Building cyber secure Railway Infrastructure

The European Union Agency for Cybersecurity (ENISA) delivers a joint report with the European Rail Information Sharing and Analysis Center (ISAC) to support the sectorial implementation of the NIS Directive.

The report released is designed to give guidance on building cybersecurity zones and conduits for a railway system.

The approach taken is based on the recently published CENELEC Technical Specification 50701 and is complemented with a guidance to help railway operators with the practical implementation of the zoning process.

The work gathers the experience of the European Rail ISAC and of their members such as European infrastructure managers and railway undertakings, which are Operators of Essential Services (OES) as defined in the Security of Network and Information Systems (NIS) directive and is designed to help them implement the cybersecurity measures needed in the zoning and conduits processes.

A number of requirements are set, such as:

- Identification of all assets and of basic process demands;
- Identification of global corporate risks;
- Performing zoning;
- Checking threats.

A risk assessment process is developed based on standards for the identification of assets and the system considered, and for the partitioning of zones and conduits. The report also addresses the cybersecurity requirements in terms of documentation and suggests a step-by-step approach to follow.

The report is released on the occasion of the General Assembly meeting of the European Rail ISAC which is taking place today.

The EU Agency for Cybersecurity engages closely with the European Rail Agency (ERA) to support the railway sector and is to host a joint event with ERA later this year.

Landmark IPCC report must be wake-up call for greater investment in disaster risk reduction

Following the release of the IPCC Working Group II Report on Impacts, Adaptation and Vulnerability, Mami Mizutori, Special Representative of the UN Secretary-General for Disaster Risk Reduction, issued the following statement:

The findings of the latest IPCC report are dire. Communities around the world are being affected by climate change at a magnitude worse than expected. The devastating impacts of climate disasters are affecting every part of the world.

As the UN Secretary-General António Guterres said today “The IPCC report is an atlas of human suffering and a damning indictment of failed climate leadership.”

Many of the changes are at risk of becoming irreversible. On our current trajectory, the world is set to breach the 1.5 °C safe global temperature limit by the early 2030s, spiralling to dangerous levels of disaster risk. Almost half the human population is already in the danger zone

It is incomprehensible that we knowingly continue to sow the seeds of our own destruction, despite the science and evidence that we are turning our only home into an uninhabitable hell for millions of people.

Based on current trends, a record increase in medium and large-scale disasters is expected with droughts doubling, and extreme temperature events almost tripling to 2030. Overall, disaster events have doubled in the last 20 years compared to the previous 20 years. If countries and governments do not manage it properly and respond to the climate emergency with urgency, there’s a very real chance that we’ll see them double again.

Yet the world also has an opportunity to meet these challenges. At the Global Platform for Disaster Risk Reduction in Bali, Indonesia this May, organised by the UN and hosted by Indonesia, leaders will gather to discuss how to accelerate action for reducing these risks.

The IPCC report points to many solutions on improving regional and local information, providing sound data and knowledge for decision makers. This does work. Countries have succeeded in saving many lives through improved early warning systems and preparedness.

But climate disasters will undoubtedly worsen. There are very low levels of investments in disaster prevention and disaster risk reduction for the world’s most vulnerable countries on the front lines of impacts. We need to ramp up investment in disaster prevention if we are to cope with the exponential rise of disaster events in recent decades.

A crucial recommendation in the report today is the need for climate-resilient development – inclusive governance that embeds finance and actions across governance levels, sectors and timeframes.

Furthermore, all countries are impacted by climate change, but not in the same way. The most vulnerable communities and nations are the hardest hit, and need greater support on climate finance to adaptation and to avert, minimize and address losses and damages. This means increasing financing for climate change adaptation from tens to hundreds of million dollars.

We need to ensure that regulations and funding take into account disaster risk and that climate risk in financial markets is disclosed. Governments need to make disaster resilience a priority through dedicated funding to prevention.

