Draft 9/11 Commission Questions For Aviation Security Hearings

QUESTIONS FOR 5/22-23 HEARINGS

Draft

MAY 15, 2003

Panel on "State of the System: Civil Aviation Security on September 11th" 2 PM, Thursday, May 22, 2003 Primary Questions for Panel: Prior to September 11, 2001, what did the U.S. aviation security system know about terrorist threats to civil aviation? How did the different elements of the system respond to any such information in their possession? What aviation security policies and procedures were in effect as of September 11, 2001 ? How did these measures comply with relevant laws and regulations? What was known of the effectiveness of this system, and how was this measured? Questions for Panelists Jane Garvey, former FAA Administrator 1. When you came to the FAA as administrator what was your assessment of the Aviation Security System and its effectiveness? By what means and what criteria did the agency measure effectiveness? What did you see as the security system's biggest strengths and weaknesses? 2. When you received audit reports citing weakness in the security system or recommendations for corrective action from the Inspector General, the GAO or other sources, what was the process for responding to the warnings and considering the recommendations? What criteria were used in determining whether to implement specific suggestions? 3. How specifically did the FAA weigh security in relation to competing agendas relative to its mission, including cost containment? What was the organizational attitude in the FAA with respect to security vis-a-vis other priorities when you arrived? What was your philosophy on this point and how was that implemented? 4. What was the process by which you received aviation security threat assessments and alerts? From what agencies and internal personnel did you receive this information and how did you receive it? 5. What exactly did you know about the nature and timing of terrorist threats, both general and specific, prior to September 11, 2001? About threats from al Qaeda? Threats from the individual hijackers? What actions did you take in response to this information? 6. Where were you when the hijacking took place on September 11, when and how were you notified, and what did you do? Were your actions and responses

following the incident guided by any prepared protocol, or were your required to respond spontaneously? 7. After September, 11, what steps did the FAA take to ascertain the facts about how precisely the aviation security system functioned with respect to the hijackings? What analytical, corrective and disciplinary actions were taken in response? 8. In a hijack situation, please explain your understanding of the division of responsibilities between FAA and NORAD. What protocols or procedures govern FAA's response to hijackings? Were those followed on September 11, 2001? Kenneth Mead, DOT Inspector Genera 1. Over the past 17 years you have audited aviation security under the auspices of the GAO and as DOT Inspector General. Please elaborate on the impact of economic and other non-security pressures on policy setting and the quality of the security system as of September 11, 2001? Do you believe that the aviation system's governance problems were well known prior to September 11, 2001? If so, why do you believe changes were not made to correct the problems? How would you describe the Department of Transportation and the FAA's responsiveness to security audits, alerts and recommendations? 2. What was the Department's formal process for addressing problems you raised and for considering the corrective actions you recommended? Would they provide you with updates and records of decision records or was it more informal? 3. Prior to September 11, 2001, what performance indicators were employed by the FAA and DOT IG to measure the effectiveness of the passenger screening system, and what did they indicate about the quality of the systems in place at Dulles, Logan and Newark airports, and at American and United airlines? 4. What consequences resulted from any failures to meet performance requirements? In your judgment, were any such penalties effective in improving system performance? 5. What procedures were in place on September 11, 2001 to insure compliance by airports, airlines and contractors with FAA security policies and procedures? How effective were these procedures? 6. In your view, did you make any recommendations as Inspector General that the FAA did not implement or insufficiently implemented, that if adopted, would likely have stopped the hijackings from occurring?

