For other versions of this document, see http://wikileaks.org/wiki/CRS-RL33194 ------------------------------------------------------------------------------ ˘ ˘ Prepared for Members and Committees of Congress ˘ General aviation (GA)--a catch-all category that includes about 54% of all civilian aviation activity within the United States--encompasses a wide range of airports, aircraft, and flight operations. Because GA plays a small but important role in the U.S. economy, improving upon GA security without unduly impeding air commerce or limiting the freedom of movement by air remains a significant challenge. However, policymakers have received mixed signals about the relative security risk posed by GA, due to its diversity and a general lack of detailed information regarding the threat and vulnerability of various GA operations. While some recent high-profile breaches of GA security point to persisting vulnerabilities and limited intelligence information suggest a continued terrorist interest in using GA aircraft, it is evident that GA airports, aircraft, and operations vary considerably with regard to security risk. While the small size and slow speed of most GA aircraft significantly limit the risk they pose, some experts still fear that they could be used as a platform for a chemical, biological, radiological, or nuclear attack. Certain sectors of GA, such as crop dusters and larger business aircraft, present more specific risks because of their unique capabilities and aircraft characteristics. Because various segments of GA differ significantly in terms of their perceived risk, mitigation, strategies should arguably be tailored to some degree based on risk. Based on an analysis of risk, a variety of options exist for mitigating security risks specific to GA airports and flight operations. These include surveillance and monitoring; airport access controls; background checks and vetting of pilots, airport workers, and others having access to GA facilities and aircraft; and physical protections for airports and aircraft. Steps may also be taken to address unique security risks in agricultural aviation, at flight schools, and among business and charter operators. Besides these steps to enhance GA security at airport and operator sites, homeland security efforts since 9/11 have focused extensively on restricting access to airspace around sensitive locations and, more recently, stepping up monitoring and inspections of international GA flights entering the United States. Airspace restrictions imposed on GA aircraft have been highly contentious because they have a direct impact on the freedom of movement by air, they are costly and resource intensive to implement effectively, and their effectiveness in preventing terrorist attacks has been questioned by some. GA security has been a topic of continued interest to Congress. The FY2006 Department of Homeland Security Appropriations Act (P.L. 109-90) required the DHS to examine the vulnerability of high-risk sites to possible terrorist attacks using GA aircraft. The Implementing the 9/11 Commission Recommendations Act of 2007 (P.L. 110-53), enacted in August 2007, requires the development and implementation of a standardized risk assessment program at GA airports; establishes a grant program for enhancing security at GA airports, if such a program is deemed feasible; and requires operators of GA aircraft to provide notification and passenger information to the United States Customs and Border Protection (CBP) prior to entering U.S. airspace. Also, in the 110th Congress, various Members have urged the TSA to step up its surveillance of GA operations, particularly operations of corporate and private jets. This report will be updated as needed. Introduction ..................................................................................................................................... 1 What is General Aviation?............................................................................................................... 2 General Aviation Flight Operations........................................................................................... 2 General Aviation Aircraft Types................................................................................................ 3 General Aviation Airports.......................................................................................................... 5 The Economic Impact of General Aviation............................................................................... 6 The Security Challenge ................................................................................................................... 7 Security Vulnerabilities ................................................................................................................... 8 The Terrorist Threat....................................................................................................................... 12 Risk Factors Associated with General Aviation ............................................................................ 13 Possible Options to Mitigate the Security Risks of General Aviation ........................................... 16 Security Risk Assessments...................................................................................................... 17 Surveillance and Monitoring................................................................................................... 20 Airport Watch Program..................................................................................................... 21 Behavior Pattern Recognition ........................................................................................... 22 Airport Access Controls .......................................................................................................... 24 Background Checks and Vetting ............................................................................................. 25 Physical Security Measures for Airports................................................................................. 28 Physical Security Measures for Aircraft.................................................................................. 29 Securing Agricultural Aviation Operations ............................................................................. 30 Flight School Security............................................................................................................. 30 Security Best Practices for Business and Charter Aviation ..................................................... 31 The TSA Access Certificate Program ............................................................................... 31 Access to Ronald Reagan Washington National Airport .................................................. 32 Security Measures for Charter Operations........................................................................ 32 Vetting and Tracking GA Flights at the U.S. Borders ............................................................. 33 Airspace Restrictions .............................................................................................................. 35 Airspace Restrictions Around Washington, DC................................................................ 36 Security-Related Flight Restrictions Throughout the United States ................................. 39 Presidential Airspace Restrictions..................................................................................... 40 Policy Issues Regarding Airspace Restrictions................................................................. 41 Surveillance and Monitoring of Restricted Airspace ........................................................ 41 Curbing Airspace Violations ............................................................................................. 42 Airspace Protection and Homeland Defense .................................................................... 42 Related Legislative Proposals Offered in the 109th Congress ....................................................... 44 Oversight and Legislative Action in the 110th Congress ............................................................... 46 Figure 1. United States General Aviation Fleet Composition and Hours Flown (2005 Data)............................................................................................................................................. 4 Figure 2. Annual Number of Aircraft Thefts and Thefts of Avionics and Parts from Aircraft in the United States (1990-2006) ...................................................................................11 Figure 3. Previous and Current Configurations of the Washington, DC, Airspace Air Defense Identification Zone (ADIZ) and Flight Restricted Zone (FRZ) ................................... 38 Table 1. U.S. General Aviation Fleet and Activity (2005 Data) ...................................................... 3 Author Contact Information .......................................................................................................... 47 When the term general aviation (GA) is mentioned, the image most likely to be conjured is one of a small single-engine airplane droning over America's farmland on a tranquil summer's day. In the post-9/11 context, this pastoral image of GA has been tarnished to a degree by knowledge that the 9/11 hijackers trained in small general aviation aircraft in the United States, and amid lingering concerns that GA aircraft could be used to carry out a future terrorist attack. While some recent high-profile breaches of GA security have pointed to persisting vulnerabilities, and limited intelligence information may suggest a possible terrorist "fixation"1 on using aircraft to attack U.S. interests, GA aircraft vary considerably with regard to the risks they pose. The security risk posed by a small single-engine airplane operating in rural settings is intuitively quite different from the risk characteristics of large business jets operating in and near major metropolitan areas. Most experts agree that an adaptive, risk-based approach to securing GA aircraft and airports that takes into account the unique characteristics of the various distinct components of GA is needed to assure that security needs are adequately met and balanced with economic and operational considerations of the GA industry.2 Policymakers have received mixed signals about the relative risk posed by general aviation. While the 9/11 Commission asserted that "[m]ajor vulnerabilities still exist in ... general aviation security,"3 the commission did not further elaborate on the nature of those vulnerabilities nor did it make specific recommendations pertaining to GA security. The FAA has noted that [w]hile the DHS has no specific information that terrorist groups are currently planning to use general aviation (GA) aircraft to perpetrate attacks against the United States, it remains concerned that (in light of completed and ongoing security enhancements for commercial aircraft and airports) terrorists may turn to GA as an alternative method for conducting operations.4 In other words, while GA aircraft and airports may not be optimally suited for terrorist objectives, the hardening of commercial operations may make them an attractive alternative to terrorists seeking to identify and exploit vulnerabilities in aviation security. In this context, GA airports and aircraft are viewed as comparatively soft targets that may be exploited by terrorists because of known weaknesses and vulnerabilities. This view focuses primarily on the vulnerability of general aviation and does not systematically assess risk with regard to the interaction between these vulnerabilities, the threat posed by GA aircraft, and the potential consequences of a terrorist attack using GA aircraft. In fact, there is considerable debate over the threat element of the risk equation for GA operations. While GA advocates argue that the threat is minimal, some policymakers and security experts have expressed concern that, to the contrary, GA may pose a significant security threat. Part of the difficulty in resolving this debate is the diversity of 1 See Associated Press. "U.S. Uncovers Al-Qaida Plot in Pakistan; The Terrorist Group Allegedly Planned to Fly an Airplane into the American Consulate." Telegraph-Herald (Dubuque, Iowa), May 3, 2003, p. A7. 2 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security (October 1, 2003); and Transportation Security Administration, Security Guidelines for General Aviation Airports. Information Publication A-001 (May 2004). 3 National Commission on Terrorist Attacks Upon the United States. The 9/11 Commission Report. New York: W.W. Norton & Co., p. 391. 4 Federal Aviation Administration. "Washington, DC Metropolitan Area Special Flight Rules Area; Proposed Rule." Federal Register(70) 149 (August 4, 2005), p. 43251. operations and aircraft types that make up GA, making a single threat assessment for all sectors of the GA industry arguably inappropriate. To put the threat into context, the following discussion provides an overview of the variety of aircraft types, flight operations, and airport characteristics that make up GA. This discussion is followed by an analysis of the existing vulnerabilities in GA security, the terrorist threat posed by GA aircraft, the potential consequences of an attack using various GA aircraft, and how these elements factor into a risk-based assessment of GA security. Based on this analysis, possible approaches and ongoing initiatives to enhance GA security are discussed. In a sense, general aviation (GA) is a catch-all phrase that encompasses about 54% of all civil aviation activity within the United States, measured in terms of overall airport flight operations.5 Therefore, it is often easier to frame general aviation in terms of what it is not rather than what it is. In this context, GA refers to most aviation operations not conducted by scheduled passenger airlines, large air cargo operators, or the military. To add to the confusion, commercial charter operations are often grouped in with GA and non-revenue flights, such as maintenance test flights and repositioning flights conducted by passenger and cargo airlines, are usually operated under regulations often regarded as "general aviation" flight rules.6 Thus, virtually all flight activity outside the scope of scheduled passenger or cargo air carrier flights and military operations may be considered GA. This encompasses a wide variety of aircraft types and flight operations. Table 1 shows the distribution of aircraft and flight operations formally categorized as GA. As indicated in Table 1, recreational flying in personal aircraft (personal flying) and flight instruction, the typical activities one might expect to see at a small to mid-sized GA airports, account for close to half of all GA operations and comprise about 79% of all aircraft in the total GA fleet. Business and corporate flying--which encompasses anything from small businesses flying cancelled checks or regional salesmen flying to customer sites in small single-engine aircraft, to companies ferrying crews to offshore oil rigs by helicopter, to operations of large corporate jets and professionally managed fractional-ownership fleets--makes up about one- quarter of all GA operations and slightly less than one-quarter of all GA aircraft. On-demand charter services, referred to as air taxi services, along with air tours and chartered sightseeing flights, are also considered GA operations, and these types of flying activity combined account for about 13% of all general aviation operations. In addition to these major categories, there are a wide variety of additional GA operations--such as aerial advertising (e.g., banner towing and skywriting), aerial application (e.g., crop-dusting), aerial observation and other work (e.g., aerial photography, aerial mapping and data collection, traffic reporting, and search and rescue), and medical services (e.g., air ambulance and medical evacuation)--that account for the remaining 17% of all GA operations. 5 CRS calculations based on Federal Aviation Administration. FAA Aerospace Forecasts--Fiscal Years 2007-2020. March 2007. 6 The set of regulations specified in Title 14, Code of Federal Regulations, Part 91--General Operating and Flight Rules, apply to all civil aircraft operating in the national airspace system. Like GA aircraft, non-revenue airline flights are subject to these rules, but are not subject to additional safety and security regulations specifically applicable to revenue air carrier operations. 1 elbaT )ataD 5002( ytivitcA dna teelF noitaivA lareneG .S.U . fo rebmuN AG fo tnecreP nwolF sruoH fo tnecreP YROGETAC tfarcriA teelF )snoilliM( snoitarepO lanosreP 004,151 5.76 3.9 4.43 ssenisuB 005,52 4.11 2.3 9.11 lanoitcurtsnI 004,31 0.6 6.3 3.31 etaroproC 006,01 7.4 1.3 5.11 retrahC/ixaT riA 009,6 1.3 9.2 7.01 laireA 007,4 1.2 3.1 8.4 noitavresbO noitacilppA laireA 005,3 6.1 0.1 7.3 secivreS lacideM 004,1 6.0 7.0 6.2 gnieesthgiS 009 4.0 2.0 7.0 rehtO laireA 008 4.0 1.0 4.0 kroW rehtO 007 3.0 2.0 7.0 sruoT riA 006 3.0 4.0 5.1 daoL lanretxE 002 1.0 1.0 4.0 deificepsnU 008,3 7.1 9.0 3.3 LATOT 004,422 0.001 0.72 0.001 lirpA( kooB tcaF s'rotartsinimdA .noitartsinimdA noitaivA laredeF ,noitatropsnarT fo tnemtrapeD .S.U :ecruoS .)7002 ˘ Because of the diversity of operations considered under the broad definition of general aviation, GA encompasses a wide spectrum of aircraft types. Registered general aviation aircraft in the United States--numbering slightly more than 220,000--range in size and purpose from very light sport aircraft with maximum takeoff weights of less than 1,320 pounds used strictly for recreational flying to very large business jets weighing more than 100,000 pounds used for long- range transcontinental and international travel. The composition of the current GA fleet, along with total hours flown in each aircraft category, is shown in Figure 1. Single-engine piston aircraft make up the large bulk of the fleet (66%). The large majority of these aircraft are comparably small in size, most weighing less than 5,000 pounds maximum takeoff weight including payload. Experimental aircraft, mostly small home-built airplanes, make up an additional 11% of the current fleet. Thus, while GA is quite diverse, the typical image of a GA aircraft as a small, light, single-engine airplane is an accurate portrayal of the large majority of GA aircraft, accounting for slightly more than three-quarters of all GA aircraft. 5002( nwolF sruoH dna noitisopmoC teelF noitaivA lareneG setatS detinU .1 erugiF )ataD 0202-7002 sraeY lacsiF--stsaceroF ecapsoreA AAF ,noitartsinimdA noitaivA laredeF :ecruoS .7002 hcraM , Although turbojet aircraft are a fast-growing segment of the GA fleet, they make up only about 4% of the current GA fleet, and this is not expected to change much over the next 12 years. Nonetheless, the growing number of turbojet aircraft has important implications for GA security as these heavier, faster, and more capable aircraft become more and more prevalent. While the numbers of GA piston and turboprop aircraft are expected to remain essentially flat for the foreseeable future, the number of GA turbojets is forecast to grow at a brisk pace of 4.1% per year over the next 12 years. By 2018, it is expected that there will be about 18,000 GA turbojets in service in the United States, compared to an estimate of slightly more than 10,000 in 2006. Turbojet flight activity is expected to grow at an even faster rate of 9.4% annually through 2020. Turbojet flight activity is expected to make up about 31% of all flight hours flown by GA aircraft in 2020, more than double the 14% of the total GA flight hours flown in turobjets in 2005. By 2020, total turbine operations--which include turbojets, turboprops, and turbine rotorcraft--are expected to make up 48% of all GA flight activity, compared to about 31% in 2005.7 7 Federal Aviation Administration. FAA Aerospace Forecasts--Fiscal Years 2007-2020. March 2007. While the number of GA turbojets is expected to increase dramatically over the next 12 years, it is important to bear in mind that small, single-engine aircraft will remain the large majority of the GA fleet by 2020. The FAA expects that through 2020, propeller-driven single-engine airplanes, two-seat light sport aircraft, and small home-built experimental airplanes will continue to make up more than 73% of the GA fleet, spurred by large projected growth of the fledgling light sport aircraft category.8 Security experts recognize that both the threats and vulnerabilities of these smaller aircraft are significantly different from the threats and vulnerabilities of medium and large sized GA turbojets and turboprops. Another segment of the GA industry is helicopters (rotorcraft), which make up only about 4% of the total GA fleet but are involved in several diverse and unique flight operations that introduce their own distinct set of security threats and vulnerabilities. The diversity of GA aircraft types and operations flown suggests that a one-size-fits-all approach to security is not practical--a tenet that both the GA industry and the TSA agree on.9 Like GA flight operations and aircraft types, general aviation airports also vary significantly in their size and purpose and range from unpaved private airstrips with runways less than 2,000 feet in length located in remote, unpopulated areas to busy general aviation reliever airports situated in major metropolitan areas and converted military airbases with runways of sufficient length to handle the largest of jets. In the United States, there are more than 19,000 total landing facilities including both public-and private-use facilities. Only about 450 of these airports serve regularly scheduled commercial passenger flights. The remainder consists of a wide variety of GA airports, heliports, and seaplane bases. Of these, almost 5,000 are public use, of which about 3,500 have paved runways. A large number of private use airports--more than 4,500 out of about 14,000 total airports--also have paved runways. About 3,500 public use GA airports and another 1,000 private use landing facilities have lighted runways for night operations.10 The FAA's National Plan of Integrated Airport Systems (NPIAS)--a compilation of those airports eligible for federal Airport Improvement Program (AIP) funding because they are considered vital to the nation's aviation infrastructure--includes 274 GA reliever airports that primarily serve GA operations in major metropolitan areas, plus slightly more than 2,500 additional GA airports--mostly located in rural areas--that serve as critical links between various communities and the national airspace system. Only these airports are specifically eligible for federal AIP funds to implement security enhancements such as hangars to secure aircraft or improved perimeter fencing. Airports that exclusively serve GA vary widely in terms of their proximity to densely populated areas, their levels of activity, and the types of operations conducted. To illustrate, consider Peachtree-Dekalb County Airport (PDK), a busy general aviation reliever located near Atlanta, Georgia. According to the FAA, PDK experiences an average of 639 operations per day, 64% by transient GA aircraft. According to a recent survey, PDK ranks 22nd among the busiest GA airports in the United States.11 While PDK has an air traffic control tower, even at this relatively 8 Ibid. 9 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security (October 1, 2003); and Transportation Security Administration, Security Guidelines for General Aviation Airports. Information Publication A-001 (May 2004). 