QUESTIONS FOR 5/22-23 HEARINGS Draft MAY 15, 2003

Panel on "State of the System: Civil Aviation Security on September 11th"

2 PM, Thursday, May 22, 2003

Primary Questions for Panel:

Prior to September 11, 2001, what did the U.S. aviation security system know about
terrorist threats to civil aviation? How did the different elements of the system respond
to any such information in their possession?

What aviation security policies and procedures were in effect as of September 11, 2001 ?
How did these measures comply with relevant laws and regulations? What was known of
the effectiveness of this system, and how was this measured?

Questions for Panelists

Jane Garvey, former FAA Administrator

1. When you came to the FAA as administrator what was your assessment of the
Aviation Security System and its effectiveness? By what means and what criteria
did the agency measure effectiveness? What did you see as the security system's
biggest strengths and weaknesses?

2. When you received audit reports citing weakness in the security system or
recommendations for corrective action from the Inspector General, the GAO or
other sources, what was the process for responding to the warnings and
considering the recommendations? What criteria were used in determining
whether to implement specific suggestions?

3. How specifically did the FAA weigh security in relation to competing agendas
relative to its mission, including cost containment? What was the organizational
attitude in the FAA with respect to security vis-a-vis other priorities when you
arrived? What was your philosophy on this point and how was that implemented?

4. What was the process by which you received aviation security threat assessments
and alerts? From what agencies and internal personnel did you receive this
information and how did you receive it?

5. What exactly did you know about the nature and timing of terrorist threats, both
general and specific, prior to September 11, 2001? About threats from al Qaeda?
Threats from the individual hijackers? What actions did you take in response to
this information?

6. Where were you when the hijacking took place on September 11, when and how
were you notified, and what did you do? Were your actions and responses
 following the incident guided by any prepared protocol, or were your required to
respond spontaneously?

7. After September, 11, what steps did the FAA take to ascertain the facts about how
precisely the aviation security system functioned with respect to the hijackings?
What analytical, corrective and disciplinary actions were taken in response?

8. In a hijack situation, please explain your understanding of the division of

responsibilities between FAA and NORAD. What protocols or procedures
govern FAA's response to hijackings? Were those followed on September 11,
2001?

Kenneth Mead, DOT Inspector Genera

1. Over the past 17 years you have audited aviation security under the auspices of
the GAO and as DOT Inspector General. Please elaborate on the impact of
economic and other non-security pressures on policy setting and the quality of the
security system as of September 11, 2001? Do you believe that the aviation
system's governance problems were well known prior to September 11, 2001? If
so, why do you believe changes were not made to correct the problems? How
would you describe the Department of Transportation and the FAA's
responsiveness to security audits, alerts and recommendations?

2. What was the Department's formal process for addressing problems you raised
and for considering the corrective actions you recommended? Would they
provide you with updates and records of decision records or was it more
informal?

3. Prior to September 11, 2001, what performance indicators were employed by the
FAA and DOT IG to measure the effectiveness of the passenger screening system,
and what did they indicate about the quality of the systems in place at Dulles,
Logan and Newark airports, and at American and United airlines?

4. What consequences resulted from any failures to meet performance requirements?

In your judgment, were any such penalties effective in improving system
performance?

5. What procedures were in place on September 11, 2001 to insure compliance by

airports, airlines and contractors with FAA security policies and procedures?
How effective were these procedures?

6. In your view, did you make any recommendations as Inspector General that the
FAA did not implement or insufficiently implemented, that if adopted, would
likely have stopped the hijackings from occurring?
James May, Air Transport Association (airlines)

1. From the airline perspective, how would you characterize the pre-September 11,
2001 performance of the aviation security system in general and the baggage and
passenger screening system in particular? What methods did you use to evaluate
and improve this performance?

2. What did the airlines know about the terrorist threat to civil aviation in the 3-
month period leading up to 9/11? What specific steps did you take in response to
such threats?

3. How did economic factors affect the civil aviation security prior to September 11,
2001? How did the airlines balance economic and security interests within that
system?

4. Very specifically, what was the status of box cutters at each of the airport security
checkpoints that the hijackers passed through on September 11, 2001?

