Transportation Security Administration (TSA) - Experts & Thought Leaders

Xtract One Technologies, a technology-driven threat detection and security solution that prioritizes the patron access experience by leveraging AI announced its SmartGateway patron screening solution was rigorously tested by the TSA for effectiveness and suitability, and as a result, will be included in the TSA’s 2023 approved product list. The extensive testing was completed by Johns Hopkins University’s Applied Physics Laboratory (APL), the nation's largest university-affiliated research center, on behalf of the TSA. TSA and APL verification SmartGateway’s TSA and APL verification signifies the system's adherence to documented specifications. The testing process encompassed a wide range of threat items, and scenarios, underscoring the product's reliability and performance across a broad set of applications. Rigorous third-party validation is a requirement of technology vendors for professional sports leagues including the NHL, NBA, MLB, and NFL. AI-powered sensors The SmartGateway system unobtrusively scans patrons for guns, knives, and other prohibited items The SmartGateway system unobtrusively scans patrons for guns, knives, and other prohibited items as they pass through the system. This solution was designed to secure large, ticketed venues to enable high throughput, using AI-powered sensors to detect threats without invading patrons’ sense of privacy and comfort.  SmartGateway patron screening solution "With the rigorous testing conducted at Johns Hopkins University, we have evaluated Xtract One’s documented and published specifications for their SmartGateway patron screening solution,” said Mona Espinosa, Chief Public Area Security & Infrastructure Protection (PASIP), Multimodal and Public Area Capabilities (MPAC), Requirements & Capabilities Analysis (RCA), Department of Homeland Security – TSA. Mona Espinosa adds, “Our objective is to test and identify approved technology solutions, which have been assessed to ensure their claims are supported by their technology's functionality." Broad detection capabilities "The integrity and extensiveness of this testing process and inclusion by the TSA in its approved products list highlight our continued objective to provide transparency across all areas of our business, ensuring our sales and marketing messaging aligns with our product capabilities,” said Peter Evans, CEO of Xtract One. Peter Evans adds, “We are proud to have achieved this validation of the broad detection capabilities of our solution, and that customers can confidently select our solutions to deliver the expected outcomes for their organizations.”

SecurityScorecard announced that the Transportation Security Administration (TSA) has awarded a contract for SecurityScorecard subscriptions to enable pipeline and rail owners/operators, who elect to use the subscription to more accurately monitor and assess the cyber health of their transportation systems. Subscription service SecurityScorecard’s subscription service allows owners/operators to voluntarily assess their cybersecurity posture with cybersecurity vulnerability monitoring, ratings, and threat intelligence. These automated capabilities enable owners/operators to monitor their public-facing internet applications and services.  New and innovative capabilities “As cyber threats against critical infrastructure continue to escalate, fulfilling TSA's security mission requires new and innovative capabilities to stay ahead of our adversaries,” said Sonya Proctor, Assistant Administrator of the Surface Operations Office of the TSA. TSA’s partners who elect to use the subscription will receive SecurityScorecard’s security ratings Sonya Proctor adds, “This capability offers another resource that allows us to strengthen our security partnerships and represents a major step forward in our overall strategy to secure our nation's critical infrastructure.” While the use of the subscription service is not directed nor required by any TSA cybersecurity security directives, TSA’s private sector partners who elect to use the subscription will receive access to SecurityScorecard’s comprehensive security ratings and automated assessments. Patented, easy-to-understand scorecards Owner/Operators will receive findings in patented, easy-to-understand, “A to F” graded scorecards with collaborative mechanisms to remediate observed cybersecurity risks. This allows for more effective compliance reporting, improved communication, and informed decision-making. SecurityScorecard will also provide TSA with high-level reports containing data on the cybersecurity vulnerabilities affecting the rail and pipeline sectors. The contract was awarded to Alvarez LLC, a service-disabled, veteran-owned small business, and Carahsoft Technology Corp. This company was the prime contractor and distributor of Scorecard software.

