Latetia Henderson, APM

Austin Gould, RCA

Keith Goll, RCA

RCA and APM Update

1

Capability Lifecycle

❑ Materiel Solutions: APM executes the acquisition program. RCA, as the LBA, acts as

the primary end-user advocate of the capability throughout ALF activities.

❑ Non-Materiel Solutions: RCA works with the responsible Office to address the capability

gap (e.g., Training, procedures, policy, etc.)

Operational

Analysis

Asset/System

Capability

Analysis

Capability

Analysis

Report

Mission

Need

Statement

Concept

of

Operations

Operational

Requirements

Document

Detailed

Specification

Capability

Developed

Capability

Fielded

(Asset/System)

Post

Implementation

Review

RCA Functions (Primary) RCA Secondary/LBA Functions

APM Functions (Primary)

Ma

teri

el

No

n-M

ate

rie

l

Responsible Office Functions (Primary)Responsible Office Secondary/Key Stakeholder

2

Technology Innovation and Demonstrations

RCA functions primarily in the early stages of capability development and acts as the Lead Business

Authority (LBA) to validate that the user’s need is met.

APM Secondary/Key Stakeholder

APM OverviewAPM delivers innovative capabilities to support Transportation Security Officers in the field and drive TSA’s

mission to secure the Nation’s transportation systems.

• Set performance requirements for Transportation Security Equipment

(TSE)

• Test, qualify, deploy, and manage the deployed TSE fleet

• Provide test and evaluation services to DHS stakeholders

• Conduct independent analyses of acquisition programs to provide

assessment and recommendations to the Component Acquisition

Executive (CAE)

• Develop, implement, and maintain the agency’s cost estimation

capability for acquisition programs

Consists of over 160

employees in seven

divisions

Manages approx. $1B in

acquisition program

funds

Maintains a fleet of

over 14,000

deployed TSE

Provides Acquisition

Directive 102-01 expertise to

program managers

• Checked Baggage

Technologies Division

(CBTD)

• Checkpoint Solutions

and Integration Division

(CSID)

• Security

Technology

Integrated Program

(STIP)

• Mission Scheduling

and Notification

System (MSNS)

• Modernization,

Performance

Management Information

System (PMIS)

• Technology

Infrastructure

Modernization

Program (TIM)

• Manage TSA’s Level 1, 2, and 3 acquisition programs, including:

APM At a Glance

APM

Acquisition

Management

Functional

DivisionAcquisition

Management

Outreach

Division

Checked

Baggage

Technologies

Division

Checkpoint

Solutions and

Integration

DivisionDeployment

and Logistics

Division

Mission

Support

Division

Test and

Evaluation

Division

Technology

Infrastructure

Modernization

Program

Division

3

RCA Overview

4

Perform gap

analysis.

Develop

requirements to close

identified gaps.

Serve as the lead

business authority

for the agency.

Develop and

enhance

capabilities.

Provide decision

making

support to TSA.

Manages $124M

portfolio

Employs 100 full time

employees

Completed more than

15 pilots and

demonstrations across

Aviation and Intermodal

Security spaces

Completed 64 reviews

& 15 technical

documents for DHS as

TSA’s requirements

development shop and

JRC gatekeeper

Threat Response

• PEDs

• Powders

RCA Recent Successes

5

Innovation Demonstrations

• ASL - 135 lanes at 14

airports

• BAA - identified over 175

innovative solutions

Detection at Range (DaR)

• Tested with >10 mass transit

end users over past 2 years

• Enables law enforcement to

identify concealed objects

Enhanced Accessible

Property Screening

• Pilot yielded 156%

detection improvement

Biometrics

• 5 Biometric pilots at 5

airports

• Signed joint memo

with CBP

Computed Tomography

• 15 deployed by end of

calendar year

Detection Standards

• 6 created/updated/

managed

• (APSS, AIT, EDS,

ETD, BLS, and EMD)

• TSA is exploring new acquisition approaches to more quickly and efficiently deploy TSE while increasing the pace of security

innovation. enhancing operations, and improving customer experience.

• CAT provides enhanced tools in one machine to enable the

ability to detect real, fake, counterfeit, and fraudulent IDs, at a

cost efficient price. CAT relies on network connection to Secure

Flight (SF) via STIP to receive passenger flight and vetting

information.

APM’s ultimate goal is to implement a dynamic and adaptable communications infrastructure that facilitates the transfer of data

between TSE, TSA Data Centers, and TSA Operational Stakeholders.

Connectivity

• Working with key stakeholders to define Federal Information

Security Management Act (FISMA) boundaries and applicable

cyber requirements, obtain Authority to Operate (ATO) and

manage compliance, and ensure all procurement packages

through the Information Technology Acquisition Review (ITAR)

process

Cybersecurity

Credential Authentication Technology

Computed Tomography

Lease vs Buy Analysis

• Security Technology Integrated Program (STIP) creates a web

of interconnected TSE that ties back to a centralized control

point.

• STIP will use DOMAIN to develop and deploy the endpoint

connectivity solution, and will secure the endpoint with a

combination of software (firewalls) and secure system

architecture.

