This is the accessible text file for GAO report number GAO-12-875 entitled 'General Aviation Security: Weaknesses Exist in TSA's Process for Ensuring Foreign Flight Students Do Not Pose a Security Threat' which was released on July 18, 2012. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: July 2012: General Aviation Security: Weaknesses Exist in TSA's Process for Ensuring Foreign Flight Students Do Not Pose a Security Threat: GAO-12-875: GAO Highlights: Highlights of GAO-12-875, a report to congressional requesters. Why GAO Did This Study: U.S. government threat assessments have discussed plans by terrorists to use general aviation aircraft-—generally, aircraft not available to the public for transport-—to conduct attacks. Also, the September 11, 2001, terrorists learned to fly at flight schools, which are within the general aviation community. TSA, within DHS, has responsibilities for general aviation security, and developed AFSP to ensure that foreign students enrolling at flight schools do not pose a security threat. GAO was asked to assess (1) TSA and general aviation industry actions to enhance security and TSA efforts to obtain information on these actions and (2) TSA efforts to ensure foreign flight students do not pose a security threat. GAO reviewed TSA analysis comparing FAA data from January 2006 to September 2011 on foreign nationals applying for airman certificates with AFSP data, and interviewed 22 general aviation operators at eight airports selected to reflect geographic diversity and variations in types of operators. This is a public version of a sensitive security report GAO issued in June 2012. Information TSA deemed sensitive has been omitted, including two recommendations on TSA’s vetting of foreign nationals. What GAO Found: The Transportation Security Administration (TSA) and aircraft operators have taken several important actions to enhance general aviation security, and TSA is gathering input from operators to develop additional requirements. For example, TSA requires that certain general aviation aircraft operators implement security programs. Aircraft operators under these programs must, among other things, develop and maintain TSA-approved security programs. TSA has also conducted outreach to the general aviation community to establish a cooperative relationship with general aviation stakeholders. In 2008, TSA developed a proposed rule that would have imposed security requirements on all aircraft over 12,500 pounds, including large aircraft that Department of Homeland Security (DHS) analysis has shown could cause significant damage in an attack. In response to industry concerns about the proposed rule’s costs and security benefits, TSA is developing a new proposed rule. Officials from all six industry associations GAO spoke with stated that TSA has reached out to gather industry’s input, and three of the six associations stated that TSA has improved its efforts to gather input since the 2008 notice of proposed rulemaking. TSA vets foreign flight student applicants through its Alien Flight Student Program (AFSP), but weaknesses exist in the vetting process and in DHS’s process for identifying flight students who may be in the country illegally. From January 2006 through September 2011, more than 25,000 foreign nationals had applied for Federal Aviation Administration (FAA) airman certificates (pilot’s licenses), indicating they had completed flight training. However, TSA computerized matching of FAA data determined that some known number of foreign nationals did not match with those in TSA’s database, raising questions as to whether they had been vetted. In addition, AFSP is not designed to determine whether a foreign flight student entered the country legally; thus, a foreign national can be approved for training through AFSP after entering the country illegally. A March 2010 U.S. Immigration and Customs Enforcement (ICE) flight school investigation led to the arrest of six such foreign nationals, including one who had a commercial pilot’s license. As a result, TSA and ICE jointly worked on vetting names of foreign students against immigration databases, but have not specified desired outcomes and time frames, or assigned individuals with responsibility for fully instituting the program. Having a road map, with steps and time frames, and assigning individuals the responsibility for fully instituting a pilot program could help TSA and ICE better identify and prevent potential risk. The sensitive security version of this report discussed additional information related to TSA’s vetting process for foreign nationals seeking flight training. What GAO Recommends: GAO recommends that TSA identify how often and why foreign nationals are not vetted under AFSP and develop a plan for assessing the results of efforts to identify AFSP-approved foreign flight students who entered the country illegally. DHS concurred with GAO’s recommendations and indicated actions it is taking in response. View [hyperlink, http://www.gao.gov/products/GAO-12-875]. For more information, contact Steve Lord at (202) 512-4379 or lords@gao.gov. [End of section] Contents: Letter: Background: TSA and Aircraft Operators Have Taken Actions to Secure General Aviation; TSA Obtains Information through Outreach and Inspections: Weaknesses Exist in Processes for Conducting Security Threat Assessments and for Identifying Potential Immigration Violations: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Examples of Federal, State, and Industry Efforts to Enhance General Aviation Security: Appendix III: Comments from the Department of Homeland Security: Appendix IV: GAO Contact and Staff Acknowledgments: Tables: Table 1: Examples of Federal General Aviation Security Measures: Table 2: Reviews Conducted as Part of the AFSP Security Threat Assessment: Figures: Figure 1: Composition of FAA-Registered General Aviation Aircraft: Figure 2: Full, Private Charter, and Twelve-Five Security Program Requirements: Abbreviations: ADIS: Arrival and Departure Information System: AFSP: Alien Flight Student Program: ATSA: Aviation and Transportation Security Act: DHS: Department of Homeland Security: DOD: Department of Defense: FAA: Federal Aviation Administration: FBI: Federal Bureau of Investigation: ICE: U.S. Immigration and Customs Enforcement: NOTAM: Notices to Airmen: OSPIE: Office of Security Policy and Industry Engagement: PARIS: Performance and Results Information System: SEVP: Student and Exchange Visitor Program: TSA: Transportation Security Administration: US-VISIT: U.S. Visitor and Immigrant Status Indicator Technology: [End of section] United States Government Accountability Office: Washington, DC 20548: July 18, 2012: The Honorable Peter T. King: Chairman: The Honorable Bennie G. Thompson: Ranking Member: Committee on Homeland Security: House of Representatives: The Honorable Mike Rogers: Chairman: The Honorable Sheila Jackson Lee: Ranking Member: Subcommittee on Transportation Security: Committee on Homeland Security: House of Representatives: The Honorable Charles Dent: House of Representatives: General aviation includes nonscheduled aircraft operations such as air medical-ambulance, corporate aviation, and privately owned aircraft-- generally, aircraft not available to the general public for transport. Altogether, more than 200,000 general aviation aircraft--from small aircraft with minimal load capacities to business jets and larger aircraft such as privately operated Boeing 747s--operate at more than 19,000 facilities. Such facilities include publicly or privately owned airports, most of which primarily or exclusively serve general aviation aircraft, and heliports. While there have been no terrorist attacks conducted using general aviation aircraft in the United States, according to Transportation Security Administration (TSA) officials, U.S. government threat assessments have discussed plans by terrorist organizations to use general aviation aircraft to conduct attacks against U.S. targets. Similarly, the September 11, 2001, terrorists learned to fly on general aviation aircraft at flight schools in Florida, Arizona, and Minnesota. Further, analysis conducted on behalf of TSA has indicated that larger general aviation aircraft, such as midsized and larger jets often used for business purposes, may be able to cause significant damage to buildings and other structures. According to TSA officials, general aviation also includes over 7,000 flight training providers and individual certified flight instructors that can provide flight training. TSA, through its Alien Flight Student Program (AFSP), established requirements and standards governing the provision of flight training to foreign flight student candidates. For example, foreign flight student candidates must submit specific biographical information and fingerprints to TSA. TSA uses this information to conduct a security threat assessment, including checks of a flight student candidate's criminal history and immigration status, as well as whether the candidate matches records in terrorism-related databases or on watch lists, among other things. [Footnote 1] The Aviation and Transportation Security Act (ATSA) gives TSA broad responsibility for securing the nation's civil aviation system, which includes general aviation operations.[Footnote 2] Although TSA has not undertaken to directly regulate many aspects of general aviation, the agency has issued and in some instances oversees implementation of requirements and guidance covering certain aspects of the industry. For example, TSA established and oversees implementation of a security program that requires aircraft operators of certain aircraft weighing over 12,500 pounds to carry out specific security measures, such as designating a security coordinator and ensuring the availability of law enforcement to respond to an incident.[Footnote 3] Aircraft operators required to adopt and carry out such security programs must, among other things, prepare a written security program describing the procedures used to comply with applicable requirements, have the program approved by TSA, and ensure the program is available for inspection upon request by TSA. These general aviation aircraft operators are also subject to TSA inspections to determine their compliance with applicable security requirements. However, many general aviation aircraft operations, such as certain privately owned aircraft, do not fall within the scope of existing TSA security programs. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) jointly estimate that such privately owned aircraft, many of which are jets of up to the size of a commercial passenger airliner, constitute approximately 15 percent of all general aviation aircraft.[Footnote 4] In October 2008, TSA issued a notice of proposed rulemaking to amend current and implement new aviation security regulations to enhance the security of general aviation by expanding the scope of current requirements and by adding new requirements for certain large aircraft operators and airports serving those aircraft.[Footnote 5] This proposed rulemaking--the Large Aircraft Security Program--if implemented, would have, among other things, expanded the population of aircraft operators required to have TSA-approved security programs to all aircraft exceeding 12,500 pounds and subjected such aircraft operators to compliance audits.[Footnote 6] However, in light of concerns expressed by the aviation industry, including concerns about the cost of implementing provisions of the proposed rule, TSA delayed issuing a final rule and instead plans to issue a new proposed rule in late 2012 or 2013. In November 2004, we reported that while the federal government provided guidance and funding for general aviation and enforced certain regulatory requirements, most of the responsibility for assessing and enhancing general aviation security fell on airport and aircraft operators.[Footnote 7] Among other things, we reported that TSA and other federal agencies had not conducted an overall systematic assessment of threats to, or vulnerabilities of, general aviation to determine how to better prepare against terrorist threats, and recommended that they develop a plan for implementing a risk management approach to help identify threats to and vulnerabilities of general aviation security. We also reported that there were limitations in the monitoring of flight student programs, prior to TSA's assumption of this responsibility from the Department of Justice, and made a recommendation to strengthen that oversight. DHS concurred with our recommendations and has taken steps that address them, such as conducting a comprehensive risk assessment for aviation and surface transportation, including general aviation. In May 2011, we also reported on physical security measures that 13 general aviation airports have in place to prevent unauthorized access. [Footnote 8] The 13 airports we visited had multiple security measures in place to protect against unauthorized access, although the specific measures and potential vulnerabilities varied across the airports. DHS concurred with the observations in our report. You asked us to assess the status of TSA and industry efforts to address general aviation security. Accordingly, this report addresses the following questions: (1) What actions have TSA and general aviation aircraft operators taken, if any, to enhance security, and how has TSA obtained information on the implementation of the operators' actions? (2) To what extent has TSA ensured that foreign flight students seeking flight training in the United States do not pose a security threat? This report is a public version of a prior sensitive report that we provided to you in June 2012. DHS deemed some of the information in the prior report sensitive security information, which must be protected from public disclosure.[Footnote 9] Therefore, this report omits sensitive information regarding potential vulnerabilities we identified related to TSA's vetting process for foreign nationals seeking flight training, and associated recommendations we made. In addition, we have omitted sensitive background information on the potential damage that could be caused by different types of general aviation aircraft crashing into buildings. The information provided in this report is more limited in scope, as it excludes such sensitive information, but the overall methodology used for both reports is the same. To address the objectives, we examined laws and regulations--including provisions of ATSA, the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act), and TSA regulations governing aircraft operators and the AFSP--related to the security of general aviation operations.[Footnote 10] We also interviewed representatives from six industry associations based on their participation in TSA's Aviation Security Advisory Committee and on their focus on general aviation security issues.