5. Published reports indicate that nine of the nineteen hijackers were selected for
special security scrutiny prior to boarding the hijacked flights: six by the
computer-assisted prescreening (CAPPS) system, two because of identification
document irregularities, and one because he was traveling with one of the latter
two. Are these reports accurate? Specifically, what triggered each selection? hi
each case, what was done as a result of the selection?

6. Please describe the roles of ATA and the individual airlines, as of September 11,
2001, with respect to aviation security rulemaking, policy development and
implementation.

Bogdan Dzakovic, FAA/TSA whistleblower

1. For most government employees, the decision to become a whistleblower is a

significant one. What made you reach that decision?

2. As an experienced field security inspector, Federal Air Marshal, and member of

the "Red Team," you have seen the effectiveness from varying viewpoints. How
would you describe the culture within FAA as to the importance of civil aviation
security vice other missions? What are the steps that you would take to make the
traveling public safer?
Panel on "September 11,2001: The Attacks and the Response"
9 AM, Friday, May 23, 2003

Primary Question for Panel:

What tactics and weapons did the 9/11 hijackers use to defeat the aviation security system
and procedures in place on September 11, 2001? What was the cause of the security
failure or failures on that date: flaws in the design of the procedures; in the transmittal
(including dissemination and training); in the implementation; some combination; or
some other factor or factors?

Questions for Panelists

Norman Mineta, Secretary of Transportation

1. When you became Secretary of Transportation what was your assessment of the
Aviation Security System and its effectiveness? By what means and what criteria
did the agency measure effectiveness? What did you see as the security system's
biggest strengths and weaknesses?

2. What exactly did you know about the nature and timing of terrorist threats, both
general and specific, prior to September 11, 2001? About threats from al Qaeda?
Threats from the individual hijackers? What actions did you take in response to
this information?

3. What weapons do you believe the 9/11 hijackers used, and how do you believe
the weapons got on board the aircraft? How did you arrive at these conclusions?

4. What information do we have of any other hijackings which were planned in

conjunction with the four 9/11 hijackings but which were not carried out? What
steps did you take to screen other flights on that day for potential hijackers?

5. In responding to the events of September 11, 2001, what policies and procedures
were in place to define and facilitate your role and that of your department in
relationship to the FAA and to other departments?

6. Where were you when the hijacking took place on September 11, when and how
were you notified, and what did you do? Were your actions and responses
following the incident guided by any prepared protocol, or were your required to
respond spontaneously?

MG Craig McKinley, NORAD

1. Officials from NORAD have repeatedly expressed that ~ prior to 9/11 -

NORAD's mission was to protect the U.S. from EXTERNAL threats.
["Until the morning of Sept. 11, 2001, NORAD's focus was almost exclusively fixed on threats
coming toward the Canadian and American borders, not terrorism in our domestic airspace."
(NORAD website, 5/13/03)]
 Why was NORAD exclusively focused on external threats? Prior to 9/11 was any
consideration given to the possibility that America could be attacked by a
domestic aircraft?

2. What was NORAD's written policy on 9/11 with respect to hijacked airliners?
What policies and procedures were in place to respond to such incidents? Please
explain NORAD's role vis-a-vis the FAA in responding to hijackings.

3. hi terms of response on the morning of 9/11, why were NORAD's assets limited
to 14 planes at 7 locations? Why couldn't NORAD task ANY military aircraft to
respond to the hijackings? For example, as I understand it General McKinley,
you wear two hats; you're both the Commander of NORAD's continental region
(CONAR) and you're the Commander of the First Air Force. Why couldn't your
predecessor on 9/11 — General Arnold ~ order any military plane under the
command of the First Air Force to respond to the hijackings?

4. When and how did NORAD first learn of the hijackings on 9/11 ? What
specifically was NORAD told? Please describe the chain of events and decisions
that took place after FAA's notification.

5. Published reports indicate that, on the morning of 9/11, the President authorized
the military to shoot down commercial flights that were suspected to be controlled
by terrorists. What is your understanding of the substance of the order? How was
it communicated down the chain of command? Did any of the pilots that were
scrambled receive the order?

6. Published reports indicate that there was a conference call that morning involving
NORAD, the FAA and other decision makers. When was the Air Threat
Conference Call initiated and by whom? Who participated in the call? What
decisions were made and what orders were given on the call?

