S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 114TH CONGRESS 1ST SESSION S. ll To enhance airport security, and for other purposes. IN THE SENATE OF THE UNITED STATES llllllllll Mr. THUNE (for himself, Mr. NELSON, Ms. AYOTTE, and Ms. CANTWELL) introduced the following bill; which was read twice and referred to the Committee on llllllllll A BILL To enhance airport security, and for other purposes. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress assembled, 3 SECTION 1. SHORT TITLE. 4 This Act may be cited as the ‘‘Airport Security En- 5 hancement and Oversight Act’’. 6 SEC. 2. FINDINGS. 7 Congress makes the following findings: 8 (1) A number of recent airport security 9 breaches in the United States have involved the use 10 of Secure Identification Display Area (referred to in 11 this section as ‘‘SIDA’’) badges, the credentials used December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 2 1 by airport and airline workers to access the secure 2 areas of an airport. 3 (2) In December 2014, a Delta ramp agent at 4 Hartsfield-Jackson Atlanta International Airport 5 was charged with using his SIDA badge to bypass 6 airport security checkpoints and facilitate an inter- 7 state gun smuggling operation over a number of 8 months via commercial aircraft. 9 (3) In January 2015, an Atlanta-based Aviation 10 Safety Inspector of the Federal Aviation Administra- 11 tion used his SIDA badge to bypass airport security 12 checkpoints and transport a firearm in his carry-on 13 luggage. 14 (4) In February 2015, a local news investiga- 15 tion found that over 1,000 SIDA badges at 16 Hartsfield-Jackson Atlanta International Airport 17 were lost or missing. 18 (5) In March 2015, and again in May 2015, 19 Transportation Security Administration (referred to 20 in this section as the ‘‘Administration’’) contractors 21 were indicted for participating in a drug smuggling 22 ring using luggage passed through the secure area 23 of the San Francisco International Airport. 24 (6) The Administration has indicated that it 25 does not maintain a list of lost or missing SIDA December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 3 1 badges, and instead relies on airport operators to 2 track airport worker credentials. 3 (7) The Administration rarely uses its enforce- 4 ment authority to fine airport operators that reach 5 a certain threshold of missing SIDA badges. 6 (8) In April 2015, the Aviation Security Advi- 7 sory Committee issued 28 recommendations for im- 8 provements to airport access control. 9 (9) In June 2015, the Inspector General of the 10 Department of Homeland Security reported that the 11 Administration did not have all relevant information 12 regarding 73 airport workers who had records in 13 United States intelligence-related databases because 14 the Administration was not authorized to receive all 15 terrorism-related information under current inter- 16 agency watchlisting policy. 17 (10) The Inspector General also found that the 18 Administration did not have appropriate checks in 19 place to reject incomplete or inaccurate airport 20 worker employment investigations, including crimi- 21 nal history record checks and work authorization 22 verifications, and had limited oversight over the air- 23 port operators that the Administration relies on to 24 perform criminal history and work authorization 25 checks for airport workers. December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 4 1 (11) There is growing concern about the poten- 2 tial insider threat at airports in light of recent ter- 3 rorist activities. 4 SEC. 3. DEFINITIONS. 5 (a) ADMINISTRATION.—The term ‘‘Administration’’ 6 means the Transportation Security Administration. 7 (b) ADMINISTRATOR.—The term ‘‘Administrator’’ 8 means the Administrator of the Transportation Security 9 Administration. 10 (c) APPROPRIATE COMMITTEES OF CONGRESS.—The 11 term ‘‘appropriate committees of Congress’’ means— 12 13 14 15 16 (1) the Committee on Commerce, Science, and Transportation of the Senate; (2) the Committee on Homeland Security and Governmental Affairs of the Senate; and (3) the Committee on Homeland Security of the 17 House of Representatives. 18 (d) ASAC.—The term ‘‘ASAC’’ means the Aviation 19 Security Advisory Committee established under section 20 44946 of title 49, United States Code. 21 (e) SECRETARY.—The term ‘‘Secretary’’ means the 22 Secretary of Homeland Security. 23 (f) SIDA.—The term ‘‘SIDA’’ means Secure Identi- 24 fication Display Area as defined in section 1540.5 of title December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 5 1 49, Code of Federal Regulations, or any successor regula2 tion to such section. 