This is the accessible text file for GAO report number GAO-12-900T 
entitled 'General Aviation Security: TSA's Process for Ensuring 
Foreign Flight Students Do Not Pose a Security Risk Has Weaknesses' 
which was released on July 18, 2012. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Testimony: 

Before the Subcommittee on Transportation Security, Committee on 
Homeland Security, House of Representatives: 

For Release on Delivery: 
Expected at 10:00 a.m. EDT: 
Wednesday, July 18, 2012: 

General Aviation Security: 

TSA's Process for Ensuring Foreign Flight Students Do Not Pose a 
Security Risk Has Weaknesses: 

Statement of Stephen M. Lord:
Homeland Security and Justice Issues: 

GAO-12-900T: 

Chairman Rogers, Ranking Member Jackson Lee, and Members of the 
Committee: 

I am pleased to be here to discuss the findings of our report 
assessing the Transportation Security Administration's (TSA) efforts 
to address general aviation security.[Footnote 1] Altogether, more 
than 200,000 general aviation aircraft--from small aircraft with 
minimal load capacities to business jets and larger aircraft such as 
privately operated Boeing 747s--operate at more than 19,000 
facilities.[Footnote 2] U.S. government threat assessments have 
discussed plans by terrorists to use general aviation aircraft to 
conduct attacks. Further, analysis conducted on behalf of TSA has 
indicated that larger general aviation aircraft, such as midsized and 
larger jets often used for business purposes, may be able to cause 
significant damage to buildings and other structures. Also, the 
terrorists responsible for the September 11, 2001, attacks learned to 
fly at flight schools in Florida, Arizona, and Minnesota. TSA, within 
the Department of Homeland Security (DHS), has responsibilities for 
general aviation security, and developed the Alien Flight Student 
Program (AFSP) to help determine whether foreign students enrolling at 
flight schools pose a security threat. 

My testimony this morning will address the key findings from the 
general aviation security report that we are issuing today.[Footnote 
3] Specifically, my statement will address (1) TSA and general 
aviation industry actions to enhance security and TSA efforts to 
obtain information on these actions and (2) TSA efforts to ensure 
foreign flight students do not pose a security threat. 

For the report, we reviewed applicable laws, regulations, and 
policies, as well as documentation provided by TSA on its oversight of 
general aviation security, including procedures for conducting 
security threat assessments of AFSP candidates. In addition, we 
interviewed 22 general aviation operators--including 5 private 
operators, 7 private charter companies that also perform as private 
operators, and 10 flight schools--located at eight selected airports 
to observe and discuss security initiatives implemented. We selected 
these airports based on their geographic dispersion, types of general 
aviation operations present, and size of aircraft based at each 
airport. We also interviewed representatives from six aviation 
industry associations. Further, we reviewed TSA analysis comparing 
Federal Aviation Administration (FAA) data from January 2006 to 
September 2011 on foreign nationals applying for airman certificates 
(pilot's licenses) with AFSP data. We conducted this work in 
accordance with generally accepted government auditing standards. More 
detailed information on the scope and methodology can be found in our 
published report. 

TSA and Aircraft Operators Have Taken Actions to Secure General 
Aviation; TSA Obtains Information through Outreach and Inspections: 