LTG Mike Canavan (ret.), former Associate Administrator for Civil Aviation Security

1. Based on reports from the GAO and DOT Inspector General and the
recommendations from the Pam Ami03 and Gore Commissions, the FAA's
"reactive" culture and aviation security system had demonstrated weaknesses for
many years. After becoming the head of FAA's Civil Aviation Security, what
actions did you take to discern the effectiveness of the system prior to September
11, 2001? What were the metrics and methods used to determine the
effectiveness? How did you judge the usefulness of those techniques? What
actions did you take to strengthen the system? How were those initiatives
received by the FAA, DOT, industry, and Congress?

2. Over the summer leading up to September 11th, the "chatter" in the intelligence
community resulted in increased security posture throughout the US Government.
It is reported that a Nation Security Council Counterterrorism Security Group
 meeting in mid-June led to the FAA's issuance of a security directive to the
industry. In your view, what were the most significant threats to civil aviation as
of September 10, 2001? How did the system of aviation security governance and
information (intelligence) sharing with the industry affect the system's response
to the threat?

3. On September 10, 2001, how confident were you that the terrorist threat to US
civil aviation could be effectively countered? Were the security directives in
place on September 11th adequate?

4. Each air carrier can request exceptions/changes to the FAA's Air Carrier Standard
Security Program (ACSSP). What was the process to submit and approve/deny a
request for a modification? More specifically, as of September 11, 2001, what
was the status of "box cutters" as contraband/prohibited items (ACSSP, Appendix
I, Dangerous or Deadly Weapons Guidelines)? Was there or could there have
been a difference between the FAA's requirements under the ACSSP and a
carrier's passenger screening requirements? Could there have been differences
between carriers' passenger screening requirements so that "box cutters" were
contraband on one carrier and not on another? Would FAA have known or
approved the differences?

5. There was a FAA "Executive Summary" dated September 11, 2001, written for
the Administrator, FAA. In the second paragraph regarding American Airlines
Flight 11, the summary states:

".. .At approximately 9:18 a.m., it was reported that the two crew
members in the cockpit were stabbed. The flight then descended with
no communication from the flight crew members. The American
Airlines FAA Principal Security Inspector (PSI) was notified by
Suzanne Clark of the American Airlines Corporate Headquarters, that
an on board flight attendant contacted the American Airlines
Operations Center and informed that a passenger located in seat 10B
shot and killed a passenger in seat 9B at 9:20 a.m. The passenger
killed was Daniel Lewin, shot by passenger Satam Al Suqami. One
bullet was reported to have been fired...."

FAA subsequently stated that the reference to a gun onboard AAL Flight 11
was erroneous. What is your recollection of the issue? Would it surprise you,
given the effectiveness of the aviation security system on September 11th, that
in addition to box cutters, a gun could have been brought onboard?

6. In your opinion, was the introduction of weapons onto the four hijacked
flights a result of flaws in FAA regulations, air carrier security plans, screener
performance, some combination, or other factors? Given your experience in
terrorism/counterterrorism operations, would the deterrent factor of the
possibility of Federal Air Marshals aboard made a difference in the
 operational planning decisions to conduct or how to conduct the events of
September 11th?

7. Did your organization conduct an after action/lessons learned analysis of what

happened on September 11, 2001? What are your recommendations for the
improvement of civil aviation?

8. Prior to 9/11, did the FAA consider the possibility that a plane could be used
as a weapon? Was there ever a training exercise or publication that addressed
that scenario? If not, why not?
Panel on "Reforming Civil Aviation Security: Next Steps"
11 AM, Friday, May 23, 2003

Primary Question for Panel:

What has changed with respect to civil aviation security policies and procedures since
9/11/01? What further improvements are needed (including consideration of arming
commercial aviation and other pilots; "trusted traveler" and "trusted shipper" programs;
CAPPS II and other individual profiling systems; background checks on transportation
employees; missile defense for civilian aircraft; and regulation of flight schools)?

Questions for Panelists

Adm. James Lay, TSA Administrator

1. How do we currently measure success in the various components of the aviation

security system? How should we measure it? More specifically, what do we
currently know about the performance of the passenger and baggage screening
system?