10 Federal Aviation Administration. Administrator's Fact Book (August 2005). 11 General Aviation Manufacturers Association. General Aviation Statistical Databook 2006 (Updated February 12, (continued...) busy airport, the tower closes during late night and early morning hours. Almost 600 aircraft are based on the field including 56 jets and 13 helicopters. Contrast this with Red Stewart Airfield (40I) in Waynesville, Ohio--a 2,400 foot long grass strip located roughly midway between Dayton and Cincinnati. The airport--considered an "uncontrolled field" because it has no operating control tower--sees less than 50 operations per day. The airport is home to only 42 aircraft--40 small single-engine airplanes and two gliders--that account for most (89%) of the flight activity at the airport. While airports like Red Stewart Airfield do not appear to pose any particular security risk, security concerns may be raised regarding similarly sized airports located near critical assets. Consider Potomac Airfield (VKX) in Friendly, Maryland, which is located about 12 miles southeast of Washington, DC. The airport houses about 80 based aircraft, almost all of which are small single-engine airplanes, and sees only about 33 aircraft operations per day. However, because of its close proximity to critical national assets in Washington, DC, background checks are required for all pilots operating to and from the airport, and special aircraft identification and tracking procedures have been established to closely monitor flight activity at the airport. Thus, location in relation to major national security assets and other potential terrorist targets is a key factor in determining appropriate security measures for GA airports, as implementing measures like this at large numbers of small GA airports would likely be impractical and, in many cases, would not be possible to implement effectively, given currently available resources. Most security experts agree that applying identical or inflexible security measures at GA airports that vary so widely in their characteristics is likely to yield an unsatisfactory solution that could either overburden small airport operators or fail to mitigate potential vulnerabilities unique to specific airports or specific types of airports. Therefore, a risk-based strategy implementing security measures tailored to the unique characteristics and vulnerabilities of specific airports is generally thought to be preferable and has been advocated by aviation security experts and representatives from the GA industry.12 According to the FAA, general aviation directly generated $13.7 billion and 178,000 jobs in 2000 and its overall economic impact was $40.7 billion (roughly 0.4% of the Gross Domestic Product) and 511,000 jobs.13 The U.S. Government Accountability Office (GAO) provided a much higher estimate of the economic impact of GA, reflecting statistics often cited by the industry, stating that GA accounts for about 1.3 million jobs and contributes about $100 billion to the U.S. economy.14 While these larger figures probably take into consideration a broad reach of GA's indirect impact on travel and transportation-related business, the general picture provided by these various statistics is that GA is a relatively small but important component of the U.S. economy. As noted by the FAA, GA provides "on-the-spot efficient and direct aviation services to many medium and small-sized communities that commercial aviation cannot or will not (...continued) 2007). Washington, DC. 12 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security, and Transportation Security Administration, Security Guidelines for General Aviation Airports. 13 Federal Aviation Administration. FAA Aerospace Forecasts, Fiscal Years 2005-2016. 14 U.S. Government Accountability Office. General Aviation Security: Increased Federal Oversight is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success. (November, 2004) GAO-05-144. provide."15 GA also plays an increasingly important role in training pilots and mechanics to serve the airline industry. Additionally, GA operations provide wide-ranging capabilities critical to our economy such as emergency medical services, overnight package delivery to small and mid-sized communities, helicopter transport to support oil drilling in offshore and remote locations, and the aerial application of pesticides to support agriculture. The potential economic impact of security on GA could be quite significant. Since the terrorist attacks of September 11, 2001, GA airport operators and the industry have largely relied on their own initiatives and resources to implement security enhancements. These efforts have been somewhat limited because large scale security enhancements to protect GA assets across the country are expected to be rather substantial. For example, responding to criticism over a perceived lack of security at GA airports, Aircraft Owners and Pilots Association (AOPA) president, Phil Boyer, speculated "[w]e might be talking about $40 billion to fence every small airport in this country, where in the world is that money coming from?"16 While a $40 billion estimate may appear somewhat extreme and erecting fences at every airport in the country may not be the most appropriate course of action, Boyer's concerns highlight the ongoing challenge of adequately funding GA security initiatives, balancing these initiatives with other homeland security needs, and doing so in a manner that does not create an undue economic burden on the GA industry. At the same time, the GA industry has a vested interest in implementing security measures to adequately secure and protect airplanes from theft and vandalism. An article in a GA trade publication noted that while the intent of tightening GA security has largely been seen as a means to prevent terrorism, "...a more immediate benefit could be a stronger bottom line for GA."17 The Aviation Security Advisory Committee (ASAC) Working Group on General Aviation Airport Security--an industry group assembled to assist the TSA in developing security guidelines for GA airports--concluded that "... a flexible, commonsense approach to general aviation airport security is mandatory if the industry is to retain its economic vitality and prosper."18 Securing general aviation operations without incurring large costs and without imposing burdensome restrictions on legitimate general aviation operators is likely to remain a significant challenge for policymakers. ˘ GA security poses significant challenges for policymakers and security experts because GA is highly diverse, geographically dispersed, and relatively open compared to commercial airports servicing passenger airlines and other protected infrastructure such as nuclear reactors and chemical plants. The security threat is not so much to GA assets themselves, but rather, from terrorists seeking to exploit GA assets to attack critical infrastructure or high-profile targets. However, some GA assets could themselves be terrorist targets. For example, some corporate aviation operators have expressed concern that aircraft carrying high-profile business leaders and executives, such as presidents of major U.S. corporations, could be targeted, particularly when 15 Federal Aviation Administration. FAA Aerospace Forecasts, Fiscal Years 2005-2016. p. V-1. 16 Jim Hoffer. "Security Practically Non-Existent at Many Small Airports." 17 Robert Ross. "Keeping GA Safe and Secure." Professional Pilot, September 2005, p. 70. 18 Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security. October 1, 2003. Department of Homeland Security, Transportation Security Administration, p. 3. operating overseas in areas where security concerns exist. Nonetheless, the primary threat identified regarding GA, both overseas and within the United States, is the concern that aircraft may be used by terrorists to launch an attack against critical facilities or infrastructure. A secondary threat is that terrorists may infiltrate or otherwise exploit GA to gain knowledge and/or access to the airspace system in the United States. It is known that some of the 9/11 hijackers trained in small GA airplanes in the United States before carrying out their attack using commercial jets. Consequently, following 9/11, there was a specific focus, from both a law enforcement and a policy perspective, on the security of flight schools within the United States. The Aviation and Transportation Security Act (ATSA; P.L. 107-71) originally called on the Department of Justice to implement a program to conduct background checks of all alien applicants seeking flight training in the United States in aircraft weighing more than 12,500 pounds and mandated security training for flight school employees. Vision 100 (P.L. 108-176) placed the responsibility for these flight school background checks in the hands of the TSA and expanded the program to include a notification requirement when foreign students initiate training in lighter aircraft weighing less than 12,500 pounds. These measures were enacted in direct response to the perceived threat that terrorists may infiltrate flight schools in order to gain operating knowledge of aircraft and the U.S. national airspace system. Since September 11, 2001, policies and approaches for protecting GA aircraft and airports from being exploited in terrorist attacks have focused on providing general guidelines and establishing cooperative arrangements between the GA industry and the TSA for carrying out security enhancements without imposing a rigorous statutory or regulatory framework. The GA industry has argued that inflexible statutory or regulatory measures could impose unnecessary burdens on certain sectors of the GA industry and could be extremely costly to carry out effectively. Legislative actions addressing GA security have focused primarily on the vetting of foreign flight school applicants, GA pilots, and more recently, prospective charter and lease customers. Regulatory actions have primarily focused on airspace restrictions and protections, mostly around the nation's capital, in addition to addressing statutory mandates for vetting certain individuals with access to GA airports and aircraft. Physical security of GA airports and aircraft has largely been left to aircraft owners and pilots, airport operators, and local authorities. While aircraft owners and pilots have generally favored this approach to avoid potentially restrictive federal security regulations, it has created a perceived burden on airport operators and local authorities to identify and address security needs at the airport level. The TSA has issued guidelines, largely based on industry recommendations, but the federal involvement in terms of both regulatory activity and funding for GA security initiatives has been relatively limited. This approach has led the media and some policymakers and security experts to voice concerns over what they perceive to be persisting vulnerabilities at some GA airports. ˘ Some media reports have raised significant concerns over what has been described as "practically nonexistent" security at many small general aviation (GA) airports.19 GA advocates have countered that small general aviation aircraft do not pose a significant threat and point out that many GA airports have taken reasonable steps, largely on their own initiative, to enhance 19 See, for example, Jim Hoffer. "Security Practically Nonexistent at Many Small Airports." WABC TV-New York Eyewitness News, February 5, 2004. security.20 However, security concerns remain and a few high-profile incidents pointing to vulnerabilities in GA security have attracted considerable attention and raised concerns among some policymakers and security experts. In the first of these high-profile incidents following the terrorist attacks of September 11, 2001, a student pilot intentionally crashed a small single-engine airplane into a skyscraper in downtown Tampa, Florida on January 5, 2002. The pilot, described as a troubled youth, reportedly had expressed support for Osama bin Laden and the 9/11 terrorist attacks, but acted alone and had no known ties to any terrorist groups.21 More recently, on July 22, 2005, a small ultralight crashed near the German parliament building and Chancellor's office in Berlin in what was described by German air traffic control officials as a suspected suicide.22 The crash prompted German officials to establish a no-fly zone over central Berlin and again raised concerns in the United States over protecting key assets from possible attacks using GA aircraft as this incident occurred just over two months after a high-profile breach of the protected airspace around Washington, DC, by an unauthorized single-engine airplane that prompted evacuations of the White House and the U.S. Capitol.23 On October 11, 2006, the accidental crash of a small single-engine plane, piloted by New York Yankees pitcher Corey Lidle, into a New York City high-rise condominium--killing Lidle and his flight instructor and severely injuring one building occupant--renewed post-9/11 concerns over the safety and security of GA flights operated in closed proximity to major population centers. Following the crash, the FAA took action by restricting aircraft access to the East River corridor, a narrow wedge of airspace between Manhattan and Brooklyn where GA flights had been permitted at low altitudes, mostly on the grounds of safety rather than for security reasons. However, following the crash, some policymakers resounded their calls for enhanced security measures, such as GA flight restrictions, in the vicinity of New York City.24 While these various incidents have received significant attention given the focus on aviation security following the attacks of September 11, 2001, GA aircraft have been used maliciously in earlier incidents. Most notably, in the early morning of September 12, 1994, a suicidal individual with a history of mental illness, reportedly despondent over personal and business problems, intentionally crashed a stolen small single-engine airplane on the south lawn of the White House.25 While the airplane was completely destroyed and the perpetrator was killed in the crash, property damage was minimal and the incident posed no threat to those in the White House. Although these events have attracted substantial media interest, such incidents are relatively rare. While they identify real vulnerabilities in GA security, GA advocates caution that they should be properly viewed in the broader context of risk assessment, which fully takes into account the security threat and potential consequences to critical infrastructure posed by these aircraft as well 20 Aircraft Owners and Pilots Association. General Aviation and Homeland Security: A Security Brief by the Aircraft Owners and Pilots Association. Frederick, MD (January 23, 2004). 21 Vickie Chachere. "Police: Student pilot who crashed Cessna into Florida building inspired by bin Laden." Associated Press Newswires, January 7, 2002. 22 David McHugh. "Small Plane Crashes Near German Parliament." Associated Press Newswires, July 22, 2005. 23 Hugh Williamson. "Ban on Small Aircraft Flying Over Berlin." Financial Times (London), July 25, 2005. 24 Carol Eisenberg, "FAA Bans Fixed-Wing Planes from East River," Newsday, October 14, 2006. 25 The White House Office of the Press Secretary. Press Briefing by Ron Noble, Under Secretary of the Treasury for Enforcement and Carl Meyer, Special Agent, United States Secret Service. September 12, 1994. Robert Pear. "Crash at the White House: The Pilot." The New York Times, September 13, 1994, p. 20. as the nature and scope of specific vulnerabilities. First, while each of these cases highlights a potential threat involving general aviation aircraft, it is important to note that in each of these cases, damage caused by the aircraft was relatively limited and no injuries or deaths to persons on the ground occurred. Second, while the incidents in Tampa and Berlin and the 1994 White House incident point to a legitimate concern over suicidal pilots, an examination of National Transportation Safety Board (NTSB) aviation accident data, spanning from 1962 through 2007, revealed that suspected suicides using GA aircraft have been extremely rare, occurring at a rate of less than two incidents per year.26 Perhaps more notably, none of these incidents resulted in any deaths of persons on the ground. Two widely reported thefts of GA aircraft in 2005 raised concerns among several policymakers because they were viewed as indicators of vulnerabilities in GA operations that could be exploited by terrorists. For example, in an incident that occurred on June 22, 2005, a 20-year-old Connecticut man allegedly stole an aircraft from a Danbury, Connecticut, flight school and took two teenage accomplices on a late-night "drunken, three-hour joyride" before landing on a taxiway at the Westchester County, New York, airport.27 Later that year, on October 9, 2005, a 22- year-old Georgia man stole a Cessna Citation VII business jet, one that he had served on as a copilot but was not qualified or authorized to fly on his own, from the St. Augustine, Florida, airport. The individual took his friends on a late-night joyride of more than 300 miles, landing the jet at its base airport, Gwinnett County (Georgia)-Briscoe Field airport near Atlanta.28 This incident raised security concerns because the jet aircraft was flown in close proximity to several Florida and Georgia cities without raising any suspicion because aircraft operating below 18,000 feet, regardless of size or capability, typically are not required to file flight plans or establish communications with air traffic controllers when operating under visual flight rules. While thefts of jet aircraft are extremely rare, in another incident that occurred on December 15, 1997, an individual with falsified FAA credentials stole a Lear Jet from the Fort Lauderdale Executive airport in Florida and piloted the airplane to Nicaragua to use the plane for charter flight operations.29 Like suspected suicides using aircraft, thefts of small GA aircraft are relatively rare, and thefts of jet aircraft are practically unheard of. The AOPA notes that, historically, only about a dozen GA aircraft are stolen each year and recent trends suggest that owners and operators of these airplanes are taking steps to reduce their vulnerability to theft.30 Statistics from the Aviation Crime Prevention Institute, Inc. indicate that thefts of GA aircraft have declined considerably since 2000 (see Figure 2).31 Since the declining trend in thefts of aircraft and aircraft parts, like expensive avionics components, was evident prior to the 9/11 terrorist attacks, it is difficult to draw any meaningful inferences regarding the potential impact that post-9/11 security awareness and 26 CRS analysis of NTSB Aviation Accident Database and Synopses from 1962-2004 (available at http://www.ntsb.gov/ ntsb/query.asp). 27 Richard Liebson. "1 Held in Drunken Joy Ride in Cessna." The Journal News (White Plains, NY), June 23, 2005, p. 1A. 28 Mike Morris. "Bufurd Man, 22, Accused of Stealing Jet." The Atlanta Journal-Constitution, October 12, 2005. 29 U.S. Department of Justice. Marcos Daniel Jiménez, United States District Attorney for the Southern District of Florida. "Defendant Sentenced for Transporting Stolen Lear Jet and Possession of False Identification Documents." Press Release, January 5, 2005: Miami, FL. 30 Aircraft Owners and Pilots Association. General Aviation and Homeland Security. 