Securing General Aviation






Prepared for Members and Committees of Congress



General aviation (GA)—a catch-all category that includes about 54% of all civilian aviation
activity within the United States—encompasses a wide range of airports, aircraft, and flight
operations. Because GA plays a small but important role in the U.S. economy, improving upon
GA security without unduly impeding air commerce or limiting the freedom of movement by air
remains a significant challenge. However, policymakers have received mixed signals about the
relative security risk posed by GA, due to its diversity and a general lack of detailed information
regarding the threat and vulnerability of various GA operations. While some recent high-profile
breaches of GA security point to persisting vulnerabilities and limited intelligence information
suggest a continued terrorist interest in using GA aircraft, it is evident that GA airports, aircraft,
and operations vary considerably with regard to security risk. While the small size and slow speed
of most GA aircraft significantly limit the risk they pose, some experts still fear that they could be
used as a platform for a chemical, biological, radiological, or nuclear attack. Certain sectors of
GA, such as crop dusters and larger business aircraft, present more specific risks because of their
unique capabilities and aircraft characteristics.
Because various segments of GA differ significantly in terms of their perceived risk, mitigation,
strategies should arguably be tailored to some degree based on risk. Based on an analysis of risk,
a variety of options exist for mitigating security risks specific to GA airports and flight
operations. These include surveillance and monitoring; airport access controls; background
checks and vetting of pilots, airport workers, and others having access to GA facilities and
aircraft; and physical protections for airports and aircraft. Steps may also be taken to address
unique security risks in agricultural aviation, at flight schools, and among business and charter
operators. Besides these steps to enhance GA security at airport and operator sites, homeland
security efforts since 9/11 have focused extensively on restricting access to airspace around
sensitive locations and, more recently, stepping up monitoring and inspections of international
GA flights entering the United States. Airspace restrictions imposed on GA aircraft have been
highly contentious because they have a direct impact on the freedom of movement by air, they are
costly and resource intensive to implement effectively, and their effectiveness in preventing
terrorist attacks has been questioned by some.
GA security has been a topic of continued interest to Congress. The FY2006 Department of
Homeland Security Appropriations Act (P.L. 109-90) required the DHS to examine the
vulnerability of high-risk sites to possible terrorist attacks using GA aircraft. The Implementing
the 9/11 Commission Recommendations Act of 2007 (P.L. 110-53), enacted in August 2007,
requires the development and implementation of a standardized risk assessment program at GA
airports; establishes a grant program for enhancing security at GA airports, if such a program is
deemed feasible; and requires operators of GA aircraft to provide notification and passenger
information to the United States Customs and Border Protection (CBP) prior to entering U.S. th
airspace. Also, in the 110 Congress, various Members have urged the TSA to step up its
surveillance of GA operations, particularly operations of corporate and private jets. This report
will be updated as needed.