[Footnote 11] The associations are the American Association of Airport Executives, Aircraft Owners and Pilots Association, Experimental Aircraft Association, General Aviation Manufacturers Association, National Air Transportation Association, and National Business Aviation Association. In addition, we interviewed 22 general aviation operators--including 5 private operators that operate at least one aircraft weighing more than 12,500 pounds,[Footnote 12] 7 private charter companies that also perform as private operators, and 10 flight schools--located at eight selected airports to observe and discuss security initiatives implemented. We selected these airports based on their geographic dispersion (Southern California, North Texas, and Central Florida) as well as variation in the types of general aviation operations present (such as charter and private operations) and size of aircraft based at each airport. While the information gathered from the interviews is nongeneralizable to all general aviation operators, it provided important perspective to our analysis. As part of this work, we assessed the reliability of TSA data in its Performance and Results Information System (PARIS) by interviewing TSA officials and reviewing documentation on controls implemented to ensure the integrity of the data in the database and found these data to be sufficiently reliable for use in this report. [Footnote 13] To identify any actions TSA and general aviation aircraft operators have taken to enhance security and how TSA has obtained information on the implementation of the operators' actions, we examined documentation on TSA's inspection processes for monitoring implementation of aircraft operator security programs, and on TSA processes for obtaining information on voluntary security initiatives implemented by general aviation operators not covered by TSA security programs, such as guidance for TSA personnel who conduct outreach to general aviation operators. We reviewed a report conducted on behalf of DHS examining the potential damage that could be caused by different types of general aviation aircraft.[Footnote 14] We also reviewed the methodology and assumptions associated with this report and found them to be reasonable and well documented. We also interviewed TSA officials on efforts to interact with general aviation associations as a means to obtain information on security initiatives implemented by general aviation operators, including the agency's interaction with members of the Aviation Security Advisory Committee. We interviewed TSA Federal Security Directors and Transportation Security Inspectors whose areas of operation encompass the airports we selected, as well as airport officials responsible for security at each airport. We also reviewed TSA data from fiscal year 2005 through fiscal year 2011 on the compliance of general aviation operators that fall under TSA security programs and flight training providers. We chose these dates because they reflect the time frame after the publication of our previous report on general aviation security. [Footnote 15] To assess the extent to which TSA has ensured that foreign flight students seeking flight training in the United States do not pose a security threat, we reviewed our recent reports related to DHS vetting, and documentation related to TSA procedures for conducting security threat assessments of AFSP candidates.[Footnote 16] We also reviewed documentation on TSA compliance procedures for flight schools participating in the AFSP program and reviewed summary statistics for fiscal year 2005 through fiscal year 2011 on flight school compliance compiled by TSA.[Footnote 17] We spoke to TSA inspection officials to discuss common issues associated with compliance inspections and efforts to address compliance deficiencies. We evaluated TSA's efforts to assess risk for the AFSP against Standards for Internal Control in the Federal Government.[Footnote 18] We also obtained data from the Federal Aviation Administration (FAA) airmen registry on foreign nationals who had applied for FAA airman certificates (private, recreational, or sport certificates) for the period January 2006 through September 2011 and provided the data to TSA so that the agency could conduct a matching process to determine whether the foreign nationals in the FAA airmen registry were in the AFSP database and whether they had been successfully vetted through AFSP.[Footnote 19] We selected these dates because 2006 was the first full year after TSA assumed responsibility for AFSP from the Department of Justice, and September 2011 was the end of the fiscal year for our reporting period. We excluded airmen applying for a U.S. certificate based on an existing foreign airman certificate. We found the FAA and TSA data and the approach, methodology, and results of the data matching process to be sufficiently reliable for our purposes. We used the results of TSA's analysis to identify whether foreign nationals in the FAA airmen registry were in the AFSP database as well as whether foreign nationals who were in the FAA airmen registry were in the TSA AFSP database but had not been successfully vetted through AFSP. Appendix I provides more details about our objectives, scope, and methodology. We conducted this performance audit from March 2011 through July 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: According to a September 2011 DHS/FBI joint bulletin, more than 68 percent of general aviation aircraft registered with the Federal Aviation Administration are personally owned aircraft--mostly small, single-or twin-engine propeller aircraft--used for recreation or personal transportation. Corporate-or business-owned aircraft compose approximately 15 percent of general aviation aircraft. Regarding the types of general aviation in the general aviation aircraft fleet, FAA data indicate that about 63 percent of general aviation aircraft are single-engine piston aircraft, while about 4 percent are turboprop. Figure 1 shows the composition of the general aviation fleet. Figure 1: Composition of FAA-Registered General Aviation Aircraft: [Refer to PDF for image: pie-chart illustrated with data and 6 photographs] Turboprop, 4.1%: Aircraft driven by both jet thrust and propellers. Examples of uses include business and corporate flying and air taxi. Rotorcraft, 4.5%: Aircraft whose lift is derived principally from rotors, such as helicopters. Examples of uses include aerial observation, public use, and medical evacuation. Turbojet, 5.1%: Aircraft powered by a turbojet engine. Examples of uses include corporate flying and air taxi. Other, 5.4%: Refers to other aircraft not included in the specified categories. Multiengine piston, 7.4%: Propeller aircraft with two engines. Examples of uses include corporate and business flying and public use. Experimental, 10.9%: Aircraft that do not have a specific make and model, including aircraft built by amateurs for recreational purposes, used for exhibition purposes such as military surplus aircraft, and involved in research and development. Single-engine piston, 62.8%: Aircraft with this type of engine are driven by propellers. Examples of uses include personal and business flying, flight instruction, and aerial application. Sources: FAA and Aircraft Owner and Pilots Association, photographs. [End of figure] Pursuant to ATSA, TSA assumed from FAA responsibility for securing the nation's civil aviation system.[Footnote 20] Consistent with its statutory obligations, TSA has undertaken a direct role in ensuring the security of commercial aviation through its performance and management of the passenger and baggage screening operations at TSA- regulated airports, among other things.[Footnote 21] In contrast, TSA has taken a less direct role in securing general aviation, in that it generally establishes standards that operators may voluntarily implement and provides recommendations and advice to general aviation owners and operators, except to the extent such operations fall under existing TSA security requirements or where otherwise specifically directed by statute.[Footnote 22] Responsibility for securing general aviation airports and aircraft is generally shared with state and local governments and the private sector, such as airports and aircraft owners and operators. Certain general aviation operations fall within the scope of existing TSA security requirements. For example, charter aircraft operations, depending on the size of the aircraft and the specific nature of their operations, among other factors, may be required to implement TSA- approved security programs and are subject to TSA processes for monitoring compliance with program requirements.[Footnote 23] Certain aircraft weighing more than 12,500 pounds in scheduled or charter service and that do not fall under another security program must implement a "Twelve-Five" security program, which must include, among other elements, procedures for bomb or air piracy threats.[Footnote 24] Aircraft weighing more than 12,500 pounds that enplane from or deplane into an airport sterile area,[Footnote 25] or that weigh greater than 100,309.3 pounds or have passenger-seating configurations of 61 or more seats (and are not a government charter), must implement a "Private Charter" security program. These operators must implement many of the requirements that a commercial air carrier--that is, generally, a scheduled passenger operation with either a passenger seating configuration of 61 or more seats or 60 or fewer seats but that enplanes from or deplanes into a sterile area--must implement a "Full" security program. Figure 2 summarizes requirements that must be implemented pursuant to these security programs. Figure 2: Full, Private Charter, and Twelve-Five Security Program Requirements: [Refer to PDF for image: illustrated table] Security program requirements: In writing, approved by TSA, available and accessible, and include all requisite procedures and descriptions; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Compliance with requirements regarding bomb and air piracy threats; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Ensure the training and knowledge of individuals with security-related duties; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Compliance with security directives and information circulars; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Compliance with requirements regarding the carriage of accessible weapons; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Designation of security coordinators; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Procedures regarding the availability of qualified law enforcement personnel; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [A]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Adoption and implementation of a contingency plan; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [B]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Procedures for complying with requirements regarding the transport of Federal Air Marshals; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [B]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Fingerprint-based criminal history records checks for flight crew members; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [B]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [B]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [B]; No security program: All aircraft under 12,500 lbs: [Empty]. Security program requirements: Procedures for the control and security of aircraft and facilities; Full security program: Scheduled passenger or public charter using aircraft (1) with 61 or more seats, or (2) with 60 or fewer seats that enplane from or deplane from or deplanes into a sterile area: [A]; Private charter security program: Aircraft (1) weighing more than 12,500 lbs. that enplanes from or deplanes into a sterile area, or (2) weighing over 100,309.3 lbs. or with 61 or more seats and that is not a government charter: [B]; Twelve-Five security program: Aircraft weighing more than 12,500 lbs., in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under a full, partial, or all-cargo security program: [Empty]; No security program: All aircraft under 12,500 lbs: [Empty]. [A] Requirements existing before September 11, 2001. [B] Requirements expanded after primary responsibility for aviation security transferred from FAA to TSA November 2001. Source: GAO analysis of regulations. Note: For requirements applicable to a partial or full all-cargo program, see 49 C.F.R. § 1544.101(b), (h)-(i). [End of figure] Within TSA, different offices have responsibility for managing different elements of general aviation security, including AFSP. The General Aviation Branch of TSA's Office of Security Policy and Industry Engagement (OSPIE) provides oversight, guidance, and information necessary for general aviation security, such as the agency's Recommended Security Action Items for General Aviation Aircraft Operators, which provides operators with best practices for securing their aircraft, among other things.[Footnote 26] OSPIE also manages and administers security programs for certain charter and air cargo operators. Specifically, OSPIE works with operators covered under TSA's security programs to develop security plans and register with TSA. OSPIE is also responsible for administering security threat assessments for foreign nationals applying to AFSP.