The OIG did not blame the local TSA officials at the airports for the problem. Instead, it pointed the finger at the federal TSA leadership for not providing adequate guidance to airports regarding how they should identify and report breaches. The report notes that inconsistencies have occurred because TSA has 33 different kinds of security incidents, one of which is specifically labeled “security breach.”
Confusion reigns. For instance, investigators found that an improper bag hand-off was recorded in the category of “sterile area access event” at one airport, but four similar incidents were recorded in the category of “security breach” at another airport. These inconsistencies are magnified because the definition of the category of “security breach” is vague.
Peter Boynton, codirector of the George J. Kostas Research Institute for Homeland Security at Northeastern University, said the ambiguities identified by DHS OIG existed when he was the federal security director at Connecticut’s Bradley International Airport between 2007 and 2009.
“If you put three reasonable people in the room, they might all come up with a different way to enter [a security incident] into PARIS based on the guidelines, and none of them would be wrong, but they would all be different,” he explains.
TSA officials use these reports to determine whether they need to adjust their security posture, says Erroll Southers, managing director of counter-terrorism and infrastructure protection at TAL Global and the former chief of homeland security and intelligence at Los Angeles International Airport. So if the categories are confusing, that’s a problem.
Boynton agrees, adding that accurate breach reporting allows TSA to identify those airports that experience more or less than the baseline number of breaches and learn lessons from each. In addition, if TSA knows which types of breaches are most common at airports nationwide, it can direct scarce research and development dollars to those issues.