Introduc tion ..................................................................................................................................... 1
What is General Aviation?...............................................................................................................2
General Aviation Flight Operations...........................................................................................2
General Aviation Aircraft Types................................................................................................3
General Aviation Airports..........................................................................................................5
The Economic Impact of General Aviation...............................................................................6
The Security Challenge...................................................................................................................7
Security Vulnerabilities...................................................................................................................8
The Terrorist Threat.......................................................................................................................12
Risk Factors Associated with General Aviation............................................................................13
Possible Options to Mitigate the Security Risks of General Aviation...........................................16
Security Risk Assessments......................................................................................................17
Surveillance and Monitoring...................................................................................................20
Airport Watch Program.....................................................................................................21
Behavior Pattern Recognition...........................................................................................22
Airport Access Controls..........................................................................................................24
Background Checks and Vetting.............................................................................................25
Physical Security Measures for Airports.................................................................................28
Physical Security Measures for Aircraft..................................................................................29
Securing Agricultural Aviation Operations.............................................................................30
Flight School Security.............................................................................................................30
Security Best Practices for Business and Charter Aviation.....................................................31
The TSA Access Certificate Program...............................................................................31
Access to Ronald Reagan Washington National Airport..................................................32
Security Measures for Charter Operations........................................................................32
Vetting and Tracking GA Flights at the U.S. Borders.............................................................33
Airspace Restrictions..............................................................................................................35
Airspace Restrictions Around Washington, DC................................................................36
Security-Related Flight Restrictions Throughout the United States.................................39
Presidential Airspace Restrictions.....................................................................................40
Policy Issues Regarding Airspace Restrictions.................................................................41
Surveillance and Monitoring of Restricted Airspace........................................................41
Curbing Airspace Violations.............................................................................................42
Airspace Protection and Homeland Defense....................................................................42
Related Legislative Proposals Offered in the 109th Congress.......................................................44
Oversight and Legislative Action in the 110th Congress...............................................................46
Figure 1. United States General Aviation Fleet Composition and Hours Flown (2005
Data) .......................................................................................................................... ................... 4
Figure 2. Annual Number of Aircraft Thefts and Thefts of Avionics and Parts from
Aircraft in the United States (1990-2006)...................................................................................11





Figure 3. Previous and Current Configurations of the Washington, DC, Airspace Air
Defense Identification Zone (ADIZ) and Flight Restricted Zone (FRZ)...................................38
Table 1. U.S. General Aviation Fleet and Activity (2005 Data)......................................................3
Author Contact Information..........................................................................................................47






When the term general aviation (GA) is mentioned, the image most likely to be conjured is one of
a small single-engine airplane droning over America’s farmland on a tranquil summer’s day. In
the post-9/11 context, this pastoral image of GA has been tarnished to a degree by knowledge that
the 9/11 hijackers trained in small general aviation aircraft in the United States, and amid
lingering concerns that GA aircraft could be used to carry out a future terrorist attack. While some
recent high-profile breaches of GA security have pointed to persisting vulnerabilities, and limited 1
intelligence information may suggest a possible terrorist “fixation” on using aircraft to attack
U.S. interests, GA aircraft vary considerably with regard to the risks they pose. The security risk
posed by a small single-engine airplane operating in rural settings is intuitively quite different
from the risk characteristics of large business jets operating in and near major metropolitan areas.
Most experts agree that an adaptive, risk-based approach to securing GA aircraft and airports that
takes into account the unique characteristics of the various distinct components of GA is needed
to assure that security needs are adequately met and balanced with economic and operational 2
considerations of the GA industry.
Policymakers have received mixed signals about the relative risk posed by general aviation.
While the 9/11 Commission asserted that “[m]ajor vulnerabilities still exist in ... general aviation 3
security,” the commission did not further elaborate on the nature of those vulnerabilities nor did
it make specific recommendations pertaining to GA security. The FAA has noted that
[w]hile the DHS has no specific information that terrorist groups are currently planning to
use general aviation (GA) aircraft to perpetrate attacks against the United States, it remains
concerned that (in light of completed and ongoing security enhancements for commercial
aircraft and airports) terrorists may turn to GA as an alternative method for conducting 4
operations.
In other words, while GA aircraft and airports may not be optimally suited for terrorist objectives,
the hardening of commercial operations may make them an attractive alternative to terrorists
seeking to identify and exploit vulnerabilities in aviation security. In this context, GA airports and
aircraft are viewed as comparatively soft targets that may be exploited by terrorists because of
known weaknesses and vulnerabilities. This view focuses primarily on the vulnerability of
general aviation and does not systematically assess risk with regard to the interaction between
these vulnerabilities, the threat posed by GA aircraft, and the potential consequences of a terrorist
attack using GA aircraft. In fact, there is considerable debate over the threat element of the risk
equation for GA operations. While GA advocates argue that the threat is minimal, some
policymakers and security experts have expressed concern that, to the contrary, GA may pose a
significant security threat. Part of the difficulty in resolving this debate is the diversity of