Hakimo, a technology company dedicated to modernizing physical security through its artificial intelligence (AI) software, has announced that Punta Gorda Airport (PGD) has deployed the Hakimo solution, in order to enhance security and support Transportation Security Administration (TSA) compliance efforts. One of the fastest growing airports in the United States of America (USA), Punta Gorda Airport (PGD) offers commercial service to more than 50 destinations, in addition to supporting a large general aviation population. Punta Gorda Airport (PGD) deploys Hakimo software PGD turned to Hakimo to help monitor for and reduce incidents of unauthorized access by people and vehicles (piggybacking and tailgating) at the airport. U.S. airports are required to implement access control measures to prevent unauthorized access, as part of their airport security program, which is approved and checked by the TSA. Hakimo software applies AI to airport’s security systems The Hakimo software helps address these requirements by applying artificial intelligence (AI) to the airport’s existing access control and video surveillance systems. “You can have countless policies and procedures in place, but you don’t really know what’s happening unless you have a guard at every access point,” said Raymond Laroche, the Director of Operations and Maintenance at Punta Gorda Airport (PGD), adding “The Hakimo AI software is that guard.” Implementing Hakimo’s advanced AI technology PGD is already known in the aviation industry for their forward-thinking approach to security" “It has been a privilege to work with the stellar security team at PGD, to implement Hakimo’s  advanced AI technology,” said Samuel Joseph, the Co-Founder and Chief Executive Officer (CEO) at Hakimo, adding “PGD is already known in the aviation industry for their forward-thinking approach to security, and this further supports their vision.” Hakimo artificial intelligence algorithms make it possible to automatically analyze video corresponding to every badge swipe and detect piggybacking or tailgating, if and when it occurs by looking at the number of unique individuals or vehicles going through the opening. Artificial intelligence (AI) software offers real-time alerts The artificial intelligence (AI) software can then provide the security team with a real-time alert, when it detects piggybacking or tailgating. This provides organizations with a scalable way to accurately determine piggybacking or tailgating. For compliance and forensic purposes, they also have a way to easily share video clips with external authorities. The Hakimo software also helps change behavior in support of security programs. It can automatically send an email to a badge holder, when there’s a tailgating violation, or the security team can speak with them directly, to let them know about the issue. This results in real behavior change in badge holders, as seen in practice at the Punta Gorda Airport. Actionable insights from the Hakimo AI solution Finally, with actionable insights from the Hakimo artificial intelligence solution, security teams can guide security system maintenance and help inform security programs and planning. This includes uncovering potential insider threats, changing employee behavior, identifying faulty hardware and more.

If airport perimeter fencing is vulnerable then covert detection methods should be used Lack of airport perimeter security would be laughable, if it weren’t so serious. A recent farcical breach of security in London is drawing renewed attention to airport perimeter protection. I want to focus on airport perimeter security, but we’ll start with critical infrastructure in general: A nun, a housepainter and a gardener break into a nuclear facility. This sounds like the beginning of a joke except it was a disturbing reality when the trio (the nun proving to be exceptionally limber at the age of 82) defeated perimeter fencing at the Y-12 National Security Complex in Oak Ridge, Tennessee, a facility that houses the United States’ stocks of bomb-grade uranium and missiles confiscated from Libya’s Colonel Gaddafi. Perimeter Breach At JFK Airport This incident occurred in July 2012, and only a month later, a man on a jet ski clambered out of the water on the edge of John F. Kennedy International Airport, scaled a perimeter fence and walked along a runway apron. Reading a news item about this at the time, I missed a fundamental point. It should be noted that Daniel Casillo’s craft had broken down and he was neither an activist nor a deliberate trespasser. He had swum for three miles, was scared, tired and on the verge of hypothermia. His first action on nearing a terminal building was to make his presence known to a cargo worker. But it gets worse. JFK was exposed twice on consecutive days in June of this year when a would-be fisherman went over a fence, and an uncle and nephew duo deliberately tried to summon help by shaking another fence violently after the engine of their boat had failed. Consider what a group of determined jihadists equipped with bolt-cutters and weapons could do amid