Risk-Based Assessment

Part of the Statement Peter Neffenger, Administrator, Transportation Security Administration, U.S. Department of Homeland Security gave before the United States Senate Committee on Appropriations, Subcommittee on Homeland Security.

Tuesday, March 1st, 2016.Link: TSA Budget and DARMS Discussion

“Over the last four years, we have made a significant shift to risk-based security procedures. On January 12, 2016, TSA reached two million total enrollments for the TSA Precheck Application Program. More than six million travelers are enrolled in a DHS trusted traveler program, such as Customs and Border Protection’s Global Entry, and are eligible for TSA Precheck. TSA is working aggressively to expand the number of enrolled travelers, with the goal over the next three years of enrolling 25 million travelers in the TSA Precheck Application Program or a DHS trusted traveler program. This is a four-fold increase from today. This is an important security component for TSA as it shifts to a model where “low-risk” individuals are either directly enrolled or part of an eligible low-risk population that is known to TSA.

Even more promising in terms of risk-based security procedures is the work we are doing on developing the Dynamic Aviation Risk Management Solution, or DARMS. The objective of DARMS is to unify, quantify, and integrate information across the aviation sector in order to comprehensively assess risk on an individual, on a per flight basis. DARMS will integrate information on passengers, checked baggage and cargo, aircraft operators and airports and airport perimeters.

This kind of system-side application of risk-based principles will allow greater screening segmentation and a more efficient, effective and agile reallocation of resources.

Early this year, TSA will finish the initial proof of concept of DARMS for passenger screening. Within the next one to three years we plan to finish the design and create a prototype that incorporates the complete aviation security ecosystem and which tests and evaluates the approach at a few select airports. And within four to 10 years, we plan to gradually introduce DARMS at airports. We look forward to sharing these plans in more detail with Congress.

We have actively worked with industry throughout the process to leverage their knowledge and expertise, solicit their feedback and refine the approach. TSA is committed to continuing that collaboration and strengthening those partnerships.”

Motivation

Screening people before allowing entry into a secure area is a standard practice throughout the world, e.g., screening resources are used to secure border crossings, sports stadiums, government buildings, etc. Of course, a majority of people will be familiar with airport passenger screening, where each passenger must pass through physical screening consisting of a combination of multiple types of resources (e.g. xray and walk-through metal detector) before boarding their flight. Given the significant projected future growth in aviation, agencies such as the Transportation Security Administration (TSA) in the United States are developing dynamic, risk-based screening approaches which optimize the use of resources so as to maintain a high level of security while handling increased passenger volume (AAAE 2014).

Approach

Threat Screening Game Model

A threat screening game (TSG) is a Stackelberg game played between the screener (leader) and an adversary (follower) in the presence of a set of non-player screenees passing through a screening checkpoint operated by the screener. As a Stackelberg game, the screener commits to a randomized screening strategy, while the adversary is able to observe the screening strategy and select a best response. The complete specification of a TSG includes the following:

• Time windows: Screening problems feature a temporal dimension, as screenees do not arrive all at once, but rather over a period of time.
• Screenee categories: Screenees may have defining characteristics upon which their screening can be conditioned, e.g., risk-level and flight in DARMS.
• Adversary actions: The actions for the adversary consist of selecting a time window to go through screening, a screenee category to pose as during screening, and an attack method.
• Adversary types: There may be defining characteristics that an adversary cannot control, e.g., TSA-assigned risk level. Thus, there may be restrictions placed on the actions an adversary can select based on their defining characteristics.
• Resource types: The set of screening resources available to the screener. Examples are walk-through metal detectors, the Advanced Imaging Technology (AIT), x-ray machine, etc.
• Team types: Screenees must be screened by one or more resources types, e.g., walk through metal detector and x-ray machine. Each unique combination of resource types constitutes a screening team.Team type effectiveness: Team types vary in their ability to detect different attack methods.

Solution Algorithm

Using the above specification the problem essentially becomes an allocation problem which we can represent a matrix of screenee categories to screening teams used to screen that category like in the left figure below.

The boxes in both figures represent constraints on the usage of teams placed upon them by resources contained on that team. Our MGA algorithm aims to resolve constraint overlaps to create a structure similar to the right figure.

Publications

Matthew Brown, Arunesh Sinha, Aaron Schlenker. One Size Does Not Fit All: A Game-Theoretic Approach for Dynamically and Effectively Screening for Threat . In Proceedings of the Thirtieh AAAI Conference on Artificial Intelligence, February 2016.

Recent News

DARMS mentioned in senate hearings for appropriations for the TSA for 2017 fiscal year.

 Written Testimony of TSA administrator Peter Neffenger

Acknowledgements

This research was supported by the United States Department of Homeland Security (DHS) through the National Center for Risk and Economic Analysis of Terrorism Events (CREATE) at the University of Southern California (USC) under award numbers 2010-ST-061-RE0001 and Basic Ordering Agreement (BOA) HSHQDC-10-A-BOA19. Any opinions, findings, and conclusions or recommendations in this document are those of the authors and do not necessarily reflect views of the United States Department of Homeland Security, the University of Southern California, or CREATE.