United States Government Accountability Office GAO Testimony Before the Subcommittee on Transportation Security, Committee on Homeland Security, House of Representatives GENERAL AVIATION For Release on Delivery Expected at 10:00 a.m. EDT Wednesday, July 18, 2012 SECURITY TSA’s Process for Ensuring Foreign Flight Students Do Not Pose a Security Risk Has Weaknesses Statement of Stephen M. Lord Homeland Security and Justice Issues GAO-12-900T Chairman Rogers, Ranking Member Jackson Lee, and Members of the Committee: I am pleased to be here to discuss the findings of our report assessing the Transportation Security Administration’s (TSA) efforts to address general aviation security. 1 Altogether, more than 200,000 general aviation aircraft—from small aircraft with minimal load capacities to business jets and larger aircraft such as privately operated Boeing 747s—operate at more than 19,000 facilities. 2 U.S. government threat assessments have discussed plans by terrorists to use general aviation aircraft to conduct attacks. Further, analysis conducted on behalf of TSA has indicated that larger general aviation aircraft, such as midsized and larger jets often used for business purposes, may be able to cause significant damage to buildings and other structures. Also, the terrorists responsible for the September 11, 2001, attacks learned to fly at flight schools in Florida, Arizona, and Minnesota. TSA, within the Department of Homeland Security (DHS), has responsibilities for general aviation security, and developed the Alien Flight Student Program (AFSP) to help determine whether foreign students enrolling at flight schools pose a security threat. My testimony this morning will address the key findings from the general aviation security report that we are issuing today. 3 Specifically, my statement will address (1) TSA and general aviation industry actions to enhance security and TSA efforts to obtain information on these actions and (2) TSA efforts to ensure foreign flight students do not pose a security threat. For the report, we reviewed applicable laws, regulations, and policies, as well as documentation provided by TSA on its oversight of general aviation security, including procedures for conducting security threat assessments of AFSP candidates. In addition, we interviewed 22 general aviation operators—including 5 private operators, 7 private charter 1 GAO, General Aviation Security: Weaknesses Exist in TSA’s Process for Ensuring Foreign Flight Students Do Not Pose a Security Threat, GAO-12-875 (Washington, D.C.: July 18, 2012). 2 General aviation includes nonscheduled aircraft operations such as air medical- ambulance, corporate aviation, and privately owned aircraft—generally, aircraft not available to the general public for transport. 3 GAO-12-875. Page 1 GAO-12-900T companies that also perform as private operators, and 10 flight schools— located at eight selected airports to observe and discuss security initiatives implemented. We selected these airports based on their geographic dispersion, types of general aviation operations present, and size of aircraft based at each airport. We also interviewed representatives from six aviation industry associations. Further, we reviewed TSA analysis comparing Federal Aviation Administration (FAA) data from January 2006 to September 2011 on foreign nationals applying for airman certificates (pilot’s licenses) with AFSP data. We conducted this work in accordance with generally accepted government auditing standards. More detailed information on the scope and methodology can be found in our published report. TSA and aircraft operators have taken several important actions to TSA and Aircraft enhance general aviation security, and TSA is working with aviation Operators Have Taken industry stakeholders to develop new security guidelines and regulations. Among other measures, TSA worked with members of the General Actions to Secure Aviation Working Group of its Aviation Security Advisory Committee in General Aviation; TSA 2003 and 2004 to develop recommended guidelines for general aviation Obtains Information airport security, and TSA expects the group to issue updated guidelines later this year. 4 In addition, pursuant to the Aviation and Transportation through Outreach and Security Act, TSA established and oversees implementation of a security Inspections program in which aircraft weighing more than 12,500 pounds in scheduled or charter service that carry passengers or cargo or both, and that do not fall under another security program, must implement a “Twelve-Five” standard security program. 5 Aircraft operators implementing a Twelve-Five security program must include, among other elements, procedures regarding bomb or air piracy threats. TSA obtains information directly from aircraft operators that fall under Twelve-Five through its review and approval of the security programs developed by these operators and through periodic inspections to determine the extent to which operators comply with their security programs. TSA inspectors 4 Originally established in 1988, following the 1988 Pan American World Airways Flight 103 bombing over Lockerbie, Scotland, the Aviation Security Advisory Committee was developed to allow all segments of the population to have input into aviation security considerations. The committee’s charter expired in 2010, but was subsequently reestablished by TSA in November 2011. 