Information Technologies for Managing Federal Use

Radio-frequency spectrum is a scarce natural resource vital to many commercial and government activities, including weather observation, air traffic control, and national defense. NTIA and government agencies have a responsibility to manage their spectrum use wisely. To do so, agencies rely on different spectrum-related IT, but NTIA has recently highlighted that existing IT is out-of-date and hinders spectrum management.

Federal officials said modernization of spectrum-related federal IT could provide benefits such as greater sharing of the limited spectrum and improved efficiency. For example, the current process for assigning spectrum relies on manual reviews of frequency requests and manual input of data. Automation could reduce errors and speed the process.

The FY21 NDAA contains a provision for GAO to review the current spectrum-related IT of covered agencies. This report describes (1) the existing spectrum-related IT that covered agencies employ to manage their spectrum use, and (2) the opportunities covered agencies and NTIA identified for improving spectrum management through IT modernization. The FY21 NDAA also contains a provision for GAO to conduct oversight of the implementation of agencies' spectrum-related IT modernization plans. This topic will be the subject of future GAO work.

Federal agencies use a variety of information technologies (IT) to manage their use of radio-frequency spectrum. The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (FY21 NDAA) required the National Telecommunications and Information Administration (NTIA) and covered agencies to develop plans to modernize their spectrum-related IT (i.e., the software, databases, and other tools that comprise their spectrum infrastructure).

Currently, the NTIA provides agencies with some spectrum-related IT systems, such as software, databases, and engineering tools, so that they can participate in NTIA's spectrum management processes. These processes include assigning frequencies for agencies to use and certifying spectrum-dependent equipment. GAO found that all 20 agencies covered by the FY21 NDAA modernization requirement rely at least in part on NTIA-provided IT to manage their spectrum use. Additionally, most of these agencies—DOD and the Federal Aviation Administration, in particular—augment NTIA-provided IT with additional spectrum-related IT that meets their unique mission needs.

Many of the officials GAO interviewed broadly agreed that modernizing spectrum-related IT could provide opportunities to improve spectrum management, mostly related to the following: (1) improving current spectrum management processes by addressing some limitations in existing spectrum-related IT and (2) facilitating the potential for greater spectrum sharing (i.e., enabling more than one spectrum user to use the same frequency band without interfering with each another). As NTIA and the covered agencies advance their modernization efforts in 2022, it is not yet clear if their plans will target these opportunities.

 

Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance

Federal agencies with a lead role to assist and protect one or more of the nation's 16 critical infrastructures are referred to as sector risk management agencies (SRMAs). The SRMAs for three of the 16 have determined the extent of their sector's adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity (framework). In doing so, lead agencies took actions such as developing sector surveys and conducting technical assessments mapped to framework elements. SRMAs for four sectors have taken initial steps to determine adoption (see figure). However, lead agencies for nine sectors have not taken steps to determine framework adoption.

Status of Framework Adoption by Critical Infrastructure Sector

Regarding improvements resulting from sector-wide use, five of the 16 critical infrastructure sectors' SRMAs have identified or taken steps to identify sector-wide improvements from framework use, as GAO previously recommended. For example, the Environmental Protection Agency identified an approximately 32 percent overall increase in the use of framework-recommended cybersecurity controls among the 146 water utilities that requested and received voluntary technical assessments. In addition, SRMAs for the government facilities sector identified improvements in cybersecurity performance metrics and information standardization resulting from federal agencies' use of the framework. However, SRMAs for the remaining 11 sectors did not identify improvements and were not able to describe potential successes from their sectors' use of the framework.

SRMAs reported various challenges to determining framework adoption and identifying sector-wide improvements. For example, they noted limitations in knowledge and skills to implement the framework, the voluntary nature of the framework, other priorities that may take precedence over framework adoption, and the difficulty of developing precise measurements of improvement were challenges to measuring adoption and improvements. To help address challenges, NIST launched an information security measurement program in September 2020 and the Department of Homeland Security has an information network that enables sectors to share best practices. Implementing GAO's prior recommendations on framework adoption and improvements are key factors that can lead to sectors pursuing further protection against cybersecurity threats.