James May, Air Transport Association (airlines) 1. From the airline perspective, how would you characterize the pre-September 11, 2001 performance of the aviation security system in general and the baggage and passenger screening system in particular? What methods did you use to evaluate and improve this performance? 2. What did the airlines know about the terrorist threat to civil aviation in the 3month period leading up to 9/11? What specific steps did you take in response to such threats? 3. How did economic factors affect the civil aviation security prior to September 11, 2001? How did the airlines balance economic and security interests within that system? 4. Very specifically, what was the status of box cutters at each of the airport security checkpoints that the hijackers passed through on September 11, 2001? 5. Published reports indicate that nine of the nineteen hijackers were selected for special security scrutiny prior to boarding the hijacked flights: six by the computer-assisted prescreening (CAPPS) system, two because of identification document irregularities, and one because he was traveling with one of the latter two. Are these reports accurate? Specifically, what triggered each selection? hi each case, what was done as a result of the selection? 6. Please describe the roles of ATA and the individual airlines, as of September 11, 2001, with respect to aviation security rulemaking, policy development and implementation. Bogdan Dzakovic, FAA/TSA whistleblower 1. For most government employees, the decision to become a whistleblower is a significant one. What made you reach that decision? 2. As an experienced field security inspector, Federal Air Marshal, and member of the "Red Team," you have seen the effectiveness from varying viewpoints. How would you describe the culture within FAA as to the importance of civil aviation security vice other missions? What are the steps that you would take to make the traveling public safer?

Panel on "September 11,2001: The Attacks and the Response" 9 AM, Friday, May 23, 2003 Primary Question for Panel: What tactics and weapons did the 9/11 hijackers use to defeat the aviation security system and procedures in place on September 11, 2001? What was the cause of the security failure or failures on that date: flaws in the design of the procedures; in the transmittal (including dissemination and training); in the implementation; some combination; or some other factor or factors? Questions for Panelists Norman Mineta, Secretary of Transportation 1. When you became Secretary of Transportation what was your assessment of the Aviation Security System and its effectiveness? By what means and what criteria did the agency measure effectiveness? What did you see as the security system's biggest strengths and weaknesses? 2. What exactly did you know about the nature and timing of terrorist threats, both general and specific, prior to September 11, 2001? About threats from al Qaeda? Threats from the individual hijackers? What actions did you take in response to this information? 3. What weapons do you believe the 9/11 hijackers used, and how do you believe the weapons got on board the aircraft? How did you arrive at these conclusions? 4. What information do we have of any other hijackings which were planned in conjunction with the four 9/11 hijackings but which were not carried out? What steps did you take to screen other flights on that day for potential hijackers? 5. In responding to the events of September 11, 2001, what policies and procedures were in place to define and facilitate your role and that of your department in relationship to the FAA and to other departments? 6. Where were you when the hijacking took place on September 11, when and how were you notified, and what did you do? Were your actions and responses following the incident guided by any prepared protocol, or were your required to respond spontaneously? MG Craig McKinley, NORAD 1. Officials from NORAD have repeatedly expressed that ~ prior to 9/11 NORAD's mission was to protect the U.S. from EXTERNAL threats. ["Until the morning of Sept. 11, 2001, NORAD's focus was almost exclusively fixed on threats coming toward the Canadian and American borders, not terrorism in our domestic airspace." (NORAD website, 5/13/03)]

Why was NORAD exclusively focused on external threats? Prior to 9/11 was any consideration given to the possibility that America could be attacked by a domestic aircraft? 2. What was NORAD's written policy on 9/11 with respect to hijacked airliners? What policies and procedures were in place to respond to such incidents? Please explain NORAD's role vis-a-vis the FAA in responding to hijackings. 3. hi terms of response on the morning of 9/11, why were NORAD's assets limited to 14 planes at 7 locations? Why couldn't NORAD task ANY military aircraft to respond to the hijackings? For example, as I understand it General McKinley, you wear two hats; you're both the Commander of NORAD's continental region (CONAR) and you're the Commander of the First Air Force. Why couldn't your predecessor on 9/11 — General Arnold ~ order any military plane under the command of the First Air Force to respond to the hijackings? 4. When and how did NORAD first learn of the hijackings on 9/11 ? What specifically was NORAD told? Please describe the chain of events and decisions that took place after FAA's notification. 5. Published reports indicate that, on the morning of 9/11, the President authorized the military to shoot down commercial flights that were suspected to be controlled by terrorists. What is your understanding of the substance of the order? How was it communicated down the chain of command? Did any of the pilots that were scrambled receive the order? 6. Published reports indicate that there was a conference call that morning involving NORAD, the FAA and other decision makers. When was the Air Threat Conference Call initiated and by whom? Who participated in the call? What decisions were made and what orders were given on the call? LTG Mike Canavan (ret.), former Associate Administrator for Civil Aviation Security 1. Based on reports from the GAO and DOT Inspector General and the recommendations from the Pam Ami03 and Gore Commissions, the FAA's "reactive" culture and aviation security system had demonstrated weaknesses for many years. After becoming the head of FAA's Civil Aviation Security, what actions did you take to discern the effectiveness of the system prior to September 11, 2001? What were the metrics and methods used to determine the effectiveness? How did you judge the usefulness of those techniques? What actions did you take to strengthen the system? How were those initiatives received by the FAA, DOT, industry, and Congress? 2. Over the summer leading up to September 11th, the "chatter" in the intelligence community resulted in increased security posture throughout the US Government. It is reported that a Nation Security Council Counterterrorism Security Group