31 Ibid.; Testimony of Mr. Andrew Cebula, Senior Vice President, Government and Technical Affairs, Aircraft Owners and Pilots Association, Before the Senate Committee on Commerce, Science, and Transportation Regarding General Aviation Security, June 9, 2005. initiatives may have had on reducing thefts. These trends also do not necessarily indicate that GA aircraft are now less vulnerable to theft, but rather may simply suggest that existing vulnerabilities in GA security are less frequently exploited, perhaps because of a general perception that security is now tighter. While airplane thefts may be rare, high-profile thefts, like the cases cited above, provide some anecdotal evidence that individuals with knowledge of GA airports and aircraft could exploit existing security vulnerabilities and gain access to aircraft relatively easily, despite the increased security awareness at GA airports since the 9/11 attacks. morf straP dna scinoivA fo stfehT dna stfehT tfarcriA fo rebmuN launnA .2 erugiF )6002-0991( setatS detinU eht ni tfarcriA 250 200 150 100 50 0 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 Aircraft Thefts 41 56 41 36 35 36 24 44 21 20 11 15 13 6 11 11 8 Avionics, Parts Thefts 21 19 17 16 12 13 11 11 11 11 91 81 75 52 88 63 62 Aircraft Thefts Avionics, Parts Thefts .)gro.ipca.www( .cnI ,etutitsnI noitneverP emirC noitaivA :ecruoS While none of the events discussed above has been linked to terrorism, some limited intelligence information that has been made public suggests a continued terrorist interest in using GA aircraft to carry out attacks both domestically and overseas. For example, a crop duster pilot in Florida identified 9/11 suicide hijacker Mohammed Atta as an individual who had approached him in early 2001 inquiring about the purchase and operation of crop duster aircraft.32 Similarly, U.S. authorities presented evidence that Zacharias Moussaoui--who was arrested prior to the 9/11 attacks after raising suspicions surrounding his desire to train in large aircraft simulators and pleaded guilty to conspiring with the 9/11 hijackers--made similar inquiries about starting a crop- dusting company while living in Norman, Oklahoma. Evidence was also presented that Moussaoui was in possession of a computer disk containing information regarding the aerial application of pesticides.33 This evidence raised concerns at the Central Intelligence Agency (CIA) that al Qaeda has "considered using aircraft to disseminate [biological warfare] agents."34 The CIA also suggested that, in initially planning the 9/11 attacks, one of Osama bin Laden's associates proposed that the World Trade Center be targeted by small aircraft packed with explosives, but bin Laden himself altered the plan to use large commercial jets instead.35 If true, this suggests that terrorists engaged in some deliberative process of weighing the pros and cons of using small general aviation aircraft as compared to commercial airlines in planning the 9/11 attacks. While the terrorists favored commercial aircraft in carrying out their attack on September 11, 2001, in the post-9/11 environment, heightened security measures at commercial airports could make GA assets considerably more attractive to terrorists than in the past. While it is unlikely that small GA aircraft packed with conventional explosives could cause the amount of destruction inflicted on September 11, 2001, large jet aircraft in the GA fleet or smaller aircraft carrying chemical, biological, radiological, or nuclear (CBRN) weapons may pose a more formidable threat. Although no publically available intelligence on terrorist operations since September 11, 2001, has indicated any specific threat involving GA aircraft domestically, evidence indicates that al Qaeda has maintained a continued interest in using small aircraft to attack U.S. interests overseas. For example, on April 29, 2003, Pakastani authorities apprehended Waleed bin Attash (a.k.a., Khallad, Tawfiq bin Attash), the suspected mastermind of the U.S.S. Cole bombing and a known associate of the 9/11 hijackers, and five other suspected al Qaeda operatives in Karachi, Pakistan. Soon after the arrests, authorities uncovered a plot to crash a small, explosives-laden airplane into the United States consulate office in Karachi illustrating al Qaeda's continued interest in using aircraft to attack U.S. assets.36 The DHS subsequently issued a security advisory indicating that al Qaeda was planning to use GA aircraft to attack warships in the Persian Gulf as well as the U.S. Consulate in Karachi, Pakistan. While the advisory characterized these threats as a demonstrated 32 Statement for the Record of Robert S. Mueller III, Director, Federal Bureau of Investigation, Before the Joint Intelligence Committee Investigation into September 11, U.S. Congress, June 18, 2002 33 United States of America v. Zacharias Moussaoui (Defendant). Indictment. In the U.S. District Court for the Eastern District of Virginia, Alexandria Division. December 2001 Term. 34 U.S. Central Intelligence Agency. Terrorist CBRN: Materials and Effects. 35 U.S. Central Intelligence Agency. Unclassified Version of Director of Central Intelligence George J. Tenet's Testimony before the Joint Inquiry into Terrorist Attacks Against the United States, June 18, 2002. 36 Associated Press. "U.S. Uncovers Al-Qaida Plot in Pakistan; The Terrorist Group Allegedly Planned to Fly an Airplane into the American Consulate." Telrgraph-Herald (Dubuque, Iowa), May 3, 2003, p. A7. "fixation" on using aircraft in attacks against U.S. assets, it was strongly criticized by GA interests for being overly alarmist and overstating the potential threat posed by small GA aircraft.37 In examining the security risk posed by aircraft that could be utilized in suicide attacks or as launch platforms for conventional weapons, the threat posed by general aviation aircraft is largely a function of aircraft weight, payload capacity (including fuel capacity), and speed. Other factors would likely play a relatively small role in the overall threat posed by particular aircraft. For example, aircraft agility--a rough measure of its capability to maneuver and evade countermeasures--may be considered a factor in the risk equation, albeit a relatively minor one. A small two-seat sport aircraft might be quite agile, but its small size, relatively slow speed, and limited payload capacity may significantly limit the threat posed by such an aircraft. GA interests point out that most GA aircraft are capable of carrying less payload than a typical light car.38 For example, both the Cessna 172 and Piper Warrior--very popular single-engine aircraft--have maximum takeoff weights of less than 2,500 pounds and useful payloads (including fuel and occupants) of less than 1,000 pounds.39 By contrast, the truck bomb used in the April 19, 1995, Oklahoma City bombing was believed to have contained about 5,000 pounds of improvised explosives and the truck bomb involved in the February 26, 1993 bombing at the World Trade Center in New York City was believed to contain a 1,300 pound device. While these events involved unusually large explosive devices, typical light GA aircraft would only be able to carry a device a small fraction of this size. Thus, at least with regard to being used as a platform for conventional explosives, the threat posed by light GA aircraft is relatively small compared to trucks which have significantly larger payload capacities.40 However, as ground based security measures such as setbacks, barriers, and access controls are implemented around critical infrastructure, terrorists may view GA aircraft as a possible means to circumvent these defenses. While many forms of ground transportation, especially trucks, can accommodate significantly larger payloads than almost all GA aircraft, some observers fear that aircraft may be used in a terrorist attack because they cannot be as easily thwarted by blockades, barriers, or other physical security measures. Nonetheless, executing an attack that involves loading a GA aircraft with a large quantity of explosives may be difficult without raising some suspicion at the airport, at least domestically where airport operators and pilots have been instructed to be vigilant for such unusual activities. While the threat posed by light GA aircraft carrying conventional explosives is limited by the size and speed of these aircraft, some experts argue that small aircraft may pose a significant threat if used as a platform to launch a chemical, biological, radiological, or nuclear (CBRN) attack over a densely populated area. In these cases, payload capacity and speed may not be considered as 37 Ibid. 38 Aircraft Owners and Pilots Association. General Aviation and Homeland Security: A Security Brief by the Aircraft Owners and Pilots Association. (January 23, 2004, Frederick, MD). 39 Based on information from Cessna Aircraft Company, Information Manual: Skyhawk Model 172P, May 12, 1981, and Piper Aircraft Corporation, Piper Warrior II Information Manual, Revised September 12, 1990. 40 While weight is not the only consideration in evaluating explosive force, it is meaningful for comparing the potential threat posed by aircraft and vehicles that differ in terms of their payload capacity. significant components of the risk equation. Rather, with regard to the CBRN threat, the most significant element associated with small GA aircraft appears to be their unique capability to fly at relatively low altitudes above densely populated areas and large congregations of people on the ground. In fact, the slow speed of these smaller aircraft and the ease at which doors and windows on non-pressurized airplanes and helicopters can be operated in flight may actually pose a greater threat from certain types of attacks, such as chemical and biological attacks, as compared to larger, faster aircraft. Agricultural aircraft used for spraying crops with pesticides and fertilizers pose a unique threat as a platform for a biological or chemical attack because they are specifically designed for aerial dispersal and could be exploited by terrorists for this specific purpose. However, the chemical and biological threat using GA aircraft may not be as ominous as some casual observers may fear. First, many chemical agents must be released in rather high concentrations. Some, such as cyanides, may only be effective as a chemical weapon if dispensed in an enclosed area therefore greatly limiting the threat of aerial dispersion.41 While other chemical agents--such as caustic mustard agents and military nerve agents--may be effective in open air settings, the limited payload of small GA aircraft may limit the scope of an aerial attack using such agents. Second, aerial dispersion of either a chemical or biological agent over populated areas or large congregations of individuals is likely to be easily detected. If a suspected aerial dispersion of a chemical or biological agent is promptly reported, a timely public health response could significantly limit the impact of such an attack. In general, experts believe that if any chemical or biological attack were to occur--whether using a small airplane or some other method to attack--it would likely be on a small scale physically, but nonetheless, it may have a large psychological impact on the population.42 More specifically, in terms of using small GA aircraft to carry out such an attack, the greatest threat appears to be to large, open-air assemblies such as major outdoor sporting events and concerts. In fact, one of several homeland security planning scenarios--developed by the White House Homeland Security Council in partnership with the DHS--describes the potential effects of an adversary using a light aircraft to spray a chemical blister agent into a packed college football stadium holding 100,000 people.43 The scenario's predicted impact includes 70,000 hospitalizations due to exposure, including many permanent impairments and 150 deaths, but notes that expedient decontamination could reduce injuries by one half. This would likely be a worst case scenario in which an extremely large assembly of people could potentially be victimized. Even in densely populated areas, this degree of impact from an aerial attack not specifically targeting a large outdoor assembly is unlikely because it might be expected that many individuals would be indoors or adequately protected by buildings and other structures. Nonetheless, while such an attack may be limited in terms of its physical impact, it may cause widespread fear and panic. By comparison, the threat from radiological and nuclear devices appears to be much greater in terms of the potential for mass casualties and physical destruction. A small-scale explosive radiological dispersal device--a so-called "dirty-bomb"--could easily fit inside a suitcase or a 41 U.S. Central Intelligence Agency. Terrorist CBRN. 42 See CRS Report RL31831, Terrorist Motivations for Chemical and Biological Weapons Use: Placing the Threat in Context, by Audrey Kurth Cronin. 43 White House Homeland Security Council, David Howe, Senior Director for Response and Planning. Planning Scenarios: Executive Summaries (July 2004, Version 2.0). backpack,44 and a pilot carrying such a device onto a small airplane may not arouse any particular suspicion at an airport. However, the threat from such devices is not unique to GA aircraft as these devices could reach their intended target by other means, including being carried in a small car or even being carried by a pedestrian. Most experts concede that, once in the hands of terrorists, it may be difficult to stop an attack with a radiological or nuclear device because many options are available to deliver the weapon to its intended target. Using GA aircraft is one of many means for launching such an attack. However, there is no reason to believe that GA aircraft are any more appealing to terrorists nor any more vulnerable than other possible methods to carry out such an attack. Concerns have also been raised over the potential threat that an aircraft attack may pose to a nuclear power plant, a chemical plant, or other potentially vulnerable infrastructure where a terrorist attack could inflict widespread damage and mass casualties. A review of security measures at nuclear reactors prepared by the office of Representative Markey identified several perceived vulnerabilities at nuclear reactor sites suggesting that these facilities may be vulnerable to 9/11-style attacks using general aviation aircraft. Based on information provided by the Nuclear Regulatory Commission, Representative Markey's office issued a report on nuclear reactor security that included an assessment of the vulnerability of these facilities to an attack by aircraft.45 The report noted that while 21 out of 103 reactors in the United States are located within 5 miles of an airport, 96% of U.S. nuclear reactors did not factor the impact from even a small aircraft into their design. Four reactors were evaluated during their design to consider impacts from aircraft weighing up to 12,500 pounds which would include most GA aircraft except for business jets and large twin engine aircraft. Three Mile Island in Pennsylvania was cited as the only facility where portions were designed to withstand the impact of large airliners in addition to smaller aircraft. In contrast, the report noted that some European countries, including Switzerland and Germany in particular, incorporate safety features such as reinforced concrete walls and spatial separation of critical safety systems to withstand the crash of certain types of military and commercial aircraft. Other examinations of the potential threat to nuclear facilities from aircraft have focused on perceived vulnerabilities of spent-fuel pools used to cool expended nuclear fuel. However, power companies maintain that a study modeling the impact of an aircraft crash into a spent-fuel pool wall concluded that while such a scenario could crush or crack the wall, it would not likely cause a release of radiation46. A report prepared for the AOPA by Robert Jefferson, a nuclear reactor safety consultant, concluded that the threat to nuclear reactors from small general aviation aircraft is "practically non-existent" and "...it is unlikely that a terrorist would choose a light general aviation vehicle to threaten a nuclear power plant."47 Jefferson's analysis concluded that even the impact of an airliner like those used in the 9/11 attacks would, in all likelihood, be unable to penetrate the outer containment vessel and argued that the analysis referenced by Representative Markey 44 U.S. Central Intelligence Agency. Terrorist CBRN. 45 Staff Summary of Responses by the Nuclear Regulatory Commission to Correspondence from Rep. Edward J. Markey (D-MA), Member, Energy and Commerce Committee, U.S. House of Representatives. Security Gap: A Hard Look At the Soft Spots in Our Civilian Nuclear Reactor Security. March 25, 2002. 46 Gary Stoller. "Nuclear Plants near Airports May Be at Risk." USA Today, June 10, 2003. 47 Robert M. Jefferson. Nuclear Safety: General Aviation Is Not a Threat (May 16, 2002), p. 4 and p. 1. Available from Aircraft Owners and Pilots Association, Frederick, MD. significantly overstates the risk potential and "...overlooks the fact that by their very design, nuclear power plants are inherently resistant to [airborne attacks]."48 The report also concluded that the proximity of nuclear reactors to GA airports does not increase the exposure of these facilities to terrorist threats. Although the specific threat posed to nuclear facilities by GA aircraft remains a contentious issue, the FAA has kept in force restrictions on circling, loitering, or otherwise flying in a suspicious manner around nuclear facilities. Arguably, these measures would provide little deterrent against a well-planned terrorist attack. However, they highlight the continued concern over possible airborne threats to nuclear facilities, whatever the true risk may be. More elaborate measures to protect nuclear facilities, such as implementing anti-aircraft defense capabilities around nuclear facilities, are wrought with operational and policy complexities including high costs, questionable effectiveness, and a potentially high risk of shooting down an errant GA pilot who meant no harm. While light GA aircraft appear to pose a relatively limited threat by themselves in terms of physically damaging critical infrastructure, larger GA aircraft pose a potentially more formidable threat. Due to the size and speed of some of these aircraft, particularly mid-sized and large business jets, they could inflict significant damage to buildings and critical infrastructure if used in a suicide attack. These aircraft have significantly larger payload and fuel capacities which would have a direct bearing on the degree of physical damage they could cause to buildings and infrastructure. Thus, in terms of both assessing risk and identifying options for mitigating the security risk posed by GA, the distinction between small GA aircraft that make up the large majority of the fleet and larger business jets has important implications. While small aircraft appear to pose a greater threat as possible platforms for chemical or biological attacks, large business jets appear to pose more of a threat from being exploited in a suicide attack scenario similar to the September 11, 2001, attacks using commercial airliners. Because the various sectors of GA appear to pose distinct threats, risk mitigation strategies arguably should be tailored to some degree to address the specific security threats posed by different sectors of the GA industry as well as the specific nature of potential security vulnerabilities that also vary across different types of aircraft and flight operations. ˘ A variety of options exist for mitigating security risks posed by GA aircraft and flight operations, many of which have been implemented or are currently under development or consideration. As previously discussed, the selection of mitigation options may need to be tailored to specific vulnerabilities and threats of different sectors of the GA industry which may differ significantly in their degree and scope. While a wide range of options is available, many of the more extensive and costly options for providing security may not be economically feasible, practical, or necessary at smaller GA airports away from major population centers. Several available options center on traditional security techniques to improve access controls and surveillance around GA facilities and better protect aircraft against theft and unauthorized use. Additional options include procedures for vetting individuals with authorized access to aircraft and aviation facilities, and 48 Ibid, p. 1. procedures for clearing passengers. Another possible option for enhancing GA security would be to address law enforcement and homeland security response to suspicious activities and improved intelligence tracking of such incidents to identify patterns indicative of possible terrorist activity. Finally, in terms of adopting a layered security system to augment measures put in place at airports, airspace restrictions and defenses may be considered to protect high-profile sites and critical infrastructure from the threat of aerial attacks. Costs, in terms of direct implementation and oversight costs as well as the indirect costs related to disruption of air commerce and freedom of movement, are likely to be important considerations in assessing the utility and feasibility of implementing specific options to enhance GA security. For example, implementing broadly applied security requirements for all GA airports may impose significant cost challenges, particularly to small, rural airports where the need for such measures may be questionable. Also, airspace restrictions tend to be highly contentious because while they directly impact air commerce and the freedom of movement, they are viewed by some experts as being of questionable value in preventing a terrorist attack unless coupled with elaborate air defense capabilities. Deploying air defense capabilities on a large scale to protect against possible aircraft