[Footnote 27] TSA's Office of Security Operations is primarily responsible for conducting inspections of general aviation aircraft operators that fall under TSA security programs, as well as of flight training providers who provide training to foreign nationals registered with AFSP. The office also assists TSA management and TSA inspectors with guidance and subject-matter expertise in ensuring compliance, by regulated entities and other persons, with security requirements, and is tasked with coordinating with internal and external stakeholders to ensure that security measures are carried out efficiently and consistently. Other federal agencies, such as FAA, also play a role in ensuring the security of general aviation operations, as do state and local governments and industry partners. Appendix II provides examples of some of these efforts. TSA and Aircraft Operators Have Taken Actions to Secure General Aviation; TSA Obtains Information through Outreach and Inspections: TSA has worked to enhance general aviation security by developing various security programs and working with aviation industry stakeholders to enhance their security efforts through the development of new security guidelines. The agency works to obtain information on the security practices of industry stakeholders through compliance inspections and outreach and is working with its industry partners to develop new security regulations. TSA and Industry Efforts to Enhance General Aviation Security: As shown in table 1, TSA and other industry stakeholders have taken a number of actions to enhance general aviation security. Among other measures, TSA worked with members of the General Aviation Working Group of the Aviation Security Advisory Committee in 2003 and 2004 to develop recommended guidelines for general aviation airport security. Table 1: Examples of Federal General Aviation Security Measures: Security measure: Risk assessments; Description: TSA has conducted or commissioned five assessments examining threats, vulnerabilities, and consequences associated with potential terrorist use of general aviation aircraft. For example, in May 2007, TSA and the Homeland Security Institute[A] published an assessment of, among other things, the potential destructive capability of various sizes of general aviation aircraft. In November 2010, TSA released its assessment of vulnerabilities associated with general aviation airports. Security measure: Security guidelines for general aviation aircraft operators and airport characteristic measurement tool; Description: In 2003 and 2004, TSA and the Aviation Security Advisory Committee developed guidelines or best practices designed to establish nonregulatory security standards for general aviation airport security. These guidelines are based on industry best practices and an airport characteristic measurement tool that allows airport operators to assess the level of risk associated with their airport to determine which security enhancements are most appropriate for their facility. According to the Acting General Manager for General Aviation, the committee is in the process of updating these guidelines, with an expected release in mid-2012. Security measure: Hotline to report suspicious activity; Description: TSA implemented a hotline (1-866-GA-SECURE, or 1-866-427- 3287) in December 2002 that allows individuals to report suspicious activities to a central command structure. Security measure: Special flight rules area within 15 nautical miles of Washington, D.C., metropolitan area; Description: Pursuant to FAA regulations, general aviation operations are generally prohibited within a 15-nautical mile area of the Washington, D.C., metropolitan area unless otherwise authorized by TSA. This limits access at Potomac Airpark, Washington Executive/Hyde Field, and College Park Airport (referred to as the "Maryland-3") to only cleared and vetted pilots operating in compliance with specific flight planning and air traffic control procedures. Security measure: Airspace restrictions; Description: TSA advises FAA to impose airspace restrictions at various locations throughout the United States to limit or prohibit aircraft operations in certain areas when intelligence officials report heightened security sensitivity. This includes the Air Defense Identification Zone around Washington, D.C., and restrictions that are put into effect when the President travels outside of Washington, D.C. Security measure: Twelve-Five Standard Security Program; Description: Aircraft weighing more than 12,500 pounds in scheduled or charter service that carry passengers or cargo or both, and that do not fall under another security program must implement a "Twelve-Five" standard security program, which must include, among other elements, procedures regarding bomb or air piracy threats. Source: GAO analysis of TSA and FAA information. [A] The Homeland Security Studies and Analysis Institute (Homeland Security Institute) is a federally funded research and development center established by the Secretary of Homeland Security with a mission to assist the Secretary and others in addressing national policy and security issues where scientific, technical, and analytical expertise is required. [End of table] A more detailed list of federal, state, and industry general aviation security initiatives can be found in appendix II. Independent of regulatory requirements, operators of private general aviation aircraft not covered under existing security programs we spoke to indicated that they implement a variety of security measures to enhance security for their aircraft. For example, 7 of the 12 operators that perform as private operators that we interviewed stated that they park their aircraft in hangars to protect them from possible misuse or vandalism. Further, 2 of the 12 operators stated they had hired security personnel to guard their aircraft if they are required to stay at an airport without hangar facilities. Seven of the 12 operators stated that they implement these security measures because of security concerns associated with operating their aircraft. For example, the 7 operators stated that their aircraft represent a major investment for their company and help generate a stream of income that must be protected, and that protecting the well-being of senior executives was a priority. TSA Inspections and Industry Outreach: TSA obtains information directly from aircraft operators that fall under the Twelve-Five and Private Charter security programs (see fig. 2) through its review and approval of the security programs developed by these operators and through periodic inspections to determine the extent to which operators comply with their security programs. [Footnote 28] TSA Transportation Security Inspectors are responsible for conducting these periodic inspections and determining whether operators are in compliance with program requirements or whether a violation has occurred. As part of the inspection process, TSA inspectors examine certain key security areas with respect to Twelve-Five and Private Charter operations, including the roles and responsibilities of aircraft operator personnel and whether the operator has procedures for addressing emergencies. For example, TSA's 2009 Inspector Handbook provides guidance to TSA inspectors to examine, among other things, whether aircraft operators under its security programs: * ensure that individuals are denied boarding if they do not have valid identification, * ensure that passenger identification documents are checked against flight manifests, and: * have adequate procedures for addressing incidents where indications of tampering or unauthorized access of aircraft are discovered. Inspectors are required to record inspection results, including any violations of program requirements, in TSA's PARIS database and to close the violations when the problem is resolved. Violations may be resolved with on-the-spot counseling; however, some violations may result in TSA sending a warning notice to the operator or in civil penalties for the operator. If warranted, follow-up inspections may be conducted, based on any findings made during an inspection. TSA officials stated that inspection results in PARIS are used to inform TSA of security challenges that may be faced by aircraft operators and to allow the agency to better address security concerns expressed by these operators. TSA inspection data indicate that from 2007 through 2011, aircraft operator compliance with security requirements has been well over 90 percent and has generally increased. TSA officials attribute the increase in compliance to a better understanding of security program requirements by operators, and to increased TSA outreach. Agency data illustrate that the reasons for noncompliance among aircraft operators varied. For example, in fiscal year 2011, inspectors found that Private Charter aircraft operators did not always provide advance notice to the Federal Security Director of upcoming private charter operations or of subsequent changes or additions, which occurred in 7 percent of 424 inspections for this item. Program compliance violations detected by inspectors were sometimes resolved either by counseling with the aircraft operator or by initiating an investigation of the incident, which could result in TSA issuing a warning notice or civil penalties being assessed. In addition to taking steps to obtain information on security measures enacted by general aviation aircraft operators that fall under TSA security programs, the agency has also taken steps to obtain information on security measures implemented by general aviation airport operators. Specifically, the 9/11 Commission Act required TSA to, among other things, develop a standardized threat and vulnerability assessment program for general aviation airport operators and implement a program to perform such assessments on a risk management basis.[Footnote 29] To help comply with the act's requirement, TSA distributed a survey in 2010 to approximately 3,000 general aviation airports to identify any vulnerabilities at the airports, and received responses from 1,164 (39 percent) of the airports. In this survey, airport officials were asked to respond to questions on security measures implemented by the general aviation airport operators, such as whether hangar doors were secured when unattended, and whether the airport had closed-circuit camera coverage for hangar areas. This survey also included questions about the types of perimeter fencing and physical barriers installed, as well as the type of security measures in use at these airports. The survey found that, while most general aviation airports had initiated some security measures, the extent to which different security measures had been implemented varied by airport. For example, survey results indicated that more than 97 percent of larger general aviation airports responding to the survey had developed an emergency contact list, but less than 19 percent had developed measures to positively identify passengers, cargo, and baggage. The survey also found that nearly 44 percent of airports responding to the survey required security awareness training for all tenants and employees and more than 48 percent of airports had established community watch programs. According to TSA officials, the results of the survey were analyzed to identify the general strengths and weaknesses in the general aviation community, and to show an overall picture of general aviation security measures at a national and regional level. In addition, TSA officials said that the information collected in the survey can be used to help determine a plan of action to mitigate security concerns at general aviation airports. For example, TSA used the survey to identify approximately 300 airports that it considers to be higher risk and could therefore be prioritized to receive security grants, should they become available. TSA officials added that information from the survey allowed the agency to establish a baseline for security measures in place at general aviation airports. In addition to the survey, TSA also gathers information on security measures implemented by operators through outreach activities its inspectors conduct at general aviation airports, designed to establish a cooperative relationship with general aviation airport stakeholders and encourage voluntary adoption of security enhancements. However, TSA officials stated that this type of outreach by its inspectors is not mandatory and therefore is not conducted regularly. In addition, while inspectors are encouraged to record results of these outreach visits in PARIS, inspectors do not always do so in practice. Additional Security Measures Taken by Operators: According to aviation industry officials, there are approximately 9,900 general aviation aircraft over 12,500 pounds not covered under either the Twelve-Five or Private Charter security programs. Analysis by the Homeland Security Institute indicates that some of these larger aircraft may be able to cause significant damage in terms of fatalities and economic costs, particularly general aviation aircraft with a maximum takeoff weight of 71,000 pounds.[Footnote 30] According to industry data, there are over 800 general aviation aircraft weighing over 71,000 pounds. TSA officials we spoke to stated that, unlike for aircraft that fall under the Twelve-Five or Private Charter security programs, the agency does not have a systematic mechanism to collect information on the security measures implemented by other general aviation aircraft operators that do not fall under TSA security programs. Rather, the agency has developed informal mechanisms for obtaining information on security measures enacted by these operators, such as outreach conducted by TSA inspectors, and has contacted general aviation industry associations to obtain this information as well as obtain information on the concerns of these operators regarding costs and other challenges associated with potential security requirements. As previously mentioned, TSA issued a notice of proposed rulemaking for a Large Aircraft Security Program in October 2008, which would have resulted in all general aviation aircraft larger than 12,500 pounds, including those not currently covered under existing security programs, being subject to TSA security requirements and inspections. However, industry associations and others expressed concerns about the extent to which TSA obtained industry views and information in the proposed rule's development. They also questioned the security benefit of the proposed rule and stated that it could negatively affect the aviation industry given its broad scope. For example, officials from three of the six industry associations we interviewed stated that many of the proposed rule's measures, such as having third-party contractors conduct inspections of private aircraft operators for a fee, would impose substantial logistical and cost burdens on the general aviation industry. These association officials added that any revised rule that TSA develops must take into account the security measures already put in place by general aviation aircraft operators as well as the costs associated with implementing any additional security measures. TSA managers responsible for general aviation security operations stated that, in response to these concerns, the agency was revising the proposed rule to make it more focused and risk-based, and that the agency plans to issue a supplemental notice of proposed rulemaking in late 2012 or early 2013. Further, officials from all six of the industry associations we interviewed stated that TSA has reached out to industry in developing its new rule and three of the six associations stated that TSA has performed a better job of reaching out to industry in its ongoing development of the new rule than it did with the rule it proposed in 2008. For example, the vice president from one association stated that as part of its development of its supplemental notice of proposed rulemaking, TSA has more actively sought information on these security measures, which better allows the agency to ensure the requirements would impose as limited a burden as possible while maximizing security. He also stated that TSA periodically solicits information on its proposed rule and on industry security measures from industry associations through its Aviation Security Advisory Committee. Weaknesses Exist in Processes for Conducting Security Threat Assessments and for Identifying Potential Immigration Violations: TSA has not ensured that all foreign nationals seeking flight training in the United States have been vetted through AFSP prior to beginning this training or established controls to help verify the identity of individuals seeking flight training who claim U.S. citizenship. TSA also faces challenges in obtaining criminal history information to conduct its security threat assessments as part of the vetting process, but is working to establish processes to identify foreign nationals with immigration violations. Foreign Nationals' Security Threat Assessments: Some foreign nationals receiving flight training may not have undergone a TSA security threat assessment. Under AFSP, foreign nationals seeking flight training in the United States must receive a TSA security threat assessment before receiving flight training to determine whether each applicant is a security threat to the United States.