1 See Associated Press.U.S. Uncovers Al-Qaida Plot in Pakistan; The Terrorist Group Allegedly Planned to Fly an
Airplane into the American Consulate. Telegraph-Herald (Dubuque, Iowa), May 3, 2003, p. A7.
2 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security
(October 1, 2003); and Transportation Security Administration, Security Guidelines for General Aviation Airports.
Information Publication A-001 (May 2004).
3 National Commission on Terrorist Attacks Upon the United States. The 9/11 Commission Report. New York: W.W.
Norton & Co., p. 391.
4 Federal Aviation Administration.Washington, DC Metropolitan Area Special Flight Rules Area; Proposed Rule.”
Federal Register(70) 149 (August 4, 2005), p. 43251.





operations and aircraft types that make up GA, making a single threat assessment for all sectors
of the GA industry arguably inappropriate. To put the threat into context, the following discussion
provides an overview of the variety of aircraft types, flight operations, and airport characteristics
that make up GA. This discussion is followed by an analysis of the existing vulnerabilities in GA
security, the terrorist threat posed by GA aircraft, the potential consequences of an attack using
various GA aircraft, and how these elements factor into a risk-based assessment of GA security.
Based on this analysis, possible approaches and ongoing initiatives to enhance GA security are
discussed.

In a sense, general aviation (GA) is a catch-all phrase that encompasses about 54% of all civil 5
aviation activity within the United States, measured in terms of overall airport flight operations.
Therefore, it is often easier to frame general aviation in terms of what it is not rather than what it
is. In this context, GA refers to most aviation operations not conducted by scheduled passenger
airlines, large air cargo operators, or the military. To add to the confusion, commercial charter
operations are often grouped in with GA and non-revenue flights, such as maintenance test flights
and repositioning flights conducted by passenger and cargo airlines, are usually operated under 6
regulations often regarded as “general aviation” flight rules. Thus, virtually all flight activity
outside the scope of scheduled passenger or cargo air carrier flights and military operations may
be considered GA. This encompasses a wide variety of aircraft types and flight operations. Table

1 shows the distribution of aircraft and flight operations formally categorized as GA.


As indicated in Table 1, recreational flying in personal aircraft (personal flying) and flight
instruction, the typical activities one might expect to see at a small to mid-sized GA airports,
account for close to half of all GA operations and comprise about 79% of all aircraft in the total
GA fleet. Business and corporate flying—which encompasses anything from small businesses
flying cancelled checks or regional salesmen flying to customer sites in small single-engine
aircraft, to companies ferrying crews to offshore oil rigs by helicopter, to operations of large
corporate jets and professionally managed fractional-ownership fleets—makes up about one-
quarter of all GA operations and slightly less than one-quarter of all GA aircraft. On-demand
charter services, referred to as air taxi services, along with air tours and chartered sightseeing
flights, are also considered GA operations, and these types of flying activity combined account
for about 13% of all general aviation operations. In addition to these major categories, there are a
wide variety of additional GA operations—such as aerial advertising (e.g., banner towing and
skywriting), aerial application (e.g., crop-dusting), aerial observation and other work (e.g., aerial
photography, aerial mapping and data collection, traffic reporting, and search and rescue), and
medical services (e.g., air ambulance and medical evacuation)—that account for the remaining

17% of all GA operations.



5 CRS calculations based on Federal Aviation Administration. FAA Aerospace Forecasts—Fiscal Years 2007-2020.
March 2007.
6 The set of regulations specified in Title 14, Code of Federal Regulations, Part 91—General Operating and Flight
Rules, apply to all civil aircraft operating in the national airspace system. Like GA aircraft, non-revenue airline flights
are subject to these rules, but are not subject to additional safety and security regulations specifically applicable to
revenue air carrier operations.