attacks carries a relatively high cost and involves extensive commitments of resources and collaboration between the FAA, the DHS and the Department of Defense (DoD). The costs and benefits associated with various mitigation options can be analyzed in a risk analysis framework--examining the threat and vulnerability of specific sectors of the GA industry as well as the potential consequences of various attack scenarios exploiting general aviation--to better understand the tradeoffs between various options. Because of the diversity of GA airports, aircraft, and flight operations, and the varied threats and vulnerabilities posed by different sectors of the GA industry, a logical starting point in mitigating security risk would be to perform systematic risk analyses or security risk assessments examining specific components of GA. The FY2006 Department of Homeland Security Appropriations Act (P.L. 109-90) required the DHS to examine the vulnerability of high-risk areas and facilities to possible attack from GA aircraft. This mandate focused on the specific vulnerability of critical infrastructure to attack, which relates more closely to the threat to critical infrastructure and other significant sites posed by GA aircraft as discussed in this report. In this report vulnerability has referred instead to the specific weaknesses in security measures to protect GA airports and aircraft that could be exploited to gain unauthorized access to facilities and aircraft. A comprehensive risk assessment and risk mitigation strategy would likely take into account both the threat and vulnerability associated with GA operations as well as the potential cost of consequences associated with possible terrorist attack scenarios. ˘ Experts acknowledge that various security threats and vulnerabilities to GA exist. An analysis of GA security by the International Civil Aviation Organization (ICAO) concluded that "[t]he challenge of designing general aviation security measures focuses on the need to thoroughly define the threat. Before security standards can be developed, there must be a clear picture of the problem."49 Security risk can be viewed as a function of: (1) the threat or threats posed by a specific type of flight operation or activity measured in terms that attempt to quantify the probability of various terrorist attack scenarios; (2) the vulnerability or susceptibility of existing 49 Donald Spurston. "Security Requirement for GA Operations Should be Based on Threat Assessment." ICAO Journal, Number 8, 2002, p. 18. security weaknesses measured in probabilistic terms reflecting the likelihood that they could be exploited by terrorists; and (3) the possible consequences measured in terms of predicted damage or associated cost. Using this risk analysis framework, the relative effectiveness of mitigation options can be evaluated in terms of how specific security enhancements might reduce vulnerability and how resources could be allocated in a manner to mitigate threats based on their likelihood and their potential consequences. The anticipated risk reduction can then be compared to expected costs in an attempt to determine the most cost effective strategies for enhancing GA security. For passenger airline operations, a layered approach to aviation security has been implemented. This layered system includes passenger name checks against watch lists, passenger and baggage screening, access controls at airports, hardened cockpit doors, and armed air marshals and pilots on passenger airlines. The layered approach has a unique advantage in reducing vulnerability by adding additional safeguards to foil terrorists, thereby greatly reducing the overall vulnerability of the entire system. In probabilistic terms, the vulnerability of the entire security system is the combined or joint probability that each individual layer could be breached or circumvented. Thus, while the threat of terrorism still exists, most experts would agree that, in the case of passenger airlines, the risk of terrorism has been significantly mitigated by greatly reducing the vulnerability that security weaknesses could be exploited by terrorists through the implementation of a multilayered security system. One challenge often cited and already noted in this report is the diversity of GA airports. In many respects, the characteristics of GA airports are much more diverse than those of commercial passenger airports. Yet recognition of this diversity is not always acknowledged in discussions of GA security risk. In contrast, commercial passenger airports are stratified in a tiered system based on their security needs: commercial airports are placed into one of five categories (Category X, I, II, III, IV) based on factors such as the volume of passengers, the level of international operations, and the proximity to critical assets and locations like Washington, DC. A similar model could be adopted to categorize GA airports based on their security risks and the particular security needs of certain classes of GA airports, or in some cases for specific operators of large fleets of GA aircraft. Toward this goal, the TSA provided, as part of its security guidelines for GA airports, an airport characteristics measurement tool whereby airports are scored based on a variety of factors, including their proximity to metropolitan areas and sensitive sites; surrounding airspace; the number of based aircraft; runway lengths; the numbers and types of flight operations; and the presence of maintenance, repair, and overhaul (MRO) facilities.50 Using this tool, airports are scored on a scale ranging from zero to 64. Based on the scoring, airports will fall within one of four bands, and the TSA has provided suggested security enhancements for each of the four bands. However, because use of this assessment tool is voluntary, and because the process is relatively generic and does not consider site-specific factors, it provides only a rudimentary risk assessment tool and process for GA airport operators. While the requirement established under the FY2006 Department of Homeland Security Appropriations Act (P.L. 109-90) mandated a broad examination of the security threat posed by GA, more detailed security risk assessments can be done either at the airport level or, for some larger operators such as large corporate and fractional-ownership fleets, at the operator level. Subsequently, the Implementing the 9/11 Commission Recommendations Act (P.L. 110-53) has 50 Transportation Security Administration. Security Guidelines for General Aviation Airports. Information Publication A-001, May 2004. included a requirement for the TSA to develop and implement a standardized threat and vulnerability assessment program for general aviation airports, and implement that assessment program "on a risk-managed basis" at GA airports. Also, the act requires the TSA to complete a feasibility study to assess the concept of providing grants to GA airport operators, based on a risk- managed approach, for security enhancements. If deemed feasible, the bill authorizes the implementation of such a grant program. Due to the diversity of GA airports and the kinds of operations that they accommodate, the risk picture is likely to vary widely. For example, some small airports in Midwestern and mountain states might have few security measures in place and therefore may be considered vulnerable. However because of their remote location--away from major population centers--these airports may pose little threat. On closer examination, it may be found that such airports may not be particularly vulnerable to terrorist infiltration based on several factors. For example, a remote location away from any high-profile sites or densely populated areas might not be particularly attractive to terrorists, and the close-knit community of airport users in small, rural communities may be more likely to spot outsiders and detect suspicious activity. On the other hand, a busy GA reliever airport near a major metropolitan airport may pose a greater risk. Even if such an airport has implemented various security measures to mitigate risk, it may still be regarded as more vulnerable than a rural airport because terrorists may be able to more easily blend in with large numbers of individuals accessing the airfield, and while certain access control measures may be in place, they may not be adequate for preventing motivated terrorists from circumventing these measures or exploiting weaknesses in access controls. The TSA's approach to risk assessment to meet the sector-specific security plans called for in Homeland Security Presidential Directive(HSPD)-7: Critical Infrastructure Identification, Prioritization, and Protection includes the development of a Vulnerability Information Self Assessment Test (VISAT) for GA airports. VISAT programs have already been developed for other transportation infrastructure including maritime, rail, bridges, and mass transit, and others are under development for other transportation sectors including rail and trucking HAZMAT.51 The GA VISAT is designed to be a self-guided, computer-based assessment tool designed to assess risk and mitigation at GA airports. However, this TSA approach to assessing security risk at GA airports has been criticized over its lack of understanding and differentiation of GA from the air carrier environment and its extensive reliance on standards developed for nuclear power plant security that do not adequately address the public access needs of GA airports.52 Critics have argued that the TSA should instead, incorporate more updated threat and risk management standards developed by FEMA that more fully address public access needs.53 While some of these recommendations may be incorporated into the final assessment tool issued by the TSA to assess security risk at GA airports, a comprehensive, standardized tool to perform detailed analyses of security risks in the GA sector does not currently exist. Many experts believe that such a tool could be extremely beneficial for identifying risks and designing security programs for specific airports or specific categories of GA airports. More detailed security risk assessments can be carried out at the airport level or, for some larger operators, such as large corporate and fractional-ownership fleets, at the operator level. Among 51 Transportation Security Administration. DHS-Vulnerability Identification Self-Assessment Tool (VISAT). 52 Robert Olislagers. "General Aviation Security: The Ups & Downs of Threat Management." Airport Magazine, May/June 2005, pp. 59-61. 53 Ibid. state initiatives aimed at improving general aviation security at the airport level, several aviation security experts and members of the GA community have praised the Commonwealth of Virginia's approach. The Virginia Department of Aviation, relying on an Aviation Security Advisory Committee (ASAC) comprised of various aviation agencies and associations, developed a voluntary program for general aviation airports that provides incentives for capital investment to those airports that complete security "self-audits" on annual basis and undergo Virginia State Police audits of security every three years. The audits focus on access controls, maintenance and upkeep of security aspects of the airport property, and surveillance capabilities and weaknesses at the airport. Key strengths of the program highlighted by its supporters include the fact that it is a voluntary, incentive-based program, that it is proactive in its approach, and that it fosters a cooperative partnership between airports and law enforcement that may prove beneficial in responding to security incidents at the airport.54 Various other states, such as Massachusetts and Ohio, either mandate that all GA airports carry out security audits and/or develop a formal security plan or require such actions for an airport to be eligible for state funding.55 Based on detailed analyses, cost-effective security programs that address the specific degree and nature of risk at specific airports can be designed and implemented. Various combinations of security measures are available and can be tailored for airport-specific or operator-specific security plans. These include various approaches to: surveillance and monitoring; airport access controls; and physical security measures to protect aircraft. These specific security systems implemented by airports and operators may be augmented by broader initiatives such as the vetting of GA pilots and airport workers at the federal level and establishing specific procedures and defenses to protect airspace near critical locations such as key federal facilities in Washington, DC. In the following discussion, these various approaches and the challenges associated with applying them to GA security are analyzed in further detail. Surveillance and monitoring of GA operations are a challenge. Of the 5,286 public use landing facilities in the United States, only about 500 have operating control towers and most of these are located at airports with regularly scheduled commercial service. Only the busiest airports that cater exclusively to GA aircraft have operating control towers. These airports usually are geographically large and congested making surveillance for security purposes from the tower difficult. What's more, even at the limited number of GA airports with operating control towers, most towers are not operated on a continuous basis and close during late night and early morning hours. Further, even during times of operation, the security role of staffed control towers is unclear. During operating hours, controllers remain busy performing air traffic separation and control functions, making it difficult for them to spot unusual activity or detect unauthorized aircraft usage unless suspicions are raised by unusual requests, improper phraseology, or procedural violations. Therefore, the mere presence of an operating control tower appears to provide little additional security to a GA airfield. Smaller GA airports, most of which do not have operating control towers, are usually not attended by airport management or fixed-base operators (FBOs) on the field 24 hours a day. Depending on 54 Craig Williams, General Aviation Safety and Security Practices: A Synthesis of Airport Practice, Airport Cooperative Research Program, ACRP, Synthesis 3, Washington, DC: Transportation Research Board of the National Academies, 2007. 55 Ibid. the frequency of traffic, an airport may be attended only during daylight hours, or sometimes during limited evening hours. Aircraft may still use many of these airports during late night and early morning hours as runway lights can be controlled from the cockpit using onboard radios. Airport access controls and surveillance during these unattended hours presents a unique challenge to airport operators. On the one hand, accessability is important to meet the needs of air commerce by allowing operations such as late night arrivals and departures for business trips and overnight cargo delivery to small communities. Furthermore, maintaining airport accessibility at night provides a critical safety function allowing pilots sufficient alternate landing sites if required to deviate for weather or mechanical reasons. Providing adequate site security for GA airports while allowing airport access for these purposes, including access for transient aircraft, presents a daunting challenge. Full time security is a costly option for many small airports. Remote sensing and surveillance using cameras and motion sensors, for example, may offer a somewhat more cost effective alternative, but requires close coordination with local security forces and law enforcement to respond to suspected threats or security breaches. Uncertainty and high false alarm rates in detection systems can drive up costs associated with security response and can lead to complacency that may limit the effectiveness of these systems. However, these remotely monitored security systems provide an alternative to security monitoring for many airport sites where full time on-site security is cost prohibitive. At least one vendor provides tailored security packages, integrating alarms, cameras, entry and access controls, fencing, lighting, motion detectors, and acoustic sensors.56 A key element of these types of integrated security systems is their monitoring capabilities, including remote internet-based monitoring of cameras and other intrusion detection devices, and the capability to tie into local law enforcement networks for coordinated response. However, these integrated systems can be quite costly to install, maintain, and operate. Consequently, the GA community, in coordination with the TSA, has applied a long- established method of providing security and surveillance in residential neighborhoods--the neighborhood watch concept--to GA airports throughout the United States. To enhance surveillance at airports, the TSA, in cooperation with the AOPA and the National Response Center, launched an airport watch program at GA airports in December 2002.57 The airport watch program is similar to a neighborhood watch program and relies on the cooperation and participation of pilots, airport tenants, and airport workers to observe and report suspicious activity. Educational and training materials have been made available to these individuals to increase their awareness regarding potentially suspicious activity, and a hotline--1-866-GA- SECURE--has been set up to log reports of suspicious activity. Under the program, instructional materials advise observers to call local law enforcement using 911 if they believe the situation potentially poses an immediate threat. Since its inception, the Airport Watch program has been credited with alerting authorities to suspicious activities at GA airports on several occasions. For example, the AOPA cited one peculiar incident as a demonstration of the effectiveness of the airport watch concept. In August 2004, two men of "Middle Eastern appearance" presented themselves at an airport near St. Louis 56 Robert Ross. "Keeping GA Safe." 57 Transportation Security Administration. "General Aviation--Hotline." offering cash to charter a helicopter and presenting driver's licenses from two different states as identification. The charter operator also noted that the men were driving a vehicle registered in a third state and observed the men removing "odd shaped luggage" from that vehicle in preparation for the flight. Based on these observations, the charter operator stalled the suspicious individuals and notified the FBI and local law enforcement who responded and arrested the two individuals. The suspicious characters turned out to be reporters on assignment to demonstrate how easily terrorists could hijack a helicopter.58 The AOPA noted several other successes of the Airport Watch program including the capture of a suspected con man in Kansas who attempted to rent aircraft at several facilities, and several cases of suspicious inquiries regarding aircraft rentals, charter flights, flight instruction, and use of hangar storage space. These incidents all resulted in responses by federal law enforcement authorities, although none have been specifically linked to terrorism.59 Despite the benefits and successes of the Airport Watch Program, which have been achieved at a relatively low cost, there are several challenges to implementing a successful watch program. A major limitation of the Airport Watch Program is that it may be difficult--especially for untrained observers--to distinguish suspicious behavior from normal activities. Past terrorist attacks have indicated that terrorists are likely to use methods that avoid arousing suspicion. In essence, terrorists have in the past hid in plain sight and may be likely to do so in the future. In the case of general aviation, the all too obvious example of a clandestine rendezvous where cargo is loaded from a suspicious vehicle onto a small aircraft at a remote area of the airport may likely be regarded as too risky by terrorist groups to attempt. Rather, terrorists may try to blend in as well as possible. This could lead to two undesired consequences: high false alarm rates and possible racial and ethnic profiling by well-intentioned pilots and airport tenants. High false alarm rates could place a strain on local law enforcement, especially in rural areas and small communities where law enforcement support is limited. Other limitations to these types of programs are that the response time of local law enforcement is often slow, and local law enforcement--especially in small, rural communities--may not be adequately integrated with homeland security systems to receive a timely notification when an incident is reported, although observers are specifically instructed to dial 911 if they believe the situation poses an immediate threat. Another difficulty is that local law enforcement may become complacent if a large number of false alarms are reported at local airports. Despite these obvious limitations, Airport Watch is regarded by many as a model program in the sense that it raises awareness and provides a relatively inexpensive means of providing surveillance. The program could potentially be improved by providing more detailed information and training to pilots, airport tenants, and airport workers in observational techniques--such as behavioral pattern recognition--to improve the quality of information provided to the Airport Watch hotline or relayed through other notification channels. One challenge in implementing an Airport Watch Program is that it is highly dependent on the observations and reporting of untrained individuals. This difficulty is compounded by the fact that suspicious terrorist activities may not appear out of the ordinary to the casual observer. While 58 Aircraft