[Footnote 31] This threat assessment is in addition to screening that the Department of State conducts on foreign nationals who apply for nonimmigrant visas and that U.S. Customs and Border Protection conducts on travelers seeking admission into the United States at ports of entry. According to TSA regulations, an individual poses a security threat when the individual is suspected of posing, or is known to pose, a threat to transportation or national security, a threat of air piracy or terrorism, a threat to airline or passenger security, or a threat to civil aviation security.[Footnote 32] According to TSA officials, when a foreign national applies to AFSP to obtain flight training, TSA uses information submitted by the foreign national--such as name, date of birth, and passport information--to conduct a criminal history records check, a review of the Terrorist Screening Database, and a review of the Department of Homeland Security's TECS system, as shown in table 2.[Footnote 33] Table 2: Reviews Conducted as Part of the AFSP Security Threat Assessment: Type of vetting: Criminal history records check; Description: Criminal history record checks, which are fingerprint- based, require an adjudicator to review the applicant's criminal history. According to TSA officials responsible for conducting these reviews, AFSP has no specific disqualifying offenses; however, if a foreign national applying to AFSP has criminal violations, TSA will forward this information to FAA to determine whether the violation disqualifies that individual from holding an FAA certificate. Type of vetting: Terrorist Screening Database; Description: Information in the Terrorist Screening Center's consolidated database of known or suspected terrorists--the Terrorist Screening Database--is used for security-related screening of foreign nationals applying to AFSP. For example, the Selectee List, a subset of the Terrorist Screening Database, contains information on individuals who must undergo additional security screening before being permitted to board an aircraft. The No Fly List, another subset of the Terrorist Screening Database, contains information on individuals who are prohibited from boarding an aircraft. If a foreign national is on one of these lists, TSA analysts will perform additional research to determine whether he or she is eligible to receive flight training. Type of vetting: Review of DHS TECS System; Description: TECS, an updated and modified version of the former Treasury Enforcement Communications System, is an information-sharing platform that allows users to access different databases relevant to the antiterrorism and law enforcement mission of numerous other federal agencies. TSA reviews information contained in TECS to determine if an AFSP applicant has prior immigration-related violations. If the AFSP applicant has prior immigration-related violations, such as a previous overstay,[A] TSA will conduct additional TECS queries to determine if the applicant is eligible to obtain flight training. Source: GAO analysis of DHS information. [A] An overstay is an individual who is admitted to the country legally on a temporary basis--either with a visa, or in some cases, as a visitor who was allowed to enter without a visa--but then overstayed his or her authorized period of admission. [End of table] According to TSA data, about 116,000 foreign nationals applied to AFSP from fiscal year 2006 through fiscal year 2011, and TSA's AFSP security threat assessments resulted in 107 training requests submitted by foreign nationals being denied from 2006 through 2011 because of national security reasons, immigration violations, or disqualifying criminal offenses. According to TSA officials, most foreign nationals taking training from a U.S. flight training provider will apply for an FAA airman certificate once their flight training is completed.[Footnote 34] Information obtained by FAA as part of this application for certification is placed in the airmen registry. Consistent with ATSA, TSA strives to coordinate with other federal agencies to secure the nation's transportation systems.[Footnote 35] According to TSA, this may include coordinating with FAA and U.S. Immigration and Customs Enforcement (ICE) to identify individuals who pose a threat to transportation security. For example, FAA provides TSA with data on individuals new to the airmen registry database on a daily basis, including biographic information on foreign nationals applying for airman certificates based on their foreign license. According to a report by the DHS Office of Inspector General, in early 2009, TSA used these data to perform a one-time, biographic, name-based security threat assessment for each of the 4 million individual FAA airman certificate holders.[Footnote 36] These security threat assessments consisted of matching the biographic data provided by FAA against the Terrorist Screening Database to determine whether credible information indicated that the individual holding a certificate was involved, or suspected of being involved, in any activity that could pose a threat to transportation or national security. FAA certificate holders suspected of being in the Terrorist Screening Database were referred to TSA's Transportation Threat Assessment and Credentialing office for investigation. The airman vetting activities had been transferred to TSA in October 2009 after a TSA and FAA work group developed business processes and an interagency agreement was signed, according to FAA. [Footnote 37] Since then, TSA has vetted both new FAA airman certificate applicants and holders on an ongoing basis against the Terrorist Screening Database. In addition to vetting names of FAA airman certificate holders against the Terrorist Screening Database, TSA also vets foreign nationals applying for flight training through the AFSP, including training that occurs before a student applies for an FAA airman certificate. To determine whether foreign nationals applying for FAA airman certificates had previously applied to AFSP and been vetted by TSA, we obtained data from FAA's airmen registry on foreign nationals who had applied for airman certificates and provided these data to TSA so that the agency could conduct a matching process to determine whether the foreign nationals in the FAA airmen registry were in TSA's AFSP database and the extent to which they had been successfully vetted through the AFSP database.[Footnote 38] The results of our review of TSA's analyses are as follows:[Footnote 39] * TSA's analysis indicated that some of the 25,599 foreign nationals in the FAA airmen registry were not in the TSA AFSP database, indicating that these individuals had not applied to the AFSP or been vetted by TSA before taking flight training and receiving an FAA airman certificate.[Footnote 40] * TSA's analysis indicated that an additional number of the 25,599 foreign nationals in the FAA airmen registry were also in the TSA AFSP database but had not been successfully vetted, meaning that they had received an FAA airman certificate but had not been successfully vetted or received permission from TSA to begin flight training. As stated previously, TSA continuously vets all new and existing FAA airmen certificate holders against the Terrorist Screening Database, which would include the foreign nationals identified through TSA's analysis. However, this vetting does not occur until after the foreign national has obtained flight training. Thus, foreign nationals obtaining flight training with the intent to do harm, such as three of the pilots and leaders of the September 11 terrorist attacks, could have already obtained the training needed to operate an aircraft before they received any type of vetting. In commenting on the results of the analysis, TSA's Program Manager for AFSP could not explain with certainty why some of the foreign nationals applying for FAA airman certificates may not have been vetted though TSA's security threat assessment process. The Program Manager stated, however, that certain individuals can receive exemptions from the vetting requirement as a result of a Department of Defense (DOD) attaché endorsement at a U.S. embassy or consulate overseas.[Footnote 41] TSA takes steps to help ensure that foreign nationals are obtaining security threat assessments prior to beginning flight training. Specifically, TSA regulations require flight training providers to maintain documentation on foreign nationals who receive AFSP approval to begin flight training as well as documentation on those who are taking flight training under DOD endorsements. Similarly, TSA standard operating procedures for inspectors indicate they should review documentation over the course of their inspections of the flight training provider, including documentation indicating the foreign national was approved for flight training under AFSP and, if available, the DOD endorsement letter that informs them of the status of the foreign national in question as a DOD endorsee, which would exempt them from receiving a security threat assessment under AFSP. Our review of compliance data from TSA's PARIS database for fiscal year 2011 found that TSA inspectors have encountered and documented instances where foreign nationals attending flight school presented to the flight training provider DOD endorsement letters, which would indicate they are exempt from security threat assessment requirements. Additional details are considered sensitive security information. Flight School Compliance with Requirements: TSA's fiscal year 2011 Compliance Work Plan for Transportation Security Inspectors requires that a minimum of one comprehensive inspection per year must be performed on each of the approximately 7,000 known flight training providers. The work plan was revised in 2011 to require a minimum of two comprehensive inspections per year for each of the 4,500 certified flight instructors who train foreign students, and TSA's program manager stated that the agency was able to inspect all of these entities at least twice in 2011. In general, the inspection process requires inspectors to, among other things, review documents maintained by the flight training provider, including the flight training records of both U.S. citizens and alien flight students, and also ensure that foreign students have registered with TSA's AFSP database and were granted permission to begin flight training from TSA.[Footnote 42] The results of the inspections are to be reported in TSA's PARIS database consistent with the reporting requirements of the work plan and other TSA guidance. As warranted, any follow-up inspections are to be performed based on findings made during the inspection process. As of January 2012, inspection results show that the rate of compliance with AFSP requirements increased from 89 percent in fiscal year 2005 to 96 percent in fiscal year 2011.[Footnote 43] TSA officials attribute the increase in compliance to a better understanding of AFSP requirements by flight training providers, among other things. Agency data also illustrate that the reasons for noncompliance among providers varied. For example, in fiscal year 2011, the reasons for noncompliance included violations such as missing photographs of foreign students, which occurred in 9 percent of 1,800 inspections for this item. In 7 percent of about 2,800 inspections, providers did not document and retain employee records related to completion of the required Security Awareness Training. When inspectors checked for retention of records of U.S. citizenship by the flight training provider, the provider was not in compliance in about 5 percent of the nearly 2,800 inspections performed in this area. Compliance violations detected by inspectors were sometimes resolved either by counseling with the flight training provider or by initiating an investigation of the incident, which could result in civil penalties being assessed. As part of its compliance inspection process, TSA inspectors also review records of documentation provided by U.S. citizens applying for flight training, which are maintained by flight training providers. TSA regulations governing AFSP require individuals claiming U.S. citizenship to provide one of the following documents, among other information, to flight training providers before accessing flight training:[Footnote 44] * a valid, unexpired U.S. passport: * an original or government-issued birth certificate: * original certificate of birth abroad and a government-issued picture identification: * original certificate of U.S. citizenship with raised seal and government-issued picture identification or: * original U.S. Naturalization Certificate with raised seal and government-issued picture identification. Flight school personnel are required to review the credentials presented by individuals claiming U.S. citizenship and to maintain records, and TSA inspectors, as part of the inspection process, review these records to ensure flight training provider compliance with regulatory requirements. Additional details are considered sensitive security information. Use of Criminal History Information: We have previously reported on the challenges TSA faces in ensuring it has the necessary information and appropriate staffing to effectively conduct security threat assessments for screening and credentialing programs, which include AFSP. As we reported in December 2011, criminal history record checks are a key element of the security threat assessment process for TSA's screening and credentialing programs, helping to ensure that the agency detects those applicants with potentially disqualifying criminal offenses.