Table 1. U.S. General Aviation Fleet and Activity (2005 Data)
Number of Percent of GA Hours Flown Percent of
CATEGORY Aircraft Fleet (Millions) Operations
Personal 151,400 67.5 9.3 34.4
Business 25,500 11.4 3.2 11.9
Instructional 13,400 6.0 3.6 13.3
Corporate 10,600 4.7 3.1 11.5
Air Taxi/Charter 6,900 3.1 2.9 10.7
Aerial 4,700 2.1 1.3 4.8
Observation
Aerial Application 3,500 1.6 1.0 3.7
Medical Services 1,400 0.6 0.7 2.6
Sightseeing 900 0.4 0.2 0.7
Aerial Other 800 0.4 0.1 0.4
Other Work 700 0.3 0.2 0.7
Air Tours 600 0.3 0.4 1.5
External Load 200 0.1 0.1 0.4
Unspecified 3,800 1.7 0.9 3.3
TOTAL 224,400 100.0 27.0 100.0
Source: U.S. Department of Transportation, Federal Aviation Administration. Administrator’s Fact Book (April
2007).
Because of the diversity of operations considered under the broad definition of general aviation,
GA encompasses a wide spectrum of aircraft types. Registered general aviation aircraft in the
United States—numbering slightly more than 220,000—range in size and purpose from very light
sport aircraft with maximum takeoff weights of less than 1,320 pounds used strictly for
recreational flying to very large business jets weighing more than 100,000 pounds used for long-
range transcontinental and international travel. The composition of the current GA fleet, along
with total hours flown in each aircraft category, is shown in Figure 1. Single-engine piston
aircraft make up the large bulk of the fleet (66%). The large majority of these aircraft are
comparably small in size, most weighing less than 5,000 pounds maximum takeoff weight
including payload. Experimental aircraft, mostly small home-built airplanes, make up an
additional 11% of the current fleet. Thus, while GA is quite diverse, the typical image of a GA
aircraft as a small, light, single-engine airplane is an accurate portrayal of the large majority of
GA aircraft, accounting for slightly more than three-quarters of all GA aircraft.





Figure 1. United States General Aviation Fleet Composition and Hours Flown (2005
Data)
Source: Federal Aviation Administration, FAA Aerospace Forecasts—Fiscal Years 2007-2020, March 2007.
Although turbojet aircraft are a fast-growing segment of the GA fleet, they make up only about

4% of the current GA fleet, and this is not expected to change much over the next 12 years.


Nonetheless, the growing number of turbojet aircraft has important implications for GA security
as these heavier, faster, and more capable aircraft become more and more prevalent. While the
numbers of GA piston and turboprop aircraft are expected to remain essentially flat for the
foreseeable future, the number of GA turbojets is forecast to grow at a brisk pace of 4.1% per year
over the next 12 years. By 2018, it is expected that there will be about 18,000 GA turbojets in
service in the United States, compared to an estimate of slightly more than 10,000 in 2006.
Turbojet flight activity is expected to grow at an even faster rate of 9.4% annually through 2020.
Turbojet flight activity is expected to make up about 31% of all flight hours flown by GA aircraft
in 2020, more than double the 14% of the total GA flight hours flown in turobjets in 2005. By

2020, total turbine operations—which include turbojets, turboprops, and turbine rotorcraft—are 7


expected to make up 48% of all GA flight activity, compared to about 31% in 2005.

