What GAO Found
GAO's preliminary analysis showed that the Transportation Security Administration (TSA) has taken steps to enhance its foreign airport assessments and air carrier inspections since 2011, including aligning program resources based on risk, resolving airport access issues, making evaluations more comprehensive, and creating operational efficiencies. For example, TSA has implemented targeted foreign airport assessments in appropriate locations based on risk; begun primarily assessing airports in Europe through joint assessments with the European Commission; and developed the Global Risk Analysis and Decision Support System to streamline the assessment report writing process and strengthen data analysis capabilities, among other actions.
GAO's preliminary analysis also found that TSA assists foreign airports in addressing identified security deficiencies through various types of capacity development efforts, such as on-the-spot counseling and consultation, and training and technical assistance. TSA also assists air carriers in addressing identified security deficiencies through on-the-spot counseling as well as providing clarification regarding TSA security requirements when necessary.
Further, TSA has taken a number of steps to strengthen its analytical processes and better understand the impact of the foreign airport assessment and air carrier inspection programs. Specifically, TSA conducts regional strategy meetings in which officials examine trend data for airport assessment and air carrier inspection results, identify common areas of non-compliance, and develop capacity building approaches customized for particular regions of the world. TSA also produces regional risk reports, which are meant to provide TSA personnel with an understanding of known vulnerabilities by region in order to inform mitigation planning efforts.
While TSA has taken steps to strengthen its analytical processes, among other things, GAO's preliminary analysis showed that TSA lacks key information for decision making. Specifically, TSA's database for tracking the resolution status of security deficiencies does not have comprehensive data on security deficiencies' root causes and corrective actions. For example, GAO found that 70 percent of fiscal year 2016 records in TSA's database exhibited empty fields pertaining to root cause or recommended corrective action. In addition, the database does not have a field to categorize specific root causes. For example, while it captures three broad categories of root causes—lack of knowledge, lack of infrastructure, and lack of will—it does not capture 12 subcategories (e.g., supervision) that would better explain the root causes of particular security deficiencies. By fully collecting data and improving the categorization of root causes, TSA would be better positioned to assure that corrective actions accurately address the specific, underlying reasons for security vulnerabilities.
Why GAO Did This Study
Approximately 300 foreign airports offer last point of departure flights to the United States. TSA is the federal agency with primary responsibility for securing the nation's civil aviation system and assesses foreign airports and inspects air carriers to ensure they have effective security measures in place. While TSA is authorized under U.S. law to conduct foreign airport assessments, it does not have authority to impose or otherwise enforce security requirements at foreign airports. In contrast, TSA does have authority to impose and enforce requirements on air carriers.
This statement summarizes key preliminary findings from GAO's draft report on (1) steps TSA has taken to enhance foreign airport assessments and air carrier inspections since 2011 and (2) steps TSA takes to address any deficiencies identified during foreign airport assessments and air carrier inspections. To develop the draft report, GAO reviewed TSA program data, interviewed TSA officials, and conducted site visits to TSA field locations that manage foreign airport assessments and air carrier inspections.
GAO's draft report, which is with TSA for comment, includes two recommendations to strengthen TSA's data management.