Aviation Security
Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened Gao ID: GAO-07-729 May 11, 2007The Transportation Security Administration's (TSA) efforts to evaluate the security of foreign airports and air carriers that service the United States are of great importance, particularly considering that flights bound for the United States from foreign countries continue to be targets of coordinated terrorist activity, as demonstrated by the alleged August 2006 liquid explosives terrorist plot. For this review, GAO evaluated the results of foreign airport and air carrier evaluations; actions taken and assistance provided by TSA when security deficiencies were identified; TSA's oversight of its foreign airport and air carrier evaluation programs; and TSA's efforts to address challenges in conducting foreign airport and air carrier evaluations. To conduct this work, GAO reviewed foreign airport and air carrier evaluation results and interviewed TSA officials, foreign aviation security officials, and air carrier representatives.
Of the 128 foreign airports that TSA assessed during fiscal year 2005, TSA found that about 36 percent complied with all applicable security standards, while about 64 percent did not comply with at least one standard. The security deficiencies identified by TSA at two foreign airports were such that the Secretary of Homeland Security notified the public that the overall security at these airports was ineffective. Of the 529 overseas air carrier inspections conducted during fiscal year 2005, for about 71 percent, TSA did not identify any security violations, and for about 29 percent, TSA identified at least one security violation. TSA took enforcement action--warning letters, correction letters, or monetary fines--for about 18 percent of the air carrier security violations. TSA addressed most of the remaining 82 percent of security violations through on-site consultation. TSA assisted foreign officials and air carrier representatives in addressing identified deficiencies through on-site consultation, recommendations for security improvements, and referrals for training and technical assistance. However, TSA's oversight of the foreign airport assessment and air carrier inspection programs could be strengthened. For example, TSA did not have adequate controls in place to track whether scheduled assessments and inspections were actually conducted, deferred, or canceled. TSA also did not always document foreign officials' progress in addressing security deficiencies identified by TSA. Further, TSA did not always track what enforcement actions were taken against air carriers with identified security deficiencies. TSA also did not have outcome-based performance measures to assess the impact of its assessment and inspection programs on the security of U.S.-bound flights. Without such controls, TSA may not have reasonable assurance that the foreign airport assessment and air carrier inspection programs are operating as intended. TSA is taking action to address challenges that have limited its ability to conduct foreign airport assessments and air carrier inspections, including a lack of available inspectors, concerns regarding the resource burden placed on host governments as a result of frequent airport visits by TSA and others, and host government concerns regarding sovereignty. In October 2006, TSA began implementing a risk-based approach to scheduling foreign airport assessments, which should allow TSA to focus its limited inspector resources on higher-risk airports. TSA is also exploring opportunities to conduct joint airport assessments with the European Commission and use the results of airport assessments conducted by the European Commission to potentially adjust the frequency of TSA airport visits.
GAO-07-729, Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened
This is the accessible text file for GAO report number GAO-07-729
entitled 'Aviation Security: Foreign Airport Assessments and Air
Carrier Inspections Help Enhance Security, but Oversight of These
Efforts Can Be Strengthened' which was released on May 11, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
United States Government Accountability Office:
GAO:
May 2007:
Aviation Security:
Foreign Airport Assessments and Air Carrier Inspections Help Enhance
Security, but Oversight of These Efforts Can Be Strengthened:
GAO-07-729:
GAO Highlights:
Highlights of GAO-07-729, a report to congressional requesters
Why GAO Did This Study:
The Transportation Security Administration‘s (TSA) efforts to evaluate
the security of foreign airports and air carriers that service the
United States are of great importance, particularly considering that
flights bound for the United States from foreign countries continue to
be targets of coordinated terrorist activity, as demonstrated by the
alleged August 2006 liquid explosives terrorist plot.
For this review, GAO evaluated the results of foreign airport and air
carrier evaluations; actions taken and assistance provided by TSA when
security deficiencies were identified; TSA‘s oversight of its foreign
airport and air carrier evaluation programs; and TSA‘s efforts to
address challenges in conducting foreign airport and air carrier
evaluations. To conduct this work, GAO reviewed foreign airport and air
carrier evaluation results and interviewed TSA officials, foreign
aviation security officials, and air carrier representatives.
What GAO Found:
Of the 128 foreign airports that TSA assessed during fiscal year 2005,
TSA found that about 36 percent complied with all applicable security
standards, while about 64 percent did not comply with at least one
standard. The security deficiencies identified by TSA at two foreign
airports were such that the Secretary of Homeland Security notified the
public that the overall security at these airports was ineffective. Of
the 529 overseas air carrier inspections conducted during fiscal year
2005, for about 71 percent, TSA did not identify any security
violations, and for about 29 percent, TSA identified at least one
security violation. TSA took enforcement action”warning letters,
correction letters, or monetary fines”for about 18 percent of the air
carrier security violations. TSA addressed most of the remaining 82
percent of security violations through on-site consultation.
TSA assisted foreign officials and air carrier representatives in
addressing identified deficiencies through on-site consultation,
recommendations for security improvements, and referrals for training
and technical assistance. However, TSA‘s oversight of the foreign
airport assessment and air carrier inspection programs could be
strengthened. For example, TSA did not have adequate controls in place
to track whether scheduled assessments and inspections were actually
conducted, deferred, or canceled. TSA also did not always document
foreign officials‘ progress in addressing security deficiencies
identified by TSA. Further, TSA did not always track what enforcement
actions were taken against air carriers with identified security
deficiencies. TSA also did not have outcome-based performance measures
to assess the impact of its assessment and inspection programs on the
security of U.S.-bound flights. Without such controls, TSA may not have
reasonable assurance that the foreign airport assessment and air
carrier inspection programs are operating as intended.
TSA is taking action to address challenges that have limited its
ability to conduct foreign airport assessments and air carrier
inspections, including a lack of available inspectors, concerns
regarding the resource burden placed on host governments as a result of
frequent airport visits by TSA and others, and host government concerns
regarding sovereignty. In October 2006, TSA began implementing a risk-
based approach to scheduling foreign airport assessments, which should
allow TSA to focus its limited inspector resources on higher-risk
airports. TSA is also exploring opportunities to conduct joint airport
assessments with the European Commission and use the results of airport
assessments conducted by the European Commission to potentially adjust
the frequency of TSA airport visits.
What GAO Recommends:
In an April 2007 report that contained sensitive information, GAO
recommended, and the Department of Homeland Security agreed, that TSA
develop controls for tracking and documenting information and establish
outcome-based performance measures to strengthen oversight of its
foreign airport and air carrier evaluation programs.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-729].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Cathleen Berrick at (202)
512-3404 or berrickc@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
TSA Found That Some Foreign Airports and Air Carriers Complied with All
Aviation Security Standards, and When Deemed Necessary, DHS and TSA
Took Enforcement Action on Those That Did Not:
TSA Assisted Foreign Officials and Air Carrier Representatives in
Addressing Security Deficiencies, but Can Strengthen Oversight of the
Foreign Airport Assessment and Air Carrier Inspection Programs:
TSA Is Taking Action to Address Some Challenges That Have Limited Its
Ability to Conduct Foreign Airport Assessments and Air Carrier
Inspections:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope, and Methodology:
Results of Fiscal Year 2005 Foreign Airport Assessments and Air Carrier
Inspections and Actions Taken by TSA in Response to Noncompliance:
Assistance Provided by TSA to Address Security Deficiencies and
Oversight of Airport Assessment and Air Carrier Inspection Efforts:
Challenges That Affected TSA's Ability to Conduct Foreign Airport
Assessments and Air Carrier Inspections and Actions Taken to Address
those Challenges:
Appendix II: International Civil Aviation Organization Standards and
Recommended Practices Used by TSA to Conduct Fiscal Year 2005 Foreign
Airport Assessments:
Appendix III: TSA Security Requirements for U.S.-Based and Foreign
Carriers Operating Out of Foreign Airports:
Appendix IV: U.S. Government Aviation Security Training and Technical
Assistance Programs for Foreign Entities:
Department of State: Anti-Terrorism Assistance Program:
U.S. Trade and Development Agency:
Department of Transportation--Safe Skies for Africa Program:
Department of State--Bureau of International Narcotics and Law
Enforcement Affairs--Organization of American States Inter-American
Committee against Terrorism:
Department of State--Western Hemisphere Affairs--Organization of
American States--Inter-American Committee against Terrorism:
Department of Justice-International Criminal Investigative Training and
Assistance Program:
Appendix V: Comments from the Department of Homeland Security:
Appendix VI: GAO Contacts and Staff Acknowledgments:
Related Products:
Tables:
Table 1: Positions That Play a Key Role in TSA's Foreign Airport and
Air Carrier Inspection Programs:
Table 2: Comparison of the Severity of Security Deficiencies and
Corrective Action Taken at One Secretarial Action Airport and One Non-
Secretarial Action Airport:
Table 3: Budgeted and Available International Inspectors by IFO, by
Month for Fiscal Year 2005:
Table 4: Budgeted Number of Inspectors, Total Scheduled Foreign Airport
Visits, and Average Number of Scheduled Foreign Airport Visits per
Inspector, by IFO, for Fiscal Year 2005:
Table 5: Description and Status of TSA-European Commission Aviation
Security Working Groups:
Table 6: Elements of the Aircraft Operator Standard Security Program
Applicable to International Operations:
Table 7: Elements of the Foreign Air Carrier Model Security Program
Applicable to International Operations:
Figures:
Figure 1: Airport Assessment Activities:
Figure 2: Process for Taking Secretarial Action against a Foreign
Airport:
Figure 3: Air Carrier Inspection Process:
Abbreviations:
AEA: Association of European Airlines:
AOSSP: Aircraft Operator Standard Security Program:
APEC: Asia-Pacific Economic Conference:
ATA: Anti-Terrorism Assistance:
CICTE: Inter-American Committee against Terrorism:
DHS: Department of Homeland Security:
DOJ: Department of Justice:
DOT: Department of Transportation:
ECAC: European Civil Aviation Conference:
FAA: Federal Aviation Administration:
FAARS: Foreign Airport Assessment Reporting System:
FSD: Federal Security Director:
GPRA: Government Performance and Results Act:
IATA: International Air Transport Association:
ICAO: International Civil Aviation Organization:
ICE: Immigration and Customs Enforcement:
ICITAP: International Criminal Investigative Training Assistance
Program:
IFO: international field office:
INL: Bureau of International Narcotics and Law Enforcement Affairs:
IPSI: International Principal Security Inspector:
OAS: Organization of American States:
PARIS: Performance and Results Information System:
PART: Performance Assessment Rating Tool:
PSI: Principal Security Inspector:
SOP: standard operating procedures:
TSA: Transportation Security Administration:
TSAR: Transportation Security Administration Representative:
USAID: United States Agency for International Development:
USTDA: United States Trade and Development Agency:
United States Government Accountability Office:
Washington, DC 20548:
May 11, 2007:
The Honorable John L. Mica:
Ranking Republican Member:
Committee on Transportation and Infrastructure:
House of Representatives:
The Honorable Daniel E. Lungren:
Ranking Member:
Subcommittee on Transportation Security and Infrastructure Protection:
Committee on Homeland Security:
House of Representatives:
Flights bound for the United States from foreign countries continue to
be targets of coordinated terrorist activity, as demonstrated in August
2006 when British officials uncovered an alleged terrorist plot to
detonate liquid explosives onboard multiple aircraft departing from the
United Kingdom for the United States. Similar terrorist activity was
uncovered in December 2003 when U.S. intelligence officials identified
terrorists' intent on carrying out attacks on U.S.-bound flights
originating from foreign airports. Such conditions highlight the
continued need for the United States to coordinate efforts with foreign
governments to help ensure the security of U.S.-bound flights. Given
that there were more than 650,000 flights to the United States from
foreign locations during calendar year 2005, the security of foreign
airports and air carriers that service the United States is integral to
the security of U.S. commercial aviation.
The Transportation Security Administration (TSA), the federal agency
with primary responsibility for securing the nation's civil aviation
system,[Footnote 1] has several efforts under way with other nations to
help ensure the security of U.S.-bound flights. For example, TSA,
through its foreign airport assessment program, determines whether
foreign airports that provide service to the United States are
maintaining and carrying out effective security measures. Additionally,
TSA, through its air carrier inspection program, determines whether air
carriers, U.S.-based or foreign, that service the United States are
complying with applicable security requirements. According to TSA
officials, the foreign airport assessment and air carrier inspection
programs enable TSA to inform the public about foreign airports that do
not maintain and carry out effective security measures so that the
public can make informed decisions when planning their travel.
TSA assesses the effectiveness of security measures at foreign airports
using the aviation security standards and recommended practices adopted
by the International Civil Aviation Organization (ICAO).[Footnote 2]
ICAO standards and recommended practices address operational issues at
an airport, such as ensuring that passengers and baggage are properly
screened and that unauthorized individuals do not have access to
restricted areas of an airport. ICAO standards also address
nonoperational issues, such as ensuring that a foreign government has
implemented a national civil aviation security program for regulating
security procedures at its airports and ensuring that airport officials
implementing security controls go through background investigations,
are appropriately trained, and are certified according to a foreign
government's national civil aviation security program. Member states
have agreed to comply with ICAO standards, and are strongly encouraged
to comply with ICAO recommended practices. While TSA is authorized
under U.S. law to conduct foreign airport assessments at intervals it
considers necessary, TSA may not perform an assessment of security
measures at a foreign airport without permission from the host
government. TSA also conducts security inspections of foreign and U.S.-
based air carriers with service to the United States from foreign
countries to ensure compliance with applicable security requirements,
including those set forth in the air carriers' TSA-approved security
programs.[Footnote 3] As of October 2006, there were a total of 924 air
carrier stations located in 268 airports around the world that service
the United States and that TSA may seek to inspect.[Footnote 4]
Considering the high volume of flights arriving in the United States
from foreign locations and the history of terrorist threats against
commercial aviation, TSA's foreign airport assessment and air carrier
inspection programs are important elements in ensuring the security of
inbound flights. Given the vulnerability of U.S.-bound flights to acts
of terrorism, this report addresses the following questions: (1) What
were the results of TSA's fiscal year 2005 foreign airport assessments
and air carrier inspections, and what actions were taken, if any, when
TSA identified that foreign airports and air carriers were not
complying with security standards? (2) How, if at all, did TSA assist
foreign countries and air carriers in addressing any deficiencies
identified during foreign airport assessments and air carrier
inspections, and to what extent did TSA provide oversight of its
assessment and inspection efforts? (3) What challenges, if any,
affected TSA's ability to conduct foreign airport assessments and air
carrier inspections, and what actions have TSA and others taken to
address these challenges? In April 2007, we issued a report that
contained sensitive security information regarding TSA's foreign
airport assessments and air carrier inspections. This report provides
the results of our April 2007 report with the sensitive security
information removed.
To address these objectives, we obtained and reviewed TSA guidance for
conducting and reporting the results of foreign airport assessments and
air carrier inspections. We also obtained and analyzed the results of
128 foreign airport assessments and 529 air carrier inspections
conducted by TSA during fiscal year 2005 to determine the extent to
which foreign airports and air carriers operating overseas complied
with aviation security standards.[Footnote 5] We assessed the
reliability of TSA's air carrier inspection data for fiscal year 2005
and concluded that the data were sufficiently reliable for the purposes
of our review. We also interviewed TSA's Office of Security Operations
and its Transportation Sector Network Management officials, both in
headquarters and the field,[Footnote 6] who are responsible for
planning, coordinating, overseeing, and carrying out foreign airport
assessments and air carrier inspections, to obtain information on TSA's
efforts to help foreign officials address airport security deficiencies
and TSA's efforts to overcome challenges identified by TSA officials in
conducting foreign airport assessments and air carrier inspections.
Additionally, we visited three European, three Asian, and one other
North American country where we met with host government aviation
security officials, air carrier representatives, airport officials,
aviation industry representatives, and TSA officials to obtain their
perspectives on TSA's foreign airport assessment and air carrier
inspection programs. We also accompanied TSA officials during an
airport assessment and air carrier inspection at an airport in the
Caribbean. In addition, we interviewed 16 foreign aviation security
officials stationed in their countries' embassies in Washington, D.C.,
to obtain their perspectives on TSA's foreign airport assessment and
air carrier inspection programs. However, information obtained from our
interviews with host government and aviation industry representatives
cannot be generalized beyond those contacted because we did not use a
probability sampling method to select these officials for interviews.
We also conducted phone interviews with four Federal Security Directors
(FSD)[Footnote 7] and seven TSA aviation security inspectors based in
U.S. airports to discuss their involvement in foreign airport
assessments and air carrier inspections. Information from these
interviews cannot be generalized to all FSDs in U.S. airports or to
domestic inspectors who support foreign airport assessments and air
carrier inspections because we did not use a probability sampling
method to select these officials for interviews. We also met with
officials from ICAO, the Asia-Pacific Economic Conference (APEC), the
Association of European Airlines (AEA), the European Commission, the
European Civil Aviation Conference (ECAC), and the International Air
Transport Association (IATA) regarding their perspectives on TSA's
foreign airport assessment and air carrier inspection programs and the
process and standards they use, if any, to conduct their own airport
assessments.[Footnote 8] Additionally, we interviewed officials from
the Department of State, Department of Justice, Department of
Transportation, and the U.S. Trade and Development Agency to learn
about the aviation security training and technical assistance they
provide to foreign governments.
We conducted our work from October 2005 through March 2007 in
accordance with generally accepted government auditing standards. More
details about the scope and methodology of our work are contained in
appendix I.
Results in Brief:
Based on the results of TSA's fiscal year 2005 foreign airport
assessments and air carrier inspections, some foreign airports and air
carriers complied with all relevant aviation security standards, while
others did not, and when deemed necessary, the Secretary of Homeland
Security and TSA took enforcement action against those that were not in
compliance. Of the 128 foreign airports with air carriers that provide
service to the United States and that TSA assessed during fiscal year
2005, TSA found that at the completion of the assessment, 46 (about 36
percent) complied with all ICAO standards and recommended practices,
whereas 82 (about 64 percent) did not meet at least one ICAO standard
or recommended practice. The most common area of noncompliance for
foreign airports was related to quality control--mechanisms to assess
and address security vulnerabilities at airports. For example, one
airport did not meet quality control standards because it did not have
a mechanism in place to ensure that airport officials implementing
security controls were appropriately trained and able to effectively
perform their duties. According to TSA, access control measures and
passenger and checked baggage screening are critical elements of
effective security at foreign airports because these measures are
intended to prevent terrorists from carrying dangerous items, such as
weapons and explosives, onto aircraft. However, even if a foreign
airport does not meet multiple aviation security standards, including
critical standards, TSA may determine that such deficiencies do not
warrant review by the Secretary of Homeland Security.[Footnote 9]
Nonetheless, if TSA determines that secretarial action may be warranted
and the Secretary of Homeland Security, based on TSA's assessment,
determines that a foreign airport does not maintain and carry out
effective security measures, then he or she must take action. These
actions may include issuing a letter to foreign government officials
stating that they have 90 days to improve security measures to meet
ICAO standards or notifying the public that a foreign airport does not
maintain and carry out effective security measures. For example, during
fiscal year 2005, the Secretary of Homeland Security determined that 2
of the 128 foreign airports that TSA assessed were not maintaining and
carrying out effective security measures. In response, DHS notified the
general public of these determinations by the Secretary. During fiscal
year 2005, of the 529 inspections of air carriers operating out of
foreign airports, there were 373 inspections (about 71 percent) for
which TSA did not identify any security violations and 156 inspections
(about 29 percent) for which TSA found that the air carrier did not
comply with at least one TSA security requirement. There were a total
of 419 instances of noncompliance identified during these 156
inspections.[Footnote 10] In some cases, the security deficiencies
identified during these inspections were corrected or addressed
immediately. When security deficiencies were not resolved immediately,
TSA inspectors, at times, recommended enforcement action. Enforcement
action included issuing letters of warning or correction to air
carriers or imposing civil penalties--monetary fines--on air carriers.
Of the 419 security violations identified during fiscal year 2005 air
carrier inspections, 259 (about 62 percent) were corrected or addressed
immediately, and 76 (about 18 percent) were recommended for enforcement
action. TSA could not readily identify the enforcement actions that
were taken for the remaining 84 (20 percent) security violations.
Enforcement actions taken by TSA as a result of fiscal year 2005 air
carrier inspections consisted of 26 enforcement actions and 14 letters
of correction.[Footnote 11] Civil penalties ranging from $18,000 to
$25,000 were recommended for 7 enforcement actions. Although TSA has
not conducted its own analysis of foreign airport assessment and air
carrier inspection results, TSA officials stated that our analysis of
the results was consistent with their assumptions regarding the most
prominent security deficiencies identified among foreign airports and
air carriers. However, TSA officials stated that it is difficult to
draw conclusions about the results--such as whether the results are
generally positive or negative--considering the differences in the
capabilities and willingness of foreign officials to address security
deficiencies. TSA officials further stated that the cumulative results
of the assessments and inspections may be helpful in identifying the
aviation security training needs of foreign aviation security
officials. While TSA does not have its own program to provide aviation
security training and technical assistance to foreign aviation security
officials, TSA officials stated that they could use the results of
TSA's foreign airport assessments to refer foreign officials to
training and technical assistance programs offered by ICAO and several
other U.S. government agencies.
During fiscal year 2005, TSA helped improve security at foreign
airports by assisting foreign officials and air carrier representatives
in addressing security deficiencies identified during TSA assessments
and inspections. However, TSA's oversight of the foreign airport
assessment and air carrier inspection programs could be strengthened.
TSA assisted foreign officials in addressing security deficiencies
identified during airport assessments in various ways, including
providing on-site consultation to help foreign officials immediately
address security deficiencies, making recommendations to help foreign
officials sustain security improvements, and helping foreign
governments obtain aviation security training and technical assistance.
To help air carriers address security deficiencies that were
identified, TSA often provided on-site consultation. For example,
during one inspection, TSA inspectors identified a security deficiency
related to catering carts, after which the inspectors immediately
notified the air carrier of the deficiency and made a recommendation
for better securing catering carts in the future.[Footnote 12] TSA also
assigned a principal security inspector to each U.S. carrier and
foreign carrier that provides service to the United States whose
responsibility was to counsel air carriers and provide clarification on
TSA security requirements when necessary. TSA has several controls in
place to ensure that the agency is meeting internal requirements for
implementing the foreign airport assessment and air carrier inspection
programs, such as requiring inspectors to use standard operating
procedures for coordinating with host government officials for
scheduling, conducting, and reporting the results of foreign airport
assessments. However, additional controls--including controls for
tracking, documenting, and measuring the impact of TSA's assessment and
inspection activities--would help strengthen its oversight of these
programs. First, TSA does not have controls in place to track the
status of scheduled foreign airport assessments and air carrier
inspections, including whether the assessments and inspections were
actually conducted or whether they were deferred or canceled, which
could make it difficult for TSA to ensure that scheduled assessments
and inspections are completed. Second, TSA does not always document the
results of follow-up conducted by TSA international staff to determine
progress made by foreign governments in addressing security
deficiencies identified by TSA. Documentation of such follow-up would
enable TSA to have access to updated information on the security of
foreign airports that provide service to the United States. Third, TSA
does not always track the status of air carrier inspections from
initiation through completion, which prevents TSA from determining
whether appropriate action was taken against air carriers that violated
security requirements. Finally, TSA does not have outcome-based
performance measures in place to measure the impact that its efforts
have had on helping foreign airport officials and air carrier
representatives comply with aviation security standards and
requirements. Federal standards for internal controls and associated
guidance suggest that agencies should document key decisions in a way
that is complete and accurate, and that allows decisions to be traced
from initiation, through processing, to after completion. Starting in
August 2006, TSA officials began to develop controls for tracking the
status of scheduled foreign airport visits, such as tracking the number
of days remaining until inspectors are to visit a particular foreign
airport. However, in February 2007, TSA officials acknowledged that
additional refinements to the tracking system were needed. TSA
officials also stated that developing performance measures to assess
the impact of assessment and inspection-related efforts on security at
foreign airports would be useful, but they identified several concerns
about developing such measures. For example, TSA officials stated that
whether foreign officials improve security at their airports is not
within TSA's control and, therefore, developing a performance measure
related to TSA's contributions to improving foreign airport security
may not be appropriate. However, other federal agencies, such as the
Department of State, have developed performance measures for foreign
assistance programs for which the outcome is not entirely within the
agency's control. Even without full control over such measures, it
would be useful for TSA to develop outcome-based measures for its
foreign airport assessment and air carrier inspection programs--such as
the percentage of security deficiencies that were addressed as a result
of TSA on-site assistance and TSA recommendations for corrective
action--to identify any aspects of these programs that need
improvement. Also, with additional oversight of the foreign airport
assessment and air carrier inspection programs, TSA would have better
assurance that these programs are operating as intended.
TSA is taking action to address challenges that have limited its
ability to conduct foreign airport assessments and air carrier
inspections, including a lack of available inspectors, concerns
regarding the resource burden placed on host governments as a result of
frequent airport visits by TSA and others, and concerns unique to
specific host governments, such as sovereignty--more specifically,
concerns that TSA assessments and inspections infringe upon a host
government's authority to regulate airports and air carriers within its
borders. According to TSA officials, TSA deferred approximately 30
percent of the foreign airport visits--including airport assessments
and air carrier inspections--that were scheduled for fiscal year 2005,
due to the lack of available inspectors and concerns raised by host
government officials. TSA officials stated that two key factors
affected the availability of inspectors during fiscal year 2005. First,
TSA was operating with fewer inspectors than the agency budgeted for
fiscal year 2005. Specifically, three of the five international field
offices were operating with fewer inspectors than they were budgeted
during at least 9 months out of the fiscal year. According to TSA, the
shortage of inspectors was due to the high turnover rate for inspectors
and the lengthy process for hiring additional inspectors to fill vacant
positions. Second, TSA scheduled more foreign airport visits--which
includes both airport assessments and air carrier inspections--than the
budgeted number of inspectors could have reasonably conducted.
According to TSA, each inspector can reasonably conduct between 8 and
12 foreign airport visits per year depending on the amount of time
inspectors remain on site to help foreign authorities address any
security deficiencies. However, all five international field offices
scheduled more than 12 foreign airport visits per inspector during
fiscal year 2005; one international field office scheduled more than 24
visits per inspector. TSA officials said that their internal policy
regarding the frequency with which the agency is to conduct foreign
airport assessments and air carrier inspections drove their decision to
schedule more foreign airport visits than inspectors could reasonably
have conducted. According to TSA officials, this internal policy was
developed by the Federal Aviation Administration, which was responsible
for conducting foreign airport assessments and air carrier inspections
prior to TSA. TSA officials also stated that the Federal Aviation
Administration had more available inspectors to conduct assessments and
inspections than TSA. Given the lack of available international
inspectors, TSA also used domestic inspectors--that is, inspectors who
typically conduct security inspections at U.S. airports--to conduct 33
percent of the scheduled foreign airport visits for fiscal year 2005.
However, TSA officials stated that the use of domestic inspectors is
undesirable because these inspectors lack experience conducting
assessments in the international environment. During October 2006, TSA
began implementing a risk-based approach to scheduling foreign airport
assessments to better allocate its limited inspector resources by
focusing on foreign airports that pose the greatest security risk to
U.S.-bound air travel. Another potential benefit to TSA's new risk-
based approach to scheduling is that it may allow TSA to reduce its
reliance on domestic inspectors. Our analysis shows that TSA's risk-
based approach is consistent with generally accepted risk management
principles. TSA has also taken steps to address concerns regarding the
resource burden placed on host governments as a result of frequent
airport visits. Host government officials in three of the seven foreign
countries we visited, and representatives of various air carrier
associations, stated that countries are subjected to multiple
assessments and inspections each year by TSA, ICAO, the European
Commission, and others, and because foreign government officials and
air carrier representatives have to escort the various inspectors
during the assessment and inspections, the frequency of airport visits
is burdensome on the host government and air carriers. TSA's risk-based
approach for scheduling airport assessments should help address some
host governments' concerns regarding the resource burden. TSA has also
begun to explore other opportunities to alleviate the resource burden
placed on host governments. Specifically, when the opportunity is
available, TSA is considering conducting joint assessments and using
the results of some host government or third party assessments to
adjust the frequency of TSA visits; collectively, these efforts may
reduce the number of airport visits experienced by some countries.
However, TSA officials stated that they are cautious about using the
results of other entities' assessments because TSA has not
independently evaluated the quality of the assessments conducted by
these other entities and because these other entities base their
assessments on different aviation security standards than TSA. TSA
headquarters officials stated that working with host governments to
harmonize aviation security standards as well as the process used to
conduct assessments--that is, developing similar standards and
assessment processes that provide the same level of security--would
facilitate TSA's use of host government and third party assessment
results. TSA has made efforts to harmonize security standards and
inspection processes with the European Commission, although, as of
February 2007, a time frame for completion of these efforts had not yet
been established. TSA has also harmonized some security standards--
particularly those related to the screening of liquids, gels, and
aerosols--with several European countries, Australia, and Canada. In
addition to working to address concerns regarding the resource burden
placed on host governments as a result of frequent airport visits, TSA
has taken steps to address some country-specific challenges that have
limited TSA's ability to conduct foreign airport visits. For example,
TSA said that officials from one country viewed TSA's airport
assessments as an infringement on their country's sovereignty, and
therefore would not allow TSA to conduct assessments of airports in
their country. However, TSA officials negotiated with officials in this
country so that assessments are conducted under the guise of a TSA
"visit" to--versus an "assessment" of--the airport, although officials
from that country prohibit TSA inspectors from assessing airport
perimeter security and the contents of their national aviation security
programs. TSA officials stated that when unique concerns arise in the
future, they will continue to work with countries on a case-by-case
basis to try to address their concerns.