3 SEC. 4. THREAT ASSESSMENT. 4 5 (a) INSIDER THREATS.— (1) IN GENERAL.—Not later than 90 days after 6 the date of enactment of this Act, the Administrator 7 shall conduct or update an assessment to determine 8 the level of risk posed to the domestic air transpor- 9 tation system by individuals with unescorted access 10 to a secure area of an airport (as defined in section 11 44903(j)(2)(H)) in light of recent international ter- 12 rorist activity. 13 (2) CONSIDERATIONS.—In conducting or updat- 14 ing the assessment under paragraph (1), the Admin- 15 istrator shall consider— 16 (A) domestic intelligence; 17 (B) international intelligence; 18 (C) the vulnerabilities associated with 19 unescorted access authority granted to domestic 20 airport operators and air carriers, and their em- 21 ployees; 22 (D) the vulnerabilities associated with 23 unescorted access authority granted to foreign 24 airport operators and air carriers, and their em- 25 ployees; December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 6 1 (E) the processes and practices designed to 2 mitigate the vulnerabilities associated with 3 unescorted access privileges granted to airport 4 operators and air carriers, and their employees; 5 (F) the recent security breaches at domes- 6 tic and foreign airports; and 7 (G) the recent security improvements at 8 domestic airports, including the implementation 9 of recommendations made by relevant advisory 10 committees. 11 (b) REPORTS TO CONGRESS.—The Administrator 12 shall submit to the appropriate committees of Congress— 13 (1) a report on the results of the assessment 14 under subsection (a), including any recommenda- 15 tions for improving aviation security; 16 (2) a report on the implementation status of 17 any recommendations made by the ASAC; and 18 (3) regular updates about the insider threat en- 19 vironment as new information becomes available and 20 as needed. 21 SEC. 5. OVERSIGHT. 22 23 (a) ENHANCED REQUIREMENTS.— (1) IN GENERAL.—Subject to public notice and 24 comment, and in consultation with airport operators, 25 the Administrator shall update the rules on access December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 7 1 controls issued by the Secretary under chapter 449 2 of title 49, United States Code. 3 (2) CONSIDERATIONS.—As part of the update 4 under paragraph (1), the Administrator shall con- 5 sider— 6 (A) increased fines and advanced oversight 7 for airport operators that report missing more 8 than 5 percent of credentials for unescorted ac- 9 cess to any SIDA of an airport; 10 (B) best practices for Category X airport 11 operators that report missing more than 3 per- 12 cent of credentials for unescorted access to any 13 SIDA of an airport; 14 (C) additional audits and status checks for 15 airport operators that report missing more than 16 3 percent of credentials for unescorted access to 17 any SIDA of an airport; 18 (D) review and analysis of the prior 5 19 years of audits for airport operators that report 20 missing more than 3 percent of credentials for 21 unescorted access to any SIDA of an airport; 22 (E) increased fines and direct enforcement 23 requirements for both airport workers and their 24 employers that fail to report within 24 hours an 25 employment termination or a missing credential December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 8 1 for unescorted access to any SIDA of an air- 2 port; and 3 (F) a method for termination by the em- 4 ployer of any airport worker that fails to report 5 in a timely manner missing credentials for 6 unescorted access to any SIDA of an airport. 7 (b) TEMPORARY CREDENTIALS.—The Administrator 8 may encourage the issuance by airport and aircraft opera9 tors of free one-time, 24-hour temporary credentials for 10 workers who have reported their credentials missing, but 11 not permanently lost, stolen, or destroyed, in a timely 12 manner, until replacement of credentials under section 13 1542.211 of title 49 Code of Federal Regulations is nec14 essary. 15 (c) NOTIFICATION AND REPORT TO CONGRESS.—The 16 Administrator shall— 17 (1) notify the appropriate committees of Con- 18 gress each time an airport operator reports that 19 more than 3 percent of credentials for unescorted 20 access to any SIDA at a Category X airport are 21 missing or more than 5 percent of credentials to ac- 22 cess any SIDA at any other airport are missing; and 23 (2) submit to the appropriate committees of 24 Congress an annual report on the number of viola- 25 tions and fines related to unescorted access to the December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 9 1 SIDA of an airport collected in the preceding fiscal 2 year. 3 SEC. 6. CREDENTIALS. 