7 Federal Aviation Administration. FAA Aerospace Forecasts—Fiscal Years 2007-2020. March 2007.





While the number of GA turbojets is expected to increase dramatically over the next 12 years, it is
important to bear in mind that small, single-engine aircraft will remain the large majority of the
GA fleet by 2020. The FAA expects that through 2020, propeller-driven single-engine airplanes,
two-seat light sport aircraft, and small home-built experimental airplanes will continue to make
up more than 73% of the GA fleet, spurred by large projected growth of the fledgling light sport 8
aircraft category. Security experts recognize that both the threats and vulnerabilities of these
smaller aircraft are significantly different from the threats and vulnerabilities of medium and large
sized GA turbojets and turboprops. Another segment of the GA industry is helicopters (rotorcraft),
which make up only about 4% of the total GA fleet but are involved in several diverse and unique
flight operations that introduce their own distinct set of security threats and vulnerabilities. The
diversity of GA aircraft types and operations flown suggests that a one-size-fits-all approach to 9
security is not practical—a tenet that both the GA industry and the TSA agree on.
Like GA flight operations and aircraft types, general aviation airports also vary significantly in
their size and purpose and range from unpaved private airstrips with runways less than 2,000 feet
in length located in remote, unpopulated areas to busy general aviation reliever airports situated
in major metropolitan areas and converted military airbases with runways of sufficient length to
handle the largest of jets.
In the United States, there are more than 19,000 total landing facilities including both public-and
private-use facilities. Only about 450 of these airports serve regularly scheduled commercial
passenger flights. The remainder consists of a wide variety of GA airports, heliports, and seaplane
bases. Of these, almost 5,000 are public use, of which about 3,500 have paved runways. A large
number of private use airports—more than 4,500 out of about 14,000 total airports—also have
paved runways. About 3,500 public use GA airports and another 1,000 private use landing 10
facilities have lighted runways for night operations. The FAA’s National Plan of Integrated
Airport Systems (NPIAS)—a compilation of those airports eligible for federal Airport
Improvement Program (AIP) funding because they are considered vital to the nation’s aviation
infrastructure—includes 274 GA reliever airports that primarily serve GA operations in major
metropolitan areas, plus slightly more than 2,500 additional GA airports—mostly located in rural
areas—that serve as critical links between various communities and the national airspace system.
Only these airports are specifically eligible for federal AIP funds to implement security
enhancements such as hangars to secure aircraft or improved perimeter fencing.
Airports that exclusively serve GA vary widely in terms of their proximity to densely populated
areas, their levels of activity, and the types of operations conducted. To illustrate, consider
Peachtree-Dekalb County Airport (PDK), a busy general aviation reliever located near Atlanta,
Georgia. According to the FAA, PDK experiences an average of 639 operations per day, 64% by nd
transient GA aircraft. According to a recent survey, PDK ranks 22 among the busiest GA 11
airports in the United States. While PDK has an air traffic control tower, even at this relatively

8 Ibid.
9 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security
(October 1, 2003); and Transportation Security Administration, Security Guidelines for General Aviation Airports.
Information Publication A-001 (May 2004).
10 Federal Aviation Administration. Administrator’s Fact Book (August 2005).
11 General Aviation Manufacturers Association. General Aviation Statistical Databook 2006 (Updated February 12,
(continued...)