In our April 2007 report that contained sensitive security information,
we made several recommendations to assist TSA in strengthening
oversight of the foreign airport assessment and air carrier inspection
programs. These include developing and implementing controls to track
the status of scheduled foreign airport assessments and air carrier
inspections from initiation through completion, including reasons why
assessments and inspections were deferred or canceled; developing and
implementing a standard process for tracking and documenting host
governments' progress in addressing security deficiencies identified
during airport assessments; and developing performance measures to
evaluate the impact that TSA assistance and enforcement actions have
had on improving foreign airport and air carrier compliance with
applicable aviation security standards. We provided a draft of this
report to the Department of Homeland Security (DHS) for review. DHS, in
its written comments, concurred with our findings and recommendations,
and stated that the recommendations will help strengthen TSA's
oversight of foreign airport assessments and air carrier inspections.
DHS described some actions that TSA is taking to implement these
recommendations, including enhancing its tracking system to include the
reason for deferment or cancellation of an airport assessment or an air
carrier inspection; developing a system whereby outstanding
deficiencies noted during an assessment will be tracked along with
deficiency specific information, deadlines, and current status; and
developing outcome-based performance measures for the foreign airport
assessment program and air carrier inspection activities.
Background:
DHS Responsibilities for Ensuring the Security of U.S.-Bound Flights
from Foreign Countries:
Shortly after the September 11, 2001, terrorist attacks, Congress
passed, and the President signed into law, the Aviation and
Transportation Security Act, which established TSA and gave the agency
responsibility for securing all modes of transportation, including the
nation's civil aviation system, which includes domestic and
international commercial aviation operations.[Footnote 13] In
accordance with 49 U.S.C. § 44907, TSA assesses the effectiveness of
security measures at foreign airports served by a U.S. air carrier,
from which a foreign air carrier serves the United States, that pose a
high risk of introducing danger to international air travel, and at
other airports deemed appropriate by the Secretary of Homeland
Security.[Footnote 14] This provision of law also identifies measures
that the Secretary must take in the event that he or she determines
that an airport is not maintaining and carrying out effective security
measures based on TSA assessments.[Footnote 15] TSA also conducts
inspections of U.S. air carriers and foreign air carriers servicing the
United States from foreign airports pursuant to its authority to ensure
that air carriers certificated or permitted to operate to, from, or
within the United States meet applicable security requirements,
including those set forth in an air carrier's TSA-approved security
program.[Footnote 16]
The Secretary of DHS delegated to the Assistant Secretary of TSA the
responsibility for conducting foreign airport assessments but retained
responsibility for making the determination that a foreign airport does
not maintain and carry out effective security measures. Currently,
TSA's Security Operations and Transportation Sector Network Management
divisions are jointly responsible for conducting foreign airport
assessments and air carrier inspections. Table 1 highlights the roles
and responsibilities of certain TSA positions within these divisions
that are responsible for implementing the foreign airport assessment
and air carrier inspection programs.
Table 1: Positions That Play a Key Role in TSA's Foreign Airport and
Air Carrier Inspection Programs:
Office/division: Security Operations;
Position: Aviation Security Inspector;
Duties: Inspectors are primarily responsible for performing and
reporting the results of both foreign airport assessments and the air
carrier inspections, and will provide on-site assistance and make
recommendations for security enhancements. Inspectors are also deployed
in response to specific incidents or to monitor for identified threats.
Inspectors are based in one of TSA's five international field offices
(IFO)[A.].
Office/division: Transportation Sector Network Management;
Position: Transportation Security Administration Representative (TSAR);
Duties: TSARs communicate with foreign government officials to address
transportation security matters and to conduct foreign airport
assessments. Specifically, the TSARs serve as on-site coordinators for
TSA responses to terrorist incidents and threats to U.S. assets at
foreign transportation modes. TSARs also serve as principal advisors on
transportation security affairs to U.S. ambassadors and other embassy
officials responsible for transportation issues to ensure the safety
and security of the transportation system. For the foreign airport
assessment program, TSARs are often involved in arranging pre-
assessment activities, assessment visits, and follow-up visits.
Additionally, TSARs are responsible for completing portions of the
airport assessment reports and reviewing completed assessment reports.
TSARs also help host government officials address security deficiencies
that are identified during assessments.
Office/division: Transportation Sector Network Management;
Position: International Security Principal Inspector (IPSI);
Duties: IPSIs are responsible for assisting foreign air carriers in
complying with TSA security requirements by providing counseling and
clarification to airlines on TSA requirements and providing requested
information to TSA about these air carriers.
Office/division: Transportation Sector Network Management;
Position: Principal Security Inspector (PSI);
Duties: PSIs are responsible for assisting U.S.-based air carriers in
complying with TSA security requirements by providing oversight to
airlines on TSA requirements and providing requested information to TSA
about these air carriers.
Source: TSA.
[A] IFO managers are responsible for the overall planning of assessment
visits that take place in their respective regions. TSA's IFOs are
located in Dallas, Miami, Frankfurt, Singapore and Los Angeles.
[B] TSARs are located in Athens, Bangkok, Beijing, Brussels, Buenos
Aires, Dallas, Frankfurt, London, Madrid, Manila, Miami, Paris, Rome,
Singapore, Sydney, Tokyo, and Washington, D.C.
[End of table]
TSA's Process for Assessing Aviation Security Measures at Foreign
Airports:
TSA conducts foreign airport assessments to determine the extent to
which foreign airports maintain and carry out effective security
measures in order to ensure the security of flights bound for the
United States. Specifically, TSA assesses foreign airports using 86 of
the 106 aviation security standards and recommended practices adopted
by ICAO, a United Nations organization representing nearly 190
countries.[Footnote 17] (See app. II for a description of the 86 ICAO
standards and recommended practices TSA uses to assess security
measures at foreign airports.[Footnote 18]) While TSA is authorized
under U.S. law to conduct foreign airport assessments at intervals it
considers necessary, TSA may not perform an assessment of security
measures at a foreign airport without permission from the host
government. During fiscal year 2005, TSA scheduled assessments by
categorizing airports into two groups. Category A airports--airports
that did not exhibit operational issues in the last two TSA
assessments--were assessed once every 3 years, while category B
airports--airports that did exhibit operational issues in either of the
last two TSA assessments, or were not previously assessed--were
assessed annually. Based on documentation provided by TSA, during
fiscal year 2005, TSA assessed aviation security measures in place at
128 foreign airports that participated voluntarily in TSA's Foreign
Airport Assessment Program.[Footnote 19]
TSA's assessments of foreign airports are conducted by a team of
inspectors, which generally includes one team leader and one team
member. According to TSA, it generally takes 3 to 7 days to complete a
foreign airport assessment. However, the amount of time required to
conduct an assessment varies based on several factors, including the
size of the airport, the number of air carrier station inspections to
be conducted at the airport,[Footnote 20] the threat level to civil
aviation in the host country, and the amount of time it takes
inspectors to travel from the international field office (IFO) to the
airport where the assessment will take place. An additional 2 weeks is
required for inspectors to complete the assessment report after they
return to the IFO.
As shown in figure 1, regarding the process for conducting a foreign
airport assessment, before TSA can assess the security measures at a
foreign airport, the Transportation Security Administration
Representative (TSAR) must first obtain approval from the host
government to allow TSA to conduct an airport assessment and to
schedule the date for an on-site visit to the foreign airport. During
the assessment, the team of inspectors uses several methods to
determine a foreign airport's level of compliance with international
security standards, including conducting interviews with airport
officials, examining documents pertaining to the airport's security
measures, and conducting a physical inspection of the airport. For
example, the inspectors are to examine the integrity of fences,
lighting, and locks by walking the grounds of the airport. Inspectors
also make observations regarding access control procedures, such as
looking at employee and vehicle identification methods in secure areas,
as well as monitoring passenger and baggage screening procedures in the
airport. At the close of an airport assessment, inspectors brief
foreign airport and government officials on the results of the
assessment. TSA inspectors also prepare a report summarizing their
findings on the airport's overall security posture and security
measures, which may contain recommendations for corrective action and
must be reviewed by the TSAR, the IFO manager, and TSA headquarters
officials.
Figure 1: Airport Assessment Activities:
[See PDF for image]
Source: GAO analysis of information provided by TSA.
[End of figure]
If the inspectors report that an airport's security measures do not
meet minimum international security standards, particularly critical
standards, such as those related to passenger and checked baggage
screening and access controls, TSA headquarters officials are to inform
the Secretary of Homeland Security.[Footnote 21] If the Secretary,
based on TSA's airport assessment results, determines that a foreign
airport does not maintain and carry out effective security measures, he
or she must, after advising the Secretary of State, take secretarial
action. Figure 2 describes in detail the types of secretarial action
the Secretary may take during such instances. There are three basic
types of secretarial action:
* 90-day action--The Secretary notifies foreign government officials
that they have 90 days to address security deficiencies that were
identified during the airport assessment and recommends steps necessary
to bring the security measures at the airport up to ICAO
standards.[Footnote 22]
* Public notification--If, after 90 days, the Secretary finds that the
government has not brought security measures at the airport up to ICAO
standards, the Secretary notifies the general public that the airport
does not maintain and carry out effective security measures.[Footnote
23]
* Modification to air carrier operations--If, after 90 days, the
Secretary finds that the government has not brought security measures
at the airport up to ICAO standards:
- The Secretary may withhold, revoke, or prescribe conditions on the
operating authority of U.S.-based and foreign air carriers operating at
that airport, following consultation with appropriate host government
officials and air carrier representatives, and with the approval of the
Secretary of State.
- The President may prohibit a U.S.-based or foreign air carrier from
providing transportation between the United States and any foreign
airport that is the subject of a secretarial determination.
* Suspension of service--The Secretary, with approval of the Secretary
of State, shall suspend the right of any U.S.-based or foreign air
carrier to provide service to or from an airport if the Secretary
determines that a condition exists that threatens the safety or
security of passengers, aircraft, or crew traveling to or from the
airport, and the public interest requires an immediate suspension of
transportation between the United States and that airport.[Footnote 24]
Figure 2: Process for Taking Secretarial Action against a Foreign
Airport:
[See PDF for image]
Source: GAO analysis of information provided by TSA.
[End of figure]
TSA's Process for Inspecting Air Carriers with Service to the United
States from Foreign Airports:
Along with conducting airport assessments, the same TSA inspection team
also conducts air carrier inspections when visiting a foreign airport
to ensure that air carriers are in compliance with TSA security
requirements.[Footnote 25] Both U.S. and foreign air carriers with
service to the United States are subject to inspection. As of February
2007, TSA guidance required TSA to inspect each U.S. air carrier
station once a year, except for those airports in which TSA has
determined to be an "extraordinary" location,[Footnote 26] where
inspections are to occur twice a year. Foreign air carriers are to be
inspected twice in a 3-year period at each foreign airport, except in
extraordinary locations, where they are to be inspected
annually.[Footnote 27] According to documentation provided by TSA,
during fiscal year 2005, TSA conducted 529 inspections of foreign and
U.S. air carriers serving the United States from foreign airports. When
conducting inspections, TSA inspectors examine compliance with
applicable security requirements, including TSA-approved security
programs,[Footnote 28] emergency amendments to the security programs,
and security directives.[Footnote 29] Air carrier security programs are
based on the Aircraft Operator Standard Security Program for U.S.-based
air carriers and the Model Security Program for foreign air carriers,
which serve as guidance for what an air carrier needs to include in its
own security program. The Aircraft Operator Standard Security Program
is designed to provide for the safety of passengers and their
belongings traveling on flights against acts of criminal violence, air
piracy, and the introduction of explosives, incendiaries, weapons, and
other prohibited items onboard an aircraft. Likewise, the Model
Security Program is designed to prevent prohibited items from being
carried aboard aircraft, prohibit unauthorized access to airplanes,
ensure that checked baggage is accepted only by an authorized carrier
representative, and ensure the proper handling of cargo to be loaded
onto passenger flights. When TSA determines that additional security
measures are necessary to respond to a threat assessment or to a
specific threat against civil aviation, TSA may issue a security
directive or an emergency amendment to an air carrier security program
that sets forth additional mandatory security requirements.[Footnote
30] Air carriers are required to comply with each applicable security
directive or emergency amendment issued by TSA, along with the
requirements already within their security programs and any other
requirements set forth in applicable law. Appendix III provides
additional information on security requirements for U.S. and foreign
air carriers serving the United States from foreign airports.
Although U.S.-based and foreign air carriers are guided by different
standards within the Aircraft Operator Standard Security Program and
the Model Security Program, inspections for both of these entities are
similar. As in the case of airport assessments, air carrier inspections
are conducted by a team of inspectors, which generally includes one
team leader and one team member. An inspection of an air carrier
typically takes 1 or 2 days, but can take longer depending on the
extent of service by the air carrier. Inspection teams may spend
several days at a foreign airport inspecting air carriers if there are
multiple airlines serving the United States from that location. During
an inspection, inspectors are to review applicable security manuals,
procedures, and records; interview air carrier station personnel; and
observe air carrier employees processing passengers from at least one
flight from passenger check-in until the flight departs the gate to
ensure that the air carrier is in compliance with applicable
requirements. Inspectors evaluate a variety of security measures, such
as passenger processing including the use of No-Fly and Selectee
lists,[Footnote 31] checked baggage acceptance and control, aircraft
security, and passenger screening. Inspectors record inspection results
into TSA's Performance and Results Information System (PARIS) system, a
database containing security compliance information on TSA-regulated
entities. If an inspector finds that an air carrier is violating any
applicable security requirements, additional steps are to be taken to
record those specific violations and, in some cases, pursue them with
further investigation. Figure 3 provides an overview of the air carrier
inspection and documentation process, including the options for what
type of penalty, if any, should be imposed on air carriers for
identified security violations.
Figure 3: Air Carrier Inspection Process:
[See PDF for image]
Source: GAO analysis of information provided by TSA.
[End of figure]
When an inspector identifies a violation of a security requirement, a
record of the violation is opened in PARIS. According to guidance
issued by TSA to inspectors, there are various enforcement tools
available to address instances of noncompliance discovered during an
inspection:
* On-the-spot counseling is generally to be used for noncompliance that
is minor and technical in nature, and can be remedied immediately at
the time it is discovered. When this course of action is taken, the
inspector notes that the noncompliance issue was closed with TSA
counseling in the finding record and no further action is required.
* Administrative action is generally to be used for violations or
alleged violations that are unintentional, not the result of
substantial disregard for security, where there are no aggravating
factors present, or first-time violations. An administrative action
results in either a letter of correction or a warning notice being
issued to the air carrier.
* Civil penalties in the form of fines are generally to be used in
response to cases involving egregious violations, gross negligence, or
where administrative action and counseling did not adequately resolve
the noncompliance. Fines can range between $2,500 and $25,000 based on
the severity of the violation.[Footnote 32] If the violation is severe
enough, TSA may also recommend revocation of the air carrier's
certification to fly into the United States, but this action has not
yet been taken by TSA.
If a violation is resolved with on-the-spot counseling, that fact is
recorded in the finding record of PARIS and the matter is closed.
However, if the inspector opts to pursue administrative action or a
civil penalty against the air carrier, an enforcement investigation
record is opened, and an investigation is conducted. Based on the
investigation findings, the inspector recommends either an
administrative action or a civil penalty, depending on the finding and
the circumstances. If the investigation does not provide evidence that
a violation occurred, the matter is closed with no action taken.
If the inspector makes a recommendation for an administrative action,
the supervisory inspector or IFO manager will typically review the
recommendation and, if appropriate, approve and issue the action. The
supervisory inspector may also recommend that the action be changed to
no action or to a civil penalty. In the case of the latter, the case
will be referred to the Office of Chief Counsel for further review.
In those cases where the inspector recommends that a civil penalty be
assessed on the air carrier, it is referred to the Office of Chief
Counsel for review. The office is responsible for ensuring that the
action is legally sufficient, and that the recommended fine is
consistent with agency guidelines. TSA's Office of Chief Counsel makes
the final determination for any legal enforcement action. The office
may approve the proposed action or make a recommendation for other
actions, including administrative action or no action at all.
TSA Found That Some Foreign Airports and Air Carriers Complied with All
Aviation Security Standards, and When Deemed Necessary, DHS and TSA
Took Enforcement Action on Those That Did Not:
Based on the results of TSA's foreign airport assessments, during
fiscal year 2005, some foreign airports and air carriers complied with
all relevant aviation security standards, while others did not. The
most common area of noncompliance for foreign airports was related to
quality control--mechanisms to assess and address security
vulnerabilities at airports. The Secretary of Homeland Security
determined that the security deficiencies at two foreign airports
assessed during fiscal year 2005 were so serious that he subsequently
notified the general public that these airports did not meet
international aviation security standards. In addition to assessing the
security measures implemented by the airport authority at foreign
airports, TSA also inspected the security measures put in place by air
carriers at foreign airports. When security deficiencies identified
during air carrier inspections could not be corrected or addressed
immediately, TSA inspectors recommended enforcement action. TSA
officials stated that while it is difficult to determine whether the
assessment and inspection results are generally positive or negative,
the cumulative foreign airport assessment and air carrier inspection
results may be helpful in identifying the aviation security training
needs of foreign aviation security officials. TSA does not have its own
program through which aviation security training and technical
assistance are formally provided to foreign aviation security
officials. However, TSA officials stated that they could use the
results of TSA's foreign airport assessments to refer foreign officials
to training and technical assistance programs offered by ICAO and
several other U.S. government agencies.
TSA Data Identified That More than One-Third of Foreign Airports
Complied with All Relevant ICAO Standards during Fiscal Year 2005, and
the Remaining Airports Had Security Deficiencies:
Of the 128 foreign airports TSA assessed during fiscal year 2005, TSA
data show that at the completion of these assessments, 46 (about 36
percent) complied with all ICAO standards reviewed by TSA,[Footnote 33]
while 82 (about 64 percent) did not meet at least one ICAO standard
reviewed by TSA.[Footnote 34] For these 82 foreign airports, the
average number of standards not met was about 5, and the number of
standards not met by an individual airport ranged from 1 to 22. Foreign
airports were most frequently not meeting ICAO standards related to
quality control. TSA data show that about 39 percent of foreign
airports assessed during fiscal year 2005 did not comply with at least
one ICAO quality control standard, which include mechanisms to assess
and address security vulnerabilities at airports. For example, one
airport did not meet an ICAO quality control standard because it did
not have a mechanism in place to ensure that airport officials
implementing security controls were appropriately trained and able to
effectively perform their duties. In another instance, an airport did
not comply with an ICAO quality control standard because, during its
previous two assessments, inspectors found that the airport did not
require or have records of background investigations conducted for
individuals implementing security controls at the airport. Another area
in which airports were not meeting ICAO quality control standards was
the absence of a program to ensure the quality and effectiveness of
their National Civil Aviation Security Program. TSA officials stated
that quality control deficiencies may be prevalent among foreign
airports in part because there is no international guidance available
to aviation security officials to help them develop effective quality
control measures. However, TSA officials stated that ICAO and other
regional aviation security organizations offer training courses to help
aviation security officials worldwide in developing effective quality
control measures.
TSA data also identified that at the completion of the assessment,
nearly half of the foreign airports assessed during fiscal year 2005
did not meet at least one of the 17 ICAO standards that TSA
characterized as "critical" to aviation security.[Footnote 35]
According to TSA, access control, screening of checked baggage, and
screening of passengers and their carry-on items are critical aspects
of aviation security because these measures are intended to prevent
terrorists from carrying dangerous items, such as weapons and
explosives, onto aircraft. TSA data identified that some foreign
airports assessed during fiscal year 2005 did not meet at least one
access control standard. TSA data also identified that some foreign
airports did not meet ICAO standards related to checked baggage
screening. One of the baggage screening deficiencies TSA identified
involved foreign airports not taking steps to prevent checked baggage
from being tampered with after the baggage had been screened, prior to
the baggage being placed on the aircraft. TSA data also identified that
some foreign airports assessed during fiscal year 2005 did not meet
ICAO standards related to passenger screening. One of the passenger-
screening problems identified by TSA involved screening personnel not
resolving hand-held metal detector or walk-through metal detector
alarms to determine whether the individuals being screened were
carrying prohibited items.
The Secretary of Homeland Security Took Action against Foreign Airports
That Did Not Maintain and Carry Out Effective Security Measures:
Even if a foreign airport does not meet multiple aviation security
standards, including critical standards, TSA may determine that such
deficiencies do not warrant review by the Secretary of Homeland
Security. However, if TSA determines that secretarial action may be
warranted and the Secretary of Homeland Security, based on TSA's
assessment, determines that a foreign airport does not maintain and
carry out effective security measures, he or she must take secretarial
action. Since the inception of DHS in March 2003, the Secretary of
Homeland Security has taken action against five foreign airports he
determined were not maintaining and carrying out effective security
measures, four of which received 90-day action letters. The Secretary
notified the public of his determination with respect to two of these
airports--Port-au-Prince Airport in Haiti[Footnote 36] and Bandara
Ngurah Rai International Airport in Bali, Indonesia[Footnote 37]--both
of which were assessed during fiscal year 2005.
TSA officials told us that the decision to take secretarial action
against an airport is not based solely on the number and type of
security deficiencies identified during TSA airport
assessments.[Footnote 38] Rather, the secretarial action decision is
based on the severity of the security deficiencies identified, as well
as past compliance history, threat information, and the capacity of the
host government to take corrective action.[Footnote 39] For example,
there were other foreign airports assessed during fiscal year 2005 that
did not comply with about the same number and type of critical ICAO
standards as the five airports that received secretarial action.
However, according to the former Deputy Director of TSA's Compliance
Division, secretarial action was not taken against these airports
either because the security deficiencies were determined to be not as
severe, the host country officials were capable of taking immediate
corrective action to address the deficiencies, or TSA did not perceive
these airports to be in locations at high risk of terrorist activity.
Table 2 demonstrates how two foreign airports--one for which
secretarial action was taken and the other for which no secretarial
action was taken--have about the same number and types of critical
deficiencies, but differ in the severity of the deficiencies and their
capability to take immediate corrective action to address identified
deficiencies.
Table 2: Comparison of the Severity of Security Deficiencies and
Corrective Action Taken at One Secretarial Action Airport and One Non-
Secretarial Action Airport:
ICAO standard not met by the airport;
Secretarial action airport: 4.7.1--Each Contracting State shall ensure
that security restricted areas are established at each airport serving
international civil aviation and that procedures and identification
systems are implemented in respect of persons and vehicles.
Severity of the deficiency;
Secretarial action airport:
* Security guards failed to check identification (ID) badges properly
for pedestrians and vehicles entering restricted areas;
* Guards allowed 54 vehicles to enter a restricted area requiring
vehicles operators to only show a letter identifying them as a very
important person (VIP);
* Guards were not conducting walking or mobile patrols of areas around
or in the airport;
* Guards did not prevent persons without proper identification from
entering restricted areas;
* The airport did not have a program in place to audit the
identification system;
Non-Secretarial action airport:
* Vehicles that did not have proper permits were parked in a restricted
area;
* A door that leads from the ticket counter to the airside was left
open and unattended.
Immediate corrective action taken by the airport to address the
deficiency;
Secretarial action airport:
* No immediate action was taken to address the deficiency;
Non-Secretarial action airport:
* The airport director immediately removed the vehicles from the
restricted area and informed vehicle operators that they would not be
allowed to park in the restricted area until they obtained an
authorized vehicle permit.
ICAO standard not met by the airport;
Secretarial action airport: 4.3.1--Each Contracting State shall
establish measures to ensure that originating passengers and their
cabin baggage are screened prior to boarding an aircraft engaged in
international civil aviation operations.
Severity of the deficiency;
Secretarial action airport:
* Screeners allowed individuals who set off walk-through metal detector
alarms to pass through the screening checkpoint without determining the
cause for the alarms;
* Screeners were not using the hand-held metal detector correctly;
* Screeners were conducting full-body pat-down searches incorrectly;
* X-ray screeners were inattentive and did not routinely identify carry-
on bags for further inspection;
Non-Secretarial action airport:
* Screeners allowed individuals who set off walk-through metal detector
alarms to pass through the screening checkpoint without determining the
cause for the alarms;
* Screeners were not using the hand-held metal detector correctly;
* Screeners did not physically inspect all cell phones;
* Screeners did not rotate positions at the checkpoint;
* The airport did not sufficiently staff the security checkpoint.
Immediate corrective action taken by the airport to address the
deficiency;
Secretarial action airport:
* Even after TSA inspectors demonstrated how to properly screen
passengers and resolve metal detector alarms, screeners were still not
able to screen passengers and carry-on items correctly;
Non-Secretarial action airport:
* After TSA inspectors demonstrated how to properly resolve metal
detector alarms, prior to the completion of the assessment, the
inspectors observed that screeners were screening passengers and their
carry-on items correctly.
Source: GAO analysis of TSA foreign airport assessment results.
[End of table]
According to TSA, secretarial actions are lifted when the Secretary, in
part based on TSA's assessment of the airport, determines that the
airport is carrying out and maintaining effective security measures.
TSA lifted the secretarial action at Port-au-Prince airport in Haiti in
July 2006, 19 months after the public notification was issued. During
this 19-month period, TSA assisted Haitian officials in developing a
national civil aviation security plan and provided training on how to
properly screen passengers and their carry-on baggage. According to the
former Deputy Director of TSA's Compliance Division, although TSA
determined earlier during 2006 that all of the security deficiencies at
the airport had been addressed by Haitian officials, based on specific
intelligence information regarding threats to the airport in Haiti, the
Secretary delayed lifting the secretarial action until July 2006. As of
February 2007, the public notification for the airport in Bali was
still in place. TSA officials stated that they are in frequent contact
with Indonesian officials to discuss Indonesia's progress in addressing
security deficiencies at the airport. TSA officials also stated that
they are awaiting Indonesian officials' request for TSA to conduct an
airport assessment to determine whether the security deficiencies at
the airport in Bali have been addressed.
More than Two-Thirds of Fiscal Year 2005 Air Carrier Inspections
Identified Compliance with All TSA Security Requirements, while the
Remaining Inspections Identified Some Security Deficiencies:
In addition to assessing the security measures implemented by the
airport authority at foreign airports, TSA also inspected the security
measures put in place by air carriers at foreign airports. According to
air carrier inspection data maintained by TSA, during fiscal year 2005,
of the 529 inspections of air carriers operating out of foreign
airports, there were 373 inspections (about 71 percent) for which the
air carrier complied with all TSA security requirements, and 156
inspections (about 29 percent) for which the air carrier did not comply
with at least one TSA security requirement.[Footnote 40] For these 156
inspections, the average number of TSA requirements not met was about
3, and the number of TSA requirements not met by an individual
inspected air carrier ranged from 1 to 18. The total number of security
requirements against which air carriers were inspected generally ranged
from about 20 to 80, depending on the location of the foreign airport
in which the air carrier operated, the extent of a carrier's operation
at the airport, and whether the carrier was a U.S.-based or foreign-
based carrier.[Footnote 41] During fiscal year 2005 air carrier
inspections, TSA identified security deficiencies in several areas,
including aircraft security and passenger and checked baggage
screening.[Footnote 42]
Because TSA has authority to regulate air carriers that provide service
to the United States from foreign airports, TSA inspected air carriers
against specific security requirements established by TSA and included
in the air carriers' TSA-approved security programs. TSA officials told
us that they view operational security requirements for air carriers as
critical--as opposed to documentary requirements associated with the
air carrier's approved security program--because these requirements are
designed to prevent terrorists from carrying weapons, explosives, or
other dangerous items onto aircraft.
TSA Took Enforcement Action against Some Air Carriers with Security
Deficiencies That Could Not Be Addressed Immediately:
When TSA inspectors identify deficiencies that cannot be corrected or
addressed immediately, the inspectors are to recommend enforcement
action. Based on data provided by TSA, TSA inspectors identified 419
violations (security deficiencies) as a result of the 156 air carrier
inspections conducted during fiscal year 2005 where TSA identified at
least one security deficiency. Data from TSA showed that 259 violations
(about 62 percent) were corrected or addressed immediately. TSA
inspectors submitted 76 violations (about 18 percent) for investigation
because the violations were considered serious enough to warrant an
enforcement action.[Footnote 43] TSA can impose three types of
enforcement action on air carriers that violate security requirements-
-a warning letter, a letter of correction, or a monetary civil penalty.