TSA and aircraft operators have taken several important actions to 
enhance general aviation security, and TSA is working with aviation 
industry stakeholders to develop new security guidelines and 
regulations. Among other measures, TSA worked with members of the 
General Aviation Working Group of its Aviation Security Advisory 
Committee in 2003 and 2004 to develop recommended guidelines for 
general aviation airport security, and TSA expects the group to issue 
updated guidelines later this year.[Footnote 4] In addition, pursuant 
to the Aviation and Transportation Security Act, TSA established and 
oversees implementation of a security program in which aircraft 
weighing more than 12,500 pounds in scheduled or charter service that 
carry passengers or cargo or both, and that do not fall under another 
security program, must implement a "Twelve-Five" standard security 
program.[Footnote 5] Aircraft operators implementing a Twelve-Five 
security program must include, among other elements, procedures 
regarding bomb or air piracy threats. TSA obtains information directly 
from aircraft operators that fall under Twelve-Five through its review 
and approval of the security programs developed by these operators and 
through periodic inspections to determine the extent to which 
operators comply with their security programs. TSA inspectors are 
responsible for conducting these periodic inspections and determining 
whether operators are in compliance with program requirements or 
whether a violation has occurred. Independent of regulatory 
requirements, operators of private general aviation aircraft not 
covered under existing security programs we spoke to indicated that 
they implement a variety of security measures to enhance security for 
their aircraft. For example, 7 of the 12 operators that perform as 
private operators that we interviewed stated that they park their 
aircraft in hangars to protect them from possible misuse or vandalism. 

TSA has also conducted outreach to the general aviation community to 
establish a cooperative relationship with general aviation 
stakeholders. TSA officials we spoke to stated that the agency does 
not have a systematic mechanism to collect information on the security 
measures implemented by other general aviation aircraft operators that 
do not fall under TSA security programs. Rather, the agency has 
developed informal mechanisms for obtaining information on security 
measures enacted by these operators, such as outreach conducted by TSA 
inspectors, and has contacted general aviation industry associations 
to obtain this information. 

In 2008, TSA developed a proposed rule that would have imposed 
security requirements on all aircraft over 12,500 pounds, including 
those not currently covered under existing security programs, thereby 
subjecting them to TSA security requirements and inspections. However, 
industry associations and others expressed concerns about the extent 
to which TSA obtained industry views and information in the proposed 
rule's development. They also questioned the security benefit of the 
proposed rule and stated that it could negatively affect the aviation 
industry given its broad scope. In response to these concerns, TSA 
officials said the agency is revising the proposed rule and plans to 
issue a supplemental notice of proposed rulemaking in late 2012 or 
early 2013. Officials from all six industry associations we spoke with 
stated that TSA has reached out to gather industry's input, and three 
of the six associations stated that TSA has improved its efforts to 
gather input since the 2008 notice of proposed rulemaking. 

Weaknesses Exist in Processes for Conducting Security Threat 
Assessments and for Identifying Potential Immigration Violations: 

TSA vets foreign flight student applicants through AFSP, but 
weaknesses exist in the vetting process and in DHS's process for 
identifying flight students who may be in the country illegally. In 
our July 2012 report, we recommended two actions that DHS and TSA 
could take to address these concerns. 

Under AFSP, foreign nationals seeking flight training in the United 
States must receive a TSA security threat assessment before receiving 
flight training to determine whether each applicant is a security 
threat to the United States. According to TSA regulations, an 
individual poses a security threat when the individual is suspected of 
posing, or is known to pose, a threat to transportation or national 
security, a threat of air piracy or terrorism, a threat to airline or 
passenger security, or a threat to civil aviation security.[Footnote 
6] According to TSA officials, when a foreign national applies to AFSP 
to obtain flight training, TSA uses information submitted by the 
foreign national--such as name, date of birth, and passport 
information--to conduct a criminal history records check, a review of 
the Terrorist Screening Database, and a review of the Department of 
Homeland Security's TECS system.[Footnote 7] 

According to TSA officials, most foreign nationals taking training 
from a U.S. flight training provider will apply for an FAA airman 
certificate (pilot's license) once their flight training is completed. 
Information obtained by FAA as part of this application for 
certification is placed in the airmen registry. From January 2006 
through September 2011, 25,599 foreign nationals had applied for FAA 
airman certificates, indicating they had completed flight training. We 
provided data from FAA's airmen registry to TSA so that the agency 
could conduct a matching process to determine whether the foreign 
nationals in the FAA airmen registry were in TSA's AFSP database and 
the extent to which they had been successfully vetted through the AFSP 
database. The results of our review of TSA's analyses are as follows: 