• In order to address emerging and evolving threats, TSA is

committed to rapidly developing and deploying CT to the

checkpoint. The end goal of this effort is an eventual

replacement of all ATs with CTs.

OperationsSecurityCustomer

Experience

APM FY18 Initiatives

6

RCA FY18 Initiatives

7

Expand Capability

Requirements

Biometrics

Innovation

DemosRisk Analysis

System

ArchitectureMature TSCAP S&T Partnership

International

Engagement

APSS

Development

Notional APM FY19 Budget Landscape

APM FY19

Budget Total*: $732M

• Checkpoint Technology

Procurements

• Algorithm Development and

Technology Enhancements

• Test and Evaluation

• Deployment

• STIP Maintenance/Pilots

• Professional & Engineering

Contract Support

• Travel, Training, Supplies

PC&B

$30M

Capital

Fund

$250M

Maintenance

$282M

Program

Funding

$170M

• Checkpoint and Checked

Baggage Maintenance

Support

PC&B:$30M / 4% Maintenance:

$282M / 39%

Program Funding: $170M / 23%

Checked Baggage: $27M Checkpoint: $143M

Capital Fund:$250M / 34%

OTAs: $96M

Technology

Procurements:

$155M

PSP Maintenance:

$81M

EBSP

Maintenance:

$200M

• Other Transactional Agreements

(OTAs)

• Checked Baggage Technology

Procurements

• Includes carryover funds

*Information presented may change based on

final appropriations and/or TSA priorities

8

Traditional Barriers to Quicker Acquisition

9

Technical Debt: Historical development

/deployment /issues have created “scar tissue” that

impedes future progress.

Organizational Interdependencies: Integrated

responsibilities with other offices (e.g. RCA, OTD,

OSO, OIT, OSO) introduces risk and

opportunities for confused lines of responsibility.

Fluid Enterprise Strategic Focus and Mission

Needs: Changes to mission and strategic focus

influences program level decision making and

prioritization.

Technology and Industry Limitations:

Technology essentially a COTS product and not

readily available to meet requirements without

lengthy development cycles. Market share is often

limited, restricting access to “best” available.

Clear Functional Requirements: Successfully

testing and making necessary trade-offs to

deliver capability relies on a foundation of

complete and straightforward requirements.

Reactive Nature: Program frequently in the position

of catching up with operator/threat. Changing

priorities/”nice to haves” frequently take precedence

over identified needs (e.g. scope creep).

Risk Averse: Challenge of balancing trade-offs for

rapid action, innovation and risks (e.g. policy, cyber

security, certification/operational testing, etc.)

Workforce Proficiency: Much of acquisition

workforce does not possess necessary experience

(e.g. scheduling, subject matter expertise, IT, etc.).

High attrition, vacancy rates, and low engagement

compound issues.

Complicated Governance: DHS oversight carries

similar aversion to risk and with additional focus on

process; interpretation of policy can limit flexibility.

Focus Areas

1

2

3

4

5

6

7

8

9

APPENDIX

10

TSAM Overview

The TSAM tailors DHS acquisition policy to the specific needs of TSA, including opportunities for flexibility and

methods of acceleration, by clearly defining a repeatable, transparent, end-to-end acquisition process that

operates synchronously with TSA business processes and the Administrator’s Intent.

Sections

Enclosure

Acquisition

Manual Intent

R&Rs

Processes/

Reviews

Phases

Methods of

Acceleration

TSAM Structure TSAM Value

Aligns to Administrator’s Intent 2.1: Improve the

speed to decision and 2.2: Reduce the time to field

solutions, through a repeatable end-to-end process

Fosters intelligent trade offs in risk through

Methods of Acceleration such as agile project

management, ALF IPTs, and IMS accelerators

Incorporates acquisition best practices from DHS

AD-102, Coast Guard Major Systems Acquisitions

Manual (MSAM), and CBP Program Lifecycle

Process (PLP) Guide

Implements Pre-Need Phase and ADE-0 to

synchronize TSA’s CIP, PPBE, RAP, capability gap

identification/prioritization, and acquisition strategy to

a calendar-driven basis with field input

Provides a structured process to transition ITF

demonstrations to a PoR that is AD-102 compliant

and has organizational buy in from DHS PARM

TSAM Implementation(six months to complete implementation)

Championship

TSAM: TSA Administrator

Implementation: CAE, RCA/APM AAs

TSA Business Process: CFO, CIO

Ownership

TSAM: CAE

Implementation: RCA/APM DDs/Staff

Accountability: Performance Plans

Implementation Plan

Singular Plan: CAE, RCA, APM

Engagement: stakeholders not as

recipients, but as invested participants

11

Emergent AcquisitionsWorking with PARM and using JIDO as a model, we designed a TSA-tailored Emergent Operational Need

(EON) acquisition process to serve as a middle path between AD-102 and UON.