The U.S. has 16 critical infrastructure sectors that provide clean water, gas, banking, and other essential services. To help protect them, in 2014 the National Institute of Standards and Technology developed cybersecurity standards and procedures that organizations within these sectors may voluntarily use. Federal agencies are charged with leading efforts to improve sector security.

The GAO have found agencies have measured the adoption of these standards and procedures for 3 of 16 sectors and have identified improvements across 2 sectors. For example, the EPA found a 32% increase in the use of recommended cybersecurity controls at 146 water utilities.

FEMA Resources for Climate Resilience

As climate change increases disaster risks across the country, emergency managers and government officials are beginning to implement strategies to build community resilience. FEMA Resources for Climate Resilience provides a roadmap of Federal Emergency Management Agency (FEMA) programs and initiatives that advance community climate resilience. FEMA Resources for Climate Resilience assists FEMA’s state, local, tribal, and territorial (SLTT) partners in navigating the FEMA resources that are available to support communities in mitigating impacts of climate change.

Building resilience is a long-term, ongoing cycle that requires multiple steps to accomplish. Each section of the FEMA Resources for Climate Resilience corresponds with a step in that cycle and provides information about FEMA services, programs, and grants available to SLTT partners. Each SLTT partner has a unique experience with FEMA and has participated in different elements of the resilience cycle. SLTT partners with limited FEMA experience may choose to start from the beginning of FEMA Resources for Climate Resilience, while other SLTT partners may navigate directly to their program of choice.

Each section of FEMA Resources for Climate Resilience provides a brief description of the program, service, or grant, an overview of who can apply, examples of the FEMA programs in action, and helpful tools and resources for learning more about the program, service, or grant. In addition, where applicable, FEMA Resources for Climate Resilience also points out areas where equity can be prioritized. FEMA Resources for Climate Resilience explains how existing tools, such as the National Risk Index (Risk Index), can assist SLTT governments and their communities, right now, in making informed planning decisions including considerations of impacts from future weather conditions.

FEMA Resources for Climate Resilience also provides a quick glance at FEMA funding sources, such as the Building Resilient Infrastructure and Communities (BRIC) program, designed to support communities in building capability and capacity to mitigate the increasing impacts of climate change.

FEMA Resources for Climate Resilience is available to download at https://www.fema.gov/sites/default/files/documents/fema_resources-climate-resilience.pdf

DHS Issues National Terrorism Advisory System (NTAS) Bulletin

The Secretary of Homeland Security Alejandro N. Mayorkas has issued a National Terrorism Advisory System (NTAS) Bulletin regarding the continued heightened threat environment across the United States. This is the fifth NTAS Bulletin issued by the Department of Homeland Security since January 2021.

“DHS remains committed to proactively sharing timely information and intelligence about the evolving threat environment with the American public,” said Secretary Alejandro N. Mayorkas. “We also remain committed to working with our partners across every level of government and in the private sector to prevent all forms of terrorism and targeted violence, and to support law enforcement efforts to keep our communities safe. This NTAS Bulletin outlines the key factors that have increased the volatility, unpredictability, and complexity of the current threat environment, and highlights resources for individuals and communities to stay safe.”

The United States remains in a heightened threat environment fueled by several factors, including an online environment filled with false or misleading narratives and conspiracy theories, and other forms of mis- dis- and mal-information (MDM) introduced and/or amplified by foreign and domestic threat actors. These threat actors seek to exacerbate societal friction to sow discord and undermine public trust in government institutions to encourage unrest, which could potentially inspire acts of violence. Mass casualty attacks and other acts of targeted violence conducted by lone offenders and small groups acting in furtherance of ideological beliefs and/or personal grievances pose an ongoing threat to the nation.

