This is the accessible text file for GAO report number GAO-07-729 entitled 'Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened' which was released on May 11, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: United States Government Accountability Office: GAO: May 2007: Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened: GAO-07-729: GAO Highlights: Highlights of GAO-07-729, a report to congressional requesters Why GAO Did This Study: The Transportation Security Administration’s (TSA) efforts to evaluate the security of foreign airports and air carriers that service the United States are of great importance, particularly considering that flights bound for the United States from foreign countries continue to be targets of coordinated terrorist activity, as demonstrated by the alleged August 2006 liquid explosives terrorist plot. For this review, GAO evaluated the results of foreign airport and air carrier evaluations; actions taken and assistance provided by TSA when security deficiencies were identified; TSA’s oversight of its foreign airport and air carrier evaluation programs; and TSA’s efforts to address challenges in conducting foreign airport and air carrier evaluations. To conduct this work, GAO reviewed foreign airport and air carrier evaluation results and interviewed TSA officials, foreign aviation security officials, and air carrier representatives. What GAO Found: Of the 128 foreign airports that TSA assessed during fiscal year 2005, TSA found that about 36 percent complied with all applicable security standards, while about 64 percent did not comply with at least one standard. The security deficiencies identified by TSA at two foreign airports were such that the Secretary of Homeland Security notified the public that the overall security at these airports was ineffective. Of the 529 overseas air carrier inspections conducted during fiscal year 2005, for about 71 percent, TSA did not identify any security violations, and for about 29 percent, TSA identified at least one security violation. TSA took enforcement action—warning letters, correction letters, or monetary fines—for about 18 percent of the air carrier security violations. TSA addressed most of the remaining 82 percent of security violations through on-site consultation. TSA assisted foreign officials and air carrier representatives in addressing identified deficiencies through on-site consultation, recommendations for security improvements, and referrals for training and technical assistance. However, TSA’s oversight of the foreign airport assessment and air carrier inspection programs could be strengthened. For example, TSA did not have adequate controls in place to track whether scheduled assessments and inspections were actually conducted, deferred, or canceled. TSA also did not always document foreign officials’ progress in addressing security deficiencies identified by TSA. Further, TSA did not always track what enforcement actions were taken against air carriers with identified security deficiencies. TSA also did not have outcome-based performance measures to assess the impact of its assessment and inspection programs on the security of U.S.-bound flights. Without such controls, TSA may not have reasonable assurance that the foreign airport assessment and air carrier inspection programs are operating as intended. TSA is taking action to address challenges that have limited its ability to conduct foreign airport assessments and air carrier inspections, including a lack of available inspectors, concerns regarding the resource burden placed on host governments as a result of frequent airport visits by TSA and others, and host government concerns regarding sovereignty. In October 2006, TSA began implementing a risk- based approach to scheduling foreign airport assessments, which should allow TSA to focus its limited inspector resources on higher-risk airports. TSA is also exploring opportunities to conduct joint airport assessments with the European Commission and use the results of airport assessments conducted by the European Commission to potentially adjust the frequency of TSA airport visits. What GAO Recommends: In an April 2007 report that contained sensitive information, GAO recommended, and the Department of Homeland Security agreed, that TSA develop controls for tracking and documenting information and establish outcome-based performance measures to strengthen oversight of its foreign airport and air carrier evaluation programs. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-729]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Cathleen Berrick at (202) 512-3404 or berrickc@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: TSA Found That Some Foreign Airports and Air Carriers Complied with All Aviation Security Standards, and When Deemed Necessary, DHS and TSA Took Enforcement Action on Those That Did Not: TSA Assisted Foreign Officials and Air Carrier Representatives in Addressing Security Deficiencies, but Can Strengthen Oversight of the Foreign Airport Assessment and Air Carrier Inspection Programs: TSA Is Taking Action to Address Some Challenges That Have Limited Its Ability to Conduct Foreign Airport Assessments and Air Carrier Inspections: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Results of Fiscal Year 2005 Foreign Airport Assessments and Air Carrier Inspections and Actions Taken by TSA in Response to Noncompliance: Assistance Provided by TSA to Address Security Deficiencies and Oversight of Airport Assessment and Air Carrier Inspection Efforts: Challenges That Affected TSA's Ability to Conduct Foreign Airport Assessments and Air Carrier Inspections and Actions Taken to Address those Challenges: Appendix II: International Civil Aviation Organization Standards and Recommended Practices Used by TSA to Conduct Fiscal Year 2005 Foreign Airport Assessments: Appendix III: TSA Security Requirements for U.S.-Based and Foreign Carriers Operating Out of Foreign Airports: Appendix IV: U.S. Government Aviation Security Training and Technical Assistance Programs for Foreign Entities: Department of State: Anti-Terrorism Assistance Program: U.S. Trade and Development Agency: Department of Transportation--Safe Skies for Africa Program: Department of State--Bureau of International Narcotics and Law Enforcement Affairs--Organization of American States Inter-American Committee against Terrorism: Department of State--Western Hemisphere Affairs--Organization of American States--Inter-American Committee against Terrorism: Department of Justice-International Criminal Investigative Training and Assistance Program: Appendix V: Comments from the Department of Homeland Security: Appendix VI: GAO Contacts and Staff Acknowledgments: Related Products: Tables: Table 1: Positions That Play a Key Role in TSA's Foreign Airport and Air Carrier Inspection Programs: Table 2: Comparison of the Severity of Security Deficiencies and Corrective Action Taken at One Secretarial Action Airport and One Non- Secretarial Action Airport: Table 3: Budgeted and Available International Inspectors by IFO, by Month for Fiscal Year 2005: Table 4: Budgeted Number of Inspectors, Total Scheduled Foreign Airport Visits, and Average Number of Scheduled Foreign Airport Visits per Inspector, by IFO, for Fiscal Year 2005: Table 5: Description and Status of TSA-European Commission Aviation Security Working Groups: Table 6: Elements of the Aircraft Operator Standard Security Program Applicable to International Operations: Table 7: Elements of the Foreign Air Carrier Model Security Program Applicable to International Operations: Figures: Figure 1: Airport Assessment Activities: Figure 2: Process for Taking Secretarial Action against a Foreign Airport: Figure 3: Air Carrier Inspection Process: Abbreviations: AEA: Association of European Airlines: AOSSP: Aircraft Operator Standard Security Program: APEC: Asia-Pacific Economic Conference: ATA: Anti-Terrorism Assistance: CICTE: Inter-American Committee against Terrorism: DHS: Department of Homeland Security: DOJ: Department of Justice: DOT: Department of Transportation: ECAC: European Civil Aviation Conference: FAA: Federal Aviation Administration: FAARS: Foreign Airport Assessment Reporting System: FSD: Federal Security Director: GPRA: Government Performance and Results Act: IATA: International Air Transport Association: ICAO: International Civil Aviation Organization: ICE: Immigration and Customs Enforcement: ICITAP: International Criminal Investigative Training Assistance Program: IFO: international field office: INL: Bureau of International Narcotics and Law Enforcement Affairs: IPSI: International Principal Security Inspector: OAS: Organization of American States: PARIS: Performance and Results Information System: PART: Performance Assessment Rating Tool: PSI: Principal Security Inspector: SOP: standard operating procedures: TSA: Transportation Security Administration: TSAR: Transportation Security Administration Representative: USAID: United States Agency for International Development: USTDA: United States Trade and Development Agency: United States Government Accountability Office: Washington, DC 20548: May 11, 2007: The Honorable John L. Mica: Ranking Republican Member: Committee on Transportation and Infrastructure: House of Representatives: The Honorable Daniel E. Lungren: Ranking Member: Subcommittee on Transportation Security and Infrastructure Protection: Committee on Homeland Security: House of Representatives: Flights bound for the United States from foreign countries continue to be targets of coordinated terrorist activity, as demonstrated in August 2006 when British officials uncovered an alleged terrorist plot to detonate liquid explosives onboard multiple aircraft departing from the United Kingdom for the United States. Similar terrorist activity was uncovered in December 2003 when U.S. intelligence officials identified terrorists' intent on carrying out attacks on U.S.-bound flights originating from foreign airports. Such conditions highlight the continued need for the United States to coordinate efforts with foreign governments to help ensure the security of U.S.-bound flights. Given that there were more than 650,000 flights to the United States from foreign locations during calendar year 2005, the security of foreign airports and air carriers that service the United States is integral to the security of U.S. commercial aviation. The Transportation Security Administration (TSA), the federal agency with primary responsibility for securing the nation's civil aviation system,[Footnote 1] has several efforts under way with other nations to help ensure the security of U.S.-bound flights. For example, TSA, through its foreign airport assessment program, determines whether foreign airports that provide service to the United States are maintaining and carrying out effective security measures. Additionally, TSA, through its air carrier inspection program, determines whether air carriers, U.S.-based or foreign, that service the United States are complying with applicable security requirements. According to TSA officials, the foreign airport assessment and air carrier inspection programs enable TSA to inform the public about foreign airports that do not maintain and carry out effective security measures so that the public can make informed decisions when planning their travel. TSA assesses the effectiveness of security measures at foreign airports using the aviation security standards and recommended practices adopted by the International Civil Aviation Organization (ICAO).[Footnote 2] ICAO standards and recommended practices address operational issues at an airport, such as ensuring that passengers and baggage are properly screened and that unauthorized individuals do not have access to restricted areas of an airport. ICAO standards also address nonoperational issues, such as ensuring that a foreign government has implemented a national civil aviation security program for regulating security procedures at its airports and ensuring that airport officials implementing security controls go through background investigations, are appropriately trained, and are certified according to a foreign government's national civil aviation security program. Member states have agreed to comply with ICAO standards, and are strongly encouraged to comply with ICAO recommended practices. While TSA is authorized under U.S. law to conduct foreign airport assessments at intervals it considers necessary, TSA may not perform an assessment of security measures at a foreign airport without permission from the host government. TSA also conducts security inspections of foreign and U.S.- based air carriers with service to the United States from foreign countries to ensure compliance with applicable security requirements, including those set forth in the air carriers' TSA-approved security programs.[Footnote 3] As of October 2006, there were a total of 924 air carrier stations located in 268 airports around the world that service the United States and that TSA may seek to inspect.[Footnote 4] Considering the high volume of flights arriving in the United States from foreign locations and the history of terrorist threats against commercial aviation, TSA's foreign airport assessment and air carrier inspection programs are important elements in ensuring the security of inbound flights. Given the vulnerability of U.S.-bound flights to acts of terrorism, this report addresses the following questions: (1) What were the results of TSA's fiscal year 2005 foreign airport assessments and air carrier inspections, and what actions were taken, if any, when TSA identified that foreign airports and air carriers were not complying with security standards? (2) How, if at all, did TSA assist foreign countries and air carriers in addressing any deficiencies identified during foreign airport assessments and air carrier inspections, and to what extent did TSA provide oversight of its assessment and inspection efforts? (3) What challenges, if any, affected TSA's ability to conduct foreign airport assessments and air carrier inspections, and what actions have TSA and others taken to address these challenges? In April 2007, we issued a report that contained sensitive security information regarding TSA's foreign airport assessments and air carrier inspections. This report provides the results of our April 2007 report with the sensitive security information removed. To address these objectives, we obtained and reviewed TSA guidance for conducting and reporting the results of foreign airport assessments and air carrier inspections. We also obtained and analyzed the results of 128 foreign airport assessments and 529 air carrier inspections conducted by TSA during fiscal year 2005 to determine the extent to which foreign airports and air carriers operating overseas complied with aviation security standards.[Footnote 5] We assessed the reliability of TSA's air carrier inspection data for fiscal year 2005 and concluded that the data were sufficiently reliable for the purposes of our review. We also interviewed TSA's Office of Security Operations and its Transportation Sector Network Management officials, both in headquarters and the field,[Footnote 6] who are responsible for planning, coordinating, overseeing, and carrying out foreign airport assessments and air carrier inspections, to obtain information on TSA's efforts to help foreign officials address airport security deficiencies and TSA's efforts to overcome challenges identified by TSA officials in conducting foreign airport assessments and air carrier inspections. Additionally, we visited three European, three Asian, and one other North American country where we met with host government aviation security officials, air carrier representatives, airport officials, aviation industry representatives, and TSA officials to obtain their perspectives on TSA's foreign airport assessment and air carrier inspection programs. We also accompanied TSA officials during an airport assessment and air carrier inspection at an airport in the Caribbean. In addition, we interviewed 16 foreign aviation security officials stationed in their countries' embassies in Washington, D.C., to obtain their perspectives on TSA's foreign airport assessment and air carrier inspection programs. However, information obtained from our interviews with host government and aviation industry representatives cannot be generalized beyond those contacted because we did not use a probability sampling method to select these officials for interviews. We also conducted phone interviews with four Federal Security Directors (FSD)[Footnote 7] and seven TSA aviation security inspectors based in U.S. airports to discuss their involvement in foreign airport assessments and air carrier inspections. Information from these interviews cannot be generalized to all FSDs in U.S. airports or to domestic inspectors who support foreign airport assessments and air carrier inspections because we did not use a probability sampling method to select these officials for interviews. We also met with officials from ICAO, the Asia-Pacific Economic Conference (APEC), the Association of European Airlines (AEA), the European Commission, the European Civil Aviation Conference (ECAC), and the International Air Transport Association (IATA) regarding their perspectives on TSA's foreign airport assessment and air carrier inspection programs and the process and standards they use, if any, to conduct their own airport assessments.[Footnote 8] Additionally, we interviewed officials from the Department of State, Department of Justice, Department of Transportation, and the U.S. Trade and Development Agency to learn about the aviation security training and technical assistance they provide to foreign governments. We conducted our work from October 2005 through March 2007 in accordance with generally accepted government auditing standards. More details about the scope and methodology of our work are contained in appendix I. Results in Brief: Based on the results of TSA's fiscal year 2005 foreign airport assessments and air carrier inspections, some foreign airports and air carriers complied with all relevant aviation security standards, while others did not, and when deemed necessary, the Secretary of Homeland Security and TSA took enforcement action against those that were not in compliance. Of the 128 foreign airports with air carriers that provide service to the United States and that TSA assessed during fiscal year 2005, TSA found that at the completion of the assessment, 46 (about 36 percent) complied with all ICAO standards and recommended practices, whereas 82 (about 64 percent) did not meet at least one ICAO standard or recommended practice. The most common area of noncompliance for foreign airports was related to quality control--mechanisms to assess and address security vulnerabilities at airports. For example, one airport did not meet quality control standards because it did not have a mechanism in place to ensure that airport officials implementing security controls were appropriately trained and able to effectively perform their duties. According to TSA, access control measures and passenger and checked baggage screening are critical elements of effective security at foreign airports because these measures are intended to prevent terrorists from carrying dangerous items, such as weapons and explosives, onto aircraft. However, even if a foreign airport does not meet multiple aviation security standards, including critical standards, TSA may determine that such deficiencies do not warrant review by the Secretary of Homeland Security.[Footnote 9] Nonetheless, if TSA determines that secretarial action may be warranted and the Secretary of Homeland Security, based on TSA's assessment, determines that a foreign airport does not maintain and carry out effective security measures, then he or she must take action. These actions may include issuing a letter to foreign government officials stating that they have 90 days to improve security measures to meet ICAO standards or notifying the public that a foreign airport does not maintain and carry out effective security measures. For example, during fiscal year 2005, the Secretary of Homeland Security determined that 2 of the 128 foreign airports that TSA assessed were not maintaining and carrying out effective security measures. In response, DHS notified the general public of these determinations by the Secretary. During fiscal year 2005, of the 529 inspections of air carriers operating out of foreign airports, there were 373 inspections (about 71 percent) for which TSA did not identify any security violations and 156 inspections (about 29 percent) for which TSA found that the air carrier did not comply with at least one TSA security requirement. There were a total of 419 instances of noncompliance identified during these 156 inspections.[Footnote 10] In some cases, the security deficiencies identified during these inspections were corrected or addressed immediately. When security deficiencies were not resolved immediately, TSA inspectors, at times, recommended enforcement action. Enforcement action included issuing letters of warning or correction to air carriers or imposing civil penalties--monetary fines--on air carriers. Of the 419 security violations identified during fiscal year 2005 air carrier inspections, 259 (about 62 percent) were corrected or addressed immediately, and 76 (about 18 percent) were recommended for enforcement action. TSA could not readily identify the enforcement actions that were taken for the remaining 84 (20 percent) security violations. Enforcement actions taken by TSA as a result of fiscal year 2005 air carrier inspections consisted of 26 enforcement actions and 14 letters of correction.[Footnote 11] Civil penalties ranging from $18,000 to $25,000 were recommended for 7 enforcement actions. Although TSA has not conducted its own analysis of foreign airport assessment and air carrier inspection results, TSA officials stated that our analysis of the results was consistent with their assumptions regarding the most prominent security deficiencies identified among foreign airports and air carriers. However, TSA officials stated that it is difficult to draw conclusions about the results--such as whether the results are generally positive or negative--considering the differences in the capabilities and willingness of foreign officials to address security deficiencies. TSA officials further stated that the cumulative results of the assessments and inspections may be helpful in identifying the aviation security training needs of foreign aviation security officials. While TSA does not have its own program to provide aviation security training and technical assistance to foreign aviation security officials, TSA officials stated that they could use the results of TSA's foreign airport assessments to refer foreign officials to training and technical assistance programs offered by ICAO and several other U.S. government agencies. During fiscal year 2005, TSA helped improve security at foreign airports by assisting foreign officials and air carrier representatives in addressing security deficiencies identified during TSA assessments and inspections. However, TSA's oversight of the foreign airport assessment and air carrier inspection programs could be strengthened. TSA assisted foreign officials in addressing security deficiencies identified during airport assessments in various ways, including providing on-site consultation to help foreign officials immediately address security deficiencies, making recommendations to help foreign officials sustain security improvements, and helping foreign governments obtain aviation security training and technical assistance. To help air carriers address security deficiencies that were identified, TSA often provided on-site consultation. For example, during one inspection, TSA inspectors identified a security deficiency related to catering carts, after which the inspectors immediately notified the air carrier of the deficiency and made a recommendation for better securing catering carts in the future.[Footnote 12] TSA also assigned a principal security inspector to each U.S. carrier and foreign carrier that provides service to the United States whose responsibility was to counsel air carriers and provide clarification on TSA security requirements when necessary. TSA has several controls in place to ensure that the agency is meeting internal requirements for implementing the foreign airport assessment and air carrier inspection programs, such as requiring inspectors to use standard operating procedures for coordinating with host government officials for scheduling, conducting, and reporting the results of foreign airport assessments. However, additional controls--including controls for tracking, documenting, and measuring the impact of TSA's assessment and inspection activities--would help strengthen its oversight of these programs. First, TSA does not have controls in place to track the status of scheduled foreign airport assessments and air carrier inspections, including whether the assessments and inspections were actually conducted or whether they were deferred or canceled, which could make it difficult for TSA to ensure that scheduled assessments and inspections are completed. Second, TSA does not always document the results of follow-up conducted by TSA international staff to determine progress made by foreign governments in addressing security deficiencies identified by TSA. Documentation of such follow-up would enable TSA to have access to updated information on the security of foreign airports that provide service to the United States. Third, TSA does not always track the status of air carrier inspections from initiation through completion, which prevents TSA from determining whether appropriate action was taken against air carriers that violated security requirements. Finally, TSA does not have outcome-based performance measures in place to measure the impact that its efforts have had on helping foreign airport officials and air carrier representatives comply with aviation security standards and requirements. Federal standards for internal controls and associated guidance suggest that agencies should document key decisions in a way that is complete and accurate, and that allows decisions to be traced from initiation, through processing, to after completion. Starting in August 2006, TSA officials began to develop controls for tracking the status of scheduled foreign airport visits, such as tracking the number of days remaining until inspectors are to visit a particular foreign airport. However, in February 2007, TSA officials acknowledged that additional refinements to the tracking system were needed. TSA officials also stated that developing performance measures to assess the impact of assessment and inspection-related efforts on security at foreign airports would be useful, but they identified several concerns about developing such measures. For example, TSA officials stated that whether foreign officials improve security at their airports is not within TSA's control and, therefore, developing a performance measure related to TSA's contributions to improving foreign airport security may not be appropriate. However, other federal agencies, such as the Department of State, have developed performance measures for foreign assistance programs for which the outcome is not entirely within the agency's control. Even without full control over such measures, it would be useful for TSA to develop outcome-based measures for its foreign airport assessment and air carrier inspection programs--such as the percentage of security deficiencies that were addressed as a result of TSA on-site assistance and TSA recommendations for corrective action--to identify any aspects of these programs that need improvement. Also, with additional oversight of the foreign airport assessment and air carrier inspection programs, TSA would have better assurance that these programs are operating as intended. TSA is taking action to address challenges that have limited its ability to conduct foreign airport assessments and air carrier inspections, including a lack of available inspectors, concerns regarding the resource burden placed on host governments as a result of frequent airport visits by TSA and others, and concerns unique to specific host governments, such as sovereignty--more specifically, concerns that TSA assessments and inspections infringe upon a host government's authority to regulate airports and air carriers within its borders. According to TSA officials, TSA deferred approximately 30 percent of the foreign airport visits--including airport assessments and air carrier inspections--that were scheduled for fiscal year 2005, due to the lack of available inspectors and concerns raised by host government officials. TSA officials stated that two key factors affected the availability of inspectors during fiscal year 2005. First, TSA was operating with fewer inspectors than the agency budgeted for fiscal year 2005. Specifically, three of the five international field offices were operating with fewer inspectors than they were budgeted during at least 9 months out of the fiscal year. According to TSA, the shortage of inspectors was due to the high turnover rate for inspectors and the lengthy process for hiring additional inspectors to fill vacant positions. Second, TSA scheduled more foreign airport visits--which includes both airport assessments and air carrier inspections--than the budgeted number of inspectors could have reasonably conducted. According to TSA, each inspector can reasonably conduct between 8 and 12 foreign airport visits per year depending on the amount of time inspectors remain on site to help foreign authorities address any security deficiencies. However, all five international field offices scheduled more than 12 foreign airport visits per inspector during fiscal year 2005; one international field office scheduled more than 24 visits per inspector. TSA officials said that their internal policy regarding the frequency with which the agency is to conduct foreign airport assessments and air carrier inspections drove their decision to schedule more foreign airport visits than inspectors could reasonably have conducted. According to TSA officials, this internal policy was developed by the Federal Aviation Administration, which was responsible for conducting foreign airport assessments and air carrier inspections prior to TSA. TSA officials also stated that the Federal Aviation Administration had more available inspectors to conduct assessments and inspections than TSA. Given the lack of available international inspectors, TSA also used domestic inspectors--that is, inspectors who typically conduct security inspections at U.S. airports--to conduct 33 percent of the scheduled foreign airport visits for fiscal year 2005. However, TSA officials stated that the use of domestic inspectors is undesirable because these inspectors lack experience conducting assessments in the international environment. During October 2006, TSA began implementing a risk-based approach to scheduling foreign airport assessments to better allocate its limited inspector resources by focusing on foreign airports that pose the greatest security risk to U.S.-bound air travel. Another potential benefit to TSA's new risk- based approach to scheduling is that it may allow TSA to reduce its reliance on domestic inspectors. Our analysis shows that TSA's risk- based approach is consistent with generally accepted risk management principles. TSA has also taken steps to address concerns regarding the resource burden placed on host governments as a result of frequent airport visits. Host government officials in three of the seven foreign countries we visited, and representatives of various air carrier associations, stated that countries are subjected to multiple assessments and inspections each year by TSA, ICAO, the European Commission, and others, and because foreign government officials and air carrier representatives have to escort the various inspectors during the assessment and inspections, the frequency of airport visits is burdensome on the host government and air carriers. TSA's risk-based approach for scheduling airport assessments should help address some host governments' concerns regarding the resource burden. TSA has also begun to explore other opportunities to alleviate the resource burden placed on host governments. Specifically, when the opportunity is available, TSA is considering conducting joint assessments and using the results of some host government or third party assessments to adjust the frequency of TSA visits; collectively, these efforts may reduce the number of airport visits experienced by some countries. However, TSA officials stated that they are cautious about using the results of other entities' assessments because TSA has not independently evaluated the quality of the assessments conducted by these other entities and because these other entities base their assessments on different aviation security standards than TSA. TSA headquarters officials stated that working with host governments to harmonize aviation security standards as well as the process used to conduct assessments--that is, developing similar standards and assessment processes that provide the same level of security--would facilitate TSA's use of host government and third party assessment results. TSA has made efforts to harmonize security standards and inspection processes with the European Commission, although, as of February 2007, a time frame for completion of these efforts had not yet been established. TSA has also harmonized some security standards-- particularly those related to the screening of liquids, gels, and aerosols--with several European countries, Australia, and Canada. In addition to working to address concerns regarding the resource burden placed on host governments as a result of frequent airport visits, TSA has taken steps to address some country-specific challenges that have limited TSA's ability to conduct foreign airport visits. For example, TSA said that officials from one country viewed TSA's airport assessments as an infringement on their country's sovereignty, and therefore would not allow TSA to conduct assessments of airports in their country. However, TSA officials negotiated with officials in this country so that assessments are conducted under the guise of a TSA "visit" to--versus an "assessment" of--the airport, although officials from that country prohibit TSA inspectors from assessing airport perimeter security and the contents of their national aviation security programs. TSA officials stated that when unique concerns arise in the future, they will continue to work with countries on a case-by-case basis to try to address their concerns. In our April 2007 report that contained sensitive security information, we made several recommendations to assist TSA in strengthening oversight of the foreign airport assessment and air carrier inspection programs. These include developing and implementing controls to track the status of scheduled foreign airport assessments and air carrier inspections from initiation through completion, including reasons why assessments and inspections were deferred or canceled; developing and implementing a standard process for tracking and documenting host governments' progress in addressing security deficiencies identified during airport assessments; and developing performance measures to evaluate the impact that TSA assistance and enforcement actions have had on improving foreign airport and air carrier compliance with applicable aviation security standards. We provided a draft of this report to the Department of Homeland Security (DHS) for review. DHS, in its written comments, concurred with our findings and recommendations, and stated that the recommendations will help strengthen TSA's oversight of foreign airport assessments and air carrier inspections. DHS described some actions that TSA is taking to implement these recommendations, including enhancing its tracking system to include the reason for deferment or cancellation of an airport assessment or an air carrier inspection; developing a system whereby outstanding deficiencies noted during an assessment will be tracked along with deficiency specific information, deadlines, and current status; and developing outcome-based performance measures for the foreign airport assessment program and air carrier inspection activities. Background: DHS Responsibilities for Ensuring the Security of U.S.-Bound Flights from Foreign Countries: Shortly after the September 11, 2001, terrorist attacks, Congress passed, and the President signed into law, the Aviation and Transportation Security Act, which established TSA and gave the agency responsibility for securing all modes of transportation, including the nation's civil aviation system, which includes domestic and international commercial aviation operations.