EON Request

Analyze and SelectObtain

Produce, Deploy, and Support

E1 E2

As needed Six months 18 months

One month One month

Emergent Operational Need (EON) Acquisition Lifecycle

Emergent Operational Need (EON): identified by the TRG, from intelligence or through developments in

the field or in the transportation arena, which, if not addressed in a two-year timeframe, could lead to loss

of life or become an urgent need.

EON Implementation EON Execution

Implementing the EON process would require: Executing the EON process would result in:

Accepting risk in the form of minimum viable

product (MVP) style acquisition documentation

Expedient reviews by the JRC, PARM,

DHS and TSA CFOs, an ARB, and the CAE

Approval of a TSA EON IPT to serve as a task

force for EON analysis and development

Improved speed to decision through increased

leadership oversight and accelerated reviews

Defining a middle path to acquisitions that

is transferrable to the traditional AD-102 path

Reduced time to field solutions through

accelerated analysis and an empowered workforce

12

Connectivity

• Security Technology Integrated Program (STIP) creates

a web of interconnected TSE that ties back to a

centralized control point, which allows for greater

transparency and control over field operations, enhanced

data flows, and increased automation.

• STIP will use DOMAIN to develop and deploy the

endpoint connectivity solution, and will secure the

endpoint with a combination of software (firewalls) and

secure system architecture.

APM’s ultimate goal is to implement a dynamic and adaptable communications infrastructure that facilitates the transfer of data

between TSE, TSA Data Centers, and TSA Operational Stakeholders.

STIP

• The Cyber Risk Framework supports APM’s

cybersecurity mission and goals via three domain areas:

• Implementation of National Institute of Standards and

Technology (NIST) and DHS security controls allow

TSEs to securely connect to the network.

• Technical security and process engineering supports

secure endpoint deployment.

• A cybersecure environment enables remote monitoring,

diagnosing, troubleshooting TSE which allows TSA to

address equipment issues and manage configurations.

Secure: Enhance controls to protect against threats & comply with cybersecurity standards & regulations

Vigilant: Detect violations & anomalies through better situational awareness across the environment

Resilient: Establish the ability to quickly return to normal operations & repair damage to the business

Cybersecurity

Phase 1:

Pilot at IAD

STIP Future Deployment

Phase 1:

Pilot at

IAD

Airport

Phase 2:

Extension to

CAT X

Airports

Phase 3:

Wide-Scale

Deployments

to US airports

13

Credential Authentication Technology

(CAT) and Computed Tomography (CT)

Accurately verify passengers’ identity documents (ID)

Accurately validate passengers’ flight reservation

status

Accurately verify Secure Flight passenger’s vetting

status

The current ability to detect REAL, fake, counterfeit, &

fraudulent IDs relies on a manual process to authenticate

various forms of ID presented by passengers, airport/airline

personnel, and officers at security checkpoints or exit lanes.

CAT provides those enhanced tools in one machine, at a

cost efficient price. CAT relies on network connection to

Secure Flight (SF) via STIP to receive passenger flight and

vetting information.

TSA is pursuing a dual-track approach to field CT

systems by FY 2019 and to enable CT systems to

achieve a higher Accessible Property Screening

System (APSS) detection standard.

In order to address emerging and evolving threats, TSA

is committed to rapidly developing and deploying CT to

the checkpoint. The end goal of this effort is an eventual

replacement of all ATs with CTs.

CAT enhances the TSO’s ability to:Short-term strategy:

• Executing the AT/CT project under the

Advanced Technology (AT) program

• Conducting qualification testing (QT) in Q3 and

operational testing (OT) in Q4 FY18

Long-term strategy:

• Standing-up a separate APS Program to work

towards an improved algorithm, connectivity,

and full cyber protections, and seek ADE-2a by

Q2FY19

CTCAT

Timeline:

• ADE-2A in FY19Q2 to support beginning of

deployment in FY19Q3 for Pre-Check

14

Lease Versus Buy Analysis

TSA is exploring new acquisition approaches to more quickly and efficiently deploy TSE while increasing the pace of security

innovation. enhancing operations, and improving customer experience.

Objectives

OperationsSecurityCustomer

Experience

Approach

• Engage airlines, airports, vendors, and potential third-party financing providers to more fully understand:

• Current market options for leasing arrangements and their implications

• Environmental or policy barriers and high-level mitigation options

• Develop a quantitative cost and qualitative benefits case for arrangements (including incentives and parameters) suited to

specific TSE types

15

16

RCA Future State

• Develop, test, and deploy checkpoint CT

• Implement System Architecture

• Create Identity Verification roadmap to guide TSA investments

• Improve technology transitions and acquisitions processes

• Mature requirements development processes to create testable, detailed requirements

Where we are today?

ACCOMPLISHMENTS

• Computed Tomography (CT) development

• Finalize TSA Biometrics Strategy

• Raise Global Security Baseline with emerging threats

FUTURE FOCUS

Where we are going?

• Provide technical expertise

• Grow organizational risk assessment capabilities

• Improve capability development and analysis

• Mature existing gap analysis processes

• Provide system engineering support

INDUSTRY NEEDSHow industry can help?

17