innovating the future of aviation security
TRANSCRIPT
Innovating the Future of Aviation Security
July 19, 2016
1
Innovating the Future of Aviation Security Workshop Topics
Standards & Security | Updates to Detection Standards
Passenger Screening | LCCE Revision Updates; Passenger Screening Experience
Test & Evaluation | New Qualification Process; Third Party Testing Update
Deployment & Logistics | Planning Guidelines and Design; Checkpoint Design Guide
Checked Baggage | Recap and Acquisition Plans
Cybersecurity | Cybersecurity Requirements; Technical Solutions
Innovation | Operational Improvements; New Technologies; Innovation Task Force (ITF)
System Architecture | Update on Implementation of OSC System Architecture; Priorities for Fiscal Year 2017; TSE Connectivity
1 Enhancing Core Mission Delivery by Focusing on System- of-Systems
2 Integrating Principles of Risk-Based Security in Capabilities, Processes, and Technologies
4 Increasing Transparency in Engagement with Stakeholders to Enable Innovation
3 Streamlining Acquisitions, Requirements, and Test and Evaluation Processes
Alignment to Strategic Five-Year Technology Investment Plan Themes:
2
The Office of Security Capabilities safeguards
our nation’s transportation systems
through the qualification and delivery
of innovative security capabilities and solutions.
Innovation
System Architecture Standards
& Security
Test & Evaluation
Deployment and Logistics
Checked Baggage
Passenger Screening
Cybersecurity
3 4
2 3 2 3
1 2 1 2 3 4
3 4
3 4 1 2 3
1
1 2
Lifecycle of a Capability
Checkpoint Implement new lifecycle cost
estimates (LCCEs) focused on maintenance of existing TSE in the near term and the development of future capabilities longer range.
Updated Detection Standards Develop new primary passenger
screening detection requirements with input from
industry and DHS groups.
Test and Evaluation Enhance System Qualification
Process and establish the Engineering Requirements Review
Board (ERRB).
Cybersecurity Complete studies and analyses that cover both operational and
technical cybersecurity challenges.
Common Standards Establish common standards for TSE
and user interfaces to support program integration and increase transparency
for stakeholders.
Program Initiation and Integration Align the checked baggage and
checkpoint programs to support system architecture.
System-of-Systems Define the future state of system
architecture to support interoperability and connectivity.
Innovation Incorporate new technologies and processes into TSA operations to
improve efficiency and effectiveness.
OSC is building a culture of innovation and developing a system-of-systems approach to support next generation curb-to-gate solutions and allow for the rapid demonstration and deployment of emerging technologies to
improve passenger satisfaction, enhance detection, and increase efficiencies.
Checked Baggage Upgrade existing technologies and maintain capabilities to support a system-of-systems
approach.
New Technologies Partner with DHS S&T and
industry to develop new technologies for screening, identity
verification, and information technology (IT) security.
3
Security Technology Integrated Program (STIP)
Enablement Connect Transportation
Security Equipment (TSE) to a shared network by enabling
STIP.
Deploy and Sustain Coordinate deployments, maintain
fielded technologies, and make recommendations for redesign efforts.
Cybersecurity
TSA/OSC is developing a set of cybersecurity capabilities for endpoint devices and the network to mitigate known cybersecurity risks and allow authorizing officials to weigh against compliance requirements, enabling a risk mitigation approach to TSE cybersecurity.
1. Operating System (OS) Currency/ Security Patching
2. OS Hardening 3. Anti-Virus (AV) Updates 4. Personal Identity Verification (PIV)
Compatibility
5. Security Scanning Support 6. Technical Obsolescence 7. Security Operations Center (SOC) Monitoring 8. Plan of Action & Milestones (POA&M) Support 9. Vendor Information System Security Officer
(ISSO) Designation
DHS Cybersecurity Requirements
• Credential Authentication Technology (CAT)
Cybersecurity Remediation • Johns Hopkins University Applied Physics Lab
(JHU/APL) Study – Perform Developmental Test & Evaluation (DT&E) of the STIP system and conduct assessments of cyber threats to checkpoint operations and equipment (e.g., CAT)
• Cybersecurity Market Research – Identify solutions for potential proofs of concepts (PoC) to allow TSEs to reconnect to TSANet
• Assessments will enhance TSA cybersecurity
through identification of potential cybersecurity threats, providing TSA with an increased level of awareness of the threat environment to support risk-based security initiatives
• Identifying enterprise-level cybersecurity solutions will allow OSC to buy-down risk and conduct comprehensive security solution assessments
Initiatives Impact
Innovation Task Force
In the upcoming year, TSA is investing in people, process, and technology innovation through the Innovation Task Force. In coordination with industry, airports, airlines, and other stakeholders, the long-term goal of these innovation initiatives is to increase operational effectiveness and efficiency.
