In the Senate of the United States,
December 9, 2014.
That the bill from the House of Representatives (H.R. 2719) entitled
An Act to require the Transportation Security Administration to implement best practices and
improve transparency with regard to technology acquisition programs, and
for other purposes., do pass with the following
Strike all after the enacting clause and insert the following:
This Act may be cited as the
Transportation Security Acquisition Reform Act.
Congress finds the following:
The Transportation Security Administration has not consistently implemented Department of Homeland Security policies and Government best practices for acquisition and procurement.
The Transportation Security Administration has only recently developed a multiyear technology investment plan, and has underutilized innovation opportunities within the private sector, including from small businesses.
The Transportation Security Administration has faced challenges in meeting key performance requirements for several major acquisitions and procurements, resulting in reduced security effectiveness and wasted expenditures.
Transportation Security Administration acquisition reform
Title XVI of the Homeland Security Act of 2002 (Public Law 107–296; 116 Stat. 2312) is amended to read as follows:
In this title:
The term Administration means the Transportation Security Administration.
The term Administrator means the Administrator of the Transportation Security Administration.
The term Plan means the strategic 5-year technology investment plan developed by the Administrator under section 1611.
The term security-related technology means any technology that assists the Administration in the prevention of, or defense against, threats to United States transportation systems, including threats to people, property, and information.
Transportation security administration acquisition improvements
5-year technology investment plan
The Administrator shall—
not later than 180 days after the date of the enactment of the Transportation Security Acquisition Reform Act, develop and submit to Congress a strategic 5-year technology investment plan, that may include a classified addendum to report sensitive transportation security risks, technology vulnerabilities, or other sensitive security information; and
to the extent possible, publish the Plan in an unclassified format in the public domain.
The Administrator shall develop the Plan in consultation with—
the Under Secretary for Management;
the Under Secretary for Science and Technology;
the Chief Information Officer; and
the aviation industry stakeholder advisory committee established by the Administrator.
The Administrator may not publish the Plan under subsection (a)(2) until it has been approved by the Secretary.
Contents of Plan
The Plan shall include—
an analysis of transportation security risks and the associated capability gaps that would be best addressed by security-related technology, including consideration of the most recent quadrennial homeland security review under section 707;
a set of security-related technology acquisition needs that—
is prioritized based on risk and associated capability gaps identified under paragraph (1); and
includes planned technology programs and projects with defined objectives, goals, timelines, and measures;
an analysis of current and forecast trends in domestic and international passenger travel;
an identification of currently deployed security-related technologies that are at or near the end of their lifecycles;
an identification of test, evaluation, modeling, and simulation capabilities, including target methodologies, rationales, and timelines necessary to support the acquisition of the security-related technologies expected to meet the needs under paragraph (2);
an identification of opportunities for public-private partnerships, small and disadvantaged company participation, intragovernment collaboration, university centers of excellence, and national laboratory technology transfer;
an identification of the Administration’s acquisition workforce needs for the management of planned security-related technology acquisitions, including consideration of leveraging acquisition expertise of other Federal agencies;
an identification of the security resources, including information security resources, that will be required to protect security-related technology from physical or cyber theft, diversion, sabotage, or attack;
an identification of initiatives to streamline the Administration’s acquisition process and provide greater predictability and clarity to small, medium, and large businesses, including the timeline for testing and evaluation;
an assessment of the impact to commercial aviation passengers;
a strategy for consulting airport management, air carrier representatives, and Federal security directors whenever an acquisition will lead to the removal of equipment at airports, and how the strategy for consulting with such officials of the relevant airports will address potential negative impacts on commercial passengers or airport operations; and
in consultation with the National Institutes of Standards and Technology, an identification of security-related technology interface standards, in existence or if implemented, that could promote more interoperable passenger, baggage, and cargo screening systems.
Leveraging the private sector
To the extent possible, and in a manner that is consistent with fair and equitable practices, the Plan shall—
leverage emerging technology trends and research and development investment trends within the public and private sectors;
incorporate private sector input, including from the aviation industry stakeholder advisory committee established by the Administrator, through requests for information, industry days, and other innovative means consistent with the Federal Acquisition Regulation; and
in consultation with the Under Secretary for Science and Technology, identify technologies in existence or in development that, with or without adaptation, are expected to be suitable to meeting mission needs.
The Administrator shall include with the Plan a list of nongovernment persons that contributed to the writing of the Plan.
Update and report
Beginning 2 years after the date the Plan is submitted to Congress under subsection (a), and biennially thereafter, the Administrator shall submit to Congress—
an update of the Plan; and
a report on the extent to which each security-related technology acquired by the Administration since the last issuance or update of the Plan is consistent with the planned technology programs and projects identified under subsection (d)(2) for that security-related technology.