Owners and Pilots Association. Proof AOPA Airport Watch Concept Works. August 12, 2004. Frederick, MD: AOPA. 59 See Testimony of Mr. Andrew Cebula. convicted terrorist Zacharias Mossaoui's peculiar inquiries about flying large jet aircraft and his obvious lack of qualifications to seek such training did raise suspicions at the flight school where he sought advanced jet training, terrorist behavior patterns are likely to be much more subtle. None of the 9/11 terrorist pilots nor Mossaoui attracted similar attention during their initial training in small GA aircraft. Qualified pilots seeking to rent light aircraft also may attract little attention and a pilot loading a small single-engine airplane with dangerous chemicals or biological agents may look no different than a pilot loading his personal effects on board for a weekend getaway. While single incidents like this typically arouse little suspicion, aggregate behavior that might appear somewhat odd or suspicious could collectively signal possible terrorist or criminal activity. An additional downside of programs like the Airport Watch Program is that they could result in unintended racial or ethnic profiling by well-intentioned observers. For example, would the individuals in the St. Louis incident cited by AOPA have raised similar suspicions if they were not of "Middle Eastern appearance?" Besides the potential for falsely targeting individuals in certain racial and ethnic groups, there is also the danger that, conversely, untrained observers may not notice suspicious behavior patterns exhibited by other individuals. Intelligence sources suspect that al Qaeda is seeking to recruit non-Middle Eastern individuals for the very reason that they may be less likely to raise suspicions. More specific guidance and training to airport workers, tenants, and pilots could improve the effectiveness of the Airport Watch Program and other surveillance operations. A possible solution to overcome some of these limitations involves the implementation of behavioral pattern recognition techniques. As described in a commentary on GA security, behavioral pattern recognition was highlighted as being "... designed to maximize detection while minimizing, if not eliminating, issues of civil liberties."60 Behavioral pattern recognition--which is in use at airports worldwide and has been highlighted in numerous profiles of Israel's El Al airlines' pre-boarding security screening--examines deviations from normative behavioral patterns. It has been suggested that behavioral pattern recognition could be applied in the GA environment by providing specific training to maintenance and line workers, for example, making them an integral part of an airport's security network rather than having a small number of employees responsible for security.61 One challenge in behavioral pattern recognition is that single events may not stand out, but aggregate samples of slightly unusual activity may provide telltale signs of preparations for launching a terrorist attack. However, assimilating and correctly interpreting this data remains a significant challenge. For this reason, a "reporting tree"62 is recommended for guiding decisions about responding to suspicious behavioral patterns. The "reporting tree" concept is integrated into the TSA's security training for flight schools, which is a required security training element for flight school employees under Title 49, Code of Federal Regulations, §1552.21 et seq., but has not yet been expanded to other aspects of GA security. A reporting tree might include notifying a supervisor, such as a chief flight instructor or flight school manager, about strange inquires or behaviors exhibited by a student pilot, and escalating this information up the reporting tree to law enforcement or federal officials only if the behavior is repeatedly demonstrated and, in aggregate, raises enough concern that it warrants further action. In this manner, the Airport Watch program, 60 Robert Olislagers. "General Aviation Security," p. 61. 61 Ibid. 62 Ibid. in coordination with specific training and guidance in techniques such as behavioral pattern recognition and the use of reporting trees, has the potential to contribute to the intelligence gathering function at a relatively low cost by enlisting the support of a broad segment of the GA community. Controlling access to general aviation airports is a significant challenge for many reasons. First, as already discussed, few general aviation airports are continuously attended or monitored, and doing so is likely to be costly and resource intensive. Second, general aviation airports support a wide variety of operations and consequently must provide extensive access to airports, aircraft, and facilities to support and sustain these varied operations, including late night cargo operations, training flights, and maintaining adequate numbers of landing facilities that are continuously available for safety in the case of diversions due to weather or mechanical difficulties. Providing airport access for transient operators also presents a unique security challenge for GA airports, especially during hours when the facility is not attended. However, restricting airports from transient access has significant consequences both for air commerce and for safety. For example, restricting access after hours may impede air commerce and business, especially in remote areas that rely significantly on the presence of a GA airport. Professionals who use GA aircraft to conduct business in these areas may be reluctant to do so if they run the risk of being denied access to the airport because of a late running business meeting that extends beyond the operating hours of the airport, for example. Also, for safety reasons, sufficient numbers of GA airports need to remain accessible, at least for landing aircraft, to provide suitable alternate airports in case of emergency or diversion due to weather. Supporting airport access during non-attended hours poses significant security challenges. Access control measures must adequately accommodate transient users or the airport runs the risk of becoming inaccessible to certain users. Various options exist for providing both local and transient operators with adequate access to the flight line. For example, at airports implementing access controls to aircraft storage and operations areas, keypad locks can be installed to control access to flight lines. Codes could be provided to transient operators in case they need to access aircraft after hours and could be changed frequently to prevent unauthorized access. Alternatively, more sophisticated access controls can be implemented using key code or card reader systems where transient operators are provided with codes or cards that expire and cannot be used after a certain period. Display of identification badges in aircraft operations areas may also improve security by identifying those individuals with authorized access to these areas. This can alert observers and security personnel to possible unauthorized access. TSA security guidelines for GA airports suggest that airport identification credentials include features such as a photograph showing a full face image, the holder's full name, the airport name, employer information, a unique identification number, the scope of access and movement privileges through easily interpretable means such as color-coding, and a clear expiration date.63 63 Transportation Security Administration. Security Guidelines for General Aviation Airports. Pilots, for whom access privileges at multiple airports are needed, require a standardized identification that is easily recognizable at all airport facilities. Presently, FAA certificates do not contain photographs of the certificate holder. However, current regulations require pilots to carry government-issued photo identification, such as a driver's licence, and present that identification along with their pilot credentials upon the request of a law enforcement officer or federal official. ATSA (P.L. 107-71) directed the FAA to study ways to improve pilots' licenses such as including photos. While the FAA, in response, has taken steps to make newly issued pilot certificates more tamper-resistant and more difficult to forge, many pilots still carry older style paper certificates that can be easily forged. The Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458, Sec. 4022) requires the FAA to begin issuing improved pilot certificates that include a photograph of the holder and have the capability to accommodate a digital photograph, a biometric identifier, and any other unique identifiers that the FAA may determine to be necessary. While specific plans for issuance of the new pilot certificates with photographs have not yet been announced by the FAA, statutory language provides for the use of designees such as designated pilot medical examiners to issue these new licenses in an effort to "minimize the burdens on pilots."64 Advocates for GA pilots have pushed for the use of designated aviation medical examiners for issuance of the new certificates, noting that forcing pilots, particularly pilots in rural areas, to travel to an FAA flight standards district office would be, in their opinion, an unacceptable burden.65 While these new pilot credentials must include the capability to store biometric information, the use of biometrics for identification purposes and access controls in the GA environment introduces many complex technical and policy questions. Implementing biometric access controls at GA airports may be feasible in some cases, but presents significant challenges because of the need to obtain and encode biometric information for transient operators as well as those local tenants, pilots, operators, and airport workers who are authorized to have unescorted access to the flight line.66 While biometrics have distinct advantages in terms of logging and tracking access to restricted areas, privacy issues, cost, and logistics may make them difficult to implement effectively in the GA airport environment. However, biometrics may play a more significant role at the GA operator level of security where they could be implemented to control access to operator facilities such as aircraft storage and maintenance hangars. Biometrics may also be used on more limited sets of individuals and integrated into ID card access systems for local aircraft owners, operators, pilots and airport workers. Doing so may allow security efforts to focus more directly on those individuals at an airport that pose more of an unknown threat, such as charter passengers not known to their flight crews and other airport visitors. Because GA airports must maintain a level of reasonable accessibility to facilitate the freedom of movement by air and air commerce, surveillance, access controls, and physical security measures to protect aircraft and facilities, if needed, must be designed to accommodate a diverse set of legitimate airfield uses. For this reason, implementing access controls and physical security on par with commercial passenger airports is likely to be unrealistic. However, conducting 64 P.L. 108-458, Sec. 4022. 65 Aircraft Owners and Pilots Association. Pilot ID Process Needs to be Convenient, Inexpensive, AOPA Reminds the FAA. Frederick, MD, July 8, 2005. 66 In this context, the flight line refers generally to those areas of an airport where aircraft are accessible including hangars, tie-down areas, and ramps (aprons). background checks and vetting individuals who routinely access GA airports is seen as a possible technique for assessing potential threats and also as a possible means to focus security resources on conducting surveillance and applying access control measures on visitors who are of an unknown risk. Vetting of transportation workers and others who routinely access transportation facilities has been a cornerstone of several statutorily mandated projects related to transportation security. For example, the TSA is required to conduct background checks of workers at commercial passenger airports, and the TSA has several ongoing projects, such as the Transportation Worker Identification Credential (TWIC) Program and various airport access control pilot studies, that are attempting to integrate background checks and vetting with the use of biometric access credentials. While it may be some time before these would be mature enough to be considered for application in the GA environment, there are already several statutory requirements for vetting GA pilots, pilot applicants, and more recently, prospective aircraft charter and lease customers. The most widely known of these GA programs is the TSA's alien flight training rule (Title 49, U.S.C. §44939; Title 49 Code of Federal Regulation, Part 1552), which requires the TSA to conduct background investigations of non-U.S. applicants seeking flight training in the United States for aircraft weighing more than 12,500 pounds and requires flight schools or flight instructors to notify the TSA whenever a non-U.S. applicant wishes to initiate flight training in smaller aircraft weighing less than 12,500 pounds. U.S. citizens seeking any type of flight training, including proficiency checks and periodic flight reviews by flight instructors, must present a valid birth certificate and a government-issued photo ID, such as a driver's license or passport, to demonstrate that they are not subject to these background check requirements. In response to law enforcement and intelligence information revealing that the 9/11 hijackers and accomplice Zacharias Moussaoui received flight training in the United States and amid concerns that foreign terrorists could further infiltrate flight schools in the United States, the Aviation and Transportation Security Act (ATSA, P.L. 107-71) initially placed the Department of Justice in charge of conducting fingerprint-based record checks for alien flight school applicants seeking training to fly aircraft weighing more than 12,500 pounds. Under Vision 100 (P.L. 108-176), this responsibility was moved to the TSA, the process was streamlined to limit the impact of the process on legitimate flight training activities, and reporting requirements were expanded to include a notification requirement whenever foreign flight school applicants initiate flight training in the United States in smaller aircraft weighing less than 12,500 pounds. A lesser known component of TSA's efforts to vet pilots (whether they are GA pilots, charter pilots, or airline pilots), aircraft mechanics, and dispatchers is the use of threat assessments to screen holders of and applicants for FAA certificates, ratings, or authorizations. Rules pertaining to the security threat assessments for FAA certificate holders and applicants were promulgated on January 24, 2003.67 Under these rules, the TSA notifies the FAA whenever an FAA certificate holder or applicant is determined to present a security threat. The FAA, in turn, will deny, suspend, or revoke the individual's FAA certificate as appropriate. While parallel rules were initially issued to carry out security threat assessments for both alien applicants and citizen applicants, the rule pertaining to U.S. citizens was criticized because it lacked adequate 67 Transportation Security Administration. "Threat Assessment Regarding Citizens of the United States and Alien Holders Who Hold or Apply for FAA Certificates; Final Rules." Federal Register, 68(16), pp. 3756-3769 (January 24, 2003). safeguards for redress and remedy if FAA certificate actions were taken in response to what the TSA determined to be a security threat. Critics argued that the rule gave the TSA significant power over the issuance of pilot certificates and other aviation credentials without any oversight or redress for the TSA to demonstrate the specific evidence or basis for its decision to identify a certificate holder or applicant as a security threat.68 In response to concerns raised regarding the TSA's power over security-related certificate actions and the lack of an adequate redress process, Vision 100 (P.L. 108-176, Sec.601) mandated the TSA to establish a redress and remedy process entitling U.S. citizens subject to certificate action on the basis of a security threat assessment to a formal redress hearing before an administrative law judge and an appeals process before a panel convened by the Transportation Security Oversight Board. The TSA has not yet issued revised rulemaking to conform with the statutory requirements set forth in Vision 100, and therefore, existing regulations to enforce FAA certificate actions on the basis of security threat assessments no longer apply to U.S. citizens.69 However, security threat assessments for alien FAA certificate holders and applicants remain unchanged. It has been reported that, despite the fact that TSA cannot prompt certificate actions solely on the basis of security background checks, FAA databases of pilots, mechanics, and other certificate holders are routinely culled to identify any individuals with known or suspected links to terrorism.70 Although security threat assessments for citizen pilots, mechanics and other FAA certificate holders and applicants have been suspended until the TSA develops a process and issues rulemaking to conform with statutory requirements for redress and remedy, regulations still require fingerprint-based criminal history records checks for charter pilots who fly aircraft weighing more than 12,500 pounds.71 However, other GA pilots--who make up the majority of the almost 600,000 active pilots in the United States--are not required to submit to any formal background screening or checks. Some critics of background checks and vetting maintain that they are costly and an unnecessary intrusion into the privacy of citizens. On a pragmatic level, some question whether background checks for GA are needed at all, particularly at small, rural airports where pilots, ramp workers, and others who frequent the airport are largely known to each other. Nevertheless, background checks and other vetting activities have been looked upon favorably by policymakers as a core component of a layered security system and could be further expanded in their application to GA operators. One area where background checks and security threat assessments is being incorporated into GA operations is for the vetting of prospective charter and lease customers. Under statutory provisions set forth in the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108- 458, Sec. 4012), the TSA is charged with the task of setting up a mechanism for charter and aircraft lease operators to voluntarily submit the names of prospective clients seeking access to aircraft weighing more than 12,500 pounds for screening against the consolidated terrorist watch list. Aircraft operators may deny individuals access to aircraft if their name is found to match watch list records. While the legislative language limited the applicability of this vetting procedure to aircraft weighing more than 12,500 pounds, the feasibility of extending this 68 See, e.g., Llewellyn King. "Adm. Loy, You Know Better: Rescind This Rule." White House Weekly, 24(10), March 11, 2003, 1-2. 69 Transportation Security Administration. Memorandum to the Dockets from Pamela Hamilton, Director of Aviation Initiatives Regarding TSA Rulemaking Docket No. TSA-2002-13732 and TSA Rulemaking Docket No. TSA-2002- 13733. March 16,2004. 70 Aircraft Owners and Pilots Association, GA Security: GA Pilots Are Not a Threat, Available at http://www.gaservingamerica.org/GA-Pilots-Security.htm. 71 Title 14 CFR §1544.101 and §1544.230. capability to charters and leases of smaller aircraft, based on the initial experience with larger aircraft, was debated during consideration of this legislation. While terrorist database screening of prospective charter and lease customers as legislated is voluntary, policymakers may also consider whether mandatory screening of aircraft charter and lease customers is warranted. However, because the capability to screen names against terrorist watch list information is tied to the functionality of the controversial Secure Flight program for prescreening airline passengers, implementation of a charter and lease customer prescreening mechanism--which is currently not operational--may be further delayed by ongoing difficulties in meeting congressionally mandated safeguards for data and privacy protections and redress and remedy for aggrieved individuals who are erroneously identified as suspected or known terrorists. Presently, language in the FY2007 Department of Homeland Security Appropriations Act (P.L. 109-295) prohibits full-scale deployment of the Secure Flight system until the GAO certifies that these lingering concerns are adequately addressed. Besides prospective charter and lease customers, the screening of prospective aircraft purchasers can serve as an important deterrent to prevent terrorists or organizations that support terrorism from acquiring aircraft that could be used in a terrorist attack. Under Department of the Treasury regulations, promulgated to meet requirements of the USA PATRIOT Act (P.L. 107-56), aircraft sales must comply with various information sharing, reporting, and records keeping requirements aimed at identifying suspicious transactions and preventing money laundering.72 However, because many other large-scale financial transactions such as the sale of houses, boats, and cars must be similarly reported, the volume of transactions may make it difficult to quickly identify suspicious aircraft transactions. The main intent of these regulations is to spot potential attempts to launder illegal funds in support of terrorist or criminal activities, and therefore the regulations are not specifically designed to vet purchasers of GA aircraft against terrorist watch lists. The capability to detect aircraft sales to suspected terrorists or their associates and vet aircraft purchasers against terrorist watch lists under these reporting requirements remains unclear. ˘ ˘ Other than surveillance, access controls, and background checks, there are a variety of other options for enhancing the general physical security of airport facilities. One of the most obvious of these measures is erecting physical barriers, such as chain-link perimeter fencing, around security sensitive locations on the airfield. However, the TSA cautions that while physical barriers, such as fencing, walls, electronic boundaries, and even natural barriers, can protect airport areas from unauthorized access, these methods by themselves will not prevent determined intruders from gaining access. The TSA further notes that excessive spending on extensive perimeter enhancements may actually be detrimental to an airport's overall security posture to the extent that these efforts take away from opportunities to improve upon other aspects of security.73 Besides fencing, protective lighting can often serve as an effective deterrent against theft, vandalism, unauthorized access, and other illegal activity at night.74 While various combinations of physical barriers and lighting may deter unauthorized access at airports, the TSA notes that storing aircraft in hangars provides one of the most effective methods 72 See Title 31 Code of Federal Regulations, Part 103. 