General Aviation Security:
Weaknesses Exist in TSA's Process for Ensuring Foreign Flight Students Do Not Pose a Security Threat
GAO-12-875: Published: Jul 18, 2012. Publicly Released: Jul 18, 2012.
What GAO Found
The Transportation Security Administration (TSA) and aircraft operators have taken several important actions to enhance general aviation security, and TSA is gathering input from operators to develop additional requirements. For example, TSA requires that certain general aviation aircraft operators implement security programs. Aircraft operators under these programs must, among other things, develop and maintain TSA-approved security programs. TSA has also conducted outreach to the general aviation community to establish a cooperative relationship with general aviation stakeholders. In 2008, TSA developed a proposed rule that would have imposed security requirements on all aircraft over 12,500 pounds, including large aircraft that Department of Homeland Security (DHS) analysis has shown could cause significant damage in an attack. In response to industry concerns about the proposed rules costs and security benefits, TSA is developing a new proposed rule. Officials from all six industry associations GAO spoke with stated that TSA has reached out to gather industrys input, and three of the six associations stated that TSA has improved its efforts to gather input since the 2008 notice of proposed rulemaking.
TSA vets foreign flight student applicants through its Alien Flight Student Program (AFSP), but weaknesses exist in the vetting process and in DHSs process for identifying flight students who may be in the country illegally. From January 2006 through September 2011, more than 25,000 foreign nationals had applied for Federal Aviation Administration (FAA) airman certificates (pilots licenses), indicating they had completed flight training. However, TSA computerized matching of FAA data determined that some known number of foreign nationals did not match with those in TSAs database, raising questions as to whether they had been vetted. In addition, AFSP is not designed to determine whether a foreign flight student entered the country legally; thus, a foreign national can be approved for training through AFSP after entering the country illegally. A March 2010 U.S. Immigration and Customs Enforcement (ICE) flight school investigation led to the arrest of six such foreign nationals, including one who had a commercial pilots license. As a result, TSA and ICE jointly worked on vetting names of foreign students against immigration databases, but have not specified desired outcomes and time frames, or assigned individuals with responsibility for fully instituting the program. Having a road map, with steps and time frames, and assigning individuals the responsibility for fully instituting a pilot program could help TSA and ICE better identify and prevent potential risk. The sensitive security version of this report discussed additional information related to TSAs vetting process for foreign nationals seeking flight training.
Why GAO Did This Study
U.S. government threat assessments have discussed plans by terrorists to use general aviation aircraftgenerally, aircraft not available to the public for transportto conduct attacks. Also, the September 11, 2001, terrorists learned to fly at flight schools, which are within the general aviation community. TSA, within DHS, has responsibilities for general aviation security, and developed AFSP to ensure that foreign students enrolling at flight schools do not pose a security threat. GAO was asked to assess (1) TSA and general aviation industry actions to enhance security and TSA efforts to obtain information on these actions and (2) TSA efforts to ensure foreign flight students do not pose a security threat. GAO reviewed TSA analysis comparing FAA data from January 2006 to September 2011 on foreign nationals applying for airman certificates with AFSP data, and interviewed 22 general aviation operators at eight airports selected to reflect geographic diversity and variations in types of operators. This is a public version of a sensitive security report GAO issued in June 2012. Information TSA deemed sensitive has been omitted, including two recommendations on TSAs vetting of foreign nationals.
What GAO Recommends
GAO recommends that TSA identify how often and why foreign nationals are not vetted under AFSP and develop a plan for assessing the results of efforts to identify AFSP-approved foreign flight students who entered the country illegally. DHS concurred with GAOs recommendations and indicated actions it is taking in response.