Based on information included in TSA's investigation module within
PARIS, for the 47 investigations we could link to fiscal year 2005
inspections,[Footnote 44] warning letters were issued in 26 cases, and
letters of correction were issued in 14 cases. Fines ranging from
$18,000 to $25,000 were recommended in the 7 cases where inspectors
recommended civil penalties be imposed. Of those, fines ranging from
$4,000 to $15,000 were ultimately levied in 3 cases, in 1 case a
warning notice was issued instead of a civil penalty, and in 2 cases no
action was taken.[Footnote 45] As of December 2006, 1 case remained
unresolved.
TSA Officials Cite Difficulties in Drawing Conclusions about Foreign
Airport Assessment and Air Carrier Inspection Results:
TSA officials stated that it is difficult to draw conclusions about the
cumulative foreign airport assessment and air carrier inspection
results--such as whether the results are generally positive or
negative--because the primary concern is not whether security
deficiencies are identified. Instead, TSA officials are more concerned
about whether foreign countries have the capability and willingness to
address security deficiencies. According to TSA, some foreign countries
do not have the aviation security expertise or financial resources to
adequately address security deficiencies. TSA officials also stated
that some foreign countries do not regard aviation security as a high
priority, and therefore do not intend to correct security deficiencies
identified during TSA assessments. Further, TSA officials stated that
foreign officials' capability and willingness also influence the extent
to which air carriers comply with security requirements. Although TSA
has not conducted its own analysis of foreign airport assessment and
air carrier inspection results, TSA officials stated that our analysis
of the results was consistent with their assumptions regarding the most
prominent security deficiencies identified at foreign airports and
among air carriers. Additionally, TSA officials stated that the
cumulative foreign airport assessment and air carrier inspection
results may be helpful in identifying the aviation security training
needs of foreign aviation security officials. TSA does not have an
internally funded program in place that is specifically intended to
provide aviation security training and technical assistance to foreign
aviation security officials. However, TSA officials stated that they
coordinate with other federal agencies, such as the Department of State
and the U.S. Trade and Development Agency, to identify global and
regional training needs and provide instructors for the aviation
security training courses these federal agencies offer to foreign
officials. (See app. IV for a description of the aviation security
training and technical assistance programs offered by U.S. government
agencies.) While TSA does not always determine which foreign countries
would receive aviation security training and technical assistance
offered by other federal agencies, TSA officials stated that they could
use the cumulative results of TSA's foreign airport assessments to
refer foreign officials to these assistance programs.
TSA Assisted Foreign Officials and Air Carrier Representatives in
Addressing Security Deficiencies, but Can Strengthen Oversight of the
Foreign Airport Assessment and Air Carrier Inspection Programs:
TSA used various methods to help foreign officials and air carrier
representatives address security deficiencies identified during TSA
assessments and inspections. However, opportunities remain for TSA to
enhance oversight of its foreign airport assessment and air carrier
inspection programs. To help foreign airport officials and host
government officials address security deficiencies identified during
foreign airport assessments, TSA inspectors provided on-site
consultation to help address security deficiencies in the short term,
made recommendations for addressing security deficiencies over the long
term, and recommended aviation security training and technical
assistance opportunities for foreign officials to help them meet ICAO
standards. During fiscal year 2005, TSA resolved 259 of the 419
security deficiencies identified during TSA inspections through on-site
consultation. Additionally, TSA assigned all U.S. air carriers and
foreign air carriers to a principal security inspector and
international principal security inspector, respectively, to provide
counseling or clarification regarding TSA security requirements.
Although TSA has assisted foreign airport officials and air carrier
representatives in addressing security deficiencies, TSA did not track
the status of scheduled airport assessments and air carrier
inspections, document foreign governments' progress in addressing
security deficiencies at foreign airports, track enforcement actions
taken in response to air carrier violations, and measure the impact of
the foreign airport assessment and air carrier inspection programs on
security. Such information would have provided TSA better assurance
that the foreign airport assessment and air carrier inspection programs
are operating as intended.
TSA Assisted Foreign Officials in Addressing Security Deficiencies at
Foreign Airports in Various Ways, and Foreign Officials Generally
Viewed TSA's Assistance as Beneficial:
TSA officials stated that while the primary mission of the foreign
airport assessment program is to ensure the security of U.S.-bound
flights by assessing whether foreign airports are complying with ICAO
standards, a secondary mission of the program is to assist foreign
officials in addressing security deficiencies that TSA identified
during its foreign airport assessments. As part of the foreign airport
assessment program, TSA officials assisted foreign authorities in
addressing security deficiencies in various ways, including:
* providing on-site consultation to help airport officials or the host
government immediately address security deficiencies,
* making recommendations to airport officials or the host government
for corrective action intended to help sustain security improvements,
and:
* helping to secure aviation security training and technical assistance
for foreign governments.
On-Site Consultation and Recommendations for Corrective Action:
Based on our review of TSA foreign airport assessment reports, during
fiscal year 2005, TSA provided on-site consultation to help foreign
officials immediately address security deficiencies that were
identified during airport assessments and made recommendations to help
foreign officials sustain security improvements in the longer term. One
type of security deficiency identified during TSA's fiscal year 2005
foreign airport assessments involved a particular passenger checkpoint
screening function.[Footnote 46] As a short-term solution to this
security deficiency, on at least two occasions, TSA inspectors provided
on-site training to instruct screeners on proper passenger screening
techniques. As a longer-term solution, the assessment reports identify
that in some cases, TSA inspectors recommended that the airport conduct
remedial training for screeners and routinely test screeners who work
at the passenger checkpoint to determine if they are screening
passengers correctly. Another security deficiency identified at foreign
airports during fiscal year 2005 related to the security of airport
perimeters.[Footnote 47] After identifying this deficiency, inspectors
consulted with foreign airport officials who, in a few cases, took
immediate action to address the deficiency. According to the assessment
reports, in some cases, TSA inspectors recommended measures that would
help the airport sustain perimeter security in the longer term. In
cases when a short-term solution may not be feasible, TSA inspectors
may have only recommended longer-term corrective action. For example,
in some cases, TSA inspectors recommended that foreign airport
officials embark upon a longer-term construction project to address a
particular type of security deficiency.[Footnote 48]
Aviation Security Training and Technical Assistance:
During fiscal year 2005, TSA also assisted foreign governments in
securing training and technical assistance provided by TSA and other
U.S. government agencies to help improve security at foreign airports,
particularly at airports in developing countries. For example, four of
the seven TSA Representatives--TSARs---with whom we met said that they
had assisted foreign governments in obtaining training either through
the State Department's Anti-Terrorism Assistance Program or through the
U.S. Trade and Development Agency's aviation security assistance
programs. The goals of the Anti-Terrorism Assistance Program are to (1)
build the capacity of foreign countries to fight terrorism; (2)
establish security relationships between U.S. and foreign officials to
strengthen cooperative anti-terrorism efforts; and (3) share modern,
humane, and effective anti-terrorism techniques. The State Department
addresses the capacity-building goal of the Anti-Terrorism Assistance
Program by offering a selection of 25 training courses to foreign
officials, 1 of which focuses on airport security. The State Department
provided the airport security course, which is taught by TSA
instructors, to seven foreign countries during fiscal year 2005--
Bahamas, Barbados, Dominican Republic, Kazakhstan, Philippines, Qatar,
and United Arab Emirates. The U.S. Trade and Development Agency also
provides aviation security training and technical assistance to help
achieve its goal of facilitating economic growth and trade in
developing countries. During fiscal year 2005, the U.S. Trade and
Development Agency provided aviation security training for government
officials in Haiti, Malaysia, and sub-Saharan Africa. During the same
year, the agency held regional workshops for various countries
worldwide on developing quality control programs. Government officials
from two of the five countries we visited identified the importance of
obtaining quality control training, particularly given that they have
not yet established their own quality control function. Appendix IV
includes a detailed description of aviation security training and
technical assistance provided to foreign officials by the State
Department and the U.S. Trade and Development Agency, as well as other
U.S. government agencies.
Foreign Officials We Contacted Generally Viewed TSA's Assistance as
Beneficial:
Government and airport officials from five of the seven foreign
countries we visited and officials from 5 of the 16 foreign embassies
we visited stated that TSA's airport assessments and the resulting
assistance provided by TSA have helped strengthen airport security in
their countries. For example, officials from one country said that TSA
assessments enabled them to identify and address security deficiencies.
Specifically, officials stated that the government could not
independently identify security deficiencies because it did not have
its own airport assessment program--a condition that TSA officials told
us exists in many countries. Airport officials in another country
stated that TSA's airport assessments and on-site assistance led to
immediate improvements in the way in which passengers were screened at
their airport, particularly with regard to the pat-down search
procedure. Embassy officials representing another country also stated
that TSA's assessments reinforce the results of other assessments of
their airports. In addition, these officials stated that they
appreciated the good rapport and cooperative relationships they have
with TSA inspection officials. Airport officials in another country we
visited stated that TSA assisted them in developing their aviation
security management program, and that the results of TSA's assessments
provided them with examples of where they need to concentrate more
efforts on meeting ICAO standards. Government officials in this same
country said that the TSAR has helped them to comply with ICAO
standards related to the contents of a member state's national aviation
security program. At the recommendation of the TSAR, these officials
also planned to participate in an aviation security workshop provided
by the Organization of American States,[Footnote 49] which they also
felt would be beneficial in helping the government formulate its
national aviation security programs and associated security
regulations.
TSA Provided Assistance to Air Carriers That Did Not Comply with
Applicable Security Requirements:
In addition to assisting foreign officials in addressing security
deficiencies identified during airport assessments, TSA also assisted
air carrier representatives in addressing security deficiencies that
were identified during air carrier inspections. Of the 419 instances in
which TSA inspectors identified noncompliance with TSA security
requirements during fiscal year 2005, TSA data show 259 were resolved
through counseling--that is, the security deficiencies were resolved as
a result of on-site assistance or consultation provided by TSA. For
example, during one inspection, TSA observed that the security
contractor employed by the air carrier was not properly searching the
aircraft cabin for suspicious, dangerous, or deadly items prior to
boarding. TSA instructed the contractor to fully inspect those
locations that were not searched properly, and obtained assurance that
the air carrier would provide information to the contractors to ensure
proper searches were conducted. In another instance, inspectors
identified a security deficiency related to catering carts. The
inspectors notified appropriate catering facility officials, who stated
that the security deficiency was highly unusual and that it would not
happen again. The inspectors also informed the air carrier of the
finding and recommended that during the carrier's internal audits, they
ensure that catering carts are properly secured.
In addition to counseling provided by inspectors when deficiencies are
identified, TSA assigns each air carrier to either a PSI, for U.S.-
based air carriers, or an IPSI, for foreign air carriers with service
to the United States, to assist air carriers in complying with TSA
security requirements. Although PSIs and IPSIs do not participate in
air carrier inspections, they do receive the inspection results for the
air carriers that they work with. According to the three PSIs and four
IPSIs with whom we met, PSIs and IPSIs provide counsel to the air
carriers and provide clarification when necessary on TSA security
requirements. For example, they provide air carriers with clarification
on the requirements contained in security directives and emergency
amendments issued by TSA. Several of the foreign air carriers we met
with told us that the IPSIs are generally responsive to their requests.
In other instances, when an air carrier cannot comply with a TSA
security requirement--such as when complying with a TSA security
requirement would cause the air carrier to violate a host government
security requirement--the air carrier will work with the IPSI or PSI to
develop alternative security procedures that are intended to provide a
level of security equivalent to the level of security provided by TSA's
requirements, according to the PSIs and IPSIs with whom we met. These
alternative procedures are reviewed by the PSI or IPSI and then
approved by TSA headquarters officials.[Footnote 50]
Opportunities Exist for TSA to Strengthen Oversight of the Foreign
Airport Assessment and Air Carrier Inspection Programs:
TSA has several controls in place to ensure that the agency is
implementing the foreign airport assessment and air carrier inspection
programs as intended. However, there are opportunities for TSA to
improve its oversight of these programs to help ensure that the status
and disposition of scheduled foreign airports assessments and air
carrier inspections is documented and to assess the impact of the
assessment and inspection programs. Regarding the foreign airport
assessment program, TSA required inspectors and TSARs to follow
standard operating procedures when scheduling and conducting foreign
airport assessments. These procedures outline the process for
coordinating with host government officials to schedule assessments,
conduct foreign airport assessments, and report the results of the
assessments. TSA also provided inspectors with a job aide to help them
ensure that all relevant ICAO standards are addressed during an
assessment. The job aide prompts inspectors as to what specific
information they should obtain to help determine whether the foreign
airport is meeting ICAO standards. For example, in assessing measures
related to passenger-screening checkpoints, the job aide prompts the
inspector to describe the means by which the airport ensures there is
no mixing or contact between screened and unscreened passengers. In
addition to the standard operating procedures and the job aide, TSA
requires inspectors to use a standard format for reporting the results
of foreign airport assessments and has implemented a multilayered
review process to help ensure that airport assessment reports are
complete and accurate.
With regard to the air carrier inspection program, TSA uses the
automated Performance and Results Information System to compile
inspection results. PARIS contains results of air carrier inspections
conducted by TSA at airports in the United States as well as
inspections conducted at foreign airports. For air carrier inspections
conducted at foreign airports, a series of prompts guides inspectors
regarding what security standards U.S. carriers and foreign carriers
operating overseas must meet. PARIS also includes a review process
whereby completed inspection results can be reviewed by a supervisory
inspector before being approved for release into the database.
While TSA has controls such as these in place for the foreign airport
assessment and air carrier inspection programs to ensure consistent
implementation and documentation, we identified four additional
controls that would strengthen TSA's oversight of the foreign airport
assessment and air carrier inspection programs:
* tracking the status of scheduled airport assessments and air carrier
inspections,
* documenting foreign governments' progress in addressing security
deficiencies,
* tracking air carrier violations, and:
* measuring the impact of the foreign airport assessment and air
carrier inspection programs.
Additional Controls Are Needed to Track the Status of Scheduled Airport
Assessments and Air Carrier Inspections:
TSA has established some controls for tracking the status of scheduled
airport assessments and air carrier inspections, but additional
controls are needed. TSA provided us with a list of foreign airport
assessments that were scheduled to take place during fiscal year 2005
and identified which of the assessments were actually conducted and
which assessments were deferred or canceled. We compared the list of
scheduled assessments provided by TSA to the fiscal year 2005 airport
assessment reports we reviewed and identified several discrepancies.
Specifically, there were 10 airport assessments that TSA identified as
having been conducted, but when we asked TSA officials to provide the
reports for these assessments, they could not, and later categorized
these assessments as deferred or canceled. Conversely, there was 1
airport assessment that TSA identified as having been deferred, but
according to the assessment reports we reviewed, this assessment was
actually conducted during fiscal year 2005. There were also five
foreign airports for which TSA provided us with the fiscal year 2005
assessment report, but were not included on TSA's list of assessments
scheduled for fiscal year 2005. Further, there were three foreign
airports listed under one IFO as having been deferred, whereas these
same airports were listed under another IFO as having been canceled
during fiscal year 2005.[Footnote 51] TSA also did not maintain
accurate information on the status of air carrier inspections scheduled
for fiscal year 2005. TSA provided us with a list of all air carrier
inspections conducted during fiscal year 2005. We compared the list to
the results contained in the PARIS database and found numerous
inconsistencies. Specifically, we identified 46 air carrier inspections
at 18 airports that were not included on TSA's list, but were included
in PARIS as having been conducted during fiscal year 2005.
Federal standards for internal controls and associated guidance suggest
that agencies should document key decisions in a way that is complete
and accurate, and that allows decisions to be traced from initiation,
through processing, to after completion. TSA officials acknowledged
that they have not always maintained accurate and complete data on the
status of scheduled foreign airport assessments and air carrier
assessments, in part due to the lack of a central repository in which
to maintain assessment information and the lack of standardization in
the way in which each IFO manager maintains assessment information.
Additionally, IFOs had not always documented the reasons why
assessments and inspections were deferred or canceled. TSA officials
stated that in August 2006 they began standardizing and refining the
existing databases used by IFO staff for tracking the status of foreign
airport assessments and air carrier inspections by including data
elements such as the dates of previous and planned assessments. TSA
officials also stated that IFO staff are now encouraged to identify the
reasons why assessments and inspections were deferred or canceled in
the comment section of the database. While TSA has made some
improvements to the way in which it tracks the status of scheduled
foreign airport assessments and air carrier inspections, there are
opportunities for additional refinements to TSA's tracking system. For
example, according to our review of TSA's fiscal year 2007 foreign
airport assessment and air carrier inspection schedules, TSA did not
provide an explanation for why 13 of 34 foreign airport visits--that
is, either assessments or inspections--had not been conducted according
to schedule. TSA officials acknowledged that their assessment and
inspection tracking system is a work in progress and that they need to
make additional decisions regarding the tracking system, such as which
data elements to include. Without adequate controls in place for
tracking which scheduled assessments and inspections were actually
conducted and which were deferred or canceled, it may be difficult for
TSA to ensure that all scheduled airport assessments and air carrier
inspections are actually conducted.
TSA Did Not Consistently Document Foreign Governments' Progress in
Addressing Security Deficiencies:
TSARs--the primary liaisons between the U.S. government and foreign
governments on transportation security issues--are responsible for
following up on progress made by foreign officials in addressing
security deficiencies identified during TSA assessments. Although the
TSARs we interviewed stated that they conducted such follow-up, the
TSARs did not consistently document the progress foreign governments
had made in addressing airport security deficiencies. We found 199
instances in the 128 fiscal year 2005 foreign airport assessment
reports we reviewed where it was written that the TSAR would follow up
or was recommended to follow up on the progress made by foreign
officials in addressing security deficiencies identified during airport
assessments. However, TSA may not be able to determine whether TSARs
had actually followed up on these security deficiencies because TSARs
did not consistently document their follow-up activities. We
interviewed 8 of the 20 TSARs stationed at embassies throughout the
world and one Senior Advisor and DHS attaché. Six of those TSARs stated
that they followed up on outstanding security deficiencies in various
ways,[Footnote 52] depending on the severity of the deficiency and the
confidence that the TSAR had in the host government's ability to
correct the deficiency. For example, one TSAR told us that for less
critical security deficiencies, she may inquire about the foreign
government's status in addressing the deficiency via electronic mail or
telephone call. On the other hand, for a critical deficiency, the TSAR
said she may follow up in person on the host government's progress in
addressing the deficiency. However, another TSAR stated that she only
follows up on the foreign government's progress in addressing national
program issues. She stated that she does not follow up on operational
security deficiencies--such as screening of passengers and checked
baggage--because she believes this is the responsibility of the TSA
inspection staff. While 4 of the 8 TSARs we interviewed told us that
they were able to follow up on the status of most or all security
deficiencies within their area of responsibility, not all of these
TSARs reported the results of their follow-up to TSA inspection staff,
in part because they were not required to do so. In addition, TSARs
stated that when they did document the results of their follow-up, it
was not done consistently. For example, follow-up results were
sometimes documented in weekly trip reports (generally electronic mail
messages) TSARs send to their immediate supervisor in TSA headquarters
or in action plans.[Footnote 53] In addition, these weekly reports did
not always contain information from the TSARs' follow-up activities
with host government or airport officials. Federal standards for
internal controls and associated guidance suggest that agencies should
document key activities in such a way that maintains the relevance,
value, and usefulness of these activities to management in controlling
operations and making decisions. TSA headquarters officials
acknowledged that it is important to consistently document foreign
governments' status in addressing security deficiencies identified
during TSA assessments, because this information could be helpful to
TSA inspection staff when determining where to focus their attention
during future assessments. Additionally, documenting foreign
governments' progress toward addressing deficiencies would enable TSA
to have current information on the security status of foreign airports
that service the United States. TSA established a working group in
September 2006 to explore how the results of TSAR follow-up should be
documented and used by TSA inspection staff. Because of the logistical
challenges of coordination among working group members who are located
around the world, TSA has not set a time frame for when the working
group is expected to complete its efforts.
TSA Did Not Adequately Maintain Information to Link Enforcement Actions
with Specific Air Carrier Security Violations:
TSA does not maintain air carrier inspection data in a way that would
enable the agency to determine what enforcement actions were taken in
response to identified security violations and thus could not readily
determine whether appropriate penalties, if any, were given to air
carriers that violated security requirements. We found two factors that
contributed to this situation. First, information on violations and
findings was not consistently recorded, and second, TSA does not link
enforcement actions to inspection findings. For example, when an
inspector identifies a violation during an inspection, that information
is recorded in the inspections database in PARIS and a record is to be
opened in the findings database.[Footnote 54] The findings database
record includes information related to the violation, including whether
the violation was closed with counseling or an investigation was
opened. However, we found that information is not maintained in a way
that enables TSA to readily determine the enforcement action that was
taken in response to a particular violation. For example, the findings
database did not include information on the action taken by TSA
inspectors for all security violations that were identified in the
inspections database. Specifically, the inspections database indicated
that during fiscal year 2005, 419 air carrier violations were
identified during 156 inspections. However, the findings database only
identified the actions taken by TSA inspectors for 335 violations. On
further analysis we found that of the 156 inspections where violations
were identified, the number of violations for 79 (51 percent) of those
inspections were not properly recorded in the findings database. We
determined that for 66 inspections, the number of violations identified
in the findings database was less than the number of violations
identified in the inspections database. Therefore, there is no record
of what action was taken, if any, by TSA inspectors to address the
additional violations identified during these inspections. We also
determined that for 13 inspections, the number of violations identified
in the findings database was greater than the number of violations
identified in the inspections database. Another reason TSA could not
readily identify what enforcement actions were taken in response to
specific security violations was that TSA often issued one enforcement
action for multiple security violations, where inspectors were not
required to identify each individual violation that was addressed by a
particular enforcement action. Without being able to readily identify
what enforcement action was taken in response to specific security
violations, TSA has limited assurance that the inspected air carriers
received appropriate penalties, if deemed necessary, and that
identified security violations were resolved. TSA officials told us
that they are currently developing updates to PARIS that will
automatically open a finding each time a violation is recorded in the
inspection database. By doing so, this will require a link between a
violation and the planned course of action to resolve the violation.
However, TSA has not established a time frame for when these updates
will be implemented.
TSA Did Not Have Outcome-Based Performance Measures to Assess the
Impact of the Foreign Airport Assessment and Air Carrier Inspection
Programs:
TSA is taking steps to assess whether the goals of the foreign airport
assessment and air carrier inspection programs are being met, but
identified several concerns about doing so. As previously discussed,
the goal of the foreign airport assessment and air carrier inspection
programs are to ensure the security of U.S.-bound flights by evaluating
the extent to which foreign governments and air carriers are complying
with applicable security requirements. The Government Performance and
Results Act of 1993 requires executive branch departments to use
performance measures to assess progress toward meeting program goals
and to help decision makers assess program accomplishments and improve
program performance. Performance measures can be categorized either as
outcome measures, which describe the intended result of carrying out a
program or activity, or as output measures, which describe the level of
activity that will be provided over a period of time, or as efficiency
measures, which show the relationship between outcome or output of a
program and the resources used to implement program activities--inputs.
TSA developed the following output and efficiency measures to evaluate
its international aviation regulatory and enforcement efforts, which
include foreign airport assessments and air carrier inspections:
* percentage of countries with last-point-of-departure service to the
United States that are provided aviation security assistance at the
national or airport level,
* percentage of countries that do not have last-point-of-departure
service to the United States that are provided aviation security
assistance at the national or airport level, and:
* average number of international inspections conducted annually per
inspector.
While output measures are useful in determining the number of foreign
countries for which TSA has provided aviation security assistance and
the rate at which such assistance is being provided, outcome-based
measures would be particularly useful because they could be used to
determine the extent to which TSA has helped to improve security at
foreign airports that service the United States. However, TSA officials
identified several challenges in developing outcome measures,
particularly measures for the foreign airport assessment program. TSA
officials said that it is difficult to develop meaningful outcome
measures because TSA does not have control over whether foreign
authorities implement and meet ICAO standards. Additionally, TSA
officials stated that if the agency develops outcome measures for the
foreign airport assessment program, it would suggest that TSA has
control over whether foreign airports meet ICAO standards, which these
officials believe may give the appearance that TSA does not respect the
sovereignty of the countries it assesses. TSA officials further stated
that if foreign officials perceive that TSA has no regard for their
country's sovereignty, foreign officials may prohibit TSA from
conducting assessments in their countries. We recognize that whether or
not foreign governments meet ICAO standards is not within TSA's control
and that foreign officials' concerns about sovereignty are important.
However, TSA officials have acknowledged that the assistance the agency
provides and, in rare cases, secretarial actions contribute to whether
foreign governments meet ICAO standards. Also, there is precedent
within the federal government for developing outcome-oriented
performance measures to evaluate efforts that are not within an
agency's control but can be influenced by the agency. For example, the
State Department developed performance measures and targets for its
Anti-Terrorism Assistance Program to evaluate the agency's impact on
helping foreign countries improve their anti-terrorism capabilities.
Specifically, during fiscal year 2006, the State Department set a
performance target that two of the six countries that received
assistance through the Anti-Terrorism Assistance Program would achieve
a capability to effectively deter, detect, and counter terrorist
organizations and threats and sustain those capabilities. Another
performance target for the program that is beyond the State
Department's control is for all 191 United Nations member states to
implement a particular United Nations resolution that requires all
states to take sweeping measures to combat terrorism.
TSA headquarters officials, including the Director of Compliance and
Area Directors, who oversee implementation of the foreign airport
assessment program, questioned whether it would be appropriate to
measure improvements made by foreign countries as a result of the
assessment program. They stated that the primary purpose of the foreign
airport assessment program is not to help foreign officials improve
security at their airports; rather, the primary purpose of the foreign
airport assessment program is to identify--not correct--security
deficiencies at foreign airports and inform the Secretary of Homeland
Security of such deficiencies. These officials also stated that the
agency's efforts to assist foreign officials in addressing security
deficiencies are voluntary and, therefore, do not warrant performance
measurement. Although TSA may not be required to assist foreign
officials in addressing security deficiencies identified during foreign
airport assessments, TSA is in fact using its inspector and TSAR
resources to this end. Consistent with the Government Performance and
Results Act of 1993, developing performance measures and associated
targets, such as the percentage of security deficiencies that were
addressed as a result of TSA on-site assistance and TSA recommendations
for corrective action, would enable TSA to evaluate the impact of its
assistance on improving security at foreign airports and be held more
accountable for the way in which it uses its resources. TSA could also
evaluate the impact that secretarial actions have on helping foreign
airports address security deficiencies in order to meet ICAO standards.
Another challenge faced by TSA officials in developing outcome-based
measures for the foreign airport assessment program is the lack of an
automated system to collect and compile assessment results. TSA
officials stated that in the absence of an automated system to input
data and information obtained from airport assessments, they do not
have enough resources to manually compile and analyze airport
assessment data that could be used to feed into outcome measures.
Currently, TSA headquarters maintains airport assessment reports either
electronically or in hard copy, which makes it difficult to conduct
systematic analysis of assessment results across foreign airports and
over time to evaluate the impact TSA's airport assessment program has
had on helping foreign countries meet ICAO standards. TSA officials
told us that $1 million was budgeted to develop a secured, automated
database--the Foreign Airport Assessment Reporting System--to track
airport assessment results. However, TSA officials stated that the
development of the Foreign Airport Assessment Reporting System has been
slow due to challenges TSA has experienced in linking the existing
electronic systems in which previous airport assessment reports are
stored with the new database. However, upon completion of the Foreign
Airport Assessment Reporting System, which is scheduled for fiscal year
2008, TSA expects that the database will enhance standardization of
assessment reports as well as accessibility to the results of previous
foreign airport assessments. TSA also expects that the Foreign Airport
Assessment Reporting System will enable TSA to conduct analysis of
foreign airport assessment results.
As with the foreign airport assessment program, TSA has also not
developed outcome-based performance measures for its overseas air
carrier inspection program. However, TSA officials have begun to
collect and analyze data on air carrier inspections that could be used
to measure the impact of TSA's inspection program on helping air
carriers comply with TSA security requirements. During fiscal year
2006, TSA officials who manage PARIS began analyzing air carrier
inspection results in an effort to assist the agency in evaluating the
impact that enforcement actions--including on-site counseling,
administrative actions, and civil penalties--have had on ensuring air
carrier compliance with TSA security requirements. These officials plan
to assess whether there is a relationship between the severity of civil
penalties and the reoccurrence of security violations. The analysis
that is being conducted by these officials is consistent with our
reviews of agency compliance inspection programs, which have cited the
need for evaluations of enforcement activities and the effectiveness of
using sanctions such as civil penalties to increase
compliance.[Footnote 55] However, while the TSA officials managing
PARIS are conducting such analysis of performance information,
officials who manage the air carrier inspection program did not intend
to use the results of this analysis to develop performance measures or
to influence program decisions. According to TSA officials, considering
that overall compliance rates are very high among air carriers, and the
number of enforcement actions taken by TSA is relatively low, there may
not be enough data to conduct meaningful analysis of the impact of
enforcement actions. In addition, TSA officials said that they were not
convinced that air carrier compliance is influenced by enforcement
actions, especially since air carriers are known to intentionally set
aside funds when developing their annual budgets in anticipation that
they will be fined for some type of security violation during the year.