[Footnote 13] In accordance with 49 U.S.C. § 44907, TSA assesses the effectiveness of security measures at foreign airports served by a U.S. air carrier, from which a foreign air carrier serves the United States, that pose a high risk of introducing danger to international air travel, and at other airports deemed appropriate by the Secretary of Homeland Security.[Footnote 14] This provision of law also identifies measures that the Secretary must take in the event that he or she determines that an airport is not maintaining and carrying out effective security measures based on TSA assessments.[Footnote 15] TSA also conducts inspections of U.S. air carriers and foreign air carriers servicing the United States from foreign airports pursuant to its authority to ensure that air carriers certificated or permitted to operate to, from, or within the United States meet applicable security requirements, including those set forth in an air carrier's TSA-approved security program.[Footnote 16] The Secretary of DHS delegated to the Assistant Secretary of TSA the responsibility for conducting foreign airport assessments but retained responsibility for making the determination that a foreign airport does not maintain and carry out effective security measures. Currently, TSA's Security Operations and Transportation Sector Network Management divisions are jointly responsible for conducting foreign airport assessments and air carrier inspections. Table 1 highlights the roles and responsibilities of certain TSA positions within these divisions that are responsible for implementing the foreign airport assessment and air carrier inspection programs. Table 1: Positions That Play a Key Role in TSA's Foreign Airport and Air Carrier Inspection Programs: Office/division: Security Operations; Position: Aviation Security Inspector; Duties: Inspectors are primarily responsible for performing and reporting the results of both foreign airport assessments and the air carrier inspections, and will provide on-site assistance and make recommendations for security enhancements. Inspectors are also deployed in response to specific incidents or to monitor for identified threats. Inspectors are based in one of TSA's five international field offices (IFO)[A.]. Office/division: Transportation Sector Network Management; Position: Transportation Security Administration Representative (TSAR); Duties: TSARs communicate with foreign government officials to address transportation security matters and to conduct foreign airport assessments. Specifically, the TSARs serve as on-site coordinators for TSA responses to terrorist incidents and threats to U.S. assets at foreign transportation modes. TSARs also serve as principal advisors on transportation security affairs to U.S. ambassadors and other embassy officials responsible for transportation issues to ensure the safety and security of the transportation system. For the foreign airport assessment program, TSARs are often involved in arranging pre- assessment activities, assessment visits, and follow-up visits. Additionally, TSARs are responsible for completing portions of the airport assessment reports and reviewing completed assessment reports. TSARs also help host government officials address security deficiencies that are identified during assessments. Office/division: Transportation Sector Network Management; Position: International Security Principal Inspector (IPSI); Duties: IPSIs are responsible for assisting foreign air carriers in complying with TSA security requirements by providing counseling and clarification to airlines on TSA requirements and providing requested information to TSA about these air carriers. Office/division: Transportation Sector Network Management; Position: Principal Security Inspector (PSI); Duties: PSIs are responsible for assisting U.S.-based air carriers in complying with TSA security requirements by providing oversight to airlines on TSA requirements and providing requested information to TSA about these air carriers. Source: TSA. [A] IFO managers are responsible for the overall planning of assessment visits that take place in their respective regions. TSA's IFOs are located in Dallas, Miami, Frankfurt, Singapore and Los Angeles. [B] TSARs are located in Athens, Bangkok, Beijing, Brussels, Buenos Aires, Dallas, Frankfurt, London, Madrid, Manila, Miami, Paris, Rome, Singapore, Sydney, Tokyo, and Washington, D.C. [End of table] TSA's Process for Assessing Aviation Security Measures at Foreign Airports: TSA conducts foreign airport assessments to determine the extent to which foreign airports maintain and carry out effective security measures in order to ensure the security of flights bound for the United States. Specifically, TSA assesses foreign airports using 86 of the 106 aviation security standards and recommended practices adopted by ICAO, a United Nations organization representing nearly 190 countries.[Footnote 17] (See app. II for a description of the 86 ICAO standards and recommended practices TSA uses to assess security measures at foreign airports.[Footnote 18]) While TSA is authorized under U.S. law to conduct foreign airport assessments at intervals it considers necessary, TSA may not perform an assessment of security measures at a foreign airport without permission from the host government. During fiscal year 2005, TSA scheduled assessments by categorizing airports into two groups. Category A airports--airports that did not exhibit operational issues in the last two TSA assessments--were assessed once every 3 years, while category B airports--airports that did exhibit operational issues in either of the last two TSA assessments, or were not previously assessed--were assessed annually. Based on documentation provided by TSA, during fiscal year 2005, TSA assessed aviation security measures in place at 128 foreign airports that participated voluntarily in TSA's Foreign Airport Assessment Program.[Footnote 19] TSA's assessments of foreign airports are conducted by a team of inspectors, which generally includes one team leader and one team member. According to TSA, it generally takes 3 to 7 days to complete a foreign airport assessment. However, the amount of time required to conduct an assessment varies based on several factors, including the size of the airport, the number of air carrier station inspections to be conducted at the airport,[Footnote 20] the threat level to civil aviation in the host country, and the amount of time it takes inspectors to travel from the international field office (IFO) to the airport where the assessment will take place. An additional 2 weeks is required for inspectors to complete the assessment report after they return to the IFO. As shown in figure 1, regarding the process for conducting a foreign airport assessment, before TSA can assess the security measures at a foreign airport, the Transportation Security Administration Representative (TSAR) must first obtain approval from the host government to allow TSA to conduct an airport assessment and to schedule the date for an on-site visit to the foreign airport. During the assessment, the team of inspectors uses several methods to determine a foreign airport's level of compliance with international security standards, including conducting interviews with airport officials, examining documents pertaining to the airport's security measures, and conducting a physical inspection of the airport. For example, the inspectors are to examine the integrity of fences, lighting, and locks by walking the grounds of the airport. Inspectors also make observations regarding access control procedures, such as looking at employee and vehicle identification methods in secure areas, as well as monitoring passenger and baggage screening procedures in the airport. At the close of an airport assessment, inspectors brief foreign airport and government officials on the results of the assessment. TSA inspectors also prepare a report summarizing their findings on the airport's overall security posture and security measures, which may contain recommendations for corrective action and must be reviewed by the TSAR, the IFO manager, and TSA headquarters officials. Figure 1: Airport Assessment Activities: [See PDF for image] Source: GAO analysis of information provided by TSA. [End of figure] If the inspectors report that an airport's security measures do not meet minimum international security standards, particularly critical standards, such as those related to passenger and checked baggage screening and access controls, TSA headquarters officials are to inform the Secretary of Homeland Security.[Footnote 21] If the Secretary, based on TSA's airport assessment results, determines that a foreign airport does not maintain and carry out effective security measures, he or she must, after advising the Secretary of State, take secretarial action. Figure 2 describes in detail the types of secretarial action the Secretary may take during such instances. There are three basic types of secretarial action: * 90-day action--The Secretary notifies foreign government officials that they have 90 days to address security deficiencies that were identified during the airport assessment and recommends steps necessary to bring the security measures at the airport up to ICAO standards.[Footnote 22] * Public notification--If, after 90 days, the Secretary finds that the government has not brought security measures at the airport up to ICAO standards, the Secretary notifies the general public that the airport does not maintain and carry out effective security measures.[Footnote 23] * Modification to air carrier operations--If, after 90 days, the Secretary finds that the government has not brought security measures at the airport up to ICAO standards: - The Secretary may withhold, revoke, or prescribe conditions on the operating authority of U.S.-based and foreign air carriers operating at that airport, following consultation with appropriate host government officials and air carrier representatives, and with the approval of the Secretary of State. - The President may prohibit a U.S.-based or foreign air carrier from providing transportation between the United States and any foreign airport that is the subject of a secretarial determination. * Suspension of service--The Secretary, with approval of the Secretary of State, shall suspend the right of any U.S.-based or foreign air carrier to provide service to or from an airport if the Secretary determines that a condition exists that threatens the safety or security of passengers, aircraft, or crew traveling to or from the airport, and the public interest requires an immediate suspension of transportation between the United States and that airport.[Footnote 24] Figure 2: Process for Taking Secretarial Action against a Foreign Airport: [See PDF for image] Source: GAO analysis of information provided by TSA. [End of figure] TSA's Process for Inspecting Air Carriers with Service to the United States from Foreign Airports: Along with conducting airport assessments, the same TSA inspection team also conducts air carrier inspections when visiting a foreign airport to ensure that air carriers are in compliance with TSA security requirements.[Footnote 25] Both U.S. and foreign air carriers with service to the United States are subject to inspection. As of February 2007, TSA guidance required TSA to inspect each U.S. air carrier station once a year, except for those airports in which TSA has determined to be an "extraordinary" location,[Footnote 26] where inspections are to occur twice a year. Foreign air carriers are to be inspected twice in a 3-year period at each foreign airport, except in extraordinary locations, where they are to be inspected annually.[Footnote 27] According to documentation provided by TSA, during fiscal year 2005, TSA conducted 529 inspections of foreign and U.S. air carriers serving the United States from foreign airports. When conducting inspections, TSA inspectors examine compliance with applicable security requirements, including TSA-approved security programs,[Footnote 28] emergency amendments to the security programs, and security directives.[Footnote 29] Air carrier security programs are based on the Aircraft Operator Standard Security Program for U.S.-based air carriers and the Model Security Program for foreign air carriers, which serve as guidance for what an air carrier needs to include in its own security program. The Aircraft Operator Standard Security Program is designed to provide for the safety of passengers and their belongings traveling on flights against acts of criminal violence, air piracy, and the introduction of explosives, incendiaries, weapons, and other prohibited items onboard an aircraft. Likewise, the Model Security Program is designed to prevent prohibited items from being carried aboard aircraft, prohibit unauthorized access to airplanes, ensure that checked baggage is accepted only by an authorized carrier representative, and ensure the proper handling of cargo to be loaded onto passenger flights. When TSA determines that additional security measures are necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA may issue a security directive or an emergency amendment to an air carrier security program that sets forth additional mandatory security requirements.[Footnote 30] Air carriers are required to comply with each applicable security directive or emergency amendment issued by TSA, along with the requirements already within their security programs and any other requirements set forth in applicable law. Appendix III provides additional information on security requirements for U.S. and foreign air carriers serving the United States from foreign airports. Although U.S.-based and foreign air carriers are guided by different standards within the Aircraft Operator Standard Security Program and the Model Security Program, inspections for both of these entities are similar. As in the case of airport assessments, air carrier inspections are conducted by a team of inspectors, which generally includes one team leader and one team member. An inspection of an air carrier typically takes 1 or 2 days, but can take longer depending on the extent of service by the air carrier. Inspection teams may spend several days at a foreign airport inspecting air carriers if there are multiple airlines serving the United States from that location. During an inspection, inspectors are to review applicable security manuals, procedures, and records; interview air carrier station personnel; and observe air carrier employees processing passengers from at least one flight from passenger check-in until the flight departs the gate to ensure that the air carrier is in compliance with applicable requirements. Inspectors evaluate a variety of security measures, such as passenger processing including the use of No-Fly and Selectee lists,[Footnote 31] checked baggage acceptance and control, aircraft security, and passenger screening. Inspectors record inspection results into TSA's Performance and Results Information System (PARIS) system, a database containing security compliance information on TSA-regulated entities. If an inspector finds that an air carrier is violating any applicable security requirements, additional steps are to be taken to record those specific violations and, in some cases, pursue them with further investigation. Figure 3 provides an overview of the air carrier inspection and documentation process, including the options for what type of penalty, if any, should be imposed on air carriers for identified security violations. Figure 3: Air Carrier Inspection Process: [See PDF for image] Source: GAO analysis of information provided by TSA. [End of figure] When an inspector identifies a violation of a security requirement, a record of the violation is opened in PARIS. According to guidance issued by TSA to inspectors, there are various enforcement tools available to address instances of noncompliance discovered during an inspection: * On-the-spot counseling is generally to be used for noncompliance that is minor and technical in nature, and can be remedied immediately at the time it is discovered. When this course of action is taken, the inspector notes that the noncompliance issue was closed with TSA counseling in the finding record and no further action is required. * Administrative action is generally to be used for violations or alleged violations that are unintentional, not the result of substantial disregard for security, where there are no aggravating factors present, or first-time violations. An administrative action results in either a letter of correction or a warning notice being issued to the air carrier. * Civil penalties in the form of fines are generally to be used in response to cases involving egregious violations, gross negligence, or where administrative action and counseling did not adequately resolve the noncompliance. Fines can range between $2,500 and $25,000 based on the severity of the violation.[Footnote 32] If the violation is severe enough, TSA may also recommend revocation of the air carrier's certification to fly into the United States, but this action has not yet been taken by TSA. If a violation is resolved with on-the-spot counseling, that fact is recorded in the finding record of PARIS and the matter is closed. However, if the inspector opts to pursue administrative action or a civil penalty against the air carrier, an enforcement investigation record is opened, and an investigation is conducted. Based on the investigation findings, the inspector recommends either an administrative action or a civil penalty, depending on the finding and the circumstances. If the investigation does not provide evidence that a violation occurred, the matter is closed with no action taken. If the inspector makes a recommendation for an administrative action, the supervisory inspector or IFO manager will typically review the recommendation and, if appropriate, approve and issue the action. The supervisory inspector may also recommend that the action be changed to no action or to a civil penalty. In the case of the latter, the case will be referred to the Office of Chief Counsel for further review. In those cases where the inspector recommends that a civil penalty be assessed on the air carrier, it is referred to the Office of Chief Counsel for review. The office is responsible for ensuring that the action is legally sufficient, and that the recommended fine is consistent with agency guidelines. TSA's Office of Chief Counsel makes the final determination for any legal enforcement action. The office may approve the proposed action or make a recommendation for other actions, including administrative action or no action at all. TSA Found That Some Foreign Airports and Air Carriers Complied with All Aviation Security Standards, and When Deemed Necessary, DHS and TSA Took Enforcement Action on Those That Did Not: Based on the results of TSA's foreign airport assessments, during fiscal year 2005, some foreign airports and air carriers complied with all relevant aviation security standards, while others did not. The most common area of noncompliance for foreign airports was related to quality control--mechanisms to assess and address security vulnerabilities at airports. The Secretary of Homeland Security determined that the security deficiencies at two foreign airports assessed during fiscal year 2005 were so serious that he subsequently notified the general public that these airports did not meet international aviation security standards. In addition to assessing the security measures implemented by the airport authority at foreign airports, TSA also inspected the security measures put in place by air carriers at foreign airports. When security deficiencies identified during air carrier inspections could not be corrected or addressed immediately, TSA inspectors recommended enforcement action. TSA officials stated that while it is difficult to determine whether the assessment and inspection results are generally positive or negative, the cumulative foreign airport assessment and air carrier inspection results may be helpful in identifying the aviation security training needs of foreign aviation security officials. TSA does not have its own program through which aviation security training and technical assistance are formally provided to foreign aviation security officials. However, TSA officials stated that they could use the results of TSA's foreign airport assessments to refer foreign officials to training and technical assistance programs offered by ICAO and several other U.S. government agencies. TSA Data Identified That More than One-Third of Foreign Airports Complied with All Relevant ICAO Standards during Fiscal Year 2005, and the Remaining Airports Had Security Deficiencies: Of the 128 foreign airports TSA assessed during fiscal year 2005, TSA data show that at the completion of these assessments, 46 (about 36 percent) complied with all ICAO standards reviewed by TSA,[Footnote 33] while 82 (about 64 percent) did not meet at least one ICAO standard reviewed by TSA.[Footnote 34] For these 82 foreign airports, the average number of standards not met was about 5, and the number of standards not met by an individual airport ranged from 1 to 22. Foreign airports were most frequently not meeting ICAO standards related to quality control. TSA data show that about 39 percent of foreign airports assessed during fiscal year 2005 did not comply with at least one ICAO quality control standard, which include mechanisms to assess and address security vulnerabilities at airports. For example, one airport did not meet an ICAO quality control standard because it did not have a mechanism in place to ensure that airport officials implementing security controls were appropriately trained and able to effectively perform their duties. In another instance, an airport did not comply with an ICAO quality control standard because, during its previous two assessments, inspectors found that the airport did not require or have records of background investigations conducted for individuals implementing security controls at the airport. Another area in which airports were not meeting ICAO quality control standards was the absence of a program to ensure the quality and effectiveness of their National Civil Aviation Security Program. TSA officials stated that quality control deficiencies may be prevalent among foreign airports in part because there is no international guidance available to aviation security officials to help them develop effective quality control measures. However, TSA officials stated that ICAO and other regional aviation security organizations offer training courses to help aviation security officials worldwide in developing effective quality control measures. TSA data also identified that at the completion of the assessment, nearly half of the foreign airports assessed during fiscal year 2005 did not meet at least one of the 17 ICAO standards that TSA characterized as "critical" to aviation security.[Footnote 35] According to TSA, access control, screening of checked baggage, and screening of passengers and their carry-on items are critical aspects of aviation security because these measures are intended to prevent terrorists from carrying dangerous items, such as weapons and explosives, onto aircraft. TSA data identified that some foreign airports assessed during fiscal year 2005 did not meet at least one access control standard. TSA data also identified that some foreign airports did not meet ICAO standards related to checked baggage screening. One of the baggage screening deficiencies TSA identified involved foreign airports not taking steps to prevent checked baggage from being tampered with after the baggage had been screened, prior to the baggage being placed on the aircraft. TSA data also identified that some foreign airports assessed during fiscal year 2005 did not meet ICAO standards related to passenger screening. One of the passenger- screening problems identified by TSA involved screening personnel not resolving hand-held metal detector or walk-through metal detector alarms to determine whether the individuals being screened were carrying prohibited items. The Secretary of Homeland Security Took Action against Foreign Airports That Did Not Maintain and Carry Out Effective Security Measures: Even if a foreign airport does not meet multiple aviation security standards, including critical standards, TSA may determine that such deficiencies do not warrant review by the Secretary of Homeland Security. However, if TSA determines that secretarial action may be warranted and the Secretary of Homeland Security, based on TSA's assessment, determines that a foreign airport does not maintain and carry out effective security measures, he or she must take secretarial action. Since the inception of DHS in March 2003, the Secretary of Homeland Security has taken action against five foreign airports he determined were not maintaining and carrying out effective security measures, four of which received 90-day action letters. The Secretary notified the public of his determination with respect to two of these airports--Port-au-Prince Airport in Haiti[Footnote 36] and Bandara Ngurah Rai International Airport in Bali, Indonesia[Footnote 37]--both of which were assessed during fiscal year 2005. TSA officials told us that the decision to take secretarial action against an airport is not based solely on the number and type of security deficiencies identified during TSA airport assessments.[Footnote 38] Rather, the secretarial action decision is based on the severity of the security deficiencies identified, as well as past compliance history, threat information, and the capacity of the host government to take corrective action.[Footnote 39] For example, there were other foreign airports assessed during fiscal year 2005 that did not comply with about the same number and type of critical ICAO standards as the five airports that received secretarial action. However, according to the former Deputy Director of TSA's Compliance Division, secretarial action was not taken against these airports either because the security deficiencies were determined to be not as severe, the host country officials were capable of taking immediate corrective action to address the deficiencies, or TSA did not perceive these airports to be in locations at high risk of terrorist activity. Table 2 demonstrates how two foreign airports--one for which secretarial action was taken and the other for which no secretarial action was taken--have about the same number and types of critical deficiencies, but differ in the severity of the deficiencies and their capability to take immediate corrective action to address identified deficiencies. Table 2: Comparison of the Severity of Security Deficiencies and Corrective Action Taken at One Secretarial Action Airport and One Non- Secretarial Action Airport: ICAO standard not met by the airport; Secretarial action airport: 4.7.1--Each Contracting State shall ensure that security restricted areas are established at each airport serving international civil aviation and that procedures and identification systems are implemented in respect of persons and vehicles. Severity of the deficiency; Secretarial action airport: * Security guards failed to check identification (ID) badges properly for pedestrians and vehicles entering restricted areas; * Guards allowed 54 vehicles to enter a restricted area requiring vehicles operators to only show a letter identifying them as a very important person (VIP); * Guards were not conducting walking or mobile patrols of areas around or in the airport; * Guards did not prevent persons without proper identification from entering restricted areas; * The airport did not have a program in place to audit the identification system; Non-Secretarial action airport: * Vehicles that did not have proper permits were parked in a restricted area; * A door that leads from the ticket counter to the airside was left open and unattended. Immediate corrective action taken by the airport to address the deficiency; Secretarial action airport: * No immediate action was taken to address the deficiency; Non-Secretarial action airport: * The airport director immediately removed the vehicles from the restricted area and informed vehicle operators that they would not be allowed to park in the restricted area until they obtained an authorized vehicle permit. ICAO standard not met by the airport; Secretarial action airport: 4.3.1--Each Contracting State shall establish measures to ensure that originating passengers and their cabin baggage are screened prior to boarding an aircraft engaged in international civil aviation operations. Severity of the deficiency; Secretarial action airport: * Screeners allowed individuals who set off walk-through metal detector alarms to pass through the screening checkpoint without determining the cause for the alarms; * Screeners were not using the hand-held metal detector correctly; * Screeners were conducting full-body pat-down searches incorrectly; * X-ray screeners were inattentive and did not routinely identify carry- on bags for further inspection; Non-Secretarial action airport: * Screeners allowed individuals who set off walk-through metal detector alarms to pass through the screening checkpoint without determining the cause for the alarms; * Screeners were not using the hand-held metal detector correctly; * Screeners did not physically inspect all cell phones; * Screeners did not rotate positions at the checkpoint; * The airport did not sufficiently staff the security checkpoint. Immediate corrective action taken by the airport to address the deficiency; Secretarial action airport: * Even after TSA inspectors demonstrated how to properly screen passengers and resolve metal detector alarms, screeners were still not able to screen passengers and carry-on items correctly; Non-Secretarial action airport: * After TSA inspectors demonstrated how to properly resolve metal detector alarms, prior to the completion of the assessment, the inspectors observed that screeners were screening passengers and their carry-on items correctly. Source: GAO analysis of TSA foreign airport assessment results. [End of table] According to TSA, secretarial actions are lifted when the Secretary, in part based on TSA's assessment of the airport, determines that the airport is carrying out and maintaining effective security measures. TSA lifted the secretarial action at Port-au-Prince airport in Haiti in July 2006, 19 months after the public notification was issued. During this 19-month period, TSA assisted Haitian officials in developing a national civil aviation security plan and provided training on how to properly screen passengers and their carry-on baggage. According to the former Deputy Director of TSA's Compliance Division, although TSA determined earlier during 2006 that all of the security deficiencies at the airport had been addressed by Haitian officials, based on specific intelligence information regarding threats to the airport in Haiti, the Secretary delayed lifting the secretarial action until July 2006. As of February 2007, the public notification for the airport in Bali was still in place. TSA officials stated that they are in frequent contact with Indonesian officials to discuss Indonesia's progress in addressing security deficiencies at the airport. TSA officials also stated that they are awaiting Indonesian officials' request for TSA to conduct an airport assessment to determine whether the security deficiencies at the airport in Bali have been addressed. More than Two-Thirds of Fiscal Year 2005 Air Carrier Inspections Identified Compliance with All TSA Security Requirements, while the Remaining Inspections Identified Some Security Deficiencies: In addition to assessing the security measures implemented by the airport authority at foreign airports, TSA also inspected the security measures put in place by air carriers at foreign airports. According to air carrier inspection data maintained by TSA, during fiscal year 2005, of the 529 inspections of air carriers operating out of foreign airports, there were 373 inspections (about 71 percent) for which the air carrier complied with all TSA security requirements, and 156 inspections (about 29 percent) for which the air carrier did not comply with at least one TSA security requirement.[Footnote 40] For these 156 inspections, the average number of TSA requirements not met was about 3, and the number of TSA requirements not met by an individual inspected air carrier ranged from 1 to 18. The total number of security requirements against which air carriers were inspected generally ranged from about 20 to 80, depending on the location of the foreign airport in which the air carrier operated, the extent of a carrier's operation at the airport, and whether the carrier was a U.S.-based or foreign- based carrier.[Footnote 41] During fiscal year 2005 air carrier inspections, TSA identified security deficiencies in several areas, including aircraft security and passenger and checked baggage screening.[Footnote 42] Because TSA has authority to regulate air carriers that provide service to the United States from foreign airports, TSA inspected air carriers against specific security requirements established by TSA and included in the air carriers' TSA-approved security programs. TSA officials told us that they view operational security requirements for air carriers as critical--as opposed to documentary requirements associated with the air carrier's approved security program--because these requirements are designed to prevent terrorists from carrying weapons, explosives, or other dangerous items onto aircraft. TSA Took Enforcement Action against Some Air Carriers with Security Deficiencies That Could Not Be Addressed Immediately: When TSA inspectors identify deficiencies that cannot be corrected or addressed immediately, the inspectors are to recommend enforcement action. Based on data provided by TSA, TSA inspectors identified 419 violations (security deficiencies) as a result of the 156 air carrier inspections conducted during fiscal year 2005 where TSA identified at least one security deficiency. Data from TSA showed that 259 violations (about 62 percent) were corrected or addressed immediately. TSA inspectors submitted 76 violations (about 18 percent) for investigation because the violations were considered serious enough to warrant an enforcement action.[Footnote 43] TSA can impose three types of enforcement action on air carriers that violate security requirements- -a warning letter, a letter of correction, or a monetary civil penalty. Based on information included in TSA's investigation module within PARIS, for the 47 investigations we could link to fiscal year 2005 inspections,[Footnote 44] warning letters were issued in 26 cases, and letters of correction were issued in 14 cases. Fines ranging from $18,000 to $25,000 were recommended in the 7 cases where inspectors recommended civil penalties be imposed. Of those, fines ranging from $4,000 to $15,000 were ultimately levied in 3 cases, in 1 case a warning notice was issued instead of a civil penalty, and in 2 cases no action was taken.