Approximately 300 airports in foreign countries offer last point of departure flights to the United States. When threat information or vulnerabilities at foreign airports indicate an immediate need for air carriers to implement additional security measures, the Transportation Security Administration (TSA) may issue new or revise existing security directives (for domestic air carriers) and emergency amendments (for foreign air carriers).
TSA has a process for reviewing such directives to determine whether to update, cancel, or make them permanent. But a Government Accountability Office (GAO) report says TSA’s process does not clearly define when or how to involve stakeholders. It is also not clear about how to cancel directives or make requirements within directives permanent.
As of March 2019, there were 46 TSA security directives and emergency amendments in effect related to air carrier operations at foreign airports. Twenty-eight of these directives addressed threats (e.g., explosives in laptops) and 18 pertained to vulnerabilities identified at foreign airports (e.g., inadequate perimeter fencing).
GAO found that TSA does review directives, but does not fully define how to coordinate with industry representatives. Further, the review found TSA has not incorporated the security measures of many longstanding directives into air carrier security programs in accordance with TSA policy.
TSA officials said that while TSA’s standard operating procedures state the Administration should coordinate with air carriers and other industry stakeholders, the feasibility of doing so when issuing or updating directives (particularly when the time frame is short and security measures must reach the industry rapidly due to a specific threat or recent event) is limited. These officials noted that engagement is more likely to take place when a directive is up for renewal or is being updated.
Representatives from four domestic air carriers told GAO that coordination with TSA on directives has improved. However, representatives from six air carriers and two associations indicated that TSA has issued revised directives that are vague or difficult to implement—which, for example, contributed to TSA officials offering different interpretations of aircraft cabin search requirements—because TSA did not sufficiently include them in the review process. GAO’s report noted that when TSA officials have coordinated with air carriers, they have not documented the input provided.
GAO’s report provided examples including one air carrier which stated that TSA sometimes coordinates with them when revising directives but generally seeks feedback from the same one or two air carriers that fly globally or operate out of the most last point of departure airports and does not always coordinate with air carriers that do not have a large global operation. Another air carrier representative told GAO that TSA only coordinated with them after they insisted on being included in the process to revise a security directive.
Similarly, representatives from an association told the review that TSA did not coordinate with them on the 2018 revision of a security directive issued to increase security requirements applied to cargo shipments originating in, transiting through, or transferring from Egypt until the association first reached out and that the process was not fully transparent. Although TSA verbally shared anticipated changes, representatives from the association were not clear what the new language would say or what it meant.
Representatives from both domestic and foreign air carriers and their associations identified negative effects of inconsistent coordination with TSA during the directive review process and stated that improved coordination would lead to more efficient and effective security measures. For example, representatives said cargo directives are not always effective because they do not fully account for how cargo moves around the world (e.g., shippers may transport cargo by truck from one country to another before loading it onto a U.S.-bound aircraft to avoid security measures specific to certain foreign airports).
TSA policy states that directives are not intended to be permanent and are expected to eventually be canceled or incorporated into security programs. GAO analysis found that TSA issued more than one half of the directives prior to 2014, meaning they have been in effect for more than five years. Several have been in effect for more than 10 years.
The GAO report notes that as of July 2019, TSA officials had begun the process to migrate directives into security programs as deemed appropriate, but had not yet finalized their plans for doing so.
GAO has made three recommendations to TSA following its review:
- Better define (e.g., develop guiding principles) how TSA is to coordinate with air carriers and other stakeholders during the review of security directives and emergency amendments, and implement such guidance.
- Ensure input provided by air carriers and other stakeholders is documented during the security directive and emergency amendment review process.
- Define a process for cancelling or incorporating security directives and emergency amendments into security programs, including time frames, and take action to implement this process, as applicable.
TSA has concurred with the recommendations and is developing a process for more formal and consistent coordination with air carrier and industry association stakeholders. TSA officials also plan to incorporate substantive feedback into action memos associated with the review of directives. Further, the Administration will establish milestones at which it will conduct a formal review to determine if longstanding directives should be consolidated into a security program or otherwise cancelled.