http://www.oig.dot.gov/rss.jsp?subject=14 The 10 most recent releases on the U.S. DoT OIG web site related to Aviation Security en-US webmaster@oig.dot.gov (OIG Webmaster) http://www.oig.dot.gov/images/dot.gif http://www.oig.dot.gov/rss.jsp?subject=14 http://www.oig.dot.gov/item.jsp?id=2575 On November 18, 2009, the Inspector General testified on the Federal Aviation Administrations (FAAs) oversight of repair stations. Air carriers use of repair stations has risen dramatically in the last several years both in the volume and type of repairs outsourced. The Office of Inspector General (OIG) has reported since 2003 that FAAs oversight of aircraft repair facilities is not robust enough to ensure that outsourced repairs meet FAA standards. Specifically, FAA does not know where all critical outsourced repairs are performed for both certificated and noncertificated facilities. Instead, it relies heavily on air carriers oversight of repair stations even air carriers with known quality assurance problems. Several of the OIGs recommendations aimed at improving FAAs oversight of foreign and domestic repair stations remain open. Successfully implementing these recommendations would allow FAA to identify and target repair facilities in need of safety oversight as well as meet its statutory mandate to provide TSA with information needed to improve security oversight. Wed, 18 Nov 2009 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2575 http://www.oig.dot.gov/item.jsp?id=2576 Prior to the Transportation Security Administrations (TSAs) transition into the Department of Homeland Security, as part of an audit in 2003 of air carriers use of aircraft repair stations, the Department of Transportation Office of Inspector General reviewed security controls at these stations. Our audit (originally released on February 28, 2003) disclosed security vulnerabilities at repair stations located at commercial and generalaviation airports and off airport property. We recommended that TSA conduct riskbased security assessments as a first step in determining the actions needed to address repairstation security. This report has been redacted by TSA to protect security sensitive information. Wed, 18 Nov 2009 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2576 http://www.oig.dot.gov/item.jsp?id=2566 On November 2, we issued our final report on FAAs Progress in Enhancing Air Traffic Control Systems Security. The audit objectives were to determine FAAs progress in correcting security weaknesses previously identified in the air traffic control (ATC) system by assessing (1) the status of Business Continuity Plan implementation and (2) the enhanced methodology used in the certification and accreditation of air traffic control systems security at operational sites. The FAA made good progress in preparing the Technical Center to serve as the recovery site; yet several unresolved technical challenges, staffing issues, and funding requirements could delay recovery site readiness. Further, while FAA has enhanced the process of reviewing ATC systems security, the reviews were not properly carried out to ensure security protection of operational ATC systems. Mon, 02 Nov 2009 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2566 http://www.oig.dot.gov/item.jsp?id=2515 At the Request of Representative Daniel Lipinski of the House Committee on Transportation and Infrastructure, the Office of Inspector General plans to begin an audit of FAAs Organization Designation Authorization (ODA) and RiskBased Resource Targeting (RBRT) processes. The objectives of our audit are to determine: (1) the role FAA plays in the selection process for individuals who perform work under the Agencys ODA program; (2) the adequacy of FAAs safety oversight of the program; and (3) the effectiveness of FAAs RBRT assessment process. Thu, 16 Jul 2009 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2515 http://www.oig.dot.gov/item.jsp?id=2465 On May 4, 2009, we issued our report on Federal Aviation Administration (FAA) web applications security and intrusion detection in air traffic control (ATC) systems, requested by the Ranking Minority Members of the full House Transportation and Infrastructure Committee and its Aviation Subcommittee. The objectives of this performance audit were to determine whether (1) web applications used in supporting ATC operations were properly secured to prevent unauthorized access to ATC systems, and (2) FAAs network intrusiondetection capability was effective in monitoring ATC cybersecurity incidents. We found that web applications used in supporting ATC systems operations were not properly secured to prevent attacks or unauthorized access. During the audit, our staff gained unauthorized access to information stored on web application computers and an ATC system, and confirmed system vulnerability to malicious code attacks. In addition, FAA had not established adequate intrusiondetection capability to monitor and detect potential cyber security incidents at ATC facilities. The intrusiondetection system has been deployed to only 11 (out of hundreds of) ATC facilities. Also, cyber incidents detected were not remediated in a timely manner. Mon, 04 May 2009 