73 Transportation Security Administration. Security Guidelines for General Aviation Airports. 74 Ibid. of securing GA aircraft.75 However, at many GA airports, hangar space is in short supply and the demand for hangars make them very costly, especially for some small, privately owned aircraft. Language in the Century of Aviation Reauthorization Act--Vision 100 (P.L. 108-176, Sec. 149) provides greater flexibility in the allocation of federal Airport Improvement Program (AIP) funds for the construction of hangars at GA airports. Also, to foster private investment in hangar construction, additional language in Vision 100 (P.L. 108-176, Sec. 165) provides assurances for long-term lease agreements between tenant aircraft owners who build hangars using their own funds and airport operators. ˘ ˘ While surveillance, access controls, and physical security measures at airports can provide effective deterrents, these measures may be costly and challenging to implement at many GA airports, especially smaller airports. Measures to physically secure aircraft can be viewed as either an additional layer of security to prevent theft and unauthorized access to aircraft at airports with extensive surveillance and access controls or as a primary means of security at some airports with more limited security capabilities. Physical security measures for aircraft may include cabin and ignition locks that may already exist for certain aircraft as well as supplemental immobilizing devices such as propeller, throttle, control surface, and tie-down locks. The TSA's Security Guidelines for General Aviation Airports recommends storing aircraft in locked hangars, consistent use of aircraft door locks, using keyed ignitions when appropriate, and not leaving keys in aircraft as some basic steps to secure GA aircraft. The guidelines also recommend using an auxiliary lock such as commercially available propeller, throttle, or tie down locks to further protect GA aircraft. The TSA suggests that "[p]ilots should employ multiple methods of securing their aircraft to make it as difficult as possible for an unauthorized person to gain access to it." While building or renting secured hangar space may be cost prohibitive to many light aircraft owners, locks and other security devices may provide a common sense, cost-effective means to reduce the vulnerability of GA aircraft to theft. Given that aircraft are high value assets, locks may offer a relatively low-cost means to reduce vulnerability. Purchasing and installing secondary locks could benefit aircraft owners and operators by providing added protection against theft and unauthorized access. In the absence of explicit federal standards or requirements, some states have taken initiatives to require specific actions for securing GA aircraft. New Jersey, for example, has implemented a stateside "two-lock rule" requiring any aircraft parked or stored at a GA facility within the state for more than 24 hours to either secure the aircraft with two distinct locking devices or disable the aircraft in a manner to prevent theft or illegal use.76 Propeller locks and throttle locks may provide relative low cost, relatively effective deterrents to unauthorized use and theft of aircraft. 75 Ibid. 76 U.S. Government Accountability Office. General Aviation Security: Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success. GAO-05-144, November 2004. The specific intelligence and law enforcement evidence pointing to al Qaeda's interest in crop dusting aircraft in the months leading up to 9/11 suggests that the agricultural sector of general aviation should be particularly alert to suspicious activities. Because agricultural aviation operations largely take place in rural environments, away from highly populated areas, increased awareness of this threat coupled with operators increasing their vigilance and taking steps to secure their aircraft may serve as an adequate deterrent. However, the unique capabilities of aircraft, both airplanes and helicopters, used in aerial application make them specifically attractive to terrorists. For this reason, the TSA recommended to operators of agricultural aircraft that they use multiple security devices--such as throttle and control locks, propeller locks, and hidden ignition switches--to secure aircraft, store aircraft in hangars with electronic security systems and steel doors, and when hangars are not available, park heavy equipment in a manner to prevent the movement of aircraft.77 The National Agricultural Aviation Association has provided additional guidance to operators of agricultural aircraft advising them to: secure pesticide storage areas; implement procedures for the shipping and receiving of chemicals; secure facilities and limit access; post security signs; improve lighting of storage areas; secure fences and gates; conduct security inspections to check for signs of intrusion or tampering; maintain logs to track visitor access to facilities; coordinate with local law enforcement and fire departments; and develop site security plans as required to comply with HAZMAT regulations.78 ˘ Besides agricultural aircraft operations, another sector of GA flying that has raised security concerns has been flight schools. Flight schools have been spotlighted, in large part, because of intense media coverage of the apparent relative ease that some of the 9/11 hijackers were able to obtain flight training in the United States, and the reported lack of safeguards to prevent incidents like the intentional crash of a small single-engine airplane into a downtown Tampa, Florida building piloted by a student pilot who stole the aircraft while conducting an unsupervised pre- flight inspection.79 To address lingering concerns over flight school security, Vision 100 (P.L. 108-176) requires specific flight school security awareness training for all flight school employees. To meet this statutory requirement, the TSA has developed a standardized computer-based flight school security awareness training program, although flight schools have the option of developing their own security training program that must obtain TSA approval. New hires must receive initial security awareness training within 60 days of employment, and employees must complete annual recurrent training in security awareness. The training indoctrinates flight school employees on fundamentals of security awareness, security practices, and appropriate responses to suspicious events. In addition to the statutory requirement for security awareness training, the TSA has issued several recommendations for flight schools in its security guidelines for GA airports.80 These recommendations largely focus on increasing surveillance and supervision of students and 77 Transportation Security Administration. Security Guidelines for General Aviation Airports. 78 Regulatory Consultants, Inc. "Secure Your Operation Today." Agricultural Aviation, July/August 2005, 17-18. 79 Jean Heller and Alicia Caldwell. "Flight Schools: Breach of Trust Difficult to Prevent." St. Petersburg Times, January 8, 2002. 80 Transportation Security Administration. Security Guidelines for General Aviation Airports. renter pilots and better controlling access to aircraft and aircraft keys. Other steps that may be taken by flight schools to improve security include background checks of prospective employees, particularly prospective flight instructors and maintenance personnel; establishment of formal written security procedures for employees and customers; display of identification by employees; and various access controls and surveillance measures for the flight line. ˘ In addition to agricultural aviation and flight schools, another sector of GA with unique security needs is business aviation. Larger, faster business jets introduce unique security concerns because of their size and speed as well as their relatively high value and, in some instances, the prominence of passengers carried on board these aircraft. While business jets make up a relatively small percentage of general aviation aircraft, their larger size, heavier payload, and faster speed introduce unique risks. Chartered business jets and turboprops also pose a unique risk because, unlike corporate or privately owned aircraft, flight crews often do not know their passengers. In coordination with the TSA, the National Business Aviation Association has implemented a program promoting aviation security best practices among business aircraft operators.81 The program focuses on various facets of operator security including identifying security roles within an operator's organization; providing security training to flight department personnel; establishing sound physical security measures to control access to facilities and aircraft; issuing photo IDs for crew members; conducting pre-flight security inspections of aircraft; matching baggage to passengers; maintaining positive control of baggage; and developing and keeping up to date site-specific security and emergency response plans. Based in part on the NBAA's initiatives regarding aviation security best practices, the TSA initiated a pilot program, called the TSA Access Certificate or TSAAC program, for business aircraft operators in the spring of 2003. The TSAAC program was initially offered to operators based at Teterboro Airport (TEB) in New Jersey, and was later expanded to include operators at Westchester County Airport (HPN) in New York, and Morristown Airport (MMU) in New Jersey. While the specifics of the TSAAC program are regarded as security sensitive information, the program generally requires operators to implement security procedures similar to the operational security measures required for charter aircraft operators who fly aircraft weighing more than 12,500 pounds. Elements of the program include various physical security measures for aircraft, vetting of customers and other visitors, control of passengers and baggage, access controls for the flight line and aircraft operations areas, and the utilization of threat intelligence. Aircraft operators approved under TSAAC are allowed entry into the United States from all foreign destinations, whereas nonparticipating aircraft had been restricted to entry into U.S. airspace from only a limited number of "portal" countries. These restrictions were rescinded in August 2006 for aircraft weighing less than 45,500 kg (roughly 100,000 pounds), effectively eliminating the incentive for TSAAC participation. As a result, there is presently no clear need to expand the TSAAC program. The NBAA, however, remains hopeful that the security standards developed 81 National Business Aviation Association. NBAA Best Practices for Business Aviation Security. Washington, DC: National Business Aviation Association, Inc. under TSAAC can be applied in a manner that would provide additional benefits to participants and create incentives for applying security best practices among business jet operators.82 Procedures allowing certain GA operations to resume at the Ronald Reagan Washington National Airport (DCA) were mandated under Vision 100 (P.L. 108-176). Because DCA is in such close proximity to Washington, DC, it had generally been off limits to GA operators for almost four years following the terrorist attacks of September 11, 2001. However, on August 18, 2005, DCA reopened to GA operators on a very limited basis under an interim final rule detailing extensive security requirements for GA operators to gain access to the airport.83 These security requirements are collectively referred to as the DCA Access Standard Security Program (DASSP). In addition to adhering to security protocols similar to those outlined in the TSAAC program, operators wishing to fly to and from DCA under DASSP must: have their flight crews cleared by background checks; submit passenger and crew member names for vetting against terrorist watch lists; submit to physical screening of passengers, crew members, and baggage; transition into DCA from a designated gateway airport, of which there are presently 17; and post armed security officers on board each flight to and from DCA. Operators must reimburse the TSA for the direct costs associated with these security measures which in effect makes access to DCA cost prohibitive for most GA operators. As currently implemented, the security provisions for access to DCA are designed primarily to accommodate larger charter operators and high-end corporate aircraft. The program is not currently available to privately-owned aircraft, but the TSA indicated that the program may be expanded in the future.84 ˘ While corporate and privately owned aircraft primarily deal with passengers known to the pilots and operators, passenger charter aircraft present unique security challenges because customers are sometimes unknown or unfamiliar. Charter aircraft weighing more than 12,500 pounds maximum takeoff weight must adhere to specific security regulations referred to as the twelve-five security program in reference to the aircraft weight criteria.85 Twelve-five security program requirements include passenger identification checks, fingerprint-based criminal history records checks for flight crew members, application of specific bomb and hijacking notification procedures and requirements, and implementation of a TSA-approved operator security program. Each operator must designate a security coordinator within the organization, provide training and information to employees with security-related duties, and have procedures in place to coordinate with law enforcement entities responding to security threats. Although cockpit doors are not required for twelve-five operations, if an aircraft has a cockpit door, procedures must be in place to restrict access to the flight deck. 82 National Business Aviation Association. TSA Access Certificate (TSAAC),Washington, DC: National Business Aviation Association, Inc., Updated February 22, 2007. 83 Transportation Security Administration. Ronald Reagan Washington National Airport: Enhanced Security Procedures for Certain Operations; Interim Final Rule. Federal Register, 70(137), 41586-41603 (July 19, 2005). 84 See CRS Report RS22234, Homeland Security: Protecting Airspace in the National Capital Region, by Bart Elias. 85 See Title 49, Code of Federal Regulations, §1544.101(e). In addition to these requirements of the twelve-five security program, operators of passenger charter flights in aircraft weighing more than 100,300 pounds maximum gross weight or an aircraft with 61 or more passenger seats must implement additional security measures laid out in the TSA's Private Charter Standard Security Program (PCSSP), including a requirement for physical screening of passengers and accessible baggage.86 Also, regardless of aircraft weight, if a passenger-carrying charter flight loads or unloads passengers at a designated sterile area of a commercial airport (that is, beyond the security screening checkpoint), that operation must also adopt the private charter security program. The private charter program prohibits passengers from carrying weapons, explosives, and incendiary devices, and requires that metal detectors and x-ray systems used in the screening of charter passengers meet standards established by the TSA. However, physical screening of passengers can be conducted by TSA-approved private screeners and is not typically carried out by federal screeners unless arrangements are made to enplane and deplane from the sterile area of commercial airports. Private charter operators of these larger aircraft must establish procedures to prevent unauthorized access to aircraft and other access controlled areas as specified in the operator's security program and must carry out a security inspection of aircraft whenever access control measures, such as posted security guards or adequate access controls to aircraft, are not maintained. In addition to flight crew members, other employees of private charter operating large aircraft that have unescorted access to aircraft and secured areas must submit to fingerprint-based criminal history records checks, and security coordinators and crew members must complete annual recurrent security training. While the twelve-five and private charter security programs specifically apply to charter operations, the TSA requires GA operators authorized to enplane or deplane into the sterile area of commercial passenger airports to conduct TSA-approved physical screening of passengers, flight crew members, and their carry on items.87 While these regulations are in place to make allowances for certain GA operations that might be permitted to enplane and deplane at sterile airport areas while preventing the introduction of weapons, explosives, or incendiary devices into the commercial passenger aircraft environment, corporate and privately owned GA aircraft are rarely granted access to sterile areas. Also, while the required adoption of a twelve-five security program is only required of charter operators, regulations stipulate that GA operators of aircraft weighing more than 12,500 pounds maximum takeoff weight could be required to conduct preflight security searches and screen passengers, crew members, and carry-on items before boarding in accordance with security procedures approved by TSA if notified to do so by the TSA.88 While these security measures have never been implemented, they could become effective upon notification to operators through means such as the Notices to Airman (NOTAM) system and may be carried out, for example, upon receipt of specific, credible intelligence suggesting a terrorist plot to hijack business jets. According to CBP, almost 400 private aircraft enter the United States on international flights made by private aircraft every day. Almost 500,000 people, passengers and crew, enter the United States on board private aircraft annually.89 Private aircraft crossings of the expansive land and 86 See Title 49, Code of Federal Regulations, §1544.101(b) and (f). 87 See Title 49, Code of Federal Regulations, §1550.5. 88 See Title 49, Code of Federal Regulations, §1550.7. 