[Footnote 45] As of December 2006, 1 case remained unresolved. TSA Officials Cite Difficulties in Drawing Conclusions about Foreign Airport Assessment and Air Carrier Inspection Results: TSA officials stated that it is difficult to draw conclusions about the cumulative foreign airport assessment and air carrier inspection results--such as whether the results are generally positive or negative--because the primary concern is not whether security deficiencies are identified. Instead, TSA officials are more concerned about whether foreign countries have the capability and willingness to address security deficiencies. According to TSA, some foreign countries do not have the aviation security expertise or financial resources to adequately address security deficiencies. TSA officials also stated that some foreign countries do not regard aviation security as a high priority, and therefore do not intend to correct security deficiencies identified during TSA assessments. Further, TSA officials stated that foreign officials' capability and willingness also influence the extent to which air carriers comply with security requirements. Although TSA has not conducted its own analysis of foreign airport assessment and air carrier inspection results, TSA officials stated that our analysis of the results was consistent with their assumptions regarding the most prominent security deficiencies identified at foreign airports and among air carriers. Additionally, TSA officials stated that the cumulative foreign airport assessment and air carrier inspection results may be helpful in identifying the aviation security training needs of foreign aviation security officials. TSA does not have an internally funded program in place that is specifically intended to provide aviation security training and technical assistance to foreign aviation security officials. However, TSA officials stated that they coordinate with other federal agencies, such as the Department of State and the U.S. Trade and Development Agency, to identify global and regional training needs and provide instructors for the aviation security training courses these federal agencies offer to foreign officials. (See app. IV for a description of the aviation security training and technical assistance programs offered by U.S. government agencies.) While TSA does not always determine which foreign countries would receive aviation security training and technical assistance offered by other federal agencies, TSA officials stated that they could use the cumulative results of TSA's foreign airport assessments to refer foreign officials to these assistance programs. TSA Assisted Foreign Officials and Air Carrier Representatives in Addressing Security Deficiencies, but Can Strengthen Oversight of the Foreign Airport Assessment and Air Carrier Inspection Programs: TSA used various methods to help foreign officials and air carrier representatives address security deficiencies identified during TSA assessments and inspections. However, opportunities remain for TSA to enhance oversight of its foreign airport assessment and air carrier inspection programs. To help foreign airport officials and host government officials address security deficiencies identified during foreign airport assessments, TSA inspectors provided on-site consultation to help address security deficiencies in the short term, made recommendations for addressing security deficiencies over the long term, and recommended aviation security training and technical assistance opportunities for foreign officials to help them meet ICAO standards. During fiscal year 2005, TSA resolved 259 of the 419 security deficiencies identified during TSA inspections through on-site consultation. Additionally, TSA assigned all U.S. air carriers and foreign air carriers to a principal security inspector and international principal security inspector, respectively, to provide counseling or clarification regarding TSA security requirements. Although TSA has assisted foreign airport officials and air carrier representatives in addressing security deficiencies, TSA did not track the status of scheduled airport assessments and air carrier inspections, document foreign governments' progress in addressing security deficiencies at foreign airports, track enforcement actions taken in response to air carrier violations, and measure the impact of the foreign airport assessment and air carrier inspection programs on security. Such information would have provided TSA better assurance that the foreign airport assessment and air carrier inspection programs are operating as intended. TSA Assisted Foreign Officials in Addressing Security Deficiencies at Foreign Airports in Various Ways, and Foreign Officials Generally Viewed TSA's Assistance as Beneficial: TSA officials stated that while the primary mission of the foreign airport assessment program is to ensure the security of U.S.-bound flights by assessing whether foreign airports are complying with ICAO standards, a secondary mission of the program is to assist foreign officials in addressing security deficiencies that TSA identified during its foreign airport assessments. As part of the foreign airport assessment program, TSA officials assisted foreign authorities in addressing security deficiencies in various ways, including: * providing on-site consultation to help airport officials or the host government immediately address security deficiencies, * making recommendations to airport officials or the host government for corrective action intended to help sustain security improvements, and: * helping to secure aviation security training and technical assistance for foreign governments. On-Site Consultation and Recommendations for Corrective Action: Based on our review of TSA foreign airport assessment reports, during fiscal year 2005, TSA provided on-site consultation to help foreign officials immediately address security deficiencies that were identified during airport assessments and made recommendations to help foreign officials sustain security improvements in the longer term. One type of security deficiency identified during TSA's fiscal year 2005 foreign airport assessments involved a particular passenger checkpoint screening function.[Footnote 46] As a short-term solution to this security deficiency, on at least two occasions, TSA inspectors provided on-site training to instruct screeners on proper passenger screening techniques. As a longer-term solution, the assessment reports identify that in some cases, TSA inspectors recommended that the airport conduct remedial training for screeners and routinely test screeners who work at the passenger checkpoint to determine if they are screening passengers correctly. Another security deficiency identified at foreign airports during fiscal year 2005 related to the security of airport perimeters.[Footnote 47] After identifying this deficiency, inspectors consulted with foreign airport officials who, in a few cases, took immediate action to address the deficiency. According to the assessment reports, in some cases, TSA inspectors recommended measures that would help the airport sustain perimeter security in the longer term. In cases when a short-term solution may not be feasible, TSA inspectors may have only recommended longer-term corrective action. For example, in some cases, TSA inspectors recommended that foreign airport officials embark upon a longer-term construction project to address a particular type of security deficiency.[Footnote 48] Aviation Security Training and Technical Assistance: During fiscal year 2005, TSA also assisted foreign governments in securing training and technical assistance provided by TSA and other U.S. government agencies to help improve security at foreign airports, particularly at airports in developing countries. For example, four of the seven TSA Representatives--TSARs---with whom we met said that they had assisted foreign governments in obtaining training either through the State Department's Anti-Terrorism Assistance Program or through the U.S. Trade and Development Agency's aviation security assistance programs. The goals of the Anti-Terrorism Assistance Program are to (1) build the capacity of foreign countries to fight terrorism; (2) establish security relationships between U.S. and foreign officials to strengthen cooperative anti-terrorism efforts; and (3) share modern, humane, and effective anti-terrorism techniques. The State Department addresses the capacity-building goal of the Anti-Terrorism Assistance Program by offering a selection of 25 training courses to foreign officials, 1 of which focuses on airport security. The State Department provided the airport security course, which is taught by TSA instructors, to seven foreign countries during fiscal year 2005-- Bahamas, Barbados, Dominican Republic, Kazakhstan, Philippines, Qatar, and United Arab Emirates. The U.S. Trade and Development Agency also provides aviation security training and technical assistance to help achieve its goal of facilitating economic growth and trade in developing countries. During fiscal year 2005, the U.S. Trade and Development Agency provided aviation security training for government officials in Haiti, Malaysia, and sub-Saharan Africa. During the same year, the agency held regional workshops for various countries worldwide on developing quality control programs. Government officials from two of the five countries we visited identified the importance of obtaining quality control training, particularly given that they have not yet established their own quality control function. Appendix IV includes a detailed description of aviation security training and technical assistance provided to foreign officials by the State Department and the U.S. Trade and Development Agency, as well as other U.S. government agencies. Foreign Officials We Contacted Generally Viewed TSA's Assistance as Beneficial: Government and airport officials from five of the seven foreign countries we visited and officials from 5 of the 16 foreign embassies we visited stated that TSA's airport assessments and the resulting assistance provided by TSA have helped strengthen airport security in their countries. For example, officials from one country said that TSA assessments enabled them to identify and address security deficiencies. Specifically, officials stated that the government could not independently identify security deficiencies because it did not have its own airport assessment program--a condition that TSA officials told us exists in many countries. Airport officials in another country stated that TSA's airport assessments and on-site assistance led to immediate improvements in the way in which passengers were screened at their airport, particularly with regard to the pat-down search procedure. Embassy officials representing another country also stated that TSA's assessments reinforce the results of other assessments of their airports. In addition, these officials stated that they appreciated the good rapport and cooperative relationships they have with TSA inspection officials. Airport officials in another country we visited stated that TSA assisted them in developing their aviation security management program, and that the results of TSA's assessments provided them with examples of where they need to concentrate more efforts on meeting ICAO standards. Government officials in this same country said that the TSAR has helped them to comply with ICAO standards related to the contents of a member state's national aviation security program. At the recommendation of the TSAR, these officials also planned to participate in an aviation security workshop provided by the Organization of American States,[Footnote 49] which they also felt would be beneficial in helping the government formulate its national aviation security programs and associated security regulations. TSA Provided Assistance to Air Carriers That Did Not Comply with Applicable Security Requirements: In addition to assisting foreign officials in addressing security deficiencies identified during airport assessments, TSA also assisted air carrier representatives in addressing security deficiencies that were identified during air carrier inspections. Of the 419 instances in which TSA inspectors identified noncompliance with TSA security requirements during fiscal year 2005, TSA data show 259 were resolved through counseling--that is, the security deficiencies were resolved as a result of on-site assistance or consultation provided by TSA. For example, during one inspection, TSA observed that the security contractor employed by the air carrier was not properly searching the aircraft cabin for suspicious, dangerous, or deadly items prior to boarding. TSA instructed the contractor to fully inspect those locations that were not searched properly, and obtained assurance that the air carrier would provide information to the contractors to ensure proper searches were conducted. In another instance, inspectors identified a security deficiency related to catering carts. The inspectors notified appropriate catering facility officials, who stated that the security deficiency was highly unusual and that it would not happen again. The inspectors also informed the air carrier of the finding and recommended that during the carrier's internal audits, they ensure that catering carts are properly secured. In addition to counseling provided by inspectors when deficiencies are identified, TSA assigns each air carrier to either a PSI, for U.S.- based air carriers, or an IPSI, for foreign air carriers with service to the United States, to assist air carriers in complying with TSA security requirements. Although PSIs and IPSIs do not participate in air carrier inspections, they do receive the inspection results for the air carriers that they work with. According to the three PSIs and four IPSIs with whom we met, PSIs and IPSIs provide counsel to the air carriers and provide clarification when necessary on TSA security requirements. For example, they provide air carriers with clarification on the requirements contained in security directives and emergency amendments issued by TSA. Several of the foreign air carriers we met with told us that the IPSIs are generally responsive to their requests. In other instances, when an air carrier cannot comply with a TSA security requirement--such as when complying with a TSA security requirement would cause the air carrier to violate a host government security requirement--the air carrier will work with the IPSI or PSI to develop alternative security procedures that are intended to provide a level of security equivalent to the level of security provided by TSA's requirements, according to the PSIs and IPSIs with whom we met. These alternative procedures are reviewed by the PSI or IPSI and then approved by TSA headquarters officials.[Footnote 50] Opportunities Exist for TSA to Strengthen Oversight of the Foreign Airport Assessment and Air Carrier Inspection Programs: TSA has several controls in place to ensure that the agency is implementing the foreign airport assessment and air carrier inspection programs as intended. However, there are opportunities for TSA to improve its oversight of these programs to help ensure that the status and disposition of scheduled foreign airports assessments and air carrier inspections is documented and to assess the impact of the assessment and inspection programs. Regarding the foreign airport assessment program, TSA required inspectors and TSARs to follow standard operating procedures when scheduling and conducting foreign airport assessments. These procedures outline the process for coordinating with host government officials to schedule assessments, conduct foreign airport assessments, and report the results of the assessments. TSA also provided inspectors with a job aide to help them ensure that all relevant ICAO standards are addressed during an assessment. The job aide prompts inspectors as to what specific information they should obtain to help determine whether the foreign airport is meeting ICAO standards. For example, in assessing measures related to passenger-screening checkpoints, the job aide prompts the inspector to describe the means by which the airport ensures there is no mixing or contact between screened and unscreened passengers. In addition to the standard operating procedures and the job aide, TSA requires inspectors to use a standard format for reporting the results of foreign airport assessments and has implemented a multilayered review process to help ensure that airport assessment reports are complete and accurate. With regard to the air carrier inspection program, TSA uses the automated Performance and Results Information System to compile inspection results. PARIS contains results of air carrier inspections conducted by TSA at airports in the United States as well as inspections conducted at foreign airports. For air carrier inspections conducted at foreign airports, a series of prompts guides inspectors regarding what security standards U.S. carriers and foreign carriers operating overseas must meet. PARIS also includes a review process whereby completed inspection results can be reviewed by a supervisory inspector before being approved for release into the database. While TSA has controls such as these in place for the foreign airport assessment and air carrier inspection programs to ensure consistent implementation and documentation, we identified four additional controls that would strengthen TSA's oversight of the foreign airport assessment and air carrier inspection programs: * tracking the status of scheduled airport assessments and air carrier inspections, * documenting foreign governments' progress in addressing security deficiencies, * tracking air carrier violations, and: * measuring the impact of the foreign airport assessment and air carrier inspection programs. Additional Controls Are Needed to Track the Status of Scheduled Airport Assessments and Air Carrier Inspections: TSA has established some controls for tracking the status of scheduled airport assessments and air carrier inspections, but additional controls are needed. TSA provided us with a list of foreign airport assessments that were scheduled to take place during fiscal year 2005 and identified which of the assessments were actually conducted and which assessments were deferred or canceled. We compared the list of scheduled assessments provided by TSA to the fiscal year 2005 airport assessment reports we reviewed and identified several discrepancies. Specifically, there were 10 airport assessments that TSA identified as having been conducted, but when we asked TSA officials to provide the reports for these assessments, they could not, and later categorized these assessments as deferred or canceled. Conversely, there was 1 airport assessment that TSA identified as having been deferred, but according to the assessment reports we reviewed, this assessment was actually conducted during fiscal year 2005. There were also five foreign airports for which TSA provided us with the fiscal year 2005 assessment report, but were not included on TSA's list of assessments scheduled for fiscal year 2005. Further, there were three foreign airports listed under one IFO as having been deferred, whereas these same airports were listed under another IFO as having been canceled during fiscal year 2005.[Footnote 51] TSA also did not maintain accurate information on the status of air carrier inspections scheduled for fiscal year 2005. TSA provided us with a list of all air carrier inspections conducted during fiscal year 2005. We compared the list to the results contained in the PARIS database and found numerous inconsistencies. Specifically, we identified 46 air carrier inspections at 18 airports that were not included on TSA's list, but were included in PARIS as having been conducted during fiscal year 2005. Federal standards for internal controls and associated guidance suggest that agencies should document key decisions in a way that is complete and accurate, and that allows decisions to be traced from initiation, through processing, to after completion. TSA officials acknowledged that they have not always maintained accurate and complete data on the status of scheduled foreign airport assessments and air carrier assessments, in part due to the lack of a central repository in which to maintain assessment information and the lack of standardization in the way in which each IFO manager maintains assessment information. Additionally, IFOs had not always documented the reasons why assessments and inspections were deferred or canceled. TSA officials stated that in August 2006 they began standardizing and refining the existing databases used by IFO staff for tracking the status of foreign airport assessments and air carrier inspections by including data elements such as the dates of previous and planned assessments. TSA officials also stated that IFO staff are now encouraged to identify the reasons why assessments and inspections were deferred or canceled in the comment section of the database. While TSA has made some improvements to the way in which it tracks the status of scheduled foreign airport assessments and air carrier inspections, there are opportunities for additional refinements to TSA's tracking system. For example, according to our review of TSA's fiscal year 2007 foreign airport assessment and air carrier inspection schedules, TSA did not provide an explanation for why 13 of 34 foreign airport visits--that is, either assessments or inspections--had not been conducted according to schedule. TSA officials acknowledged that their assessment and inspection tracking system is a work in progress and that they need to make additional decisions regarding the tracking system, such as which data elements to include. Without adequate controls in place for tracking which scheduled assessments and inspections were actually conducted and which were deferred or canceled, it may be difficult for TSA to ensure that all scheduled airport assessments and air carrier inspections are actually conducted. TSA Did Not Consistently Document Foreign Governments' Progress in Addressing Security Deficiencies: TSARs--the primary liaisons between the U.S. government and foreign governments on transportation security issues--are responsible for following up on progress made by foreign officials in addressing security deficiencies identified during TSA assessments. Although the TSARs we interviewed stated that they conducted such follow-up, the TSARs did not consistently document the progress foreign governments had made in addressing airport security deficiencies. We found 199 instances in the 128 fiscal year 2005 foreign airport assessment reports we reviewed where it was written that the TSAR would follow up or was recommended to follow up on the progress made by foreign officials in addressing security deficiencies identified during airport assessments. However, TSA may not be able to determine whether TSARs had actually followed up on these security deficiencies because TSARs did not consistently document their follow-up activities. We interviewed 8 of the 20 TSARs stationed at embassies throughout the world and one Senior Advisor and DHS attaché. Six of those TSARs stated that they followed up on outstanding security deficiencies in various ways,[Footnote 52] depending on the severity of the deficiency and the confidence that the TSAR had in the host government's ability to correct the deficiency. For example, one TSAR told us that for less critical security deficiencies, she may inquire about the foreign government's status in addressing the deficiency via electronic mail or telephone call. On the other hand, for a critical deficiency, the TSAR said she may follow up in person on the host government's progress in addressing the deficiency. However, another TSAR stated that she only follows up on the foreign government's progress in addressing national program issues. She stated that she does not follow up on operational security deficiencies--such as screening of passengers and checked baggage--because she believes this is the responsibility of the TSA inspection staff. While 4 of the 8 TSARs we interviewed told us that they were able to follow up on the status of most or all security deficiencies within their area of responsibility, not all of these TSARs reported the results of their follow-up to TSA inspection staff, in part because they were not required to do so. In addition, TSARs stated that when they did document the results of their follow-up, it was not done consistently. For example, follow-up results were sometimes documented in weekly trip reports (generally electronic mail messages) TSARs send to their immediate supervisor in TSA headquarters or in action plans.[Footnote 53] In addition, these weekly reports did not always contain information from the TSARs' follow-up activities with host government or airport officials. Federal standards for internal controls and associated guidance suggest that agencies should document key activities in such a way that maintains the relevance, value, and usefulness of these activities to management in controlling operations and making decisions. TSA headquarters officials acknowledged that it is important to consistently document foreign governments' status in addressing security deficiencies identified during TSA assessments, because this information could be helpful to TSA inspection staff when determining where to focus their attention during future assessments. Additionally, documenting foreign governments' progress toward addressing deficiencies would enable TSA to have current information on the security status of foreign airports that service the United States. TSA established a working group in September 2006 to explore how the results of TSAR follow-up should be documented and used by TSA inspection staff. Because of the logistical challenges of coordination among working group members who are located around the world, TSA has not set a time frame for when the working group is expected to complete its efforts. TSA Did Not Adequately Maintain Information to Link Enforcement Actions with Specific Air Carrier Security Violations: TSA does not maintain air carrier inspection data in a way that would enable the agency to determine what enforcement actions were taken in response to identified security violations and thus could not readily determine whether appropriate penalties, if any, were given to air carriers that violated security requirements. We found two factors that contributed to this situation. First, information on violations and findings was not consistently recorded, and second, TSA does not link enforcement actions to inspection findings. For example, when an inspector identifies a violation during an inspection, that information is recorded in the inspections database in PARIS and a record is to be opened in the findings database.[Footnote 54] The findings database record includes information related to the violation, including whether the violation was closed with counseling or an investigation was opened. However, we found that information is not maintained in a way that enables TSA to readily determine the enforcement action that was taken in response to a particular violation. For example, the findings database did not include information on the action taken by TSA inspectors for all security violations that were identified in the inspections database. Specifically, the inspections database indicated that during fiscal year 2005, 419 air carrier violations were identified during 156 inspections. However, the findings database only identified the actions taken by TSA inspectors for 335 violations. On further analysis we found that of the 156 inspections where violations were identified, the number of violations for 79 (51 percent) of those inspections were not properly recorded in the findings database. We determined that for 66 inspections, the number of violations identified in the findings database was less than the number of violations identified in the inspections database. Therefore, there is no record of what action was taken, if any, by TSA inspectors to address the additional violations identified during these inspections. We also determined that for 13 inspections, the number of violations identified in the findings database was greater than the number of violations identified in the inspections database. Another reason TSA could not readily identify what enforcement actions were taken in response to specific security violations was that TSA often issued one enforcement action for multiple security violations, where inspectors were not required to identify each individual violation that was addressed by a particular enforcement action. Without being able to readily identify what enforcement action was taken in response to specific security violations, TSA has limited assurance that the inspected air carriers received appropriate penalties, if deemed necessary, and that identified security violations were resolved. TSA officials told us that they are currently developing updates to PARIS that will automatically open a finding each time a violation is recorded in the inspection database. By doing so, this will require a link between a violation and the planned course of action to resolve the violation. However, TSA has not established a time frame for when these updates will be implemented. TSA Did Not Have Outcome-Based Performance Measures to Assess the Impact of the Foreign Airport Assessment and Air Carrier Inspection Programs: TSA is taking steps to assess whether the goals of the foreign airport assessment and air carrier inspection programs are being met, but identified several concerns about doing so. As previously discussed, the goal of the foreign airport assessment and air carrier inspection programs are to ensure the security of U.S.-bound flights by evaluating the extent to which foreign governments and air carriers are complying with applicable security requirements. The Government Performance and Results Act of 1993 requires executive branch departments to use performance measures to assess progress toward meeting program goals and to help decision makers assess program accomplishments and improve program performance. Performance measures can be categorized either as outcome measures, which describe the intended result of carrying out a program or activity, or as output measures, which describe the level of activity that will be provided over a period of time, or as efficiency measures, which show the relationship between outcome or output of a program and the resources used to implement program activities--inputs. TSA developed the following output and efficiency measures to evaluate its international aviation regulatory and enforcement efforts, which include foreign airport assessments and air carrier inspections: * percentage of countries with last-point-of-departure service to the United States that are provided aviation security assistance at the national or airport level, * percentage of countries that do not have last-point-of-departure service to the United States that are provided aviation security assistance at the national or airport level, and: * average number of international inspections conducted annually per inspector. While output measures are useful in determining the number of foreign countries for which TSA has provided aviation security assistance and the rate at which such assistance is being provided, outcome-based measures would be particularly useful because they could be used to determine the extent to which TSA has helped to improve security at foreign airports that service the United States. However, TSA officials identified several challenges in developing outcome measures, particularly measures for the foreign airport assessment program. TSA officials said that it is difficult to develop meaningful outcome measures because TSA does not have control over whether foreign authorities implement and meet ICAO standards. Additionally, TSA officials stated that if the agency develops outcome measures for the foreign airport assessment program, it would suggest that TSA has control over whether foreign airports meet ICAO standards, which these officials believe may give the appearance that TSA does not respect the sovereignty of the countries it assesses. TSA officials further stated that if foreign officials perceive that TSA has no regard for their country's sovereignty, foreign officials may prohibit TSA from conducting assessments in their countries. We recognize that whether or not foreign governments meet ICAO standards is not within TSA's control and that foreign officials' concerns about sovereignty are important. However, TSA officials have acknowledged that the assistance the agency provides and, in rare cases, secretarial actions contribute to whether foreign governments meet ICAO standards. Also, there is precedent within the federal government for developing outcome-oriented performance measures to evaluate efforts that are not within an agency's control but can be influenced by the agency. For example, the State Department developed performance measures and targets for its Anti-Terrorism Assistance Program to evaluate the agency's impact on helping foreign countries improve their anti-terrorism capabilities. Specifically, during fiscal year 2006, the State Department set a performance target that two of the six countries that received assistance through the Anti-Terrorism Assistance Program would achieve a capability to effectively deter, detect, and counter terrorist organizations and threats and sustain those capabilities. Another performance target for the program that is beyond the State Department's control is for all 191 United Nations member states to implement a particular United Nations resolution that requires all states to take sweeping measures to combat terrorism. TSA headquarters officials, including the Director of Compliance and Area Directors, who oversee implementation of the foreign airport assessment program, questioned whether it would be appropriate to measure improvements made by foreign countries as a result of the assessment program. They stated that the primary purpose of the foreign airport assessment program is not to help foreign officials improve security at their airports; rather, the primary purpose of the foreign airport assessment program is to identify--not correct--security deficiencies at foreign airports and inform the Secretary of Homeland Security of such deficiencies. These officials also stated that the agency's efforts to assist foreign officials in addressing security deficiencies are voluntary and, therefore, do not warrant performance measurement. Although TSA may not be required to assist foreign officials in addressing security deficiencies identified during foreign airport assessments, TSA is in fact using its inspector and TSAR resources to this end. Consistent with the Government Performance and Results Act of 1993, developing performance measures and associated targets, such as the percentage of security deficiencies that were addressed as a result of TSA on-site assistance and TSA recommendations for corrective action, would enable TSA to evaluate the impact of its assistance on improving security at foreign airports and be held more accountable for the way in which it uses its resources. TSA could also evaluate the impact that secretarial actions have on helping foreign airports address security deficiencies in order to meet ICAO standards. Another challenge faced by TSA officials in developing outcome-based measures for the foreign airport assessment program is the lack of an automated system to collect and compile assessment results. TSA officials stated that in the absence of an automated system to input data and information obtained from airport assessments, they do not have enough resources to manually compile and analyze airport assessment data that could be used to feed into outcome measures. Currently, TSA headquarters maintains airport assessment reports either electronically or in hard copy, which makes it difficult to conduct systematic analysis of assessment results across foreign airports and over time to evaluate the impact TSA's airport assessment program has had on helping foreign countries meet ICAO standards. TSA officials told us that $1 million was budgeted to develop a secured, automated database--the Foreign Airport Assessment Reporting System--to track airport assessment results. However, TSA officials stated that the development of the Foreign Airport Assessment Reporting System has been slow due to challenges TSA has experienced in linking the existing electronic systems in which previous airport assessment reports are stored with the new database. However, upon completion of the Foreign Airport Assessment Reporting System, which is scheduled for fiscal year 2008, TSA expects that the database will enhance standardization of assessment reports as well as accessibility to the results of previous foreign airport assessments. TSA also expects that the Foreign Airport Assessment Reporting System will enable TSA to conduct analysis of foreign airport assessment results. As with the foreign airport assessment program, TSA has also not developed outcome-based performance measures for its overseas air carrier inspection program. However, TSA officials have begun to collect and analyze data on air carrier inspections that could be used to measure the impact of TSA's inspection program on helping air carriers comply with TSA security requirements. During fiscal year 2006, TSA officials who manage PARIS began analyzing air carrier inspection results in an effort to assist the agency in evaluating the impact that enforcement actions--including on-site counseling, administrative actions, and civil penalties--have had on ensuring air carrier compliance with TSA security requirements. These officials plan to assess whether there is a relationship between the severity of civil penalties and the reoccurrence of security violations. The analysis that is being conducted by these officials is consistent with our reviews of agency compliance inspection programs, which have cited the need for evaluations of enforcement activities and the effectiveness of using sanctions such as civil penalties to increase compliance.