meeting in mid-June led to the FAA's issuance of a security directive to the industry. In your view, what were the most significant threats to civil aviation as of September 10, 2001? How did the system of aviation security governance and information (intelligence) sharing with the industry affect the system's response to the threat? 3. On September 10, 2001, how confident were you that the terrorist threat to US civil aviation could be effectively countered? Were the security directives in place on September 11th adequate? 4. Each air carrier can request exceptions/changes to the FAA's Air Carrier Standard Security Program (ACSSP). What was the process to submit and approve/deny a request for a modification? More specifically, as of September 11, 2001, what was the status of "box cutters" as contraband/prohibited items (ACSSP, Appendix I, Dangerous or Deadly Weapons Guidelines)? Was there or could there have been a difference between the FAA's requirements under the ACSSP and a carrier's passenger screening requirements? Could there have been differences between carriers' passenger screening requirements so that "box cutters" were contraband on one carrier and not on another? Would FAA have known or approved the differences? 5. There was a FAA "Executive Summary" dated September 11, 2001, written for the Administrator, FAA. In the second paragraph regarding American Airlines Flight 11, the summary states: ".. .At approximately 9:18 a.m., it was reported that the two crew members in the cockpit were stabbed. The flight then descended with no communication from the flight crew members. The American Airlines FAA Principal Security Inspector (PSI) was notified by Suzanne Clark of the American Airlines Corporate Headquarters, that an on board flight attendant contacted the American Airlines Operations Center and informed that a passenger located in seat 10B shot and killed a passenger in seat 9B at 9:20 a.m. The passenger killed was Daniel Lewin, shot by passenger Satam Al Suqami. One bullet was reported to have been fired...." FAA subsequently stated that the reference to a gun onboard AAL Flight 11 was erroneous. What is your recollection of the issue? Would it surprise you, given the effectiveness of the aviation security system on September 11th, that in addition to box cutters, a gun could have been brought onboard? 6. In your opinion, was the introduction of weapons onto the four hijacked flights a result of flaws in FAA regulations, air carrier security plans, screener performance, some combination, or other factors? Given your experience in terrorism/counterterrorism operations, would the deterrent factor of the possibility of Federal Air Marshals aboard made a difference in the

operational planning decisions to conduct or how to conduct the events of September 11th? 7. Did your organization conduct an after action/lessons learned analysis of what happened on September 11, 2001? What are your recommendations for the improvement of civil aviation? 8. Prior to 9/11, did the FAA consider the possibility that a plane could be used as a weapon? Was there ever a training exercise or publication that addressed that scenario? If not, why not?

