General Aviation Security:

Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success

GAO-05-144: Published: Nov 10, 2004. Publicly Released: Dec 10, 2004.

Additional Materials:

Contact:

Stephen M. Lord
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Federal intelligence agencies have reported that in the past, terrorists have considered using general aviation aircraft (all aviation other than commercial and military) for terrorist acts, and that the September 11th terrorists learned to fly at general aviation flight schools. The questions GAO answered regarding the status of general aviation security included (1) What actions has the federal government taken to identify and assess threats to, and vulnerabilities of, general aviation; and communicate that information to stakeholders? (2) What steps has the federal government taken to strengthen general aviation security, and what, if any, challenges does the government face; and (3) What steps have non-federal stakeholders taken to enhance the security of general aviation?

The federal and state governments and general aviation industry all play a role in securing general aviation operations. While the federal government provides guidance, enforces regulatory requirements, and provides some funding, the bulk of the responsibility for assessing and enhancing security falls on airport operators. Although TSA has issued a limited threat assessment of general aviation, and the FBI identified that terrorists have considered using general aviation to conduct attacks, a systematic assessment of threats has not been conducted. In addition, to assess airport vulnerabilities, TSA plans to issue a self-assessment tool for airport operators' use, but it does not plan to conduct on-site vulnerability assessments at all general aviation airports due to the cost and vastness of the general aviation network. Instead, TSA intends to use a systematic and analytical risk management process, which is considered a best practice, to assess the threats and vulnerabilities of general aviation. However, TSA has not yet developed an implementation plan for its risk management efforts. TSA and the Federal Aviation Administration (FAA) have taken steps to address security risks to general aviation through regulation and guidance, but still face challenges in their efforts to further enhance security. For example, TSA has promulgated regulations requiring background checks of foreign candidates for U.S. flight training schools and has issued security guidelines for general aviation airports. However, we found limitations in the process used to conduct compliance inspections of flight training programs. In addition, FAA, in coordination with TSA and other federal agencies, has implemented airspace restrictions over certain landmarks and special events. However, FAA has not established written policies or procedures for reviewing and revalidating the need for flight restrictions that limit access to airspace for indefinite periods of time and could negatively affect the general aviation industry. Non-federal general aviation stakeholders have partnered with the federal government and have individually taken steps to enhance general aviation security. For example, industry associations developed best practices and recommendations for securing general aviation, and have partnered with TSA to develop security initiatives such as the Airport Watch Program, similar to a neighborhood watch program. Some state governments have also provided funding for enhancing security at general aviation airports, and many airport operators GAO surveyed took steps to enhance security such as installing fencing and increasing police patrols.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To better assess the threat of terrorists' misuse of general aviation aircraft and to improve the quality of communicating terrorist threat information to the general aviation community, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of Homeland Security for the Transportation Security Administration to develop an implementation plan for executing a risk management approach that will help identify threats and vulnerabilities. Such a plan should include milestones, specific time frames, and estimates of funding and staffing needed to focus its resources and efforts on identified airports.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration

    Status: Closed - Implemented

    Comments: Based on interviews conducted for our review of TSA's Risk-based Transportation Security Plans, TSA officials responsible for general aviation said that the division has put together guidelines to serve as best practices for general aviation. The guidelines include an Airport Characteristic Tool that has elements of a vulnerability assessment. It also includes a list of security guidance to strengthen vulnerabilities. According to our March 2009 report (Transportation Security: Comprehensive Risk Assessments and Stronger Internal Controls Needed to Help Inform TSA Resource Allocation, GAO-09-492), TSA is planning to conduct assessments required by the 9/11 Commission Act on railroad transportation, school buses, rail tank cars, and general aviation airports. Further, we reported that agency officials stated they were reviewing a draft of an aviation risk assessment, known as the Air Domain Risk Assessment (ADRA), which is to provide a scenario-based risk assessment for the aviation system that may augment the information TSA uses to prioritize investments in security measures. In addition, the DHS Office of Inspector General reported on the status of DHS's efforts to secure general aviation in May 2009 (TSA's Role in General Aviation Security, OIG-09-69) and concluded that TSA has (1) identified practical, targeted measures to lessen risks in the aviation sector, based on threat assessments conducted by TSA's Office of Intelligence and other federal intelligence agencies, as well as the heightened awareness of aviation vulnerabilities since September 11, 2001; and (2) worked cooperatively with the industry to establish guidelines and voluntary measures designed to target the most serious vulnerabilities, including screening pilots and restricting access to airspace over urban areas and key infrastructure. While these efforts do not explicitly address our recommendation that TSA develop an implementation plan for executing a risk management approach that will help identify general aviation threats and vulnerabilities, the plans cited in our report and the actions cited by the DHS OIG reflect TSA's intent and ongoing focus on elements of risk management that are essential for enhancing general aviation security.

    Recommendation: To better assess the threat of terrorists' misuse of general aviation aircraft and to improve the quality of communicating terrorist threat information to the general aviation community, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of Homeland Security for the Transportation Security Administration to, after identifying the most critical threats and vulnerabilities, apply risk communication principles, including to the extent possible the nature of the threat, when and where it is likely to occur, over what time period, and guidance on actions to be taken--in developing and transmitting security advisories and threat notifications.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration

    Status: Closed - Implemented

    Comments: Based on interviews conducted for our review of TSA's Risk-based Transportation Security Plans, TSA officials responsible for General Aviation said that the division has put together guidelines to communicate best practices for general aviation. The guidelines include an Airport Characteristic Tool that has elements of a vulnerability assessment. It also includes a list of security guidance to strengthen vulnerabilities. According to our March 2009 report (Transportation Security: Comprehensive Risk Assessments and Stronger Internal Controls Needed to Help Inform TSA Resource Allocation, GAO-09-492), TSA is planning to conduct assessments required by the 9/11 Commission Act on railroad transportation, school buses, rail tank cars, and general aviation airports. Further, we reported that agency officials stated they were reviewing a draft of an aviation risk assessment, known as the Air Domain Risk Assessment (ADRA), which is to provide a scenario-based risk assessment for the aviation system that may augment the information TSA uses to prioritize security measures for security advisories and threat notifications. In addition, the DHS Office of Inspector General reported on the status of DHS's efforts to secure general aviation on May 27 2009 (TSA's Role in General Aviation Security, OIG-09-69) and concluded that TSA has established strong lines of communication and working partnerships with industry stakeholders, which in turn enable the general aviation industry to obtain, assess, and provide security programs and policies to address security vulnerabilities. These actions reflect the intent of our recommendation to apply risk communication principles in developing and transmitting security advisories and threat notifications.

    Recommendation: To help ensure that temporary flight restrictions issued for indefinite periods are reviewed and, if appropriate, revalidated and consistently applied, the Secretary of Transportation should direct the Administrator of the Federal Aviation Administration to establish a documented process to justify the initiation and continuance of flight restrictions for extended periods.

    Agency Affected: Department of Transportation

    Status: Closed - Implemented

    Comments: FAA issued Order JO 7210.3V on 2/14/08 to prescribe guidelines and procedures regarding the management of aircraft operations and the rationale for designating a TFR in accordance with 14 CFR Section 91.137. According to an update provided by FAA, to implement the agency's goal to use the briefest, least obtrusive airspace restriction possible to achieve the desired outcomes of safety, efficiency, and security, agency officials also conduct continual, ongoing interagency dialogue to ensure air restrictions are as brief and geographically limited as feasible.

    Jul 23, 2014

    Jun 25, 2014

    Jun 24, 2014

    Jun 18, 2014

    Jun 11, 2014

    May 30, 2014

    May 28, 2014

    Looking for more? Browse all our products here