[Footnote 55] However, while the TSA officials managing PARIS are conducting such analysis of performance information, officials who manage the air carrier inspection program did not intend to use the results of this analysis to develop performance measures or to influence program decisions. According to TSA officials, considering that overall compliance rates are very high among air carriers, and the number of enforcement actions taken by TSA is relatively low, there may not be enough data to conduct meaningful analysis of the impact of enforcement actions. In addition, TSA officials said that they were not convinced that air carrier compliance is influenced by enforcement actions, especially since air carriers are known to intentionally set aside funds when developing their annual budgets in anticipation that they will be fined for some type of security violation during the year. One TSA official stated that air carrier compliance with TSA security requirements is not always within the air carrier's control and is largely influenced by the security measures in place at the airport, as well as restrictions placed on air carriers by host government laws and regulations. When analyzing the fiscal year 2005 air carrier inspection results, we identified only one instance where noncompliance due to a conflict between TSA requirements and host government law resulted in an inspector requesting that enforcement action be taken against the air carrier.[Footnote 56] However, TSA chose not to take enforcement action against the air carrier and instead decided to work with the host government to resolve the conflict. Despite the concerns raised by TSA officials, using the analysis of air carrier inspection results to develop performance measures, TSA managers may not be able to identify which approaches for improving air carrier compliance are working well and which approaches could be improved upon. TSA Is Taking Action to Address Some Challenges That Have Limited Its Ability to Conduct Foreign Airport Assessments and Air Carrier Inspections: TSA is taking action to address challenges--particularly the lack of available inspectors and various host government concerns--that have limited its ability to conduct foreign airport assessments and air carrier inspections according to schedule. TSA has developed a risk- based approach to scheduling foreign airport assessments, and is in the process of developing a risk-based approach for scheduling air carrier inspections, to enhance the agency's ability to focus its limited inspector resources on higher-risk airports. The risk-based scheduling approach is also expected to reduce the number of visits TSA conducts at low-risk foreign airports, which may help address some host governments' concerns regarding the resource burden that results from frequent airport assessments by TSA and others. Harmonization--that is, mutual recognition and acceptance--of TSA, host government, and third party (e.g., European Commission) aviation security standards and assessment and inspection processes may also help TSA address host government concerns regarding resource burden. Specifically, when the opportunity is available, TSA is considering conducting joint assessments with some host governments or third parties, such as the European Commission, which would reduce the number of airport visits experienced by some countries. In addition to addressing concerns regarding the resource burden placed on host governments as a result of frequent airport visits, TSA has taken steps to address some country- specific challenges that have limited TSA's ability to conduct foreign airport visits. TSA Has Taken Steps to Enhance its Ability to Conduct Foreign Airport Assessments and Air Carrier Inspections on Schedule, but Staffing Challenges Remain: Various challenges have affected TSA's ability to maintain its schedule of conducting foreign airport assessments and air carrier inspections. The ability to conduct these assessments and inspections as scheduled is important, according to TSA officials, because foreign airport and air carrier compliance with applicable security requirements may deteriorate significantly between assessments. As time between visits increases, the likelihood may also increase that security deficiencies at foreign airports and among air carriers may arise and go undetected and unaddressed. TSA officials also stated that conducting assessments and inspections on a consistent basis helps to ensure that foreign countries continue to comply with ICAO standards and are operating with effective security measures. TSA data show that the agency deferred 90 of the 303 (about 30 percent) foreign airport visits that were scheduled for fiscal year 2005, which include both foreign airport assessments and air carrier inspections.[Footnote 57] According to TSA, these deferments resulted primarily from a lack of available inspectors to conduct the assessments and inspections. Our analysis identified that the reported shortage of available inspectors reflected the fact that (1) the inspector staff available to conduct the assessments and inspections was less than the number authorized at each of TSA's five IFOs at some point during fiscal year 2005 and (2) TSA scheduled more foreign airport visits during the fiscal year than available inspectors could complete. TSA officials cited several reasons why the IFOs operated in fiscal year 2005 with fewer inspectors than had been budgeted. First, TSA officials stated that due to State Department limitations on the number of inspectors that can be staffed at IFOs overseas, TSA did not have the budgeted number of inspectors on board to complete assessments and inspections scheduled for fiscal year 2005.[Footnote 58] Second, TSA officials stated that significant turnover among international inspectors and the subsequent lengthy process for filling vacant inspector positions also contributed to the lack of available inspectors. TSA officials attributed the turnover of international inspectors to various factors, including TSA's policy that limits the term of international inspectors at overseas IFOs to 4 years, the lack of opportunities for career advancement when stationed at an IFO, and unique difficulties inspectors experience when living and working overseas, such as disruptions to family life. As of January 2007, TSA officials did not have any specific efforts under way to help reduce turnover of international inspectors. Further, TSA officials stated that it takes an average of about 6 months to fill a vacant inspector position, due to the lengthy process for vetting newly hired inspectors. Specifically, once hired, international inspectors must be processed through the State Department, which entails applying for and receiving medical clearances, security clearances, a diplomatic passport, and visas. TSA officials stated that expediting the process of filling vacant positions is largely outside of TSA's control. However, TSA assigned a headquarters official to oversee this process to identify opportunities for accelerating it. Table 3 shows the number of inspectors budgeted for and available at the IFOs each month during fiscal year 2005. Table 3: Budgeted and Available International Inspectors by IFO, by Month for Fiscal Year 2005: Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 5; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 10; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 4. Month: October; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 15; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 5; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: November; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: December; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: January; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: February; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: March; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: April; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 8; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: May; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 9; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: June; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 9; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 3. Month: July; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 2; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 10; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 2. Month: August; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 3; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 10; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 1. Month: September; Number of international inspectors: Brussels/Frankfurt: Budgeted staffing for fiscal year 2005: 16; Number of international inspectors: Dallas: Budgeted staffing for fiscal year 2005: 4; Number of international inspectors: Los Angeles: Budgeted staffing for fiscal year 2005: 3; Number of international inspectors: Miami: Budgeted staffing for fiscal year 2005: 10; Number of international inspectors: Singapore: Budgeted staffing for fiscal year 2005: 1. Source: GAO analysis of TSA data. Note: The bold numbers represent months when, according to TSA, IFOs operated below their budgeted number of inspectors. [End of table] Even if TSA had been operating at its budgeted inspector staffing level, the agency may still have deferred some of the foreign airport assessments and air carrier inspections scheduled for fiscal year 2005 because, according to TSA officials, internal policy required them to schedule more foreign airport visits than the budgeted number of inspectors could reasonably have conducted. According to TSA officials, this internal policy was developed by the Federal Aviation Administration, which was responsible for conducting foreign airport assessments and air carrier inspections prior to TSA. TSA officials also stated that the Federal Aviation Administration had more available inspectors to conduct assessments and inspections than TSA. TSA officials stated that each international inspector should reasonably be able to conduct between 8 and 12 foreign airport visits per year,[Footnote 59] depending on the amount of time inspectors remain on site to assist foreign officials and air carrier representatives in addressing security deficiencies that are identified during assessments and inspections. However, according to data provided by TSA, each of the 5 IFOs scheduled more than 12 foreign airport visits per inspector for fiscal year 2005. Table 4 shows the average number of foreign airport visits scheduled per international inspector for fiscal year 2005. Table 4: Budgeted Number of Inspectors, Total Scheduled Foreign Airport Visits, and Average Number of Scheduled Foreign Airport Visits per Inspector, by IFO, for Fiscal Year 2005: IFO: Brussels/ Frankfurt; Budgeted number of inspectors: 16; Total number of foreign airport visits scheduled: 110; Average number of foreign airport visits scheduled per inspector a: 13.8. IFO: Dallas; Budgeted number of inspectors: 5; Total number of foreign airport visits scheduled: 60; Average number of foreign airport visits scheduled per inspector a: 24.0. IFO: Los Angeles; Budgeted number of inspectors: 3; Total number of foreign airport visits scheduled: 19; Average number of foreign airport visits scheduled per inspector a: 12.7. IFO: Miami; Budgeted number of inspectors: 10; Total number of foreign airport visits scheduled: 84; Average number of foreign airport visits scheduled per inspector a: 16.8. IFO: Singapore; Budgeted number of inspectors: 3; Total number of foreign airport visits scheduled: 30; Average number of foreign airport visits scheduled per inspector a: 20.0. IFO: Total; Budgeted number of inspectors: 37; Total number of foreign airport visits scheduled: 303; Average number of foreign airport visits scheduled per inspector a: 16.4. Source: GAO analysis of TSA data. Note: TSA did not maintain accurate or complete data on the number of foreign airport assessments and air carrier inspections scheduled for a particular fiscal year. Therefore, our calculations may not include all of the assessments and inspections that were conducted, deferred, and canceled during fiscal year 2005. [A] The average number of foreign airport visits scheduled per inspector was calculated by multiplying the total number of foreign airport visits that were scheduled by 2 (assuming that 2 inspectors conduct each visit), then dividing that number by the total number of budgeted inspectors. [End of table] TSA officials acknowledged that for fiscal year 2005 they scheduled more foreign airport visits than the budgeted level of inspectors could have reasonably conducted. However, TSA has taken steps to compensate for the shortage of international inspectors by utilizing domestic inspectors to help complete the foreign airport assessments and air carrier inspections that were scheduled for fiscal year 2005. Specifically, domestic inspectors were used to assist with about 34 percent of foreign airport assessments and about 35 percent of air carrier inspections.[Footnote 60] However, despite the use of domestic inspectors, TSA still had to defer foreign airport assessments and air carrier inspections. TSA headquarters officials and IFO staff further stated that the heavy reliance on domestic inspectors to conduct foreign airport assessments and air carrier inspections is not desirable because domestic inspectors lack experience conducting assessments using ICAO standards or inspecting foreign operations of air carriers, as well as working in the international environment. Additionally, using domestic inspectors sometimes presents challenges in planning and coordinating foreign airport visits. Specifically, it can be difficult to obtain clearance from the State Department and host government to allow domestic inspectors to enter foreign countries because TSA may not always be able to provide sufficient notice that domestic inspectors will be participating in airport visits, particularly when the need for a domestic inspector is determined on short notice. Moreover, according to TSA officials, the availability of domestic inspectors may change unexpectedly when they are needed to remain in the United States. TSA officials also said that domestic inspectors may not be available for the entire 4-week period that it takes to prepare for, conduct, and write reports for foreign airport assessments and air carrier inspections. Last, TSA officials stated that compared to international inspectors, some domestic inspectors are not effective at taking notes while conducting observations at foreign airports, nor are some domestic inspectors effective at preparing foreign airport reports--specifically, their word choices for describing security conditions at airports are not always sensitive to the concerns of foreign officials. According to TSA officials, if foreign officials take offense at the way in which TSA portrays the security deficiencies at their airports, foreign officials may no longer allow TSA to conduct airport assessments in their countries. TSA officials stated that they enhanced the notetaking module for the training provided to personnel conducting assessments and inspections overseas. However, for the reasons discussed above, TSA international officials plan to lessen their reliance on domestic inspectors. Risk-Based Approach: A risk-based approach entails consideration of terrorist threats, vulnerability of potential terrorist targets to those threats, and the consequences of those threats being carried out when deciding how to allocate resources to defend against these threats. Risk-based, priority-driven decisions can help inform decision makers in allocating finite resources to the areas of greatest need. During October 2006, TSA began implementing a risk-based approach to scheduling foreign airport assessments in order to focus its limited inspector resources on higher-risk airports. Another potential benefit to TSA's new approach is that it may allow TSA to reduce its reliance on domestic inspectors. The objectives of TSA's risk-based scheduling approach are to (1) determine the appropriate frequency of foreign airport visits, and (2) identify the appropriate number of inspectors needed for each IFO based on the deployment availability of inspectors, the risk-based priority of each location, and the number of visits required each year. Under the risk-based approach, when fully implemented, foreign airports are categorized based on risk level, and depending on the category in which they are placed, are scheduled to be assessed once a year, once every 2 years, or once every 3 years. According to information provided by TSA, under this approach, the number of foreign airport assessments scheduled each year will decrease by about 38 percent (from 170 to 105 assessments).[Footnote 61] TSA officials stated that the reduction in the number of annual foreign airport assessments will help enable inspectors to complete foreign airport assessments according to schedule. Based on our analysis, TSA's risk-based approach for scheduling foreign airport assessments is consistent with generally accepted risk management principles. While it appears that this risk-based approach will reduce the number of foreign airport assessments international inspectors are expected to conduct in a year, it is too soon to determine the impact of this approach on TSA's ability to complete scheduled foreign airport visits- -including assessments and inspections--for two key reasons. First, TSA has not yet finalized its risk-based approach to scheduling air carrier inspections. In February 2007, TSA officials stated that the draft version of the risk-based approach to scheduling air carrier inspections was being vetted through the agency, but they do not expect the final version to be approved until spring 2007. TSA officials stated that in developing the risk-based approach for scheduling air carrier inspections, they determined that, unlike the situation with airports, using previous inspection results was not the best way to determine air carrier vulnerability. Rather, TSA officials expect to use foreign airport assessment results to determine the vulnerability of air carriers operating out of those airports, especially considering that the security status of foreign airports influences TSA's decision to impose additional security requirements on air carriers operating out of foreign airports. In addition, it is uncertain how TSA's upcoming audits of foreign repair stations will affect the workload of international inspectors. In December 2003, Congress passed the Vision 100--Century of Aviation Reauthorization Act (Vision 100), which mandated that TSA issue regulations to ensure the security of foreign and domestic repair stations and, in coordination with the Federal Aviation Administration (FAA), complete a security review and audit of foreign repair stations certified by FAA within 18 months of issuing the regulations.[Footnote 62] Currently, there are approximately 665 FAA-certified repair stations in foreign countries that TSA is required to audit.[Footnote 63] Of these, 93 are deemed substantial with regard to safety and security in that they perform work on the airframe, flight controls, or propulsion systems. In addition, another 38 are located in countries that, pursuant to Vision 100, TSA and FAA must give priority to because they have been identified as posing the most significant security risks. TSA plans to initiate security audits of the repair stations during fiscal year 2007. Specifically, TSA expects to conduct 127 audits of foreign repair stations during the initial year, focusing on those located in high-threat areas. According to TSA, the majority of repair stations deemed substantial (65 of 93)--are located on or near foreign airports already subject to assessment by TSA. TSA expects that it will take inspectors 3 days to complete initial audits if the foreign repair stations are collocated with foreign airports being assessed, and 5 days to complete for stations which are not collocated. According to TSA, the agency's fiscal year 2006 funding levels were sufficient to allow for an additional 13 international inspector positions, including a program manager position, to supplement its current international inspector staff and help meet the requirement to conduct foreign repair station security audits. As of January 2007, all 13 positions were filled, but TSA had not yet begun to conduct these audits. Therefore, it is not yet known how these audits and additional inspector positions will actually affect overall inspector workload or TSA's ability to complete its foreign assessments and inspections as scheduled. Harmonization of Security Standards and Assessment and Inspection Processes Would Help TSA Address Host Government Concerns Regarding Resource Burdens: Harmonization of TSA, host government, and third party (e.g., European Commission) security standards and the processes used to assess foreign airports and air carriers would address concerns regarding the resource burden placed on host governments as a result of frequent airport visits conducted by TSA and others. Officials from 3 of the 7 foreign countries we visited in March 2006, as well as officials representing the European Commission--the executive arm of the European Union (which is composed of 27 countries[Footnote 64]), stated that the frequency of airport assessments and air carrier inspections conducted by TSA and others had placed a significant resource burden on the host government. In addition, a representative of the Association of European Airlines and IATA stated that frequent security inspections by TSA, the host government, and other countries, as well as safety inspections, including inspections conducted by FAA, burdened the limited personnel resources available to air carriers. Specifically, for each inspection, the air carrier must assign one of its employees to escort the inspection team around the airport. (In general, TSA officials must be accompanied by host government officials when conducting foreign airport assessments and air carrier inspections because TSA officials are not allowed to enter restricted areas of the airport unescorted.) Belgian officials, for example, proposed to shorten TSA's fiscal year 2006 assessment of the airport in Brussels, stating that being assessed by TSA, as well as ICAO, the European Commission, and the European Civil Aviation Conference[Footnote 65] within a short span of time would pose a significant resource burden on the Belgian aviation security department. Host government officials in Germany raised concerns regarding the resource burden placed on their aviation security department due to the frequency of TSA visits. German officials said that TSA scheduled 10 airport visits between January 2006 and September 2006, which German officials viewed as excessive. In addition to individual European countries, the Director of Security for the Protection of Persons, Goods, and Installations for the European Commission's Directorate General of Transport and Energy wrote a letter to the TSA Assistant Secretary dated March 9, 2006, expressing concern about the frequency of TSA airport assessments and air carrier inspections in Europe. The Director suggested that TSA consider the high level of quality control exercised within the European Union by the European Commission as well as the European Union member states when determining the frequency of airport assessment visits and that TSA and the European Commission embark upon a joint effort to improve coordination of airport visits to alleviate the resource burden placed on member states. TSA's risk-based approach for scheduling foreign airport assessments could help address some host governments' concerns regarding the resource burden placed on them in part due to the frequency of airport assessments conducted by TSA. In addition to implementing a risk-based approach to scheduling, there are other potential opportunities for TSA to address host country concerns regarding the resource burden experienced as a result of frequent airport visits. Industry representatives and some host government officials stated that if TSA and other inspecting entities either conducted joint airport assessments and air carrier inspections or used the results of each other's assessments and inspections in lieu of conducting their own, the frequency of airport visits could be reduced, in turn reducing the resource burden placed on host governments and air carriers. Airports Council International officials we interviewed, who represent airport operators worldwide, stated that if TSA and other inspecting entities were to conduct joint assessments, the resource burden experienced by airport operators would also be reduced. Moreover, officials from 2 of the 7 countries we visited suggested that TSA review the results of airport assessments conducted by the host government or by third parties either in lieu of conducting its own airport assessments or to target its assessments on specific security standards. These officials said that by doing this, TSA could reduce the length of the assessment period, thereby reducing the resource burden placed on host government officials. According to TSA, the agency must physically observe security operations at foreign airports to determine whether airports are maintaining and carrying out effective security measures in order to satisfy its statutory mandate to conduct assessments of foreign airports. This interpretation precludes TSA from relying solely on third party or host government assessments to make this determination.[Footnote 66] However, TSA officials stated that they may be able to use host government or third party assessments--provided that foreign officials make these assessments available to TSA--to help refine the agency's risk-based approach to scheduling foreign airport assessments, such that TSA would be able to focus its limited inspection resources on foreign airports that pose the greatest security risk to the United States. For example, instead of visiting a foreign airport that TSA considers low risk once every 3 years, TSA, hypothetically, could visit such airports once every 5 years, and review third party or host government assessments between visits to help determine whether the airport is maintaining and carrying out effective security measures. This would enable TSA to reduce the number of visits to foreign airports, thus addressing host government officials' concerns regarding the resource burden they experience as a result of frequent airport assessments. However, three of the five IFO managers we interviewed said that the option of using host government assessments is not currently available to them because host governments in their areas of responsibility generally do not have airport assessment programs in place. These IFO managers said that even if host governments had assessment programs in place, they would be cautious about using the assessment reports and conducting joint assessments for one of two reasons: (1) TSA has not independently evaluated the quality of the assessments conducted by host governments and third parties or the quality of the inspectors conducting these assessments, and (2) host governments and third party inspectors base their assessments on different aviation security standards than TSA. Similarly, foreign government officials and industry representatives have cited differences in security standards as an impediment to conducting joint assessments and using host government or third party assessments. Harmonization: In the homeland security context, "harmonization" is a broad term used to describe countries' efforts to coordinate their security practices to enhance security and increase efficiency by avoiding duplication of effort. Harmonization efforts can include countries' mutually recognizing and accepting each other's existing practices--which could represent somewhat different approaches to achieve the same outcome, as well as working to develop uniform standards. TSA headquarters officials stated that harmonization of airport and air carrier security standards and airport assessment and air carrier inspection processes would make them less cautious about using other assessment reports and conducting joint assessments. To this end, TSA has taken steps toward harmonizing airport assessment processes and some airport and air carrier security standards with the European Commission. In May 2006, in responding to the European Commission's concerns regarding the frequency of TSA airport assessments and air carrier inspections in Europe, the TSA Assistant Secretary suggested that TSA and the European Commission develop working groups to address these concerns. Further, in June 2006, TSA initiated efforts with the European Commission that will enable each party to learn more about the other party's quality control programs. As part of these efforts, TSA and the European Commission established six working groups. TSA and the European Commission have not established firm time frames for when the working groups are to complete their efforts. The objectives and the status of the working groups are described in table 5. Table 5: Description and Status of TSA-European Commission Aviation Security Working Groups: Title of working group: SSI Agreement; Purpose of working group: Facilitate sharing of Sensitive Security Information (SSI) between TSA and the European Commission; Status of working group: efforts as of January 2007: * TSA and the European Commission agreed upon the verbiage of the information-sharing agreement. The agreement is in the final formal approval stages at TSA, the European Commission, and the Department of State. Title of working group: Observer Participation on Inspections; Purpose of working group: Facilitate TSA observation of European Union airport assessments and European Commission observation of TSA assessments of U.S. airports; Status of working group: efforts as of January 2007: * TSA and the European Commission are currently in the process of identifying mutually agreeable dates for a European Commission observer to join a TSA inspection of a U.S. airport; * Final dates and location for TSA participation in European Commission audit are to be determined; * European Commission representatives expressed an interest in viewing the PARIS database, which is a compilation of U.S. inspection findings; * The European Commission is in the process of developing a database for its inspection findings. Title of working group: Risk Based Assessment Methodology; Purpose of working group: Establish a risk-based methodology for scheduling U.S. airport assessment visits to European member states; Status of working group: efforts as of January 2007: * TSA developed a risk-based methodology for scheduling foreign airport assessments; * TSA and the European Commission will determine next steps. Title of working group: Audit Schedules; Purpose of working group: Determine how TSA and the European Commission will provide advance notice of the dates for planned airport assessment visits; Status of working group: efforts as of January 2007: * TSA and the European Commission agreed to share audit schedule information on a quarterly basis; * The level of detail on audit schedules that will be shared is to be determined. Title of working group: Data Interoperability; Purpose of working group: Facilitate the exchange of information regarding supply chain data monitoring between the United States and the European Commission.[A]; Status of working group: efforts as of January 2007: * TSA and the European Commission developed a data interoperability template outlining the purpose, key objectives, and challenges of data interoperability; * This working group may be restructured to focus on cargo harmonization. Title of working group: Compare and Contrast U.S./European Commission Aviation Security Requirements; Purpose of working group: Assess which of TSA's and the European Commission's aviation security measures are comparable (not identical) and determine where significant differences exist; Status of working group: efforts as of January 2007: * To accomplish a meaningful comparison, TSA and the European Commission have developed a matrix to reflect major aviation security categories and measures. Once the SSI agreement is finalized, TSA and the European Commission will complete the comparison matrix. Source: TSA. [A] A supply chain involves the flow of information, product, and funds between different parties involved in the development and provision of goods. These parties include manufacturers, suppliers, transporters, warehouses, retailers, and customers. [End of table] In December 2006, the TSA Assistant Secretary stated that the agency had primarily coordinated with the European Commission on harmonizing aviation security standards because airports in the European Union generally have a high level of security. The Assistant Secretary further stated that TSA should not focus its inspector resources on foreign airports that are known to have a high level of security, such as several European airports; rather, TSA should focus its limited resources on foreign airports that are known to be less secure. The Assistant Secretary added that a number of options for better leveraging inspector resources are being considered by one of the European Commission-TSA working groups, including scheduling European Commission and TSA assessments to overlap for 1 or 2 days to enable both parties to share their assessment results, which could enable TSA to shorten the length of its assessments. The Assistant Secretary also stated that TSA could eventually recognize European Commission airport assessments as equivalent to those conducted by TSA and have TSA inspectors shadow European Commission assessment teams to periodically validate the results. However, in January 2007, European Union member states reached consensus that they would not share the results of European Commission assessments of their airports with TSA until the following occur: (1) TSA and the European Commission agree upon protocols for sharing sensitive security information; (2) TSA inspectors shadow European Commission inspectors on an assessment of a European airport, and European Commission inspectors shadow TSA inspectors on an assessment of a U.S. airport; and (3) TSA agrees to provide the European Commission with the results of U.S. airport assessments. TSA and European Commission officials stated that they expect information-sharing protocols to be established and shadowing of airport assessments to take place during spring 2007. TSA officials also stated that once the information-sharing protocols are finalized, they would be willing to provide European Union member states with the results of U.S. airport assessments. Aviation industry representatives stated that in addition to facilitating joint assessments and use of third party assessments, harmonization of aviation security standards between countries would enhance the efficiency and effectiveness of international aviation security efforts. For example, IATA representatives we interviewed stated that they have met with TSA officials about harmonizing the list of items prohibited onboard aircraft with the European Commission. IATA officials stated that having different security requirements to follow for different countries leads to confusion, and perhaps noncompliance with security requirements, among air carriers. The Chairman of the Security Committee for the Association of European Airlines stated that there are numerous redundancies in the international aviation security system that could be reduced through harmonization, particularly with regard to screening transfer passengers--passengers who have a layover en route from their originating airport to their destination airport. For example, for a passenger traveling from Frankfurt to Chicago who has to change planes in New York, upon landing in New York, the passenger must be rescreened and have his or her checked baggage rescreened before boarding the flight for Chicago. According to officials from various air carrier and airport operator associations, the rescreening of transfer passengers is costly and is only required because individual countries do not formally recognize each other's aviation security measures as providing an equivalent level of security. Air carrier representatives also stated that because air carriers must use their limited resources to implement redundant security measures, they are not able to focus their resources on implementing other security measures that may be more effective at preventing a terrorist from carrying out an attack.