communication to 9/11 commission about aviation security before 9/11

8/14/2019 Communication to 9/11 Commission about Aviation Security before 9/11

1/5

OIG Responses to Questions from National Commission on TerroristAttacks Upon US for Upcoming TestimonyMost serious weaknesses in the security system before September 11 th1 . Security Testing and Oversight: Industry did not always comply withsecurity requirements and FAA's oversight of industry compliance was

ineffective. During several reviews of FAA's aviation security programs, wefound time and time again that FAA's assessment and testing of industry'scompliance was not c omprehensive, realistic, or aggressive. For example, atypical test of a screener would be a firearm or fake bomb placed inside acarry-on bag with little or any clutter. When noncompliance was found,enforcement actions had little impact on deterring repeated noncompliance bya single air carrier/airport operator or a group of air carriers/airport operators.Action Taken: TSA has established a testing program to test screeners andindustry employees on security procedures and access control. Whennoncompliance with security regulations occurs, TSA has the responsibility totake corrective action including providing additional training or removal of thescreeners from duty.

2. Performance Standards for Screeners: Standards had not been establishedfor measuring security screeners performance based on computer-assistedtesting methods and unannounced testing of screeners by FAA. A final rulehad not been issued on the certification of screening companies to improve thescreening of passengers, carry-on items, and cargo, and improve screenerperformance. The Federal Aviation Reauthorization Act of 1996 requiredFAA to develop uniform performance standards for selection, training,certification, an d recertification of screening companies an d their employees.Action Taken: FAA was prepared to issue its final rule on the certification ofscreening companies the week of September 10, 2001. However, following theevents of September 11th, the Department of Transportation elected to delay thefinal rule publication so that the Rapid Response Teams could re-evaluate thecertification requirements. Subsequently, the Aviation an d TransportationSecurity Act federalized the screening workforce, set qualification and trainingrequirements, and required TSA to develop a screener performancemeasurement system. TSA has implemented standards for selection an dtraining of new screeners. It is formalizing an annual recertification programfor existing screeners. A prototype program is scheduled to begin in June.

3. Cargo Security: FAA needed to strengthen controls in cargo security,particularly the procedures for certifying indirect air carriers (freightforwarders) and assessing indirect air carriers' compliance with cargo securityrequirements.


2/5

OIG Responses to Questions from National Commission on TerroristAttacks Upon U S for Upcoming Testimony

In 1997, we advised FAA of the need to strengthen its approval procedures forindirect air carriers and ensure compliance with cargo security requirements.In September 2001, we briefed FAA on the results of our follow-up audit ofFAA's Cargo Security Program, again advising FAA of the need to strengthenits Cargo Security Program. Due to the sensitive nature of this area, we cannotdisclose in a public document our testing results or our recomm endations.Action Taken: After September 11 th, FAA took steps to strengthen cargosecurity, including issuing security directives and an emergency amendmentthat prohibited air carriers from accepting cargo from unknown shippers, an dthat provided add itional requireme nts for classifying shippers as "known."TSA has made progress to improve cargo security, but more needs to be done.TSA is reevaluating the Program to determine which current procedures shouldbe retained and what new processes and controls should be added.

4. Reactive Aviation Security Model: Before September 11 th, the aviationsecurity model was largely reacting to known security threats instead of beingproactive against potential threats. This can be demonstrated over a span ofyears from the first security rules dealing with international travel an dhijackings in the 1960s and early 1970s. Following the Pan Am 103 bom bing,FAA embarked on the development of equipment to screen checked bags forexplosives. Ho weve r, the mode l was not designed to prevent the type of threat[that occurred on September 11 th.Action Taken: The Department of Homeland Security and TSA are morelikely to be proactive in identifying threats and closing security gaps. M oreemph asis is being focu sed on gathering intelligence on transportation securitythreats and improved coordination among the intelligence agencies. M uch ofthe responsibility and costs of aviation security have be en shifted to the FederalGovernment when TSA took responsibility for passenger and baggagescreening. However, TSA must not become complacent.Screener an d Airport Employee Training: Screener and airport employeetraining requirements were inadequate. Before September 11 th, screenersworking for the security com panies hired by the air carriers w ere only requiredto have 12 hours of classroom training and 3 hours of on-the-job training.In addition, prior to September 11 th, 2001, airport employees (vendors, tenants,etc) security awareness training programs were comprised of a limited, halfhour to hour, video or briefing on security responsibilities.


3/5

QIG Responses to Questions from National Commission on TerroristAttacks Upon US for Upcoming Testimony

Action Taken: The Av iation and Transportation Security Act required TSA toestablish a training plan requiring that, at a minimum, screeners complete 40hours of classroom instruction; 60 hours of on-the-job instruction; andsuccessfully complete an on-the-job training examination.TSA has stated that the airports' existing security training for all individualswith authorized access to secure areas of the airport is adequate for the timebeing. W hile we agree that increased em phasis has been placed on securitysince September 11, 2001, we can also expect com placency to reappear.