89 Department of Homeland Security, Bureau of Customs and Border Protection, "Advance Information on Private Aircraft Arriving and Departing the United States; Proposed Rule," Federal Register, 72(180), pp. 53394-53406. water borders of the United States pose a persistent threat of narcotics and human smuggling. In the post-9/11 context, concerns have been raised that terrorists may infiltrate the U.S. borders using GA aircraft to transport operatives and weapons, including possible weapons of mass destruction. There is also concern that terrorists could launch a 9/11-style suicide attack using large GA aircraft flights that originate outside of U.S. borders to attack ground targets. Current CBP regulations for private aircraft, designed largely to counter cross-border narcotics trafficking, require advance notification one hour prior to an inbound border crossing. Aircraft entering U.S. airspace are required to file a flight plan, establish radio communication with air traffic controllers, and must be assigned a unique "squawk" code to identify their radar blip to air traffic controllers and others that may be monitoring airspace for security purposes. Aircraft transiting from Mexico or other countries in Central and South America must fly to the first designated airport of entry nearest to their border crossing point to clear customs prior to continuing their flight, unless they receive a waiver from this requirement. Aircraft entering from other countries, including Canada, however, may proceed to any designated airport of entry. While these procedures are designed to identify and track inbound flights, they provide only limited capability to vet inbound flights because no information on passengers is currently provided in the required advance notification transmissions. A provision of the Implementing the 9/11 Commission Recommendations Act of 2007 (P.L. 110- 53) required the Bureau of Customs and Border Protection (CBP) to develop a system, under which all GA aircraft entering U.S. airspace must submit passenger information as part of the advance notification to check against appropriate government databases. This information can be vetted against terrorist watchlists and FAA aircraft and pilot registry databases to detect any anomalies that may be indicators of increased risk associated with a specific flight. CBP published proposed rulemaking to fulfill these notification requirements on September 18, 2007.90 In addition to meeting the mandated requirements for vetting inbound international flights, the CBP proposal would also require advanced notice and departure manifests to be transmitted one hour prior to outbound international flights. While GA advocacy groups, like AOPA, generally support the premise of enhancing security regarding international flights utilizing GA aircraft, they have raised concerns about the proposed notification procedures which would require electronic filing of all such flight information via the Internet. Under the proposal, pilots that do not have Internet access at their point of origin would be required to land at a facility outside U.S. airspace having Internet access to file the appropriate electronic notification prior to proceeding into U.S. airspace. AOPA considers this requirement overly restrictive, noting that many pilots operating into the United States, particularly those originating in remote areas of Canada, may not have Internet access at their point of origin. The AOPA has suggested that telephone and cockpit radio transmissions be continued as acceptable alternative means for notifying CBP. The AOPA has also suggested that pilots be allowed "...to provide their passenger information upon arrival during their face-to-face meetings with Customs as they do today."91 However, this request to delay transmission of passenger data appears to contradict the statutory requirement in P.L. 110-53 that requires passenger information to be submitted before entering U.S. airspace. The CBP proposal notes that while the pilot is ultimately responsible for 90 Ibid. 91 Aircraft Owners and Pilots Association, Regulatory Brief: U.S. Customs and Border Protection Proposed Rule-- Advance Information on Private Aircraft Arriving and Departing the United States, Frederick, MD, Updated Thursday, November 15, 2007. transmitting the information, he or she could authorize someone else to submit the information. This leaves open the possibility that third party vendors could set up systems for receiving the required information via telephone or other means and submit it electronically to CBP. Private flyers and GA advocacy groups may, nonetheless, oppose this alternative because of the possible costs and privacy issues associated with third party receipt and transmission of passenger and crew data. Besides the vetting of flight crews and passengers on inbound international flights by GA aircraft, tracking those aircraft is also an issue of considerable concern. Tracking flights along the northern border has been a particular challenge because it lacks the extensive low altitude radar coverage that is available along the southern border in some locations. Drug smuggling along the northern border has been a persistent problem, including smuggling activity using small GA aircraft that can operate into and out of remote landing strips without detection. There is some concern that terrorists could use similar tactics to transport weapons, including weapons of mass destruction, and operatives across U.S. borders without being detected. While CBP and Immigration and Customs Enforcement (ICE) Air and Marine Branch (AMB) aircraft patrol the northern border and interdict suspicious flights, monitoring of flight activity, particularly low altitude flight activity along the northern border remains a significant challenge. The DHS aviation operations capabilities along the northern border are more limited in size and scope than those along the southern border, particularly along the U.S.-Mexico land border. In addition to manned flights to patrol both the southern and northern borders, CBP initiated unmanned aerial vehicle (UAV) patrols along the southern border in 2004, and is expanding southern border UAV operations and initiating UAV patrols along the northern border. These unmanned systems are viewed as having high endurance capability, meaning that they can stay airborne for extended periods of time, thus significantly augmenting the surveillance capabilities of existing ground radar and manned aircraft patrols of the U.S. borders.92 The AOPA, however, has raised considerable objections and safety concerns over the DHS utilization of unmanned aircraft noting that airspace restrictions to keep GA flights away from UAV operations cause inconvenience to GA operators and may impact safety, particularly in and near mountainous areas where small aircraft may be forced to operate over rugged terrain to avoid restricted airspace.93 Aviation security measures addressing GA flight operations have focused extensively on imposing flight restrictions over various potential terrorist targets. These security-related airspace restrictions have been highly contentious because: they have a direct impact on air commerce and the freedom of movement by air; the potential for airspace violations has significant repercussions for both professional and private pilots; surveillance, airspace protection, and enforcement of airspace restrictions can be costly and resource intensive, and the effectiveness of some of these airspace restrictions has been questioned by the GA community and aviation security experts. 92 Michael J. Pitts, Director, UAS Program Office, U.S. Customs and Border Protection, Office of Customs and Border Protection Air and Marine, Presented at FAA UAS Tech Conference, January 2007, Arlington, VA. 93 Aircraft Owners and Pilots Association, AOPA Alerts Congress to UAV Threat to GA Operations, Frederick, MD, March 29, 2006. While a variety of low-altitude flight restrictions have been in place for many years around sensitive locations for reasons of national security, the number and scope of these restrictions have expanded significantly since the terrorist attacks of September 11, 2001. The most comprehensive of these restricted areas is the airspace around Washington, DC, which consists of a Flight Restricted Zone (FRZ), 15-nautical miles in radius, and a larger 30-mile radius--referred to as the Washington, DC Air Defense Identification Zone (ADIZ)94--where flights must adhere to specific flight plans and air traffic communications and surveillance requirements. The airspace in the National Capitol Region (NCR) around Washington, DC has been placed under close surveillance and special flight restrictions primarily affecting GA aircraft ever since September 11, 2001. Previously, the airspace around Washington, DC was relatively open and accessible to GA as well as commercial aircraft. While the airspace directly above some sensitive locations--like the White House and the Capitol--was then and still is prohibited airspace (i.e., generally off-limits to all civil aircraft), this comprised a relatively small portion of the total airspace in the NCR. Before September 11, 2001, GA aircraft were routinely permitted to operate over Washington, DC, and the surrounding area so long as these prohibited areas were avoided and applicable air traffic procedures were followed. Washington Reagan National Airport (DCA), which is located in close proximity to downtown Washington, DC, and key federal facilities, was open and accessible to most GA aircraft. However, following the 9/11 attacks, airspace restrictions in the Washington, DC region have gone through several significant changes to address heightened security concerns. As flight operations resumed following the terrorist attacks of September 11, 2001, a no fly zone--25-nautical miles95 in radius, extending from the surface to 18,000 feet--around Washington, DC, was established. All civil airports within this area, including DCA remained closed to both the airlines and GA traffic. Commercial flights gradually resumed at DCA starting in early October 2001, and limited GA operations were permitted in the airspace within the 18 to 25-nautical mile ring around DCA. In December 2001, the size of the restricted airspace around Washington, DC, was reduced to roughly a 15-nautical mile radius, the dimensions that continue to exist today for the area known as the Flight Restricted Zone (FRZ). The FRZ extends from the surface up to 18,000 feet. ˘ In February 2002, the ban on GA operations in the FRZ was eased somewhat, permitting the three GA airports located within its boundaries--referred to as the Maryland three or sometimes the 94 The term Air Defense Identification Zone (ADIZ) has long been in place and refers to any area of airspace where the identification, location, and control of aircraft are required in the interest of national security. Prior to September 11, 2001, this term generally referred to buffer zones around coastal waters and international borders of the United States. Since September 11, 2001, the ADIZ concept has been expanded to include zones within the United States such as in the vicinity of Washington, DC. 95 Nautical miles are the standard measure of distance in aviation. One nautical mile is roughly equal to 1.15 statute miles. DC-three airports--to reopen on a limited basis.96 Potomac Airfield, Washington Executive Airport/Hyde Field, and College Park Airport, resumed operations of based aircraft whose pilots were vetted through background checks and adhered to strict security protocols. In February 2005, FRZ restrictions were further relaxed allowing transient aircraft to fly to and from these airports provided that their pilots had passed background checks, received special training, and adhered to specific security procedures.97 The reopening of these airports has been a politically sensitive issue. Both Washington Executive and Potomac airports are operated by small business entities that have been significantly impacted by the flight restrictions, while College Park airport--established in 1909 as a site for the Wright brothers to train military aviators--is considered the world's oldest continuously operated airport. In February 2003, additional steps were taken to secure the skies above Washington, DC, by establishing an outer area, beyond the FRZ, where GA flights must operate under close surveillance and in constant 2-way radio contact with air traffic controllers. This area is known as the Washington, DC Air Defense Identification Zone (ADIZ) and its existence has been highly controversial because of the operational requirements it imposes on GA aircraft. The ADIZ came into existence, not immediately following September 11, 2001, as many mistakenly assume, but rather as part of Operation Liberty Shield, an operation launched by the DHS to enhance homeland security during the build-up toward the war in Iraq. The Washington ADIZ was established as a temporary flight restriction, and a similar ADIZ was established around New York City for brief period during the winter and spring of 2003. A smaller scale restricted area was also put in place over downtown Chicago during that time. The temporary restrictions in New York and Chicago have since been rescinded, but the Washington, DC, ADIZ has remained in place. Largely in response to criticism that the special procedural requirements for flying inside the DC ADIZ were overly burdensome to operators, including some whose flight paths brought them no closer than 50 miles away from Washington, DC landmarks, the size of the ADIZ was reduced in size to a 30-mile ring around DCA in August 2007 (see Figure 3). 96 Federal Aviation Administration. "Enhanced Security Procedures for Operations at Certain Airports in the Washington, DC Metropolitan Area Special Flight Rules Area; Final Rule." Federal Register, 67(33), 7538-7545 (February 10, 2005). 97 Title 49 Code of Federal Regulations, Part 1562, Subpart A. riA ecapsriA ,CD ,notgnihsaW eht fo snoitarugifnoC tnerruC dna suoiverP .3 erugiF )ZRF( enoZ detcirtseR thgilF dna )ZIDA( enoZ noitacifitnedI esnefeD .)SMATON( nemriA ot secitoN AAF elbacilppa no desab cihparg dna sisylana SRC :ecruoS Prior to this resizing of the ADIZ, the area covered by the ADIZ consisted of the 30-nautical mile ring around DCA plus the additional airspace extending for 20 nautical miles around both Dulles International (IAD) and Baltimore/Washington Thurgood Marshall International (BWI) airports. During that time, the ADIZ has a lateral extent--not including the FRZ which it completely encapsulates--of more than 3,000 square nautical miles. As a result of the August 2007 change made by the FAA, the size of the ADIZ was reduced to an area roughly 2,000 square miles in size. Thus, the area included in the ADIZ was reduced by roughly one-third as a result of this change. Like the FRZ, the ADIZ extends from the surface to 18,000 feet, and this has remained unchanged. Along with this reduction in the size of the ADIZ the FAA implemented a new speed restriction around Washington, DC, limiting aircraft operating below 18,000 feet outside the ADIZ but within 60 nautical miles of DCA to speeds below 230 knots. The rationale for this being that faster moving aircraft would offer less time to prepare and launch defensive measures to prevent a possible terrorist attack using aircraft. By imposing a speed restriction, airspace security monitors could more rapidly identify fast-moving threats and initiate a defensive response. The GA community has not voiced any particular opposition to this measure, in large part, because only a relatively small percentage of GA aircraft are even capable of speeds greater than the 230 knot limit. While the ADIZ, in both its previous and current form, has been established as a temporary flight restriction, it is expected that the FAA will seek to make the current ADIZ airspace configuration and special procedures permanent. However, when the FAA proposed to make the ADIZ in its prior form permanent in August 2005, it was barraged by more than 20,000 public comments, almost all opposing the plan.98 The AOPA, in particular, strongly opposes making the ADIZ permanent, and contends that the ADIZ confuses both pilots and controllers, diverts controller's attention from their primary aircraft separation duties, causes considerable departure delays for GA flights, and confines training flights to limited airspace creating a potential safety hazard.99 The AOPA also asserts that flight activity at airports within the ADIZ has decreased by about 30 to 50 percent since the ADIZ was put in place, and fuel sales at area airports have declined by as much as 45 percent.100 Implementing ADIZ procedures also involves a sizable federal investment, costing about $11 million annually, according to FAA estimates for additional air traffic controllers and equipment to monitor flights in the ADIZ.101 The AOPA has consequently voiced concern that "[i]f the ADIZ is not eliminated or modified, it will permanently jeopardize the economic viability of general aviation operations in the Washington area."102 Critics of the ADIZ have viewed the reduction in its size as a positive step toward reducing the operational burden associated with the special flight procedures required to operate inside the ADIZ, although the AOPA and others maintain that the ADIZ should be completely eliminated and replaced with less burdensome measures that can provide an equivalent level of security. ˘ Other than the airspace restrictions around Washington, DC, various security-related flight restrictions have been put in place to protect national security interests and ostensibly to protect potential high-profile terrorist targets from aerial attacks. At various times since September 11, 2001, flight restrictions have been imposed to protect airspace around major U.S. cities and other potential terrorist targets. For example, during the build up toward the war in Iraq in early 2003, additional airspace restrictions were put in place around New York City, Chicago, and Disney theme parks in addition to establishing the ADIZ around Washington, DC to augment the FRZ that had already been put in place following the terrorist attacks of September 11, 2001. Flight restrictions around major cities besides Washington, DC were lifted, but have been reinstated for brief periods during times when the national security threat level has been elevated or when special events warranted the establishment of temporary flight restrictions. However, the flight restrictions around Disney theme parks have continuously remained in effect and are now mandated in statute. In addition to these restrictions, the Consolidated Appropriations Act of 2004 (P.L. 108-199, Sec. 521) establishes permanent flight restrictions over stadiums and motor 98 See DOT Docket No. FAA-2004-17005, available via dms.dot.gov. 99 Aircraft Owners and Pilots Association, Air Traffic Services Brief: Security Officials Want Washington, D.C., Air Defense Identification Zone (ADIZ) to Be Made Permanent, Frederick, MD, Updated Wednesday, August 29, 2007. 100 Ibid. 101 Federal Aviation Administration. "Washington, DC Metropolitan Area Special Flight Rules." 102 Ibid. speedways during Major League Baseball (MLB) games, National Football League (NFL) and National Collegiate Athletic Association (NCAA) division I football games, and major auto racing events. These flight restrictions establish a three nautical mile radius around the effected facility extending from the surface to 3,000 feet. GA aircraft are generally prohibited from this airspace, but exceptions may be made for flight operations directly related to the sporting event, broadcast coverage of the sporting event, or to provide safety and security for the event. Exceptions may also be made in cases where the venue is in close proximity to an airport, in which case aircraft may enter into the restricted area if necessary to land or takeoff from the airport using standard air traffic procedures. These restrictions have been criticized by some because they are selective in the events that are covered by the statutory mandate and therefore do not encompass all large-scale outdoor assemblies. The restrictions have also been criticized because the relatively small size of restricted airspace, while often interfering with flight operations, is considered by many to provide an inadequate perimeter for establishing adequate airspace protections to the sites they are intended to protect. In addition to the stadium and theme park overflight rules, the temporary flight restricted areas put in place around sites visited by the President are particularly troublesome for many pilots. Unlike the stadium and Disney theme park areas which encompass a relatively small footprint, the flight restrictions put in place for presidential visits encompass a much wider area. The area of these restrictions has grown from a 3-mile radius extending 3,000 feet in altitude before 9/11, to a 30-nautical mile radius reaching up to 18,000 feet in altitude. This effectively increased the footprint of the restricted airspace around the President from just over 28 square miles to more than 2800 square miles, and increased the cubic volume of protected airspace around the President by 600%. Typically, during a presidential visit, GA flights are completely prohibited within 10-nautical miles of the designated site. Between 10 and 30 nautical miles from the designated site, flights below 18,000 feet must be on active flight plans and in constant communication with air traffic controllers. The fact that these airspace restrictions to protect the President are often put in place with little advance notice has the potential of catching pilots off guard. Because these presidential movement temporary flight restrictions (TFRs) change dynamically with the President's schedule, pilots can be easily misinformed or confused about the specific location of the restricted airspace and the effective times of the restrictions, which usually includes a block of time around the President's expected presence but can change on short notice. Also, these restrictions are often defined in terms that may not be meaningful to GA pilots whose aircraft may lack the navigational capability to identify the boundaries of restricted areas. The FAA and user groups such as AOPA have worked to increase pilot awareness regarding the movements of the President and provide pilots with up to date information regarding presidential movement TFRs including graphical depictions of affected airspace. Nevertheless, identifying these airspace boundaries continues to be a challenge, particularly to pilots flying primarily by visual means and relying on landmarks on the ground to avoid airspace incursions. The AOPA and other GA advocacy groups have questioned the need for restrictions over such a wide area and have lobbied to keep the impacts of these security measures on airspace accessibility to a minimum.103 103 See, e.g., Aircraft Owners and Pilots Association. Members of Congress Join AOPA Outcry Over Presidential Movement TFRs. Frederick, MD; May 16, 2003. ˘ Besides these specific objections to security-related flight restrictions, many aviation interests and homeland security specialists have raised broader policy questions about the effectiveness of these various airspace restrictions and special operating procedures, noting that enforcing airspace restrictions is costly and resource intensive and providing protection to defend sites against aerial attacks is an even greater challenge. The resource requirements and associated costs for monitoring restricted airspace and providing airspace protection around critical sites raise policy questions regarding the appropriate balancing of these measures with efforts to address other homeland security threats, and the effect of these measures on air commerce and the freedom of movement by air. Surveillance and monitoring capabilities present a significant challenge