[Footnote 67] The TSA Assistant Secretary agreed that rescreening transfer passengers that originate from airports that have a high level of security may be unnecessarily redundant. The Assistant Secretary said that TSA plans to assess the effectiveness of the checked baggage screening system commonly used at European airports to determine if that system provides at least the same level of security as TSA's baggage screening system. However, TSA officials said that even if the agency determines that the baggage screening system in place at European airports provides an equivalent level of security, TSA would still have to rescreen checked baggage for transfer passengers arriving from Europe because the Aviation and Transportation Security Act requires passengers and baggage on flights originating in the United States to be screened by U.S. government employees.[Footnote 68] According to an attorney in TSA's Office of Chief Counsel, Congress would have to change the law in order for TSA to discontinue the screening of transfer passengers. TSA also made efforts to harmonize some aviation security measures with other countries outside of the European Union. For example, TSA officials worked with Canadian officials to develop a common set of security requirements for air carriers that have flights between the United States and Canada. Additionally, in response to the alleged August 2006 liquid explosives terrorist plot, TSA initially banned all liquids, gels, and aerosols from being carried through the checkpoint and, in September 2006, began allowing passengers to carry on small, travel-size liquids and gels (3 fluid ounces or less) using a single quart-size, clear plastic, zip-top bag. In an effort to harmonize its liquid screening procedures with other countries, in November 2006, TSA revised its procedures to allow 3.4 fluid ounces of liquids, gels, and aerosols onboard aircraft, which is equivalent to 100 milliliters--the amount permitted by the 27 countries in the European Union, as well as Canada, Australia, Norway, Switzerland, and Iceland. According to the Assistant Secretary of TSA, this means that approximately half of the world's air travelers will be governed by similar measures with regard to this area of security. ICAO also adopted the liquid, gels, and aerosol screening procedures implemented by TSA and others as a recommended practice. As we reported in March 2007, DHS has also taken steps toward harmonizing international air cargo security practices.[Footnote 69] As part of this effort, TSA has worked through ICAO to develop uniform international air cargo security standards. TSA Is Taking Steps to Address Sovereignty Concerns Raised by Foreign Officials on a Case-by-Case Basis: In addition to concerns regarding the resource burden placed on host governments as a result of frequent airport visits by TSA and others, TSA, on a case-by-case basis, has also had to address host government concerns regarding sovereignty--more specifically, concerns that TSA assessments and inspections infringe upon a host government's authority to regulate airports and air carriers within its borders. According to TSA officials and representatives of the European Commission, several foreign governments have stated that they consider TSA's foreign airport assessments as an infringement on their sovereignty. For example, government officials in one country have prevented TSA from assessing the security at their airports and from inspecting non-U.S. air carriers because they do not believe TSA has the authority to assess airports outside of the United States and that the host government is the sole regulator of air carriers that are based out of their country.[Footnote 70] Based on the results of air carrier inspections provided to us by TSA, we found that during fiscal year 2005, TSA conducted only one inspection of an air carrier that was based out of this particular country. According to TSA, officials from this country allowed TSA to conduct this particular inspection to accommodate TSA's request to inspect the security of air carriers that had flights originating in Europe and arriving in Washington, D.C., during the January 2005 U.S. presidential inauguration activities. We also found that TSA conducted assessments of four airports in this particular country during fiscal year 2005. TSA officials said that they were able to conduct these assessments under the guise of a TSA "visit" to--versus an "assessment" of--the airport. TSA officials, however, stated that because officials from this country do not believe TSA has the authority to assess the security at their airports, these officials would not accept--neither orally nor in writing--the results of TSA airport assessments. TSA officials also stated that officials from this country prohibited TSA inspectors from assessing airport perimeter security as well as the contents of the country's individual airport security programs. TSA officials identified that there are at least 3 additional countries that raised concerns regarding sovereignty. According to TSA, officials from one of these countries stated that they did not know of any international requirements compelling them to allow TSA to assess their airport and that TSA had too many internal flaws to assess airports in other countries. In response to this country's concerns, TSA sent a representative to meet with the country's Minister of Transportation. At the meeting, the Minister granted TSA future access to the country's airports for assessments after being offered the opportunity to visit U.S. airports to observe security measures. Additional countries, according to TSA, were concerned about their sovereignty being violated and TSA gathering intelligence information for the U.S. government through the airport assessment program. TSA officials stated that when unique concerns arise in the future, they will continue to work with countries on a case-by-case basis to try to address their concerns. Conclusions: The alleged August 2006 terrorist plot to detonate liquid explosives on U.S.-bound flights from the United Kingdom illustrates the continuing threat of international terrorism to commercial aviation and the importance of TSA's foreign airport assessment and air carrier inspection programs. As part of these programs, TSA has provided on- site consultation and made recommendations to foreign officials on how to resolve security deficiencies. In rare cases, DHS and TSA have taken more aggressive action by notifying the traveling public that an airport does not meet minimum international standards or issuing warning letters and letters of correction to air carriers. While foreign government officials and air carrier representatives acknowledged that TSA's efforts have helped to strengthen the security of U.S.-bound flights, there are several opportunities for TSA to strengthen oversight of its foreign airport assessment and air carrier inspection programs. First, although TSA has made some efforts to improve its tracking of foreign airport assessments and air carrier inspections, until additional controls are in place to track the status of foreign airport assessments and air carrier inspections, such as whether scheduled assessments and inspections were actually conducted, TSA has limited assurance that all assessments and inspections are accounted for and that appropriate action was taken for airports and air carriers that did not comply with security standards. Second, while TSA has helped to strengthen security at foreign airports by providing assistance to foreign officials, because TSA does not consistently track and document foreign officials' progress in addressing security deficiencies, it may be difficult for TSA to assess the impact of its efforts on meeting program goals--to ensure that foreign airports and air carriers servicing the United States are meeting, at a minimum, applicable ICAO standards and TSA's security requirements, respectively. Third, although TSA has established some output performance measures and targets related to the assessment and inspection programs, the current measures do not enable TSA to draw particularly meaningful conclusions about the impact of its foreign airport assessment and air carrier inspection programs on the security of U.S.-bound flights and how to most effectively direct its improvement efforts. TSA has faced several challenges in meeting the goals of its assessment and inspection programs, including a lack of available staff and concerns regarding the resource burden placed on host governments as a result of frequent airport visits conducted by TSA and others. TSA's development of a risk-based approach to scheduling airport assessments and air carrier inspections is a step in the right direction to address host government concerns and better leverage limited inspector resources. However, it is too soon to determine the extent to which the risk-based approach will help to improve TSA's ability to complete scheduled foreign airport assessments and air carrier inspections, and the extent to which the approach will alleviate host government concerns regarding the frequency of airport visits. The collaboration between TSA and the European Commission regarding opportunities for conducting joint airport assessments and sharing assessment results, as well as efforts to harmonize aviation security standards--including those related to the screening of liquids, gels, and aerosols--with the European Commission and others, are key steps toward addressing host government concerns regarding the resource burden that results from frequent assessments by TSA and others. It will be important for TSA to continue working with foreign officials to address their concerns, such as sovereignty issues, in order to continue assessing the security at foreign airports that service the United States. Recommendations for Executive Action: To help strengthen oversight of TSA's foreign airport assessment and air carrier inspection programs, in our April 2007 report that contained sensitive security information, we recommended that the Secretary of the Department of Homeland Security direct the Assistant Secretary for the Transportation Security Administration to take the following five actions: * develop controls to track the status of scheduled foreign airport assessments from initiation through completion, including the reasons why assessments were deferred or canceled; * develop controls to track the status of scheduled air carrier inspections from initiation through completion, including the reasons why inspections were deferred or canceled, as well as the final disposition of any investigations that result from air carrier inspections; * develop a standard process for tracking and documenting host governments' progress in addressing security deficiencies identified during TSA airport assessments; * develop outcome-oriented performance measures to evaluate the impact TSA assistance has on improving foreign airport compliance with ICAO standards; and: * develop outcome-oriented performance measures to evaluate the impact TSA assistance and enforcement actions have on improving air carrier compliance with TSA security requirements. Agency Comments and Our Evaluation: On April 13, 2007, we received written comments on the draft report, which are reproduced in full in appendix V. DHS generally concurred with the findings and recommendations in the report and stated that the recommendations will help strengthen TSA's oversight of foreign airport assessments and air carrier inspections. With regard to our recommendations that TSA develop controls to track the status of scheduled airport assessments and air carrier inspections from initiation through completion, including the reasons for any deferments or cancellations, and the final disposition of investigations related to air carrier inspections, DHS stated that TSA plans to enhance its tracking system to include the reason for any deferment or cancellation of an airport assessment or an air carrier inspection. The tracking system also incorporates the risk-based methodology and criteria for scheduling foreign airport assessments that TSA adopted in October 2006. Enhancing the tracking system should provide TSA greater assurance that airport assessments and air carrier inspections are conducted within applicable time frames. If properly implemented and monitored, this tracking system should address the intent of our recommendation. Regarding the disposition of investigations related to air carrier inspections, DHS stated that TSA's Office of Chief Counsel currently documents the final disposition of investigations in PARIS, but TSA will enhance PARIS to ensure that inspection activities are linked to investigations so that comprehensive enforcement information is readily available. A clear link between violations identified as a result of an inspection and the final disposition of those violations is important for maintaining comprehensive inspection and enforcement information. As we reported, TSA often pursued one enforcement action in response to multiple violations, and inspectors were not required to identify which violations were included in the enforcement action. Without being able to readily identify what enforcement action was taken in response to specific security violations, TSA cannot readily ensure that air carriers receive appropriate penalties, and that security violations are resolved. Concerning our recommendation that TSA develop a standard process for tracking and documenting host governments' progress in addressing security deficiencies identified during assessments, TSA stated that it is currently developing a system whereby outstanding deficiencies identified during an assessment will be tracked along with deficiency- specific information, deadlines, and current status. TSA plans to archive this information for future trend analysis and to provide a historical understanding of each airport's security posture. This effort, if properly implemented, will provide additional relevant, useful information to TSA in performing its oversight responsibilities. TSA concurred with our recommendation that it develop outcome-oriented performance measures to evaluate the impact TSA assistance has on improving foreign airport compliance with international security standards, and on improving air carrier compliance with TSA security requirements. TSA is considering several elements to include in the performance measures, such as the number of assessments conducted, corrective actions recommended, TSA assistance provided, and corrective actions achieved. TSA indicated that its outcome-based performance measures would be structured to recognize the collaborative nature of the process, particularly where corrective action by a foreign government is concerned. Such outcome-based performance measures, if properly developed and utilized, will enable TSA to determine the impact of its airport assessment program and assistance provided for improving security at foreign airports. Likewise, these types of measures can be applied to air carrier inspections at foreign airports to determine he impact that such inspections have on compliance, and to identify which approaches to for improving air carrier compliance with security requirements work well and which could be improved upon. If you or your staff have any questions about this report, please contact me at (202) 512-3404 or berrickc@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff that made major contributions to this report are listed in appendix VI. This report will also be available at no charge on the GAO Web site at http://www.gao.gov. Signed by: Cathleen A. Berrick: Director, Homeland Security and Justice: [End of section] Appendix I: Objectives, Scope, and Methodology: To examine efforts by the Transportation Security Administration (TSA) to ensure the security of international aviation, and in particular flights bound for the United States from other countries, we addressed the following questions: (1) What were the results of TSA's fiscal year 2005 foreign airport assessments and air carrier inspections, and what actions were taken, if any, when TSA identified that foreign airports and air carriers were not complying with security standards? (2) How, if at all, did TSA assist foreign countries and air carriers in addressing any deficiencies identified during foreign airport assessments and air carrier inspections, and to what extent did TSA provide oversight of its assessment and inspection efforts? (3) What challenges, if any, affected TSA's ability to conduct foreign airport assessments and air carrier inspections, and what actions have TSA and others taken to address these challenges? Results of Fiscal Year 2005 Foreign Airport Assessments and Air Carrier Inspections and Actions Taken by TSA in Response to Noncompliance: Foreign Airport Assessment Results: To determine the results of TSA's foreign airport assessments we reviewed 128 fiscal year 2005 assessment reports, the most recent year for which complete foreign airport assessment reports were available.[Footnote 71] To determine the extent to which foreign airports complied with International Civil Aviation Organization (ICAO) standards and recommended practices, we looked at the following information contained in the reports: (1) ICAO standards or recommended practices with which the airport did not comply; (2) whether issues of noncompliance were "old" (identified during the previous assessment) or "new" (identified during the current assessment); (3) explanation of the problems that existed that caused the airport not to comply with ICAO standards or recommended practices, and, if provided, any actions taken by the host government to address the problems; (4) TSA's recommendations for how the airport could correct security deficiencies in order to meet ICAO standards or recommended practices; and: (5) whether issues of noncompliance remained "open" (unresolved) or "closed" (resolved) prior to the completion of the assessment. We developed an electronic data collection instrument to capture information from copies of the assessment reports. All data collection instrument entries, with the exception of the problem descriptions and recommendations, were verified to ensure they had been copied correctly from the assessment reports. Considering that we only intended to discuss the problem descriptions and the recommendations anecdotally, and given the resources available to verify this information, we verified that the problem descriptions and recommendations had been copied correctly for a random sample of 20 assessment reports from fiscal year 2005. We analyzed the data to determine the frequency with which foreign airports complied with particular categories of ICAO standards and recommended practices, such as passenger screening, checked baggage screening, access controls, etc., and the number of airports that resolved deficiencies upon completion of the assessment. Air Carrier Inspection Results: To determine the results of TSA's air carrier inspections, we obtained inspection data from TSA's Performance and Results Information System (PARIS).[Footnote 72] For the purposes of our review, we analyzed the results of inspections conducted in fiscal year 2005 to be consistent with the analysis performed on the results of foreign airport assessments for fiscal year 2005. TSA's inspections database contained information on 529 air carrier inspections at 145 foreign airports in 71 countries conducted by TSA during fiscal year 2005. Specifically, the inspections database included the date and location of the inspection, the inspected air carrier, the security requirements being inspected, as well as the inspector's determination as to whether the air carrier was or was not in compliance with security requirements. Prior to conducting any analysis, we assessed the reliability of the inspection data by performing electronic testing for obvious errors in accuracy and completeness. Our testing revealed a few errors, such as inconsistencies in the names of individual air carriers or incorrectly identifying the airport as the assessed entity rather than the air carrier. We also found instances of inspections conducted at domestic airports that were included in the data; those inspection records were removed. We also interviewed agency officials familiar with the data, and worked with them to resolve the data problems we identified. Based on our electronic testing and discussions with agency officials, we found the data to be sufficiently reliable for the purposes of our report. For our analysis, we also added additional information to the inspection records to include the country where the inspection occurred, and whether the air carrier being inspected was a U.S.-based air carrier or a foreign air carrier. Finally, to facilitate our analysis, we grouped the security requirements being inspected into several categories, such as aircraft security, cargo, checked baggage, passenger and carry-on screening and special procedures. Actions Taken by TSA when Foreign Airports and Air Carriers Did Not Comply with Security Requirements: To determine the actions taken by TSA when foreign airports did not comply with ICAO standards and recommended practices, we reviewed TSA's Foreign Airport Assessment Program Standard Operating Procedures (SOP). We also reviewed relevant statutory provisions that identify specific actions to be taken by the Secretary of Homeland Security when the Secretary determines that a foreign airport does not maintain and carry- out effective security measures.[Footnote 73] To determine the actions taken by TSA when air carriers did not comply with TSA security requirements, we reviewed fiscal year 2005 information from the findings and investigations databases in PARIS. As with the inspection data, to facilitate our analysis, we included additional information in the findings database, such as the country where the inspection occurred, and whether the air carrier being inspected was a U.S.-based air carrier or a foreign air carrier. Further, we grouped the security requirements being inspected into several categories, such as aircraft security, cargo, checked baggage, passenger and carry-on screening, and special procedures. To assess the reliability of the findings data, we performed electronic testing for obvious errors and completeness and interviewed agency officials knowledgeable about the data. We identified two issues of concern during our reliability assessment. First, we found that the findings database is not linked to the inspections database to allow for ready determination of the actions taken by TSA in response to specific deficiencies. Second, the findings database did not consistently include accurate information on actions taken in response to findings. According to TSA officials knowledgeable about the data, the findings database should contain information on actions taken by TSA for each response of "not in compliance" in the inspections database. However, we found that in half of the inspections where deficiencies were identified, such information was not properly recorded in the findings database. Considering the amount of information excluded from the findings database and that this information could not be readily provided by TSA, we determined that the findings data were not sufficiently reliable for conducting evaluative analysis of the actions taken by TSA when security violations were identified during air carrier inspections. However, we determined that the findings data were sufficiently reliable for conducting descriptive analysis of TSA's actions, while including appropriate statements as to its reliability, and for anecdotal purposes. To assess the reliability of the investigations data included in PARIS, we conducted electronic testing and interviewed agency officials knowledgeable about the data. We found that information in the investigations database is not recorded in such a way that one can readily determine which air carrier inspection, and in particular which specific security violations identified, were the impetus behind a particular investigation. TSA officials explained that inspectors are not required to link an investigation to the inspection which it stemmed from. When we performed our analysis, TSA officials were, however, able to provide links to inspections for some of the investigations. For the remainder of the investigations data, we attempted to make the link between inspections and investigations by using information from the inspections database such as the date when the investigation record was created and the narrative fields, which in some cases identified whether the investigation was a result of an inspection or some other offense, such as an air carrier allowing a passenger on the No-Fly list to board a U.S.-bound flight.[Footnote 74] Our analysis of actions taken by TSA when air carriers did not comply with security requirements is, therefore, based on those investigations that we were able to link to fiscal year 2005 inspection activity. We found these data to be sufficiently reliable for purposes of this report. For additional information on actions taken by TSA when foreign airports and air carriers did not comply with security requirements, we interviewed TSA headquarters and field officials in the Office of Security Operations--the division responsible for conducting foreign airport assessments and air carrier inspections and making recommendations for corrective action--and the Transportation Security Network Management division--the unit responsible for working with foreign officials to coordinate TSA foreign airport visits and monitoring host government and air carrier progress in addressing security deficiencies. Assistance Provided by TSA to Address Security Deficiencies and Oversight of Airport Assessment and Air Carrier Inspection Efforts: Assistance Provided by TSA to Address Security Deficiencies: To identify actions taken by TSA to help foreign officials address security deficiencies identified at foreign airports during the fiscal year 2005 airport assessments, we obtained and analyzed information from the fiscal year 2005 foreign airport assessment reports. To obtain information on TSA's efforts to assist air carrier representatives in addressing identified security deficiencies, we reviewed information in the findings and investigations databases from TSA's PARIS. As previously discussed, we assessed the reliability of the findings and investigations data by performing electronic testing for obvious errors in accuracy and completeness, and interviewed agency officials knowledgeable about the data. While we identified errors during our reliability assessment, many of which remained unresolved, we determined that the findings and investigations data were sufficiently reliable for anecdotal descriptions of the assistance TSA provided air carriers to help them address security deficiencies. To obtain additional information on actions taken by TSA to address security deficiencies identified during foreign airport assessments and air carrier inspections, we interviewed TSA headquarters officials from the Office of Security Operations and the Transportation Sector Network Management division. We also made site visits to TSA's five international field offices (IFO) located in Los Angeles, Dallas, Miami, Frankfurt, and Singapore, where we met with the IFO managers; international aviation security inspectors, who conduct foreign airport assessments and air carrier inspections; 10 of the 20 TSA Representatives (TSAR), who schedule TSA airport visits and follow up on host governments' progress in addressing security deficiencies; and 4 of the 6 International Principal Security Inspectors (IPSI), who are responsible for assisting foreign air carriers in understanding and complying with TSA security requirements. We also met with 3 of the 15 Principal Security Inspectors (PSI) located at TSA headquarters that are responsible for helping U.S. air carriers understand and comply with TSA security requirements. During each of these interviews, we discussed these officials' responsibilities related to the foreign airport assessment and air carrier inspection programs, including their role in assisting foreign officials and air carrier representatives in correcting security deficiencies identified during assessments and inspections. Information from our interviews with government officials, members of the aviation industry, and TSA officials and inspectors cannot be generalized beyond those that we spoke with because we did not use statistical sampling techniques in selecting individuals to interview. To obtain a greater understanding of the foreign airport assessment and air carrier inspection processes, as well as the assistance TSA provides, we accompanied a team of TSA inspectors and a TSAR during the assessment of E.T. Joshua International Airport in Kingstown, St. Vincent and the Grenadines, and the inspection of Caribbean Sun Airlines at that location. Moreover, we identified and met with officials from other U.S. government agencies that assist foreign officials in enhancing security at foreign airports. Specifically, we met with officials from the Department of Justice, Department of State, Department of Transportation, and the U.S. Trade and Development Administration. Oversight of the Foreign Airport Assessment and Air Carrier Inspection Programs: To obtain information on the extent to which TSA provided oversight of its assessment and inspection efforts, we reviewed the agency guidance for each program. We also reviewed sections of the fiscal year 2005 foreign airport assessment reports for completeness and general consistency with TSA guidance for preparing assessment reports. In addition, we reviewed the inspections, findings, and investigations databases in PARIS for completeness and the ability to track air carrier inspection activity from initiation through completion, including actions taken against air carriers who did not comply with security requirements. We compared TSA's guidance and reporting mechanisms for the assessment and inspection programs with federal standards for internal controls and associated guidance.[Footnote 75] We also met with TSA headquarters officials, IFO managers, TSARs, and aviation security inspectors to discuss the extent to which they documented assessment and inspection activity from initiation through completion and follow-up activity for unresolved security deficiencies. We obtained additional information on TSA's oversight of the foreign airport assessment and air carrier inspection programs, particularly with regard to assessing the impact of these programs, by reviewing TSA's fiscal year 2006 Performance Assessment Rating Tool (PART) submissions. The Office of Management and Budget describes PART as a diagnostic tool meant to provide a consistent approach to evaluating federal programs as part of the executive budget formulation process. PART includes information on an agency's program goals and performance measures used to assess whether program goals are being met. We compared the program goals identified in TSA's PART submission with the Government Performance and Results Act of 1993 (GPRA), which identifies requirements for the types of measures federal agencies should use to assess the performance of their programs. We also interviewed TSA headquarters and field officials to obtain their perspectives on appropriate ways to assess the performance of the foreign airport assessment and air carrier inspection programs. Challenges That Affected TSA's Ability to Conduct Foreign Airport Assessments and Air Carrier Inspections and Actions Taken to Address those Challenges: To identify challenges that affected TSA's ability to conduct foreign airport assessments and air carrier inspections at foreign airports, we met with TSA headquarters and field officials in the Office of Security Operations and the Transport Sector Network Management division regarding their efforts to obtain access to foreign airports to conduct assessments and inspections. We also visited the embassies of 16 nations and the Delegation of the European Commission in Washington, D.C., to obtain perspectives of foreign transportation security officials on TSA's airport assessment and air carrier inspection program.[Footnote 76] In addition, we conducted site visits to meet with aviation security officials in Belgium, Canada, Germany, the Philippines, St. Vincent and the Grenadines, Thailand, and the United Kingdom to discuss their perspectives on TSA's foreign airport assessment and air carrier inspection activity. We selected these locations because they met one or more of the following criteria: a relatively high volume of passengers fly to the United States each year, TSA assigned a relatively high threat ranking to the country, the country received aviation security training or technical assistance from a U.S. government agency, or a TSA international field office was located in the country. We also met with individuals representing 11 air carriers, including both U.S. and foreign airlines,[Footnote 77] to obtain their perspectives on TSA's foreign airport assessment and air carrier inspections programs. Additionally, we met with officials from the European Commission, the European Civil Aviation Commission, and ICAO to discuss similar efforts these organizations have in place to ensure compliance with international aviation security standards. Information from our interviews with foreign government officials and members of the aviation industry cannot be generalized beyond those that we spoke with because we did not use statistical sampling techniques in selecting individuals to interview. We also reviewed documentation associated with TSA's risk-based methodology for scheduling foreign airport assessments and air carrier inspections, which TSA intended to address some of the challenges in conducting assessments and inspections, and compared the methodology to our risk management guidance. In addition, we interviewed 4 Federal Security Directors[Footnote 78] and 7 aviation security inspectors stationed in the United States to discuss their support of the foreign airport assessment and air carrier inspection programs as well as the impact, if any, that their involvement in these programs has had on their operations at U.S. airports. We conducted our work from October 2005 through March 2007 in accordance with generally accepted government auditing standards. [End of section] Appendix II: International Civil Aviation Organization Standards and Recommended Practices Used by TSA to Conduct Fiscal Year 2005 Foreign Airport Assessments: Chapter 1. Definitions: Airside. The movement area of an airport, adjacent terrain and buildings or portions thereof, access to which is controlled. Aircraft Security Check. An inspection of the interior of an aircraft to which passengers may have had access and an inspection of the hold for the purposes of discovering suspicious objects, weapons, explosives or other dangerous devices: Background Check. A check of a person's identity and previous experience, including any criminal history, where appropriate, as part of the assessment of an individual's suitability for unescorted access to a security restricted area. Cargo. Any property carried on an aircraft other than mail, stores and accompanied or mishandled baggage. Human Factors Principles. Principles which apply to design, certification, training, operations and maintenance and which seek safe interface between the human and other system components by proper consideration to human performance. Human Performance. Human capabilities and limitations which have an impact on the safety, security and efficiency of aeronautical operations. Regulated Agent. An agent, freight forwarder or any other entity who conducts business with an operator and provides security controls that are see accepted or required by the appropriate authority in respect of cargo, courier and express parcels or mail. Screening. The application of technical or other means which are intended to identify and/or detect weapons, explosives or other dangerous devices which may be used to commit an act of unlawful interference. Note.