Panel on "Reforming Civil Aviation Security: Next Steps" 11 AM, Friday, May 23, 2003 Primary Question for Panel: What has changed with respect to civil aviation security policies and procedures since 9/11/01? What further improvements are needed (including consideration of arming commercial aviation and other pilots; "trusted traveler" and "trusted shipper" programs; CAPPS II and other individual profiling systems; background checks on transportation employees; missile defense for civilian aircraft; and regulation of flight schools)? Questions for Panelists Adm. James Lay, TSA Administrator 1. How do we currently measure success in the various components of the aviation security system? How should we measure it? More specifically, what do we currently know about the performance of the passenger and baggage screening system? 2. What is the status, and your evaluation, of the following specific aviation security laws or proposals: a. Arming of commercial air pilots b. Trusted Traveler program c. CAPPS II d. Biometric identification of passengers and airport employees e. Flight school student screening 3. According to the Congressional Research Service, for FY2003 TSA has received total appropriations of $5.18 billion, of which $4.52 billion, or 87 percent, has been allocated for aviation security functions mandated by the Aviation and Transportation Security Act (ATSA). Furthermore, $3 billion, or 58 percent of the total, is being used for airport screening alone. In your view, does this represent an optimal prioritization, both among all transportation modes and within civil aviation security itself? If not, how should these priorities be reordered? 4. What is the status of the Transportation Security Oversight Board established by the Aviation and Transportation Security Act (ATSA)? Specifically, how is it progressing in fulfilling its mandates to facilitate the coordination and sharing of transportation-related intelligence information, and to develop a common database in support of this effort? 5. What do you consider to be the most serious threats to civil aviation security today? How should security, convenience and privacy concerns be balanced with respect to these threats? What role do you think research and development efforts will play in responding to these threats?

6. Current law requires TSA to remain intact for two years but allows the agency to be restructured after that time. What, if any, restructuring options are currently being considered, and why? What restructuring options should be considered? 7. In April testimony to this Commission, Gerald Dillingham of the General Accounting Office (GAO) identified five long-term institutional challenges facing TSA and our national transportation security efforts: a. Developing a comprehensive risk management approach b. Ensuring that funding needs are identified and prioritized, and costs are controlled c. Establishing effective coordination among the many responsible public and private entities d. Ensuring adequate workforce competence and staffing levels e. Implementing security standards for transportation facilities, workers and security equipment. What is your evaluation of the GAO analysis? What is TSA currently doing to address each of these challenges? What more remains to be done? MG O.K. Steele (ret.), former Associate Administrator for Civil Aviation Security 1. As the first Associate Administrator for Civil Aviation Security, following the President's Commission on Aviation Security and Terrorism (Pam Am 103 Commission), you were in a key advantage point to develop and execute the implementation plan for civil aviation security issues. The Commission found that the FAA was a "reactive" agency and the civil aviation security system needed major reform. What is your assessment of the progress made during your three year tenure? What were the major impediments to more progress? 2. During 1991, you established the "Red Team" and took steps to strengthen the Federal Air Marshal Program. Why did you take those actions? What were factors that impacted the scope and implementation of those initiatives? Did you consider expanding the FAM program to cover domestic flights? If not, why? What actions did you take to close the gap between "Red Team" findings and FAA's normal testing program? Please share with the Commission your understanding of the current status of the "Red Team" approach and the Air Marshal Program. 3. The Pan Am 103 Commission recommended that the FAA's Intelligence Division should be moved to the Department of Transportation. The Secretary did not concur. What was your assessment of the intelligence sharing process to include provision of information to the industry? What was the relationship with the DOT's Office of Intelligence and Security? What process or risk management system did you use to determine the security levels and measures required by the industry? How were economic and cost factors used to determine requisite

industry actions? How would you assess the current state of information-sharing and threat assessment within the civil aviation security system? 4. Many of the Pan Am 103 Commission recommendations appear to have been still relevant on September 11th and may still be today. What are your recommendations to this Commission for the improvement of the civil aviation security system of tomorrow? Mary Schiavo, former DOT Inspector General 1. What do you believe are the most serious threats to aviation security in the future, and how can we be proactive in identifying and addressing these threats to prevent an incident, rather than responding after one occurs? 2. What changes do you believe must take place in government's approach, mindset and culture with respect to civil aviation security in order to facilitate sustained improvement in the system? 3. Given that there is no such thing as a perfect security system, and a certain amount of risk is always present despite our best efforts, particularly in a free and mobile society, how do we balance the imperative of effective security with the public desire for efficiency, cost-effectiveness and reasonable levels of convenience? 4. What can the public do to play its rightful role in helping keep our aviation system secure?

10