such lax perimeter protection. It’s enough to give me sleepless nights, and I don’t even work in airport security. Negligent Security At Heathrow Airport I thought I’d seen it all until I switched on the news earlier this month to see activists dressed as polar bears on the northern runway of London’s Heathrow International Airport after they had cut away a sizable section of chain link fence. Am I alone in thinking that terror groups might look at mainstream news sources and get ideas? The activists are from the environmental group Plane Stupid and were protesting plans for expansion at Heathrow. They assembled a tripod device themselves out of poles, and news channels chose to go with an extraordinary photograph of a polar bear (who has tactfully raised part of his headgear) being coaxed down by firemen on a cherry picker. Glasgow International’s Breach Incident It would be amusing if the security risks exposed were not so grave. Again, am I in a minority as I remember how Glasgow International, an airport I’ll fly into next month for my annual vacation, was attacked during 7/7 week in the UK when a radicalised British-born doctor drove a flaming Jeep Cherokee into its perimeter? Airport security options are comprehensive; there’s a robot that travels on a fence-mounted monorail checking for unusual situations Airport Perimeter Security Solutions Airports are secured (or not) by techniques including conventional plain fencing (typically a minimum of 6 feet high and topped with razor wire), microphonic fencing, terrain-following volumetric sensors, fiber optic sensors, digital microwave, infrared sensors, ground radar (often used in a sterilized zone between two fences), conventional “white light” CCTV with motion detection and thermal imaging cameras. The options are comprehensive, and one manufacturer even has a robot that travels on a fence-mounted monorail checking for unusual situations that may indicate an intrusion. The robot uses laser detection to alert against possible fence damage and suspicious objects. My own hope is that tumbling prices of thermal cameras (as manufacturers who have recouped their initial R&D costs allow the products to be more commercially viable) will see the units become more widespread. By definition they excel in low light and are effective at large perimeters. The “thermograms” they produce are high-contrast and therefore well suited to video analytics. I also believe that if fencing is going to prove consistently vulnerable then the airport community should bolster it with more use of covert detection methods. On a visit to a testing field run by one of the world’s largest (and most technically agile) manufacturers, I observed buried volumetric sensors being calibrated to fine tolerances so that they could reliably distinguish between human intruders and wildlife based not just on weight but pattern of movement. Unaccounted Intrusion Incidents In the United States, the Transportation Security Administration (TSA) is responsible on a nation-wide basis for screening passengers and baggage, but individual airports are tasked with securing their perimeters, a distinction that suggests the government thinks threats are more likely to come from within. Concerns have been voiced over the fact that, frequently, manned guarding is not even performed by airport staff but by poorly motivated casual workers from third-party contracting companies. If a trespass incident does not result in a police log then contractors will be showing exceptional integrity if they report each and every event to the airport. In turn, it’s naïve to expect airports to behave with complete transparency towards the TSA. They certainly don’t co-operate with the media, and earlier this year, the Port Authority of New York & New Jersey (responsible for Kennedy, LaGuardia and Newark airports) refused to give full accounts of intrusion incidents to the Associated Press. Threat And Risk Assessment Airports need to work with specialist consultants who can conduct penetrative threat assessments, and equipment specifiers in the US may wish to consult the National Safe Skies Alliance. Tennessee-based Safe Skies not only assesses the functionality of airport security equipment but exploits field conditions that are so realistic they can make predictions about whole life cycles. I don’t subscribe to the passive acceptance that only a terrorist atrocity resulting from a perimeter breach will finally spur the aviation community to put its house in order. Israel is of course a special case but the sector as a whole might like to note that a spokesperson for Ben Gurion in Tel Aviv announced earlier this year that the airport spends $200 million annually on perimeter protection alone. Returning to the recent intrusion at Heathrow; now well into middle age, I’m plagued with the usual incredulity as to what is going on around me. It hits everybody at my time of life. Have 13 people in polar bear costumes really just penetrated Europe’s busiest airport with seemingly little more effort than would have been required to break into a chicken coop?