5 See 49 C.F.R. § 1544.101(d). See also Pub. L. No. 107-71, § 132(a), 115 Stat. 597, 635- 36 (2001). Page 2 GAO-12-900T are responsible for conducting these periodic inspections and determining whether operators are in compliance with program requirements or whether a violation has occurred. Independent of regulatory requirements, operators of private general aviation aircraft not covered under existing security programs we spoke to indicated that they implement a variety of security measures to enhance security for their aircraft. For example, 7 of the 12 operators that perform as private operators that we interviewed stated that they park their aircraft in hangars to protect them from possible misuse or vandalism. TSA has also conducted outreach to the general aviation community to establish a cooperative relationship with general aviation stakeholders. TSA officials we spoke to stated that the agency does not have a systematic mechanism to collect information on the security measures implemented by other general aviation aircraft operators that do not fall under TSA security programs. Rather, the agency has developed informal mechanisms for obtaining information on security measures enacted by these operators, such as outreach conducted by TSA inspectors, and has contacted general aviation industry associations to obtain this information. In 2008, TSA developed a proposed rule that would have imposed security requirements on all aircraft over 12,500 pounds, including those not currently covered under existing security programs, thereby subjecting them to TSA security requirements and inspections. However, industry associations and others expressed concerns about the extent to which TSA obtained industry views and information in the proposed rule’s development. They also questioned the security benefit of the proposed rule and stated that it could negatively affect the aviation industry given its broad scope. In response to these concerns, TSA officials said the agency is revising the proposed rule and plans to issue a supplemental notice of proposed rulemaking in late 2012 or early 2013. Officials from all six industry associations we spoke with stated that TSA has reached out to gather industry’s input, and three of the six associations stated that TSA has improved its efforts to gather input since the 2008 notice of proposed rulemaking. Page 3 GAO-12-900T TSA vets foreign flight student applicants through AFSP, but weaknesses Weaknesses Exist in exist in the vetting process and in DHS’s process for identifying flight Processes for students who may be in the country illegally. In our July 2012 report, we recommended two actions that DHS and TSA could take to address these Conducting Security concerns. Threat Assessments and for Identifying Under AFSP, foreign nationals seeking flight training in the United States must receive a TSA security threat assessment before receiving flight Potential Immigration training to determine whether each applicant is a security threat to the Violations United States. According to TSA regulations, an individual poses a security threat when the individual is suspected of posing, or is known to pose, a threat to transportation or national security, a threat of air piracy or terrorism, a threat to airline or passenger security, or a threat to civil aviation security. 6 According to TSA officials, when a foreign national applies to AFSP to obtain flight training, TSA uses information submitted by the foreign national—such as name, date of birth, and passport information—to conduct a criminal history records check, a review of the Terrorist Screening Database, and a review of the Department of Homeland Security’s TECS system. 7 According to TSA officials, most foreign nationals taking training from a U.S. flight training provider will apply for an FAA airman certificate (pilot’s license) once their flight training is completed. Information obtained by FAA as part of this application for certification is placed in the airmen registry. From January 2006 through September 2011, 25,599 foreign nationals had applied for FAA airman certificates, indicating they had completed flight training. We provided data from FAA’s airmen registry to TSA so that the agency could conduct a matching process to determine whether the foreign nationals in the FAA airmen registry were in TSA’s AFSP database and the extent to which they had been successfully vetted through the AFSP database. The results of our review of TSA’s analyses are as follows: 6 See 49 C.F.R. § 1540.115(c). 7 Information in the Terrorist Screening Center’s consolidated database of known or suspected terrorists—the Terrorist Screening Database—is used for security-related screening of foreign nationals applying to AFSP. TECS, an updated and modified version of the former Treasury Enforcement Communications System, is an information-sharing platform that allows users to access different databases relevant to the antiterrorism and law enforcement mission of numerous other federal agencies. Page 4 GAO-12-900T • TSA’s analysis indicated that some of the 25,599 foreign nationals in the FAA airmen registry were not in the TSA AFSP database, indicating that these individuals had not applied to the AFSP or been vetted by TSA before taking flight training and receiving an FAA airman certificate. 8 • TSA’s analysis indicated that an additional number of the 25,599 foreign nationals in the FAA airmen registry were also in the TSA AFSP database but had not been successfully vetted, meaning that they had received an FAA airman certificate but had not been successfully vetted or received permission from TSA to begin flight training. Since 2009, TSA has continuously vetted all new and existing FAA airman certificate holders against the Terrorist Screening Database, which would include the foreign nationals identified through TSA’s analysis. However, this vetting does not occur until after the foreign national has obtained flight training. Thus, foreign nationals obtaining flight training with the intent to do harm, such as three of the pilots and leaders of the September 11 terrorist attacks, could have already obtained the training needed to operate an aircraft before they received any type of vetting. In our report, we recommended that TSA take steps to identify any instances where foreign nationals receive FAA airman certificates without first undergoing a TSA security threat assessment and examine those instances so that TSA can identify the reasons for these occurrences and strengthen controls to prevent future occurrences. DHS concurred with this recommendation and stated that TSA signed a memorandum of understanding with FAA in February 2012 to exchange data. The memorandum, which FAA signed in March 2012, outlines a process for FAA to provide certain data from its airmen registry on a monthly basis and authorizes TSA to use the data to ensure flight training providers are providing TSA with information to conduct the appropriate background check prior to flight instruction. This is an important first step toward addressing our recommendation, provided that TSA uses the data to identify instances where foreign nationals receive FAA airman certificates without first undergoing a TSA security threat assessment, identifies reasons for these occurrences, and strengthens controls to prevent future occurrences, as we recommended. 