Aviation Security:

TSA Has Taken Steps to Enhance Its Foreign Airport Assessments, but Opportunities Exist to Strengthen the Program

GAO-12-163: Published: Oct 21, 2011. Publicly Released: Oct 31, 2011.

Additional Materials:

Contact:

Stephen M. Lord
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

International flights bound for the United States continue to be targets of terrorist activity, as demonstrated by the October 2010 discovery of explosive devices in air cargo packages bound for the United States from Yemen. The Transportation Security Administration (TSA) is responsible for securing the nation's civil aviation system, which includes ensuring the security of U.S.-bound flights. As requested, GAO evaluated (1) the steps TSA has taken to enhance its foreign airport assessment program since 2007, and any remaining program challenges; (2) TSA's assessment results, including how TSA uses the results to guide future efforts; and (3) what opportunities, if any, exist to enhance the program. To conduct this work, GAO reviewed foreign airport assessment procedures and results, interviewed TSA and foreign aviation security officials, and observed TSA conduct a foreign airport assessment. While these interviews and observations are not generalizable, they provided insights on TSA's program. This is the public version of a sensitive report GAO issued in September, 2011. Information that TSA deemed sensitive has been omitted.

Since 2007, TSA has taken a number of steps to enhance its foreign airport assessment program, some of which were taken in response to GAO's prior recommendations. For example, TSA updated its policies and methodologies used to guide and prioritize its assessment efforts, and implemented tools to track its annual assessment schedule, airport assessment results, and foreign government progress in resolving security deficiencies previously identified during the assessments. However, challenges remain in gaining access to some foreign airports, developing an automated database to better manage program information, prioritizing and providing training and technical assistance to foreign countries, and expanding the scope of TSA's airport assessments to include all-cargo operations. TSA has various efforts under way to address these challenges. Based on GAO's analysis of TSA's foreign airport assessments conducted from fiscal year 2006 through May 2011, some foreign airports complied with all of TSA's aviation security assessment standards; however, TSA has identified serious noncompliance issues at a number of foreign airports. Common areas of noncompliance included weaknesses in airport access controls and passenger and baggage screening. Moreover, GAO's analysis showed variation in airport compliance across geographic regions and individual security standards, among other things. For example, GAO's analysis showed that some number of regions of the world had no airports with egregious noncompliance while other regions had several such airports. However, TSA has not yet taken steps to evaluate its assessment results to identify regional and other trends over time. Developing a mechanism to evaluate its assessment results could help support TSA's priorities for aviation security training and technical assistance, inform its risk management decision making by identifying any trends and security gaps, and target capacity building efforts. Opportunities also exist for TSA to make additional program improvements in several key areas. For example, the agency has not developed criteria and guidance for determining foreign airport vulnerability ratings. This is particularly important given that these ratings are a key component for how TSA determines each foreign airport's risk level. Providing TSA decision makers with more specific criteria and definitions could provide greater assurance that such determinations are consistent across airports over time. In addition, there are opportunities for TSA to increase program efficiency and effectiveness by, for example, conducting more targeted foreign airport assessments and systematically compiling and analyzing security best practices. Taking such actions could help TSA better focus its assessments to address areas of highest risk, and identify security best practices and technologies that may be applicable to enhancing the security of both foreign and domestic airports. GAO recommends that TSA develop a mechanism to evaluate its assessment results to identify any trends, and target resources and future activities; establish criteria for determining foreign airport vulnerability ratings; and consider the feasibility of conducting more targeted assessments and compiling information on aviation security best practices. DHS agreed with the recommendations.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In response to our recommendation that the Transportation Security Administration (TSA) develop a mechanism to evaluate the results of completed foreign airport assessment activities to determine any trends and better target activities and resources, TSA created an analytical tool that compares the most current airport vulnerability findings by region (Asia Pacific, Western Hemisphere, and Africa and the Middle East), including evaluating the frequency of noncompliance issues identified by TSA inspectors. For example, TSA?s analytical tool provides results on all foreign airport assessments TSA has completed since 2007, and allows TSA to evaluate and compare individual airports assessment results over time to identify any trends. It also provides break outs on the number of airport assessments TSA has completed within each geographic region, and provides an average vulnerability rating for each airport within each region allowing TSA to evaluate which regions are generally more or less vulnerable than others in terms of airport security. The tool also provides information on which specific airport security standards are most frequently found to have deficiencies by TSA inspectors, including breakouts by region allowing TSA to evaluate and compare which standards are more and less frequently found to be deficient within each region. We are therefore closing this recommendation as implemented.