busy airport, the tower closes during late night and early morning hours. Almost 600 aircraft are
based on the field including 56 jets and 13 helicopters. Contrast this with Red Stewart Airfield
(40I) in Waynesville, Ohio—a 2,400 foot long grass strip located roughly midway between
Dayton and Cincinnati. The airport—considered an “uncontrolled field” because it has no
operating control tower—sees less than 50 operations per day. The airport is home to only 42
aircraft—40 small single-engine airplanes and two gliders—that account for most (89%) of the
flight activity at the airport. While airports like Red Stewart Airfield do not appear to pose any
particular security risk, security concerns may be raised regarding similarly sized airports located
near critical assets. Consider Potomac Airfield (VKX) in Friendly, Maryland, which is located
about 12 miles southeast of Washington, DC. The airport houses about 80 based aircraft, almost
all of which are small single-engine airplanes, and sees only about 33 aircraft operations per day.
However, because of its close proximity to critical national assets in Washington, DC,
background checks are required for all pilots operating to and from the airport, and special
aircraft identification and tracking procedures have been established to closely monitor flight
activity at the airport. Thus, location in relation to major national security assets and other
potential terrorist targets is a key factor in determining appropriate security measures for GA
airports, as implementing measures like this at large numbers of small GA airports would likely
be impractical and, in many cases, would not be possible to implement effectively, given
currently available resources.
Most security experts agree that applying identical or inflexible security measures at GA airports
that vary so widely in their characteristics is likely to yield an unsatisfactory solution that could
either overburden small airport operators or fail to mitigate potential vulnerabilities unique to
specific airports or specific types of airports. Therefore, a risk-based strategy implementing
security measures tailored to the unique characteristics and vulnerabilities of specific airports is
generally thought to be preferable and has been advocated by aviation security experts and 12
representatives from the GA industry.
According to the FAA, general aviation directly generated $13.7 billion and 178,000 jobs in 2000
and its overall economic impact was $40.7 billion (roughly 0.4% of the Gross Domestic Product) 13
and 511,000 jobs. The U.S. Government Accountability Office (GAO) provided a much higher
estimate of the economic impact of GA, reflecting statistics often cited by the industry, stating
that GA accounts for about 1.3 million jobs and contributes about $100 billion to the U.S. 14
economy. While these larger figures probably take into consideration a broad reach of GA’s
indirect impact on travel and transportation-related business, the general picture provided by
these various statistics is that GA is a relatively small but important component of the U.S.
economy. As noted by the FAA, GA provides “on-the-spot efficient and direct aviation services to
many medium and small-sized communities that commercial aviation cannot or will not

(...continued)
2007). Washington, DC.
12 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security, and
Transportation Security Administration, Security Guidelines for General Aviation Airports.
13 Federal Aviation Administration. FAA Aerospace Forecasts, Fiscal Years 2005-2016.
14 U.S. Government Accountability Office. General Aviation Security: Increased Federal Oversight is Needed, but
Continued Partnership with the Private Sector Is Critical to Long-Term Success. (November, 2004) GAO-05-144.





provide.”15 GA also plays an increasingly important role in training pilots and mechanics to serve
the airline industry. Additionally, GA operations provide wide-ranging capabilities critical to our
economy such as emergency medical services, overnight package delivery to small and mid-sized
communities, helicopter transport to support oil drilling in offshore and remote locations, and the
aerial application of pesticides to support agriculture.
The potential economic impact of security on GA could be quite significant. Since the terrorist
attacks of September 11, 2001, GA airport operators and the industry have largely relied on their
own initiatives and resources to implement security enhancements. These efforts have been
somewhat limited because large scale security enhancements to protect GA assets across the
country are expected to be rather substantial. For example, responding to criticism over a
perceived lack of security at GA airports, Aircraft Owners and Pilots Association (AOPA)
president, Phil Boyer, speculated “[w]e might be talking about $40 billion to fence every small 16
airport in this country, where in the world is that money coming from?” While a $40 billion
estimate may appear somewhat extreme and erecting fences at every airport in the country may
not be the most appropriate course of action, Boyer’s concerns highlight the ongoing challenge of
adequately funding GA security initiatives, balancing these initiatives with other homeland
security needs, and doing so in a manner that does not create an undue economic burden on the
GA industry. At the same time, the GA industry has a vested interest in implementing security
measures to adequately secure and protect airplanes from theft and vandalism. An article in a GA
trade publication noted that while the intent of tightening GA security has largely been seen as a
means to prevent terrorism, “...a more immediate benefit could be a stronger bottom line for 17
GA.”
The Aviation Security Advisory Committee (ASAC) Working Group on General Aviation Airport
Security—an industry group assembled to assist the TSA in developing security guidelines for
GA airports—concluded that “... a flexible, commonsense approach to general aviation airport 18
security is mandatory if the industry is to retain its economic vitality and prosper.” Securing
general aviation operations without incurring large costs and without imposing burdensome
restrictions on legitimate general aviation operators is likely to remain a significant challenge for
policymakers.