[Footnote 45] However, as we reported, the level of access that TSA credentialing programs have to the Department of Justice's FBI criminal history records is the level of access accorded for noncriminal-justice purposes (i.e., equal to that of a private company doing an employment check on a new applicant, according to TSA), which limits TSA in accessing certain criminal history data related to charges and convictions. TSA said that it had been difficult to effectively and efficiently conduct security threat assessment adjudication of criminal history records because of the limited access it has as a noncriminal justice-purpose requestor of criminal history records--and that this limitation had increased the risk that the agency was not detecting potentially disqualifying criminal offenses. We reported that while TSA was seeking criminal justice-type access to FBI systems, the FBI reported that it is legally unable to provide this access. The FBI and TSA were collaborating on options, but had not identified the extent to which a potential security risk may exist under the current process, and the costs and benefits of pursuing alternatives to provide additional access. In December 2011, we recommended that TSA and the FBI conduct a joint risk assessment of TSA's access to criminal history records. DHS concurred with this recommendation and indicated it would work with the Department of Justice to assess the extent of security risk, among other things, and evaluate the costs and benefits of each alternative. In response to our recommendations, the FBI reported that it was pursuing several strategies to provide TSA with access to the most complete criminal history information available for noncriminal justice-related purposes, including reaching out to states that do not provide criminal history records for noncriminal justice purposes as well as working to develop technical solutions. As of February 2012, TSA officials indicated that they are continuing to work with the FBI to address our recommendation. TSA officials responsible for overseeing security threat assessments stated that the process for conducting criminal history record checks for AFSP is substantively the same as that used for other TSA screening and credentialing programs. While there is no information indicating that any foreign nationals seeking flight training should not have been allowed to do so because of unidentified criminal offenses, we believe that TSA should continue to work with the FBI on joint risk assessments of TSA's access to criminal history records for credentialing programs, including AFSP. Immigration Violations: There have been instances of overstays or other immigration-related violations for foreign nationals taking flight training in the United States, most notably for three of the September 11 hijackers.[Footnote 46] Specifically, three of the six pilots and apparent leaders were out of status on or before September 11, including two in overstay status.[Footnote 47] AFSP was implemented to help address such security concerns. As previously discussed, as part of AFSP, TSA conducts security threat assessments for foreign nationals requesting flight training in the United States. According to TSA officials, the purpose of the security threat assessment, which includes a check of the Terrorist Screening Database and a criminal history records check, is to determine whether the foreign national requesting flight training presents a security threat; the checks are not designed to determine whether an applicant is in the country legally. As part of the security threat assessment, TSA also conducts reviews of DHS's TECS database to determine if any negative immigration-related information is associated with the foreign national seeking flight training. However, TSA officials acknowledged that it is possible for a foreign national to be approved by TSA through AFSP and to complete flight training after entering the country illegally or overstaying his or her allotted time to be in the country legally. In 2010, ICE investigated a Boston-area flight school after local police stopped the flight school owner for a traffic violation and discovered that he was in the country illegally. Twenty-five of the foreign nationals at this flight school had applied to AFSP and had been approved by TSA to begin flight training after their security threat assessment was completed; however, the ICE investigation and our subsequent inquiries revealed the following issues: * Eight of the 25 foreign nationals who received approval by TSA to begin flight training were in "entry without inspection" status, meaning they had entered the country illegally. - Six of these foreign nationals were later arrested by ICE as a result of the investigation. TSA indicated 1 individual had been approved to begin flight training at two other schools, although the flight schools indicated that he did not complete training. - Three of the 8 foreign nationals in "entry without inspection" status obtained FAA airman certificates: 2 held FAA private pilot certificates and one held an FAA commercial pilot certificate. * Seventeen of the 25 foreign nationals who received approval by TSA to begin flight training were in "overstay" status, meaning they had overstayed their authorized period of admission into the United States. - Sixteen of these were arrested by ICE as a result of the investigation. - Four of the 17 foreign nationals in "overstay" status obtained FAA airman certificates: 3 held FAA private pilot certificates and 1 held a commercial pilot certificate. * In addition, the flight school owner held two FAA airman certificates. Specifically, he was a certified Airline Transport Pilot (cargo pilot) and a Certified Flight Instructor. However, he had never received a TSA security threat assessment or been approved by TSA to obtain flight training. He had registered with TSA as a flight training provider under AFSP. * Further, TSA data indicated that an additional foreign national arrested as a result of this flight school investigation for "entry without inspection" had previously completed flight training through an airline. According to the AFSP program manager, TSA reviews TECS to determine if the student has prior immigration violations, including overstays. [Footnote 48] However, the program manager stated that this TECS review is not designed to determine how long the student is authorized to stay in the country or whether the student had entered the country legally. Rather, if the TECS review indicates that the foreign national has previous immigration-related violations, such as overstaying the authorized period of admission, TSA is to conduct additional TECS queries to determine if the individual is eligible to receive flight training. Further, according to TSA, prospective flight students may apply for AFSP before entering the United States, rendering moot the question of whether the foreign national had entered the country legally or overstayed.[Footnote 49] The AFSP program manager stated that even though the foreign nationals were later found to be overstays, at the time of the review and adjudication of their security threat assessments, they were determined to be in legal status. According to TSA, none of the individuals that TSA processed and approved under AFSP had derogatory information within TECS, and visa overstay information is contained within TECS. However, ICE data we reviewed indicated that 16 of the 17 foreign nationals associated with the flight school who were found by ICE to be in overstay status at the time of the investigation had already been in overstay status at the time they received AFSP approval to begin flight training. This includes the 4 foreign nationals who were able to obtain FAA airman certificates. Further, the AFSP program manager stated that foreign nationals who may have entered the country illegally but who did not have prior immigration violations, did not have a criminal history, or were not on the terrorist watch list, could be successfully vetted through an AFSP security threat assessment and approved to receive flight training. The program manager added that under the current AFSP process, TSA cannot always determine at the time of application if an individual entered the United States "without inspection" (illegally) because applicants can apply to AFSP more than 180 days prior to the start date of training and applicants are not necessarily in the United States at the time of application. Senior officials from TSA and ICE stated that the agencies have initiated a process in which TSA and ICE check the names of AFSP applicants against the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program's Arrival and Departure Information System (ADIS) to help address this gap, as well as to identify foreign nationals taking flight training who become overstays.[Footnote 50] Specifically, in March 2011, TSA vetted a list of current alien flight students in TSA's AFSP database against names in USVISIT's ADIS to determine if any were potential overstays. This review resulted in the identification of 142 possible overstays. In May 2011, TSA provided ICE with the results of its analysis, and ICE vetting further reduced the list of possible overstays to 22. In September and October of 2011, ICE initiated 22 investigations based on the results of this analysis, which resulted in three arrests. According to TSA and ICE officials, this initial matching of names in the AFSP database against ADIS was conducted once to give the agencies an indication of how many foreign nationals seeking flight training in the United States may be in violation of their immigration status and what the workload associated with conducting such matches would be. Information from this review could then be used to initiate investigations of individuals suspected of being in the country illegally either by overstaying their allotted time in the country or who may have entered the country illegally. The TSA and ICE officials added, however, that such a process would have to be conducted more regularly to systematically identify foreign nationals taking flight training who may be in violation of their immigration status or who may have entered the country illegally. They stated that establishing a more regular process of matching names of foreign nationals in the AFSP database against ADIS would allow the agencies to better identify foreign nationals seeking flight training who have violated the terms of their admission as well as those who have entered the country illegally. However, several issues related to how a name matching program would work are being considered, such as which agency would vet names in the AFSP database against ADIS, and how frequently names associated with potential violations would be provided to ICE. ICE and TSA officials stated that they have not specified desired outcomes or time frames, or established performance measures to evaluate the success of the program. Standards for program management state that specific desired outcomes or results should be conceptualized, defined, and documented in the planning process as part of a road map, along with the appropriate steps and time frames needed to achieve those results.[Footnote 51] The standards also call for assigning responsibility and accountability for ensuring the results of program activities are carried out. Having a road map, with appropriate steps and time frames, and individuals assigned with responsibility and accountability for fully instituting a pilot program, as well as instituting that pilot program if it was found to help identify foreign nationals taking flight training who may be in violation of their immigration status or who may have entered the country illegally, could help TSA and ICE account for flight students with potential immigration violations, and thus better position TSA to identify and prevent a potential risk. Conclusions: Since our 2004 report on general aviation security, TSA has taken steps to enhance communications and interactions with general aviation industry stakeholders as well as improve the vetting of foreign nationals enrolling in U.S. flight schools. AFSP was implemented to help prevent future occurrences of foreign nationals obtaining flight training to commit terrorist attacks, as they did for the September 11, 2001, attacks. Key to the effectiveness of this effort is the ability of TSA to conduct meaningful security threat assessments on foreign nationals seeking flight training to help determine whether these individuals pose a security threat. However, as shown in TSA's analysis, there are discrepancies between the data found in FAA's airmen registry and TSA's AFSP database, raising questions about whether some foreign nationals with airman certificates (pilot's licenses) have completed required security threat assessments. In addition, working with ICE to develop a plan that assigns responsibilities and accountability and time frames for assessing the joint TSA and ICE pilot program to identify foreign nationals who may have immigration violations--including those who entered the country illegally to obtain flight training--and instituting that program if it is found to be effective, could better position TSA and ICE to determine the benefits of checking TSA data on foreign nationals pursuing flight training in the United States. Recommendations for Executive Action: To better ensure that TSA is able to develop effective and efficient security programs for general aviation operators, we recommend that the Administrator of TSA take the following action: * Take steps to identify any instances where foreign nationals receive FAA airman certificates (pilot's licenses) without first undergoing a TSA security threat assessment and examine those instances so that TSA can identify the reasons for these occurrences and strengthen controls to prevent future occurrences. To better ensure that TSA is able to identify foreign nationals with immigration violations who may be applying to the Alien Flight Student Program, we recommend the Secretary of Homeland Security direct the Administrator of TSA and the Director of ICE to collaborate to take the following action: * Develop a plan, with time frames, and assign individuals with responsibility and accountability for assessing the results of a pilot program to check TSA AFSP data against information DHS has on applicants' admissibility status to help detect and identify violations, such as overstays and entries without inspection, by foreign flight students, and institute that pilot program if it is found to be effective. Agency Comments and Our Evaluation: We provided a draft of this report to the Departments of Homeland Security and Transportation for comment. DHS, in written comments received July 13, 2012, concurred with the recommendations and identified actions taken, planned, or under way to implement the recommendations. The Department of Transportation's Deputy Director of Audit Relations stated in an e-mail received on June 4, 2012, that the department had no comments on the report. Written comments are summarized below and official DHS comments are reproduced in appendix III. In addition, DHS and DOT provided written technical comments, which we incorporated into the report, as appropriate. In response to our recommendation that TSA take steps to identify instances where foreign nationals receive FAA airman certificates (pilot's licenses) without first undergoing a TSA security threat assessment, DHS stated that TSA receives a daily feed from FAA of all new FAA certificates issued, and that TSA vets these against certificates in the Terrorist Screening Database on a daily basis. While this is a beneficial practice, we believe that it would be preferable for TSA to vet prospective flight students before they begin flight training, rather than after they have completed training and received