2. What is the status, and your evaluation, of the following specific aviation security
laws or proposals:
a. Arming of commercial air pilots
b. Trusted Traveler program
c. CAPPS II
d. Biometric identification of passengers and airport employees
e. Flight school student screening

3. According to the Congressional Research Service, for FY2003 TSA has received
total appropriations of $5.18 billion, of which $4.52 billion, or 87 percent, has
been allocated for aviation security functions mandated by the Aviation and
Transportation Security Act (ATSA). Furthermore, $3 billion, or 58 percent of
the total, is being used for airport screening alone. In your view, does this
represent an optimal prioritization, both among all transportation modes and
within civil aviation security itself? If not, how should these priorities be re-
ordered?

4. What is the status of the Transportation Security Oversight Board established by

the Aviation and Transportation Security Act (ATSA)? Specifically, how is it
progressing in fulfilling its mandates to facilitate the coordination and sharing of
transportation-related intelligence information, and to develop a common
database in support of this effort?

5. What do you consider to be the most serious threats to civil aviation security
today? How should security, convenience and privacy concerns be balanced with
respect to these threats? What role do you think research and development efforts
will play in responding to these threats?
 6. Current law requires TSA to remain intact for two years but allows the agency to
be restructured after that time. What, if any, restructuring options are currently
being considered, and why? What restructuring options should be considered?

7. In April testimony to this Commission, Gerald Dillingham of the General

Accounting Office (GAO) identified five long-term institutional challenges facing
TSA and our national transportation security efforts:
a. Developing a comprehensive risk management approach
b. Ensuring that funding needs are identified and prioritized, and costs are
controlled
c. Establishing effective coordination among the many responsible public
and private entities
d. Ensuring adequate workforce competence and staffing levels
e. Implementing security standards for transportation facilities, workers and
security equipment.
What is your evaluation of the GAO analysis? What is TSA currently
doing to address each of these challenges? What more remains to be
done?

MG O.K. Steele (ret.), former Associate Administrator for Civil Aviation Security

1. As the first Associate Administrator for Civil Aviation Security, following the
President's Commission on Aviation Security and Terrorism (Pam Am 103
Commission), you were in a key advantage point to develop and execute the
implementation plan for civil aviation security issues. The Commission found
that the FAA was a "reactive" agency and the civil aviation security system
needed major reform. What is your assessment of the progress made during your
three year tenure? What were the major impediments to more progress?

2. During 1991, you established the "Red Team" and took steps to strengthen the
Federal Air Marshal Program. Why did you take those actions? What were
factors that impacted the scope and implementation of those initiatives? Did you
consider expanding the FAM program to cover domestic flights? If not, why?
What actions did you take to close the gap between "Red Team" findings and
FAA's normal testing program? Please share with the Commission your
understanding of the current status of the "Red Team" approach and the Air
Marshal Program.

3. The Pan Am 103 Commission recommended that the FAA's Intelligence Division
should be moved to the Department of Transportation. The Secretary did not
concur. What was your assessment of the intelligence sharing process to include
provision of information to the industry? What was the relationship with the
DOT's Office of Intelligence and Security? What process or risk management
system did you use to determine the security levels and measures required by the
industry? How were economic and cost factors used to determine requisite
 industry actions? How would you assess the current state of information-sharing
and threat assessment within the civil aviation security system?

4. Many of the Pan Am 103 Commission recommendations appear to have been still
relevant on September 11th and may still be today. What are your
recommendations to this Commission for the improvement of the civil aviation
security system of tomorrow?

Mary Schiavo, former DOT Inspector General

1. What do you believe are the most serious threats to aviation security in the future,
and how can we be proactive in identifying and addressing these threats to
prevent an incident, rather than responding after one occurs?

2. What changes do you believe must take place in government's approach, mindset
and culture with respect to civil aviation security in order to facilitate sustained
improvement in the system?

3. Given that there is no such thing as a perfect security system, and a certain
amount of risk is always present despite our best efforts, particularly in a free and
mobile society, how do we balance the imperative of effective security with the
public desire for efficiency, cost-effectiveness and reasonable levels of
convenience?

4. What can the public do to play its rightful role in helping keep our aviation
system secure?

10