One TSA official stated that air carrier compliance with TSA security
requirements is not always within the air carrier's control and is
largely influenced by the security measures in place at the airport, as
well as restrictions placed on air carriers by host government laws and
regulations. When analyzing the fiscal year 2005 air carrier inspection
results, we identified only one instance where noncompliance due to a
conflict between TSA requirements and host government law resulted in
an inspector requesting that enforcement action be taken against the
air carrier.[Footnote 56] However, TSA chose not to take enforcement
action against the air carrier and instead decided to work with the
host government to resolve the conflict. Despite the concerns raised by
TSA officials, using the analysis of air carrier inspection results to
develop performance measures, TSA managers may not be able to identify
which approaches for improving air carrier compliance are working well
and which approaches could be improved upon.
TSA Is Taking Action to Address Some Challenges That Have Limited Its
Ability to Conduct Foreign Airport Assessments and Air Carrier
Inspections:
TSA is taking action to address challenges--particularly the lack of
available inspectors and various host government concerns--that have
limited its ability to conduct foreign airport assessments and air
carrier inspections according to schedule. TSA has developed a risk-
based approach to scheduling foreign airport assessments, and is in the
process of developing a risk-based approach for scheduling air carrier
inspections, to enhance the agency's ability to focus its limited
inspector resources on higher-risk airports. The risk-based scheduling
approach is also expected to reduce the number of visits TSA conducts
at low-risk foreign airports, which may help address some host
governments' concerns regarding the resource burden that results from
frequent airport assessments by TSA and others. Harmonization--that is,
mutual recognition and acceptance--of TSA, host government, and third
party (e.g., European Commission) aviation security standards and
assessment and inspection processes may also help TSA address host
government concerns regarding resource burden. Specifically, when the
opportunity is available, TSA is considering conducting joint
assessments with some host governments or third parties, such as the
European Commission, which would reduce the number of airport visits
experienced by some countries. In addition to addressing concerns
regarding the resource burden placed on host governments as a result of
frequent airport visits, TSA has taken steps to address some country-
specific challenges that have limited TSA's ability to conduct foreign
airport visits.
TSA Has Taken Steps to Enhance its Ability to Conduct Foreign Airport
Assessments and Air Carrier Inspections on Schedule, but Staffing
Challenges Remain:
Various challenges have affected TSA's ability to maintain its schedule
of conducting foreign airport assessments and air carrier inspections.
The ability to conduct these assessments and inspections as scheduled
is important, according to TSA officials, because foreign airport and
air carrier compliance with applicable security requirements may
deteriorate significantly between assessments. As time between visits
increases, the likelihood may also increase that security deficiencies
at foreign airports and among air carriers may arise and go undetected
and unaddressed. TSA officials also stated that conducting assessments
and inspections on a consistent basis helps to ensure that foreign
countries continue to comply with ICAO standards and are operating with
effective security measures. TSA data show that the agency deferred 90
of the 303 (about 30 percent) foreign airport visits that were
scheduled for fiscal year 2005, which include both foreign airport
assessments and air carrier inspections.[Footnote 57] According to TSA,
these deferments resulted primarily from a lack of available inspectors
to conduct the assessments and inspections. Our analysis identified
that the reported shortage of available inspectors reflected the fact
that (1) the inspector staff available to conduct the assessments and
inspections was less than the number authorized at each of TSA's five
IFOs at some point during fiscal year 2005 and (2) TSA scheduled more
foreign airport visits during the fiscal year than available inspectors
could complete.
TSA officials cited several reasons why the IFOs operated in fiscal
year 2005 with fewer inspectors than had been budgeted. First, TSA
officials stated that due to State Department limitations on the number
of inspectors that can be staffed at IFOs overseas, TSA did not have
the budgeted number of inspectors on board to complete assessments and
inspections scheduled for fiscal year 2005.[Footnote 58] Second, TSA
officials stated that significant turnover among international
inspectors and the subsequent lengthy process for filling vacant
inspector positions also contributed to the lack of available
inspectors. TSA officials attributed the turnover of international
inspectors to various factors, including TSA's policy that limits the
term of international inspectors at overseas IFOs to 4 years, the lack
of opportunities for career advancement when stationed at an IFO, and
unique difficulties inspectors experience when living and working
overseas, such as disruptions to family life. As of January 2007, TSA
officials did not have any specific efforts under way to help reduce
turnover of international inspectors. Further, TSA officials stated
that it takes an average of about 6 months to fill a vacant inspector
position, due to the lengthy process for vetting newly hired
inspectors. Specifically, once hired, international inspectors must be
processed through the State Department, which entails applying for and
receiving medical clearances, security clearances, a diplomatic
passport, and visas. TSA officials stated that expediting the process
of filling vacant positions is largely outside of TSA's control.
However, TSA assigned a headquarters official to oversee this process
to identify opportunities for accelerating it. Table 3 shows the number
of inspectors budgeted for and available at the IFOs each month during
fiscal year 2005.
Table 3: Budgeted and Available International Inspectors by IFO, by
Month for Fiscal Year 2005:
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 5;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 10;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 4.
Month: October;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 15;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 5;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: November;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: December;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: January;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: February;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: March;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: April;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 8;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: May;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 9;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: June;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 9;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 3.
Month: July;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 2;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 10;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 2.
Month: August;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 3;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 10;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 1.
Month: September;
Number of international inspectors: Brussels/Frankfurt: Budgeted
staffing for fiscal year 2005: 16;
Number of international inspectors: Dallas: Budgeted staffing for
fiscal year 2005: 4;
Number of international inspectors: Los Angeles: Budgeted staffing for
fiscal year 2005: 3;
Number of international inspectors: Miami: Budgeted staffing for fiscal
year 2005: 10;
Number of international inspectors: Singapore: Budgeted staffing for
fiscal year 2005: 1.
Source: GAO analysis of TSA data.
Note: The bold numbers represent months when, according to TSA, IFOs
operated below their budgeted number of inspectors.
[End of table]
Even if TSA had been operating at its budgeted inspector staffing
level, the agency may still have deferred some of the foreign airport
assessments and air carrier inspections scheduled for fiscal year 2005
because, according to TSA officials, internal policy required them to
schedule more foreign airport visits than the budgeted number of
inspectors could reasonably have conducted. According to TSA officials,
this internal policy was developed by the Federal Aviation
Administration, which was responsible for conducting foreign airport
assessments and air carrier inspections prior to TSA. TSA officials
also stated that the Federal Aviation Administration had more available
inspectors to conduct assessments and inspections than TSA. TSA
officials stated that each international inspector should reasonably be
able to conduct between 8 and 12 foreign airport visits per
year,[Footnote 59] depending on the amount of time inspectors remain on
site to assist foreign officials and air carrier representatives in
addressing security deficiencies that are identified during assessments
and inspections. However, according to data provided by TSA, each of
the 5 IFOs scheduled more than 12 foreign airport visits per inspector
for fiscal year 2005. Table 4 shows the average number of foreign
airport visits scheduled per international inspector for fiscal year
2005.
Table 4: Budgeted Number of Inspectors, Total Scheduled Foreign Airport
Visits, and Average Number of Scheduled Foreign Airport Visits per
Inspector, by IFO, for Fiscal Year 2005:
IFO: Brussels/ Frankfurt;
Budgeted number of inspectors: 16;
Total number of foreign airport visits scheduled: 110;
Average number of foreign airport visits scheduled per inspector a:
13.8.
IFO: Dallas;
Budgeted number of inspectors: 5;
Total number of foreign airport visits scheduled: 60;
Average number of foreign airport visits scheduled per inspector a:
24.0.
IFO: Los Angeles;
Budgeted number of inspectors: 3;
Total number of foreign airport visits scheduled: 19;
Average number of foreign airport visits scheduled per inspector a:
12.7.
IFO: Miami;
Budgeted number of inspectors: 10;
Total number of foreign airport visits scheduled: 84;
Average number of foreign airport visits scheduled per inspector a:
16.8.
IFO: Singapore;
Budgeted number of inspectors: 3;
Total number of foreign airport visits scheduled: 30;
Average number of foreign airport visits scheduled per inspector a:
20.0.
IFO: Total;
Budgeted number of inspectors: 37;
Total number of foreign airport visits scheduled: 303;
Average number of foreign airport visits scheduled per inspector a:
16.4.
Source: GAO analysis of TSA data.
Note: TSA did not maintain accurate or complete data on the number of
foreign airport assessments and air carrier inspections scheduled for a
particular fiscal year. Therefore, our calculations may not include all
of the assessments and inspections that were conducted, deferred, and
canceled during fiscal year 2005.
[A] The average number of foreign airport visits scheduled per
inspector was calculated by multiplying the total number of foreign
airport visits that were scheduled by 2 (assuming that 2 inspectors
conduct each visit), then dividing that number by the total number of
budgeted inspectors.
[End of table]
TSA officials acknowledged that for fiscal year 2005 they scheduled
more foreign airport visits than the budgeted level of inspectors could
have reasonably conducted. However, TSA has taken steps to compensate
for the shortage of international inspectors by utilizing domestic
inspectors to help complete the foreign airport assessments and air
carrier inspections that were scheduled for fiscal year 2005.
Specifically, domestic inspectors were used to assist with about 34
percent of foreign airport assessments and about 35 percent of air
carrier inspections.[Footnote 60] However, despite the use of domestic
inspectors, TSA still had to defer foreign airport assessments and air
carrier inspections. TSA headquarters officials and IFO staff further
stated that the heavy reliance on domestic inspectors to conduct
foreign airport assessments and air carrier inspections is not
desirable because domestic inspectors lack experience conducting
assessments using ICAO standards or inspecting foreign operations of
air carriers, as well as working in the international environment.
Additionally, using domestic inspectors sometimes presents challenges
in planning and coordinating foreign airport visits. Specifically, it
can be difficult to obtain clearance from the State Department and host
government to allow domestic inspectors to enter foreign countries
because TSA may not always be able to provide sufficient notice that
domestic inspectors will be participating in airport visits,
particularly when the need for a domestic inspector is determined on
short notice. Moreover, according to TSA officials, the availability of
domestic inspectors may change unexpectedly when they are needed to
remain in the United States. TSA officials also said that domestic
inspectors may not be available for the entire 4-week period that it
takes to prepare for, conduct, and write reports for foreign airport
assessments and air carrier inspections. Last, TSA officials stated
that compared to international inspectors, some domestic inspectors are
not effective at taking notes while conducting observations at foreign
airports, nor are some domestic inspectors effective at preparing
foreign airport reports--specifically, their word choices for
describing security conditions at airports are not always sensitive to
the concerns of foreign officials. According to TSA officials, if
foreign officials take offense at the way in which TSA portrays the
security deficiencies at their airports, foreign officials may no
longer allow TSA to conduct airport assessments in their countries. TSA
officials stated that they enhanced the notetaking module for the
training provided to personnel conducting assessments and inspections
overseas. However, for the reasons discussed above, TSA international
officials plan to lessen their reliance on domestic inspectors.
Risk-Based Approach:
A risk-based approach entails consideration of terrorist threats,
vulnerability of potential terrorist targets to those threats, and the
consequences of those threats being carried out when deciding how to
allocate resources to defend against these threats. Risk-based,
priority-driven decisions can help inform decision makers in allocating
finite resources to the areas of greatest need.
During October 2006, TSA began implementing a risk-based approach to
scheduling foreign airport assessments in order to focus its limited
inspector resources on higher-risk airports. Another potential benefit
to TSA's new approach is that it may allow TSA to reduce its reliance
on domestic inspectors. The objectives of TSA's risk-based scheduling
approach are to (1) determine the appropriate frequency of foreign
airport visits, and (2) identify the appropriate number of inspectors
needed for each IFO based on the deployment availability of inspectors,
the risk-based priority of each location, and the number of visits
required each year.
Under the risk-based approach, when fully implemented, foreign airports
are categorized based on risk level, and depending on the category in
which they are placed, are scheduled to be assessed once a year, once
every 2 years, or once every 3 years. According to information provided
by TSA, under this approach, the number of foreign airport assessments
scheduled each year will decrease by about 38 percent (from 170 to 105
assessments).[Footnote 61] TSA officials stated that the reduction in
the number of annual foreign airport assessments will help enable
inspectors to complete foreign airport assessments according to
schedule. Based on our analysis, TSA's risk-based approach for
scheduling foreign airport assessments is consistent with generally
accepted risk management principles.
While it appears that this risk-based approach will reduce the number
of foreign airport assessments international inspectors are expected to
conduct in a year, it is too soon to determine the impact of this
approach on TSA's ability to complete scheduled foreign airport visits-
-including assessments and inspections--for two key reasons. First, TSA
has not yet finalized its risk-based approach to scheduling air carrier
inspections. In February 2007, TSA officials stated that the draft
version of the risk-based approach to scheduling air carrier
inspections was being vetted through the agency, but they do not expect
the final version to be approved until spring 2007. TSA officials
stated that in developing the risk-based approach for scheduling air
carrier inspections, they determined that, unlike the situation with
airports, using previous inspection results was not the best way to
determine air carrier vulnerability. Rather, TSA officials expect to
use foreign airport assessment results to determine the vulnerability
of air carriers operating out of those airports, especially considering
that the security status of foreign airports influences TSA's decision
to impose additional security requirements on air carriers operating
out of foreign airports.
In addition, it is uncertain how TSA's upcoming audits of foreign
repair stations will affect the workload of international inspectors.
In December 2003, Congress passed the Vision 100--Century of Aviation
Reauthorization Act (Vision 100), which mandated that TSA issue
regulations to ensure the security of foreign and domestic repair
stations and, in coordination with the Federal Aviation Administration
(FAA), complete a security review and audit of foreign repair stations
certified by FAA within 18 months of issuing the regulations.[Footnote
62] Currently, there are approximately 665 FAA-certified repair
stations in foreign countries that TSA is required to audit.[Footnote
63] Of these, 93 are deemed substantial with regard to safety and
security in that they perform work on the airframe, flight controls, or
propulsion systems. In addition, another 38 are located in countries
that, pursuant to Vision 100, TSA and FAA must give priority to because
they have been identified as posing the most significant security
risks. TSA plans to initiate security audits of the repair stations
during fiscal year 2007. Specifically, TSA expects to conduct 127
audits of foreign repair stations during the initial year, focusing on
those located in high-threat areas. According to TSA, the majority of
repair stations deemed substantial (65 of 93)--are located on or near
foreign airports already subject to assessment by TSA. TSA expects that
it will take inspectors 3 days to complete initial audits if the
foreign repair stations are collocated with foreign airports being
assessed, and 5 days to complete for stations which are not collocated.
According to TSA, the agency's fiscal year 2006 funding levels were
sufficient to allow for an additional 13 international inspector
positions, including a program manager position, to supplement its
current international inspector staff and help meet the requirement to
conduct foreign repair station security audits. As of January 2007, all
13 positions were filled, but TSA had not yet begun to conduct these
audits. Therefore, it is not yet known how these audits and additional
inspector positions will actually affect overall inspector workload or
TSA's ability to complete its foreign assessments and inspections as
scheduled.
Harmonization of Security Standards and Assessment and Inspection
Processes Would Help TSA Address Host Government Concerns Regarding
Resource Burdens:
Harmonization of TSA, host government, and third party (e.g., European
Commission) security standards and the processes used to assess foreign
airports and air carriers would address concerns regarding the resource
burden placed on host governments as a result of frequent airport
visits conducted by TSA and others. Officials from 3 of the 7 foreign
countries we visited in March 2006, as well as officials representing
the European Commission--the executive arm of the European Union (which
is composed of 27 countries[Footnote 64]), stated that the frequency of
airport assessments and air carrier inspections conducted by TSA and
others had placed a significant resource burden on the host government.
In addition, a representative of the Association of European Airlines
and IATA stated that frequent security inspections by TSA, the host
government, and other countries, as well as safety inspections,
including inspections conducted by FAA, burdened the limited personnel
resources available to air carriers. Specifically, for each inspection,
the air carrier must assign one of its employees to escort the
inspection team around the airport. (In general, TSA officials must be
accompanied by host government officials when conducting foreign
airport assessments and air carrier inspections because TSA officials
are not allowed to enter restricted areas of the airport unescorted.)
Belgian officials, for example, proposed to shorten TSA's fiscal year
2006 assessment of the airport in Brussels, stating that being assessed
by TSA, as well as ICAO, the European Commission, and the European
Civil Aviation Conference[Footnote 65] within a short span of time
would pose a significant resource burden on the Belgian aviation
security department. Host government officials in Germany raised
concerns regarding the resource burden placed on their aviation
security department due to the frequency of TSA visits. German
officials said that TSA scheduled 10 airport visits between January
2006 and September 2006, which German officials viewed as excessive. In
addition to individual European countries, the Director of Security for
the Protection of Persons, Goods, and Installations for the European
Commission's Directorate General of Transport and Energy wrote a letter
to the TSA Assistant Secretary dated March 9, 2006, expressing concern
about the frequency of TSA airport assessments and air carrier
inspections in Europe. The Director suggested that TSA consider the
high level of quality control exercised within the European Union by
the European Commission as well as the European Union member states
when determining the frequency of airport assessment visits and that
TSA and the European Commission embark upon a joint effort to improve
coordination of airport visits to alleviate the resource burden placed
on member states. TSA's risk-based approach for scheduling foreign
airport assessments could help address some host governments' concerns
regarding the resource burden placed on them in part due to the
frequency of airport assessments conducted by TSA.
In addition to implementing a risk-based approach to scheduling, there
are other potential opportunities for TSA to address host country
concerns regarding the resource burden experienced as a result of
frequent airport visits. Industry representatives and some host
government officials stated that if TSA and other inspecting entities
either conducted joint airport assessments and air carrier inspections
or used the results of each other's assessments and inspections in lieu
of conducting their own, the frequency of airport visits could be
reduced, in turn reducing the resource burden placed on host
governments and air carriers. Airports Council International officials
we interviewed, who represent airport operators worldwide, stated that
if TSA and other inspecting entities were to conduct joint assessments,
the resource burden experienced by airport operators would also be
reduced. Moreover, officials from 2 of the 7 countries we visited
suggested that TSA review the results of airport assessments conducted
by the host government or by third parties either in lieu of conducting
its own airport assessments or to target its assessments on specific
security standards. These officials said that by doing this, TSA could
reduce the length of the assessment period, thereby reducing the
resource burden placed on host government officials.
According to TSA, the agency must physically observe security
operations at foreign airports to determine whether airports are
maintaining and carrying out effective security measures in order to
satisfy its statutory mandate to conduct assessments of foreign
airports. This interpretation precludes TSA from relying solely on
third party or host government assessments to make this
determination.[Footnote 66] However, TSA officials stated that they may
be able to use host government or third party assessments--provided
that foreign officials make these assessments available to TSA--to help
refine the agency's risk-based approach to scheduling foreign airport
assessments, such that TSA would be able to focus its limited
inspection resources on foreign airports that pose the greatest
security risk to the United States. For example, instead of visiting a
foreign airport that TSA considers low risk once every 3 years, TSA,
hypothetically, could visit such airports once every 5 years, and
review third party or host government assessments between visits to
help determine whether the airport is maintaining and carrying out
effective security measures. This would enable TSA to reduce the number
of visits to foreign airports, thus addressing host government
officials' concerns regarding the resource burden they experience as a
result of frequent airport assessments. However, three of the five IFO
managers we interviewed said that the option of using host government
assessments is not currently available to them because host governments
in their areas of responsibility generally do not have airport
assessment programs in place. These IFO managers said that even if host
governments had assessment programs in place, they would be cautious
about using the assessment reports and conducting joint assessments for
one of two reasons: (1) TSA has not independently evaluated the quality
of the assessments conducted by host governments and third parties or
the quality of the inspectors conducting these assessments, and (2)
host governments and third party inspectors base their assessments on
different aviation security standards than TSA. Similarly, foreign
government officials and industry representatives have cited
differences in security standards as an impediment to conducting joint
assessments and using host government or third party assessments.
Harmonization:
In the homeland security context, "harmonization" is a broad term used
to describe countries' efforts to coordinate their security practices
to enhance security and increase efficiency by avoiding duplication of
effort. Harmonization efforts can include countries' mutually
recognizing and accepting each other's existing practices--which could
represent somewhat different approaches to achieve the same outcome, as
well as working to develop uniform standards.
TSA headquarters officials stated that harmonization of airport and air
carrier security standards and airport assessment and air carrier
inspection processes would make them less cautious about using other
assessment reports and conducting joint assessments. To this end, TSA
has taken steps toward harmonizing airport assessment processes and
some airport and air carrier security standards with the European
Commission. In May 2006, in responding to the European Commission's
concerns regarding the frequency of TSA airport assessments and air
carrier inspections in Europe, the TSA Assistant Secretary suggested
that TSA and the European Commission develop working groups to address
these concerns. Further, in June 2006, TSA initiated efforts with the
European Commission that will enable each party to learn more about the
other party's quality control programs. As part of these efforts, TSA
and the European Commission established six working groups. TSA and the
European Commission have not established firm time frames for when the
working groups are to complete their efforts. The objectives and the
status of the working groups are described in table 5.
Table 5: Description and Status of TSA-European Commission Aviation
Security Working Groups:
Title of working group: SSI Agreement;
Purpose of working group: Facilitate sharing of Sensitive Security
Information (SSI) between TSA and the European Commission;
Status of working group: efforts as of January 2007:
* TSA and the European Commission agreed upon the verbiage of the
information-sharing agreement. The agreement is in the final formal
approval stages at TSA, the European Commission, and the Department of
State.
Title of working group: Observer Participation on Inspections;
Purpose of working group: Facilitate TSA observation of European Union
airport assessments and European Commission observation of TSA
assessments of U.S. airports;
Status of working group: efforts as of January 2007:
* TSA and the European Commission are currently in the process of
identifying mutually agreeable dates for a European Commission observer
to join a TSA inspection of a U.S. airport;
* Final dates and location for TSA participation in European Commission
audit are to be determined;
* European Commission representatives expressed an interest in viewing
the PARIS database, which is a compilation of U.S. inspection findings;
* The European Commission is in the process of developing a database
for its inspection findings.
Title of working group: Risk Based Assessment Methodology;
Purpose of working group: Establish a risk-based methodology for
scheduling U.S. airport assessment visits to European member states;
Status of working group: efforts as of January 2007:
* TSA developed a risk-based methodology for scheduling foreign airport
assessments;
* TSA and the European Commission will determine next steps.
Title of working group: Audit Schedules;
Purpose of working group: Determine how TSA and the European Commission
will provide advance notice of the dates for planned airport assessment
visits;
Status of working group: efforts as of January 2007:
* TSA and the European Commission agreed to share audit schedule
information on a quarterly basis;
* The level of detail on audit schedules that will be shared is to be
determined.
Title of working group: Data Interoperability;
Purpose of working group: Facilitate the exchange of information
regarding supply chain data monitoring between the United States and
the European Commission.[A];
Status of working group: efforts as of January 2007:
* TSA and the European Commission developed a data interoperability
template outlining the purpose, key objectives, and challenges of data
interoperability;
* This working group may be restructured to focus on cargo
harmonization.
Title of working group: Compare and Contrast U.S./European Commission
Aviation Security Requirements;
Purpose of working group: Assess which of TSA's and the European
Commission's aviation security measures are comparable (not identical)
and determine where significant differences exist;
Status of working group: efforts as of January 2007:
* To accomplish a meaningful comparison, TSA and the European
Commission have developed a matrix to reflect major aviation security
categories and measures. Once the SSI agreement is finalized, TSA and
the European Commission will complete the comparison matrix.
Source: TSA.
[A] A supply chain involves the flow of information, product, and funds
between different parties involved in the development and provision of
goods. These parties include manufacturers, suppliers, transporters,
warehouses, retailers, and customers.
[End of table]
In December 2006, the TSA Assistant Secretary stated that the agency
had primarily coordinated with the European Commission on harmonizing
aviation security standards because airports in the European Union
generally have a high level of security. The Assistant Secretary
further stated that TSA should not focus its inspector resources on
foreign airports that are known to have a high level of security, such
as several European airports; rather, TSA should focus its limited
resources on foreign airports that are known to be less secure. The
Assistant Secretary added that a number of options for better
leveraging inspector resources are being considered by one of the
European Commission-TSA working groups, including scheduling European
Commission and TSA assessments to overlap for 1 or 2 days to enable
both parties to share their assessment results, which could enable TSA
to shorten the length of its assessments. The Assistant Secretary also
stated that TSA could eventually recognize European Commission airport
assessments as equivalent to those conducted by TSA and have TSA
inspectors shadow European Commission assessment teams to periodically
validate the results. However, in January 2007, European Union member
states reached consensus that they would not share the results of
European Commission assessments of their airports with TSA until the
following occur: (1) TSA and the European Commission agree upon
protocols for sharing sensitive security information; (2) TSA
inspectors shadow European Commission inspectors on an assessment of a
European airport, and European Commission inspectors shadow TSA
inspectors on an assessment of a U.S. airport; and (3) TSA agrees to
provide the European Commission with the results of U.S. airport
assessments. TSA and European Commission officials stated that they
expect information-sharing protocols to be established and shadowing of
airport assessments to take place during spring 2007. TSA officials
also stated that once the information-sharing protocols are finalized,
they would be willing to provide European Union member states with the
results of U.S. airport assessments.
Aviation industry representatives stated that in addition to
facilitating joint assessments and use of third party assessments,
harmonization of aviation security standards between countries would
enhance the efficiency and effectiveness of international aviation
security efforts. For example, IATA representatives we interviewed
stated that they have met with TSA officials about harmonizing the list
of items prohibited onboard aircraft with the European Commission. IATA
officials stated that having different security requirements to follow
for different countries leads to confusion, and perhaps noncompliance
with security requirements, among air carriers. The Chairman of the
Security Committee for the Association of European Airlines stated that
there are numerous redundancies in the international aviation security
system that could be reduced through harmonization, particularly with
regard to screening transfer passengers--passengers who have a layover
en route from their originating airport to their destination airport.
For example, for a passenger traveling from Frankfurt to Chicago who
has to change planes in New York, upon landing in New York, the
passenger must be rescreened and have his or her checked baggage
rescreened before boarding the flight for Chicago. According to
officials from various air carrier and airport operator associations,
the rescreening of transfer passengers is costly and is only required
because individual countries do not formally recognize each other's
aviation security measures as providing an equivalent level of
security. Air carrier representatives also stated that because air
carriers must use their limited resources to implement redundant
security measures, they are not able to focus their resources on
implementing other security measures that may be more effective at
preventing a terrorist from carrying out an attack.[Footnote 67] The
TSA Assistant Secretary agreed that rescreening transfer passengers
that originate from airports that have a high level of security may be
unnecessarily redundant. The Assistant Secretary said that TSA plans to
assess the effectiveness of the checked baggage screening system
commonly used at European airports to determine if that system provides
at least the same level of security as TSA's baggage screening system.
However, TSA officials said that even if the agency determines that the
baggage screening system in place at European airports provides an
equivalent level of security, TSA would still have to rescreen checked
baggage for transfer passengers arriving from Europe because the
Aviation and Transportation Security Act requires passengers and
baggage on flights originating in the United States to be screened by
U.S. government employees.[Footnote 68] According to an attorney in
TSA's Office of Chief Counsel, Congress would have to change the law in
order for TSA to discontinue the screening of transfer passengers.
TSA also made efforts to harmonize some aviation security measures with
other countries outside of the European Union. For example, TSA
officials worked with Canadian officials to develop a common set of
security requirements for air carriers that have flights between the
United States and Canada. Additionally, in response to the alleged
August 2006 liquid explosives terrorist plot, TSA initially banned all
liquids, gels, and aerosols from being carried through the checkpoint
and, in September 2006, began allowing passengers to carry on small,
travel-size liquids and gels (3 fluid ounces or less) using a single
quart-size, clear plastic, zip-top bag. In an effort to harmonize its
liquid screening procedures with other countries, in November 2006, TSA
revised its procedures to allow 3.4 fluid ounces of liquids, gels, and
aerosols onboard aircraft, which is equivalent to 100 milliliters--the
amount permitted by the 27 countries in the European Union, as well as
Canada, Australia, Norway, Switzerland, and Iceland. According to the
Assistant Secretary of TSA, this means that approximately half of the
world's air travelers will be governed by similar measures with regard
to this area of security. ICAO also adopted the liquid, gels, and
aerosol screening procedures implemented by TSA and others as a
recommended practice. As we reported in March 2007, DHS has also taken
steps toward harmonizing international air cargo security
practices.[Footnote 69] As part of this effort, TSA has worked through
ICAO to develop uniform international air cargo security standards.