While the conditions underlying the heightened threat landscape have not significantly changed over the last year, the convergence of the following factors has increased the volatility, unpredictability, and complexity of the threat environment: (1) the proliferation of false or misleading narratives, which sow discord or undermine public trust in U.S. government institutions; (2) continued calls for violence directed at U.S. critical infrastructure; soft targets and mass gatherings; faith-based institutions, such as churches, synagogues, and mosques; institutions of higher education; racial and religious minorities; government facilities and personnel, including law enforcement and the military; the media; and perceived ideological opponents; and (3) calls by foreign terrorist organizations for attacks on the United States based on recent events.

DHS and the Federal Bureau of Investigation (FBI) continue to share timely and actionable information and intelligence with the broadest audience possible. This includes sharing information and intelligence with our partners across every level of government and in the private sector. Under the Biden-Harris Administration, DHS is prioritizing combating all forms of terrorism and targeted violence, including through its efforts to support the first-ever National Strategy for Countering Domestic Terrorism. Since January 2021, DHS has taken several steps in this regard, including:

  • established a new domestic terrorism branch within DHS’s Office of Intelligence and Analysis dedicated to producing sound, timely intelligence needed to counter domestic terrorism-related threats;
  • launched the Center for Prevention Programs and Partnerships (CP3) to provide communities with resources and tools to help prevent individuals from radicalizing to violence;
  • designated domestic violent extremism as a “National Priority Area” within DHS’s Homeland Security Grant Program for the first time, resulting in at least $77 million being spent on preventing, preparing for, protecting against, and responding to related threats nationwide;
  • provided $180 million in funding to support target hardening and other physical security enhancements to non-profit organizations at high risk of terrorist attack through DHS’s Nonprofit Security Grant Program (NSGP);
  • increased efforts to identify and evaluate MDM, including false or misleading narratives and conspiracy theories spread on social media and other online platforms, that endorse violence; and,
  • enhanced collaboration with public and private sector partners – including U.S. critical infrastructure owners and operators – to better protect our cyber and physical infrastructure and increase the Nation’s cybersecurity through the Department’s Cybersecurity and Infrastructure Security Agency (CISA).

DHS also has renewed its commitment to ensure that all efforts to combat domestic violent extremism are conducted in ways consistent with privacy protections, civil rights and civil liberties, and all applicable laws.

This NTAS Bulletin will expire on June 7, 2022. This NTAS Bulletin provides the public with information about the threat landscape facing the United States, how to stay safe, and resources and tools to help prevent an individual’s radicalization to violence. The public should report any suspicious activity or threats of violence to local law enforcement, FBI Field Offices, or a local Fusion Center.

Germany Broadens Definition of ‘Critical Infrastructures’

The second amendment of the Ordinance on the Designation of Critical Infrastructures under the BSI Act entered into effect on January 1, 2022. Such amendment broadens the definition of “critical infrastructures,” which are of particular relevance for Germany’s foreign direct investment screening regime.

This amendment follows the latest update (the 17th amendment) to the Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung, AWV) which entered into effect on May 1, 2021. Such amendment materially expanded the catalogue of sectors of particular relevance to Germany’s order and security[1] and introduced more differentiated thresholds.

In addition, since May 28, 2021, a mandatory foreign direct investment (FDI) filing is triggered if the German target business develops or manufactures certain IT components which are used in critical infrastructures (so-called critical components).

