The Transportation Security Administration (TSA) has been putting a major focus on securing the cyber component of its various screening equipment it deploys to the nation’s airports while also looking more closely at the system architecture and approaches to testing of this equipment, says the head of the agency’s office responsible for overseeing the development and acquisition of security technology.
TSA has been working with its partners in the Department of Homeland Security and the agency’s Office of Information Technology to “socialize” the cyber security needs and requirements of its screening equipment, Jill Vaughan, assistant administrator for Security Capabilities at TSA, says at the annual American Association of Airport Executives Aviation Security Summit.
Vaughan says her office is “farther along” with the cyber security theme than it is with some of the other focus areas related to security equipment.
One industry official tells HSR that this focus on cyber security by TSA means that vendors have been working to ensure the information security of the equipment they supply to the agency for use in screening passengers and their carry-on and checked bags. It also means being able to develop security patches to equipment as vulnerabilities are found, the official says.
Another key focus area is systems architecture, Vaughan says, adding that this comes down to “helping to define some basic blocking and tackling that I believe is desperately needed in this environment.”
Some of that blocking and tackling includes getting the security equipment “connected to a network” and then getting data from the machines and leveraging that data “so that we can drive everything from maintenance activities, getting the officers focused on what they need to be doing, and helping us drive more informed intelligence-based decisions associated with the metrics we can derive off of the equipment,” Vaughan says.
An important component to systems architecture is “open systems architecture and design,” which would bring new companies into the market and drive innovation, Vaughan says.
The basic idea of open architecture is the development of standard interfaces so that third party hardware or software could be acquired by the procuring entity, in this case the TSA, and introduced into security equipment without relying on the original supplier for the upgrade and maybe even the integration of the new technology. This way the agency could take advantage of a better, or less expensive, detection algorithm developed by a third party rather if it provides better value than a solution offered by the prime contractor for the screening system.
More discussion around the standards is necessary and there is also a need for industry feedback here, Vaughan says. Within TSA “we’re identifying some of those things but we need to take a similar approach in terms of socializing that the way we have with cyber,” she says.
“At the end of the day the goal is when any procurement comes out to buy a new capability, its going to have cyber and some sort of systems architecture template requirements…inserted into future procurements,” Vaughan says.
Another major theme for the Office of Security Capabilities is improvements around testing of equipment, particularly to make it easier for technology vendors to understand how well their systems are performing in terms of meeting TSA requirements and being ready to deploy, Vaughan says. She says that TSA is examining the use of third parties to do some of this testing and is working with the National Institute of Standards and Technology to help “us structure a framework for how we can introduce third party testing.”
She also said that TSA is trying to partner more closely with industry “so they have more visibility in how testing is done.”
TSA is also working to improve the security technology it has includes making operation enhancements to existing systems, Vaughan says. These include ways to make help Transportation Security Officers and improve the detection capabilities of systems to meet new threats, she says, adding that the agency wants to “push the capabilities to furthest limit of what’s fielded.”
TSA Administrator Peter Neffenger wants to create “innovation lanes” in FY ’16, which means introducing new technologies and capabilities into airports for testing in an operational environment, Vaughan says. The agency is in early discussions about these lanes, which will include some existing capabilities along with new ones such as biometrics, automatic bin returns at the checkpoint, and others, she says.