4 (a) LAWFUL STATUS.—Not later than 90 days after 5 the date of enactment of this Act, the Administrator shall 6 issue guidance to airport operators regarding placement 7 of an expiration date on each airport credential issued to 8 a non-United States citizen no longer than the period of 9 time during which that non-United States citizen is law10 fully authorized to work in the United States. 11 12 (b) REVIEW OF PROCEDURES.— (1) IN GENERAL.—Not later than 90 days after 13 the date of enactment of this Act, the Administrator 14 shall— 15 (A) issue guidance for transportation secu- 16 rity inspectors to annually review the proce- 17 dures of airport operators and air carriers for 18 applicants seeking unescorted access to any 19 SIDA of an airport; and 20 (B) make available to airport operators 21 and air carriers information on identifying sus- 22 picious or fraudulent identification materials. 23 (2) INCLUSIONS.—The guidance shall require a 24 comprehensive review of background checks and em- 25 ployment authorization documents issued by the December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 10 1 Citizenship and Immigration Services during the 2 course of a review of procedures under paragraph 3 (1). 4 SEC. 7. VETTING. 5 6 (a) ELIGIBILITY REQUIREMENTS.— (1) IN GENERAL.—Not later than 180 days 7 after the date of enactment of this Act, and subject 8 to public notice and comment, the Administrator 9 shall revise the regulations issued under section 10 44936 of title 49, United States Code, in accordance 11 with this section and current knowledge of insider 12 threats and intelligence, to enhance the eligibility re- 13 quirements and disqualifying criminal offenses for 14 individuals seeking or having unescorted access to a 15 SIDA of an airport. 16 (2) DISQUALIFYING CRIMINAL OFFENSES.—In 17 revising the regulations under paragraph (1), the 18 Administrator shall consider adding to the list of 19 disqualifying criminal offenses and criteria the of- 20 fenses and criteria listed in section 122.183(a)(4) of 21 title 19, Code of Federal Regulations and section 22 1572.103 of title 49, Code of Federal Regulations. 23 (3) WAIVERS.—In revising the regulations 24 under paragraph (1), the Administrator shall pro- 25 vide an adequate redress process for an aviation December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 11 1 worker subjected to an adverse employment decision, 2 including removal or suspension of the aviation 3 worker, due to a disqualifying criminal offense de- 4 scribed in this section. 5 (4) LOOK BACK.—In revising the regulations 6 under paragraph (1), the Administrator shall pro- 7 pose that an individual be disqualified if the indi- 8 vidual was convicted, or found not guilty by reason 9 of insanity, of a disqualifying criminal offense within 10 15 years before the date of an individual’s applica- 11 tion, or if the individual was incarcerated for that 12 crime and released from incarceration within 5 years 13 before the date of the individual’s application. 14 (5) CERTIFICATIONS.—The Administrator shall 15 require an airport or aircraft operator, as applicable, 16 to certify for each individual who receives unescorted 17 access to any SIDA of an airport that— 18 (A) a specific need exists for providing that 19 individual with unescorted access authority; and 20 (B) the individual has certified to the air- 21 port or aircraft operator that the individual un- 22 derstands the requirements for possessing a 23 SIDA badge. 24 (6) REPORT 25 December 7, 2015 (4:33 p.m.) TO CONGRESS.—Not later than 90 days after the date of enactment, the Administrator S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 12 1 shall submit to the appropriate committees of Con- 2 gress a report on the status of the revision to the 3 regulations issued under section 44936 of title 49, 4 United States Code, in accordance with this section. 5 (7) RULE OF CONSTRUCTION.—Nothing in this 6 subsection may be construed to affect existing avia- 7 tion worker vetting fees imposed by the Administra- 8 tion. 9 (b) RECURRENT VETTING.— 10 (1) IN GENERAL.—Not later than 90 days after 11 the date of enactment of this Act, the Administrator 12 and the Director of the Federal Bureau of Investiga- 13 tion shall fully implement the Rap Back service for 14 recurrent vetting of eligible Administration-regulated 15 populations of individuals with unescorted access to 16 any SIDA of an airport. 17 (2) REQUIREMENTS.