The second amendment of the Ordinance on the Designation of Critical Infrastructures under the BSI Act (BSI-KritisV or Law) comprehensively revises the definitions and thresholds required to designate critical infrastructures (energy, water, nutrition, IT and telecommunication, health, finance and insurance, and transport and traffic). The following amendments of the Law will likely have the most significant impact on German FDI screening, further increasing the number of notifications to the German Ministry of Economics and Climate Action:

Definition of a “Facility”: The concept of a “facility” is generally an essential prerequisite for the assumption of a critical infrastructure under the BSI-KritisV. In addition to premises and other fixed installations, machinery, equipment, and other mobile installations, the updated “facility” definition now also explicitly includes software and IT services necessary for the provision of a critical service for the operation of a critical infrastructure. Relevant software and IT services do not need to be specially developed for the operation of critical infrastructures to fall in the scope of the updated “facility” definition. This may result in third-party IT and software service providers being designated as operators of a critical infrastructure.
Energy Sector: The thresholds for power plants to be considered a critical infrastructure were lowered from 420 megawatts to 104 megawatts. Further, the updated BSI-KritisV introduces new categories of facilities (trading systems and facilities relevant for the trade of gas or petroleum) and also lowers the existing threshold for trading systems and facilities relevant for the trade of electricity from 200 terawatt-hours to 3.7 terawatt-hours per year.
IT and Telecommunication Sector: The Law reduces the existing thresholds for internet exchange points (IXPs)—number of connected autonomous systems (annual average)—from 300 to 100, as well as the thresholds for computer centers/housing—contractually agreed installed power in megawatts—from 5 megawatts to 3.5 megawatts.
Health Sector: The Law introduces a new facility category, the so-called “laboratory information network”. A laboratory information network is a network of facilities or systems that provide IT services for diagnosis and therapy control in human medicine for at least one laboratory.
Finance and Insurance Sector: The Law introduces new facility categories related to the trading in securities and derivatives. These concern systems for generating orders for trading securities and derivatives and forwarding them to a trading venue exceeding 6,750,000 transactions per year; trading systems (as defined in Article 4 number 24 of Directive 2014/65/EU) exceeding 850,000 transactions per year; and other depository management systems exceeding 6,750,000 transactions per year.
Transport Sector: The Law introduces new facility categories—for instance, air and port traffic control centers, port information systems, and others.

The amendment of the Law will increase the number of businesses designated to be operators of a critical infrastructure. The Federal Ministry of Interior and Community estimated in this respect that the number of operators of critical infrastructures will increase from a total of approximately 1,600 to a total of approximately 1,870.

Operators of critical infrastructures are primarily subject to the obligations of the BSI-KritisV, in particular, notification of IT security breaches. In addition, the broadened definition of critical infrastructures may increase the number of mandatory notifiable transactions under the German FDI provisions. Foreign investors should therefore factor this into their diligence efforts when considering the acquisition of voting rights in German domiciled companies.

[Source: Morgan Lewis]

How is the Federal Government Approaching Climate Resilience?

Extreme weather events—like wildfires, hurricanes, and some winter storms—threaten the stability of critical infrastructure that we rely on every day. This includes systems like roads, electric grids, supply chains, as well as how this infrastructure is used for military operations. The projected impact of climate change on these critical infrastructures is a key source of federal fiscal exposure because of the size of the federal government’s investment and states’ increasing reliance on the federal government for disaster assistance.

This past year may go on record as one of the most active and costly years for extreme weather events. As of Oct. 8, there have been 18 such events, each with losses exceeding $1 billion, according to the National Centers for Environmental Information. Disaster costs are projected to increase as certain extreme weather events become more frequent and intense due to climate change—as observed and projected by the U.S. Global Change Research Program and the National Academies of Sciences, Engineering, and Medicine.

One way to reduce long-term risk to people and property from natural hazards is to enhance climate resilience. Enhancing climate resilience means taking actions to reduce potential future losses by planning and preparing for potential climate hazards, such as extreme rainfall, sea level rise, and drought. The Administration is taking some actions through various climate-related Executive Orders, and we are monitoring implementation of these emerging efforts.

As our climate continues to change, experts say this trend of larger, more costly weather events will also continue. Today’s WatchBlog post looks at some of our work on federal climate-resilience activities.

