General Aviation Security: TSA's Process for Ensuring Foreign Flight Students Do Not Pose a Security Risk Has Weaknesses
Highlights
What GAO Found
TSA and aircraft operators have taken several important actions to enhance general aviation security, and TSA is working with aviation industry stakeholders to develop new security guidelines and regulations. Among other measures, TSA worked with members of the General Aviation Working Group of its Aviation Security Advisory Committee in 2003 and 2004 to develop recommended guidelines for general aviation airport security, and TSA expects the group to issue updated guidelines later this year. In addition, pursuant to the Aviation and Transportation Security Act, TSA established and oversees implementation of a security program in which aircraft weighing more than 12,500 pounds in scheduled or charter service that carry passengers or cargo or both, and that do not fall under another security program, must implement a “Twelve-Five” standard security program. Aircraft operators implementing a Twelve-Five security program must include, among other elements, procedures regarding bomb or air piracy threats. TSA obtains information directly from aircraft operators that fall under Twelve-Five through its review and approval of the security programs developed by these operators and through periodic inspections to determine the extent to which operators comply with their security programs. TSA inspectors are responsible for conducting these periodic inspections and determining whether operators are in compliance with program requirements or whether a violation has occurred. Independent of regulatory requirements, operators of private general aviation aircraft not covered under existing security programs we spoke to indicated that they implement a variety of security measures to enhance security for their aircraft. For example, 7 of the 12 operators that perform as private operators that we interviewed stated that they park their aircraft in hangars to protect them from possible misuse or vandalism.
TSA vets foreign flight student applicants through AFSP, but weaknesses exist in the vetting process and in DHS’s process for identifying flight students who may be in the country illegally. In our July 2012 report, we recommended two actions that DHS and TSA could take to address these concerns.
Under AFSP, foreign nationals seeking flight training in the United States must receive a TSA security threat assessment before receiving flight training to determine whether each applicant is a security threat to the United States. According to TSA regulations, an individual poses a security threat when the individual is suspected of posing, or is known to pose, a threat to transportation or national security, a threat of air piracy or terrorism, a threat to airline or passenger security, or a threat to civil aviation security. According to TSA officials, when a foreign national applies to AFSP to obtain flight training, TSA uses information submitted by the foreign national—such as name, date of birth, and passport information—to conduct a criminal history records check, a review of the Terrorist Screening Database, and a review of the Department of Homeland Security’s TECS system.
According to TSA officials, most foreign nationals taking training from a U.S. flight training provider will apply for an FAA airman certificate (pilot’s license) once their flight training is completed. Information obtained by FAA as part of this application for certification is placed in the airmen registry. From January 2006 through September 2011, 25,599 foreign nationals had applied for FAA airman certificates, indicating they had completed flight training. We provided data from FAA’s airmen registry to TSA so that the agency could conduct a matching process to determine whether the foreign nationals in the FAA airmen registry were in TSA’s AFSP database and the extent to which they had been successfully vetted through the AFSP database. The results of our review of TSA’s analyses are as follows:
-
TSA’s analysis indicated that some of the 25,599 foreign nationals in the FAA airmen registry were not in the TSA AFSP database, indicating that these individuals had not applied to the AFSP or been vetted by TSA before taking flight training and receiving an FAA airman certificate.
-
TSA’s analysis indicated that an additional number of the 25,599 foreign nationals in the FAA airmen registry were also in the TSA AFSP database but had not been successfully vetted, meaning that they had received an FAA airman certificate but had not been successfully vetted or received permission from TSA to begin flight training.
Since 2009, TSA has continuously vetted all new and existing FAA airman certificate holders against the Terrorist Screening Database, which would include the foreign nationals identified through TSA’s analysis. However, this vetting does not occur until after the foreign national has obtained flight training. Thus, foreign nationals obtaining flight training with the intent to do harm, such as three of the pilots and leaders of the September 11 terrorist attacks, could have already obtained the training needed to operate an aircraft before they received any type of vetting. In our report, we recommended that TSA take steps to identify any instances where foreign nationals receive FAA airman certificates without first undergoing a TSA security threat assessment and examine those instances so that TSA can identify the reasons for these occurrences and strengthen controls to prevent future occurrences. DHS concurred with this recommendation and stated that TSA signed a memorandum of understanding with FAA in February 2012 to exchange data. The memorandum, which FAA signed in March 2012, outlines a process for FAA to provide certain data from its airmen registry on a monthly basis and authorizes TSA to use the data to ensure flight training providers are providing TSA with information to conduct the appropriate background check prior to flight instruction. This is an important first step toward addressing our recommendation, provided that TSA uses the data to identify instances where foreign nationals receive FAA airman certificates without first undergoing a TSA security threat assessment, identifies reasons for these occurrences, and strengthens controls to prevent future occurrences, as we recommended.
Why GAO Did This Study
This testimony discusses the findings of our report assessing the Transportation Security Administration’s (TSA) efforts to address general aviation security. Altogether, more than 200,000 general aviation aircraft—from small aircraft with minimal load capacities to business jets and larger aircraft such as privately operated Boeing 747s—operate at more than 19,000 facilities. U.S. government threat assessments have discussed plans by terrorists to use general aviation aircraft to conduct attacks. Further, analysis conducted on behalf of TSA has indicated that larger general aviation aircraft, such as midsized and larger jets often used for business purposes, may be able to cause significant damage to buildings and other structures. Also, the terrorists responsible for the September 11, 2001, attacks learned to fly at flight schools in Florida, Arizona, and Minnesota. TSA, within the Department of Homeland Security (DHS), has responsibilities for general aviation security, and developed the Alien Flight Student Program (AFSP) to help determine whether foreign students enrolling at flight schools pose a security threat.
This testimony will address the key findings from the general aviation security report that we are issuing today. Specifically, my statement will address (1) TSA and general aviation industry actions to enhance security and TSA efforts to obtain information on these actions and (2) TSA efforts to ensure foreign flight students do not pose a security threat.
For questions about this statement, please contact Steve Lord at (202) 512-4379 or lords@gao.gov.