TSA Is Taking Steps to Address Sovereignty Concerns Raised by Foreign
Officials on a Case-by-Case Basis:
In addition to concerns regarding the resource burden placed on host
governments as a result of frequent airport visits by TSA and others,
TSA, on a case-by-case basis, has also had to address host government
concerns regarding sovereignty--more specifically, concerns that TSA
assessments and inspections infringe upon a host government's authority
to regulate airports and air carriers within its borders. According to
TSA officials and representatives of the European Commission, several
foreign governments have stated that they consider TSA's foreign
airport assessments as an infringement on their sovereignty. For
example, government officials in one country have prevented TSA from
assessing the security at their airports and from inspecting non-U.S.
air carriers because they do not believe TSA has the authority to
assess airports outside of the United States and that the host
government is the sole regulator of air carriers that are based out of
their country.[Footnote 70] Based on the results of air carrier
inspections provided to us by TSA, we found that during fiscal year
2005, TSA conducted only one inspection of an air carrier that was
based out of this particular country. According to TSA, officials from
this country allowed TSA to conduct this particular inspection to
accommodate TSA's request to inspect the security of air carriers that
had flights originating in Europe and arriving in Washington, D.C.,
during the January 2005 U.S. presidential inauguration activities. We
also found that TSA conducted assessments of four airports in this
particular country during fiscal year 2005. TSA officials said that
they were able to conduct these assessments under the guise of a TSA
"visit" to--versus an "assessment" of--the airport. TSA officials,
however, stated that because officials from this country do not believe
TSA has the authority to assess the security at their airports, these
officials would not accept--neither orally nor in writing--the results
of TSA airport assessments. TSA officials also stated that officials
from this country prohibited TSA inspectors from assessing airport
perimeter security as well as the contents of the country's individual
airport security programs.
TSA officials identified that there are at least 3 additional countries
that raised concerns regarding sovereignty. According to TSA, officials
from one of these countries stated that they did not know of any
international requirements compelling them to allow TSA to assess their
airport and that TSA had too many internal flaws to assess airports in
other countries. In response to this country's concerns, TSA sent a
representative to meet with the country's Minister of Transportation.
At the meeting, the Minister granted TSA future access to the country's
airports for assessments after being offered the opportunity to visit
U.S. airports to observe security measures. Additional countries,
according to TSA, were concerned about their sovereignty being violated
and TSA gathering intelligence information for the U.S. government
through the airport assessment program. TSA officials stated that when
unique concerns arise in the future, they will continue to work with
countries on a case-by-case basis to try to address their concerns.
Conclusions:
The alleged August 2006 terrorist plot to detonate liquid explosives on
U.S.-bound flights from the United Kingdom illustrates the continuing
threat of international terrorism to commercial aviation and the
importance of TSA's foreign airport assessment and air carrier
inspection programs. As part of these programs, TSA has provided on-
site consultation and made recommendations to foreign officials on how
to resolve security deficiencies. In rare cases, DHS and TSA have taken
more aggressive action by notifying the traveling public that an
airport does not meet minimum international standards or issuing
warning letters and letters of correction to air carriers. While
foreign government officials and air carrier representatives
acknowledged that TSA's efforts have helped to strengthen the security
of U.S.-bound flights, there are several opportunities for TSA to
strengthen oversight of its foreign airport assessment and air carrier
inspection programs. First, although TSA has made some efforts to
improve its tracking of foreign airport assessments and air carrier
inspections, until additional controls are in place to track the status
of foreign airport assessments and air carrier inspections, such as
whether scheduled assessments and inspections were actually conducted,
TSA has limited assurance that all assessments and inspections are
accounted for and that appropriate action was taken for airports and
air carriers that did not comply with security standards. Second, while
TSA has helped to strengthen security at foreign airports by providing
assistance to foreign officials, because TSA does not consistently
track and document foreign officials' progress in addressing security
deficiencies, it may be difficult for TSA to assess the impact of its
efforts on meeting program goals--to ensure that foreign airports and
air carriers servicing the United States are meeting, at a minimum,
applicable ICAO standards and TSA's security requirements,
respectively. Third, although TSA has established some output
performance measures and targets related to the assessment and
inspection programs, the current measures do not enable TSA to draw
particularly meaningful conclusions about the impact of its foreign
airport assessment and air carrier inspection programs on the security
of U.S.-bound flights and how to most effectively direct its
improvement efforts.
TSA has faced several challenges in meeting the goals of its assessment
and inspection programs, including a lack of available staff and
concerns regarding the resource burden placed on host governments as a
result of frequent airport visits conducted by TSA and others. TSA's
development of a risk-based approach to scheduling airport assessments
and air carrier inspections is a step in the right direction to address
host government concerns and better leverage limited inspector
resources. However, it is too soon to determine the extent to which the
risk-based approach will help to improve TSA's ability to complete
scheduled foreign airport assessments and air carrier inspections, and
the extent to which the approach will alleviate host government
concerns regarding the frequency of airport visits. The collaboration
between TSA and the European Commission regarding opportunities for
conducting joint airport assessments and sharing assessment results, as
well as efforts to harmonize aviation security standards--including
those related to the screening of liquids, gels, and aerosols--with the
European Commission and others, are key steps toward addressing host
government concerns regarding the resource burden that results from
frequent assessments by TSA and others. It will be important for TSA to
continue working with foreign officials to address their concerns, such
as sovereignty issues, in order to continue assessing the security at
foreign airports that service the United States.
Recommendations for Executive Action:
To help strengthen oversight of TSA's foreign airport assessment and
air carrier inspection programs, in our April 2007 report that
contained sensitive security information, we recommended that the
Secretary of the Department of Homeland Security direct the Assistant
Secretary for the Transportation Security Administration to take the
following five actions:
* develop controls to track the status of scheduled foreign airport
assessments from initiation through completion, including the reasons
why assessments were deferred or canceled;
* develop controls to track the status of scheduled air carrier
inspections from initiation through completion, including the reasons
why inspections were deferred or canceled, as well as the final
disposition of any investigations that result from air carrier
inspections;
* develop a standard process for tracking and documenting host
governments' progress in addressing security deficiencies identified
during TSA airport assessments;
* develop outcome-oriented performance measures to evaluate the impact
TSA assistance has on improving foreign airport compliance with ICAO
standards; and:
* develop outcome-oriented performance measures to evaluate the impact
TSA assistance and enforcement actions have on improving air carrier
compliance with TSA security requirements.
Agency Comments and Our Evaluation:
On April 13, 2007, we received written comments on the draft report,
which are reproduced in full in appendix V. DHS generally concurred
with the findings and recommendations in the report and stated that the
recommendations will help strengthen TSA's oversight of foreign airport
assessments and air carrier inspections.
With regard to our recommendations that TSA develop controls to track
the status of scheduled airport assessments and air carrier inspections
from initiation through completion, including the reasons for any
deferments or cancellations, and the final disposition of
investigations related to air carrier inspections, DHS stated that TSA
plans to enhance its tracking system to include the reason for any
deferment or cancellation of an airport assessment or an air carrier
inspection. The tracking system also incorporates the risk-based
methodology and criteria for scheduling foreign airport assessments
that TSA adopted in October 2006. Enhancing the tracking system should
provide TSA greater assurance that airport assessments and air carrier
inspections are conducted within applicable time frames. If properly
implemented and monitored, this tracking system should address the
intent of our recommendation. Regarding the disposition of
investigations related to air carrier inspections, DHS stated that
TSA's Office of Chief Counsel currently documents the final disposition
of investigations in PARIS, but TSA will enhance PARIS to ensure that
inspection activities are linked to investigations so that
comprehensive enforcement information is readily available. A clear
link between violations identified as a result of an inspection and the
final disposition of those violations is important for maintaining
comprehensive inspection and enforcement information. As we reported,
TSA often pursued one enforcement action in response to multiple
violations, and inspectors were not required to identify which
violations were included in the enforcement action. Without being able
to readily identify what enforcement action was taken in response to
specific security violations, TSA cannot readily ensure that air
carriers receive appropriate penalties, and that security violations
are resolved.
Concerning our recommendation that TSA develop a standard process for
tracking and documenting host governments' progress in addressing
security deficiencies identified during assessments, TSA stated that it
is currently developing a system whereby outstanding deficiencies
identified during an assessment will be tracked along with deficiency-
specific information, deadlines, and current status. TSA plans to
archive this information for future trend analysis and to provide a
historical understanding of each airport's security posture. This
effort, if properly implemented, will provide additional relevant,
useful information to TSA in performing its oversight responsibilities.
TSA concurred with our recommendation that it develop outcome-oriented
performance measures to evaluate the impact TSA assistance has on
improving foreign airport compliance with international security
standards, and on improving air carrier compliance with TSA security
requirements. TSA is considering several elements to include in the
performance measures, such as the number of assessments conducted,
corrective actions recommended, TSA assistance provided, and corrective
actions achieved. TSA indicated that its outcome-based performance
measures would be structured to recognize the collaborative nature of
the process, particularly where corrective action by a foreign
government is concerned. Such outcome-based performance measures, if
properly developed and utilized, will enable TSA to determine the
impact of its airport assessment program and assistance provided for
improving security at foreign airports. Likewise, these types of
measures can be applied to air carrier inspections at foreign airports
to determine he impact that such inspections have on compliance, and to
identify which approaches to for improving air carrier compliance with
security requirements work well and which could be improved upon.
If you or your staff have any questions about this report, please
contact me at (202) 512-3404 or berrickc@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff that made major
contributions to this report are listed in appendix VI. This report
will also be available at no charge on the GAO Web site at
http://www.gao.gov.
Signed by:
Cathleen A. Berrick:
Director, Homeland Security and Justice:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
To examine efforts by the Transportation Security Administration (TSA)
to ensure the security of international aviation, and in particular
flights bound for the United States from other countries, we addressed
the following questions: (1) What were the results of TSA's fiscal year
2005 foreign airport assessments and air carrier inspections, and what
actions were taken, if any, when TSA identified that foreign airports
and air carriers were not complying with security standards? (2) How,
if at all, did TSA assist foreign countries and air carriers in
addressing any deficiencies identified during foreign airport
assessments and air carrier inspections, and to what extent did TSA
provide oversight of its assessment and inspection efforts? (3) What
challenges, if any, affected TSA's ability to conduct foreign airport
assessments and air carrier inspections, and what actions have TSA and
others taken to address these challenges?
Results of Fiscal Year 2005 Foreign Airport Assessments and Air Carrier
Inspections and Actions Taken by TSA in Response to Noncompliance:
Foreign Airport Assessment Results:
To determine the results of TSA's foreign airport assessments we
reviewed 128 fiscal year 2005 assessment reports, the most recent year
for which complete foreign airport assessment reports were
available.[Footnote 71] To determine the extent to which foreign
airports complied with International Civil Aviation Organization (ICAO)
standards and recommended practices, we looked at the following
information contained in the reports:
(1) ICAO standards or recommended practices with which the airport did
not comply;
(2) whether issues of noncompliance were "old" (identified during the
previous assessment) or "new" (identified during the current
assessment);
(3) explanation of the problems that existed that caused the airport
not to comply with ICAO standards or recommended practices, and, if
provided, any actions taken by the host government to address the
problems;
(4) TSA's recommendations for how the airport could correct security
deficiencies in order to meet ICAO standards or recommended practices;
and:
(5) whether issues of noncompliance remained "open" (unresolved) or
"closed" (resolved) prior to the completion of the assessment.
We developed an electronic data collection instrument to capture
information from copies of the assessment reports. All data collection
instrument entries, with the exception of the problem descriptions and
recommendations, were verified to ensure they had been copied correctly
from the assessment reports. Considering that we only intended to
discuss the problem descriptions and the recommendations anecdotally,
and given the resources available to verify this information, we
verified that the problem descriptions and recommendations had been
copied correctly for a random sample of 20 assessment reports from
fiscal year 2005.
We analyzed the data to determine the frequency with which foreign
airports complied with particular categories of ICAO standards and
recommended practices, such as passenger screening, checked baggage
screening, access controls, etc., and the number of airports that
resolved deficiencies upon completion of the assessment.
Air Carrier Inspection Results:
To determine the results of TSA's air carrier inspections, we obtained
inspection data from TSA's Performance and Results Information System
(PARIS).[Footnote 72] For the purposes of our review, we analyzed the
results of inspections conducted in fiscal year 2005 to be consistent
with the analysis performed on the results of foreign airport
assessments for fiscal year 2005.
TSA's inspections database contained information on 529 air carrier
inspections at 145 foreign airports in 71 countries conducted by TSA
during fiscal year 2005. Specifically, the inspections database
included the date and location of the inspection, the inspected air
carrier, the security requirements being inspected, as well as the
inspector's determination as to whether the air carrier was or was not
in compliance with security requirements. Prior to conducting any
analysis, we assessed the reliability of the inspection data by
performing electronic testing for obvious errors in accuracy and
completeness. Our testing revealed a few errors, such as
inconsistencies in the names of individual air carriers or incorrectly
identifying the airport as the assessed entity rather than the air
carrier. We also found instances of inspections conducted at domestic
airports that were included in the data; those inspection records were
removed. We also interviewed agency officials familiar with the data,
and worked with them to resolve the data problems we identified. Based
on our electronic testing and discussions with agency officials, we
found the data to be sufficiently reliable for the purposes of our
report. For our analysis, we also added additional information to the
inspection records to include the country where the inspection
occurred, and whether the air carrier being inspected was a U.S.-based
air carrier or a foreign air carrier. Finally, to facilitate our
analysis, we grouped the security requirements being inspected into
several categories, such as aircraft security, cargo, checked baggage,
passenger and carry-on screening and special procedures.
Actions Taken by TSA when Foreign Airports and Air Carriers Did Not
Comply with Security Requirements:
To determine the actions taken by TSA when foreign airports did not
comply with ICAO standards and recommended practices, we reviewed TSA's
Foreign Airport Assessment Program Standard Operating Procedures (SOP).
We also reviewed relevant statutory provisions that identify specific
actions to be taken by the Secretary of Homeland Security when the
Secretary determines that a foreign airport does not maintain and carry-
out effective security measures.[Footnote 73]
To determine the actions taken by TSA when air carriers did not comply
with TSA security requirements, we reviewed fiscal year 2005
information from the findings and investigations databases in PARIS. As
with the inspection data, to facilitate our analysis, we included
additional information in the findings database, such as the country
where the inspection occurred, and whether the air carrier being
inspected was a U.S.-based air carrier or a foreign air carrier.
Further, we grouped the security requirements being inspected into
several categories, such as aircraft security, cargo, checked baggage,
passenger and carry-on screening, and special procedures.
To assess the reliability of the findings data, we performed electronic
testing for obvious errors and completeness and interviewed agency
officials knowledgeable about the data. We identified two issues of
concern during our reliability assessment. First, we found that the
findings database is not linked to the inspections database to allow
for ready determination of the actions taken by TSA in response to
specific deficiencies. Second, the findings database did not
consistently include accurate information on actions taken in response
to findings. According to TSA officials knowledgeable about the data,
the findings database should contain information on actions taken by
TSA for each response of "not in compliance" in the inspections
database. However, we found that in half of the inspections where
deficiencies were identified, such information was not properly
recorded in the findings database. Considering the amount of
information excluded from the findings database and that this
information could not be readily provided by TSA, we determined that
the findings data were not sufficiently reliable for conducting
evaluative analysis of the actions taken by TSA when security
violations were identified during air carrier inspections. However, we
determined that the findings data were sufficiently reliable for
conducting descriptive analysis of TSA's actions, while including
appropriate statements as to its reliability, and for anecdotal
purposes.
To assess the reliability of the investigations data included in PARIS,
we conducted electronic testing and interviewed agency officials
knowledgeable about the data. We found that information in the
investigations database is not recorded in such a way that one can
readily determine which air carrier inspection, and in particular which
specific security violations identified, were the impetus behind a
particular investigation. TSA officials explained that inspectors are
not required to link an investigation to the inspection which it
stemmed from. When we performed our analysis, TSA officials were,
however, able to provide links to inspections for some of the
investigations. For the remainder of the investigations data, we
attempted to make the link between inspections and investigations by
using information from the inspections database such as the date when
the investigation record was created and the narrative fields, which in
some cases identified whether the investigation was a result of an
inspection or some other offense, such as an air carrier allowing a
passenger on the No-Fly list to board a U.S.-bound flight.[Footnote 74]
Our analysis of actions taken by TSA when air carriers did not comply
with security requirements is, therefore, based on those investigations
that we were able to link to fiscal year 2005 inspection activity. We
found these data to be sufficiently reliable for purposes of this
report.
For additional information on actions taken by TSA when foreign
airports and air carriers did not comply with security requirements, we
interviewed TSA headquarters and field officials in the Office of
Security Operations--the division responsible for conducting foreign
airport assessments and air carrier inspections and making
recommendations for corrective action--and the Transportation Security
Network Management division--the unit responsible for working with
foreign officials to coordinate TSA foreign airport visits and
monitoring host government and air carrier progress in addressing
security deficiencies.
Assistance Provided by TSA to Address Security Deficiencies and
Oversight of Airport Assessment and Air Carrier Inspection Efforts:
Assistance Provided by TSA to Address Security Deficiencies:
To identify actions taken by TSA to help foreign officials address
security deficiencies identified at foreign airports during the fiscal
year 2005 airport assessments, we obtained and analyzed information
from the fiscal year 2005 foreign airport assessment reports. To obtain
information on TSA's efforts to assist air carrier representatives in
addressing identified security deficiencies, we reviewed information in
the findings and investigations databases from TSA's PARIS. As
previously discussed, we assessed the reliability of the findings and
investigations data by performing electronic testing for obvious errors
in accuracy and completeness, and interviewed agency officials
knowledgeable about the data. While we identified errors during our
reliability assessment, many of which remained unresolved, we
determined that the findings and investigations data were sufficiently
reliable for anecdotal descriptions of the assistance TSA provided air
carriers to help them address security deficiencies.
To obtain additional information on actions taken by TSA to address
security deficiencies identified during foreign airport assessments and
air carrier inspections, we interviewed TSA headquarters officials from
the Office of Security Operations and the Transportation Sector Network
Management division. We also made site visits to TSA's five
international field offices (IFO) located in Los Angeles, Dallas,
Miami, Frankfurt, and Singapore, where we met with the IFO managers;
international aviation security inspectors, who conduct foreign airport
assessments and air carrier inspections; 10 of the 20 TSA
Representatives (TSAR), who schedule TSA airport visits and follow up
on host governments' progress in addressing security deficiencies; and
4 of the 6 International Principal Security Inspectors (IPSI), who are
responsible for assisting foreign air carriers in understanding and
complying with TSA security requirements. We also met with 3 of the 15
Principal Security Inspectors (PSI) located at TSA headquarters that
are responsible for helping U.S. air carriers understand and comply
with TSA security requirements. During each of these interviews, we
discussed these officials' responsibilities related to the foreign
airport assessment and air carrier inspection programs, including their
role in assisting foreign officials and air carrier representatives in
correcting security deficiencies identified during assessments and
inspections. Information from our interviews with government officials,
members of the aviation industry, and TSA officials and inspectors
cannot be generalized beyond those that we spoke with because we did
not use statistical sampling techniques in selecting individuals to
interview. To obtain a greater understanding of the foreign airport
assessment and air carrier inspection processes, as well as the
assistance TSA provides, we accompanied a team of TSA inspectors and a
TSAR during the assessment of E.T. Joshua International Airport in
Kingstown, St. Vincent and the Grenadines, and the inspection of
Caribbean Sun Airlines at that location. Moreover, we identified and
met with officials from other U.S. government agencies that assist
foreign officials in enhancing security at foreign airports.
Specifically, we met with officials from the Department of Justice,
Department of State, Department of Transportation, and the U.S. Trade
and Development Administration.
Oversight of the Foreign Airport Assessment and Air Carrier Inspection
Programs:
To obtain information on the extent to which TSA provided oversight of
its assessment and inspection efforts, we reviewed the agency guidance
for each program. We also reviewed sections of the fiscal year 2005
foreign airport assessment reports for completeness and general
consistency with TSA guidance for preparing assessment reports. In
addition, we reviewed the inspections, findings, and investigations
databases in PARIS for completeness and the ability to track air
carrier inspection activity from initiation through completion,
including actions taken against air carriers who did not comply with
security requirements. We compared TSA's guidance and reporting
mechanisms for the assessment and inspection programs with federal
standards for internal controls and associated guidance.[Footnote 75]
We also met with TSA headquarters officials, IFO managers, TSARs, and
aviation security inspectors to discuss the extent to which they
documented assessment and inspection activity from initiation through
completion and follow-up activity for unresolved security deficiencies.
We obtained additional information on TSA's oversight of the foreign
airport assessment and air carrier inspection programs, particularly
with regard to assessing the impact of these programs, by reviewing
TSA's fiscal year 2006 Performance Assessment Rating Tool (PART)
submissions. The Office of Management and Budget describes PART as a
diagnostic tool meant to provide a consistent approach to evaluating
federal programs as part of the executive budget formulation process.
PART includes information on an agency's program goals and performance
measures used to assess whether program goals are being met. We
compared the program goals identified in TSA's PART submission with the
Government Performance and Results Act of 1993 (GPRA), which identifies
requirements for the types of measures federal agencies should use to
assess the performance of their programs. We also interviewed TSA
headquarters and field officials to obtain their perspectives on
appropriate ways to assess the performance of the foreign airport
assessment and air carrier inspection programs.
Challenges That Affected TSA's Ability to Conduct Foreign Airport
Assessments and Air Carrier Inspections and Actions Taken to Address
those Challenges:
To identify challenges that affected TSA's ability to conduct foreign
airport assessments and air carrier inspections at foreign airports, we
met with TSA headquarters and field officials in the Office of Security
Operations and the Transport Sector Network Management division
regarding their efforts to obtain access to foreign airports to conduct
assessments and inspections. We also visited the embassies of 16
nations and the Delegation of the European Commission in Washington,
D.C., to obtain perspectives of foreign transportation security
officials on TSA's airport assessment and air carrier inspection
program.[Footnote 76] In addition, we conducted site visits to meet
with aviation security officials in Belgium, Canada, Germany, the
Philippines, St. Vincent and the Grenadines, Thailand, and the United
Kingdom to discuss their perspectives on TSA's foreign airport
assessment and air carrier inspection activity. We selected these
locations because they met one or more of the following criteria: a
relatively high volume of passengers fly to the United States each
year, TSA assigned a relatively high threat ranking to the country, the
country received aviation security training or technical assistance
from a U.S. government agency, or a TSA international field office was
located in the country. We also met with individuals representing 11
air carriers, including both U.S. and foreign airlines,[Footnote 77] to
obtain their perspectives on TSA's foreign airport assessment and air
carrier inspections programs. Additionally, we met with officials from
the European Commission, the European Civil Aviation Commission, and
ICAO to discuss similar efforts these organizations have in place to
ensure compliance with international aviation security standards.
Information from our interviews with foreign government officials and
members of the aviation industry cannot be generalized beyond those
that we spoke with because we did not use statistical sampling
techniques in selecting individuals to interview. We also reviewed
documentation associated with TSA's risk-based methodology for
scheduling foreign airport assessments and air carrier inspections,
which TSA intended to address some of the challenges in conducting
assessments and inspections, and compared the methodology to our risk
management guidance.
In addition, we interviewed 4 Federal Security Directors[Footnote 78]
and 7 aviation security inspectors stationed in the United States to
discuss their support of the foreign airport assessment and air carrier
inspection programs as well as the impact, if any, that their
involvement in these programs has had on their operations at U.S.
airports.
We conducted our work from October 2005 through March 2007 in
accordance with generally accepted government auditing standards.
[End of section]
Appendix II: International Civil Aviation Organization Standards and
Recommended Practices Used by TSA to Conduct Fiscal Year 2005 Foreign
Airport Assessments:
Chapter 1. Definitions:
Airside. The movement area of an airport, adjacent terrain and
buildings or portions thereof, access to which is controlled.
Aircraft Security Check. An inspection of the interior of an aircraft
to which passengers may have had access and an inspection of the hold
for the purposes of discovering suspicious objects, weapons, explosives
or other dangerous devices:
Background Check. A check of a person's identity and previous
experience, including any criminal history, where appropriate, as part
of the assessment of an individual's suitability for unescorted access
to a security restricted area.
Cargo. Any property carried on an aircraft other than mail, stores and
accompanied or mishandled baggage.
Human Factors Principles. Principles which apply to design,
certification, training, operations and maintenance and which seek safe
interface between the human and other system components by proper
consideration to human performance.
Human Performance. Human capabilities and limitations which have an
impact on the safety, security and efficiency of aeronautical
operations.
Regulated Agent. An agent, freight forwarder or any other entity who
conducts business with an operator and provides security controls that
are see accepted or required by the appropriate authority in respect of
cargo, courier and express parcels or mail.
Screening. The application of technical or other means which are
intended to identify and/or detect weapons, explosives or other
dangerous devices which may be used to commit an act of unlawful
interference.
Note.-Certain dangerous articles or substances are classified as
dangerous goods by Annex 18 and the associated Technical Instructions
for the Safe Transport of Dangerous Goods by Air (Doe 9284) and must be
transported in accordance with those instructions.
Security. A combination of measures and human and material resources
intended to safeguard civil aviation against acts of unlawful
interference.
Security Control. A means by which the introduction of weapons,
explosives or other dangerous devices which may be utilized to commit
an act of unlawful interference can be prevented.
Security Restricted area. Airside areas of an airport into which access
is controlled to ensure security of civil aviation. Such are will n
nasally include, inter alia, all passenger departure areas between the
screening checkpoint and the aircraft, the ramp, baggage make-up areas,
cargo sheds, mail centres, airside catering and aircraft cleaning
premises.
Unidentified Baggage. Baggage at an airport, with or without a baggage
tag, which is not picked up by or identified with a passenger.
Chapter 2. General Principles:
2.1 Objectives:
2.1.1 Each Contracting State shall have as its primary objective the
safety of passengers, crew, ground personnel and the general public in
all matters related to safeguarding against acts of unlawful
interference with civil aviation.
2.1.2 Each Contracting State shall establish an organization and
develop and implement regulations, practices and procedures to
safeguard civil aviation against acts of unlawful interference taking
into account the safety, regularity and efficiency of flights.
2.1.3 Each Contracting State shall ensure that principles governing
measures designed to safeguard against acts of unlawful interference
with international civil aviation are applied to domestic operations to
the extent practicable.
2.1.4 Recommendation.-Each Contracting State should ensure appropriate
protection of aviation security information.
Note 1.-Guidance material on achieving civil aviation security
objectives through application of the Standards and Recommended
Practices in the following chapters is to be found in the Security
Manual for Safeguarding Civil Aviation Against Acts of Unlawful
Interference (Doe 8973 Restricted).
Note 2.-The comprehensive aviation security training material to assist
States in achieving civil aviation security objectives is contained in
the ICAO Training Programme for Aviation Security comprising a series
of Avialion Security Training Packages (ASTPs).
2.2 Security and facilitation:
Recommendation.-Each Contracting State should whenever possible arrange
for the security controls and procedures to cause a minimum of
interference with, or delay to the activities of civil aviation
provided the effectiveness of these controls and procedures is not
compromised.
2.3 International cooperation:
2.3.1 Each Contracting State shall ensure that requests from other
States for special security controls in respect of a specific flight or
specified flights by operators of such other States are met, as far as
may be practicable.
2.3.2 Each Contracting State shall cooperate with other States in
relation to their respective national civil aviation security
programmes as necessary.
2.3.3 Each Contracting State shall cooperate with other States in the
development and exchange of information concerning training programmes,
as necessary.
2.3.4 Each Contracting State shall share with other Contracting States
threat information that applies to the aviation security interests of
those States, to the extent practicable.
2.3.5 Each Contracting State shall provide suitable protection and
handling procedures for sensitive security information shared by other
Contracting States, or sensitive security information that affects the
security interests of other Contracting States, in order to ensure that
inappropriate use or disclosure of such information is avoided.
2.3.6 Recommendation.-Each Contracting State should cooperate with
other States in the field of research and develop-ment of new security
equipment which will better achieve civil aviation security objectives.
2.3.7 Recommendation Each Contracting State should include in its
bilateral agreements on air transport a clause related to aviation
security.
2.3.8 Recommendation, Each Contracting State should make available to
other States on request a written version of the appropriate parts of
its national civil aviation security programme.
2.4 Equipment, research and development:
2.4.1 Recommendation.-Each Contracting State should promote research
and development of new security equipment which will better achieve
civil aviation security objectives.
2.4.2 Recommendation Each Contracting State should ensure that the
development of new security equipment takes into consideration Human
Factors principles.
Note.-Guidance material regarding Human Factors principles can be found
in the Human Factors Digest - Human Factors in Civil Aviation Security
Operations* and in Part 1, Chapter 4 of the Human Factors Training
Manual (Doe 9683).
Chapter 3. Organization:
3.1 National organization and appropriate authority:
3.1.1 Each Contracting State shall establish and implement a written
national civil aviation security programme to safeguard civil aviation
operations against acts of unlawful interference, through regulations,
practices and procedures which take into account the safety, regularity
and efficiency of flights.
3.1.2 Each Contracting State shall designate and specify to ICAO an
appropriate authority within its administration to be responsible for
the development, implementation and maintenance of the national civil
aviation security programme.