for protecting airspace. This is, in part, because detailed information on specific GA aircraft is not provided to air traffic controllers and airspace monitors unless the aircraft is transmitting a unique identifying code to air traffic radar sites. Under the current radar system, providing GA aircraft with unique identifiers and tracking all GA aircraft could, at times, prove overwhelming for air traffic controllers. Under present day air traffic control procedures, pilots must file flight plans, receive unique identifier codes to transmit, and make radio calls to air traffic controllers to establish "radar contact" allowing controllers to identify and track a specific flight. Under normal circumstances in clear weather, many flights never file a flight plan nor contact air traffic controllers because they are not required to do so. But, to operate inside certain restricted airspace like the Washington, DC ADIZ, pilots must follow the aforementioned procedures for filing flight plans, transmitting unique identifying codes, and communicating with air traffic controllers-- procedures that are often workload intensive for both pilots and controllers. Technologies may provide a solution that could ease pilot and controller workload associated with these transactions. For example, Mode S transponders are capable of automatically relaying detailed aircraft identifier information to air traffic radars, but most smaller GA aircraft do not have this technology and it is expensive to install. Similarly, emerging technology called Automated Dependent Surveillance-Broadcast (ADS-B) can transmit detailed aircraft information to ground stations and other aircraft, but this new technology is only beginning to become available and surveillance capability is not yet available in all parts of the United States. While ADS-B shows significant promise for improving safety as well as security, the FAA is still developing its investment strategy in this technology. In the meantime, surveillance of GA aircraft must rely on current radar capabilities, involving close coordination between pilots and air traffic controllers. This imposes additional workload on both pilots and controllers. This increased workload has a direct bearing on FAA resources. For example, the FAA estimates that making the Air Defense Identification Zone (ADIZ) around Washington, DC permanent will cost about $11 million per year, mostly linked to increased labor costs associated with processing flight plans and providing air traffic services to aircraft operating under visual flight rules (VFR) that would otherwise present little or no impact on the air traffic control system.104 104 Aircraft operating under VFR may, on occasion, request traffic advisories or "flight following" from air traffic controllers on a workload-permitting basis. However, except for regulations established for security monitoring purposes, VFR aircraft are not required to interact with air traffic services unless flying in specially designated airspace near towered airports or above 18,000 feet. While security measures are being implemented authorizing certain GA operations within the restricted airspace, curtailing frequent inadvertent airspace violations by unauthorized aircraft that complicate surveillance and defense efforts is an ongoing challenge. According to NCR Command Center statistics, there were almost 3,500 airspace incursions between January 27, 2003, when the center first opened, and July 17, 2005--a rate of almost four incidents per day. On 655 of these occasions, "government assets" were deployed or diverted to intercept the intruding aircraft. Based on this experience, about one in every five to six incursions requires an intercept, and this occurs about five times a week. However, all but one of these incidents was inadvertent. In three high-profile incidents, all inadvertent, the U.S. Capitol was evacuated, raising concerns over the adequacy of airspace protections among lawmakers. Curbing inadvertent violations is likely to become increasingly important as more GA operations return to DCA and the three Maryland airports within the FRZ, making the task of surveillance and tactical response all the more critical. Pilot training is likely to be an important tool for mitigating these inadvertent airspace violations. In fact, significant efforts have been made by user groups such as the AOPA, in coordination with the FAA, to increase pilot awareness and understanding of the airspace restrictions and provide training materials via the Internet to pilots regarding security-related flight procedures, including training on operating in the Washington ADIZ airspace. Besides this information and training, additional measures to improve in-flight situational awareness may help curtail inadvertent airspace violations. Available technologies may provide GA pilots with improved positional awareness to avoid airspace violations. For example, global positioning satellite (GPS) moving map displays can provide pilots with precise navigation capabilities. These systems are now widely available for use in GA aircraft and could be programmed to include features to raise situational awareness regarding airspace restrictions and requirements. A more controversial option under consideration is stiffer penalties and stepped-up enforcement for airspace violations. User groups oppose additional punitive actions beyond those already available to the FAA and point out that the threat of a shoot-down is already a strong enough deterrent for pilots to take heed. Besides the resources and costs associated with monitoring flights, the capability to establish formidable airspace protections in restricted airspace is a central issue for homeland security. The effectiveness of airspace protections and interagency coordination in providing homeland security and defense is at the crux of the policy debate over effective airspace security. This is because airspace restrictions by themselves are not particularly useful tools unless a coordinated response to protect critical assets within those protected areas are effective. Merely relying on enforcement tools is not likely to be of significant benefit because terrorists are likely to care little that they are violating airspace restrictions in carrying out an attack. The North American Aerospace Defense Command's (NORAD's) Operation Noble Eagle is charged with the task of interdicting aircraft believed to pose a national security risk. Since September 11, 2001, fighter jets have scrambled to respond to almost 2,000 domestic air security events.105 While these incidents include escorts of international passenger airliners where passengers' names matched information in terrorist databases, the large majority of these 105 First Air Force. Operation Noble Eagle: Defending America's Skies. Tyndall Air Force Base, FL. interdictions involved intercepts of small GA aircraft that strayed into restricted or prohibited airspace. In the environment of heightened security since the 9/11 attacks, the FAA, NORAD, and aviation user groups such as the AOPA and the NBAA have made extensive efforts to heighten pilots' awareness regarding airspace restrictions and proper procedures to follow if intercepted by DHS, law enforcement, or military aircraft. Despite these intensified efforts to protect major metropolitan areas and critical sites from aerial attacks, it has been reported that military officials have concluded that stopping a 9/11-style attack would be difficult unless fighter jets were already airborne.106 Maintaining a constant airborne defense presence, however, would be extremely costly and resource intensive. Ground- to-air missiles have been deployed around Washington, DC, but are largely seen as a measure of last resort for protecting a limited number of key locations against an aerial attack, whether that attack may involve GA aircraft or commercial airliners.107 Because of the continuing challenges in providing effective national airspace defenses, the adequacy of airspace protection initiatives will likely depend on close cooperation and coordination between the FAA, the DHS, and the DoD as well as effective command and control within each of these organizations. Presently, event response is coordinated through the FAA's Domestic Events Network (DEN), a continuously operated unclassified network for sharing critical incident information regarding aircraft deviations and violations of security restricted airspace, and the TSA's Transportation Security Operations Center (TSOC), the central hub for exchanging information regarding aviation threats located in Herndon, VA. The function of these facilities is to provide a shared situational awareness of aviation threats including, but not limited to, threats posed by GA aircraft. Besides the TSA, NORAD, and the FAA, other key agencies involved in airspace surveillance and protection include the Coast Guard and Customs and Border Protection (CBP), which provide air interdiction and situation response within the DHS, as well as the Federal Bureau of Investigation (FBI).108 These agencies also coordinate with federal, state, and local law enforcement to integrate threat response. Coordinated threat response was observed in the May 11, 2005 event where an errant small private airplane penetrated deep into the FRZ around Washington, DC. The coordinated response to this threat included deployment of fighter jets, helicopters from the United States Coast Guard, and federal and state law enforcement assets to interdict and intercept the aircraft. While the response to this perceived threat was by most accounts well coordinated, concerns have been raised that response to a more formidable threat, such as a faster moving aircraft attempting to evade airspace protections and defenses may be much more difficult to interdict and may require a carefully orchestrated response involving close coordination between responsible agencies. While these agencies continue to assess and refine their monitoring and response capabilities, Congress may continue to conduct oversight of interagency coordination to ascertain whether there is an adequate level of preparedness to deal with airborne threats, including threats posed by GA aircraft, and assess whether steps taken to protect critical assets from aerial attacks do not unduly burden GA operators or compromise flight safety. While the focus to date has been airspace protection in and around Washington, DC, Congress may also examine whether the capability and coordination between federal, state, and local agencies to monitor and protect 106 Associated Press. "Intercept Tests Show U.S. Air Vulnerability." January 15, 2004. 107 Statement by Honorable Paul McHale, Assistant Secretary of Defense for Homeland Defense before the Committee on Government Reform, United States House of Representatives, July 21, 2005. 108 Ibid. airspace in other areas of the country is adequate and appropriately balances homeland security needs with air commerce and aviation safety concerns. GA security was a topic of considerable legislative interest during the 109th Congress. Based on a Senate-passed amendment introduced by Senator Clinton (S.Amdt. 1106 to H.R. 2360), conference report language in the FY2006 DHS Appropriations Act (P.L. 109-90) required the DHS, in coordination with the Department of Transportation, to "...study the vulnerability posed to high-risk areas and facilities from general aviation aircraft that could be stolen or used as a weapon against those areas." Areas to be considered in the assessment included critical transportation infrastructure, nuclear facilities, military bases, and highly populated areas with similarly situated critical infrastructure. The analysis was required to identify vulnerabilities at GA airports, the sufficiency of existing security measures, and any additional security measures that could be implemented. Additional legislation introduced in the House sought site-specific measures to improve security at GA airports. The Strengthen Aviation Security Act (H.R. 2649), introduced by Representative Markey on May 26, 2005, would have required airport operators to develop site-specific vulnerability assessments for each GA airport and develop a plan for addressing vulnerabilities identified within one year of enactment. H.R. 2649 would also have required background checks and terrorist database screening for individuals with access to general aviation aircraft. The bill would have also required all GA aircraft to be secured by visible immobilizing devices such as prop locks while parked at GA airports. In addition to these measures, H.R. 2649 called for establishing no-fly zones during periods of high terrorist threat levels and any other applicable times identified by the DHS around all sensitive nuclear facilities, chemical facilities where a release of hazardous materials could endanger one million or more lives, and any other facilities designated by the Secretary of Homeland Security. Also during the 109th Congress, Representative Sweeney introduced the General Aviation Security Act of 2005 (H.R. 3397). This bill would have required all operators of public and private-use airports in the United States to register with the DHS and undergo a registration renewal process every three years. The proposed registration process was to include a security plan documenting site-specific security procedures consistent with the TSA's most recent security guidelines for GA airports. In developing security plans, operators would have been required to provide a written description of how the airport has addressed each recommendation or justify why a particular recommendation was not adopted. The legislation called for using self- assessment tools (such as the GA VISAT) to identify airport characteristics for security purposes in the development of airport-specific security plans. In addition to providing security plans to the DHS as part of the registration process, airports would have also been required to submit their security plans to local law enforcement agencies having jurisdiction over the airport. H.R. 3397 also would have mandated that all public-use airports: · Ensure that all aircraft crews verify the identity of all aircraft passengers; · Maintain logs of all transient aircraft for a minimum of five years; · Make a list of emergency telephone contacts available to all airport personnel; · Restrict the access of unlicensed individuals and student pilots to aircraft keys; · Require aircraft renters to present government-issued identification in addition to their pilot's license; · Post applicable security warning signs and advisories where appropriate; · Provide emergency responders with confidential emergency locator maps of the airport identifying items such as runways, ramp areas, fence lines, and gates; and · Familiarize local law enforcement with the airport and consult with them in developing security procedures. Additionally, at all GA airports--both public-and private-use--all aircraft would have been required to be double-locked with one external lock and one lock inside the aircraft. Also, at all GA airports, hangars would have been required to be locked when not in use and adequate fencing would have been required for secure areas. Besides these more comprehensive measures addressing GA security, concerns over airspace violations that complicate the task of protecting critical assets from aerial attack prompted the introduction of legislation in the 109th Congress calling for stiffer fines for airspace violators and mandatory pilot training on airspace restrictions. In response to concerns over frequent violations of restricted airspace near Washington, DC, Representative Blunt introduced the Capitol Airspace Enforcement Act (H.R. 3465). The bill called for civil penalties ranging from $10,000 up to $100,000 for violations of the 15-mile radius Flight Restricted Zone (FRZ) around Washington, DC, and fines of up to $5,000 for violations of security protocols while operating in the larger Air Defense Identification Zone (ADIZ). The measure also included a requirement for mandatory pilot training regarding the airspace restrictions and proper operating procedures and compliance with airspace restrictions. While this legislation was not passed, the FAA issued a proposal to require special security procedures awareness training for all pilots operating aircraft under visual flight rules within 100 nautical miles of Washington, DC.109 This proposal, however, has been criticized by the AOPA which believes that a 100-mile radius is too large and thus would unnecessarily mandate additional training for many pilots that never operate in or near the Washington, DC ADIZ. The FAA has developed a Washington, DC ADIZ training module for GA pilots; however this training is currently optional. Nationwide, in the five-year period following the 9/11 Attacks, the FAA has documented more than 6,500 violations of security restricted airspace, with almost 50% of these occurring in the airspace around Washington, DC. Airspace security procedures training for pilots is seen as an important step toward curtailing inadvertent violations. However, these statistics suggest that, while the greatest need appears to be for training regarding the Washington, DC airspace, increased training and awareness of airspace restrictions in other part of the country may also be needed. 109 Department of Transportation, Federal Aviation Administration, "Special Awareness Training for the Washington, DC Metropolitan Area," Federal Register, 719128), pp. 38118-38125. While GA advocacy groups, like the AOPA and the NBAA, support education and training for pilots flying in and near restricted airspace and have taken considerable steps on their own initiative to provide educational materials regarding the airspace restrictions, they strongly oppose stricter penalties and believe that administrative actions and fines already available to the FAA along with the potential threat of a shoot down already serve as sufficient deterrents for inadvertent airspace violations.110 During the 109th Congress, these groups have voiced significant concerns over the impact of airspace restrictions and homeland security regulations on air commerce and the freedom of movement by air. These groups have also opposed comprehensive legislative measures, such as H.R. 3397, that sought to mandate broad security requirements over the wide range of GA airports and operations cautioning that imposing such mandates "...would be ridiculously expensive, is unnecessary, and ignores the guiding principle of making investments in security based on risk."111 In response to this criticism, attempting to tailor homeland security policy to fit the risk posed by widely varied GA operations, allocating budgets and resources to address security priorities, and addressing concerns about potentially impeding air commerce or compromising aviation safety are likely to remain ongoing challenges for the Congress. Given recent indications of continued congressional interest in GA security issues, the various legislative proposals offered during the 109th Congress may be revisited during the 110th Congress. Several Members of Congress have expressed continued interest in the security of general aviation operations. At a January 17, 2007 hearing held by Senate Committee on Commerce, Science, and Transportation, Senator Rockefeller raised security concerns over small general aviation aircraft, and urged the TSA to increase staffing and resources devoted to GA security. TSA Administrator, Kip Hawley, responded that a more robust plan for enhancing GA security is forthcoming,112 however the TSA has not yet proposed any specific regulatory changes related to GA operations. In the interim, GA industry observers anticipate that increased random inspections of GA aircraft, particularly on GA ramps at larger commercial airports, are likely to increase in the near term. Further congressional oversight of GA security efforts and the introduction of related legislation is anticipated during the 110th Congress. The Implementing the 9/11 Commission Recommendations Act (P.L. 110-53) includes a specific section (Sec. 1617) on requires the TSA to develop and implement a standardized threat and vulnerability assessment program for general aviation airports, and implement that program at selected GA airports based on risk. Also, the act requires the TSA to complete a feasibility study to assess the concept of providing grants to GA airport operators for security enhancements. If deemed feasible, the bill authorizes the implementation of such a grant program. The act also includes a specific mandate requiring GA aircraft operators to submit passenger information and advance flight notification to U.S. Customs and Border Protection (CBP) before entering United 110 Spencer S. Hsu. "Bill Targets Errant Pilots." The Washington Post, August 22, 2005, p. B1. 111 Aircraft Owners and Pilots Association. Congressional Bill Threatens GA With Expensive Security Mandates. Frederick, MD (July 22, 2005). 112 Jonathan Marino, "Lawmakers Call on TSA to Step Up Inspections of Private Planes," Government Executive Daily Briefing, January 17, 2007. Washington, DC: National Journal Group, Inc. States airspace for vetting against appropriate databases. As previously noted, CBP has issued proposed rulemaking to carry out this mandate, but the CBP proposal is controversial because it appears to limit transmittal of the required flight information only be electronic means which may cause difficulties for flights operating out of remote locations that do not have easy access to the Internet. Bart Elias Specialist in Aviation Policy belias@crs.loc.gov, 7-7771 ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RL33194