Current initiatives leading to increased technology effectiveness and efficiency are the following:
• DHS S&T Screening at Speed
• Emerging Technology Demonstrations
• Executable Strategic Plan for Innovation Initiatives
• A vision for a future screening experience that
includes higher throughput, increased detection, and passenger experience
• Next-generation technology that increases TSA and aviation partners’ range of possibilities, rather than bounding that range
• An innovative environment that fosters emerging capabilities and collaboration across stakeholders
Initiatives Impact
People
People solutions, process improvements, and technology advancements support OSC’s innovation initiatives and
enable a future screening experience for passengers.
Pilot at ATL
Atlanta International Airport (ATL) is the pilot innovation lane, allowing TSA to refine the process to establish and operate an innovation lane. TSA continues to develop and refine the broader ITF program based on the ATL pilot.
ATL Overview • Partnering with Delta, MacDonald Humfrey, Rapiscan, and Atlanta Airport Authority • Assessing MacDonald Humfrey Automated Screening Lane, commonly referred to as a bin return system • Cross-TSA IPT developing processes to execute ATL innovation lane
March April May
3/18 – 5/2: MH Software Development 5/24: Go-Live
5/3 – 5/13: TSIF Testing
5/6: ATL Infrastructure Updates; MH System Delivered to ATL
5/15: Lanes Fully Operational
5/15 – 5/23: TSO Training and Checkpoint Finalization
3/18: Stakeholder Kick-off Meeting
2016
ATL Wins
Identified critical path to expedite delivery in less than 9 weeks
Kicked off IPT and enabled coordination across TSA and external stakeholders
Developed processes and documentation to drive future ITF site stand-ups and installations
Go-Live
2016
Automated Screening Lane System Demonstration
System Architecture
The OSC System Architecture program supports the integration of technology, data, and processes to enable expanded implementation of risk-based security through the development of an integrated and modularized security screening system.
Implementation and Migration Planning
Conduct detailed implementation analysis, migration planning, and
project prioritization
Common Data and Interface Standards
for Non-Imaging Modalities
Document standard post-processed data format
System of Systems
Current capabilities integrated into initial baseline
Implementation Governance
Govern the overall implementation and deployment processProgram Alignment
and Business Reengineering
Assess and reengineer relevant organizational
processes
Architecture TestbedImplement physical system
architecture testbed
System Architecture Program InitiationSocialize principles and vision with programs, partners, and industry
Program InitiativesRequirements and Standards
Architecture Development Documentation Testing Deployment
Key
New capabilities procured through a system of systems approach with updates to the
hardware and software baseline
Cybersecurity is a requirement for full System of Systems capability
Common GUI Displays
Develop EDS and AT common display
standards
Common AlgorithmsDevelop 3rd party
dynamic risk-based algorithms
Common Data and Interface StandardsDocument standard post-
processed image data format
Architecture Definition
Define the current and future state of business, data, application, and
technology architectures
Interface and Standards AnalysisIdentify and assess key interfaces and evaluate
standards such as DICOS
Cybersecurity Solution Proof of Concept
Initial TSE Connectivity
Cybersecurity Milestone
9
Deployment and Logistics
Activities that relate to industry
Desired Outcomes / Benefits
OSC’s Deployment and Logistics Division (DLD) provides airports with efficient and effective security capabilities for checked baggage and checkpoint screening options, communicates with internal and external stakeholders to coordinate deployment, and maintains all fielded TSE throughout its lifecycle.
Initiatives Impact
• Provide guidance for checkpoint redesign efforts at airports to prepare checkpoints for next generation technologies and capability demonstrations
• Create and maintain checkpoint design guides through DLD that allow for integration of new TSE
• Maintain the Deployment Interactive Viewer of Equipment (DIVE)
• Checkpoint design guides can emphasize best practices for designing screening system layouts that allow the integration of future capabilities
• DIVE enables TSA to view current deployments and incorporate future capabilities into airport planning, easing the path to system integration for new TSE
10
Checked Baggage
Activities that relate to industry
Desired Outcomes / Benefits
The OSC Checked Baggage Technologies Division (CBTD) has outlined a path forward in order to meet TSA’s goal to improve security effectiveness through a system-of-systems technological approach. By establishing agreed-upon pathways, interdependencies, and supporting roles, CBTD is working to achieve targeted future state objectives.