3.1.3 Each Contracting State shall establish an organization and
develop and implement regulations, practices and procedures, which
together provide the security necessary for the operation of aircraft
in normal operating conditions and capable of responding rapidly to
meet any increased security threat.
3.1.4 Each Contracting State shall keep under constant review the level
of threat to civil aviation operations within its territory and adjust
relevant elements of its national civil aviation security programme
accordingly.
3.1.5 Each Contracting State shall require the appropriate authority to
define and allocate tasks and coordinate activities between the
departments, agencies and other organizations of the State, airport and
aircraft operators and other entities con-cerned with or responsible
for the implementation of various aspects of the national civil
aviation security programme.
3.1.6 Each Contracting State shall establish a national aviation
security committee or similar arrangements for the purpose of
coordinating security activities between the departments, agencies and
other organizations of the Stale, airport and aircraft operators and
other entities concerned with or responsible for the implementation of
various aspects of the national civil aviation security programme.
3.1.7 Each Contracting State shall require the appropriate authority to
ensure the development and implementation of training programmes to
ensure the effectiveness of its national civil aviation security
programme. These training programmes shall include training of civil
aviation security personnel in human performance.
Note.-Guidance material on training in human performance can be found
in the Security Manual for Safe-guarding Civil Aviation Against Acts of
Unlawful Interference (Doc8973-Restricted); the Human Factors Digest -
Human Factors in Civil Aviation Security Operations*; and in Part 2,
Chapter I of the Human Factors Training Manual (Doe 9683).
3.1.8 Each Contracting State shall ensure that the appropriate
authority arranges for the supporting resources and facilities required
by the aviation security services to be available at each airport
serving international civil aviation.
3.1.9 Recommendation.-Each Contracting State should make available to
its airport and aircraft operators operating in its territory and other
entities concerned, a written version of the appropriate parts of its
national civil aviation security programme.
3.2 Airport operations:
3.2.1 Each Contracting State shall require each airport serving
international civil aviation to establish and implement a written
airport security programme appropriate to meet the requirements of the
national aviation security programme.
3.22 Each Contracting State shall arrange for -authority at each
airport serving international civil aviation to be responsible for
coordinating the implementation of security controls.
3.2.3 Each Contracting State shall arrange for the establishment of an
airport security committee at each airport serving international civil
aviation to assist the authority mentioned under 3.2.2 in its role of
coordinating the implemen-tation of security controls and procedures as
specified in the airport security programme.
3.2.4 Each Contracting State shall ensure that contingency plans are
developed and resources made available to safeguard civil aviation,
against acts of unlawful interference. The contin-gency plans shall be
practised and exercised on a regular basis.
3.2.5 Each Contracting State shall ensure that authorized and suitably
trained personnel are readily available for deploy-ment at its airports
serving international civil aviation to assist in dealing with
suspected, or actual, cases of unlawful interference with civil
aviation.
3.2.6 Each Contracting State shall ensure that the architectural and
infrastructure-related requirements necessary for the optimum
implementation of civil aviation security measures are integrated into
the design and construction of new facilities and alterations to
existing facilities at airports.
3.3 Aircraft operators:
3.3.1 Each Contracting State shall require operators providing service
from that State to establish and implement a written operator security
programme appropriate to meet the requirements of the national civil
aviation security programme of that State.
3.3.2 Recommendation-Each Contracting State should take into account
the ICAO model as a basis for operators' security programmes.
3.3.3 Recommendation.-Each Contracting State should require operators
providing service from that State and partici-pating in code-sharing or
other collaborative arrangements with other international operators to
notify the appropriate authority of the nature of these arrangements,
including the identity of the other operators.
3.4 Quality control:
3.4.1 Each Contracting State shall ensure that the persons implementing
security controls are subject to background checks and selection
procedures.
3.4.2 Each Contracting State shall ensure that the persons implementing
security controls are appropriately trained and possess all
competencies required to perform their duties and that appropriate
records are maintained. Relevant standards of performance shall be
established and initial and periodic assessments shall be introduced to
maintain those standards.
3.4.3 Each Contracting State shall ensure that the persons carrying out
screening operations are certified according to the requirements of the
national civil aviation security programme.
3.4.4 Each Contracting State shall require the appropriate authority to
ensure the development, implementation and maintenance of a national
civil aviation security quality control programme to ensure the
effectiveness of its national civil aviation security programme.
3.4.5 Each Contracting State shall arrange for surveys to identify
security needs, arrange for inspections of the implementation of
security controls and arrange tests of security controls to assess
their effectiveness.
3.4.6 Each Contracting State concerned with an act of unlawful
interference shall require its appropriate authority to re-evaluate
security controls and procedures and take action necessary to remedy
weaknesses so as to prevent recurrence. These actions shall be notified
to ICAO.
3.4.7 Recommendation. Each Contracting State should require that the
effectiveness of individual aviation security measures be assessed by
considering their role in the overall system performance of aviation
security systems.
Chapter 4. Preventive Security Measures:
4.1 Objective:
Each Contracting State shall establish measures to prevent weapons,
explosives or any other dangerous devices which may be used to commit
an act of unlawful interference, the carriage or bearing of which is
not authorized, from being introduced, by any means whatsoever, on
board an aircraft engaged in international civil aviation.
4.2 Measures relating to aircraft:
4.2.1 Each Contracting State shall ensure that aircraft security checks
of originating aircraft assigned to international flights are
performed.
4.2.2 Each Contracting State shall require measures to be taken in
respect of flights under an increased threat to ensure that
disembarking passengers do not leave items on board the aircraft at
transit stops on its airports.
4.2.3 Each Contracting State shall require its operators to take
adequate measures to ensure that during flight unauthorized persons are
prevented from entering the flight crew compartment.
4.3 Measures relating to passengers and their cabin baggage:
4.3.1 Each Contracting state shall establish measures to ensure that
originating passengers and their cabin baggage are screened prior to
boarding an aircraft engaged in international civil aviation
operations.
4.3.2 Each Contracting State shall ensure that transfer and transit
passengers and their cabin baggage are subjected to adequate security
controls to prevent unauthorized articles from being taken on board
aircraft engaged in international civil aviation operations.
4.3.3 Each Contracting State shall ensure that there is no possibility
of mixing or contact between passengers subjected to security control
and other persons not subjected to such control after the security
screening points at airports serving international civil aviation have
been passed; if mixing or contact does take place, the passengers
concerned and their cabin baggage shall be re-screened before boarding
an aircraft.
4.4 Measures relating to hold baggage:
4.4.1 Each Contracting State shall establish measures to ensure that
hold baggage is subjected to appropriate security controls prior to
being loaded into an aircraft engaged in international civil aviation
operations.
4.4.2 Each Contracting State shall establish measures to ensure that
hold baggage intended for carriage on passenger flights is protected
from unauthorized interference from the point it is checked in, whether
at an airport or elsewhere, until it is placed on board an aircraft.
4.4.3 Each Contracting State shall establish measures to ensure that
operators when providing service from that State do not transport the
baggage of passengers who are not on board the aircraft unless that
baggage is subjected to appropriate security controls which may include
screening.
4.4.4 Each Contracting State shall require the establishment of secure
storage areas at airports serving international civil aviation, where
mishandled baggage maybe held until forwarded, claimed or disposed of
in accordance with local laws.
4.4.5 Each Contracting State shall establish measures to ensure that
consignments checked in as baggage by courier services for carriage on
passenger aircraft engaged in international civil aviation operations
are screened.
4.4.6 Each Contracting State shall ensure that transfer hold baggage is
subjected to appropriate security controls to prevent unauthorized
articles from being taken on board aircraft engaged in international
civil aviation operations.
4.4.7 Each Contracting State shall establish measures to ensure that
aircraft operators when providing a passenger service from that State
transport only hold baggage which is authorized for carriage in
accordance with the requirements specified in the national civil
aviation security programme.
4.4.8 From 1 January 2006, each Contracting State shall establish
measures to ensure that originating hold baggage intended to be tamed
in an aircraft engaged in international civil aviation operations is
screened prior to being loaded into the aircraft.
4.4.9 Recommendation Each Contracting State should establish measures
to ensure that originating hold baggage intended to be carried in an
aircraft engaged in international civil aviation operations is screened
prior to being loaded into the aircraft.
4.4.10 Recommendation.-Each Contracting State should take the necessary
measures to ensure that unidentified baggage is placed in a protected
and isolated area until such time as it is ascertained that it dues not
contain any explosives or other dangerous device.
4.5 Measures relating to cargo, mail and other goods:
4.5.1 Each Contracting State shall ensure the implementation of
measures at airports serving international civil aviation to protect
cargo, baggage, mail, stores and operators' supplies being moved within
an airport and intended for carriage on an aircraft to safeguard such
aircraft against an act of unlawful interference.
4.5.2 Each Contracting State shall establish measures to ensure that
cargo, courier and express parcels and mail intended for carriage on
passenger flights are subjected to appropriate security controls.
4.5.3 Each Contracting State shall establish measures to ensure that
operators do not accept consignments of cargo, courier and express
parcels or mail for carriage on passenger flights unless the security
of such consignments is accounted for by a regulated agent or such
consignments are subjected to other security controls to meet the
requirements of 4.5.2.
4.5.4 Each Contracting State shall establish measures to ensure that
catering supplies and operators' stores and supplies intended for
carriage on passenger flights are subjected to appropriate security
controls.
4.6 Measures relating to special categories of passengers:
4.6.1 Each Contracting State shall establish measures to ensure that
the aircraft operator and the pilot-in-command are informed when
passengers are obliged to travel because they have been the subject of
judicial or administrative proceedings, in order that appropriate
security controls can be applied.
4.6.2 Each Contracting State shall ensure that the pilot-in-command is
notified as to the number of armed persons and their scat location.
4.6.3 Each Contracting State shall require operators providing service
from that State, to include in their security programmes, measures and
procedures to ensure safety on board their aircraft when passengers are
to be carried who are obliged to travel because they have been the
subject of judicial or administrative proceedings:
4.6.4 Each Contracting State shall ensure that the carriage of weapons
on board aircraft, bylaw enforcement officers and other authorized
persons, acting in the performance of their duties, requires special
authorization in accordance with the laws of the States involved.
4.6.5 Each Contracting State shall consider requests by any other State
to allow the travel of armed personnel on board aircraft of operators
of the requesting State. Only after agreement by all States involved
shall such travel be allowed.
4.6.6 Each Contracting State shall ensure that the carriage of weapons
in other cases is allowed only when an authorized and duly qualified
person has determined that they are not loaded, if applicable, and then
only if stowed in a place inaccessible to any person during flight
time.
4.7 Measures relating to access control:
4.7.1 Each Contracting State shall ensure that security restricted
areas are established at each airport serving international civil
aviation and that procedures and identification systems are implemented
in respect of persons and vehicles.
4.7.2 Each Contracting State shall ensure that appropriate security
controls, including background checks on persons other than passengers
granted unescorted access to security restricted areas of the airport,
are implemented.
4.7.3 Each Contracting State shall require that measures are
implemented to ensure adequate supervision over the movement of persons
and vehicles to and from the aircraft in order to prevent unauthorized
access to aircraft.
4.7.4 Recommendation.-Each Contracting State should ensure that
identity documents issued to aircraft crew members conform to the
relevant specifications set forth in Doc 9303, Machine Readable Travel
Documents.
4.7.5 Recommendation.-Each Contracting State should ensure that persons
other than passengers being granted access to security restricted
areas, together with items carried, are screened at random in
accordance with risk assessment carried out by the relevant national
authorities.
4.7.6 Recommendation.--Each Contracting State should ensure that checks
specified in 4.7.2 be reapplied on a regular basis to all persons
granted unescorted access to security restricted areas.
Chapter 5. Management Of Response To Acts Of Unlawful Interference:
5.1 Prevention:
5.1.1 Each Contracting State shall establish measures to safeguard
aircraft when a well-founded suspicion exists that the aircraft may be
subject to an act of unlawful interference while on the ground and to
provide as much prior notification as possible of the arrival of such
aircraft to airport authorities:
5.1.2 Each Contracting State shall establish procedures, which include
notification to the operator, for inspecting aircraft, when a well-
founded suspicion exists that the aircraft may be the object of an act
of unlawful interference, for concealed weapons, explosives or other
dangerous devices.
5.1.3 Each Contracting State shall ensure that arrangements are made
for the investigation and disposal, if necessary, of suspected sabotage
devices or other potential hazards at airports serving international
civil aviation.
5.2 Response:
5.2.1 Each Contracting State shall take adequate measures for the
safety of passengers and crew of an aircraft which is subjected to an
act of unlawful interference until their journey can be continued.
5.2.2 Each Contracting State responsible for providing air traffic
services for an aircraft which is the subject of an act of unlawful
interference shall collect all pertinent information on the flight of
that aircraft and transmit that information to all other States
responsible for the Air Traffic Services units concerned, including
those at the airport of known or presumed destination, so that timely
and appropriate safeguarding action may be taken en route and at the
aircraft's known, likely or possible destination.
5.2.3 Each Contracting State shall provide such assistance to an
aircraft subjected to an act of unlawful seizure, including the
provision of navigation aids, air traffic services and permission to
land as may be necessitated by the circumstances.
5.2.4 Each Contracting State shall take measures, as it may find
practicable, to ensure that an aircraft subjected to an act of unlawful
seizure which has landed in its territory is detained on the ground
unless its departure is necessitated by the overriding duty to protect
human life. However, these measures need to recognize the grave hazard
attending further flight. States shall also recognize the importance of
consultations, wherever practicable, between the State where that
aircraft has landed and the State of the Operator of the aircraft, and
notification by the State where the aircraft has landed to the States
of assumed or stated destination.
5.2.5 Each Contracting State in which an aircraft subjected to an act
of unlawful interference has landed shall notify by the most
expeditious means the State of Registry of the aircraft and the State
of the Operator of the landing and shall similarly transmit by the most
expeditious means all other relevant information to:
a) the two above-mentioned States;
b) each State whose citizens suffered fatalities or injuries;
c) each State whose citizens were detained as hostages;
d) each Contracting State whose citizens are known to be on board the
aircraft; and:
e) the International Civil Aviation Organization.
5.2.6 Recommendation--Each Contracting State should ensure that
information received as a consequence of action taken in accordance
with 5.2.2 is distributed locally to the Air Traffic Services units
concerned, the appropriate airport administrations, the operator and
others concerned as soon as practicable.
5.2.7 Recommendation.-Each Contracting State should cooperate with
other States for the purpose of providing a joint response in
connection with an act of unlawful interference. When taking measures
in their territory to free passengers and crew members of an aircraft
subjected to an act of unlawful interference, each Contracting State
should use, as necessary, the experience and capability of the State of
the Operator, the State of manufacture and the State of registry of
that aircraft.
5.3 Exchange of information and reporting:
5.3.1 Each Contracting State concerned with an act of unlawful
interference shall provide ICAO with all pertinent information
concerning the security aspects of the act of unlawful interference as
soon as practicable after the act is resolved.
5.3.2 Recommendation.-Each Contracting State should exchange
information with other States as considered appropriate, at the same
time supplying such information to ICAO, related to plans, designs,
equipment, methods and procedures for safeguarding civil aviation
against acts of unlawful interference.
Extracts From Annex 14-Aerodromes, Volume I -Aerodrome Design And
Operations:
Chapter 3. Physical characteristics:
3.13 Isolated aircraft parking position:
3.13.1 An isolated aircraft parking position shall he designated or the
aerodrome control tower shall be advised of an area or areas suitable
for the parking of an aircraft which is known or believed to be the
subject of unlawful interference, or which for other reasons needs
isolation from normal aerodrome activities.
3.13.2 Recommendation.-The isolated aircraft parking position should be
located at the maximum distance practicable and in any case never less
than 100 m from other parking positions, buildings or public areas,
etc. Care should betaken to ensure that the position is not located
aver underground utilities such as gas and aviation fuel and, to the ex
tent feasible, electrical or communication cables.
CHAPTER 5. VISUAL AIDS FOR NAVIGATION:
5.3 Lights:
5.3.21 Apron floodlighting (see also 5.3.15.1 and 5.3.16.1):
Application:
5.3.21.1 Recommendation.-Apron floodlighting should be provided on an
apron, on a de-icing/anti-icing facility and on a designated isolated
aircraft parking position intended to be used a1 night.
Note 1. - Where a de-icing/anti-icing facility is located in close
proximity to the runway and permanent floodlighting could be confusing
to pilots, other means of illumination c f the facility may be
required:
Note 2. -The designation of an isolated aircraft parking position is
specified in 3.13.
Note 3. - Guidance on apron floodlighting is given in the Aerodrome
Design Manual, Part 4.
Chapter 8. Equipment And Installations:
8.1 Secondary power supply:
General Application:
8.1.1 Recommendation.-A secondary power supply should be provided,
capable of supplying the power requirements of at least the aerodrome
facilities listed below:
e) essential security lighting, if provided in accordance with 8.5;
8.4 Fencing Application:
8.4.2 Recommendation.-A fence or other suitable barrier should be
provided on an aerodrome to deter the inadvertent or premeditated
access of an unauthorized person onto a non-public area of the
aerodrome.
Note 1.-This is intended to include the barring of sewers, ducts,
tunnels, etc., where necessary to prevent access.
Note 2.-Special measures may be required to prevent the access of an
unauthorized person to runways or taxiways which overpass public roads.
8.4.3 Recommendation.-Suitable means of protection should be provided
to deter the inadvertent or premeditated access of unauthorized persons
into ground installations and facilities essential for the safety of
civil aviation located off the aerodrome.
Location:
8.4.4 Recommendation.-The fence or barrier should be located so as to
separate the movement area and other facilities or zones on the
aerodrome vital to the safe operation of aircraft from areas open to
public access.
8.4.5 Recommendation.-When greater security is thought necessary, a
cleared area should be provided on both sides of the fence or barrier
to facilitate the work of patrols and to make trespassing more
difficult. Consideration should be given to the provision of a
perimeter road inside the aerodrome fencing for the use of both
maintenance personnel and security patrols.
8.5 Security lighting:
Recommendation--At an aerodrome where it is deemed desirable for
security reasons, a fence or other barrier provided for the protection
of international civil aviation and its facilities should be
illuminated at a minimum essential level. Consideration should be given
to locating lights so that the ground area on both sides of the fence
or barrier, particularly at access points, is illuminated.
Chapter 9. Emergency And Other Services:
9.1 Aerodrome emergency planning:
General:
Introductory Note.-Aerodrome emergency planning is the process of
preparing an aerodrome to cope with an emergency occurring at the
aerodrome or in its vicinity. The objective of aerodrome emergency
planning is to minimize the effects of an emergency, particularly in
respect of saving lives and maintaining aircraft operations. The
aerodrome emergency plan sell forth the procedures for coordinating the
response of different aerodrome agencies (or services) and of those
agencies in the surrounding community that could be of assistance in
responding to the emergency. Guidance material to assist the
appropriate authority in establishing aerodrome emergency planning is
given in the Airport Services Manual Part 7.
9.1.1 An aerodrome emergency plan shall be established at an aerodrome,
commensurate with the aircraft operations and other activities
conducted al the aerodrome.
9.1.2 The aerodrome emergency plan shall provide for the coordination
of the actions to be taken in an emergency occurring at an aerodrome or
in its vicinity.
Note.-Examples of emergencies are: aircraft emergencies, sabotage
including bomb threats, unlawfully seized aircraft, dangerous goods
occurrences, building fires and natural disasters.
9.1.3 The plan shall coordinate the response or participation of all
existing agencies which, in the opinion of the appropriate authority,
could be of assistance in responding to an emergency.
Note.-Examples of agencies are:
-on the aerodrome: air traffic control unit, rescue and fire fighting
services, aerodrome administration, medical and ambulance services,
aircraft operators, security services, and police;
-off the aerodrome: fire departments, police, medical and ambulance
services, hospitals, military, and harbour patrol or coast guard.
9.1.4 Recommendation.-The plan should provide for cooperation and
coordination with the rescue coordination centre, as necessary.
9.1.5 Recommendation.-The aerodrome emergency plan document should
include at least the following:
a) types of emergencies planned for;
b) agencies involved in the plan;
c) responsibility and role of each agency, the emergency operations
centre and the command post, for each type of emergency;
d) information on names and telephone numbers of offices or people to
be contacted in the case of a particular emergency; and:
e) a grid map of the aerodrome and its immediate vicinity.
Emergency operations centre and command post:
9.1.7 Recommendation--A fixed emergency operations centre and a mobile
command past should be available for use during an emergency.
9.1.8 Recommendation.-The emergency operations centre should be a part
of the aerodrome facilities and should be responsible for the overall
coordination and general direction of the response to an emergency.
9.1.9 Recommendation.-The command post should be a facility capable of
being moved rapidly to the site of an emergency, when required, and
should undertake the local coordination of those agencies responding to
the emergency.
9.1.10 Recommendation.-A person should be assigned to assume control of
the emergency operations centre and, when appropriate, another person
the command post.
Communication system:
9.1.11 Recommendation.-Adequate communication systems linking the
command post and the emergency operations centre with each other and
with the participating agencies should be provided in accordance with
the plan and consistent with the particular requirements of the
aerodrome.
Aerodrome emergency exercise:
9.1.12 The plan shall contain procedures for periodic testing of the
adequacy of the plan and for reviewing the results in order to improve
its effectiveness.
Note.-The plan includes all participating agencies and associated
equipment:
9.1.13 The plan shall l be tested by conducting:
a) a full-scale aerodrome emergency exercise at intervals not exceeding
two years; and:
b) partial emergency exercises in the intervening year to ensure that
any deficiencies found during the full-scale aerodrome emergency
exercise have been corrected; and:
reviewed thereafter, or after an actual emergency, sons to correct any
deficiency found during such exercises or actual emergency.
Note.-The purpose of a full-scale exercise is to ensure the adequacy of
the plan to cope with different types of emergencies. The purpose of a
partial exercise is to ensure the adequacy of the response to
individual participating agencies and components of the plan, such as
the communications system.
[End of section]
Appendix III: TSA Security Requirements for U.S.-Based and Foreign
Carriers Operating Out of Foreign Airports:
Aircraft Operator Standard Security Program: U.S.-based Carriers:
The aircraft operator standard security program (AOSSP) is designed to
provide for the safety of persons and property traveling on flights
against acts of criminal violence and air piracy, and the introduction
of explosives, incendiaries, weapons, and other prohibited items on
board an aircraft. TSA requires that each air carrier adopt and
implement a security program approved by TSA for scheduled passenger
and public charter operations at locations within the United States,
from the United States to a non-U.S. location, or from a non-U.S.
location to the United States, and from a non-U.S. location to a non-
U.S. location (for example, an intermediate stop such as Singapore to
Tokyo to the United States). The AOSSP developed by TSA and used by
U.S.-based carriers is divided into chapters and lays out security
requirements for operations. Table 6 summarizes requirements applicable
to flights operating from a non-U.S. location to the United States.
Table 6: Elements of the Aircraft Operator Standard Security Program
Applicable to International Operations:
Chapter: Introduction and definitions;
Types of requirements: Defines roles and responsibilities for the
positions of Ground Security Coordinator, In-flight Security
Coordinator, and the Federal Flight Deck Officer.
Chapter: Incidents, suspicious activities, and threat information;
Types of requirements: Requires procedures for notification of the
Transportation Security Operations Center and law enforcement agencies
to report incidents and suspicious activities as well as procedures to
ensure the security of aircraft upon receipt of specific or credible
threats.
Chapter: Prescreening procedures and passenger identification checks;
Types of requirements: Requires air carriers to implement passenger
prescreening on flights to match passenger names against the No-Fly and
Selectee screening lists, check of all passenger identification, and
control of entry into the sterile area.
Chapter: Passengers designated as selectee passengers;
Types of requirements: In addition to the above requirements, defines
requirements for screening the checked baggage of selectee passengers.
Chapter: International flights;
Types of requirements: Requires measures specific to checked baggage
acceptance, protective escorts, jump seat access, prohibited items,
flights departing to a non-U.S. location, flights departing a non-U.S.
location, and crew member vetting.
Chapter: Cargo security measures;
Types of requirements: Requires measures specific to the acceptance of
cargo for shipment, cargo screening procedures, accompanied courier
consignments, cargo for subsequent transfer to another carrier, control
of access to cargo, notification procedures, and cargo security
measures at non-U.S. locations.
Chapter: Catering security measures;
Types of requirements: Requires procedures to ensure security of
catering loaded onto a flight, or security at catering facilities.
Chapter: Additional requirements at extraordinary locations;
Types of requirements: Some locations outside of the United States have
been designated by TSA as requiring extraordinary security measures.
These measures include items such as aircraft security, passenger
prescreening, screening selectee passengers, and the questioning of
enplaning passengers.
Chapter: Aircraft and area security;
Types of requirements: Requires measures to prevent unauthorized access
to aircraft, search departing aircraft prior to passengers enplaning,
sealing procedures for vehicles transporting checked baggage, access
controls to areas such as baggage rooms and other nonpublic areas, and
criminal history records check of air carrier employees.
Chapter: Training;
Types of requirements: Outlines security training requirements for
Ground Security Coordinators, In-flight Security Coordinator, crew
members, air carrier employees, and authorized representatives.
Chapter: Screening;
Types of requirements: Outlines requirements for air carriers to
conduct additional screening at locations outside of the United States
where screening does not meet requirements.
Source: TSA.
[End of table]
Security Directives:
* When TSA determines that additional security measures are necessary
to respond to a threat assessment or to a specific threat against civil
aviation, TSA may issue a Security Directive setting forth mandatory
measures. Each air carrier required to have a TSA-approved security
program must comply with each Security Directive issued to it by TSA,
within the time frame prescribed in the Security Directive for
compliance.[Footnote 79]
Model Security Program:
TSA requires that the security program of a foreign air carrier provide
passengers a level of protection similar to the level of protection
provided by U.S. air carriers serving the same airports.[Footnote 80]
The security program must be designed to prevent or deter the carriage
onboard airplanes of any prohibited item, prohibit unauthorized access
to airplanes, ensure that checked baggage is accepted only by an
authorized agent of the air carrier, and ensure the proper handling of
cargo and checked baggage to be loaded onto passenger flights. In
addition, carriers are requested to provide an acceptable level of
security for passengers by developing and implementing procedures to
prevent acts of unlawful interference.
TSA's foreign air carrier model security program was prepared to assist
foreign airlines in complying with security requirements for operations
into and out of the United States. Table 7 summarizes requirements
applicable to foreign carriers' flights operating from a non-U.S.
location to the United States.
Table 7: Elements of the Foreign Air Carrier Model Security Program
Applicable to International Operations:
Area of requirement: Screening of passengers and carry-on baggage;
Description: Sets forth requirements for screening of passengers and
their property as well as the transport of armed individuals and
weapons.
Area of requirement: Checked baggage;
Description: Sets forth requirements for accepting, handling, and
screening of checked luggage, including restricting access to baggage
areas, conducting passenger baggage matches, and the transport of
misdirected baggage.
Area of requirement: Cargo;
Description: Requires procedures be in place to ensure no unauthorized
explosives, incendiaries, or dangerous articles or persons are included
in cargo. In addition, sets forth requirements to ensure that once
cargo is accepted, it is safeguarded to prevent unauthorized access or
tampering.
Area of requirement: Security of aircraft and facilities;
Description: Sets forth requirements for preventing access to aircraft
while it is unattended and conducting a search of the aircraft interior
prior to boarding. This also includes requirements for authorized
personnel to possess and display proper identification.
Area of requirement: Addressing and reporting acts of unlawful
interference;
Description: Requires air carriers to implement procedures to respond
to threats of hijacking and bomb threats. In addition it requires that
the carrier establish a procedure for reporting threats when they are
received.
Area of requirement: Contingency planning;
Description: Requires air carriers to establish procedures to implement
additional security measures (regarding checked baggage, passenger, and
carry-on baggage screening, aircraft security, and cargo handling) when
conditions warrant.
Area of requirement: Training;
Description: Sets forth requirements for air carriers to ensure that
employees (screeners, crew members, or other air carrier employees)
receive adequate training in those security areas for which they have
responsibilities.
Source: TSA.
[End of table]
Emergency Amendments:
* When TSA determines that additional security measures are necessary
to respond to an emergency requiring immediate action with respect to
safety in air transportation, it may issue an emergency amendment. An
emergency amendment mandates additional actions beyond those in the air
carrier's security program. When TSA issues an emergency amendment, it
also issues a notice indicating the reasons for the amendment to be
adopted. Air carriers are required to comply with emergency amendments
immediately.[Footnote 81]
[End of section]
Appendix IV: U.S. Government Aviation Security Training and Technical
Assistance Programs for Foreign Entities:
Department of State: Anti-Terrorism Assistance Program:
Program Background:
The State Department's Anti-Terrorism Assistance (ATA) program seeks to
provide partner countries the training, equipment, and technology they
need to combat terrorism and prosecute terrorists and terrorist
supporters. The Anti-Terrorism Assistance program was established in
1983.