For more information, contact Steve Lord at (202) 512-4379 or firstname.lastname@example.org.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: The Transportation Security Administration (TSA) has developed an automated process for identifying instances where foreign nationals may be receiving an FAA pilot's license without first undergoing a TSA threat assessment and now examines those instances to identify the reasons for the occurrences and strengthen controls to prevent future occurrences. Specifically, in September 2013, TSA told us that it now receives FAA airman registry data on a monthly basis, and uses an automated process to match FAA data against TSA Alien Flight Security Program (AFSP) data to determine if any foreign nationals received an FAA pilot's license without first undergoing a TSA threat assessment. TSA then investigates instances where individuals may have circumvented the AFSP requirements to try to better understand the reasons individuals were able to circumvent them. Specifically, TSA will send a letter of investigation to the flight instructor or school to determine why the person was not vetted through AFSP, and is also initiating a process where TSA inspectors in the field will incorporate these types of compliance checks as a regular part of their normal inspection work load. Thus far, TSA has closed most of its investigations with a No Action Letter and some with a Warning Notice. A No Action Letter indicates a legitimate reason was provided by the flight instructor or school, such as the student held dual citizenship, they are an FAA employee, student did not actually receive training, among other things; while a warning notice indicates the school was unaware of the discrepancy, or no response was provided, among other things. We are closing the recommendation as implemented.
Recommendation: To better ensure that TSA is able to develop effective and efficient security programs for general aviation operators, the Administrator of TSA should take steps to identify any instances where foreign nationals receive FAA airman certificates (pilot's licenses) without first undergoing a TSA security threat assessment and examine those instances so that TSA can identify the reasons for these occurrences and strengthen controls to prevent future occurrences.
Agency Affected: Department of Homeland Security: Transportation Security Administration
Status: Closed - Implemented
Comments: In November 2010, the Transportation Security Administration began working with the Immigration Customs Enforcement's (ICE) Counterterrorism and Criminal Exploitation Unit (CTCEU) and the U.S. Visitor and Immigrant Status Indicator Technology (US VISIT), to check US VISIT Arrival and Departure Information System (ADIS) against Alien Flight Security Program (AFSP) applicant data to determine applicants that may be in violation of U.S. immigration law. According to TSA, while the initial process was manually intensive, the agency deployed a web services interface tool between the AFSP and ADIS in January 2013, which provided automated daily comparisons to identify potential overstays. AFSP candidates who are identified as a potential "in-country overstay" are referred to ICE-CTCEU for further investigation. Moreover, each approved AFSP applicant is vetted daily against ADIS for 360 days following the training request approval. Regarding "entries without inspection" (EWI) by foreign flight students, TSA said that it is working collaboratively with ICE-CTCEU and US-VISIT, and is continuing to test and evaluate various approaches to better identify AFSP candidates who are potentially in EWI status. For example, TSA tried to use ADIS information to identify anyone in AFSP without an arrival record, but it was difficult to determine if the individual did not have an arrival record because they were actually an EWI, or because they had not actually entered the US yet (applied overseas) or entered the U.S. before ADIS existed (2002 or earlier). The process was also manually intensive and time consuming for the few actionable results. Moreover, TSA also tested comparisons of AFSP data against the CBP Advance Passenger Information System (APIS) to identify individuals in AFSP who did not have an arrival record, but this process yielded similar results to the ADIS concept, was also labor-intensive, and only accounted for individuals who traveled to the US via an aircraft. TSA and ICE continue to have regular discussions to find more effective ways to identify AFSP candidates who are potentially in EWI status. Because TSA piloted and developed a program for assessing AFSP data against information DHS has on an applicant's immigration and visitor status to help detect and identify violations we are closing this recommendation as implemented.
Recommendation: To better ensure that TSA is able to identify foreign nationals with immigration violations who may be applying to the Alien Flight Student Program, the Secretary of Homeland Security should direct the Administrator of TSA and the Director of ICE to collaborate to develop a plan, with time frames, and assign individuals with responsibility and accountability for assessing the results of a pilot program to check TSA AFSP data against information DHS has on applicants' admissibility status to help detect and identify violations, such as overstays and entries without inspection, by foreign flight students, and institute that pilot program if it is found to be effective.
Agency Affected: Department of Homeland Security