Aviation Security Programs: TSA Should Clarify Compliance Program Guidance and Address User Concerns with Its Data Systems
Fast Facts
TSA conducted about 28,000 inspections of U.S. airports and passenger airline operations in 2021.
When a violation is found during an inspection, airports and air carriers can avoid civil penalties by investing their own resources as part of an action plan to find the root cause of a violation. But, TSA guidance is unclear about when these plans are appropriate.
In addition, TSA inspectors at 5 field offices we visited said flaws in a new data platform used to record their work—such as an inability to edit key fields—hindered their efforts to ensure compliance with required aviation security programs.
Our recommendations address these issues.
Example of an Air Carrier Correcting a Security Violation through a TSA Action Plan
Highlights
What GAO Found
The Department of Homeland Security's Transportation Security Administration (TSA) conducted about 28,000 inspections in 2021 to identify violations and improve security for domestic airports and passenger air carriers. If TSA identifies a violation, it can take enforcement actions ranging from counseling to civil penalties.
TSA allows airports and air carriers to develop an action plan that invests their own resources to address violations in lieu of a civil penalty. The plans partner TSA with airports and air carriers to identify the root cause of a violation. Most of the airport and air carrier officials GAO spoke with like having action plans as an option. However, TSA guidance is not clear as to when the plans are appropriate to use, such as for systemic violations. Developing and sharing additional guidance could help TSA and its partners more efficiently use their resources.
Transportation Security Administration Inspector Conducting Inspection of Airport Equipment
In March 2021, TSA transitioned to a new computer platform that inspectors are to use to record information from their compliance work. Inspectors at each of the five field offices GAO visited said challenges using this platform have affected their ability to capture compliance data. For example, some of these inspectors said TSA did not adequately consult with or train users when it began transitioning data to the new platform. As a result, inspectors said they cannot edit required key data fields, such as updating points of contact or adding new regulated entities. TSA is addressing some issues, but has not fully assessed user concerns, such as the need for better communication. Assessing concerns could help TSA maximize its data system.
TSA plans to transition nine more data systems to its new platform, but has not developed a broad set of lessons learned of staff's experiences from other systems' transitions. Developing lessons learned will help TSA better ensure it mitigates past challenges during future transitions.
Why GAO Did This Study
Constant threats to passenger aviation require continuous and effective security programs. Since 2020, over 1 billion passengers traveled on flights within the United States. TSA is responsible for securing the nation's aviation transportation system by ensuring air carriers and airport operators comply with security requirements.
GAO was asked to review TSA's efforts to implement security programs. This report examines (1) how TSA inspections are designed to improve aviation security compliance, (2) how TSA addressed known instances of noncompliance from fiscal years 2017 through 2021, and (3) the extent TSA has experienced challenges transitioning to a new data compliance platform and steps taken to address them. GAO reviewed TSA documentation for its inspections and investigations and observed TSA compliance staff in five airport field offices selected based on location and the number of passengers on board aircraft in 2019. GAO also interviewed TSA officials and representatives from those five airport operators as well as the eight largest passenger air carriers.
Recommendations
GAO is recommending that TSA (1) develop guidance for when an action plan may be effective in resolving noncompliance, (2) assess stakeholder concerns about transitioning to a new compliance platform, and (3) develop lessons learned from other systems' transitions. The Department of Homeland Security concurred with all three recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status Sort descending |
|---|---|---|
| Transportation Security Administration | The TSA Administrator should, in consultation with its inspectors as well as with airports and air carriers, provide further guidance for inspectors and regulated entities indicating when an action plan may be an effective method for resolving a compliance violation. (Recommendation 1) |
Closed – Implemented
In September 2022, we reported that the Transportation Security Administration (TSA) uses action plans as part of the agency's outcome-focused compliance efforts for regulating airports and air carriers and can address a variety of aviation security risks, but has not developed formal guidance for when it believes an action plan is an effective method for resolving a violation. As a result, we recommended TSA should provide further guidance for its inspectors and regulated entities that indicates when an action plan may be an effective method for resolving a compliance violation. In January 2023, TSA published and distributed to its inspectors and industry partners a list of Frequently Asked Questions (FAQs) about action plans that the agency compiled after seeking input from both. In February 2023, TSA held meetings with inspectors and industry partners to address and clarify outstanding issues and questions with the FAQs. In taking these steps, inspectors and industry partners have additional guidance about action plans that can help them decide whether one is an appropriate resolution for noncompliance, and lead TSA and industry partners to more efficiently use their resources. As a result, this recommendation is closed as implemented.
|
| Transportation Security Administration | The TSA Administrator should ensure the Information Technology and Compliance offices conduct an assessment to identify and address user concerns as PARIS transitions to the new platform. (Recommendation 2) |
Closed – Implemented
In September 2022, we reported that Transportation Security Administration (TSA) inspectors experienced challenges using the agency's Performance and Results Information System (PARIS) since the agency transitioned the system to a new platform in March 2021. As a result, we recommended that the TSA Administrator should ensure the Information Technology and Compliance offices conduct an assessment to identify and address user concerns as PARIS transitions to the new platform. In response, TSA took several actions. For example, in October 2022, TSA created a PARIS Requirements Working Group to engage with the TSA workforce and representatives from the PARIS user community. This group, along with others at TSA, studied the experiences of those who use PARIS and took steps to understand their experiences, identify challenges, and prioritize solutions based on needs and impact. In June 2023, TSA published a PARIS Requirements Roadmap that supports requests from those who use PARIS and improves developing future PARIS enhancements. In addition, In August 2023, TSA held a workshop to address concerns of PARIS users by collating priorities from staff who use the system and identifying critical backlog enhancements. A TSA official associated with this effort described this as an important step in addressing user concerns by identifying gaps in PARIS and communicating them with staff in the field. These efforts will help the agency address user concerns with PARIS. As a result, this recommendation is closed as implemented.
|
| Transportation Security Administration | The Administrator of TSA should ensure the Information Technology office identify, document, and share lessons learned from the agency's experiences transitioning the PARIS, LInKS, and GRADS data systems to a new platform in advance of future transitions. (Recommendation 3) |
Closed – Implemented
In September 2022, we reported that the Transportation Security Administration (TSA) had transitioned three compliance data systems to a new platform and planned to transition nine more but had not developed a broad set of lessons learned from other systems' transitions. We recommended TSA develop and share lessons learned on transitioning data systems. In July 2023, TSA developed 14 recommendations pertaining to the three data systems that had already transitioned to the new platform. TSA recommendations generally aim to: (1) enhance the user experience (2) identify all aspects of data migrated and validating the strategy for items that require coordination with others; and (3) emphasize role-based testing. TSA also shared these lessons learned with several offices that use TSA's compliance data systems. Sharing these lessons learned will better prepare TSA when it transitions its other data systems to the new platform. As a result, this recommendation is closed as implemented.
|