Aviation Security Programs: TSA Should Clarify Compliance Program Guidance and Address User Concerns with Its Data Systems
TSA conducted about 28,000 inspections of U.S. airports and passenger airline operations in 2021.
When a violation is found during an inspection, airports and air carriers can avoid civil penalties by investing their own resources as part of an action plan to find the root cause of a violation. But, TSA guidance is unclear about when these plans are appropriate.
In addition, TSA inspectors at 5 field offices we visited said flaws in a new data platform used to record their work—such as an inability to edit key fields—hindered their efforts to ensure compliance with required aviation security programs.
Our recommendations address these issues.
Example of an Air Carrier Correcting a Security Violation through a TSA Action Plan
What GAO Found
The Department of Homeland Security's Transportation Security Administration (TSA) conducted about 28,000 inspections in 2021 to identify violations and improve security for domestic airports and passenger air carriers. If TSA identifies a violation, it can take enforcement actions ranging from counseling to civil penalties.
TSA allows airports and air carriers to develop an action plan that invests their own resources to address violations in lieu of a civil penalty. The plans partner TSA with airports and air carriers to identify the root cause of a violation. Most of the airport and air carrier officials GAO spoke with like having action plans as an option. However, TSA guidance is not clear as to when the plans are appropriate to use, such as for systemic violations. Developing and sharing additional guidance could help TSA and its partners more efficiently use their resources.
Transportation Security Administration Inspector Conducting Inspection of Airport Equipment
In March 2021, TSA transitioned to a new computer platform that inspectors are to use to record information from their compliance work. Inspectors at each of the five field offices GAO visited said challenges using this platform have affected their ability to capture compliance data. For example, some of these inspectors said TSA did not adequately consult with or train users when it began transitioning data to the new platform. As a result, inspectors said they cannot edit required key data fields, such as updating points of contact or adding new regulated entities. TSA is addressing some issues, but has not fully assessed user concerns, such as the need for better communication. Assessing concerns could help TSA maximize its data system.
TSA plans to transition nine more data systems to its new platform, but has not developed a broad set of lessons learned of staff's experiences from other systems' transitions. Developing lessons learned will help TSA better ensure it mitigates past challenges during future transitions.
Why GAO Did This Study
Constant threats to passenger aviation require continuous and effective security programs. Since 2020, over 1 billion passengers traveled on flights within the United States. TSA is responsible for securing the nation's aviation transportation system by ensuring air carriers and airport operators comply with security requirements.
GAO was asked to review TSA's efforts to implement security programs. This report examines (1) how TSA inspections are designed to improve aviation security compliance, (2) how TSA addressed known instances of noncompliance from fiscal years 2017 through 2021, and (3) the extent TSA has experienced challenges transitioning to a new data compliance platform and steps taken to address them. GAO reviewed TSA documentation for its inspections and investigations and observed TSA compliance staff in five airport field offices selected based on location and the number of passengers on board aircraft in 2019. GAO also interviewed TSA officials and representatives from those five airport operators as well as the eight largest passenger air carriers.
GAO is recommending that TSA (1) develop guidance for when an action plan may be effective in resolving noncompliance, (2) assess stakeholder concerns about transitioning to a new compliance platform, and (3) develop lessons learned from other systems' transitions. The Department of Homeland Security concurred with all three recommendations.
Recommendations for Executive Action
|Transportation Security Administration||The TSA Administrator should, in consultation with its inspectors as well as with airports and air carriers, provide further guidance for inspectors and regulated entities indicating when an action plan may be an effective method for resolving a compliance violation. (Recommendation 1)||
In September 2022, we reported that the Transportation Security Administration (TSA) uses action plans as part of the agency's outcome-focused compliance efforts for regulating airports and air carriers and can address a variety of aviation security risks, but has not developed formal guidance for when it believes an action plan is an effective method for resolving a violation. As a result, we recommended TSA should provide further guidance for its inspectors and regulated entities that indicates when an action plan may be an effective method for resolving a compliance violation. In January 2023, TSA published and distributed to its inspectors and industry partners a list of Frequently Asked Questions (FAQs) about action plans that the agency compiled after seeking input from both. In February 2023, TSA held meetings with inspectors and industry partners to address and clarify outstanding issues and questions with the FAQs. In taking these steps, inspectors and industry partners have additional guidance about action plans that can help them decide whether one is an appropriate resolution for noncompliance, and lead TSA and industry partners to more efficiently use their resources. As a result, this recommendation is closed as implemented.
|Transportation Security Administration||The TSA Administrator should ensure the Information Technology and Compliance offices conduct an assessment to identify and address user concerns as PARIS transitions to the new platform. (Recommendation 2)||
DHS concurred with the recommendation and officials told us they will conduct an assessment that will identify and provide a milestone plan to address user concerns. When we confirm actions the agency has taken in response to this recommendation, we will provide updated information.
|Transportation Security Administration||The Administrator of TSA should ensure the Information Technology office identify, document, and share lessons learned from the agency's experiences transitioning the PARIS, LInKS, and GRADS data systems to a new platform in advance of future transitions. (Recommendation 3)||
DHS concurred with the recommendation and officials told us TSA would develop lessons learned and share them to help identify potential challenges and to ensure more effective and efficient transitions for any of the other IT systems that TSA plans to transition to the new platform. When we confirm actions the agency has taken in response to this recommendation, we will provide updated information.