Acquisition justification and reports
Before the Administration implements any security-related technology acquisition, the Administrator, in accordance with the Department's policies and directives, shall determine whether the acquisition is justified by conducting an analysis that includes—
an identification of the scenarios and level of risk to transportation security from those scenarios that would be addressed by the security-related technology acquisition;
an assessment of how the proposed acquisition aligns to the Plan;
a comparison of the total expected lifecycle cost against the total expected quantitative and qualitative benefits to transportation security;
an analysis of alternative security solutions, including policy or procedure solutions, to determine if the proposed security-related technology acquisition is the most effective and cost-efficient solution based on cost-benefit considerations;
an assessment of the potential privacy and civil liberties implications of the proposed acquisition that includes, to the extent practicable, consultation with organizations that advocate for the protection of privacy and civil liberties;
a determination that the proposed acquisition is consistent with fair information practice principles issued by the Privacy Officer of the Department;
confirmation that there are no significant risks to human health or safety posed by the proposed acquisition; and
an estimate of the benefits to commercial aviation passengers.
Reports and certification to Congress
Not later than the end of the 30-day period preceding the award by the Administration of a contract for any security-related technology acquisition exceeding $30,000,000, the Administrator shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Homeland Security of the House of Representatives—
the results of the comprehensive acquisition justification under subsection (a); and
a certification by the Administrator that the benefits to transportation security justify the contract cost.
Extension due to imminent terrorist threat
If there is a known or suspected imminent threat to transportation security, the Administrator—
may reduce the 30-day period under paragraph (1) to 5 days to rapidly respond to the threat; and
shall immediately notify the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Homeland Security of the House of Representatives of the known or suspected imminent threat.
Acquisition baseline establishment and reports
Before the Administration implements any security-related technology acquisition, the appropriate acquisition official of the Department shall establish and document a set of formal baseline requirements.
The baseline requirements under paragraph (1) shall—
include the estimated costs (including lifecycle costs), schedule, and performance milestones for the planned duration of the acquisition;
identify the acquisition risks and a plan for mitigating those risks; and
assess the personnel necessary to manage the acquisition process, manage the ongoing program, and support training and other operations as necessary.
In establishing the performance milestones under paragraph (2)(A), the appropriate acquisition official of the Department, to the extent possible and in consultation with the Under Secretary for Science and Technology, shall ensure that achieving those milestones is technologically feasible.
Test and evaluation plan
The Administrator, in consultation with the Under Secretary for Science and Technology, shall develop a test and evaluation plan that describes—
the activities that are expected to be required to assess acquired technologies against the performance milestones established under paragraph (2)(A);
the necessary and cost-effective combination of laboratory testing, field testing, modeling, simulation, and supporting analysis to ensure that such technologies meet the Administration’s mission needs;
an efficient planning schedule to ensure that test and evaluation activities are completed without undue delay; and
if commercial aviation passengers are expected to interact with the security-related technology, methods that could be used to measure passenger acceptance of and familiarization with the security-related technology.
Verification and validation
The appropriate acquisition official of the Department—
subject to subparagraph (B), shall utilize independent reviewers to verify and validate the performance milestones and cost estimates developed under paragraph (2) for a security-related technology that pursuant to section 1611(d)(2) has been identified as a high priority need in the most recent Plan; and
shall ensure that the use of independent reviewers does not unduly delay the schedule of any acquisition.
Streamlining access for interested vendors
The Administrator shall establish a streamlined process for an interested vendor of a security-related technology to request and receive appropriate access to the baseline requirements and test and evaluation plans that are necessary for the vendor to participate in the acquisitions process for that technology.
Review of baseline requirements and deviation; report to congress
The appropriate acquisition official of the Department shall review and assess each implemented acquisition to determine if the acquisition is meeting the baseline requirements established under subsection (a).
Test and evaluation assessment
The review shall include an assessment of whether—
the planned testing and evaluation activities have been completed; and
the results of that testing and evaluation demonstrate that the performance milestones are technologically feasible.
Not later than 30 days after making a finding described in clause (i), (ii), or (iii) of subparagraph (A), the Administrator shall submit a report to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Homeland Security of the House of Representatives that includes—
the results of any assessment that finds that—
the actual or planned costs exceed the baseline costs by more than 10 percent;
the actual or planned schedule for delivery has been delayed by more than 180 days; or
there is a failure to meet any performance milestone that directly impacts security effectiveness;
the cause for such excessive costs, delay, or failure; and
a plan for corrective action.