a pilot's certificate and are thus capable of flying an aircraft. In addition, while TSA vets the names of new certificate holders against the Terrorist Screening Database on a daily basis, the AFSP vetting process includes additional criminal history records checks and a check for derogatory immigration-related information. To help improve the AFSP vetting process, DHS also stated that TSA signed a memorandum of understanding with FAA in February 2012 to exchange data. The memorandum, which FAA signed in March 2012, outlines a process for FAA to provide certain data from its airmen registry on a monthly basis, via encrypted e-mail and password protected, to a designated point of contact within TSA, and authorizes TSA to use the data to ensure flight training providers are providing TSA with applicant/candidate information in order to conduct the appropriate background check prior to flight instruction. This is an important first step toward addressing our recommendation, provided that TSA uses the data to identify instances where foreign nationals receive FAA airman certificates without first undergoing a TSA security threat assessment, identifies reasons for these occurrences, and strengthens controls to prevent future occurrences, as we recommended. In response to our recommendation that TSA and ICE collaborate and develop a plan with time frames for assessing the results of a pilot program to check TSA AFSP data against information DHS has on applicants' admissibility status, and to institute that pilot program if it is found to be effective, DHS stated that TSA will prepare a plan by December 31, 2012, to assess the results of the pilot with ICE to determine the lawful status of the active AFSP population. The plan is to include specific details on time frames and accountability and recommendations for next steps. We believe that these are positive actions that could help TSA address the weaknesses identified in this report and we will continue to work with TSA to monitor progress on the proposed solutions as the agency proceeds. In its comments, DHS also referred to additional recommendations related to TSA's vetting of foreign nationals. Because DHS deemed the details of these recommendations and its response as sensitive security information, they are not included in the public version of this report. We are sending copies of this report to the Secretaries of Homeland Security and Transportation, the TSA Administrator, and appropriate congressional committees. In addition, this report is available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-4379 or lords@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are acknowledged in appendix IV. Signed by: Stephen M. Lord: Director, Homeland Security and Justice Issues: Appendix I: Scope and Methodology: This report addresses the following questions: (1) What actions have the Transportation Security Administration (TSA) and general aviation aircraft operators taken to enhance security and how has TSA obtained information on the implementation of the operators' actions? (2) To what extent has TSA ensured that foreign flight students seeking flight training in the United States do not pose a security threat? To address these questions, we examined laws and regulations-- including provisions of the Aviation and Transportation Security Act (ATSA), Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act), and TSA regulations governing aircraft operators and the Alien Flight Student Program (AFSP)--related to the security of general aviation operations.[Footnote 52] We also interviewed representatives from six industry associations based on their participation in TSA's Aviation Security Advisory Committee and on their focus on general aviation security issues: the American Association of Airport Executives, Aircraft Owners and Pilots Association, Experimental Aircraft Association, General Aviation Manufacturers Association, National Air Transportation Association, and National Business Aviation Association. We also interviewed officials from TSA's Office of Security Operations, Office of Intelligence and Analysis, and Office of Security Policy and Industry Outreach, as well as U.S. Immigration and Customs Enforcement (ICE) and the Federal Aviation Administration (FAA). In addition, we conducted site visits and interviewed representatives from a nonprobability sample of 22 general aviation operators located at selected airports--including 5 private operators that operate at least one aircraft weighing more than 12,500 pounds, 7 private charter operators that also perform as private operators, and 10 flight schools--to observe and discuss security initiatives implemented. We selected these airports based on geographic dispersion (Southern California, North Texas, and Central Florida) as well as variation in the types of general aviation operations present (such as charter and private operations) and size of aircraft based at each airport. Because we selected a nonprobability sample of operators to interview, the information obtained cannot be generalized to all general aviation operators. However, the interviews provided important perspective to our analysis and corroborated information we gathered through other means. To identify actions TSA and general aviation aircraft operators have taken to enhance security and how TSA has obtained information on the implementation of the operators' actions, we examined documentation on TSA's inspection processes for monitoring aircraft operators' implementation of security programs, including the Transportation Security Inspector Inspections Handbook, the National Investigations and Enforcement Manual, and the Compliance Work Plan for Transportation Security Inspectors. We also reviewed documentation related to aircraft operators' implementation of voluntary security initiatives not covered by TSA security programs, such as guidance for TSA personnel who conduct outreach to general aviation operators. We reviewed a report conducted on behalf of DHS examining the potential damage that could be caused by different types of general aviation aircraft.[Footnote 53] We also reviewed the methodology and assumptions associated with this report and found them to be reasonable and well documented. Also, we reviewed National Safe Skies Alliance's General Aviation Airport Vulnerability Assessment, which contains survey data on security measures implemented from a sample of general aviation airports, and TSA's General Aviation Airport Vulnerability Briefing. We also interviewed TSA officials on efforts to interact with general aviation associations as a means to obtain information on security initiatives implemented by private general aviation operators, including the agency's interaction with members of the Aviation Security Advisory Committee. We also interviewed TSA Federal Security Directors and Transportation Security Inspectors whose areas of operation encompass the airports we selected, as well as airport officials responsible for security at each airport. Finally, we reviewed TSA data from fiscal years 2005 through 2011 on the compliance of general aviation operators and flight training providers that fall under TSA security programs with program requirements. We chose these dates because they reflect the time frame after the publication of our previous report on general aviation security.[Footnote 54] For example, we obtained compliance data for general aviation operators covered under the Twelve-Five and Private Charter standard security programs stored in TSA's Performance and Results Information System (PARIS) for fiscal years 2005 through 2011. We identified the frequency that aircraft operators and flight training providers were reported to be in compliance with program requirements. As part of this work, we assessed the reliability of TSA data in PARIS by interviewing TSA officials and reviewing documentation on controls implemented to ensure the integrity of the data in the database and found the data to be sufficiently reliable for use in this report. To assess the extent to which TSA has ensured that foreign flight students seeking flight training in the United States do not pose a security threat, we reviewed our recent reports related to DHS security threat assessment processes, and TSA guidance related to procedures for conducting security threat assessments of several agency programs, including AFSP.[Footnote 55] We interviewed TSA officials who perform security threat assessments and inspections of flight training providers for AFSP to better understand program operations. To determine whether foreign nationals applying for FAA airman certificates had previously applied to AFSP and been vetted by TSA, we obtained from FAA data on foreign nationals from FAA's Comprehensive Airmen Information System, also known as the airmen registry. Specifically, we obtained FAA airmen registry data, including names and dates of birth, on 25,599 foreign nationals applying for their first FAA airman private pilot certificate, sport pilot certificate, or recreational pilot certificates from January 2006 through September 2011. We selected these dates because 2006 was the first full year after TSA assumed responsibility for AFSP from the Department of Justice and September 2011 was the end of the fiscal year for our reporting period. The data did not include information on foreign nationals applying for FAA airman certificates based on an existing foreign airmen certificate issued by another government, thus ensuring that the data we obtained were for foreign nationals who had obtained flight training in the United States and therefore would have been required to have applied for vetting under AFSP. We provided the FAA airmen registry data to TSA so that the agency could conduct a matching process to determine whether the foreign nationals in the FAA airmen registry were in the AFSP database and the extent to which they had been successfully vetted through AFSP. As stated previously, TSA receives FAA airmen registry data on a daily basis; however, given the specific parameters we specified for matching FAA airmen registry data against the AFSP database, we provided TSA with airmen registry data we had obtained from FAA to allow for easier review and analysis of TSA results. We found the FAA and TSA data and the approach, methodology, and results of the data matching process to be sufficiently reliable for our purposes. We used the results of TSA's analysis to identify whether foreign nationals in the FAA airmen registry were not in the AFSP database, and therefore not approved for flight training through AFSP, as well as foreign nationals who were in the FAA airmen registry and were in the AFSP database, but had not been successfully vetted though AFSP. As part of this work, we also assessed the reliability of data in the FAA airmen registry as well as data in the AFSP database by interviewing FAA and TSA officials, and reviewing documentation on controls implemented to ensure the integrity of the data in the database and found both to be sufficiently reliable for use in this report. We also spoke to TSA inspection officials to discuss common issues associated with compliance inspections and efforts to address compliance deficiencies. We reviewed documentation on TSA compliance procedures for flight training providers participating in the AFSP program and reviewed summary statistics for the period fiscal year 2005 through fiscal year 2011, on flight school compliance compiled by TSA. We also performed an analysis on compliance data for flight training providers. We ascertained the reliability of AFSP inspection results derived from PARIS, by interviewing TSA officials and reviewing documentation on controls implemented to ensure the integrity of the data in the database, and found the inspection data sufficiently reliable for use in this report. We also spoke with cognizant TSA and ICE officials to discuss the pre-pilot initiative under way with ICE to detect foreign nationals registered with AFSP who overstayed their period of admission in the country or entered the country illegally. We also reviewed documentation from an ICE investigation related to a Boston-area flight training provider. We compared the names of foreign nationals ICE identified in this investigation with the names of AFSP candidates assigned to the flight school, to ascertain which of the AFSP candidates had undergone a security threat assessment and passed, but were subsequently found via the ICE investigation to have either overstayed their admission period or entered the country without inspection. We also evaluated TSA's efforts to assess risk for the AFSP against Standards for Internal Control in the Federal Government.[Footnote 56] We conducted this performance audit from March 2011 through July 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: Examples of Federal, State, and Industry Efforts to Enhance General Aviation Security: Federal Efforts to Enhance General Aviation Security: Security measure: Risk assessments; Description: Federal Efforts to Enhance General Aviation Security: TSA has conducted or commissioned five assessments examining threats, vulnerabilities, and consequences associated with potential terrorist use of general aviation aircraft. For example, in May 2007, TSA and the Homeland Security Institute published an assessment of, among other things, the potential destructive capability of various sizes of general aviation aircraft. In November 2010, TSA released its assessment of vulnerabilities associated with general aviation airports. Security measure: Security guidelines for general aviation aircraft operators and airport characteristic measurement tool; Description: Federal Efforts to Enhance General Aviation Security: In 2003 and 2004, TSA and the Aviation Security Advisory Committee developed guidelines or best practices designed to establish nonregulatory security standards for general aviation airport security. These guidelines are based on industry best practices and an airport characteristic measurement tool that allows airport operators to assess the level of risk associated with their airport to determine which security enhancements are most appropriate for their facility. According to the Acting General Manager for General Aviation, the committee is in the process of updating these guidelines, with an expected release in mid-2012. Security measure: Hotline to report suspicious activity; Description: Federal Efforts to Enhance General Aviation Security: TSA implemented a hotline (1-866-GA-SECURE, or 1-866-427-3287) in December 2002, which allows individuals to report suspicious activities to a central command structure. Security measure: Special flight rules area within 15 nautical miles of Washington, D.C., metropolitan area; Description: Federal Efforts to Enhance General Aviation Security: Pursuant to FAA regulations, general aviation operations are generally prohibited within a 15-mile area of the Washington, D.C., metropolitan area unless otherwise authorized by TSA. This limits access at Potomac Airpark, Washington Executive/Hyde Field, and College Park Airport (referred to as the "Maryland-3") to only cleared and vetted pilots operating in compliance with specific flight planning and air traffic control procedures. Security measure: Airspace restrictions; Description: Federal Efforts to Enhance General Aviation Security: TSA advises FAA to impose airspace restrictions at various locations throughout the United States to limit or prohibit aircraft operations in certain areas when intelligence officials report heightened security sensitivity. This includes the Air Defense Identification Zone around Washington, D.C., and restrictions that are put into effect when the President travels outside of Washington, D.C. Security measure: Notices to Airmen (NOTAM); Description: Federal Efforts to Enhance General Aviation Security: FAA has used Flight Data Center NOTAMs to advertise temporary flight restrictions and warn of airport closures. Security measure: Twelve-Five Standard Security Program; Description: Federal Efforts to Enhance General Aviation Security: Aircraft weighing more than 12,500 pounds in scheduled or charter service that carry passengers or cargo or both, and that do not fall under another security program must implement a "Twelve-Five" standard security program, which must include, among other elements, procedures for bomb or air piracy threats. Security measure: Airman certificate with security features; Description: Federal Efforts to Enhance General Aviation Security: FAA, in July 2003, discontinued issuing paper airman certificates and began issuing certificates that incorporate a number of security features reducing the ability to create counterfeit certificates. The new certificates are made of high-quality plastic card stock and include micro printing, a hologram, and an ultraviolet-sensitive layer.