After a rash of security breaches occurred at Newark Liberty International Airport from early 2010 to early 2011, including six in less than two months, Sen. Frank Lautenberg (D-NJ) requested an investigation. The resulting report from the Department of Homeland Security’s (DHS) Office of Inspector General (OIG) revealed that the problem was much larger than one airport. It found that the Transportation Security Administration (TSA) didn’t have a process in place for ensuring that breaches were consistently reported, tracked, and corrected, or any system for learning from its mistakes.
“TSA does not have a comprehensive oversight program in place to gather information about all security breaches and therefore cannot use the information to monitor trends or make general improvements to security,” concluded the report. “As a result, it does not have a complete understanding of breaches occurring at the Nation’s airports and misses opportunities to strengthen aviation security.”
Findings were based on visits to six airports; they were not named in the public version of the report. Investigators determined that TSA staff at these airports did not report all security breaches through the agency’s Performance and Results Information System (PARIS), which is the system through which staff is supposed to record and track all security incidents that take place.
According to the report, the airports studied used PARIS to document only 42 percent of the security breaches that occurred over a 17-month period. This failure to report security breaches, according to DHS OIG, jeopardizes TSA’s ability “to detect security vulnerabilities and identify trends among airports nationwide.”
It also undermines the agency’s chances of connecting the dots of something potentially more threatening because the agency’s Transportation Security Operations Center (TSOC) uses the PARIS database to “identify events occurring at disparate locations throughout the U.S. transportation system that could represent an orchestrated attempt to defeat or circumvent security protocols.”