Program Selection:
Selection of Countries:
Countries must meet at least one of the four following criteria to
participate in the ATA program:
* The country or region must be categorized as having a critical or
high threat of terrorism and unable to protect U.S. facilities and
personnel within the country:
* There are important U.S. policy interests with the prospective
country, which may be supported through the provision of antiterrorism
assistance. For example, officials in one country received assistance
through the ATA program because they allowed the United States to
establish air bases in their country.
* The prospective country must be served by a U.S. air carrier, or is
the last point of departure for flights to the United States.
* The prospective country cannot be engaged in gross human rights
violations.
Determination of Type of Training:
The State Department determines whether and what training and
assistance to provide countries based on needs assessments done by
State Department personnel along with a team of interagency subject
matter experts. The assessment team evaluates prospective program
participants using 25 Antiterrorism Critical Capabilities. Program
officials stated that the assessment is a snapshot of the country's
antiterrorism capabilities, including equipment, personnel, and
available training. ATA program officials stated that the assessment
includes a review at several levels, including tactical capabilities
(people and resources), operational management capabilities (overall
management and ability), and strategic capabilities.
Two of the 25 capabilities reviewed during the needs assessments are
related to aviation security. Those are Airspace Security and Air Port
of Entry Security. The first is an assessment of how a country controls
what goes through its airspace. The second is an assessment of security
at the country's main airport. According to program officials, when
doing an assessment, the ATA team will usually visit the busiest
airport within the country to examine the operational security of the
airport and assesses training provided to airport security management.
Antiterrorism Critical Capabilities:
Land Border Security:
Land Port of Entry Security:
Maritime Border Security:
Maritime Port of Entry Security:
Air Space Security:
Airport of Entry Security:
Critical Infrastructure Protection:
National Leadership Security:
Diplomatic Community Security:
Preventative Intelligence:
National Level Major Incident Command and Control:
Police Special Operations:
Explosive Incidents Countermeasures:
Mass Casualty Incident Management:
Kidnapping/Hostage Incident Management:
Police Investigative Capability:
Post Blast Investigations:
Mass Casualty Incident Management:
Crime Science and Evidence Management:
Forensic Examination and Analysis:
Financial Investigations:
Prosecutorial Capability:
Critical Digital Infrastructure Security:
Cyber Crime Investigations:
Institutionalization of Anti/Counter Terrorism Training:
Program Assistance:
The results of the needs assessments determine what type of assistance
the State Department will offer to countries participating in the ATA
program. The various types of training and assistance offered through
the program include crisis management and response, cyber-terrorism,
dignitary protection, bomb detection, border control, kidnap
intervention and hostage negotiation and rescue, response to incidents
involving weapons of mass destruction, counter terrorist finance,
interdiction of terrorist organizations, and airport security. During
fiscal year 2005, 146 countries received antiterrorism training through
the ATA program; 7 countries received training for aviation security.
The ATA program offers one course in aviation security, "Airport
Security Management." This is a 1-week seminar that is generally taught
in-country. According to State Department officials, TSA employees
teach the course. State Department officials stated that this course
helps countries to meet internationally recognized aviation security
standards established by ICAO. State Department officials stated that
while most countries' officials know about ICAO, and can obtain ICAO
manuals and standards, many of the countries do not have the resources
or equipment to operationalize ICAO standards. State Department
officials stated that the ATA program offers countries the resources to
implement ICAO standards.
Recipient Countries:
For fiscal year 2005, aviation security training was provided to 7
countries through the ATA program, Philippines ($94,723), Kazakhstan
($98,200), Bahamas ($95,000), Barbados ($45,900), Dominican Republic
($45,900), Qatar ($98,046), and United Arab Emirates ($95,000).
Relationship to TSA:
TSA employees teach in-country aviation security training to foreign
officials through the ATA program. In addition, ATA uses TSA staff as
subject matter experts when performing needs assessments.
U.S. Trade and Development Agency:
Program Background:
The U.S. Trade and Development Agency (USTDA) works to advance economic
development and U.S. commercial interests in developing and middle-
income countries. The agency funds various forms of technical
assistance, training, and business workshops to support the development
of a modem infrastructure and a fair and open trading environment.
USTDA's use of foreign assistance funds to support sound investment
policy and decision making in host countries is intended to create an
enabling environment for trade, investment, and sustainable economic
development. In carrying out its mission, USTDA gives emphasis to
economic sectors that may benefit from U.S. exports of goods and
services. For example, according to USTDA, the agency obligated
approximately 24 percent of its program funding in support of
transportation sector projects. More specifically, according to USTDA,
5.6 percent of the agency's budget is obligated toward projects in the
aviation security sector. The general goals of USTDA's work in the
aviation security field are to help foreign airports achieve "Category
I" status (the FAA classification for an airport that meets minimum
safety standards, which allows foreign air carriers to fly from their
country of origin directly to the United States), to help countries
prepare to pass and adhere to ICAO standards, and to offer training to
increase aviation security.
Selection of Projects:
According to USTDA, assistance projects and recipients are selected
within the framework of USTDA's development and commercial mandate.
Generally, projects are not selected based strictly on security (i.e.,
not selected based on threat) but on the likelihood of a country
implementing the recommended actions to obtain greater aviation safety
and security. USTDA projects are developed through consultations by
USTDA staff and U.S. and foreign embassies, foreign officials (public
or private) that have decision-making authority to implement the
assistance project, or U.S. industry officials that identify a need for
assistance. According to USTDA, when developing the project, the agency
evaluates a number of factors, including the priority the government
places on the project and if the entity has the technical capability to
implement the project. According to USTDA, this evaluation is conducted
in order to ensure that U.S. taxpayers' dollars are wisely used on
projects that will help strengthen a foreign countries' ability to
transport passengers and goods to the United States.
After an initial evaluation by USTDA staff, USTDA employs a technical
expert to conduct an independent evaluation of the proposed assistance
project. That technical evaluation can take two forms: a Desk Study or
a Definitional Mission. The Desk Study is completed for proposals where
sufficient information is provided that allows for a technical expert
to make an informed decision as to whether or not USTDA should fund the
project. If the project proposal does not contain sufficient detail to
evaluate without conducting a field site visit, USTDA then employs a
small business contractor--or consultant--to conduct a Definitional
Mission, which, according to USTDA, costs between $25,000 and $40,000.
The consultant undertaking the Definitional Mission takes 1 to 2 weeks
to meet with the stakeholders in the foreign country, including the
potential grant recipients, in order to review project ideas and
generate additional project opportunities. Upon return from the site
visits, the consultant prepares a report for USTDA on the findings of
the Definitional Mission. According to USTDA, consultants typically
assess more than one proposed assistance project at a time when in the
field. To avoid conflicts of interest, the consultant that undertakes
the Definitional Mission is prohibited from participating in any of the
follow-on work, including the early investment analysis or training
recommended in the report.
Program Assistance:
Early Investment Analysis:
Early investment analysis is the main form of USTDA assistance.
According to USTDA, the cost of such assistance typically ranges from
$100,000 to $500,000. These technical assistance programs may take from
6 to 18 months to complete. The studies are undertaken by U.S.
consulting firms under a grant program and are intended to evaluate the
technical, financial, environmental, legal, and other critical aspects
of infrastructure development projects that are of interest to
potential lenders and investors. Host country project sponsors select
the U.S. companies, normally through open competitions.
Annex 17 Workshops:
USTDA organizes Annex 17 workshops to help bring developing countries
into compliance with ICAO Annex 17. These workshops are designed to
give countries assistance before ICAO inspections so that they meet
minimum standards and pass inspections. According to USTDA, the
workshops suggest ways that relatively poor countries can meet ICAO
standards with a low level of technological sophistication. According
to USTDA, the workshops focus on enhancing training and improving human
resources related to aviation security.
Recipients:
According to USTDA, for fiscal year 2005, the agency awarded Chile
($359,000), Haiti ($150,000), Iraq ($243,000), Malaysia ($100,000),
Tanzania ($371,000), Ukraine ($625,000), West Africa Regional Training
($353,000) and Worldwide Aviation Security training ($596,000) grant
assistance in the aviation security sector.
Participation by TSA:
USTDA consults with TSA on an ongoing basis. USTDA used TSA personnel
as instructors for the Annex 17 workshops.
Department of Transportation--Safe Skies for Africa Program:
Background:
The Department of Transportation (DOT) manages the Safe Skies for
Africa presidential initiative (Safe Skies), which started in 1998.
Safe Skies is a technical program that assists participating countries
in meeting international aviation safety and security standards.
According to DOT officials, Safe Skies is a small program with an
annual budget--including operating and administrative costs--between $1
million and $3 million. According to DOT officials, approximately one-
fourth of the Safe Skies budget goes toward aviation security. Funding
for Safe Skies is provided by the State Department and the U.S. Agency
for International Development (USAID).
Selection of Participants:
The original Safe Skies participants were selected in 1998 by an
interagency committee made up of Department of Defense, Department of
Transportation, State Department, and the U.S. Trade and Development
Agency. The committee held a series of meetings to consider priority
lists created by each agency, cables exchanged with U.S. embassies
across sub-Saharan Africa, and responses to questionnaires sent to
various states. The committee selected countries that it believed had
the highest likelihood of successfully complying with international
aviation safety and security standards set by ICAO and requirements set
by the Federal Aviation Administration (FAA) and TSA. The committee
also considered U.S. trade interests and regional diversity issues. In
the end, countries from across sub-Saharan Africa were selected to
participate in the program. Since 1998 only two countries have been
added to the list of Safe Skies participants. Both Uganda and Djibouti
became Safe Skies countries after President Bush announced the East
Africa Counterterrorism Initiative in 2003.[Footnote 82]
Program Assistance:
General:
All Safe Skies countries receive some degree of aid, with priority
going to those countries that demonstrate political will. DOT gauges
political will based on consultations with embassies and TSA and
whether a country implements recommended safety and security practices.
The Administration's priorities are communicated through the State
Department. According to DOT, all participants except Zimbabwe have had
aviation security, safety, and air navigation surveys of their civil
aviation systems performed at their airports by U.S. government subject
-matter experts.
Equipment:
Since September 11, 2001, the State Department has provided $5 million
in additional resources for DOT to provide security equipment to Safe
Skies countries. DOT officials stated that they worked with their TSA
(formerly FAA security) colleagues to perform site visits to help
agency officials determine country-specific security equipment needs
for the screening of passengers and baggage.
Security Advisor:
According to DOT, Safe Skies has an East Africa aviation security
advisor stationed in Nairobi, Kenya to provide direct advice and
technical assistance to Djibouti, Kenya, Tanzania, and Uganda in
meeting ICAO standards and to assist these states in addressing
potential threats to civil aviation.
Recipients[Footnote 83]
According to DOT, fiscal year 2005 recipients of Safe Skies assistance
were Angola, Cameroon, Cape Verde,[Footnote 84] Djibouti, Kenya, Mali,
Namibia, Tanzania, and Uganda.
Collaboration with TSA:
TSA and DOT responsibilities are laid out in a 2004 TSA-DOT memorandum
of agreement. Under this agreement, TSA provides advice, technical
assistance, and training through the TSA Enforcement Academy, in
addition to providing an aviation security advisor to Safe Skies. These
activities are funded by DOT, with funds that were appropriated to
USAID and transferred to DOT for the purposes of implementing Safe
Skies. TSA also works in partnership with DOT to prioritize recipient
countries based on need.
Department of State--Bureau of International Narcotics and Law
Enforcement Affairs--Organization of American States Inter-American
Committee against Terrorism:
Background:
The Bureau of International Narcotics and Law Enforcement Affairs (INL)
of the Department of State has a program under way aimed at combating
alien smuggling and improving border security. The part of the program
relating to border security contains elements relating to maritime
security and airport security. These efforts are undertaken in
cooperation with the Organization of American States' (OAS) Inter-
American Committee against Terrorism (CICTE). The INL-OAS efforts began
with maritime security and were broadened to include aviation security
in 2003.
Selection of Participants:
INL officials worked with CICTE officials to select the appropriate OAS
member countries to receive training. As of August 2006, the aviation
security effort under way was focused on Caribbean nations, and fiscal
year 2006 funding was also intended to provide funding for some Central
and South American nations. Roughly $264,000 was spent in 2004,
$187,110 in 2005, and $236,610 in 2006 on aviation security.
Program Assistance:
INL funds pay for aviation security training courses, and the courses
are taught by TSA officials. These training courses are aimed at
helping countries to develop national civil aviation security programs
and other essential plans based on the ICAO standards as well as crisis
management. INL funds were used to pay for national development
workshops for Caribbean countries. These workshops were taught by TSA
staff who spent 1 week in each Caribbean country. While in country, TSA
representatives reviewed the country's security program, looked for
deficiencies within the security program, and attempted to build a
program that would resolve the deficiencies they identified. According
to OAS, participants in these workshops identified recommendations to
improve aviation security and combat terrorism and submitted the
recommendations to their respective governments. The workshops
addressed enhancements to the national security program, national
legislation, oversight, national security committees, and program
approval processes. According to OAS, in 2006, these workshops took
place in Antigua and Barbuda, Bahamas, Belize, Dominican Republic,
Grenada, Guyana, Jamaica, St. Kitts and Nevis, and St. Vincent and the
Grenadines. According to OAS, starting in September 2006, this program
began functioning in Central America, where national development
workshops were planned to take place in Costa Rica, El Salvador,
Guatemala, Honduras, Nicaragua, and Panama.
According to OAS, in addition to the national development workshops,
this program also offers a 5-day crisis management workshop for
midlevel to senior-level aviation management and other government
officials. INL, through CICTE, also funds aviation security courses
that are taught by ICAO instructors.
Recipient Countries:
According to OAS, the recipient countries of CICTE-sponsored aviation
security training for calendar year 2006 were Antigua and Barbuda,
Bahamas, Barbados, Belize, Bolivia, Columbia, Costa Rica, Dominican
Republic, El Salvador, Grenada, Guatemala, Guyana, Honduras, Jamaica,
Nicaragua, Panama, Paraguay, Peru, St. Kitts and Nevis, St. Lucia, St.
Vincent and the Grenadines, Trinidad and Tobago, and Uruguay.[Footnote
85]
TSA Participation:
TSA officials are the instructors for the on-site workshops. CICTE
established an memorandum of agreement with TSA, and discussed the best
approach for helping OAS members develop a long-term international
aviation security program. CICTE and TSA decided that in-country, on-
the-ground visits would be the best approach, since these allow CICTE
and TSA to see which problems are present.
Department of State--Western Hemisphere Affairs--Organization of
American States--Inter-American Committee against Terrorism:
Background:
According to OAS, during the fourth quarter of 2006, CICTE received
grant funding to provide aviation security training courses for the
nine countries that will host the 2007 Cricket World Cup.
Program Assistance:
According to OAS, grant funding was used to support two aviation
security training courses--the Basic Security Training Course and the
Aviation Security Training Course. The Basic Security Training Course
is a 7-day course focused on improving aviation security screeners'
ability to detect threat items using X-ray machines, metal detection
portals, physical search techniques, and explosive trace detection
technologies.
According to OAS, the Aviation Security Training Course is a 9-day
course that addresses concepts and principles of managing aviation
security operations within the unique environment of an international
airport. Course content is also based on ICAO standards and recommended
practices and focused on the protection of passengers, crew, ground
personnel, the general public, the aircraft, and airport facilities.
According to OAS, practical exercises are used to reinforce classroom
learning. This course provided training to midlevel managers and
supervisors who are responsible for aviation security program planning,
oversight, and operations. According to OAS, TSA instructors train
these officials in identifying vulnerabilities at their airports,
developing preventive measures, and allocating resources to handle the
flow of passengers while maintaining adequate security.
Recipient Countries:
The recipient countries for calendar year 2006 and the first half of
2007 are Antigua and Barbuda, Grenada, Guyana, Jamaica, St. Kitts and
Nevis, and St. Lucia.
Department of Justice-International Criminal Investigative Training and
Assistance Program:
Background:
The Department of Justice's (DOJ) International Criminal Investigative
Training Assistance Program (ICITAP) aims to develop law enforcement
agencies and systems. Training is only one component of ICITAP's
holistic approach to this mission. ICITAP has an ongoing relationship
with the Department of State to offer various types of training. Since
2000, ICITAP facilitated Department of State-initiated aviation
security training in Ghana and the Dominican Republic, and conducted an
assessment in Benin.
Selection of Participants:
The Department of Justice's involvement can begin when a foreign
government makes a request to the U.S. embassy for training to rectify
perceived weaknesses in aviation security. The embassy then
collaborates with DOJ to put together a proposal for action, which is
then sent to the Department of State's Bureau of International
Narcotics and Law Enforcement. INL attempts to obtain a country-
specific appropriation for the project, and alerts DOJ as to whether
funding is available. According to DOJ, INL sometimes targets certain
countries for assistance and then asks ICITAP to prepare proposals and
budgets to support training activities and technical assistance to
improve law enforcement capacity in the host countries.
Program Assistance:
ICITAP assistance included on-site aviation security needs assessments,
with ICITAP serving as facilitator and current and former TSA
(previously FAA) employees performing the aviation security needs
assessments. The assessment was based on standards laid out in ICAO
Annex 17. The assessment attempted to broadly gauge the adequacy of the
available security systems and each country's ability to manage the
systems.
Recipients:
As of February 2007, the most recent recipients are Benin ($79,500 in
2002),[Footnote 86] Ghana ($79,500 in 2002), and the Dominican Republic
($32,000 in 2003).
In 2003, as a result of information gathered from TSA's foreign airport
assessment report, ICITAP provided drug interdiction training to
customs officials in Ghana stationed at the airport. According to DOJ,
INL granted $79,500 each to Ghana and Benin for the purpose of
providing airport security training.
TSA Participation:
Former and current TSA officials have conducted needs assessments and
provided training to foreign officials through ICITAP.
[End of section]
Appendix V: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
April 13, 2007:
Ms. Cathleen A. Berrick:
Director, Homeland Security and Justice Issues:
U. S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Ms. Berrick:
Thank you for the opportunity to comment on GAO's report entitled,
Aviation Security: Foreign Airport Assessments and Air Carrier
Inspections Help Enhance Security, but Oversight of These G forts Can
be Strengthened, GAO-07-392SU. We appreciate the analysis GAO has
conducted over the past 16 months, which reflects the positive aspects
and impact of the Transportation Security Administration (TSA) Foreign
Airport Assessment Program (FAAP). TSA generally concurs with GAO's
report and recommendations.
The Aviation and Transportation Security Act (ATSA) delegates to TSA
the FAAP, which requires an assessment of the security of foreign
airports served by United States (U.S.) air carriers and foreign air
carriers that serve the U.S., as outlined by the Foreign Airport
Security Act o^ 1985.[Footnote 87] TSA is responsible for securing all
modes of transportation, including the protection of persons and
property aboard aircraft operating in international air transportation
against acts of criminal violence and aircraft piracy. To this end, TSA
assesses the effectiveness of security measures at foreign airports
based on the aviation security standards and recommended practices
adopted by the International Civil Aviation Organization (ICAO). While
TSA is authorized under U.S. law to conduct foreign airport assessments
al intervals it considers necessary, TSA may not perform an assessment
of security measures at a foreign airport without the permission of the
host government. Accordingly, TSA aims to enhance foreign relations,
through global and regional outreach to the transportation industry. On
a global scale, TSA meets regularly with the International Air
Transport Association (IATA) to discuss, most notably, harmonization of
aviation security measures. Outreach to the aviation industry on a
regional level has been established through the Association of European
Airlines (AEA) in Europe; Association of Asia Pacific Airlines (AAPA)
and Association of South Pacific Airlines (ASPA) in Asia-Pacific; and
Association of Latin American Airlines (ALTA) in the Caribbean and
South America. TSA also works with the U.S. Department of State and its
embassies worldwide, to foster inter- governmental cooperation and
coordination.
TSA conducts security inspections of foreign and U.S.-based air
carriers that provide service to the United States from foreign
countries to ensure compliance with applicable security requirements,
including those set forth in the air carriers' TSA-approved security
programs.
The continued threat against U.S. aviation is clearly demonstrated by
the Richard Reid incident on an American Airlines flight from Paris
Charles De Gaulle in November 2001; the alleged threat (Flights of
Interest) to U.S.-bound British and French flights from London Heathrow
and Paris Charles De Gaulle in December 2003; and, more recently, the
alleged terrorist plot to detonate liquid explosives onboard multiple
aircraft departing from the United Kingdom to the United States in the
summer of 2006. These threats reflect the critical need to determine
whether international security standards are implemented at all last
points of departure to the United States as required by the Foreign
Airport Security Act of 1985.
In 2005, TSA began developing a tracking system to better determine the
total numbers of airport assessments and air carrier inspections
conducted during a fiscal year. TSA has further refined this tracking
system to record and monitor the reasons why assessments or inspections
are deferred. In concert with this system, TSA is utilizing a risk-
based methodology to schedule assessments and inspections. TSA's recent
activities include exploring an automated means of capturing its
foreign airport assessment data to track deficiencies identified,
corrective actions recommended, and the resulting actions taken by the
entities assessed. This comprehensive tracking system will better
promote outcome-based performance measures to determine the impact of
TSA's assessment program.
The recommendations provided by GAO will help strengthen TSA's
oversight of foreign airport assessments and air carrier inspections.
We generally concur with the recommendations and have already taken
steps to address some of them. What follows are TSA's specific
responses to the recommendations contained in GAO's report.
Recommendations 1 and 2: Develop controls to track the status of
scheduled foreign airport assessments from initiation through
completion, including the reasons why assessments were deferred or
cancelled; and develop controls to track the status of scheduled air
carrier inspections from initiation through completion, including the
reasons why inspections were deferred or cancelled, as well as the
final disposition of any investigations that result from air carrier
inspections.
TSA Response: TSA concurs with these recommendations and will continue
to enhance its system to track the status of scheduled foreign airport
assessments and air carrier inspections from initiation through
completion. This tracking system records the dates of past airport
assessments and air carrier inspections, projected dates of future
assessments and inspections, as well as other foreign airport and air
carrier information useful for program managers. This tracking system
also incorporates TSA's risk- based methodologies employed in October
2006. Further, the enhanced tracking system will reflect the reasons
why airport assessments or air carrier inspections were deferred or
cancelled to ensure that scheduled assessments and inspections are
actually conducted. TSA intends to further refine the system to better
track both historical information and current inspection information as
they relate to air carrier inspections conducted in a given year. In
reference to the final disposition of air carrier investigations, the
TSA Office of Chief Counsel currently documents the final disposition
of air carrier investigations that result in referrals for legal
enforcement action. The final legal dispositions of such cases are
recorded in TSA's Performance and Results Information System (PARIS)
when the TSA attorney closes the case. TSA will enhance the PARIS
database to ensure that inspection activities are linked to
investigations, so that any enforcement actions are properly associated
and comprehensive enforcement information is readily available.
Recommendation 3: Develop a standard process for tracking and
documenting host governments' progress in addressing security
deficiencies identified during TSA airport assessments.
TSA Response: TSA concurs and is currently developing a process through
which security concerns noted during airport assessments will be
tracked with fields identifying airport-and deficiency-specific data,
deadlines, and current status and resolution. Completed items will be
archived to allow for trend analysis and provide an historical
understanding of each airport's security posture from one assessment to
the next.
Recommendations 4 and 5: Develop outcome-oriented performance measures
to evaluate the impact TSA assistance has on improving foreign airport
compliance with ICAO standards; and develop outcome-oriented
performance measures to evaluate the impact TSA assistance and
enforcement actions have on improving air carrier compliance with TSA
security, requirements.
TSA Response: TSA concurs with these recommendations because TSA
recognizes the importance of monitoring and documenting the results of
its efforts; however, TSA believes the outcome-based performance
measures should be structured in a way that recognizes the
collaborative nature of the process. TSA is in the planning stages of
developing an outcome-based performance model using a risk-based
methodology for conducting foreign airport assessments and air carrier
inspections. Elements under consideration for inclusion include:
numbers of assessments conducted and when; ICAO standards and other
security items identified as deficient; corrective actions recommended;
TSA assistance provided; coordinated assistance arranged through third
parties; and lastly, the corrective actions achieved. In coordination
with the Transportation Security Administration Representatives (TSAR),
TSA will develop key performance targets and corresponding metrics that
will inform the assessment/inspection planning process and assist in
the implementation of corrective measures for foreign airport and air
carrier compliance and follow-up thereto. Regular analysis and review
of the process, data recorded, and metrics produced will allow TSA to
better measure the effectiveness and efficiency of these programs.
Thank you again for the opportunity to comment on this draft report and
we look forward to working with you on future homeland security issues.
Sincerely,
Signed by:
Steven J. Pecinovsky:
Director:
Departmental GAO/OIG Liaison Office:
[End of section]
Appendix VI: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Cathleen A. Berrick, (202) 512-3404 or berrickc@gao.gov:
Acknowledgments:
In addition to the person named above, Maria Strudwick, Assistant
Director; Amy Bernstein; Kristy Brown; Alisha Chugh; Emily Hanawalt;
Christopher Jones; Stanley Kostyla; Kyle Lamborn; Thomas Lombardi;
Jeremy Manion; and Linda Miller made key contributions to this report.
[End of section]
Related Products:
Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are
in the Early Stages and Could Be Strengthened. GAO-07-660. Washington,
D.C.: April 30, 2007.
Aviation Security: TSA's Change to its Prohibited Items List Has Not
Resulted in Any Reported Public Safety Incidents, but the Impact of the
Change on Screening Operations is Uncertain. GAO-07-623R. Washington,
D.C.: April 25, 2007.
Aviation Security: Risk, Experience, and Customer Service Drive Changes
to Airline Passenger Screening Procedures, but Evaluation and
Documentation of Proposed Changes Could Be Improved. GAO-07-634.
Washington, D.C.: April 16, 2007.
Aviation Security: TSA's Staffing Allocation Model Is Useful for
Allocating Staff among Airports, but Its Assumptions Should Be
Systematically Reassessed. GAO-07-299. Washington, D.C.: Feb. 28, 2007.
Aviation Security: Progress Made in Systematic Planning to Guide Key
Investment Decisions, but More Work Remains. GAO-07-448T. Washington,
D.C.: Feb. 13, 2007.
Aviation Security: TSA Oversight of Checked Baggage Screening
Procedures Could Be Strengthened. GAO-06-869. Washington, D.C.: Jul.
28, 2006.
Aviation Security: TSA Has Strengthened Efforts to Plan for the Optimal
Deployment of Checked Baggage Screening Systems but Funding
Uncertainties Remain. GAO-06-875T. Washington, D.C.: June 29, 2006.
Aviation Security: Management Challenges Remain for the Transportation
Security Administration's Secure Flight Program. GAO-06-864T.
Washington, D.C.: June 14, 2006.
Aviation Security: Further Study of Safety and Effectiveness and Better
Management Controls Needed if Air Carriers Resume Interest in Deploying
Less than Lethal Weapons. GAO-06-475. Washington, D.C.: May 26, 2006.
Aviation Security: Enhancements Made in Passenger and Checked Baggage
Screening, but Challenges Remain. GAO-06-371T. Washington, D.C.: Apr.
4, 2006.
Aviation Security: Transportation Security Administration Has Made
Progress in Managing a Federal Security Workforce and Ensuring Security
at U.S. Airports, but Challenges Remain. GAO-06-597T. Washington, D.C.:
Apr. 4, 2006.
Aviation Security: Progress Made to Set Up Program Using Private-Sector
Airport Screeners, but More Work Remains. GAO-06-166. Washington, D.C.:
Mar. 31, 2006.
Aviation Security: Significant Management Challenges May Adversely
Affect Implementation of the Transportation Security Administration's
Secure Flight Program. GAO-06-374T. Washington, D.C.: Feb. 9, 2006.
Aviation Security: Federal Air Marshal Service Could Benefit from
Improved Planning and Controls. GAO-06-203. Washington, D.C.: Nov. 28,
2005.
Aviation Security: Federal Action Needed to Strengthen Domestic Air
Cargo Security. GAO-06-76. Washington, D.C.: Oct. 17, 2005.
Transportation Security Administration: More Clarity on the Authority
of Federal Security Directors Is Needed. GAO-05-935. Washington, D.C.:
Sept. 23, 2005.
Aviation Security: Flight and Cabin Crew Member Security Training
Strengthened, but Better Planning and Internal Controls Needed. GAO-05-
781. Washington, D.C.: Sept. 6, 2005.
Aviation Security: Transportation Security Administration Did Not Fully
Disclose Uses of Personal Information During Secure Flight Program
Testing in Initial Privacy Notes, but Has Recently Taken Steps to More
Fully Inform the Public. GAO-05-864R. Washington, D.C.: July 22, 2005.
Aviation Security: Better Planning Needed to Optimize Deployment of
Checked Baggage Screening Systems. GAO-05-896T. Washington, D.C.: July
13, 2005.
Aviation Security: Screener Training and Performance Measurement
Strengthened, but More Work Remains. GAO-05-457. Washington, D.C.: May
2, 2005.
Aviation Security: Secure Flight Development and Testing Under Way, but
Risks Should Be Managed as System Is Further Developed. GAO-05-356.