Initiatives Impact
• Develop and deploy enhanced threat detection algorithms
• Develop and deploy CT80DR+ Upgrade Kit
• Enhance alarm resolution capabilities
• Upgrade networks and enhance focus on IT security
• Develop Threat Image Projection • Maintain the Planning Guidelines
and Design Standards (PGDS) through cooperation between CBTD and DLD
• TSA will procure and deploy TSE (EDS and ETD units) to maintain 100% screening compliance
• Current projects with executed Letters of Intent or Other Transactional Agreements will be fulfilled
• Upgraded networks will enhance IT security, allowing for STIP enablement
11
Test and Evaluation
Activities that relate to industry
Desired Outcomes / Benefits
OSC’s Test and Evaluation Division (TED) provides test and evaluation and lifecycle matrix support services to the OSC program offices, TSA field elements, and other TSA/DHS stakeholders. TSA is improving TSE acquisitions by engaging with the Original Equipment Manufacturer (OEM) earlier in the development process, resulting in more mature TSE.
Initiatives Impact
• System Qualification Process Enhancements o Earlier and more frequent
involvement with the OEM during Design and Development of TSE
o Third Party Testing Program • Engineering Requirements Review
Board (ERRB) Development
• System Qualification Process Enhancements could decrease failures, delays, and costs resulting from the iterative cycle of test, fix, and retest
• ERRB will provide a forum for key stakeholders to review and approve functional requirements prior to finalizing relevant acquisition documentation
12
Passenger Screening Program
FY17 FY18 FY19 FY20 FY21 FY22 FY23 FY24 FY25 FY26
As TSA moves towards full implementation of System Architecture, activities for deployed systems will decrease while funding and resources will be increasingly focused on future capabilities.
PSP LCCE Overview
Rel
ativ
e Fu
ndin
g T
rend
s
The Checkpoint Solutions and Integration Division (CSID) Passenger Screening Program (PSP) LCCE document provides a structured accounting of all associated checkpoint TSE cost elements. The LCCE accounts for all PSP activities and helps prioritize maintenance and improvements to currently deployed TSE based on the establishment of future programs.
New Programs (New Checkpoint Capabilities) Establish new programs to provide systems based on future checkpoint capability needs, focusing on a holistic approach and moving away from specific technology based requirements
PSP (Legacy TSE) PC&I Sustain, maintain, and improve deployed capabilities (including recapitalization) through FY20
PSP (Legacy TSE) O&M Operate and maintain fielded equipment
New Programs (New Checkpoint Capabilities) Establish new programs to provide systems based on future checkpoint capability needs, focusing on a holistic approach and moving away from specific technology based requirements
13
Standards and Security
Due to constantly evolving security threats facing multiple DHS components, TSA is reviewing requirements and detection standards and updating processes to protect against threats facing the nation while enabling enhanced future technologies.
• Aligning testing processes to allow technology and algorithms to be submitted for certification in addition to qualification
• Revising detection standards and requirements for Advanced Technology/Automated Personnel Security System, Explosives Detection System, Explosives Trace Detector, Bottled Liquids Scanner, Advanced Imaging Technology (AIT), and Enhanced Metal Detector to provide security against an adaptive and improvising adversary
• Enhancing checkpoint design recommendations
• Certified technology and algorithms can be submitted to ITF for demonstration and will encourage mature TSE and technical capability
• Revised detection standards will require technologies to be recertified in order to be deployed
• Industry will need to consistently innovate through development of algorithms and technologies to meet new standards
• Updated checkpoint design recommendations allow for demonstration of enhanced future capabilities
Initiatives Impact
14
OSC High-Level Initiative Timeline
Short-term (6-12 months)
Deploy vetted technologies and improve existing processes
• Define and initiate system architecture projects
• Finalize requirements for next-generation technologies
• Finalize checkpoint technologies LCCE
• Deploy additional AIT machines • Recap ETD machines • Deploy CAT • Conduct cybersecurity proof-of-
concept and market research • Establish new qualification
processes • Align program regimens • Implement ITF with 4 airlines in
10+ airports
Mid-term (1-2 years)
Develop innovative solutions and capabilities
• Partner with DHS S&T Screening at Speed
• Invest in emerging technologies • Enhance algorithms for ultra false
acceptance rates • Implement IT security
requirements • Network TSE through STIP • Integrate RBS with checked
baggage • Define common standards for
TSE and interfaces • Assess OSC’s future operating
model
Long-term (2-10 years)
Create a holistic curb-to-gate screening approach
• Implement system architecture • Deploy walk-through, standoff
trace detection, next-generation X-Ray, and high resolution trace detection
• Fully implement biometrics • Deploy dynamic and risk
management algorithms • Fully integrate risk in passenger
and baggage screening • Create a seamless passenger
experience • Enhance screening and detection
through stream of commerce and improvised threat characterization
• Demonstrate future concepts
15