Summary
In the 2 years since passage of the Aviation and Transportation Security Act (ATSA), the Transportation Security Administration (TSA) has primarily focused its efforts on improving aviation security through enhanced passenger and baggage screening. The act also contained provisions directing TSA to take actions to improve the security of airport perimeters, access controls, and airport workers. GAO was asked to assess TSA's efforts to: (1) evaluate the security of airport perimeters and the controls that limit access into secured airport areas, (2) help airports implement and enhance perimeter security and access controls by providing them funding and technical guidance, and (3) implement measures to reduce the potential security risks posed by airport workers.
TSA has begun evaluating the security of airport perimeters and the controls that limit access into secured airport areas. Specifically, TSA is conducting compliance inspections and vulnerability assessments at selected airports. These evaluations--though not complete--have identified perimeter and access control security concerns. While TSA officials acknowledged that conducting these airport security evaluations is essential to identifying additional perimeter and access control security measures and prioritizing their implementation, the agency has not determined how the results will be used to make improvements to the entire commercial airport system. TSA has helped some airport operators enhance perimeter and access control security by providing funds for security equipment, such as electronic surveillance systems. TSA has also begun efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems. However, TSA has not begun to gather data on airport operators' historical funding of security projects and current needs to aid the agency in setting funding priorities. Nor has TSA developed a plan for implementing new technologies or balancing the costs and effectiveness of these technologies with the security needs of individual airport operators and the commercial airport system as a whole. TSA has taken some steps to reduce the potential security risks posed by airport workers. However, TSA had elected not to fully address all related ATSA requirements. In particular, TSA does not require fingerprint-based criminal history checks and security awareness training for all airport workers, as called for in ATSA. Further, TSA has not required airport vendors to develop security programs, another ATSA requirement. TSA said expanding these efforts would require a time-consuming rulemaking process and impose additional costs on airport operators. Finally, although not required by ATSA, TSA has not developed a plan detailing when and how it intends to address these challenges.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Cathleen A. Berrick
Government Accountability Office: Homeland Security and Justice
No phone on record
Recommendations for Executive Action
Recommendation: To help ensure that TSA is able to articulate and justify future decisions on how best to proceed with security evaluations, fund and implement security improvements--including new security technologies--and implement additional measures to reduce the potential security risks posed by airport workers, the Secretary of Homeland Security should direct TSA's Administrator to develop and provide Congress with a plan for meeting the requirements of ATSA.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: Not Implemented
Comments: This recommendation has not been addressed and is closed because full implementation cannot be reasonably expected. In September 2008, we again contacted TSA to provide an opportunity to identify any actions taken to fully implement this recommendation and were told that it was unlikely that there were any other actions taken that would satisfy the recommendation.
Recommendation: The Secretary of Homeland Security should direct TSA's Administrator to develop and provide Congress with a plan for meeting the requirements of ATSA by establishing schedules and an analytical approach for completing compliance inspections and vulnerability assessments for evaluating airport security.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: Implemented
Comments: This recommendation has been fully addressed and closed. TSA has addressed the recommendation regarding compliance inspections in 2006 by implementing risk-based inspections and beginning to compile quarterly data, and in 2007 by identifying a core group of critical inspection areas (Critical Prompts)and aligning its inspection database to record the results of the critical inspections. TSA also addressed the recommendation regarding vulnerability assessments in 2007 by implementing scheduled and prioritized vulnerable assessments.
Recommendation: The Secretary of Homeland Security should direct TSA's Administrator to develop and provide Congress with a plan for meeting the requirements of ATSA by conducting assessments of technology, compile the results of these assessments as well as assessments conducted independently by airport operators, and communicate the integrated results of these assessments to airport operators.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: Not Implemented
Comments: This recommendation has not been fully addressed and is closed because full implementation cannot be reasonably expected. TSA has partially addressed this recommendation by completing technology assessments and establishing the Industry Outreach Manager position for communication and coordination. However, GAO analysis concluded that TSA has not compiled technology assessments conducted independently by airports and disseminated the integrated results to airport operators. In September 2008, we again contacted TSA to provide an opportunity to identify any actions taken to fully implement this recommendation and were told that it was unlikely that there were any other actions taken that would fully satisfy the recommendation.
Recommendation: The Secretary of Homeland Security should direct TSA's Administrator to develop and provide Congress with a plan for meeting the requirements of ATSA by using the information resulting from the security evaluation and technology assessment efforts cited above as a basis for providing guidance and prioritizing funding to airports for enhancing the security of the commercial airport system as a whole.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: Implemented
Comments: GAO concluded that there is enough support to close this recommendation as implemented. TSA has provided evidence through documentation and discussion that it used information resulting from security evaluations including compliance inspections and vulnerability assessments, and also from technology assessment efforts as a basis for providing guidance and prioritizing funding to airports for enhancing the security of the commercial airport system as a whole.
Recommendation: The Secretary of Homeland Security should direct TSA's Administrator to develop and provide Congress with a plan for meeting the requirements of ATSA by determining, in conjunction with aviation industry stakeholders, if and when additional security requirements are needed to reduce the risks posed by airport workers and developing related guidance, as needed.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: Implemented
Comments: This recommendation has been fully addressed and closed. In July 2004, TSA issued security directives addressing the issue of airport employee access to security or restricted airport areas. The primary focus of this directive was to enhance protective measures around the sterile and SIDA areas of each airport. As part of these newly issued security directives, TSA will require enhanced background checks for airport employees working in restricted areas. In addition, TSA issued a security directive addressing the issue of airport tenant (vendor) access to the sterile area of the airport. The primary focus of this directive was to enhance protective measures around the sterile and secure areas of each airport and to further clarify the requirement that workers entering sterile areas be screened at the TSA passenger screening checkpoint. Specifically, this directive required that all employees of airport tenants, who are employed or perform duties in the sterile area of the airport, regardless of the airport ID issued, must access the sterile area through the TSA screening checkpoint or only through those locations approved by the Federal Security Director when the TSA screening checkpoint is closed. TSA took additional security actions in 2006 and 2007 including random screening of employees and passengers through implementation of the Aviation Direct Access Screening Program (ADASP), and expanding requirements for name-based background checks of terrorists watch lists under the Security Threat Assessment (STA) program.