Washington, D.C.: Mar. 28, 2005.
Aviation Security: Systematic Planning Needed to Optimize the
Deployment of Checked Baggage Screening Systems. GAO-05-365.
Washington, D.C.: Mar. 15, 2005.
Aviation Security: Measures for Testing the Effect of Using Commercial
Data for the Secure Flight Program. GAO-05-324. Washington, D.C.:
Feb.23, 2005.
Transportation Security: Systematic Planning Needed to Optimize
Resources. GAO-05-357T. Washington, D.C.: Feb.15, 2005.
Aviation Security: Preliminary Observations on TSA's Progress to Allow
Airports to Use Private Passenger and Baggage Screening Services. GAO-
05-126. Washington, D.C.: Nov.19, 2004.
General Aviation Security: Increased Federal Oversight Is Needed, but
Continued Partnership with the Private Sector Is Critical to Long-Term
Success. GAO-05-144. Washington, D.C.: Nov. 10, 2004.
Aviation Security: Further Steps Needed to Strengthen the Security of
Commercial Airport Perimeters and Access Controls. GAO-04-728.
Washington, D.C.: Jun. 4, 2004.
Transportation Security Administration: High-Level Attention Needed to
Strengthen Acquisition Function. GAO-04-544. Washington, D.C.: May 28,
2004.
Aviation Security: Challenges in Using Biometric Technologies. GAO-04-
785T. Washington, D.C.: May 19, 2004.
Nonproliferation: Further Improvements Needed in U.S. Efforts to
Counter Threats from Man-Portable Air Defense Systems. GAO-04-519.
Washington, D.C.: May 13, 2004.
Aviation Security: Private Screening Contractors Have Little
Flexibility to Implement Innovative Approaches. GAO-04-505T.
Washington, D.C.: Apr. 22, 2004.
Aviation Security: Improvement Still Needed in Federal Aviation
Security Efforts. GAO-04-592T. Washington, D.C.: Mar. 30, 2004.
Aviation Security: Challenges Delay Implementation of Computer-
Assisted Passenger Prescreening System. GAO-04-504T. Washington, D.C.:
Mar. 17, 2004.
Aviation Security: Factors Could Limit the Effectiveness of the
Transportation Security Administration's Efforts to Secure Aerial
Advertising Operations. GAO-04-499R. Washington, D.C.: Mar. 5, 2004.
Aviation Security: Computer-Assisted Passenger Prescreening System
Faces Significant Implementation Challenges. GAO-04-385. Washington,
D.C.: Feb. 13, 2004.
Aviation Security: Challenges Exist in Stabilizing and Enhancing
Passenger and Baggage Screening Operations. GAO-04-440T. Washington,
D.C.: Feb. 12, 2004.
The Department of Homeland Security Needs to Fully Adopt a Knowledge-
based Approach to Its Counter-MANPADS Development Program. GAO-04-341R.
Washington, D.C.: Jan. 30, 2004.
Aviation Security: Efforts to Measure Effectiveness and Strengthen
Security Programs. GAO-04-285T. Washington, D.C.: Nov. 20, 2003.
Aviation Security: Federal Air Marshal Service Is Addressing Challenges
of Its Expanded Mission and Workforce, but Additional Actions Needed.
GAO-04-242. Washington, D.C.: Nov. 19, 2003.
Aviation Security: Efforts to Measure Effectiveness and Address
Challenges. GAO-04-232T. Washington, D.C.: Nov. 5, 2003.
Airport Passenger Screening: Preliminary Observations on Progress Made
and Challenges Remaining. GAO-03-1173. Washington, D.C.: Sept. 24,
2003.
Aviation Security: Progress since September 11, 2001, and the
Challenges Ahead. GAO-03-1150T. Washington, D.C.: Sept. 9, 2003.
Transportation Security: Federal Action Needed to Enhance Security
Efforts. GAO-03-1154T. Washington, D.C.: Sept. 9, 2003.
Transportation Security: Federal Action Needed to Help Address Security
Challenges. GAO-03-843. Washington, D.C.: Jun. 30, 2003.
Federal Aviation Administration: Reauthorization Provides Opportunities
to Address Key Agency Challenges. GAO-03-653T. Washington, D.C.: Apr.
10, 2003.
Transportation Security: Post-September 11th Initiatives and Long-Term
Challenges. GAO-03-616T. Washington, D.C.: Apr. 1, 2003.
Airport Finance: Past Funding Levels May Not Be Sufficient to Cover
Airports' Planned Capital Development. GAO-03-497T. Washington, D.C.:
Feb. 25, 2003.
Transportation Security Administration: Actions and Plans to Build a
Results-Oriented Culture. GAO-03-190. Washington, D.C.: Jan. 17, 2003.
Aviation Safety: Undeclared Air Shipments of Dangerous Goods and DOT's
Enforcement Approach. GAO-03-22. Washington, D.C.: Jan. 10, 2003.
Aviation Security: Vulnerabilities and Potential Improvements for the
Air Cargo System. GAO-03-344. Washington, D.C.: Dec. 20, 2002.
Aviation Security: Registered Traveler Program Policy and
Implementation Issues. GAO-03-253. Washington, D.C.: Nov. 22, 2002.
Airport Finance: Using Airport Grant Funds for Security Projects Has
Affected Some Development Projects. GAO-03-27. Washington, D.C.: Oct.
15, 2002.
Commercial Aviation: Financial Condition and Industry Responses Affect
Competition. GAO-03-171T. Washington, D.C.: Oct. 2, 2002.
Aviation Security: Transportation Security Administration Faces
Immediate and Long-Term Challenges. GAO-02-971T. Washington, D.C.: Jul.
25, 2002.
Aviation Security: Information Concerning the Arming of Commercial
Pilots. GAO-02-822R. Washington, D.C.: Jun. 28, 2002.
Aviation Security: Vulnerabilities in, and Alternatives for, Preboard
Screening Security Operations. GAO-01-1171T. Washington, D.C.: Sept.
25, 2001.
Aviation Security: Weaknesses in Airport Security and Options for
Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.:
Sept. 21, 2001.
Homeland Security: A Framework for Addressing the Nation's Efforts. GAO-
01-1158T. Washington, D.C.: Sept. 21, 2001.
Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve
Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.:
Sept. 20, 2001.
Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in
Aviation Security. GAO-01-1166T. Washington, D.C.: Sept. 20, 2001.
FOOTNOTES
[1] See 49 U.S.C § 114(d).
[2] ICAO was formed following the 1944 Convention on International
Civil Aviation (also known as the Chicago Convention). In 1947, ICAO
became a specialized agency of the United Nations. A primary objective
of ICAO is to provide for the safe, orderly, and efficient development
of international civil aviation. There are currently 189 signatory
nations to the ICAO convention, including the United States. Nations
that are members to the ICAO convention agree to cooperate with other
member states to meet standardized international aviation security
measures. The international aviation security standards and recommended
practices are detailed in Annex 17 to the Convention on International
Civil Aviation adopted by ICAO.
[3] Domestic and foreign air carriers that operate to, from, or within
the United States must establish and maintain security programs
approved by TSA in accordance with requirements set forth in regulation
at 49 C.F.R. parts 1544 and 1546. See 49 U.S.C. §§ 44903 44906. In
conducting air carrier inspections, TSA may consider compliance with
air carriers' TSA-approved security programs as well as any applicable
laws, regulations, security directives, and emergency amendments. See
49 C.F.R. §§ 1544.3 1546.3.
[4] An air carrier station refers to those locations at an airport
where an air carrier conducts its operations.
[5] Complete foreign airport assessment and air carrier inspection
results for fiscal year 2006 were not available when we initiated our
review.
[6] TSA's international field offices are located in Dallas, Frankfurt,
Los Angeles, Miami, and Singapore.
[7] FSDs are the ranking TSA authorities responsible for the leadership
and coordination of TSA security activities at commercial airports in
the United States.
[8] APEC is a multilateral organization that aims to sustain economic
growth in the Asia-Pacific region through a commitment to open trade,
investment, and economic reform. APEC's transportation subgroups work
to achieve a balance between trade and security issues related to the
operation of regional transportation systems. AEA represents more than
30 airlines and works in partnership with stakeholders in the aviation
industry to ensure the sustainable growth of the European airline
industry in a global context. ECAC, created in 1955, currently has 42
members and seeks to promote aviation safety, security, and economic
development of its members. One way ECAC contributes to this effort is
by conducting audits of airports and air carriers when requested to do
so by a country in accordance with aviation security standards agreed
upon by ECAC members. IATA is composed of over 260 airlines and aims to
help airlines simplify processes and increase passenger convenience
while reducing costs and improving efficiency.
[9] According to TSA's Foreign Airport Assessment Program Standard
Operating Procedures, if security concerns and deficiencies identified
by TSA during assessments are considered "not serious enough for
secretarial action (e.g., the measure barely satisfies the minimum
international standard and could be improved)," TSA may develop an
action plan for addressing these deficiencies without seeking a
determination for further action from the Secretary of Homeland
Security.
[10] Specific details regarding the nature of security deficiencies TSA
identified during air carrier inspections are sensitive security
information and are not discussed in this report.
[11] The number of enforcement actions is not equal to the number of
violations identified because TSA can issue one enforcement action for
multiple violations, and TSA could not readily identify what action, if
any, was taken for some violations.
[12] The specific details of the catering cart security deficiency
identified by TSA inspectors are sensitive security information and,
therefore, are not discussed in this report.
[13] See Pub. L. No. 107-71, 115 Stat. 597 (2001).
[14] 49 U.S.C. § 44907. Prior to the establishment of DHS in March
2003, authority for conducting foreign airport assessments resided with
the Secretary of Transportation. Although assessments were originally
conducted by the Federal Aviation Administration, TSA assumed
responsibility for conducting the assessments following the enactment
of the Aviation and Transportation Security Act in November 2001. In
March 2003, TSA transferred from the Department of Transportation to
DHS.
[15] See 49 U.S.C. § 44907(d)-(e).
[16] Domestic and foreign air carriers that operate to, from, or within
the United States must establish and maintain security programs
approved by TSA in accordance with requirements set forth in regulation
at 49 C.F.R parts 1544 and 1546. See 49 U.S.C §§ 44903 44906. Prior to
TSA being established in February 2002, the Federal Aviation
Administration conducted these air carrier inspections.
[17] International aviation security standards and recommended
practices are detailed in Annex 17 and Annex 14 to the Convention on
International Civil Aviation, as adopted by ICAO. An ICAO standard is a
specification for the safety or regularity of international air
navigation, with which member states agree to comply; whereas, a
recommended practice is any desirable specification for safety,
regularity, or efficiency of international air navigation, with which
member states are strongly encouraged to comply. Member states are
expected to make a genuine effort to comply with recommended practices.
TSA has chosen the 86 standards that it sees as most critical. See 49
U.S.C. § 44907(a)(2)(C) (requiring that TSA conduct assessments using a
standard that results in an analysis of the security measures at the
airport based at least on the standards and appropriate recommended
practices of ICAO Annex 17 in effect on the date of the assessment).
[18] Segments of Annex 17 to the Convention of International Civil
Aviation, Safeguarding International Civil Aviation Against Unlawful
Acts of Interference, Seventh Edition, April 2002 and Annex 14,
Aerodrome Design and Operations, Volume I, have been reproduced in
appendix II with permission of the International Civil Aviation
Organization.
[19] Based on documentation provided by TSA, TSA also conducted five
foreign airport surveys during fiscal year 2005. Surveys are generally
conducted at foreign airports that are scheduled to provide new service
to the United States. Unlike airport assessments, airport surveys only
address whether foreign airports are meeting critical ICAO standards
and recommended practices, such as those associated with passenger and
checked baggage screening. Also unlike assessment reports, survey
reports do not identify whether foreign officials took steps to address
security deficiencies that were identified at the airport. Because of
these differences, we did not include the results of the foreign
airport surveys in our analysis.
[20] According to TSA, the airport assessment period is extended by 8
to 12 hours for each air carrier inspection that is conducted.
[21] According to TSA's Foreign Airport Assessment Program Standard
Operating Procedures, if security concerns and deficiencies are
considered "not serious enough for secretarial action (e.g., the
measure barely satisfies the minimum international standard and could
be improved)," TSA may develop an action plan for addressing the
deficiencies identified without seeking a determination from the
Secretary of Homeland Security.
[22] The Secretary may bypass the 90-day action and immediately provide
public notification or withhold, revoke, or prescribe conditions on an
air carrier's operating authority if the Secretary determines, after
consultation with the Secretary of State, that a condition exists that
threatens the safety or security of passengers, aircraft, or crew
traveling to or from the airport. § 44907(d)(2)(A)(ii).
[23] Public notification includes publication of the airport's identity
in the Federal Register, posting and displaying the airport's identity
prominently at all U.S. airports at which scheduled air carrier
operations are provided regularly, and notifying news media of the
airport's identity. 49 U.S.C. § 44907(d)(1)(A). U.S. and foreign air
carriers providing transportation between the United States and the
airport shall also provide written notice that the airport is not
maintaining and carrying out effective security measures on or with the
ticket to each passenger buying a ticket. § 44907(d)(1)(B).
[24] Invoking this action does not require that the Secretary base the
determination upon TSA's airport assessment results, though an
assessment may provide the basis for invoking this action.
[25] TSA may conduct air carrier inspections separately from airport
assessments because foreign airports are generally assessed no more
than once a year by TSA, while some air carriers are inspected twice a
year by TSA.
[26] Extraordinary locations are identified through threat analysis
conducted by TSA's Office of Intelligence and are contained in the
Aircraft Operator Standard Security Program. The list of extraordinary
locations is sensitive security information and, therefore, is not
included in this report.
[27] Over the course of our review, TSA was in the process of
developing new guidelines for determining the frequency of overseas air
carrier inspections. The draft guidelines would require TSA to inspect
both U.S. and foreign air carriers once a year, unless the air carrier
operates out of a foreign airport that TSA determines has a relatively
high vulnerability level, in which case TSA would inspect the air
carrier twice a year. TSA had not finalized the draft air carrier
inspection guidelines as of February 2007.
[28] TSA requires that each air carrier adopt and implement a TSA-
approved security program for all scheduled passenger and public
charter operations at locations within the United States, from the
United States to a non-U.S. location, or from a non-U.S. location to
the United States. See 49 C.F.R. pts. 1544-46.
[29] See 49 C.F.R. §§ 1544.3, 1546.3.
[30] When circumstances require that air carriers take immediate action
to mitigate a known or potential threat or vulnerability, TSA may issue
security directives to impose additional security requirements on U.S.
air carriers and emergency amendments to impose additional requirements
on foreign air carriers. See 49 C.F.R. §§ 1544.105(d), 1544.305,
1546.105(d).
[31] The No-Fly list contains the names of individuals that pose, or
are suspected of posing, a threat to civil aviation or national
security and are precluded from boarding an aircraft. The Selectee list
includes those individuals of interest that do not meet the criteria to
be placed on the No-Fly list. Individuals on the Selectee list will be
subjected to additional screening. There is also a separate selectee
process--the Computer-Assisted Passenger Prescreening System--by which
individuals who meet certain criteria are selected for additional
screening.
[32] TSA has statutory authority to issue fines and penalties to
individual air carriers for not complying with established security
procedures. See 49 U.S.C. § 46301. In general, the penalty for an
aviation security violation is found at 49 U.S.C. § 46301(a)(4), which
states that the maximum civil penalty for violating chapter 449 of
title 49, United States Code, (49 U.S.C. § 44901 et seq.) or another
requirement under title 49 administered by the Assistant Secretary,
TSA, shall be $10,000. The maximum civil penalty shall be $25,000 in
the case of a person operating an aircraft for the transportation of
passengers or property for compensation.
[33] TSA assessed foreign airports against 64 required ICAO standards
and 22 recommended ICAO practices for aviation security. For the
purpose of this report, we refer to both standards and recommended
practices as standards.
[34] TSA found that 104 of the 128 foreign airports initially did not
meet at least 1 ICAO standard. The average number of ICAO standards not
met by these 104 airports was about 6, and the range of standards not
met by an individual airport was 1 to 24. However, by the completion of
TSA's assessment, 22 of these 104 airports had taken corrective action
that enabled them to meet all ICAO standards; thus leaving 82 airports
that did not meet at least 1 ICAO standard at the completion of the
assessment period. In addition to conducting airport assessments of
foreign airports, TSA also conducts surveys of foreign airports.
Surveys are conducted at airports that plan to provide new service to
the United States.
[35] At the beginning of the assessment, TSA found that 88 airports did
not meet at least one critical ICAO standard. However, by the end of
the assessment period, 27 airports took corrective action that allowed
them to meet all critical standards, leaving 61 foreign airports not
meeting at least one critical ICAO standard after TSA completed its
assessment.
[36] See 70 Fed. Reg. 3,378 (Jan. 24, 2005). Based on subsequent
assessments by TSA, the Secretary found that Port-au-Prince
International Airport maintains and carries out effective security
measures. See 71 Fed. Reg. 42,103 (July 25, 2006).
[37] See 71 Fed. Reg. 3,107 (Jan. 19, 2006). The airport in Bali was
subjected to both a public notification and a 90-dayaction, whereas for
Haiti, the Secretary by-passed the 90-day action and immediately
notified the public that the airport in Haiti did not maintain and
carry out effective security measures. The identity of the foreign
airports that were subjected to 90-day actions, but did not also
subjected to public notification, is classified.
[38] The number of ICAO standards not met by the five secretarial
action airports at the completion of TSA's assessment ranged from 11 to
18, and the number of critical standards not met by these airports
range from 3 to 6. The assessment reports for these airports included
some standards that did not provide information whether or not the
standard had been met at the completion of TSA's assessment. Therefore,
those standards were excluded when calculating these range values.
[39] TSA officials stated that noncompliance with an ICAO standard,
which is required, has more influence on a secretarial action
determination than noncompliance with an ICAO recommended practice,
which is only suggested.
[40] Specifically, 108 of the 385 U.S. air carrier inspections and 48
of the 144 foreign air carrier inspections resulted in violations of at
least one TSA security requirement.
[41] During fiscal year 2005, there were a total of 78 security
requirements that TSA could have imposed on U.S.-based air carriers
operating at foreign airports and a total of 55 security requirements
that TSA could have imposed on foreign air carriers. However, depending
on the location of the foreign airport in which the air carrier
operated and the extent of an air carrier's operations at the airport,
not all of the security requirements were applicable to all air
carriers.
[42] The percentage of air carrier inspections that resulted in these
and other types of security deficiencies is sensitive security
information and, therefore, is not discussed in this report.
[43] TSA could not readily identify what enforcement actions were
recommended for the remaining 84 (about 20 percent) security violations
identified during fiscal year 2005 air carrier inspections.
[44] The number of enforcement actions is not equal to the number of
violations identified because TSA can issue one enforcement action for
multiple violations and TSA could not readily identify what action, if
any, was taken for some violations.
[45] An additional fiscal year 2005 enforcement action based on a
fiscal year 2004 inspection was resolved with a letter of correction
issued in lieu of a $25,000 civil penalty.
[46] The specific passenger checkpoint screening deficiency identified
by TSA is sensitive security information and, therefore, is not
identified in this report.
[47] The specific airport perimeter security deficiency identified by
TSA is sensitive security information and, therefore, is not identified
in this report.
[48] The specific security deficiency for which TSA inspectors
recommended the construction project is sensitive security information
and, therefore, is not identified in this report.
[49] The Organization of American States is made up of 35 member
states, including the independent nations of North, Central, and South
America and the Caribbean, and is a forum for strengthening democracy,
promoting human rights, and confronting shared problems among its
members, such as poverty, terrorism, illegal drugs, and corruption.
[50] During fiscal year 2005, air carriers made 22 requests for
alternative procedures. TSA approved 18 requests and 4 requests were
withdrawn by the air carrier.
[51] The areas of responsibility for the IFOs are mutually exclusive.
Therefore, a foreign airport assessment should be listed only under one
IFO.
[52] Three of the TSARs did not mention conducting follow-up activities
during their interview, in part because we did not specifically ask
about conducting follow-up activities during these interviews.
[53] TSARs may assist foreign officials in developing action plans to
address deficiencies identified by TSA during airport assessments.
According to TSA guidance, TSARs are to assist foreign officials in
developing action plans when the security deficiencies identified are
significant, but do not pose an immediate or serious threat to aviation
security. During fiscal year 2005, TSA developed an action plan for 1
foreign airport. Action plans are to include (1) the security
deficiencies identified at the airport, (2) the corresponding
recommended corrective actions agreed upon by TSA and host government
officials to address each deficiency, (3) host government officials'
progress in implementing corrective actions, (4) date when host
government is expected to complete the corrective action, and (5) the
host government office or agency responsible for implementing the
corrective action.
[54] PARIS is a Web-based method for entering, storing, and retrieving
performance activities and information on TSA-regulated entities,
including air carriers. PARIS includes profiles for each entity,
inspections conducted by TSA, and investigations that are prompted by
incidents or inspection findings.
[55] GAO, Aviation Security: Better Management Controls are Needed to
Improve FAA's Safety Enforcement and Compliance Efforts, GAO-04-646
(Washington D.C.: July 2004), and GAO, Pipeline Safety: Management of
the Office of Pipeline Safety Enforcement Program Needs Further
Strengthening, GAO-04-801 (Washington D.C.: July 2004).
[56] In this instance, host government law precluded the air carrier
from complying with TSA requirements for checked baggage screening.
[57] As discussed previously, TSA did not maintain accurate or complete
data on the number of foreign airport assessments and air carrier
inspections scheduled for a particular fiscal year. Therefore, our
calculations may not include all of the assessments and inspections
that were conducted, deferred, and canceled during fiscal year 2005.
[58] The State Department bases the number of American positions
overseas on the mission priorities of the embassy, the programmatic and
administrative costs associated with increases in staffing, and
security issues related to the number of Americans posted overseas.
According to the State Department, the average cost of putting an
American position overseas will be approximately $430,000. U.S. Office
of Management and Budget, Department of State and International
Assistance Programs, Budget of the United States Government, Fiscal
Year 2006 (Washington, D.C.: February 2005).
[59] Airport visits include visits to a foreign airport to conduct an
airport assessment in conjunction with air carrier inspections or to
conduct solely an airport assessment or air carrier inspections.
[60] As of June 2006, there were 65 domestic inspectors stationed at 52
U.S. airports who were eligible to conduct foreign airport assessments
and inspections of air carriers operating out of foreign airports.
There were approximately 700 domestic inspectors stationed at U.S.
airports at the beginning of fiscal year 2006. According to TSA, teams
consisting only of domestic inspectors were used to conduct about 2
percent of foreign airport assessments and only 1 percent of air
carrier inspections during fiscal year 2005.
[61] Under the previous scheduling approach, foreign airports that
exhibited no operational issues in the previous two assessments were
assessed once every 3 years. Foreign airports that had not been
previously assessed, subjected to secretarial action within the last 5
years, or exhibited operational issues in either of the two previous
assessments were assessed once a year. Operational issues are
weaknesses in the security system at an airport that pose a direct
threat to the safety and security of passengers, aircraft, and crew
(i.e., screening and access control measures).
[62] See Pub. L. No. 108-176, § 611(b)(1), 117 Stat. 2490, 2571-72
(2003) (codified at 49 U.S.C. § 44924). As of March 2007, TSA had not
issued final regulations to satisfy this requirement.
[63] FAA-approved repair stations in foreign countries are facilities
located overseas that perform maintenance and repairs on aircraft
operated by U.S. air carriers or aircraft registered in the United
States.
[64] The 27 member states of the European Union are Belgium, Bulgaria,
Czech Republic, Denmark, Germany, Estonia, Greece, Spain, France,
Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, Hungary, Malta,
the Netherlands, Austria, Poland, Portugal, Romania, Slovenia,
Slovakia, Finland, Sweden and the United Kingdom.
[65] Founded in 1955 as an intergovernmental organization, ECAC aims to
promote the continued development of a safe, efficient, and sustainable
European air transport system. In so doing, ECAC conducts assessments
of airports within member states, at the request of officials from its
member states. ECAC derived the standards by which airports are
assessed from ICAO Annex 17 civil aviation security standards. However,
ECAC officials stated that their standards are more prescriptive than
those of ICAO.
[66] According to TSA officials, TSA conducts its foreign airport
assessments in a manner consistent with how the Federal Aviation
Administration conducted its assessments before this responsibility
transferred to TSA pursuant to the Aviation and Transportation Security
Act (ATSA). See International Security and Development Cooperation Act
of 1985, Pub. L. No. 99-83, § 551, 99 Stat. 190, 222-25 (authorizing
the Secretary of Transportation to conduct assessments of the
effectiveness of the security measures maintained at foreign airports);
see also H.R. Conf. Rep. No. 99-237, pp. 124-29 (1985).
[67] These officials, at the time of the interview, were not able to
offer specific examples of other security measures that would be more
effective at preventing a terrorist attack.
[68] Pursuant to 49 U.S.C. § 44901(a), the screening of all passengers
and property that will be carried aboard a passenger aircraft with a
flight or flight segment originating in the United States shall take
place before boarding and shall be carried out by a federal government
employee (or by private screeners under contract to TSA as part of the
Screener Partnership Program in accordance with § 44920).
[69] GAO, Aviation Security: Federal Efforts to Secure U.S. Bound Air
Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-337SU
(Washington, D.C.: March 2007).
[70] TSA is authorized under U.S. law to conduct assessments of foreign
airports. See 49 U.S.C. § 44907. Although TSA does not have any
authority to compel a foreign airport or government to submit to a TSA
assessment, the agency does have authority (in conjunction with other
appropriate U.S. government entities such as FAA and the Department of
State) to impose restrictions on air travel between that airport and
the United States in the event it is not permitted to conduct an
assessment. See id.
[71] Based on the assessment reports TSA provided us, we determined
that TSA conducted 128 foreign airport assessments at 126 unique
airports during fiscal year 2005; that is, 2 foreign airports were
assessed twice during fiscal year 2005.
[72] The PARIS database, established in July 2003, provides TSA a Web-
based method for entering, storing, and retrieving performance
activities and information on TSA-regulated entities, including air
carriers. PARIS includes profiles for each entity, inspections
conducted by TSA, and investigations that are prompted by incidents or
inspection findings.
[73] See 49 U.S.C. § 44907.
[74] The No-Fly list contains the names of individuals that pose, or
are suspected of posing, a threat to civil aviation for national
security and are precluded from boarding an aircraft.
[75] GAO, Internal Control: Standards for Internal Control in the
Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November
1999), and GAO, Internal Control: Internal Control Management and
Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001).
[76] We visited the embassies of Australia, Belgium, Canada, the
Dominican Republic, Ecuador, France, Germany, Indonesia, Israel, Japan,
Mexico, the Netherlands, the Philippines, Singapore, Thailand, and the
United Kingdom.
[77] We met with officials from American Airlines, British Airways,
Caribbean Sun Airlines, Continental Micronesia, Delta Air Lines,
Lufthansa, Northwest Airlines, Philippine Airlines, Singapore Airlines,
Thai Airways International, and Virgin Atlantic.
[78] The Federal Security Director is the ranking TSA authority
responsible for the leadership and coordination of TSA security
activities at the nation's commercial airports.
[79] The specific Security Directives are sensitive security
information and, therefore, are not identified in this report.
[80] See 49 C.F.R. § 1546.103(a)(3). 49 U.S.C. § 44906, however,
provides that TSA shall not approve the security program of a foreign
air carrier unless it requires the foreign carrier in its operations to
and from airports in the United States to adhere to the identical
security measures required of air carriers serving the same airports.
[81] The specific emergency amendments are sensitive security
information and, therefore, are not identified in this report.
[82] East Africa Counterterrorism Initiative (EACTI) includes military
training for border and coastal security, programs to strengthen
control of the movement of people and goods across borders, aviation
security capacity building, assistance for regional efforts against
terrorist financing, and police training. EACTI also includes an
education program to counter extremist influence and a robust outreach
program. According to DOT, with the exception of Djibouti, which has a
separate funding course, the Economic Support Funds used to support the
remainder of the Safe Skies countries can only be used to support those
aviation security technical assistance and capacity-building activities
performed by nonmilitary and nonpolice personnel.
[83] According to DOT, Safe Skies offers technical assistance and
training for both aviation safety and security and does not track
funding levels by activity.
[84] According to DOT, Cape Verde is the only Safe Skies country that
has successfully achieved FAA Category 1 status for safety oversight in
accordance with ICAO aviation security standards. Cape Verde also met
ICAO standards for security oversight and TSA security requirements for
providing direct service to the United States. As such, DOT provides
limited assistance to Cape Verde to sustain its safety and security
status.
[85] The Department of State did not fund workshops directly, but
rather through a grant to OAS/CICTE; thus the specific cost information
is not available. Further, many countries received assistance at
workshops held for multiple countries at the same time and it is
difficult to disaggregate cost information.
[86] Not all money was used due to inability to place an aviation
security expert on site.
[87] In August 1985, the International Security and Development
Cooperation Act of 1985, Pub.L. No. 99-83, was enacted, which included
a section called the Foreign Airport Security Act.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400:
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800:
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