-Certain dangerous articles or substances are classified as dangerous goods by Annex 18 and the associated Technical Instructions for the Safe Transport of Dangerous Goods by Air (Doe 9284) and must be transported in accordance with those instructions. Security. A combination of measures and human and material resources intended to safeguard civil aviation against acts of unlawful interference. Security Control. A means by which the introduction of weapons, explosives or other dangerous devices which may be utilized to commit an act of unlawful interference can be prevented. Security Restricted area. Airside areas of an airport into which access is controlled to ensure security of civil aviation. Such are will n nasally include, inter alia, all passenger departure areas between the screening checkpoint and the aircraft, the ramp, baggage make-up areas, cargo sheds, mail centres, airside catering and aircraft cleaning premises. Unidentified Baggage. Baggage at an airport, with or without a baggage tag, which is not picked up by or identified with a passenger. Chapter 2. General Principles: 2.1 Objectives: 2.1.1 Each Contracting State shall have as its primary objective the safety of passengers, crew, ground personnel and the general public in all matters related to safeguarding against acts of unlawful interference with civil aviation. 2.1.2 Each Contracting State shall establish an organization and develop and implement regulations, practices and procedures to safeguard civil aviation against acts of unlawful interference taking into account the safety, regularity and efficiency of flights. 2.1.3 Each Contracting State shall ensure that principles governing measures designed to safeguard against acts of unlawful interference with international civil aviation are applied to domestic operations to the extent practicable. 2.1.4 Recommendation.-Each Contracting State should ensure appropriate protection of aviation security information. Note 1.-Guidance material on achieving civil aviation security objectives through application of the Standards and Recommended Practices in the following chapters is to be found in the Security Manual for Safeguarding Civil Aviation Against Acts of Unlawful Interference (Doe 8973 Restricted). Note 2.-The comprehensive aviation security training material to assist States in achieving civil aviation security objectives is contained in the ICAO Training Programme for Aviation Security comprising a series of Avialion Security Training Packages (ASTPs). 2.2 Security and facilitation: Recommendation.-Each Contracting State should whenever possible arrange for the security controls and procedures to cause a minimum of interference with, or delay to the activities of civil aviation provided the effectiveness of these controls and procedures is not compromised. 2.3 International cooperation: 2.3.1 Each Contracting State shall ensure that requests from other States for special security controls in respect of a specific flight or specified flights by operators of such other States are met, as far as may be practicable. 2.3.2 Each Contracting State shall cooperate with other States in relation to their respective national civil aviation security programmes as necessary. 2.3.3 Each Contracting State shall cooperate with other States in the development and exchange of information concerning training programmes, as necessary. 2.3.4 Each Contracting State shall share with other Contracting States threat information that applies to the aviation security interests of those States, to the extent practicable. 2.3.5 Each Contracting State shall provide suitable protection and handling procedures for sensitive security information shared by other Contracting States, or sensitive security information that affects the security interests of other Contracting States, in order to ensure that inappropriate use or disclosure of such information is avoided. 2.3.6 Recommendation.-Each Contracting State should cooperate with other States in the field of research and develop-ment of new security equipment which will better achieve civil aviation security objectives. 2.3.7 Recommendation Each Contracting State should include in its bilateral agreements on air transport a clause related to aviation security. 2.3.8 Recommendation, Each Contracting State should make available to other States on request a written version of the appropriate parts of its national civil aviation security programme. 2.4 Equipment, research and development: 2.4.1 Recommendation.-Each Contracting State should promote research and development of new security equipment which will better achieve civil aviation security objectives. 2.4.2 Recommendation Each Contracting State should ensure that the development of new security equipment takes into consideration Human Factors principles. Note.-Guidance material regarding Human Factors principles can be found in the Human Factors Digest - Human Factors in Civil Aviation Security Operations* and in Part 1, Chapter 4 of the Human Factors Training Manual (Doe 9683). Chapter 3. Organization: 3.1 National organization and appropriate authority: 3.1.1 Each Contracting State shall establish and implement a written national civil aviation security programme to safeguard civil aviation operations against acts of unlawful interference, through regulations, practices and procedures which take into account the safety, regularity and efficiency of flights. 3.1.2 Each Contracting State shall designate and specify to ICAO an appropriate authority within its administration to be responsible for the development, implementation and maintenance of the national civil aviation security programme. 3.1.3 Each Contracting State shall establish an organization and develop and implement regulations, practices and procedures, which together provide the security necessary for the operation of aircraft in normal operating conditions and capable of responding rapidly to meet any increased security threat. 3.1.4 Each Contracting State shall keep under constant review the level of threat to civil aviation operations within its territory and adjust relevant elements of its national civil aviation security programme accordingly. 3.1.5 Each Contracting State shall require the appropriate authority to define and allocate tasks and coordinate activities between the departments, agencies and other organizations of the State, airport and aircraft operators and other entities con-cerned with or responsible for the implementation of various aspects of the national civil aviation security programme. 3.1.6 Each Contracting State shall establish a national aviation security committee or similar arrangements for the purpose of coordinating security activities between the departments, agencies and other organizations of the Stale, airport and aircraft operators and other entities concerned with or responsible for the implementation of various aspects of the national civil aviation security programme. 3.1.7 Each Contracting State shall require the appropriate authority to ensure the development and implementation of training programmes to ensure the effectiveness of its national civil aviation security programme. These training programmes shall include training of civil aviation security personnel in human performance. Note.-Guidance material on training in human performance can be found in the Security Manual for Safe-guarding Civil Aviation Against Acts of Unlawful Interference (Doc8973-Restricted); the Human Factors Digest - Human Factors in Civil Aviation Security Operations*; and in Part 2, Chapter I of the Human Factors Training Manual (Doe 9683). 3.1.8 Each Contracting State shall ensure that the appropriate authority arranges for the supporting resources and facilities required by the aviation security services to be available at each airport serving international civil aviation. 3.1.9 Recommendation.-Each Contracting State should make available to its airport and aircraft operators operating in its territory and other entities concerned, a written version of the appropriate parts of its national civil aviation security programme. 3.2 Airport operations: 3.2.1 Each Contracting State shall require each airport serving international civil aviation to establish and implement a written airport security programme appropriate to meet the requirements of the national aviation security programme. 3.22 Each Contracting State shall arrange for -authority at each airport serving international civil aviation to be responsible for coordinating the implementation of security controls. 3.2.3 Each Contracting State shall arrange for the establishment of an airport security committee at each airport serving international civil aviation to assist the authority mentioned under 3.2.2 in its role of coordinating the implemen-tation of security controls and procedures as specified in the airport security programme. 3.2.4 Each Contracting State shall ensure that contingency plans are developed and resources made available to safeguard civil aviation, against acts of unlawful interference. The contin-gency plans shall be practised and exercised on a regular basis. 3.2.5 Each Contracting State shall ensure that authorized and suitably trained personnel are readily available for deploy-ment at its airports serving international civil aviation to assist in dealing with suspected, or actual, cases of unlawful interference with civil aviation. 3.2.6 Each Contracting State shall ensure that the architectural and infrastructure-related requirements necessary for the optimum implementation of civil aviation security measures are integrated into the design and construction of new facilities and alterations to existing facilities at airports. 3.3 Aircraft operators: 3.3.1 Each Contracting State shall require operators providing service from that State to establish and implement a written operator security programme appropriate to meet the requirements of the national civil aviation security programme of that State. 3.3.2 Recommendation-Each Contracting State should take into account the ICAO model as a basis for operators' security programmes. 3.3.3 Recommendation.-Each Contracting State should require operators providing service from that State and partici-pating in code-sharing or other collaborative arrangements with other international operators to notify the appropriate authority of the nature of these arrangements, including the identity of the other operators. 3.4 Quality control: 3.4.1 Each Contracting State shall ensure that the persons implementing security controls are subject to background checks and selection procedures. 3.4.2 Each Contracting State shall ensure that the persons implementing security controls are appropriately trained and possess all competencies required to perform their duties and that appropriate records are maintained. Relevant standards of performance shall be established and initial and periodic assessments shall be introduced to maintain those standards. 3.4.3 Each Contracting State shall ensure that the persons carrying out screening operations are certified according to the requirements of the national civil aviation security programme. 3.4.4 Each Contracting State shall require the appropriate authority to ensure the development, implementation and maintenance of a national civil aviation security quality control programme to ensure the effectiveness of its national civil aviation security programme. 3.4.5 Each Contracting State shall arrange for surveys to identify security needs, arrange for inspections of the implementation of security controls and arrange tests of security controls to assess their effectiveness. 3.4.6 Each Contracting State concerned with an act of unlawful interference shall require its appropriate authority to re-evaluate security controls and procedures and take action necessary to remedy weaknesses so as to prevent recurrence. These actions shall be notified to ICAO. 3.4.7 Recommendation. Each Contracting State should require that the effectiveness of individual aviation security measures be assessed by considering their role in the overall system performance of aviation security systems. Chapter 4. Preventive Security Measures: 4.1 Objective: Each Contracting State shall establish measures to prevent weapons, explosives or any other dangerous devices which may be used to commit an act of unlawful interference, the carriage or bearing of which is not authorized, from being introduced, by any means whatsoever, on board an aircraft engaged in international civil aviation. 4.2 Measures relating to aircraft: 4.2.1 Each Contracting State shall ensure that aircraft security checks of originating aircraft assigned to international flights are performed. 4.2.2 Each Contracting State shall require measures to be taken in respect of flights under an increased threat to ensure that disembarking passengers do not leave items on board the aircraft at transit stops on its airports. 4.2.3 Each Contracting State shall require its operators to take adequate measures to ensure that during flight unauthorized persons are prevented from entering the flight crew compartment. 4.3 Measures relating to passengers and their cabin baggage: 4.3.1 Each Contracting state shall establish measures to ensure that originating passengers and their cabin baggage are screened prior to boarding an aircraft engaged in international civil aviation operations. 4.3.2 Each Contracting State shall ensure that transfer and transit passengers and their cabin baggage are subjected to adequate security controls to prevent unauthorized articles from being taken on board aircraft engaged in international civil aviation operations. 4.3.3 Each Contracting State shall ensure that there is no possibility of mixing or contact between passengers subjected to security control and other persons not subjected to such control after the security screening points at airports serving international civil aviation have been passed; if mixing or contact does take place, the passengers concerned and their cabin baggage shall be re-screened before boarding an aircraft. 4.4 Measures relating to hold baggage: 4.4.1 Each Contracting State shall establish measures to ensure that hold baggage is subjected to appropriate security controls prior to being loaded into an aircraft engaged in international civil aviation operations. 4.4.2 Each Contracting State shall establish measures to ensure that hold baggage intended for carriage on passenger flights is protected from unauthorized interference from the point it is checked in, whether at an airport or elsewhere, until it is placed on board an aircraft. 4.4.3 Each Contracting State shall establish measures to ensure that operators when providing service from that State do not transport the baggage of passengers who are not on board the aircraft unless that baggage is subjected to appropriate security controls which may include screening. 4.4.4 Each Contracting State shall require the establishment of secure storage areas at airports serving international civil aviation, where mishandled baggage maybe held until forwarded, claimed or disposed of in accordance with local laws. 4.4.5 Each Contracting State shall establish measures to ensure that consignments checked in as baggage by courier services for carriage on passenger aircraft engaged in international civil aviation operations are screened. 4.4.6 Each Contracting State shall ensure that transfer hold baggage is subjected to appropriate security controls to prevent unauthorized articles from being taken on board aircraft engaged in international civil aviation operations. 4.4.7 Each Contracting State shall establish measures to ensure that aircraft operators when providing a passenger service from that State transport only hold baggage which is authorized for carriage in accordance with the requirements specified in the national civil aviation security programme. 4.4.8 From 1 January 2006, each Contracting State shall establish measures to ensure that originating hold baggage intended to be tamed in an aircraft engaged in international civil aviation operations is screened prior to being loaded into the aircraft. 4.4.9 Recommendation Each Contracting State should establish measures to ensure that originating hold baggage intended to be carried in an aircraft engaged in international civil aviation operations is screened prior to being loaded into the aircraft. 4.4.10 Recommendation.-Each Contracting State should take the necessary measures to ensure that unidentified baggage is placed in a protected and isolated area until such time as it is ascertained that it dues not contain any explosives or other dangerous device. 4.5 Measures relating to cargo, mail and other goods: 4.5.1 Each Contracting State shall ensure the implementation of measures at airports serving international civil aviation to protect cargo, baggage, mail, stores and operators' supplies being moved within an airport and intended for carriage on an aircraft to safeguard such aircraft against an act of unlawful interference. 4.5.2 Each Contracting State shall establish measures to ensure that cargo, courier and express parcels and mail intended for carriage on passenger flights are subjected to appropriate security controls. 4.5.3 Each Contracting State shall establish measures to ensure that operators do not accept consignments of cargo, courier and express parcels or mail for carriage on passenger flights unless the security of such consignments is accounted for by a regulated agent or such consignments are subjected to other security controls to meet the requirements of 4.5.2. 4.5.4 Each Contracting State shall establish measures to ensure that catering supplies and operators' stores and supplies intended for carriage on passenger flights are subjected to appropriate security controls. 4.6 Measures relating to special categories of passengers: 4.6.1 Each Contracting State shall establish measures to ensure that the aircraft operator and the pilot-in-command are informed when passengers are obliged to travel because they have been the subject of judicial or administrative proceedings, in order that appropriate security controls can be applied. 4.6.2 Each Contracting State shall ensure that the pilot-in-command is notified as to the number of armed persons and their scat location. 4.6.3 Each Contracting State shall require operators providing service from that State, to include in their security programmes, measures and procedures to ensure safety on board their aircraft when passengers are to be carried who are obliged to travel because they have been the subject of judicial or administrative proceedings: 4.6.4 Each Contracting State shall ensure that the carriage of weapons on board aircraft, bylaw enforcement officers and other authorized persons, acting in the performance of their duties, requires special authorization in accordance with the laws of the States involved. 4.6.5 Each Contracting State shall consider requests by any other State to allow the travel of armed personnel on board aircraft of operators of the requesting State. Only after agreement by all States involved shall such travel be allowed. 4.6.6 Each Contracting State shall ensure that the carriage of weapons in other cases is allowed only when an authorized and duly qualified person has determined that they are not loaded, if applicable, and then only if stowed in a place inaccessible to any person during flight time. 4.7 Measures relating to access control: 4.7.1 Each Contracting State shall ensure that security restricted areas are established at each airport serving international civil aviation and that procedures and identification systems are implemented in respect of persons and vehicles. 4.7.2 Each Contracting State shall ensure that appropriate security controls, including background checks on persons other than passengers granted unescorted access to security restricted areas of the airport, are implemented. 4.7.3 Each Contracting State shall require that measures are implemented to ensure adequate supervision over the movement of persons and vehicles to and from the aircraft in order to prevent unauthorized access to aircraft. 4.7.4 Recommendation.-Each Contracting State should ensure that identity documents issued to aircraft crew members conform to the relevant specifications set forth in Doc 9303, Machine Readable Travel Documents. 4.7.5 Recommendation.-Each Contracting State should ensure that persons other than passengers being granted access to security restricted areas, together with items carried, are screened at random in accordance with risk assessment carried out by the relevant national authorities. 4.7.6 Recommendation.--Each Contracting State should ensure that checks specified in 4.7.2 be reapplied on a regular basis to all persons granted unescorted access to security restricted areas. Chapter 5. Management Of Response To Acts Of Unlawful Interference: 5.1 Prevention: 5.1.1 Each Contracting State shall establish measures to safeguard aircraft when a well-founded suspicion exists that the aircraft may be subject to an act of unlawful interference while on the ground and to provide as much prior notification as possible of the arrival of such aircraft to airport authorities: 5.1.2 Each Contracting State shall establish procedures, which include notification to the operator, for inspecting aircraft, when a well- founded suspicion exists that the aircraft may be the object of an act of unlawful interference, for concealed weapons, explosives or other dangerous devices. 5.1.3 Each Contracting State shall ensure that arrangements are made for the investigation and disposal, if necessary, of suspected sabotage devices or other potential hazards at airports serving international civil aviation. 5.2 Response: 5.2.1 Each Contracting State shall take adequate measures for the safety of passengers and crew of an aircraft which is subjected to an act of unlawful interference until their journey can be continued. 5.2.2 Each Contracting State responsible for providing air traffic services for an aircraft which is the subject of an act of unlawful interference shall collect all pertinent information on the flight of that aircraft and transmit that information to all other States responsible for the Air Traffic Services units concerned, including those at the airport of known or presumed destination, so that timely and appropriate safeguarding action may be taken en route and at the aircraft's known, likely or possible destination. 5.2.3 Each Contracting State shall provide such assistance to an aircraft subjected to an act of unlawful seizure, including the provision of navigation aids, air traffic services and permission to land as may be necessitated by the circumstances. 5.2.4 Each Contracting State shall take measures, as it may find practicable, to ensure that an aircraft subjected to an act of unlawful seizure which has landed in its territory is detained on the ground unless its departure is necessitated by the overriding duty to protect human life. However, these measures need to recognize the grave hazard attending further flight. States shall also recognize the importance of consultations, wherever practicable, between the State where that aircraft has landed and the State of the Operator of the aircraft, and notification by the State where the aircraft has landed to the States of assumed or stated destination. 5.2.5 Each Contracting State in which an aircraft subjected to an act of unlawful interference has landed shall notify by the most expeditious means the State of Registry of the aircraft and the State of the Operator of the landing and shall similarly transmit by the most expeditious means all other relevant information to: a) the two above-mentioned States; b) each State whose citizens suffered fatalities or injuries; c) each State whose citizens were detained as hostages; d) each Contracting State whose citizens are known to be on board the aircraft; and: e) the International Civil Aviation Organization. 5.2.6 Recommendation--Each Contracting State should ensure that information received as a consequence of action taken in accordance with 5.2.2 is distributed locally to the Air Traffic Services units concerned, the appropriate airport administrations, the operator and others concerned as soon as practicable. 5.2.7 Recommendation.-Each Contracting State should cooperate with other States for the purpose of providing a joint response in connection with an act of unlawful interference. When taking measures in their territory to free passengers and crew members of an aircraft subjected to an act of unlawful interference, each Contracting State should use, as necessary, the experience and capability of the State of the Operator, the State of manufacture and the State of registry of that aircraft. 5.3 Exchange of information and reporting: 5.3.1 Each Contracting State concerned with an act of unlawful interference shall provide ICAO with all pertinent information concerning the security aspects of the act of unlawful interference as soon as practicable after the act is resolved. 5.3.2 Recommendation.-Each Contracting State should exchange information with other States as considered appropriate, at the same time supplying such information to ICAO, related to plans, designs, equipment, methods and procedures for safeguarding civil aviation against acts of unlawful interference. Extracts From Annex 14-Aerodromes, Volume I -Aerodrome Design And Operations: Chapter 3. Physical characteristics: 3.13 Isolated aircraft parking position: 3.13.1 An isolated aircraft parking position shall he designated or the aerodrome control tower shall be advised of an area or areas suitable for the parking of an aircraft which is known or believed to be the subject of unlawful interference, or which for other reasons needs isolation from normal aerodrome activities. 3.13.2 Recommendation.-The isolated aircraft parking position should be located at the maximum distance practicable and in any case never less than 100 m from other parking positions, buildings or public areas, etc. Care should betaken to ensure that the position is not located aver underground utilities such as gas and aviation fuel and, to the ex tent feasible, electrical or communication cables. CHAPTER 5. VISUAL AIDS FOR NAVIGATION: 5.3 Lights: 5.3.21 Apron floodlighting (see also 5.3.15.1 and 5.3.16.1): Application: 5.3.21.1 Recommendation.-Apron floodlighting should be provided on an apron, on a de-icing/anti-icing facility and on a designated isolated aircraft parking position intended to be used a1 night. Note 1. - Where a de-icing/anti-icing facility is located in close proximity to the runway and permanent floodlighting could be confusing to pilots, other means of illumination c f the facility may be required: Note 2. -The designation of an isolated aircraft parking position is specified in 3.13. Note 3. - Guidance on apron floodlighting is given in the Aerodrome Design Manual, Part 4. Chapter 8. Equipment And Installations: 8.1 Secondary power supply: General Application: 8.1.1 Recommendation.-A secondary power supply should be provided, capable of supplying the power requirements of at least the aerodrome facilities listed below: e) essential security lighting, if provided in accordance with 8.5; 8.4 Fencing Application: 8.4.2 Recommendation.-A fence or other suitable barrier should be provided on an aerodrome to deter the inadvertent or premeditated access of an unauthorized person onto a non-public area of the aerodrome. Note 1.-This is intended to include the barring of sewers, ducts, tunnels, etc., where necessary to prevent access. Note 2.-Special measures may be required to prevent the access of an unauthorized person to runways or taxiways which overpass public roads. 8.4.3 Recommendation.-Suitable means of protection should be provided to deter the inadvertent or premeditated access of unauthorized persons into ground installations and facilities essential for the safety of civil aviation located off the aerodrome. Location: 8.4.4 Recommendation.-The fence or barrier should be located so as to separate the movement area and other facilities or zones on the aerodrome vital to the safe operation of aircraft from areas open to public access. 8.4.5 Recommendation.-When greater security is thought necessary, a cleared area should be provided on both sides of the fence or barrier to facilitate the work of patrols and to make trespassing more difficult. Consideration should be given to the provision of a perimeter road inside the aerodrome fencing for the use of both maintenance personnel and security patrols. 8.5 Security lighting: Recommendation--At an aerodrome where it is deemed desirable for security reasons, a fence or other barrier provided for the protection of international civil aviation and its facilities should be illuminated at a minimum essential level. Consideration should be given to locating lights so that the ground area on both sides of the fence or barrier, particularly at access points, is illuminated. Chapter 9. Emergency And Other Services: 9.1 Aerodrome emergency planning: General: Introductory Note.-Aerodrome emergency planning is the process of preparing an aerodrome to cope with an emergency occurring at the aerodrome or in its vicinity. The objective of aerodrome emergency planning is to minimize the effects of an emergency, particularly in respect of saving lives and maintaining aircraft operations. The aerodrome emergency plan sell forth the procedures for coordinating the response of different aerodrome agencies (or services) and of those agencies in the surrounding community that could be of assistance in responding to the emergency. Guidance material to assist the appropriate authority in establishing aerodrome emergency planning is given in the Airport Services Manual Part 7. 9.1.1 An aerodrome emergency plan shall be established at an aerodrome, commensurate with the aircraft operations and other activities conducted al the aerodrome. 9.1.2 The aerodrome emergency plan shall provide for the coordination of the actions to be taken in an emergency occurring at an aerodrome or in its vicinity. Note.-Examples of emergencies are: aircraft emergencies, sabotage including bomb threats, unlawfully seized aircraft, dangerous goods occurrences, building fires and natural disasters. 9.1.3 The plan shall coordinate the response or participation of all existing agencies which, in the opinion of the appropriate authority, could be of assistance in responding to an emergency. Note.-Examples of agencies are: -on the aerodrome: air traffic control unit, rescue and fire fighting services, aerodrome administration, medical and ambulance services, aircraft operators, security services, and police; -off the aerodrome: fire departments, police, medical and ambulance services, hospitals, military, and harbour patrol or coast guard. 9.1.4 Recommendation.-The plan should provide for cooperation and coordination with the rescue coordination centre, as necessary. 9.1.5 Recommendation.-The aerodrome emergency plan document should include at least the following: a) types of emergencies planned for; b) agencies involved in the plan; c) responsibility and role of each agency, the emergency operations centre and the command post, for each type of emergency; d) information on names and telephone numbers of offices or people to be contacted in the case of a particular emergency; and: e) a grid map of the aerodrome and its immediate vicinity. Emergency operations centre and command post: 9.1.7 Recommendation--A fixed emergency operations centre and a mobile command past should be available for use during an emergency. 9.1.8 Recommendation.-The emergency operations centre should be a part of the aerodrome facilities and should be responsible for the overall coordination and general direction of the response to an emergency. 9.1.9 Recommendation.-The command post should be a facility capable of being moved rapidly to the site of an emergency, when required, and should undertake the local coordination of those agencies responding to the emergency. 9.1.10 Recommendation.-A person should be assigned to assume control of the emergency operations centre and, when appropriate, another person the command post. Communication system: 9.1.11 Recommendation.-Adequate communication systems linking the command post and the emergency operations centre with each other and with the participating agencies should be provided in accordance with the plan and consistent with the particular requirements of the aerodrome. Aerodrome emergency exercise: 9.1.12 The plan shall contain procedures for periodic testing of the adequacy of the plan and for reviewing the results in order to improve its effectiveness. Note.-The plan includes all participating agencies and associated equipment: 9.1.13 The plan shall l be tested by conducting: a) a full-scale aerodrome emergency exercise at intervals not exceeding two years; and: b) partial emergency exercises in the intervening year to ensure that any deficiencies found during the full-scale aerodrome emergency exercise have been corrected; and: reviewed thereafter, or after an actual emergency, sons to correct any deficiency found during such exercises or actual emergency. Note.-The purpose of a full-scale exercise is to ensure the adequacy of the plan to cope with different types of emergencies. The purpose of a partial exercise is to ensure the adequacy of the response to individual participating agencies and components of the plan, such as the communications system. [End of section] Appendix III: TSA Security Requirements for U.S.-Based and Foreign Carriers Operating Out of Foreign Airports: Aircraft Operator Standard Security Program: U.S.-based Carriers: The aircraft operator standard security program (AOSSP) is designed to provide for the safety of persons and property traveling on flights against acts of criminal violence and air piracy, and the introduction of explosives, incendiaries, weapons, and other prohibited items on board an aircraft. TSA requires that each air carrier adopt and implement a security program approved by TSA for scheduled passenger and public charter operations at locations within the United States, from the United States to a non-U.S. location, or from a non-U.S. location to the United States, and from a non-U.S. location to a non- U.S. location (for example, an intermediate stop such as Singapore to Tokyo to the United States). The AOSSP developed by TSA and used by U.S.-based carriers is divided into chapters and lays out security requirements for operations. Table 6 summarizes requirements applicable to flights operating from a non-U.S. location to the United States. Table 6: Elements of the Aircraft Operator Standard Security Program Applicable to International Operations: Chapter: Introduction and definitions; Types of requirements: Defines roles and responsibilities for the positions of Ground Security Coordinator, In-flight Security Coordinator, and the Federal Flight Deck Officer. Chapter: Incidents, suspicious activities, and threat information; Types of requirements: Requires procedures for notification of the Transportation Security Operations Center and law enforcement agencies to report incidents and suspicious activities as well as procedures to ensure the security of aircraft upon receipt of specific or credible threats. Chapter: Prescreening procedures and passenger identification checks; Types of requirements: Requires air carriers to implement passenger prescreening on flights to match passenger names against the No-Fly and Selectee screening lists, check of all passenger identification, and control of entry into the sterile area. Chapter: Passengers designated as selectee passengers; Types of requirements: In addition to the above requirements, defines requirements for screening the checked baggage of selectee passengers. Chapter: International flights; Types of requirements: Requires measures specific to checked baggage acceptance, protective escorts, jump seat access, prohibited items, flights departing to a non-U.S. location, flights departing a non-U.S. location, and crew member vetting. Chapter: Cargo security measures; Types of requirements: Requires measures specific to the acceptance of cargo for shipment, cargo screening procedures, accompanied courier consignments, cargo for subsequent transfer to another carrier, control of access to cargo, notification procedures, and cargo security measures at non-U.S. locations. Chapter: Catering security measures; Types of requirements: Requires procedures to ensure security of catering loaded onto a flight, or security at catering facilities. Chapter: Additional requirements at extraordinary locations; Types of requirements: Some locations outside of the United States have been designated by TSA as requiring extraordinary security measures. These measures include items such as aircraft security, passenger prescreening, screening selectee passengers, and the questioning of enplaning passengers. Chapter: Aircraft and area security; Types of requirements: Requires measures to prevent unauthorized access to aircraft, search departing aircraft prior to passengers enplaning, sealing procedures for vehicles transporting checked baggage, access controls to areas such as baggage rooms and other nonpublic areas, and criminal history records check of air carrier employees. Chapter: Training; Types of requirements: Outlines security training requirements for Ground Security Coordinators, In-flight Security Coordinator, crew members, air carrier employees, and authorized representatives. Chapter: Screening; Types of requirements: Outlines requirements for air carriers to conduct additional screening at locations outside of the United States where screening does not meet requirements. Source: TSA. [End of table] Security Directives: * When TSA determines that additional security measures are necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA may issue a Security Directive setting forth mandatory measures. Each air carrier required to have a TSA-approved security program must comply with each Security Directive issued to it by TSA, within the time frame prescribed in the Security Directive for compliance.