* TSA's analysis indicated that some of the 25,599 foreign nationals 
in the FAA airmen registry were not in the TSA AFSP database, 
indicating that these individuals had not applied to the AFSP or been 
vetted by TSA before taking flight training and receiving an FAA 
airman certificate.[Footnote 8] 

* TSA's analysis indicated that an additional number of the 25,599 
foreign nationals in the FAA airmen registry were also in the TSA AFSP 
database but had not been successfully vetted, meaning that they had 
received an FAA airman certificate but had not been successfully 
vetted or received permission from TSA to begin flight training. 

Since 2009, TSA has continuously vetted all new and existing FAA 
airman certificate holders against the Terrorist Screening Database, 
which would include the foreign nationals identified through TSA's 
analysis. However, this vetting does not occur until after the foreign 
national has obtained flight training. Thus, foreign nationals 
obtaining flight training with the intent to do harm, such as three of 
the pilots and leaders of the September 11 terrorist attacks, could 
have already obtained the training needed to operate an aircraft 
before they received any type of vetting. In our report, we 
recommended that TSA take steps to identify any instances where 
foreign nationals receive FAA airman certificates without first 
undergoing a TSA security threat assessment and examine those 
instances so that TSA can identify the reasons for these occurrences 
and strengthen controls to prevent future occurrences. DHS concurred 
with this recommendation and stated that TSA signed a memorandum of 
understanding with FAA in February 2012 to exchange data. The 
memorandum, which FAA signed in March 2012, outlines a process for FAA 
to provide certain data from its airmen registry on a monthly basis 
and authorizes TSA to use the data to ensure flight training providers 
are providing TSA with information to conduct the appropriate 
background check prior to flight instruction. This is an important 
first step toward addressing our recommendation, provided that TSA 
uses the data to identify instances where foreign nationals receive 
FAA airman certificates without first undergoing a TSA security threat 
assessment, identifies reasons for these occurrences, and strengthens 
controls to prevent future occurrences, as we recommended. 

Another weakness that we identified is that AFSP is not designed to 
determine whether a foreign flight student entered the country 
legally; thus, a foreign national can be approved for training through 
AFSP after entering the country illegally. In March 2010, U.S. 
Immigration and Customs Enforcement (ICE) investigated a Boston-area 
flight school after local police stopped the flight school owner for a 
traffic violation and discovered that he was in the country illegally. 
In response to this incident, ICE launched a broader investigation of 
the students enrolled at the flight school. ICE found that 25 of the 
foreign nationals at this flight school had applied to AFSP and had 
been approved by TSA to begin flight training after their security 
threat assessment had been completed; however, the ICE investigation 
and our subsequent inquiries revealed the following issues, among 
other things: 

* Eight of the 25 foreign nationals who received approval by TSA to 
begin flight training were in "entry without inspection" status, 
meaning they had entered the country illegally. Three of these had 
obtained FAA airman certificates: 2 held FAA private pilot 
certificates and 1 held an FAA commercial pilot certificate. 

* Seventeen of the 25 foreign nationals who received approval by TSA 
to begin flight training were in "overstay" status, meaning they had 
overstayed their authorized period of admission into the United States. 

* In addition, the flight school owner held two FAA airman 
certificates. Specifically, he was a certified Airline Transport Pilot 
(cargo pilot) and a Certified Flight Instructor. However, he had never 
received a TSA security threat assessment or been approved by TSA to 
obtain flight training. He had registered with TSA as a flight 
training provider under AFSP.[Footnote 9] 