Climate-resilient public infrastructure

Every year, the federal government spends billions of dollars to maintain buildings, levees, and roads. This cost could grow as certain weather-related events that cause damage increase in frequency and intensity.

For instance, if roads are flooded from dangerous amounts of rainfall or hurricanes, routes used for emergency evacuations can become unsafe and require costly repairs. Road damage due to climate-related changes may even cost up to $20 billion annually by the end of the century, according to the 2018 Fourth National Climate Assessment.

Over the last decade, the Federal Highway Administration (FHWA), which is part of the Department of Transportation (DOT), has developed policies, provided technical assistance, and funded climate-resilience research as part of its efforts to address climate change's impacts on roadways.

In our September report we found that some states were planning, or already made, changes to their infrastructure using FHWA resources. For example, in Maryland authorities raised a bridge by two feet in anticipation of rising sea levels. While some improvements have been made, more can be done to enhance the climate resiliency of federally funded roads. We identified 10 options for DOT to consider. For example, DOT could provide information to states on best practices and how to include climate projections into road planning and design.

DOT agreed to consider our options when prioritizing climate-resilience actions.

Climate-resilient electricity grid

Severe weather is also expected to impact nearly every aspect of the electricity grid—including the generation, transmission, distribution, and demand for electricity. Extreme-weather events could cost billions—from power outages to infrastructure damage—and leave people without access to electricity.

In February 2021, dangerously cold weather spread into Texas causing increased demand for electricity, and about 4.5 million people lost power.

In August 2021, Hurricane Ida resulted in at least a million people, across three states, without electricity and left seven people dead.

How can we better protect the electricity grid?

Although private companies own much of the electricity grid, the federal government is a key player in promoting its resiliency. Since 2014 the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) have taken steps to improve grid resilience, such as partnering with utilities and collecting information on weather-related risks to grid operations. However, DOE still doesn’t have an overall strategy to guide its climate-resiliency efforts despite recognizing the risks. Additionally, FERC hasn’t identified or assessed weather-related risks to the grid.

In a March 2021 report, we recommended that DOE develop a department-wide strategy to enhance grid resilience, and FERC identify and asses risks to the grid and plan a response.

[Source: GAO]

Dstl trials autonomous maritime asset protection system (AMAPS)

Working with the Royal Navy, industry partners and the US Naval Undersea Warfare Centre, the Defence Science and Technology Laboratory (Dstl) conducted research to improve detection, tracking, classification and defeat capabilities against surface and subsurface threats to high value assets and critical infrastructure, using autonomous systems alongside traditional systems.

Dstl worked collaboratively with an industry consortium comprising QinetiQ, SeeByte, L3 Harris ASV and Thales, to develop a concept demonstrator based on open architectures and autonomous systems. This demonstrator was tested in a synthetic environment to ensure the viability of the concept before experimentation during a 2 week trial in Portland Harbour in October 2021 using Dstl’s containerised system and the Maritime Autonomy Surface Testbed vessel MAST-13.

Different levels of autonomy were evaluated, enabling a better assessment of the role that maritime autonomous systems can play in protecting vulnerable assets while also furthering understanding of the current maturity of the technology.

The trial successfully demonstrated end-to-end autonomy with the remote operation of a long range acoustic device and firing of a vessel arrestor system with the aim to stop a suspect craft.

Future trials will look to stress the system with the aim to assess robustness while completing interoperability tests with the US that were impacted by COVID-19.

Dstl Programme Manager, Alasdair Gilchrist MBE, commented:

The research showed the benefit of integrating multiple sensors, fixed and on uncrewed vessels (UXVs), into a common tactical picture to aid command decisions.

We have progressed maritime Artificial Intelligence/machine learning by developing apps that enable multiple UXVs to be command and controlled from a single operator to protect assets.

We have also developed algorithms to autonomously control and launch non-lethal effectors from uncrewed surface vessels (USVs) to deter aggressors and protect our valuable maritime assets.