8 For its analysis, TSA used a software tool that performs “fuzzy matching” of data such as names, dates, or telephone numbers. The specific number is deemed sensitive security information and is therefore not included in this report. Page 5 GAO-12-900T Another weakness that we identified is that AFSP is not designed to determine whether a foreign flight student entered the country legally; thus, a foreign national can be approved for training through AFSP after entering the country illegally. In March 2010, U.S. Immigration and Customs Enforcement (ICE) investigated a Boston-area flight school after local police stopped the flight school owner for a traffic violation and discovered that he was in the country illegally. In response to this incident, ICE launched a broader investigation of the students enrolled at the flight school. ICE found that 25 of the foreign nationals at this flight school had applied to AFSP and had been approved by TSA to begin flight training after their security threat assessment had been completed; however, the ICE investigation and our subsequent inquiries revealed the following issues, among other things: • Eight of the 25 foreign nationals who received approval by TSA to begin flight training were in “entry without inspection” status, meaning they had entered the country illegally. Three of these had obtained FAA airman certificates: 2 held FAA private pilot certificates and 1 held an FAA commercial pilot certificate. • Seventeen of the 25 foreign nationals who received approval by TSA to begin flight training were in “overstay” status, meaning they had overstayed their authorized period of admission into the United States. • In addition, the flight school owner held two FAA airman certificates. Specifically, he was a certified Airline Transport Pilot (cargo pilot) and a Certified Flight Instructor. However, he had never received a TSA security threat assessment or been approved by TSA to obtain flight training. He had registered with TSA as a flight training provider under AFSP. 9 9 We recently reported on issues related to ICE’s oversight of the Student and Exchange Visitor Program (SEVP). Specifically, ICE certifies schools to accept foreign nationals on student visas in academic and vocational programs, including those that provide flight training. SEVP-certified flight schools are a relatively small percentage of schools nationwide that offer flight training to foreign nationals. See GAO, Student and Exchange Visitor Program: DHS Needs to Assess Security Risks and Strengthen Oversight of Schools, GAO-12-572 (Washington, D.C.: June 18, 2012). Page 6 GAO-12-900T As a result, TSA and ICE jointly worked on a pilot program for vetting names of foreign students against immigration databases, but have not specified desired outcomes and time frames, or assigned individuals with responsibility for fully instituting the program. Having a road map, with steps and time frames, and assigning individuals the responsibility for fully instituting a pilot program could help TSA and ICE better identify and prevent potential risk. We recommended that TSA and ICE develop a plan, with time frames, and assign individuals with responsibility and accountability for assessing the results of their pilot program to check TSA AFSP data against information DHS has on applicants’ admissibility status to help detect and identify violations, such as overstays and entries without inspection, by foreign flight students, and institute that pilot program if it is found to be effective. DHS concurred with this recommendation and stated that TSA will prepare a plan by December 2012 to assess the results of the pilot program with ICE to determine the lawful status of the active AFSP population. The plan is to include specific details on time frames and accountability and recommendations for next steps. We believe that these are positive actions that could help TSA address the weaknesses identified in our report and we will continue to work with TSA to monitor progress on the proposed solutions as the agency proceeds. Chairman Rogers, Ranking Member Jackson Lee, and Members of the Committee, this concludes my prepared statement. I look forward to responding to any questions that you may have. For questions about this statement, please contact Steve Lord at GAO Contact and (202) 512-4379 or email@example.com. Contact points for our Offices of Staff Congressional Relations and Public Affairs may be found on the last page of this statement. Individuals making key contributions to this statement Acknowledgments include Jessica Lucas-Judy, Assistant Director, and Adam Hoffman, Analyst in Charge. Additional contributors include Thomas Lombardi and Anthony Pordes. (441092) Page 7 GAO-12-900T This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO’s Mission The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no Obtaining Copies of cost is through GAO’s website (www.gao.gov). Each weekday afternoon, GAO Reports and GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, Testimony go to www.gao.gov and select “E-mail Updates.” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, http://www.gao.gov/ordering.htm. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO on Facebook, Flickr, Twitter, and YouTube. Connect with GAO Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. Visit GAO on the web at www.gao.gov. Contact: To Report Fraud, Waste, and Abuse in Website: www.gao.gov/fraudnet/fraudnet.htm E-mail: firstname.lastname@example.org Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Katherine Siggerud, Managing Director, email@example.com, (202) 512- Congressional 4400, U.S. Government Accountability Office, 441 G Street NW, Room Relations 7125, Washington, DC 20548 Chuck Young, Managing Director, firstname.lastname@example.org, (202) 512-4800 Public Affairs U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548 Please Print on Recycled Paper.
General Aviation Security: TSA's Process for Ensuring Foreign Flight Students Do Not Pose a Security Risk Has Weaknesses
Published by the Government Accountability Office on 2012-07-18.
Below is a raw (and likely hideous) rendition of the original report. (PDF)