Backscatter x-ray is a full-body scanning technology, typically used for passenger screening at airports and to detect plastic bombs and other hidden weapons. The Transportation Security Administration (TSA) has taken backscatter x-ray machines out of U.S. airports because of changing requirements, although they are still used internationally and at other venues, such as courthouses, prisons, etc. Controversy has plagued the devices since they were introduced in 2009, including concerns about safety and privacy. But how well do they work? More to the point, could a group of intrepid terrorists figure out a way to outsmart them? Several U.S. scientists from three universities decided to find out, and their results include a list of multiple ways to get around the detection provided by backscatter x-ray machines. Here are some ways a terrorist could do it: He could strap a metal weapon at his side under his clothing, or sew it into his pants leg. The metal of a gun or knife would scan as a dark area that blends in with the background, leaving the lighter body scan clear (as long as the weapon doesn’t overlap with the body image). She could mask a gun or knife using a significant thickness of PTFE plastic (Teflon), carefully tapered to avoid hard edges and shadows. Affixing a masked knife, for example, to align with the vertebrae or other bone could also help avoid detection against the darker areas that bones generate on a body scan. He could press plastic explosives into a tapered “pancake” and strap it to his belly. The required detonator could be positioned to approximate the location on the scanned image of a belly button. After hours, she could hack into the scanner’s computer system and load software programmed to replace one scanned image (that might show a weapon) with another, clear image so the operator would never see the weapon. The terrorist could also create a simple quick response (QR) code using lead tape that scans darker than the human body and is applied to an undergarment. The code would trigger the hacked software to substitute another image. The Transportation Security Administration (TSA) has taken backscatter x-ray machines out of U.S. airports because of changing requirements, although they are still used internationally and at other venues Scary stuff. The researchers’ report makes a distinction between the effectiveness of the system in everyday use or against a “naïve attacker” versus how well it holds up to an “adaptive attacker.” Also, effectiveness of the some adaptive techniques could be eliminated by simple operational adjustments, such as scanning passengers from the side as well as from the front and/or back.  The researchers admit that employing one of these strategies would require some trial and error, which would almost require that the terrorists own an X-ray backscatter machine to do their testing (as the researchers did). Availability of the machine might not be that big an obstacle, however, given that the researchers obtained a previously unused machine on eBay from a seller who acquired it at a surplus auction from a U.S. government facility in Europe. “Keeping the machine out of the hands of would-be attackers may well be an effective strategy for preventing reliable exploitation,” say the researchers. Another vulnerability of the system is the possibility of a so-called “side-channel attack” to obtain images from the system that include private and sensitive information, including anatomical size and shape of body parts, location and quantity of fat, existence of medical devices such as implants or prosthetics, etc. A scenario here might include using a secondary external x-ray backscatter sensor to access an image (of a celebrity, perhaps) that spills over from the device to, as the researchers note, “create a kind of physical side channel that potentially leaks a naked image of the subject to [a] nearby attacker.” The researchers attempted a “proof of concept” test, obtaining a less-than-detailed image, but suggested that a determined attacker might achieve better results. The researchers are from the University of California, San Diego; the University of Michigan; and Johns Hopkins University. Their results were presented in a paper at the USENIX conference in San Diego in August 2014. Here is a link to the paper included in the Proceedings of the 23rd UNSENIX Security Symposium. X-ray backscatter is just one body scan technology used at airports and other facilities. Also used are millimeter wave scanners and 3D body scanners, supplied throughout the world by a variety of manufacturers. The researchers offer some advice to manufacturers: “The root cause of many of the issues we describe seems to be failure of the system designers to think adversarially.” They recommend “independent, adversarial testing” of advanced imaging technology systems, especially considering software security.