    Recommendation: To help further enhance TSA's foreign airport assessment program, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to develop a mechanism to evaluate the results of completed assessment activities to determine any trends and target future activities and resources. This evaluation could include frequency of noncompliance issues, regional variations, and perspectives on the security posture of individual airports over time.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: In response to our recommendation that the Transportation Security Administration (TSA) develop criteria and guidance to better assist TSA officials in determining vulnerability ratings of individual foreign airports, TSA established new vulnerability rating criteria and guidance in January 2013. More specifically, TSA assigns each airport an overall vulnerability score of 1-5. These scores, or categories, are numerical representations of compliance or noncompliance with the security standards the agency assesses each foreign airport against. Prior to January 2013, Category 1 = Fully Compliant; Category 2 = Capability Exists with Minor Episodes of Noncompliance; Category 3 = Capability Exists, Compliance is Generally Noted, Shortfalls Remain; Category 4 = Capability Exists, Serious Lack of Implementation Observed; and Category 5 = Egregious Noncompliance. However, we reported in 2012 that TSA had not developed any specific criteria, definitions, or implementing guidelines to ensure managers and other program management officials applied these categories consistently across airports. For example, TSA did not define how to assess whether an airport should receive a vulnerability rating of 3--"capability exists, compliance is generally noted, shortfalls remain," versus a vulnerability rating of 2--"capability exists with minor episodes of noncompliance." However, TSA's January 2013 category definitions provide more specific criteria and guidance to better assist TSA managers and other program management officials in applying the 5 categories more consistently across airports. For example, TSA's new criteria and guidance is as follows: 1 = Fully Compliant; 2 = Have documented procedures; however, the implementation of procedures is inconsistent (Isolated occurrence(s)); 3 = (A) Have documented procedures; however, inconsistencies remain or (B) Have no documented procedures, but measures are implemented; 4 = Have documented procedures; however, the procedures are not implemented; and 5 = No documented procedures and no implementation. TSA's updated guidance provides more specific criteria to help managers and other program management officials apply the categories more consistently across airports. We are therefore closing this recommendation as implemented.

    Recommendation: To help further enhance TSA's foreign airport assessment program, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to establish criteria and guidance to assist TSA decision makers when determining the vulnerability rating of individual foreign airports.

    Agency Affected: Department of Homeland Security

  3. Status: Closed - Implemented

    Comments: In response to our recommendation that the Transportation Security Administration (TSA) consider the feasibility of conducting more targeted assessments and systematically compiling information on aviation security best practices, TSA has taken several actions. Specifically, TSA developed the Pre-Visit Questionnaire (PVQ), which host foreign airport officials fill out prior to TSA's visit. Specifically, the PVQ is sent to the host government about two months prior to the assessment in order to provide host government officials time to complete and return the questionnaire. This information enables each TSA foreign airport assessment team to tailor the on-site assessment at each airport to the information provided in the PVQ, and focus TSA's assessment efforts on specific areas of concern as indicated in the PVQ responses, and as TSA inspectors identified during prior assessments. TSA pilot tested the PVQ during 2012 and 2013 prior to the issuance of its final version on April 3, 2013. In addition, TSA has also developed a "Special Focus Assessment" regime, which emphasizes focusing on the most critical foreign airport security standards. These focused assessments are in use at locations where personal security is of significant concern (e.g., Mexico, Iraq) or where a full-scope assessment is not necessary (e.g., proposed new last point of departure airports). In addition, TSA's Global Risk Analysis and Decision Support (GRADS) System includes a mechanism for capturing best practices observed and documented by assessment teams during their periodic visits. Specifically, the GRADS system is utilized to capture various data points during the airport assessment. The data can then be analyzed in order to develop trends and best practices.

    Recommendation: To help further enhance TSA's foreign airport assessment program, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to consider the feasibility of conducting more targeted assessments and systematically compiling information on aviation security best practices.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Sep 18, 2014

Sep 17, 2014

Sep 10, 2014

Sep 9, 2014

Sep 8, 2014

Jul 31, 2014

Jul 29, 2014

Looking for more? Browse all our products here