[Footnote 79] Model Security Program: TSA requires that the security program of a foreign air carrier provide passengers a level of protection similar to the level of protection provided by U.S. air carriers serving the same airports.[Footnote 80] The security program must be designed to prevent or deter the carriage onboard airplanes of any prohibited item, prohibit unauthorized access to airplanes, ensure that checked baggage is accepted only by an authorized agent of the air carrier, and ensure the proper handling of cargo and checked baggage to be loaded onto passenger flights. In addition, carriers are requested to provide an acceptable level of security for passengers by developing and implementing procedures to prevent acts of unlawful interference. TSA's foreign air carrier model security program was prepared to assist foreign airlines in complying with security requirements for operations into and out of the United States. Table 7 summarizes requirements applicable to foreign carriers' flights operating from a non-U.S. location to the United States. Table 7: Elements of the Foreign Air Carrier Model Security Program Applicable to International Operations: Area of requirement: Screening of passengers and carry-on baggage; Description: Sets forth requirements for screening of passengers and their property as well as the transport of armed individuals and weapons. Area of requirement: Checked baggage; Description: Sets forth requirements for accepting, handling, and screening of checked luggage, including restricting access to baggage areas, conducting passenger baggage matches, and the transport of misdirected baggage. Area of requirement: Cargo; Description: Requires procedures be in place to ensure no unauthorized explosives, incendiaries, or dangerous articles or persons are included in cargo. In addition, sets forth requirements to ensure that once cargo is accepted, it is safeguarded to prevent unauthorized access or tampering. Area of requirement: Security of aircraft and facilities; Description: Sets forth requirements for preventing access to aircraft while it is unattended and conducting a search of the aircraft interior prior to boarding. This also includes requirements for authorized personnel to possess and display proper identification. Area of requirement: Addressing and reporting acts of unlawful interference; Description: Requires air carriers to implement procedures to respond to threats of hijacking and bomb threats. In addition it requires that the carrier establish a procedure for reporting threats when they are received. Area of requirement: Contingency planning; Description: Requires air carriers to establish procedures to implement additional security measures (regarding checked baggage, passenger, and carry-on baggage screening, aircraft security, and cargo handling) when conditions warrant. Area of requirement: Training; Description: Sets forth requirements for air carriers to ensure that employees (screeners, crew members, or other air carrier employees) receive adequate training in those security areas for which they have responsibilities. Source: TSA. [End of table] Emergency Amendments: * When TSA determines that additional security measures are necessary to respond to an emergency requiring immediate action with respect to safety in air transportation, it may issue an emergency amendment. An emergency amendment mandates additional actions beyond those in the air carrier's security program. When TSA issues an emergency amendment, it also issues a notice indicating the reasons for the amendment to be adopted. Air carriers are required to comply with emergency amendments immediately.[Footnote 81] [End of section] Appendix IV: U.S. Government Aviation Security Training and Technical Assistance Programs for Foreign Entities: Department of State: Anti-Terrorism Assistance Program: Program Background: The State Department's Anti-Terrorism Assistance (ATA) program seeks to provide partner countries the training, equipment, and technology they need to combat terrorism and prosecute terrorists and terrorist supporters. The Anti-Terrorism Assistance program was established in 1983. Program Selection: Selection of Countries: Countries must meet at least one of the four following criteria to participate in the ATA program: * The country or region must be categorized as having a critical or high threat of terrorism and unable to protect U.S. facilities and personnel within the country: * There are important U.S. policy interests with the prospective country, which may be supported through the provision of antiterrorism assistance. For example, officials in one country received assistance through the ATA program because they allowed the United States to establish air bases in their country. * The prospective country must be served by a U.S. air carrier, or is the last point of departure for flights to the United States. * The prospective country cannot be engaged in gross human rights violations. Determination of Type of Training: The State Department determines whether and what training and assistance to provide countries based on needs assessments done by State Department personnel along with a team of interagency subject matter experts. The assessment team evaluates prospective program participants using 25 Antiterrorism Critical Capabilities. Program officials stated that the assessment is a snapshot of the country's antiterrorism capabilities, including equipment, personnel, and available training. ATA program officials stated that the assessment includes a review at several levels, including tactical capabilities (people and resources), operational management capabilities (overall management and ability), and strategic capabilities. Two of the 25 capabilities reviewed during the needs assessments are related to aviation security. Those are Airspace Security and Air Port of Entry Security. The first is an assessment of how a country controls what goes through its airspace. The second is an assessment of security at the country's main airport. According to program officials, when doing an assessment, the ATA team will usually visit the busiest airport within the country to examine the operational security of the airport and assesses training provided to airport security management. Antiterrorism Critical Capabilities: Land Border Security: Land Port of Entry Security: Maritime Border Security: Maritime Port of Entry Security: Air Space Security: Airport of Entry Security: Critical Infrastructure Protection: National Leadership Security: Diplomatic Community Security: Preventative Intelligence: National Level Major Incident Command and Control: Police Special Operations: Explosive Incidents Countermeasures: Mass Casualty Incident Management: Kidnapping/Hostage Incident Management: Police Investigative Capability: Post Blast Investigations: Mass Casualty Incident Management: Crime Science and Evidence Management: Forensic Examination and Analysis: Financial Investigations: Prosecutorial Capability: Critical Digital Infrastructure Security: Cyber Crime Investigations: Institutionalization of Anti/Counter Terrorism Training: Program Assistance: The results of the needs assessments determine what type of assistance the State Department will offer to countries participating in the ATA program. The various types of training and assistance offered through the program include crisis management and response, cyber-terrorism, dignitary protection, bomb detection, border control, kidnap intervention and hostage negotiation and rescue, response to incidents involving weapons of mass destruction, counter terrorist finance, interdiction of terrorist organizations, and airport security. During fiscal year 2005, 146 countries received antiterrorism training through the ATA program; 7 countries received training for aviation security. The ATA program offers one course in aviation security, "Airport Security Management." This is a 1-week seminar that is generally taught in-country. According to State Department officials, TSA employees teach the course. State Department officials stated that this course helps countries to meet internationally recognized aviation security standards established by ICAO. State Department officials stated that while most countries' officials know about ICAO, and can obtain ICAO manuals and standards, many of the countries do not have the resources or equipment to operationalize ICAO standards. State Department officials stated that the ATA program offers countries the resources to implement ICAO standards. Recipient Countries: For fiscal year 2005, aviation security training was provided to 7 countries through the ATA program, Philippines ($94,723), Kazakhstan ($98,200), Bahamas ($95,000), Barbados ($45,900), Dominican Republic ($45,900), Qatar ($98,046), and United Arab Emirates ($95,000). Relationship to TSA: TSA employees teach in-country aviation security training to foreign officials through the ATA program. In addition, ATA uses TSA staff as subject matter experts when performing needs assessments. U.S. Trade and Development Agency: Program Background: The U.S. Trade and Development Agency (USTDA) works to advance economic development and U.S. commercial interests in developing and middle- income countries. The agency funds various forms of technical assistance, training, and business workshops to support the development of a modem infrastructure and a fair and open trading environment. USTDA's use of foreign assistance funds to support sound investment policy and decision making in host countries is intended to create an enabling environment for trade, investment, and sustainable economic development. In carrying out its mission, USTDA gives emphasis to economic sectors that may benefit from U.S. exports of goods and services. For example, according to USTDA, the agency obligated approximately 24 percent of its program funding in support of transportation sector projects. More specifically, according to USTDA, 5.6 percent of the agency's budget is obligated toward projects in the aviation security sector. The general goals of USTDA's work in the aviation security field are to help foreign airports achieve "Category I" status (the FAA classification for an airport that meets minimum safety standards, which allows foreign air carriers to fly from their country of origin directly to the United States), to help countries prepare to pass and adhere to ICAO standards, and to offer training to increase aviation security. Selection of Projects: According to USTDA, assistance projects and recipients are selected within the framework of USTDA's development and commercial mandate. Generally, projects are not selected based strictly on security (i.e., not selected based on threat) but on the likelihood of a country implementing the recommended actions to obtain greater aviation safety and security. USTDA projects are developed through consultations by USTDA staff and U.S. and foreign embassies, foreign officials (public or private) that have decision-making authority to implement the assistance project, or U.S. industry officials that identify a need for assistance. According to USTDA, when developing the project, the agency evaluates a number of factors, including the priority the government places on the project and if the entity has the technical capability to implement the project. According to USTDA, this evaluation is conducted in order to ensure that U.S. taxpayers' dollars are wisely used on projects that will help strengthen a foreign countries' ability to transport passengers and goods to the United States. After an initial evaluation by USTDA staff, USTDA employs a technical expert to conduct an independent evaluation of the proposed assistance project. That technical evaluation can take two forms: a Desk Study or a Definitional Mission. The Desk Study is completed for proposals where sufficient information is provided that allows for a technical expert to make an informed decision as to whether or not USTDA should fund the project. If the project proposal does not contain sufficient detail to evaluate without conducting a field site visit, USTDA then employs a small business contractor--or consultant--to conduct a Definitional Mission, which, according to USTDA, costs between $25,000 and $40,000. The consultant undertaking the Definitional Mission takes 1 to 2 weeks to meet with the stakeholders in the foreign country, including the potential grant recipients, in order to review project ideas and generate additional project opportunities. Upon return from the site visits, the consultant prepares a report for USTDA on the findings of the Definitional Mission. According to USTDA, consultants typically assess more than one proposed assistance project at a time when in the field. To avoid conflicts of interest, the consultant that undertakes the Definitional Mission is prohibited from participating in any of the follow-on work, including the early investment analysis or training recommended in the report. Program Assistance: Early Investment Analysis: Early investment analysis is the main form of USTDA assistance. According to USTDA, the cost of such assistance typically ranges from $100,000 to $500,000. These technical assistance programs may take from 6 to 18 months to complete. The studies are undertaken by U.S. consulting firms under a grant program and are intended to evaluate the technical, financial, environmental, legal, and other critical aspects of infrastructure development projects that are of interest to potential lenders and investors. Host country project sponsors select the U.S. companies, normally through open competitions. Annex 17 Workshops: USTDA organizes Annex 17 workshops to help bring developing countries into compliance with ICAO Annex 17. These workshops are designed to give countries assistance before ICAO inspections so that they meet minimum standards and pass inspections. According to USTDA, the workshops suggest ways that relatively poor countries can meet ICAO standards with a low level of technological sophistication. According to USTDA, the workshops focus on enhancing training and improving human resources related to aviation security. Recipients: According to USTDA, for fiscal year 2005, the agency awarded Chile ($359,000), Haiti ($150,000), Iraq ($243,000), Malaysia ($100,000), Tanzania ($371,000), Ukraine ($625,000), West Africa Regional Training ($353,000) and Worldwide Aviation Security training ($596,000) grant assistance in the aviation security sector. Participation by TSA: USTDA consults with TSA on an ongoing basis. USTDA used TSA personnel as instructors for the Annex 17 workshops. Department of Transportation--Safe Skies for Africa Program: Background: The Department of Transportation (DOT) manages the Safe Skies for Africa presidential initiative (Safe Skies), which started in 1998. Safe Skies is a technical program that assists participating countries in meeting international aviation safety and security standards. According to DOT officials, Safe Skies is a small program with an annual budget--including operating and administrative costs--between $1 million and $3 million. According to DOT officials, approximately one- fourth of the Safe Skies budget goes toward aviation security. Funding for Safe Skies is provided by the State Department and the U.S. Agency for International Development (USAID). Selection of Participants: The original Safe Skies participants were selected in 1998 by an interagency committee made up of Department of Defense, Department of Transportation, State Department, and the U.S. Trade and Development Agency. The committee held a series of meetings to consider priority lists created by each agency, cables exchanged with U.S. embassies across sub-Saharan Africa, and responses to questionnaires sent to various states. The committee selected countries that it believed had the highest likelihood of successfully complying with international aviation safety and security standards set by ICAO and requirements set by the Federal Aviation Administration (FAA) and TSA. The committee also considered U.S. trade interests and regional diversity issues. In the end, countries from across sub-Saharan Africa were selected to participate in the program. Since 1998 only two countries have been added to the list of Safe Skies participants. Both Uganda and Djibouti became Safe Skies countries after President Bush announced the East Africa Counterterrorism Initiative in 2003.[Footnote 82] Program Assistance: General: All Safe Skies countries receive some degree of aid, with priority going to those countries that demonstrate political will. DOT gauges political will based on consultations with embassies and TSA and whether a country implements recommended safety and security practices. The Administration's priorities are communicated through the State Department. According to DOT, all participants except Zimbabwe have had aviation security, safety, and air navigation surveys of their civil aviation systems performed at their airports by U.S. government subject -matter experts. Equipment: Since September 11, 2001, the State Department has provided $5 million in additional resources for DOT to provide security equipment to Safe Skies countries. DOT officials stated that they worked with their TSA (formerly FAA security) colleagues to perform site visits to help agency officials determine country-specific security equipment needs for the screening of passengers and baggage. Security Advisor: According to DOT, Safe Skies has an East Africa aviation security advisor stationed in Nairobi, Kenya to provide direct advice and technical assistance to Djibouti, Kenya, Tanzania, and Uganda in meeting ICAO standards and to assist these states in addressing potential threats to civil aviation. Recipients[Footnote 83] According to DOT, fiscal year 2005 recipients of Safe Skies assistance were Angola, Cameroon, Cape Verde,[Footnote 84] Djibouti, Kenya, Mali, Namibia, Tanzania, and Uganda. Collaboration with TSA: TSA and DOT responsibilities are laid out in a 2004 TSA-DOT memorandum of agreement. Under this agreement, TSA provides advice, technical assistance, and training through the TSA Enforcement Academy, in addition to providing an aviation security advisor to Safe Skies. These activities are funded by DOT, with funds that were appropriated to USAID and transferred to DOT for the purposes of implementing Safe Skies. TSA also works in partnership with DOT to prioritize recipient countries based on need. Department of State--Bureau of International Narcotics and Law Enforcement Affairs--Organization of American States Inter-American Committee against Terrorism: Background: The Bureau of International Narcotics and Law Enforcement Affairs (INL) of the Department of State has a program under way aimed at combating alien smuggling and improving border security. The part of the program relating to border security contains elements relating to maritime security and airport security. These efforts are undertaken in cooperation with the Organization of American States' (OAS) Inter- American Committee against Terrorism (CICTE). The INL-OAS efforts began with maritime security and were broadened to include aviation security in 2003. Selection of Participants: INL officials worked with CICTE officials to select the appropriate OAS member countries to receive training. As of August 2006, the aviation security effort under way was focused on Caribbean nations, and fiscal year 2006 funding was also intended to provide funding for some Central and South American nations. Roughly $264,000 was spent in 2004, $187,110 in 2005, and $236,610 in 2006 on aviation security. Program Assistance: INL funds pay for aviation security training courses, and the courses are taught by TSA officials. These training courses are aimed at helping countries to develop national civil aviation security programs and other essential plans based on the ICAO standards as well as crisis management. INL funds were used to pay for national development workshops for Caribbean countries. These workshops were taught by TSA staff who spent 1 week in each Caribbean country. While in country, TSA representatives reviewed the country's security program, looked for deficiencies within the security program, and attempted to build a program that would resolve the deficiencies they identified. According to OAS, participants in these workshops identified recommendations to improve aviation security and combat terrorism and submitted the recommendations to their respective governments. The workshops addressed enhancements to the national security program, national legislation, oversight, national security committees, and program approval processes. According to OAS, in 2006, these workshops took place in Antigua and Barbuda, Bahamas, Belize, Dominican Republic, Grenada, Guyana, Jamaica, St. Kitts and Nevis, and St. Vincent and the Grenadines. According to OAS, starting in September 2006, this program began functioning in Central America, where national development workshops were planned to take place in Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, and Panama. According to OAS, in addition to the national development workshops, this program also offers a 5-day crisis management workshop for midlevel to senior-level aviation management and other government officials. INL, through CICTE, also funds aviation security courses that are taught by ICAO instructors. Recipient Countries: According to OAS, the recipient countries of CICTE-sponsored aviation security training for calendar year 2006 were Antigua and Barbuda, Bahamas, Barbados, Belize, Bolivia, Columbia, Costa Rica, Dominican Republic, El Salvador, Grenada, Guatemala, Guyana, Honduras, Jamaica, Nicaragua, Panama, Paraguay, Peru, St. Kitts and Nevis, St. Lucia, St. Vincent and the Grenadines, Trinidad and Tobago, and Uruguay.[Footnote 85] TSA Participation: TSA officials are the instructors for the on-site workshops. CICTE established an memorandum of agreement with TSA, and discussed the best approach for helping OAS members develop a long-term international aviation security program. CICTE and TSA decided that in-country, on- the-ground visits would be the best approach, since these allow CICTE and TSA to see which problems are present. Department of State--Western Hemisphere Affairs--Organization of American States--Inter-American Committee against Terrorism: Background: According to OAS, during the fourth quarter of 2006, CICTE received grant funding to provide aviation security training courses for the nine countries that will host the 2007 Cricket World Cup. Program Assistance: According to OAS, grant funding was used to support two aviation security training courses--the Basic Security Training Course and the Aviation Security Training Course. The Basic Security Training Course is a 7-day course focused on improving aviation security screeners' ability to detect threat items using X-ray machines, metal detection portals, physical search techniques, and explosive trace detection technologies. According to OAS, the Aviation Security Training Course is a 9-day course that addresses concepts and principles of managing aviation security operations within the unique environment of an international airport. Course content is also based on ICAO standards and recommended practices and focused on the protection of passengers, crew, ground personnel, the general public, the aircraft, and airport facilities. According to OAS, practical exercises are used to reinforce classroom learning. This course provided training to midlevel managers and supervisors who are responsible for aviation security program planning, oversight, and operations. According to OAS, TSA instructors train these officials in identifying vulnerabilities at their airports, developing preventive measures, and allocating resources to handle the flow of passengers while maintaining adequate security. Recipient Countries: The recipient countries for calendar year 2006 and the first half of 2007 are Antigua and Barbuda, Grenada, Guyana, Jamaica, St. Kitts and Nevis, and St. Lucia. Department of Justice-International Criminal Investigative Training and Assistance Program: Background: The Department of Justice's (DOJ) International Criminal Investigative Training Assistance Program (ICITAP) aims to develop law enforcement agencies and systems. Training is only one component of ICITAP's holistic approach to this mission. ICITAP has an ongoing relationship with the Department of State to offer various types of training. Since 2000, ICITAP facilitated Department of State-initiated aviation security training in Ghana and the Dominican Republic, and conducted an assessment in Benin. Selection of Participants: The Department of Justice's involvement can begin when a foreign government makes a request to the U.S. embassy for training to rectify perceived weaknesses in aviation security. The embassy then collaborates with DOJ to put together a proposal for action, which is then sent to the Department of State's Bureau of International Narcotics and Law Enforcement. INL attempts to obtain a country- specific appropriation for the project, and alerts DOJ as to whether funding is available. According to DOJ, INL sometimes targets certain countries for assistance and then asks ICITAP to prepare proposals and budgets to support training activities and technical assistance to improve law enforcement capacity in the host countries. Program Assistance: ICITAP assistance included on-site aviation security needs assessments, with ICITAP serving as facilitator and current and former TSA (previously FAA) employees performing the aviation security needs assessments. The assessment was based on standards laid out in ICAO Annex 17. The assessment attempted to broadly gauge the adequacy of the available security systems and each country's ability to manage the systems. Recipients: As of February 2007, the most recent recipients are Benin ($79,500 in 2002),[Footnote 86] Ghana ($79,500 in 2002), and the Dominican Republic ($32,000 in 2003). In 2003, as a result of information gathered from TSA's foreign airport assessment report, ICITAP provided drug interdiction training to customs officials in Ghana stationed at the airport. According to DOJ, INL granted $79,500 each to Ghana and Benin for the purpose of providing airport security training. TSA Participation: Former and current TSA officials have conducted needs assessments and provided training to foreign officials through ICITAP. [End of section] Appendix V: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: April 13, 2007: Ms. Cathleen A. Berrick: Director, Homeland Security and Justice Issues: U. S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Ms. Berrick: Thank you for the opportunity to comment on GAO's report entitled, Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These G forts Can be Strengthened, GAO-07-392SU. We appreciate the analysis GAO has conducted over the past 16 months, which reflects the positive aspects and impact of the Transportation Security Administration (TSA) Foreign Airport Assessment Program (FAAP). TSA generally concurs with GAO's report and recommendations. The Aviation and Transportation Security Act (ATSA) delegates to TSA the FAAP, which requires an assessment of the security of foreign airports served by United States (U.S.) air carriers and foreign air carriers that serve the U.S., as outlined by the Foreign Airport Security Act o^ 1985.[Footnote 87] TSA is responsible for securing all modes of transportation, including the protection of persons and property aboard aircraft operating in international air transportation against acts of criminal violence and aircraft piracy. To this end, TSA assesses the effectiveness of security measures at foreign airports based on the aviation security standards and recommended practices adopted by the International Civil Aviation Organization (ICAO). While TSA is authorized under U.S. law to conduct foreign airport assessments al intervals it considers necessary, TSA may not perform an assessment of security measures at a foreign airport without the permission of the host government. Accordingly, TSA aims to enhance foreign relations, through global and regional outreach to the transportation industry. On a global scale, TSA meets regularly with the International Air Transport Association (IATA) to discuss, most notably, harmonization of aviation security measures. Outreach to the aviation industry on a regional level has been established through the Association of European Airlines (AEA) in Europe; Association of Asia Pacific Airlines (AAPA) and Association of South Pacific Airlines (ASPA) in Asia-Pacific; and Association of Latin American Airlines (ALTA) in the Caribbean and South America. TSA also works with the U.S. Department of State and its embassies worldwide, to foster inter- governmental cooperation and coordination. TSA conducts security inspections of foreign and U.S.-based air carriers that provide service to the United States from foreign countries to ensure compliance with applicable security requirements, including those set forth in the air carriers' TSA-approved security programs. The continued threat against U.S. aviation is clearly demonstrated by the Richard Reid incident on an American Airlines flight from Paris Charles De Gaulle in November 2001; the alleged threat (Flights of Interest) to U.S.-bound British and French flights from London Heathrow and Paris Charles De Gaulle in December 2003; and, more recently, the alleged terrorist plot to detonate liquid explosives onboard multiple aircraft departing from the United Kingdom to the United States in the summer of 2006. These threats reflect the critical need to determine whether international security standards are implemented at all last points of departure to the United States as required by the Foreign Airport Security Act of 1985. In 2005, TSA began developing a tracking system to better determine the total numbers of airport assessments and air carrier inspections conducted during a fiscal year. TSA has further refined this tracking system to record and monitor the reasons why assessments or inspections are deferred. In concert with this system, TSA is utilizing a risk- based methodology to schedule assessments and inspections. TSA's recent activities include exploring an automated means of capturing its foreign airport assessment data to track deficiencies identified, corrective actions recommended, and the resulting actions taken by the entities assessed. This comprehensive tracking system will better promote outcome-based performance measures to determine the impact of TSA's assessment program. The recommendations provided by GAO will help strengthen TSA's oversight of foreign airport assessments and air carrier inspections. We generally concur with the recommendations and have already taken steps to address some of them. What follows are TSA's specific responses to the recommendations contained in GAO's report. Recommendations 1 and 2: Develop controls to track the status of scheduled foreign airport assessments from initiation through completion, including the reasons why assessments were deferred or cancelled; and develop controls to track the status of scheduled air carrier inspections from initiation through completion, including the reasons why inspections were deferred or cancelled, as well as the final disposition of any investigations that result from air carrier inspections. TSA Response: TSA concurs with these recommendations and will continue to enhance its system to track the status of scheduled foreign airport assessments and air carrier inspections from initiation through completion. This tracking system records the dates of past airport assessments and air carrier inspections, projected dates of future assessments and inspections, as well as other foreign airport and air carrier information useful for program managers. This tracking system also incorporates TSA's risk- based methodologies employed in October 2006. Further, the enhanced tracking system will reflect the reasons why airport assessments or air carrier inspections were deferred or cancelled to ensure that scheduled assessments and inspections are actually conducted. TSA intends to further refine the system to better track both historical information and current inspection information as they relate to air carrier inspections conducted in a given year. In reference to the final disposition of air carrier investigations, the TSA Office of Chief Counsel currently documents the final disposition of air carrier investigations that result in referrals for legal enforcement action. The final legal dispositions of such cases are recorded in TSA's Performance and Results Information System (PARIS) when the TSA attorney closes the case. TSA will enhance the PARIS database to ensure that inspection activities are linked to investigations, so that any enforcement actions are properly associated and comprehensive enforcement information is readily available. Recommendation 3: Develop a standard process for tracking and documenting host governments' progress in addressing security deficiencies identified during TSA airport assessments. TSA Response: TSA concurs and is currently developing a process through which security concerns noted during airport assessments will be tracked with fields identifying airport-and deficiency-specific data, deadlines, and current status and resolution. Completed items will be archived to allow for trend analysis and provide an historical understanding of each airport's security posture from one assessment to the next. Recommendations 4 and 5: Develop outcome-oriented performance measures to evaluate the impact TSA assistance has on improving foreign airport compliance with ICAO standards; and develop outcome-oriented performance measures to evaluate the impact TSA assistance and enforcement actions have on improving air carrier compliance with TSA security, requirements. TSA Response: TSA concurs with these recommendations because TSA recognizes the importance of monitoring and documenting the results of its efforts; however, TSA believes the outcome-based performance measures should be structured in a way that recognizes the collaborative nature of the process. TSA is in the planning stages of developing an outcome-based performance model using a risk-based methodology for conducting foreign airport assessments and air carrier inspections. Elements under consideration for inclusion include: numbers of assessments conducted and when; ICAO standards and other security items identified as deficient; corrective actions recommended; TSA assistance provided; coordinated assistance arranged through third parties; and lastly, the corrective actions achieved. In coordination with the Transportation Security Administration Representatives (TSAR), TSA will develop key performance targets and corresponding metrics that will inform the assessment/inspection planning process and assist in the implementation of corrective measures for foreign airport and air carrier compliance and follow-up thereto. Regular analysis and review of the process, data recorded, and metrics produced will allow TSA to better measure the effectiveness and efficiency of these programs. Thank you again for the opportunity to comment on this draft report and we look forward to working with you on future homeland security issues. Sincerely, Signed by: Steven J. Pecinovsky: Director: Departmental GAO/OIG Liaison Office: [End of section] Appendix VI: GAO Contacts and Staff Acknowledgments: GAO Contacts: Cathleen A. Berrick, (202) 512-3404 or berrickc@gao.gov: Acknowledgments: In addition to the person named above, Maria Strudwick, Assistant Director; Amy Bernstein; Kristy Brown; Alisha Chugh; Emily Hanawalt; Christopher Jones; Stanley Kostyla; Kyle Lamborn; Thomas Lombardi; Jeremy Manion; and Linda Miller made key contributions to this report. [End of section] Related Products: Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened. GAO-07-660. Washington, D.C.: April 30, 2007. Aviation Security: TSA's Change to its Prohibited Items List Has Not Resulted in Any Reported Public Safety Incidents, but the Impact of the Change on Screening Operations is Uncertain. GAO-07-623R. Washington, D.C.: April 25, 2007. Aviation Security: Risk, Experience, and Customer Service Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved. GAO-07-634. Washington, D.C.: April 16, 2007. Aviation Security: TSA's Staffing Allocation Model Is Useful for Allocating Staff among Airports, but Its Assumptions Should Be Systematically Reassessed. GAO-07-299. Washington, D.C.: Feb. 28, 2007. Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains. GAO-07-448T. Washington, D.C.: Feb. 13, 2007. Aviation Security: TSA Oversight of Checked Baggage Screening Procedures Could Be Strengthened. GAO-06-869. Washington, D.C.: Jul. 28, 2006. Aviation Security: TSA Has Strengthened Efforts to Plan for the Optimal Deployment of Checked Baggage Screening Systems but Funding Uncertainties Remain. GAO-06-875T. Washington, D.C.: June 29, 2006. Aviation Security: Management Challenges Remain for the Transportation Security Administration's Secure Flight Program. GAO-06-864T. Washington, D.C.: June 14, 2006. Aviation Security: Further Study of Safety and Effectiveness and Better Management Controls Needed if Air Carriers Resume Interest in Deploying Less than Lethal Weapons. GAO-06-475. Washington, D.C.: May 26, 2006. Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain. GAO-06-371T. Washington, D.C.: Apr. 4, 2006. Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain. GAO-06-597T. Washington, D.C.: Apr. 4, 2006. Aviation Security: Progress Made to Set Up Program Using Private-Sector Airport Screeners, but More Work Remains. GAO-06-166. Washington, D.C.: Mar. 31, 2006. Aviation Security: Significant Management Challenges May Adversely Affect Implementation of the Transportation Security Administration's Secure Flight Program. GAO-06-374T. Washington, D.C.: Feb. 9, 2006. Aviation Security: Federal Air Marshal Service Could Benefit from Improved Planning and Controls. GAO-06-203. Washington, D.C.: Nov. 28, 2005. Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security. GAO-06-76. Washington, D.C.: Oct. 17, 2005. Transportation Security Administration: More Clarity on the Authority of Federal Security Directors Is Needed. GAO-05-935. Washington, D.C.: Sept. 23, 2005. Aviation Security: Flight and Cabin Crew Member Security Training Strengthened, but Better Planning and Internal Controls Needed. GAO-05- 781. Washington, D.C.: Sept. 6, 2005. Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information During Secure Flight Program Testing in Initial Privacy Notes, but Has Recently Taken Steps to More Fully Inform the Public. GAO-05-864R. Washington, D.C.: July 22, 2005. Aviation Security: Better Planning Needed to Optimize Deployment of Checked Baggage Screening Systems. GAO-05-896T. Washington, D.C.: July 13, 2005. Aviation Security: Screener Training and Performance Measurement Strengthened, but More Work Remains. GAO-05-457. Washington, D.C.: May 2, 2005. Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed. GAO-05-356. Washington, D.C.: Mar. 28, 2005. Aviation Security: Systematic Planning Needed to Optimize the Deployment of Checked Baggage Screening Systems. GAO-05-365. Washington, D.C.: Mar. 15, 2005. Aviation Security: Measures for Testing the Effect of Using Commercial Data for the Secure Flight Program. GAO-05-324. Washington, D.C.: Feb.23, 2005. Transportation Security: Systematic Planning Needed to Optimize Resources. GAO-05-357T. Washington, D.C.: Feb.15, 2005. Aviation Security: Preliminary Observations on TSA's Progress to Allow Airports to Use Private Passenger and Baggage Screening Services. GAO- 05-126. Washington, D.C.: Nov.19, 2004. General Aviation Security: Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success. GAO-05-144. Washington, D.C.: Nov. 10, 2004. Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls. GAO-04-728. Washington, D.C.: Jun. 4, 2004. Transportation Security Administration: High-Level Attention Needed to Strengthen Acquisition Function. GAO-04-544. Washington, D.C.: May 28, 2004. Aviation Security: Challenges in Using Biometric Technologies. GAO-04- 785T. Washington, D.C.: May 19, 2004. Nonproliferation: Further Improvements Needed in U.S. Efforts to Counter Threats from Man-Portable Air Defense Systems. GAO-04-519. Washington, D.C.: May 13, 2004. Aviation Security: Private Screening Contractors Have Little Flexibility to Implement Innovative Approaches. GAO-04-505T. Washington, D.C.: Apr. 22, 2004. Aviation Security: Improvement Still Needed in Federal Aviation Security Efforts. GAO-04-592T. Washington, D.C.: Mar. 30, 2004. Aviation Security: Challenges Delay Implementation of Computer- Assisted Passenger Prescreening System. GAO-04-504T. Washington, D.C.: Mar. 17, 2004. Aviation Security: Factors Could Limit the Effectiveness of the Transportation Security Administration's Efforts to Secure Aerial Advertising Operations. GAO-04-499R. Washington, D.C.: Mar. 5, 2004. Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges. GAO-04-385. Washington, D.C.: Feb. 13, 2004. Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations. GAO-04-440T. Washington, D.C.: Feb. 12, 2004. The Department of Homeland Security Needs to Fully Adopt a Knowledge- based Approach to Its Counter-MANPADS Development Program. GAO-04-341R. Washington, D.C.: Jan. 30, 2004. Aviation Security: Efforts to Measure Effectiveness and Strengthen Security Programs. GAO-04-285T. Washington, D.C.: Nov. 20, 2003. Aviation Security: Federal Air Marshal Service Is Addressing Challenges of Its Expanded Mission and Workforce, but Additional Actions Needed. GAO-04-242. Washington, D.C.: Nov. 19, 2003. Aviation Security: Efforts to Measure Effectiveness and Address Challenges. GAO-04-232T. Washington, D.C.: Nov. 5, 2003. Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining. GAO-03-1173. Washington, D.C.: Sept. 24, 2003. Aviation Security: Progress since September 11, 2001, and the Challenges Ahead. GAO-03-1150T. Washington, D.C.: Sept. 9, 2003. Transportation Security: Federal Action Needed to Enhance Security Efforts. GAO-03-1154T. Washington, D.C.: Sept. 9, 2003. Transportation Security: Federal Action Needed to Help Address Security Challenges. GAO-03-843. Washington, D.C.: Jun. 30, 2003. Federal Aviation Administration: Reauthorization Provides Opportunities to Address Key Agency Challenges. GAO-03-653T. Washington, D.C.: Apr. 10, 2003. Transportation Security: Post-September 11th Initiatives and Long-Term Challenges. GAO-03-616T. Washington, D.C.: Apr. 1, 2003. Airport Finance: Past Funding Levels May Not Be Sufficient to Cover Airports' Planned Capital Development. GAO-03-497T. Washington, D.C.: Feb. 25, 2003. Transportation Security Administration: Actions and Plans to Build a Results-Oriented Culture. GAO-03-190. Washington, D.C.: Jan. 17, 2003. Aviation Safety: Undeclared Air Shipments of Dangerous Goods and DOT's Enforcement Approach. GAO-03-22. Washington, D.C.: Jan. 10, 2003. Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System. GAO-03-344. Washington, D.C.: Dec. 20, 2002. Aviation Security: Registered Traveler Program Policy and Implementation Issues. GAO-03-253. Washington, D.C.: Nov. 22, 2002. Airport Finance: Using Airport Grant Funds for Security Projects Has Affected Some Development Projects. GAO-03-27. Washington, D.C.: Oct. 15, 2002. Commercial Aviation: Financial Condition and Industry Responses Affect Competition. GAO-03-171T. Washington, D.C.: Oct. 2, 2002. Aviation Security: Transportation Security Administration Faces Immediate and Long-Term Challenges. GAO-02-971T. Washington, D.C.: Jul. 25, 2002. Aviation Security: Information Concerning the Arming of Commercial Pilots. GAO-02-822R. Washington, D.C.: Jun. 28, 2002. Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations. GAO-01-1171T. Washington, D.C.: Sept. 25, 2001. Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.: Sept. 21, 2001. Homeland Security: A Framework for Addressing the Nation's Efforts. GAO- 01-1158T. Washington, D.C.: Sept. 21, 2001. Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.: Sept. 20, 2001. Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in Aviation Security. GAO-01-1166T. Washington, D.C.: Sept. 20, 2001. FOOTNOTES [1] See 49 U.S.C § 114(d). [2] ICAO was formed following the 1944 Convention on International Civil Aviation (also known as the Chicago Convention). In 1947, ICAO became a specialized agency of the United Nations. A primary objective of ICAO is to provide for the safe, orderly, and efficient development of international civil aviation. There are currently 189 signatory nations to the ICAO convention, including the United States. Nations that are members to the ICAO convention agree to cooperate with other member states to meet standardized international aviation security measures. The international aviation security standards and recommended practices are detailed in Annex 17 to the Convention on International Civil Aviation adopted by ICAO. [3] Domestic and foreign air carriers that operate to, from, or within the United States must establish and maintain security programs approved by TSA in accordance with requirements set forth in regulation at 49 C.F.R. parts 1544 and 1546. See 49 U.S.C. §§ 44903 44906. In conducting air carrier inspections, TSA may consider compliance with air carriers' TSA-approved security programs as well as any applicable laws, regulations, security directives, and emergency amendments. See 49 C.F.R. §§ 1544.3 1546.3. [4] An air carrier station refers to those locations at an airport where an air carrier conducts its operations. [5] Complete foreign airport assessment and air carrier inspection results for fiscal year 2006 were not available when we initiated our review. [6] TSA's international field offices are located in Dallas, Frankfurt, Los Angeles, Miami, and Singapore. [7] FSDs are the ranking TSA authorities responsible for the leadership and coordination of TSA security activities at commercial airports in the United States. [8] APEC is a multilateral organization that aims to sustain economic growth in the Asia-Pacific region through a commitment to open trade, investment, and economic reform. APEC's transportation subgroups work to achieve a balance between trade and security issues related to the operation of regional transportation systems. AEA represents more than 30 airlines and works in partnership with stakeholders in the aviation industry to ensure the sustainable growth of the European airline industry in a global context. ECAC, created in 1955, currently has 42 members and seeks to promote aviation safety, security, and economic development of its members. One way ECAC contributes to this effort is by conducting audits of airports and air carriers when requested to do so by a country in accordance with aviation security standards agreed upon by ECAC members. IATA is composed of over 260 airlines and aims to help airlines simplify processes and increase passenger convenience while reducing costs and improving efficiency. [9] According to TSA's Foreign Airport Assessment Program Standard Operating Procedures, if security concerns and deficiencies identified by TSA during assessments are considered "not serious enough for secretarial action (e.g., the measure barely satisfies the minimum international standard and could be improved)," TSA may develop an action plan for addressing these deficiencies without seeking a determination for further action from the Secretary of Homeland Security. [10] Specific details regarding the nature of security deficiencies TSA identified during air carrier inspections are sensitive security information and are not discussed in this report. [11] The number of enforcement actions is not equal to the number of violations identified because TSA can issue one enforcement action for multiple violations, and TSA could not readily identify what action, if any, was taken for some violations. [12] The specific details of the catering cart security deficiency identified by TSA inspectors are sensitive security information and, therefore, are not discussed in this report. [13] See Pub. L. No. 107-71, 115 Stat. 597 (2001). [14] 49 U.S.C. § 44907. Prior to the establishment of DHS in March 2003, authority for conducting foreign airport assessments resided with the Secretary of Transportation. Although assessments were originally conducted by the Federal Aviation Administration, TSA assumed responsibility for conducting the assessments following the enactment of the Aviation and Transportation Security Act in November 2001. In March 2003, TSA transferred from the Department of Transportation to DHS. [15] See 49 U.S.C. § 44907(d)-(e). [16] Domestic and foreign air carriers that operate to, from, or within the United States must establish and maintain security programs approved by TSA in accordance with requirements set forth in regulation at 49 C.F.R parts 1544 and 1546. See 49 U.S.C §§ 44903 44906. Prior to TSA being established in February 2002, the Federal Aviation Administration conducted these air carrier inspections. [17] International aviation security standards and recommended practices are detailed in Annex 17 and Annex 14 to the Convention on International Civil Aviation, as adopted by ICAO. An ICAO standard is a specification for the safety or regularity of international air navigation, with which member states agree to comply; whereas, a recommended practice is any desirable specification for safety, regularity, or efficiency of international air navigation, with which member states are strongly encouraged to comply. Member states are expected to make a genuine effort to comply with recommended practices. TSA has chosen the 86 standards that it sees as most critical. See 49 U.S.C. § 44907(a)(2)(C) (requiring that TSA conduct assessments using a standard that results in an analysis of the security measures at the airport based at least on the standards and appropriate recommended practices of ICAO Annex 17 in effect on the date of the assessment). [18] Segments of Annex 17 to the Convention of International Civil Aviation, Safeguarding International Civil Aviation Against Unlawful Acts of Interference, Seventh Edition, April 2002 and Annex 14, Aerodrome Design and Operations, Volume I, have been reproduced in appendix II with permission of the International Civil Aviation Organization. [19] Based on documentation provided by TSA, TSA also conducted five foreign airport surveys during fiscal year 2005. Surveys are generally conducted at foreign airports that are scheduled to provide new service to the United States. Unlike airport assessments, airport surveys only address whether foreign airports are meeting critical ICAO standards and recommended practices, such as those associated with passenger and checked baggage screening. Also unlike assessment reports, survey reports do not identify whether foreign officials took steps to address security deficiencies that were identified at the airport. Because of these differences, we did not include the results of the foreign airport surveys in our analysis. [20] According to TSA, the airport assessment period is extended by 8 to 12 hours for each air carrier inspection that is conducted. [21] According to TSA's Foreign Airport Assessment Program Standard Operating Procedures, if security concerns and deficiencies are considered "not serious enough for secretarial action (e.g., the measure barely satisfies the minimum international standard and could be improved)," TSA may develop an action plan for addressing the deficiencies identified without seeking a determination from the Secretary of Homeland Security. [22] The Secretary may bypass the 90-day action and immediately provide public notification or withhold, revoke, or prescribe conditions on an air carrier's operating authority if the Secretary determines, after consultation with the Secretary of State, that a condition exists that threatens the safety or security of passengers, aircraft, or crew traveling to or from the airport. § 44907(d)(2)(A)(ii). [23] Public notification includes publication of the airport's identity in the Federal Register, posting and displaying the airport's identity prominently at all U.S. airports at which scheduled air carrier operations are provided regularly, and notifying news media of the airport's identity. 49 U.S.C. § 44907(d)(1)(A). U.S. and foreign air carriers providing transportation between the United States and the airport shall also provide written notice that the airport is not maintaining and carrying out effective security measures on or with the ticket to each passenger buying a ticket. § 44907(d)(1)(B). [24] Invoking this action does not require that the Secretary base the determination upon TSA's airport assessment results, though an assessment may provide the basis for invoking this action. [25] TSA may conduct air carrier inspections separately from airport assessments because foreign airports are generally assessed no more than once a year by TSA, while some air carriers are inspected twice a year by TSA. [26] Extraordinary locations are identified through threat analysis conducted by TSA's Office of Intelligence and are contained in the Aircraft Operator Standard Security Program. The list of extraordinary locations is sensitive security information and, therefore, is not included in this report. [27] Over the course of our review, TSA was in the process of developing new guidelines for determining the frequency of overseas air carrier inspections. The draft guidelines would require TSA to inspect both U.S. and foreign air carriers once a year, unless the air carrier operates out of a foreign airport that TSA determines has a relatively high vulnerability level, in which case TSA would inspect the air carrier twice a year. TSA had not finalized the draft air carrier inspection guidelines as of February 2007. [28] TSA requires that each air carrier adopt and implement a TSA- approved security program for all scheduled passenger and public charter operations at locations within the United States, from the United States to a non-U.S. location, or from a non-U.S. location to the United States. See 49 C.F.R. pts. 1544-46. [29] See 49 C.F.R. §§ 1544.3, 1546.3. [30] When circumstances require that air carriers take immediate action to mitigate a known or potential threat or vulnerability, TSA may issue security directives to impose additional security requirements on U.S. air carriers and emergency amendments to impose additional requirements on foreign air carriers. See 49 C.F.R. §§ 1544.105(d), 1544.305, 1546.105(d). [31] The No-Fly list contains the names of individuals that pose, or are suspected of posing, a threat to civil aviation or national security and are precluded from boarding an aircraft. The Selectee list includes those individuals of interest that do not meet the criteria to be placed on the No-Fly list. Individuals on the Selectee list will be subjected to additional screening. There is also a separate selectee process--the Computer-Assisted Passenger Prescreening System--by which individuals who meet certain criteria are selected for additional screening. [32] TSA has statutory authority to issue fines and penalties to individual air carriers for not complying with established security procedures. See 49 U.S.C. § 46301. In general, the penalty for an aviation security violation is found at 49 U.S.C. § 46301(a)(4), which states that the maximum civil penalty for violating chapter 449 of title 49, United States Code, (49 U.S.C. § 44901 et seq.) or another requirement under title 49 administered by the Assistant Secretary, TSA, shall be $10,000. The maximum civil penalty shall be $25,000 in the case of a person operating an aircraft for the transportation of passengers or property for compensation. [33] TSA assessed foreign airports against 64 required ICAO standards and 22 recommended ICAO practices for aviation security. For the purpose of this report, we refer to both standards and recommended practices as standards. [34] TSA found that 104 of the 128 foreign airports initially did not meet at least 1 ICAO standard. The average number of ICAO standards not met by these 104 airports was about 6, and the range of standards not met by an individual airport was 1 to 24. However, by the completion of TSA's assessment, 22 of these 104 airports had taken corrective action that enabled them to meet all ICAO standards; thus leaving 82 airports that did not meet at least 1 ICAO standard at the completion of the assessment period. In addition to conducting airport assessments of foreign airports, TSA also conducts surveys of foreign airports. Surveys are conducted at airports that plan to provide new service to the United States. [35] At the beginning of the assessment, TSA found that 88 airports did not meet at least one critical ICAO standard. However, by the end of the assessment period, 27 airports took corrective action that allowed them to meet all critical standards, leaving 61 foreign airports not meeting at least one critical ICAO standard after TSA completed its assessment. [36] See 70 Fed. Reg. 3,378 (Jan. 24, 2005). Based on subsequent assessments by TSA, the Secretary found that Port-au-Prince International Airport maintains and carries out effective security measures. See 71 Fed. Reg. 42,103 (July 25, 2006). [37] See 71 Fed. Reg. 3,107 (Jan. 19, 2006). The airport in Bali was subjected to both a public notification and a 90-dayaction, whereas for Haiti, the Secretary by-passed the 90-day action and immediately notified the public that the airport in Haiti did not maintain and carry out effective security measures. The identity of the foreign airports that were subjected to 90-day actions, but did not also subjected to public notification, is classified. [38] The number of ICAO standards not met by the five secretarial action airports at the completion of TSA's assessment ranged from 11 to 18, and the number of critical standards not met by these airports range from 3 to 6. The assessment reports for these airports included some standards that did not provide information whether or not the standard had been met at the completion of TSA's assessment. Therefore, those standards were excluded when calculating these range values. [39] TSA officials stated that noncompliance with an ICAO standard, which is required, has more influence on a secretarial action determination than noncompliance with an ICAO recommended practice, which is only suggested. [40] Specifically, 108 of the 385 U.S. air carrier inspections and 48 of the 144 foreign air carrier inspections resulted in violations of at least one TSA security requirement. [41] During fiscal year 2005, there were a total of 78 security requirements that TSA could have imposed on U.S.-based air carriers operating at foreign airports and a total of 55 security requirements that TSA could have imposed on foreign air carriers. However, depending on the location of the foreign airport in which the air carrier operated and the extent of an air carrier's operations at the airport, not all of the security requirements were applicable to all air carriers. [42] The percentage of air carrier inspections that resulted in these and other types of security deficiencies is sensitive security information and, therefore, is not discussed in this report. [43] TSA could not readily identify what enforcement actions were recommended for the remaining 84 (about 20 percent) security violations identified during fiscal year 2005 air carrier inspections. [44] The number of enforcement actions is not equal to the number of violations identified because TSA can issue one enforcement action for multiple violations and TSA could not readily identify what action, if any, was taken for some violations. [45] An additional fiscal year 2005 enforcement action based on a fiscal year 2004 inspection was resolved with a letter of correction issued in lieu of a $25,000 civil penalty. [46] The specific passenger checkpoint screening deficiency identified by TSA is sensitive security information and, therefore, is not identified in this report. [47] The specific airport perimeter security deficiency identified by TSA is sensitive security information and, therefore, is not identified in this report. [48] The specific security deficiency for which TSA inspectors recommended the construction project is sensitive security information and, therefore, is not identified in this report. [49] The Organization of American States is made up of 35 member states, including the independent nations of North, Central, and South America and the Caribbean, and is a forum for strengthening democracy, promoting human rights, and confronting shared problems among its members, such as poverty, terrorism, illegal drugs, and corruption. [50] During fiscal year 2005, air carriers made 22 requests for alternative procedures. TSA approved 18 requests and 4 requests were withdrawn by the air carrier. [51] The areas of responsibility for the IFOs are mutually exclusive. Therefore, a foreign airport assessment should be listed only under one IFO. [52] Three of the TSARs did not mention conducting follow-up activities during their interview, in part because we did not specifically ask about conducting follow-up activities during these interviews. [53] TSARs may assist foreign officials in developing action plans to address deficiencies identified by TSA during airport assessments. According to TSA guidance, TSARs are to assist foreign officials in developing action plans when the security deficiencies identified are significant, but do not pose an immediate or serious threat to aviation security. During fiscal year 2005, TSA developed an action plan for 1 foreign airport. Action plans are to include (1) the security deficiencies identified at the airport, (2) the corresponding recommended corrective actions agreed upon by TSA and host government officials to address each deficiency, (3) host government officials' progress in implementing corrective actions, (4) date when host government is expected to complete the corrective action, and (5) the host government office or agency responsible for implementing the corrective action. [54] PARIS is a Web-based method for entering, storing, and retrieving performance activities and information on TSA-regulated entities, including air carriers. PARIS includes profiles for each entity, inspections conducted by TSA, and investigations that are prompted by incidents or inspection findings. [55] GAO, Aviation Security: Better Management Controls are Needed to Improve FAA's Safety Enforcement and Compliance Efforts, GAO-04-646 (Washington D.C.: July 2004), and GAO, Pipeline Safety: Management of the Office of Pipeline Safety Enforcement Program Needs Further Strengthening, GAO-04-801 (Washington D.C.: July 2004). [56] In this instance, host government law precluded the air carrier from complying with TSA requirements for checked baggage screening. [57] As discussed previously, TSA did not maintain accurate or complete data on the number of foreign airport assessments and air carrier inspections scheduled for a particular fiscal year. Therefore, our calculations may not include all of the assessments and inspections that were conducted, deferred, and canceled during fiscal year 2005. [58] The State Department bases the number of American positions overseas on the mission priorities of the embassy, the programmatic and administrative costs associated with increases in staffing, and security issues related to the number of Americans posted overseas. According to the State Department, the average cost of putting an American position overseas will be approximately $430,000. U.S. Office of Management and Budget, Department of State and International Assistance Programs, Budget of the United States Government, Fiscal Year 2006 (Washington, D.C.: February 2005). [59] Airport visits include visits to a foreign airport to conduct an airport assessment in conjunction with air carrier inspections or to conduct solely an airport assessment or air carrier inspections. [60] As of June 2006, there were 65 domestic inspectors stationed at 52 U.S. airports who were eligible to conduct foreign airport assessments and inspections of air carriers operating out of foreign airports. There were approximately 700 domestic inspectors stationed at U.S. airports at the beginning of fiscal year 2006. According to TSA, teams consisting only of domestic inspectors were used to conduct about 2 percent of foreign airport assessments and only 1 percent of air carrier inspections during fiscal year 2005. [61] Under the previous scheduling approach, foreign airports that exhibited no operational issues in the previous two assessments were assessed once every 3 years. Foreign airports that had not been previously assessed, subjected to secretarial action within the last 5 years, or exhibited operational issues in either of the two previous assessments were assessed once a year. Operational issues are weaknesses in the security system at an airport that pose a direct threat to the safety and security of passengers, aircraft, and crew (i.e., screening and access control measures). [62] See Pub. L. No. 108-176, § 611(b)(1), 117 Stat. 2490, 2571-72 (2003) (codified at 49 U.S.C. § 44924). As of March 2007, TSA had not issued final regulations to satisfy this requirement. [63] FAA-approved repair stations in foreign countries are facilities located overseas that perform maintenance and repairs on aircraft operated by U.S. air carriers or aircraft registered in the United States. [64] The 27 member states of the European Union are Belgium, Bulgaria, Czech Republic, Denmark, Germany, Estonia, Greece, Spain, France, Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, Hungary, Malta, the Netherlands, Austria, Poland, Portugal, Romania, Slovenia, Slovakia, Finland, Sweden and the United Kingdom. [65] Founded in 1955 as an intergovernmental organization, ECAC aims to promote the continued development of a safe, efficient, and sustainable European air transport system. In so doing, ECAC conducts assessments of airports within member states, at the request of officials from its member states. ECAC derived the standards by which airports are assessed from ICAO Annex 17 civil aviation security standards. However, ECAC officials stated that their standards are more prescriptive than those of ICAO. [66] According to TSA officials, TSA conducts its foreign airport assessments in a manner consistent with how the Federal Aviation Administration conducted its assessments before this responsibility transferred to TSA pursuant to the Aviation and Transportation Security Act (ATSA). See International Security and Development Cooperation Act of 1985, Pub. L. No. 99-83, § 551, 99 Stat. 190, 222-25 (authorizing the Secretary of Transportation to conduct assessments of the effectiveness of the security measures maintained at foreign airports); see also H.R. Conf. Rep. No. 99-237, pp. 124-29 (1985). [67] These officials, at the time of the interview, were not able to offer specific examples of other security measures that would be more effective at preventing a terrorist attack. [68] Pursuant to 49 U.S.C. § 44901(a), the screening of all passengers and property that will be carried aboard a passenger aircraft with a flight or flight segment originating in the United States shall take place before boarding and shall be carried out by a federal government employee (or by private screeners under contract to TSA as part of the Screener Partnership Program in accordance with § 44920). [69] GAO, Aviation Security: Federal Efforts to Secure U.S. Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-337SU (Washington, D.C.: March 2007). [70] TSA is authorized under U.S. law to conduct assessments of foreign airports. See 49 U.S.C. § 44907. Although TSA does not have any authority to compel a foreign airport or government to submit to a TSA assessment, the agency does have authority (in conjunction with other appropriate U.S. government entities such as FAA and the Department of State) to impose restrictions on air travel between that airport and the United States in the event it is not permitted to conduct an assessment. See id. [71] Based on the assessment reports TSA provided us, we determined that TSA conducted 128 foreign airport assessments at 126 unique airports during fiscal year 2005; that is, 2 foreign airports were assessed twice during fiscal year 2005. [72] The PARIS database, established in July 2003, provides TSA a Web- based method for entering, storing, and retrieving performance activities and information on TSA-regulated entities, including air carriers. PARIS includes profiles for each entity, inspections conducted by TSA, and investigations that are prompted by incidents or inspection findings. [73] See 49 U.S.C. § 44907. [74] The No-Fly list contains the names of individuals that pose, or are suspected of posing, a threat to civil aviation for national security and are precluded from boarding an aircraft. [75] GAO, Internal Control: Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999), and GAO, Internal Control: Internal Control Management and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001). [76] We visited the embassies of Australia, Belgium, Canada, the Dominican Republic, Ecuador, France, Germany, Indonesia, Israel, Japan, Mexico, the Netherlands, the Philippines, Singapore, Thailand, and the United Kingdom. [77] We met with officials from American Airlines, British Airways, Caribbean Sun Airlines, Continental Micronesia, Delta Air Lines, Lufthansa, Northwest Airlines, Philippine Airlines, Singapore Airlines, Thai Airways International, and Virgin Atlantic. [78] The Federal Security Director is the ranking TSA authority responsible for the leadership and coordination of TSA security activities at the nation's commercial airports. [79] The specific Security Directives are sensitive security information and, therefore, are not identified in this report. [80] See 49 C.F.R. § 1546.103(a)(3). 49 U.S.C. § 44906, however, provides that TSA shall not approve the security program of a foreign air carrier unless it requires the foreign carrier in its operations to and from airports in the United States to adhere to the identical security measures required of air carriers serving the same airports. [81] The specific emergency amendments are sensitive security information and, therefore, are not identified in this report. [82] East Africa Counterterrorism Initiative (EACTI) includes military training for border and coastal security, programs to strengthen control of the movement of people and goods across borders, aviation security capacity building, assistance for regional efforts against terrorist financing, and police training. EACTI also includes an education program to counter extremist influence and a robust outreach program. According to DOT, with the exception of Djibouti, which has a separate funding course, the Economic Support Funds used to support the remainder of the Safe Skies countries can only be used to support those aviation security technical assistance and capacity-building activities performed by nonmilitary and nonpolice personnel. [83] According to DOT, Safe Skies offers technical assistance and training for both aviation safety and security and does not track funding levels by activity. [84] According to DOT, Cape Verde is the only Safe Skies country that has successfully achieved FAA Category 1 status for safety oversight in accordance with ICAO aviation security standards. Cape Verde also met ICAO standards for security oversight and TSA security requirements for providing direct service to the United States. As such, DOT provides limited assistance to Cape Verde to sustain its safety and security status. [85] The Department of State did not fund workshops directly, but rather through a grant to OAS/CICTE; thus the specific cost information is not available. Further, many countries received assistance at workshops held for multiple countries at the same time and it is difficult to disaggregate cost information. [86] Not all money was used due to inability to place an aviation security expert on site. [87] In August 1985, the International Security and Development Cooperation Act of 1985, Pub.L. No. 99-83, was enacted, which included a section called the Foreign Airport Security Act. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400: U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800: U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: