General Aviation Security: Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success

Based on interviews conducted for our review of TSA's Risk-based Transportation Security Plans, TSA officials responsible for general aviation said that the division has put together guidelines to serve as best practices for general aviation. The guidelines include an Airport Characteristic Tool that has elements of a vulnerability assessment. It also includes a list of security guidance to strengthen vulnerabilities. According to our March 2009 report (Transportation Security: Comprehensive Risk Assessments and Stronger Internal Controls Needed to Help Inform TSA Resource Allocation, GAO-09-492), TSA is planning to conduct assessments required by the 9/11 Commission Act on railroad transportation, school buses, rail tank cars, and general aviation airports. Further, we reported that agency officials stated they were reviewing a draft of an aviation risk assessment, known as the Air Domain Risk Assessment (ADRA), which is to provide a scenario-based risk assessment for the aviation system that may augment the information TSA uses to prioritize investments in security measures. In addition, the DHS Office of Inspector General reported on the status of DHS's efforts to secure general aviation in May 2009 (TSA's Role in General Aviation Security, OIG-09-69) and concluded that TSA has (1) identified practical, targeted measures to lessen risks in the aviation sector, based on threat assessments conducted by TSA's Office of Intelligence and other federal intelligence agencies, as well as the heightened awareness of aviation vulnerabilities since September 11, 2001; and (2) worked cooperatively with the industry to establish guidelines and voluntary measures designed to target the most serious vulnerabilities, including screening pilots and restricting access to airspace over urban areas and key infrastructure. While these efforts do not explicitly address our recommendation that TSA develop an implementation plan for executing a risk management approach that will help identify general aviation threats and vulnerabilities, the plans cited in our report and the actions cited by the DHS OIG reflect TSA's intent and ongoing focus on elements of risk management that are essential for enhancing general aviation security.

Based on interviews conducted for our review of TSA's Risk-based Transportation Security Plans, TSA officials responsible for General Aviation said that the division has put together guidelines to communicate best practices for general aviation. The guidelines include an Airport Characteristic Tool that has elements of a vulnerability assessment. It also includes a list of security guidance to strengthen vulnerabilities. According to our March 2009 report (Transportation Security: Comprehensive Risk Assessments and Stronger Internal Controls Needed to Help Inform TSA Resource Allocation, GAO-09-492), TSA is planning to conduct assessments required by the 9/11 Commission Act on railroad transportation, school buses, rail tank cars, and general aviation airports. Further, we reported that agency officials stated they were reviewing a draft of an aviation risk assessment, known as the Air Domain Risk Assessment (ADRA), which is to provide a scenario-based risk assessment for the aviation system that may augment the information TSA uses to prioritize security measures for security advisories and threat notifications. In addition, the DHS Office of Inspector General reported on the status of DHS's efforts to secure general aviation on May 27 2009 (TSA's Role in General Aviation Security, OIG-09-69) and concluded that TSA has established strong lines of communication and working partnerships with industry stakeholders, which in turn enable the general aviation industry to obtain, assess, and provide security programs and policies to address security vulnerabilities. These actions reflect the intent of our recommendation to apply risk communication principles in developing and transmitting security advisories and threat notifications.

FAA issued Order JO 7210.3V on 2/14/08 to prescribe guidelines and procedures regarding the management of aircraft operations and the rationale for designating a TFR in accordance with 14 CFR Section 91.137. According to an update provided by FAA, to implement the agency's goal to use the briefest, least obtrusive airspace restriction possible to achieve the desired outcomes of safety, efficiency, and security, agency officials also conduct continual, ongoing interagency dialogue to ensure air restrictions are as brief and geographically limited as feasible.