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2465 http://www.oig.dot.gov/item.jsp?id=2219 On January 29, we issued a letter to Representative John Mica, Ranking Minority Member of the House Transportation and Infrastructure Committee and Representative Thomas Petri, Ranking Minority Member of the Committees Aviation Subcommittee, regarding our review of an incident at Oakland International Airport on September 27, 2007. The lawmakers requested that DOT/OIG review why 204 Marines and soldiers traveling on a North American Airlines chartered flight were denied access to the airport terminal during a layover. The service men and women were en route from Iraq to their home base in Hawaii.Our review found the following reasons for the action: (1) the airports concern that the flights ground staff could not provide an adequate level of escort and control of such a large group of military personnel in or around the terminal area; (2) absence of a coordinated policy for security screening between the Department of Defense (DOD) and the Department of Homeland Security (DHS); (3) miscommunication about the proper storage and safeguarding of weapons carried on board aircraft during the layover; and (4) lack of communication on accommodating requests from Marines and soldiers to be allowed into the passenger terminal.We recommended establishment of a task force comprised of representatives from the airlines, airports, the DOD, DHS and DOT to develop and implement a uniform process for handling members of the Armed Forces on all military chartered flights at U.S. commercial service airports. Tue, 29 Jan 2008 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2219 http://www.oig.dot.gov/item.jsp?id=2147 On October 17, 2007, the Inspector General testified on FAAs implementation of the Automatic Dependent SurveillanceBroadcast Program (ADSB) before the House Committee on Transportation and Infrastructure, Subcommittee on Aviation.The Inspector General discussed three major points. First, realistic expectations need to be set for what benefits ADSB will deliver in terms of capacity and delay reduction. Second, ADSB has demonstrated important benefits where radar coverage is limited, but implementing it nationwide will be a complex undertaking. Before FAA even considers the more advanced capabilities, ADSB must demonstrate the same level of service that radar now provides. Finally, FAA has decided to rely on a service contract approach for ADSB. This means that the Government will not own the ADSB ground infrastructure but will pay for broadcast services. An extraordinary level of contract oversight will be required. Our work shows that key areas for FAA oversight include managing requirements and having the right inhouse expertise and skill mix for effective management and oversight. This will be particularly important since FAA will not own the ADSB hardware, software, or infrastructure. We are concerned that FAA could find itself in a situation where it knows very little about the system that is expected to be the foundation of NextGen. FAA must take steps to ensure it effectively addresses this risk. Wed, 17 Oct 2007 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=2147 http://www.oig.dot.gov/item.jsp?id=1752 We issued a report to the FAA and the Department regarding physical security of FAA facilities and the Departments headquarters building. We examined the: (1) security processes and standards applied to FAA facilities; (2) access controls to FAAs staffed National Airspace System (NAS) critical facilities; and (3) security at FAA staffed facilities to ensure that contract security guards meet FAAs requirements for security training, weapons qualification, and background checks. As a result of our initial testing of the access controls at the two FAA Headquarters buildings and the fact that the same company provides security services at FAA and the Departments headquarters buildings, the Department asked that we include the Departments Headquarters building in our testing and security guard review. We made specific recommendations to strengthen physical security over FAA facilities and DOT Headquarters buildings. FAA and DOT management generally agreed our findings and has taken steps to strengthen existing access controls and to accelerate and complete security upgrades on the most mission critical facilities.The Department of Transportation has determined that this report contains Sensitive Security Information (SSI) as defined by 49 CFR Part 1520. Accordingly, it is not available for public inspection or copying. The regulations provide that, under the Freedom of Information Act (FOIA) and the Privacy Act, should a document contain both SSI and nonSSI information, the Department may disclose the document with the SSI information redacted, as long as this information is not otherwise exempt from disclosure under FOIA or the Privacy Act. Tue, 14 Feb 2006 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=1752 http://www.oig.dot.gov/item.jsp?id=1580 Tue, 14 Jun 2005 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=1580 http://www.oig.dot.gov/item.jsp?id=1389 Tue, 31 Aug 2004 00:00:00 GMT http://www.oig.dot.gov/item.jsp?id=1389