Before the procurement of additional quantities of equipment to fulfill a mission need, the Administrator, to the extent practicable, shall utilize any existing units in the Administration’s inventory to meet that need.
Tracking of inventory
The Administrator shall establish a process for tracking—
the location of security-related equipment in the inventory under subsection (a);
the utilization status of security-related technology in the inventory under subsection (a); and
the quantity of security-related equipment in the inventory under subsection (a).
The Administrator shall implement internal controls to ensure up-to-date accurate data on security-related technology owned, deployed, and in use.
The Administrator shall establish logistics principles for managing inventory in an effective and efficient manner.
Limitation on just-in-time logistics
The Administrator may not use just-in-time logistics if doing so—
would inhibit necessary planning for large-scale delivery of equipment to airports or other facilities; or
would unduly diminish surge capacity for response to a terrorist threat.
Small business contracting goals
Not later than 90 days after the date of enactment of the Transportation Security Acquisition Reform Act, and annually thereafter, the Administrator shall submit a report to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Homeland Security of the House of Representatives that includes—
the Administration’s performance record with respect to meeting its published small-business contracting goals during the preceding fiscal year;
if the goals described in paragraph (1) were not met or the Administration's performance was below the published small-business contracting goals of the Department—
a list of challenges, including deviations from the Administration’s subcontracting plans, and factors that contributed to the level of performance during the preceding fiscal year;
an action plan, with benchmarks, for addressing each of the challenges identified in subparagraph (A) that—
is prepared after consultation with the Secretary of Defense and the heads of Federal departments and agencies that achieved their published goals for prime contracting with small and minority-owned businesses, including small and disadvantaged businesses, in prior fiscal years; and
identifies policies and procedures that could be incorporated by the Administration in furtherance of achieving the Administration’s published goal for such contracting; and
a status report on the implementation of the action plan that was developed in the preceding fiscal year in accordance with paragraph (2)(B), if such a plan was required.
Consistency with the Federal acquisition regulation and departmental policies and directives
The Administrator shall execute the responsibilities set forth in this subtitle in a manner consistent with, and not duplicative of, the Federal Acquisition Regulation and the Department's policies and directives.
The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by striking the items relating to title XVI and inserting the following:
TITLE XVI—Transportation security
Subtitle A—General provisions
Sec. 1601. Definitions.
Subtitle B—Transportation security administration acquisition improvements
Sec. 1611. 5-year technology investment plan.
Sec. 1612. Acquisition justification and reports.
Sec. 1613. Acquisition baseline establishment and reports.
Sec. 1614. Inventory utilization.
Sec. 1615. Small business contracting goals.
Sec. 1616. Consistency with the Federal acquisition regulation and departmental policies and directives.
Prior amendments not affected
Nothing in this section may be construed to affect any amendment made by title XVI of the Homeland Security Act of 2002 as in effect before the date of enactment of this Act.
Government Accountability Office reports
Implementation of previous recommendations
Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall submit a report to Congress that contains an assessment of the Transportation Security Administration’s implementation of recommendations regarding the acquisition of security-related technology that were made by the Government Accountability Office before the date of the enactment of this Act.
Implementation of subtitle B of Title XVI
Not later than 1 year after the date of enactment of this Act and 3 years thereafter, the Comptroller General of the United States shall submit a report to Congress that contains an evaluation of the Transportation Security Administration’s progress in implementing subtitle B of title XVI of the Homeland Security Act of 2002, as amended by section 3, including any efficiencies, cost savings, or delays that have resulted from such implementation.
Report on feasibility of inventory tracking
Not later than 90 days after the date of enactment of this Act, the Administrator of the Transportation Security Administration shall submit a report to Congress on the feasibility of tracking security-related technology, including software solutions, of the Administration through automated information and data capture technologies.
Government accountability office review of TSA’s test and evaluation process
Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall submit a report to Congress that includes—
an evaluation of the Transportation Security Administration’s testing and evaluation activities related to security-related technology;
information on the extent to which—
the execution of such testing and evaluation activities is aligned, temporally and otherwise, with the Administration’s annual budget request, acquisition needs, planned procurements, and acquisitions for technology programs and projects; and
security-related technology that has been tested, evaluated, and certified for use by the Administration but was not procured by the Administration, including the reasons the procurement did not occur; and
to improve the efficiency and efficacy of such testing and evaluation activities; and
to better align such testing and evaluation with the acquisitions process.
No additional authorization of appropriations
No additional funds are authorized to be appropriated to carry out this Act or the amendments made by this Act.