As a result, TSA and ICE jointly worked on a pilot program for vetting 
names of foreign students against immigration databases, but have not 
specified desired outcomes and time frames, or assigned individuals 
with responsibility for fully instituting the program. Having a road 
map, with steps and time frames, and assigning individuals the 
responsibility for fully instituting a pilot program could help TSA 
and ICE better identify and prevent potential risk. We recommended 
that TSA and ICE develop a plan, with time frames, and assign 
individuals with responsibility and accountability for assessing the 
results of their pilot program to check TSA AFSP data against 
information DHS has on applicants' admissibility status to help detect 
and identify violations, such as overstays and entries without 
inspection, by foreign flight students, and institute that pilot 
program if it is found to be effective. DHS concurred with this 
recommendation and stated that TSA will prepare a plan by December 
2012 to assess the results of the pilot program with ICE to determine 
the lawful status of the active AFSP population. The plan is to 
include specific details on time frames and accountability and 
recommendations for next steps. We believe that these are positive 
actions that could help TSA address the weaknesses identified in our 
report and we will continue to work with TSA to monitor progress on 
the proposed solutions as the agency proceeds. 

Chairman Rogers, Ranking Member Jackson Lee, and Members of the 
Committee, this concludes my prepared statement. I look forward to 
responding to any questions that you may have. 

GAO Contact and Staff Acknowledgments: 

For questions about this statement, please contact Steve Lord at (202) 
512-4379 or lords@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. Individuals making key contributions to this 
statement include Jessica Lucas-Judy, Assistant Director, and Adam 
Hoffman, Analyst in Charge. Additional contributors include Thomas 
Lombardi and Anthony Pordes. 

[End of section] 

Footnotes: 

[1] GAO, General Aviation Security: Weaknesses Exist in TSA's Process 
for Ensuring Foreign Flight Students Do Not Pose a Security Threat, 
[hyperlink, http://www.gao.gov/products/GAO-12-875] (Washington, D.C.: 
July 18, 2012). 

[2] General aviation includes nonscheduled aircraft operations such as 
air medical-ambulance, corporate aviation, and privately owned 
aircraft--generally, aircraft not available to the general public for 
transport. 

[3] [hyperlink, http://www.gao.gov/products/GAO-12-875]. 

[4] Originally established in 1988, following the 1988 Pan American 
World Airways Flight 103 bombing over Lockerbie, Scotland, the 
Aviation Security Advisory Committee was developed to allow all 
segments of the population to have input into aviation security 
considerations. The committee's charter expired in 2010, but was 
subsequently reestablished by TSA in November 2011. 

[5] See 49 C.F.R. � 1544.101(d). See also Pub. L. No. 107-71, � 
132(a), 115 Stat. 597, 635-36 (2001). 

[6] See 49 C.F.R. � 1540.115(c). 

[7] Information in the Terrorist Screening Center's consolidated 
database of known or suspected terrorists--the Terrorist Screening 
Database--is used for security-related screening of foreign nationals 
applying to AFSP. TECS, an updated and modified version of the former 
Treasury Enforcement Communications System, is an information-sharing 
platform that allows users to access different databases relevant to 
the antiterrorism and law enforcement mission of numerous other 
federal agencies. 

[8] For its analysis, TSA used a software tool that performs "fuzzy 
matching" of data such as names, dates, or telephone numbers. The 
specific number is deemed sensitive security information and is 
therefore not included in this report. 

[9] We recently reported on issues related to ICE's oversight of the 
Student and Exchange Visitor Program (SEVP). Specifically, ICE 
certifies schools to accept foreign nationals on student visas in 
academic and vocational programs, including those that provide flight 
training. SEVP-certified flight schools are a relatively small 
percentage of schools nationwide that offer flight training to foreign 
nationals. See GAO, Student and Exchange Visitor Program: DHS Needs to 
Assess Security Risks and Strengthen Oversight of Schools, [hyperlink, 
http://www.gao.gov/products/GAO-12-572] (Washington, D.C.: June 18, 
2012). 

[End of section] 

GAO�s Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO�s commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO�s website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select 
�E-mail Updates.� 

Order by Phone: 

The price of each GAO publication reflects GAO�s actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO�s 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548. 

Public Affairs: 
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, DC 20548.