6. Explosive Detection Machine Usage: Bulk explosives detection machines forscreening of passengers' checked baggage were underutilized.Underutilization of these systems was a long-standing problem that we havereported on since 1998. These m achines cost about $1 m illion each plusinstallation costs ranging from $300,000 to over $1 m illion. W hile themachines are capable of screening 125 bags an hour, we routinely found thatthe vast majority were screening between 250 an d 75 0 bags per day.Action Taken: Today, the operational landscape has changed, and what wefound in the pastEDS machines sitting idle when plenty of bags wereavailable for screeningis no longer the case. Congress m andated screeningof all checked baggage as of December 31, 2002. Since the December 31deadline, we found that al l checked baggage is being screened using EDSwhere available.Yet, areas for improved efficiency still exist. Nearly all EDS in use today arelobby installation or stand alone machines and do not offer the efficiencies thatare available w hen installed in-line in the airport's baggage system . Installingin-line EDS systems that are integrated into the airports' baggage systemswould require fewer machines than lobby installations, fewer screeners, andhave faster screening times.

I TSA needs to move forward with integrating EDS into baggage handlingsystems at the largest airports to better use existing machines. W e mustcontinue to invest in research an d development for cheaper, faster, and moreeffective equipment fo r screening passengers, their carry-on and checkedbaggage, and cargo.

7. Airport Access Control: Access control systems, methods, or proceduresfailed to protect against unauthorized access to secure areas of the airport.


4/5

OIG Responses to Questions from National Com mission on TerroristAttacks Upon US for Upcoming TestimonyDuring late 1998 and early 1999, we successfully penetrated secure areas1 in68 percent of our tests at eight major U.S. airports. O nce we entered secureareas, we boarded aircraft 117 times. The majority of our aircraft boardingswould not have occurred if employees had taken the prescribed security steps,such as making sure doors closed behind them .Action Taken: Following September 11 th, FAA required airports to reduce thenumber of access points to secure areas of the airport. In July 2001, FAAissued regulations making individuals directly accountable to FAA fornoncompliance with access control requirements and enabling FAA to assessfines for non-compliance. Noncompliance by employees was an issue in mostareas of airport security we tested over the years. Therefore, it is important forairport operators and air carriers to develop and implement comprehensivetraining programs that teach employees their role in aviation security, theimportance of their participation, how their performance will be evaluated, andwhat action will be taken if they fail to perform . TSA must periodically testcompliance with access control to ensure continual vigilance with securityrequirements.

8 . Criminal History Checks an d Background Investigations for Employees atthe Airport: Criminal history checks were not required for all employeesworking at the airport w ith unrestricted access to secure areas of the airport. Inour 2000 report,2 we found that FAA's background investigation requirementswere ineffective, and that airport operators, a ir carriers and airport users3frequently did not comply with these requiremen ts.Action Taken: We recommended that FAA strengthen backgroundinvestigation requirements to include initial and randomly recurring FederalBureau of Investigation (FBI) criminal checks for all employees; expand thelist of crimes that disqualify an individual from unescorted access to secureairport areas; an d incorporate in background investigation requirements the useof credit checks and drug tests to help assess w hether ind ividua ls can be trustedwith the public's safety and be permitted to wo rk in secure airport areas.

1 OIG uses the term secure area to define the area of an airport where each person is required to displayairport-approved identification. Each airport defines this area, which may be the entire Air OperationsArea or may be limited to a smaller, more restrictive area.2 Report on Controls Over Airport Identification Media (Report Number AV-2001-010, December 7,2000).3 Airport users include foreign air carriers, non-air-carrier airport tenants, and companies that do not haveoffices at the airport, but require access to the secure airport areas.


5/5

OIG Responses to Questions from National Commission on TerroristAttacks Upon US for Upcoming TestimonyThe Airport Security Improvement Act of 2000 incorporated some of our keyrecommendations and required FBI criminal checks at Category X airports asof December 2000. However, other airports were scheduled to enter thisprogram beginning in December 2003.Subsequently, the Aviation and Transportation Security Act of 2001 mandatednew background investigations, with more thorough criminal history checks,for all current employees with unescorted access to secure areas of the airport,for security screeners an d their supervisors, and for individuals who haveregularly escorted access to secure areas of the airport.On December 6, 2001, FAA published a final rule requiring airport an d aircraftoperators to conduct fingerprint-based criminal history checks on individualswith unescorted access to secure areas of the airport who had not previouslyundergone such checks. By the end of December 2002, the aviation securityclearinghouse 4 ha d processed more than 800,000 fingerprint records fo r checksagainst Federal databases.However, this rule applies only to individuals with unescorted access,

| screeners, and screener supervisors, and notindividuals who regularly haveI escorted access to secure areas of the airport, including aircraft, to undergoI criminal checks and wear identification badges. Individuals who haveI regularly escorted access can include employees of companies under contract\hthe airlines to provide catering, fueling, and aircraft repair services, asl\l as employees of companies under contract with the airport fo r airside

construction projects. Further the rule does not require recurring or periodiccriminal checks fo r existing employees.

4 TSA has a Memorandum of Agreement with the American Associationof Airport Executives to act as anational clearinghousefor fingerprint checks performed pursuant to 49 U.S.C 44936.

communication to 9/11 commission about aviation security before 9/11

Documents