—As part of the require- 18 ment in subparagraph (1), the Administrator shall 19 ensure that— 20 (A) any status notifications the Adminis- 21 tration receives through the Rap Back service 22 about criminal offenses be limited to only dis- 23 qualifying criminal offenses in accordance with 24 the regulations promulgated by the Administra- December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 13 1 tion under section 44903 of title 49, United 2 States Code, or other Federal law; and 3 (B) any information received by the Ad- 4 ministration through the Rap Back service is 5 provided directly and immediately to the rel- 6 evant airport and aircraft operators. 7 (3) REPORT TO CONGRESS.—Not later than 60 8 days after the date of enactment of this Act, the Ad- 9 ministrator shall submit to the appropriate commit- 10 tees of Congress a report on the implementation sta- 11 tus of the Rap Back service. 12 (c) ACCESS TO TERRORISM-RELATED DATA.—Not 13 later than 30 days after the date of enactment of this Act, 14 the Administrator and the Director of National Intel15 ligence shall coordinate to ensure that the Administrator 16 is authorized to receive automated, real-time access to ad17 ditional Terrorist Identities Datamart Environment 18 (TIDE) data and any other terrorism related category 19 codes to improve the effectiveness of the Administration’s 20 credential vetting program for individuals that are seeking 21 or have unescorted access to a SIDA of an airport. 22 (d) ACCESS TO E-VERIFY AND SAVE PROGRAMS.— 23 Not later than 90 days after the date of enactment of this 24 Act, the Secretary shall authorize each airport operator 25 to have direct access to the E-Verify program and the Sys- December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 14 1 tematic Alien Verification for Entitlements (SAVE) auto2 mated system to determine the eligibility of individuals 3 seeking unescorted access to a SIDA of an airport. 4 SEC. 8. METRICS. 5 (a) IN GENERAL.—Not later than 1 year after the 6 date of enactment of this Act, the Administrator shall de7 velop and implement performance metrics to measure the 8 effectiveness of security for the SIDAs of airports. 9 (b) CONSIDERATIONS.—In developing the perform- 10 ance metrics under subsection (a), the Administrator may 11 consider— 12 (1) adherence to access point procedures; 13 (2) proper use of credentials; 14 (3) differences in access point requirements be- 15 tween airport workers performing functions on the 16 airside of an airport and airport workers performing 17 functions in other areas of an airport; 18 (4) differences in access point characteristics 19 and requirements at airports; and 20 (5) any additional factors the Administrator 21 22 considers necessary to measure performance. SEC. 9. INSPECTIONS AND ASSESSMENTS. 23 (a) MODEL AND BEST PRACTICES.—Not later than 24 180 days after the date of enactment of this Act, the Ad25 ministrator, in consultation with the ASAC, shall develop December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 15 1 a model and best practices for unescorted access security 2 that— 3 4 (1) use intelligence, scientific algorithms, and risk-based factors; 5 (2) ensure integrity, accountability, and control; 6 (3) subject airport workers to random physical 7 security inspections conducted by Administration 8 representatives in accordance with this section; 9 (4) appropriately manage the number of SIDA 10 access points to improve supervision of and reduce 11 unauthorized access to these areas; and 12 (5) include validation of identification mate- 13 rials, such as with biometrics. 14 (b) INSPECTIONS.—Consistent with a risk-based se- 15 curity approach, the Administrator shall expand the use 16 of transportation security officers and inspectors to con17 duct enhanced, random and unpredictable, data-driven, 18 and operationally dynamic physical inspections of airport 19 workers in each SIDA of an airport and at each SIDA 20 access point— 21 (1) to verify the credentials of airport workers; 22 (2) to determine whether airport workers pos- 23 sess prohibited items, except for those that may be 24 necessary for the performance of their duties, as ap- 25 propriate, in any SIDA of an airport; and December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 16 1 (3) to verify whether airport workers are fol- 2 lowing appropriate procedures to access a SIDA of 3 an airport. 4 (c) SCREENING REVIEW.— 5 (1) IN GENERAL.—The Administrator shall con- 6 duct a review of airports that have implemented ad- 7 ditional airport worker screening or perimeter secu- 8 rity to improve airport security, including— 9 10 (A) comprehensive airport worker screening at access points to secure areas; 11 12 (B) comprehensive perimeter screening, including vehicles; 13 14 (C) enhanced fencing or perimeter sensors; and 15 (D) any additional airport worker screen- 16 ing or perimeter security measures the Admin- 17 istrator identifies. 18 (2) BEST PRACTICES.—After completing the re- 19 view under paragraph (1), the Administrator shall— 20 (A) identify best practices for additional 21 access control and airport worker security at 22 airports; and 23 (B) disseminate the best practices identi- 24 fied under subparagraph (A) to airport opera- 25 tors. December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 17 1 (3) PILOT PROGRAM.—The Administrator may 2 conduct a pilot program at 1 or more airports to 3 test and validate best practices for comprehensive 4 airport worker screening or perimeter security under 5 paragraph (2). 6 SEC. 10. COVERT TESTING. 7 (a) IN GENERAL.—The Administrator shall increase 8 the use of red-team, covert testing of access controls to 9 any secure areas of an airport. 10 (b) ADDITIONAL COVERT TESTING.—The Inspector 11 General of the Department of Homeland Security shall 12 conduct red-team, covert testing of airport access controls 13 to the SIDA of airports. 14 (c) REPORTS TO CONGRESS.— 15 (1) ADMINISTRATOR REPORT.—Not later than 16 90 days after the date of enactment of this Act, the 17 Administrator shall submit to the appropriate com- 18 mittee of Congress a report on the progress to ex- 19 pand the use of inspections and of red-team, covert 20 testing under subsection (a). 21 (2) INSPECTOR GENERAL REPORT.—Not later 22 than 180 days after the date of enactment of this 23 Act, the Inspector General of the Department of 24 Homeland Security shall submit to the appropriate 25 committee of Congress a report on the effectiveness December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 18 1 of airport access controls to the SIDA of airports 2 based on red-team, covert testing under subsection 3 (b). 4 SEC. 11. SECURITY DIRECTIVES. 5 (a) REVIEW.—Not later than 180 days after the date 6 of enactment of this Act, and annually thereafter, the Ad7 ministrator, in consultation with the appropriate regulated 8 entities, shall conduct a comprehensive review of every 9 current security directive addressed to any regulated enti10 ty— 11 12 (1) to determine whether the security directive continues to be relevant; 13 (2) to determine whether the security directives 14 should be streamlined or consolidated to most effi- 15 ciently maximize risk reduction; and 16 (3) to update, consolidate, or revoke any secu- 17 rity directive as necessary. 18 (b) NOTICE.—For each security directive that the 19 Administrator issues, the Administrator shall submit to 20 the appropriate committees of Congress notice of the ex21 tent to which the security directive— 22 23 24 December 7, 2015 (4:33 p.m.) (1) responds to a specific threat or emergency situation; and (2) when it is anticipated that it will expire. S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 19 1 SEC. 12. IMPLEMENTATION REPORT. 2 Not later than 1 year after the date of enactment 3 of this Act, the Comptroller General shall— 4 (1) assess the progress made by the Adminis- 5 tration and the effect on aviation security of imple- 6 menting the requirements under sections 4 through 7 11 of this Act; and 8 (2) report to the appropriate committees of 9 Congress on the results of the assessment under 10 11 paragraph (1), including any recommendations. SEC. 13. MISCELLANEOUS AMENDMENTS. 12 (a) ASAC TERMS OF OFFICE.—Section 13 44946(c)(2)(A) of title 49, United States Code is amended 14 to read as follows: 15 ‘‘(A) TERMS.—The term of each member 16 of the Advisory Committee shall be 2 years, but 17 a member may continue to serve until the As- 18 sistant Secretary appoints a successor. A mem- 19 ber of the Advisory Committee may be re- 20 appointed.’’. 21 (b) FEEDBACK.—Section 44946(b)(5) of title 49, 22 United States Code, is amended to read as follows: 23 ‘‘(5) FEEDBACK.—Not later than 90 days after 24 receiving recommendations transmitted by the Advi- 25 sory Committee under paragraph (2) or paragraph 26 (4), the Assistant Secretary shall respond in writing December 7, 2015 (4:33 p.m.) S:\LEGCNSL\LEXA\DOR15\AV\BILL\ASEOA.5.xml 20 1 to the Advisory Committee with feedback on each of 2 the recommendations, an action plan to implement 3 any of the recommendations with which the Assist- 4 ant Secretary concurs, and a justification for why 5 any of the recommendations have been rejected.’’. December 7, 2015 (4:33 p.m.)