
appropriate committee of Congress a report on the effectiveness
of airport access controls to the SIDA of airports based on
red-team, covert testing under subsection (b).
SEC. 11. SECURITY DIRECTIVES.
(a) Review.--Not later than 180 days after the date of enactment of
this Act, and annually thereafter, the Administrator, in consultation
with the appropriate regulated entities, shall conduct a comprehensive
review of every current security directive addressed to any regulated
entity--
(1) to determine whether the security directive continues
to be relevant;
(2) to determine whether the security directives should be
streamlined or consolidated to most efficiently maximize risk
reduction; and
(3) to update, consolidate, or revoke any security
directive as necessary.
(b) Notice.--For each security directive that the Administrator
issues, the Administrator shall submit to the appropriate committees of
Congress notice of the extent to which the security directive--
(1) responds to a specific threat or emergency situation;
and
(2) when it is anticipated that it will expire.
SEC. 12. IMPLEMENTATION REPORT.
Not later than 1 year after the date of enactment of this Act, the
Comptroller General shall--
(1) assess the progress made by the Administration and the
effect on aviation security of implementing the requirements
under sections 4 through 11 of this Act; and
(2) report to the appropriate committees of Congress on the
results of the assessment under paragraph (1), including any
recommendations.
SEC. 13. MISCELLANEOUS AMENDMENTS.
(a) ASAC Terms of Office.--Section 44946(c)(2)(A) of title 49,
United States Code is amended to read as follows:
``(A) Terms.--The term of each member of the
Advisory Committee shall be 2 years, but a member may
continue to serve until the Assistant Secretary
appoints a successor. A member of the Advisory
Committee may be reappointed.''.
(b) Feedback.--Section 44946(b)(5) of title 49, United States Code,
is amended to read as follows:
``(5) Feedback.--Not later than 90 days after receiving
recommendations transmitted by the Advisory Committee under
paragraph (2) or paragraph (4), the Assistant Secretary shall
respond in writing to the Advisory Committee with feedback on
each of the recommendations, an action plan to implement any of
the recommendations with which the Assistant Secretary concurs,
and a justification for why any of the recommendations have
been rejected.''.
Calendar No. 382
114th CONGRESS
2d Session
S. 2361
[Report No. 114-222]
_______________________________________________________________________
A BILL
To enhance airport security, and for other purposes.
_______________________________________________________________________
March 7, 2016
Reported with an amendment