[A]. Security measure: Requirement to carry photo identification; Description: Federal Efforts to Enhance General Aviation Security: An FAA requirement, adopted in October 2002, requires a pilot to carry government-issued or other form of photo identification acceptable to the FAA Administrator along with the pilot certificate when operating an aircraft. Security measure: Requirement to notify FAA of aircraft transfers; Description: Federal Efforts to Enhance General Aviation Security: FAA, in February 2008, issued a final rule requiring those who transfer ownership of U.S.-registered aircraft to notify the FAA Aircraft Registry within 21 days from the transaction. Security measure: Pilot project security protocol for Part 91 operators; Description: Federal Efforts to Enhance General Aviation Security: The National Business Aviation Association proposed a security protocol for Part 91 operators, enabling operators with a TSA Access Certificate to operate internationally without the need for a waiver. TSA launched a pilot project in cooperation with the National Business Aviation Association with Part 91 operators at Teterboro Airport in New Jersey and later expanded the pilot to two additional airports. Education/outreach efforts: Security measure: Airport Watch; Description: Federal Efforts to Enhance General Aviation Security: The Aircraft Owners and Pilots Association implemented the Airport Watch program to help increase security awareness. The program includes warning signs for airports, informational literature, and a training videotape to educate pilots and airport employees on potential security enhancements for their airports and aircraft. It helped to increase awareness of TSA's centralized toll-free 1-866-GA-SECURE (1- 866-427-3287) hotline. Security measure: General aviation security educational materials; Description: Federal Efforts to Enhance General Aviation Security: The Experimental Aircraft Association distributed Airport Watch videotapes and other educational materials concerning security practices and airspace restrictions. Security measure: Program to address security of aerial application operations; Description: Federal Efforts to Enhance General Aviation Security: The National Agricultural Aircraft Association produced the Professional Aerial Applicators Support System, an annual education program that addresses security of aerial application operations. It is presented at state and regional agricultural aviation association meetings throughout the country. Guidance on best practices: Security measure: Security procedure recommendations for all aviation businesses; Description: Federal Efforts to Enhance General Aviation Security: The National Air Transportation Association, on September 24, 2001, issued a series of recommended security procedures for all aviation businesses through its Business Aviation Security Task Force. The recommendations focused on immediate steps to be taken, plus longer- term actions. Examples included signage, appointing a single manager responsible for security at all locations, developing a "security mission statement," methods to verify identification, seeking local law enforcement assistance to develop a security plan, and a host of others, including an advisory poster that was created and distributed free to all association members. Security measure: Flight school and rental security; Description: Federal Efforts to Enhance General Aviation Security: FAA, in January 2002, issued a number of recommended actions addressing security for flight schools and those renting aircraft. These recommendations are designed to provide security against the unauthorized use of a flight school or rental aircraft. Security measure: Security recommendations from National Association of State Aviation Officials; Description: Federal Efforts to Enhance General Aviation Security: The National Association of State Aviation Officials, in December 2002, submitted to federal and state authorities a document outlining general aviation security recommendations. This included securing unattended aircraft, developing a security plan, and establishing a means to report suspicious activity. In addition, airports should establish a public awareness campaign, perform regular inspections of airport property, and control movement of persons and vehicles in the aircraft operating area. Security measure: Security recommendations to U.S. Parachute Association skydiving clubs; Description: Federal Efforts to Enhance General Aviation Security: The U.S. Parachute Association disseminated security recommendations to its 219 skydiving clubs and centers across the United States, most of them based on general aviation airports. Some recommendations were aimed at ensuring security of jump aircraft during operations, as well as periods when aircraft are idle. Security measure: Assist aircraft sellers in identifying unusual financial transactions; Description: Federal Efforts to Enhance General Aviation Security: The General Aviation Manufacturers Association, in conjunction with the U.S. Department of the Treasury, worked to help aircraft sellers identify unusual financial transactions. The publication entitled Guidelines for Establishing Anti-Money Laundering Procedures and Practices Related to the Purchase of General Aviation Aircraft was developed in consultation with manufacturers, aviation-finance companies, used-aircraft brokers, and fractional ownership companies. Examples of state efforts to improve general aviation security: Security measure: Security plan for publicly owned airports (Alabama); Description: Federal Efforts to Enhance General Aviation Security: All publicly owned general aviation airports in Alabama must prepare and implement a written security plan that is consistent with TSA's May 2004 Security Guidelines for General Aviation Airports. The plan was to be submitted and on file by January 1, 2006, with the Aeronautics Bureau of the Alabama Department of Transportation in order for the airport to be eligible to receive a state-issued airport improvement grant. Security measure: Security plan for publicly owned airports (Florida); Description: Federal Efforts to Enhance General Aviation Security: Florida requires that certain public-use general aviation airports implement a security plan consistent with guidelines published by the Florida Airports Council. Security measure: Airport security enhancements (New Jersey); Description: Federal Efforts to Enhance General Aviation Security: New Jersey requires that all aircraft parked or stored more than 24 hours be secured by a two-lock system, that hangar doors have working locking devices and be closed and locked when unattended, that permanent signs providing emergency contact phone numbers be posted where specified, and that communications equipment provided by the Division of Aeronautics for emergency notification by the division or law enforcement agencies be available. Security measure: Background checks for flight students (New York); Description: Federal Efforts to Enhance General Aviation Security: New York law requires flight students to complete a criminal background check and wait for written permission to be sent to his or her flight school before beginning flight training. Airports must also register with the state and supply contact information and a security plan consistent with TSA's May 2004 Guidelines for General Aviation Airports. Security measure: State troopers provide airports with security audits (Virginia); Description: Federal Efforts to Enhance General Aviation Security: Virginia trained selected state troopers to provide airports with security audits at no charge to the airport operator. Security measure: Security assessment of public-use general aviation airports (Washington); Description: Federal Efforts to Enhance General Aviation Security: Washington contracted with a consultant to perform a security assessment of public-use general aviation airports. Source: TSA, FAA, and industry associations. [A] Further, the FAA Modernization and Reform Act of 2012 requires the Administrator of FAA to issue improved pilot licenses that, among other things, are resistant to tampering, alteration, and counterfeiting, that include a photograph of the individual to whom the license is issued, and be capable of accommodating iris and fingerprint biometric identifiers. See Pub. L. No. 112-95, § 321, 126 Stat. 11, 71-72 (2012). [End of table] [End of section] Appendix III: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20525: July 13, 2012: Mr. Stephen M. Lord: Director, Homeland Security & Justice Issues: U.S. Government Accountability Office: 441 0 Street, NW: Washington, D.C. 20548: Re: Draft Report GAO 12-875, "General Aviation Security: Weaknesses Exist in TSA's Process for Ensuring Foreign Flight School Students Do Not Pose a Security Threat" Dear Mr. Lord: Thank you for the opportunity to review and comment on this draft report. The U.S. Department of Homeland Security (DHS) appreciates the U.S. Government Accountability Office's (GAO's) work in planning and conducting its review and issuing this report. The Department was pleased to note GAO's recognition that the Transportation Security Administration (TSA) has worked to enhance general aviation security by developing various security programs and working with aviation industry stakeholders to enhance their security efforts through the development of new security guidelines. The agency works to obtain information on the security practices of industry stakeholders through compliance inspections and outreach and is working with its industry partners to develop new security regulations. Collecting information from stakeholders regarding security measures better allows ISA to establish security requirements that maximize security benefits while limiting potential adverse impacts to the General Aviation. TSA is committed to continually enhancing general aviation security. We also appreciate GAO's acknowledgment that the rate of compliance with Alien Flight Student Program (AFSP) security requirements has increased from Fiscal Year (FY) 2005 to FY 2011. We believe this increase can he attributed to TSA efforts to improve flight training providers' understanding of AFSP requirements. TSA is committed to continuing its efforts with its other governmental partners, such as DHS's U.S. Immigration and Customs Enforcement (ICE) and the Federal Aviation Administration (FAA), to enhance controls and systems to ensure all foreign nationals who are either seeking flight training or an airman's certificate in the United States have either completed required security threat assessments or are lawfully exempt. The Department concurs with all four of GAO's recommendations in the draft report. Details related to two of the recommendations, however, are not appropriate for public release and therefore are not discussed in this response. Specifically: Recommendation: That the Administrator of TSA take steps to identify any instances where foreign nationals receive FAA airmen certificates (pilot licenses) without first undergoing a TSA security threat assessment and examine those instances so that TSA can identify the reasons for these occurrences and strengthen controls to prevent future occurrences. Response: Concur. TSA receives a daily feed from FAA containing all new FAA certificates issued. TSA adds the new certificates in this daily feed to the existing approximately 4.3 million individual FAA certificates in the TSA database, which are vetted against certificates in the Terrorist Screening Database (TSDB) perpetually, on a daily basis. Additionally, before GAO's audit work, TSA and FAA began developing a Memorandum of Agreement (MOA) to exchange FAA certificate holder and AFSP data. The MOA was completed and signed in February 2012, The MOA requires FAA to provide TSA with certificate holder data monthly. TSA, in turn, matches the FAA data against data in the AFSP database showing individuals approved to conduct flight training. Recommendation: That the Secretary of Homeland Security direct the Administrator of TSA and the Commissioner of ICE to collaborate and develop a plan, with time frames, and assign individuals with responsibility and accountability for assessing the results of a pilot program to check TSA AFSP data against information DHS has on applicants' admissibility status and help detect and identify violations, such as overstays and entries without inspection, by foreign flight students, and institute that pilot program if it is found to he effective. Response: Concur. TSA is currently conducting a pilot with the ICE Counterterrorism and Criminal Exploitation Unit to determine lawful status of the active AFSP population. TSA will prepare a plan. with specific details on time frames and accountability, to assess the results of the pilot including recommendations for next steps. Estimated Completion Date: December 31, 2012. Again, thank you for the opportunity to review and comment on this draft report. Technical comments were previously provided under separate cover. Please feel free to contact me if you have any questions. We look forward to working with you in the future. Sincerely, Signed by: Jim H. Crumpacker: Director: Departmental GAO-OIG Liaison Office: [End of section] Appendix IV: GAO Contact and Staff Acknowledgments: GAO Contact: Stephen M. Lord, (202) 512-4379 or lords@gao.gov: Acknowledgments: In addition to the contact named above, Jessica Lucas-Judy, Assistant Director, and Robert Rivas, Analyst-in-Charge, managed this assignment. Erika D. Axelson, Orlando Copeland, Katherine Davis, Gloria Hernandez-Saunders, Adam Hoffman, Richard Hung, Mitchell Karpman, Stanley Kostyla, Thomas Lombardi, Marvin McGill, Jessica Orr, Anthony Pordes, Minette Richardson, and Robert Robinson made significant contributions to this report. [End of section] Footnotes: [1] Generally, nonimmigrants wishing to visit the United States gain permission to apply for admission to the country in one of two ways. First, those eligible for the visa waiver program, which allows foreign nationals from some countries to apply for admission without a visa, apply online to establish eligibility to travel under the program prior to departing for the United States (visitors from certain countries not part of the visa waiver program, such as citizens of Canada and the British Overseas Territory of Bermuda, may also apply for admission to the United States without a visa under certain circumstances). Second, those not eligible for the visa waiver program must visit the U.S. consular office with jurisdiction over their place of residence or the area in which they are physically present but not resident to obtain a visa. [2] See generally Pub. L. No. 107-71, § 101(a), 115 Stat. 597 (2001) (codified at 49 U.S.C. § 114(d)). [3] Specifically, this TSA security program--the Twelve-Five Standard Security Program--applies to aircraft weighing more than 12,500 pounds in scheduled or charter service, that carry passengers, cargo, or both, and that do not fall under other security programs. See 49 C.F.R. § 1544.101(d). [4] See DHS-FBI Joint Intelligence Bulletin, Al Q'aida and the Threat to General Aviation, (Sept. 2, 2011). [5] See 73 Fed. Reg. 64,790 (Oct. 30, 2008). [6] For purposes of this report, references to an aircraft's weight (e.g., "aircraft exceeding 12,500 pounds") refer to an aircraft's maximum certificated takeoff weight. [7] GAO, General Aviation Security: Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success, [hyperlink, http://www.gao.gov/products/GAO-05-144] (Washington, D.C.: Nov. 10, 2004). [8] GAO, General Aviation: Security Assessments at Selected Airports, [hyperlink, http://www.gao.gov/products/GAO-11-298] (Washington, D.C.: May 20, 2011). [9] See 49 C.F.R. pt. 1520. [10] See, e.g., Pub. L. No. 110-53, § 1617, 121 Stat. 266, 488-49 (2007) (codified at 49 U.S.C. § 44901(k)); 49 C.F.R. pts. 1544, 1552. [11] Originally established in 1988, following the 1988 Pan American World Airways Flight 103 bombing over Lockerbie, Scotland, the Aviation Security Advisory Committee was developed to allow all segments of the population to have input into aviation security considerations. The committee's charter expired in 2010, but was subsequently reestablished by TSA in November 2011, with plans to reestablish the General Aviation Working Group as well. The working group continued to meet informally while the committee was inactive, according to working group members we interviewed. [12] Civil aircraft must generally operate in accordance with the Federal Aviation Administration's General Operating and Flight Rules, codified at title 14, part 91 of the Code of Federal Regulations. For purposes of this report, we refer to individuals operating aircraft under part 91 (often referred to as "part 91" operators) for personal, noncommercial, or noncharter use generally as "private" operators. [13] All TSA inspection activities must be documented and entered into PARIS, along with any findings and actions taken. [14] Homeland Security Institute, General Aviation Risk Assessment, Volume 1, Final Report (May 31, 2007). [15] [hyperlink, http://www.gao.gov/products/GAO-05-144]. [16] See GAO, Actions Needed to Address Limitations in TSA's Transportation Worker Security Threat Assessments and Growing Workload, [hyperlink, http://www.gao.gov/products/GAO-12-60], (Washington, D.C.: Dec. 8, 2011), and Transportation Worker Identification Credential: Internal Control Weaknesses Need to be Corrected to Help Achieve Security Objectives, [hyperlink, http://www.gao.gov/products/GAO-11-657] (Washington, D.C.: May 10, 2011). [17] We recently reported on U.S. Immigration and Customs Enforcement's (ICE) oversight of the Student and Exchange Visitor Program (SEVP). Specifically, ICE certifies schools to accept foreign nationals on student visas in academic and vocational programs, including those that provide flight training. SEVP-certified flight schools are a relatively small percentage of schools nationwide that offer flight training to foreign nationals. See GAO, Student and Exchange Visitor Program: DHS Needs to Assess Security Risks and Strengthen Oversight of Schools, [hyperlink, http://www.gao.gov/products/GAO-12-572] (Washington, D.C.: June 18, 2012). [18] GAO, Internal Control: Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: Nov. 1999). [19] Given the specific parameters we specified for matching FAA airmen registry data against the AFSP database, we provided TSA with airmen registry data we had obtained from FAA to allow for easier review and analysis of TSA results. [20] See 49 U.S.C. § 114(d). [21] See, e.g., 49 U.S.C. § 44901. Commercial aviation, for purposes of this report, includes that sector of the nation's civil aviation system that provides for the transportation of individuals by scheduled or chartered operations for a fee, including airports and air carriers regulated pursuant to 49 C.F.R. parts 1542 and 1544. The term TSA-regulated airports refers to all airports that implement TSA- approved security programs pursuant to 49 C.F.R. part 1542 and at which TSA performs, or oversees the performance of, screening activities. [22] See, e.g., Pub. L. No. 107-71, § 132, 115 Stat. at 635-36 (requiring that TSA implement a security program for charter air carriers weighing 12,500 pounds or more, subsequently implemented as the "Twelve-Five Standard Security Program"). [23] Air charter is, in general, the business of renting an entire aircraft (i.e., chartering) as opposed to individuals purchasing seats (e.g., tickets) on the aircraft. According to TSA, 742 charter operators were registered with the Twelve-Five or Private Charter Standard Security Programs as of December 2011. TSA officials stated that approximately another 1,300 charter operators do not fall under these security programs because they weigh 12,500 pounds or less. [24] A "scheduled" passenger operation would be a flight from identified air terminals at a set time, which is held out to the public and announced by a timetable or schedule published in an advertising medium such as a newspaper or magazine. See 49 C.F.R. § 1540.5. [25] The sterile area is the portion of an airport defined in the airport security program that provides passengers access to boarding aircraft and to which access is generally controlled through the screening of persons and property. See 49 C.F.R. § 1540.5. [26] TSA announced in September 2011 that the Office of Transportation Sector Network Management would transition into OSPIE. [27] This function used to be handled by TSA's Office of Transportation Threat Assessment and Credentialing, but became part of OSPIE as part of a TSA-wide reorganization that was announced in September 2011. [28] TSA standard operating procedures provide that aircraft operators implementing TSA security programs must be inspected a minimum of once a year. [29] See, e.g., Pub. L. No. 110-53, § 1617, 121 Stat. 266, 488-49 (2007) (codified at 49 U.S.C. § 44901(k)(1)). [30] DHS deemed details on estimated numbers of fatalities and economic costs as sensitive security information. Thus, they are not included in this report. [31] Foreign nationals may apply to AFSP after they have already been admitted into the United States or before they obtain a visa or arrive in the United States. [32] See 49 C.F.R. § 1540.115(c). [33] U.S. Immigration and Customs Enforcement and U.S. Customs and Border Protection also check foreign nationals against federal databases to determine whether nonimmigrants have immigration violations. [34] Pursuant to 14 C.F.R. part 61, FAA grants different types of airman certifications, which allow pilots varying levels of flight privileges. For example, a sport pilot certification allows a pilot to fly only light sport aircraft, a recreational pilot certification allows for flights within a limited area, while a private pilot certification allows a pilot to transport passengers, but not for compensation. See 14 C.F.R. §§ 61.96-61.101 (recreational pilots), 61.102-61.117 (private pilots), and 61.301-61.327 (sport pilots). Our analysis examined foreign nationals seeking their first airman certification at the sport pilot, recreational pilot, or private pilot level. [35] See, e.g., 49 U.S.C. § 114(f), (h). [36] DHS Office of Inspector General, Transportation Security Administration (TSA) Vetting of Airmen Certificates and General Aviation Airport Access and Security Procedures, OIG-11-96 (Washington, D.C.: July 7, 2011). [37] According to FAA, the FAA Security and Investigations Division assumed responsibility for airman vetting after September 11, 2001. FAA obtained watch lists and compared them against the airmen registry. FAA began providing airman data to TSA periodically in 2003. [38] Specifically, we obtained FAA airmen registry data on 25,599 foreign nationals applying for their first FAA airman private pilot certificate, sport pilot certificate, or recreational pilot certificate from January 2006 through September 2011. The data did not include information on foreign nationals applying for FAA airman certificates based on an airman certification issued by another government, thus the data we obtained were for foreign nationals who had obtained flight training in the United States and therefore would have been required to have applied for vetting under AFSP. As a check of TSA's analysis, we reviewed the results of TSA's matching process and examined their methodology and found both to be reasonable. We then used the results of TSA's analysis to determine how many foreign nationals in the FAA airmen registry were not in the TSA AFSP database, which would indicate that they had not been vetted through AFSP, as well as foreign nationals from the FAA airmen registry who were in the TSA AFSP database, but had not been successfully vetted through AFSP. [39] As stated previously, TSA receives FAA airmen registry data on a daily basis; however, given the specific parameters we specified for matching FAA airmen registry data against the AFSP database, we provided TSA with airmen registry data we had obtained from FAA to allow for easier review and analysis of TSA results. [40] For its analysis, TSA used a software tool that performs "fuzzy matching" of data such as names, dates, or telephone numbers. The specific number is deemed sensitive security information and is therefore not included in this report. [41] Foreign nationals are not required to be vetted by AFSP if they are DOD endorsees, which requires that the foreign national present the flight school an acceptable written statement from a U.S. DOD attaché in the individual's country of residence together with a government-issued picture identification. See 49 C.F.R. § 1552.3(h)(2). According to TSA officials, these endorsement letters may be granted for foreign military members to assist in their training. [42] TSA also requires that inspectors review records maintained by the flight training provider for all flight students who identify themselves as U.S. citizens, nationals of the United States, or DOD endorsees. Flight training providers are required to retain flight training records on all students for a period of 5 years. Inspectors also review security awareness training records maintained by providers for at least 1 year after the employee is no longer employed by the flight training provider. [43] In addition to regular periodic inspections, TSA conducted eight special emphasis inspections in calendar year 2011. [44] See 49 CFR. § 1552 3(h)(1). Similarly, foreign nationals must present a copy of their current unexpired passport and visa. [45] [hyperlink, http://www.gao.gov/products/GAO-12-60]. [46] In-country overstays refer to nonimmigrants who have exceeded their authorized periods of admission and remain in the United States without lawful status, while out-of-country overstays refer to individuals who have departed the United States but who, on the basis of arrival and departure information, stayed beyond their authorized periods of admission. [47] See GAO, Homeland Security: Overstay Tracking Is a Key Component of a Layered Defense, [hyperlink, http://www.gao.gov/products/GAO-04-170T] (Washington, D.C.: Oct. 16, 2003). [48] As previously discussed, in addition to the TECS review, the security threat assessment consists of a check of the prospective flight student's biographical information against the Terrorist Screening Database and a Criminal History Records Check. [49] Foreign nationals applying to AFSP have 180 days from the time they are approved to begin flight training in the United States to begin flight training. According to TSA, they may submit their applications before entering the country. [50] The US-VISIT program is an automated visitor system to integrate information on the entry and exit from the United States of foreign nationals. The purpose of US-VISIT is to enhance the security of U.S. citizens and visitors, facilitate legitimate trade and travel, and ensure the integrity of the U.S. immigration system. ADIS is a database that stores traveler arrival, status management, and departure data. Arrival and departure data are received from, among other things, air and sea carrier manifests and U.S. Customs and Border Protection data entries at ports of entry. [51] Project Management Institute, The Standard for Program Management © (2006). [52] See generally Pub. L. No. 107-71, 115 Stat. 597 (2001); Pub. L. No. 110-53 121 Stat. 266 (2007); 49 C.F.R. pts. 1544, 1552. [53] Homeland Security Institute, General Aviation Risk Assessment, Volume 1, Final Report (May 31, 2007). [54] [hyperlink, http://www.gao.gov/products/GAO-05-144]. [55] See GAO, Actions Needed to Address Limitations in TSA's Transportation Worker Security Threat Assessments and Growing Workload, [hyperlink, http://www.gao.gov/products/GAO-12-60] (Washington, D.C.: Dec. 8, 2011), and Transportation Worker Identification Credential: Internal Control Weaknesses Need to be Corrected to Help Achieve Security Objectives, [hyperlink, http://www.gao.gov/products/GAO-11-657] (Washington, D.C.: May 10, 2011). [56] GAO, Internal Control: Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: Nov.1999). [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.