TSA leaders share tips to get through airport security during the pandemic

There are a handful of actions that travelers can take in an effort to get through Transportation Security Administration (TSA) airport checkpoints during the pandemic in ways that may help reduce the likelihood of contracting COVID-19.

While security is TSA’s top priority, the health and safety of TSA employees and the traveling public is of utmost importance. TSA remains in close communication with medical professionals, the CDC, and various government agencies as we continue to carry out its security mission during the pandemic.

Here are a few suggestions that TSA Federal Security Directors want to share with travelers who are scheduled to fly during the pandemic.

  • John Bambury, TSA Federal Security Director for John F. Kennedy International Airport: “You’ve heard it a thousand times—wear a mask. I wear a mask every single day at the airport, which is one of the top recommendations from the CDC. If you’re flying, you should also consider carrying an extra mask so that if the elastic band snaps on your mask, you’ve got a spare one handy. Also, you may want to change into a fresh mask upon arrival at your destination. If you don’t have a mask, the TSA officer at the travel document checking podium will offer you one for free. When you get to the travel document podium, the TSA officer will ask you to remove your mask for just a few seconds to verify that your face matches the ID that you are presenting.”
  • Scott T. Johnson, TSA Federal Security Director for Washington Dulles International and Ronald Reagan Washington National Airports: “Consider enrolling in TSA PreCheck® because it gets you through the checkpoint conveniently and more quickly than a standard checkpoint lane, making it even more valuable in today’s travel climate. TSA PreCheck passengers spend less time waiting in line and keep their shoes, belts and jackets on during screening and electronics in their carry-ons, reducing overall contact during screening. Travelers in the program also are permitted to leave their 3-1-1 liquids bag in their carry-on bags.”
  • Gerardo Spero, TSA Federal Security Director for Philadelphia International Airport: “Know before you go. By that I mean that you need to know what is in your carry-on bag before you head to the airport to ensure that you have nothing prohibited with you. Prohibited items such as large liquids, knives, pepper spray, loose ammunition, and other prohibited items result in our need to open your carry-on bag and remove them. This keeps you in the checkpoint for an extra few minutes while one of our TSA officers opens your carry-on to search and eventually remove the item. We want to get you through the security checkpoint efficiently and quickly. Prohibited items slow you down.”
  • Thomas Carter, TSA Federal Security Director for Newark Liberty International Airport: “The CDC recommends washing your hands frequently. Consider washing your hands before and after completing the security screening process. If it is not possible to wash your hands, please use hand sanitizer. TSA has instituted a temporary exemption from the 3-1-1 rule, that permits travelers to carry up to one 12-ounce container of liquid hand sanitizer per passenger, in carry-on bags. You can also bring individual hand wipes or a large tub of hand wipes with you to help wipe down your hands and even handles of your carry-on bags.”
  • John C. Allen, TSA Federal Security Director for Yeager Airport: “Do your best to socially distance from others whenever possible. By that I mean, leave some extra space between the traveler in line ahead of you. Take that an extra step back. After you go through the checkpoint scanner, that’s another opportunity to take an extra step back while you wait for your carry-on items along the conveyor belt. Look around, see where you can wait for your carry-on items a little farther away from fellow passengers. Then take your belongings off to the side to put on your shoes, jacket and other items so that you’ve got some extra space of your own to recompose.”
  • Grant Goodlett, TSA Federal Security director for Baltimore/Washington International-Thurgood Marshall Airport: “If you haven’t traveled in a while, you will notice that TSA has installed acrylic shields in checkpoints in an effort to make the screening process safer for passengers and our workforce by reducing the potential of exposure to the coronavirus. Please don’t walk around these acrylic shields to interact with our TSA officers. The shields have small vents to allow for conversation, questions and answers to be shared.”

[Source: TSA]

1 2 3 5