GA security poses significant challenges for policymakers and security experts because GA is
highly diverse, geographically dispersed, and relatively open compared to commercial airports
servicing passenger airlines and other protected infrastructure such as nuclear reactors and
chemical plants. The security threat is not so much to GA assets themselves, but rather, from
terrorists seeking to exploit GA assets to attack critical infrastructure or high-profile targets.
However, some GA assets could themselves be terrorist targets. For example, some corporate
aviation operators have expressed concern that aircraft carrying high-profile business leaders and
executives, such as presidents of major U.S. corporations, could be targeted, particularly when

15 Federal Aviation Administration. FAA Aerospace Forecasts, Fiscal Years 2005-2016. p. V-1.
16 Jim Hoffer. “Security Practically Non-Existent at Many Small Airports.
17 Robert Ross. “Keeping GA Safe and Secure. Professional Pilot, September 2005, p. 70.
18 Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security. October
1, 2003. Department of Homeland Security, Transportation Security Administration, p. 3.





operating overseas in areas where security concerns exist. Nonetheless, the primary threat
identified regarding GA, both overseas and within the United States, is the concern that aircraft
may be used by terrorists to launch an attack against critical facilities or infrastructure.
A secondary threat is that terrorists may infiltrate or otherwise exploit GA to gain knowledge
and/or access to the airspace system in the United States. It is known that some of the 9/11
hijackers trained in small GA airplanes in the United States before carrying out their attack using
commercial jets. Consequently, following 9/11, there was a specific focus, from both a law
enforcement and a policy perspective, on the security of flight schools within the United States.
The Aviation and Transportation Security Act (ATSA; P.L. 107-71) originally called on the
Department of Justice to implement a program to conduct background checks of all alien
applicants seeking flight training in the United States in aircraft weighing more than 12,500
pounds and mandated security training for flight school employees. Vision 100 (P.L. 108-176)
placed the responsibility for these flight school background checks in the hands of the TSA and
expanded the program to include a notification requirement when foreign students initiate training
in lighter aircraft weighing less than 12,500 pounds. These measures were enacted in direct
response to the perceived threat that terrorists may infiltrate flight schools in order to gain
operating knowledge of aircraft and the U.S. national airspace system.
Since September 11, 2001, policies and approaches for protecting GA aircraft and airports from
being exploited in terrorist attacks have focused on providing general guidelines and establishing
cooperative arrangements between the GA industry and the TSA for carrying out security
enhancements without imposing a rigorous statutory or regulatory framework. The GA industry
has argued that inflexible statutory or regulatory measures could impose unnecessary burdens on
certain sectors of the GA industry and could be extremely costly to carry out effectively.
Legislative actions addressing GA security have focused primarily on the vetting of foreign flight
school applicants, GA pilots, and more recently, prospective charter and lease customers.
Regulatory actions have primarily focused on airspace restrictions and protections, mostly around
the nation’s capital, in addition to addressing statutory mandates for vetting certain individuals
with access to GA airports and aircraft. Physical security of GA airports and aircraft has largely
been left to aircraft owners and pilots, airport operators, and local authorities. While aircraft
owners and pilots have generally favored this approach to avoid potentially restrictive federal
security regulations, it has created a perceived burden on airport operators and local authorities to
identify and address security needs at the airport level. The TSA has issued guidelines, largely
based on industry recommendations, but the federal involvement in terms of both regulatory
activity and funding for GA security initiatives has been relatively limited. This approach has led
the media and some policymakers and security experts to voice concerns over what they perceive
to be persisting vulnerabilities at some GA airports.

Some media reports have raised significant concerns over what has been described as “practically 19
nonexistent” security at many small general aviation (GA) airports. GA advocates have
countered that small general aviation aircraft do not pose a significant threat and point out that
many GA airports have taken reasonable steps, largely on their own initiative, to enhance

19 See, for example, Jim Hoffer. “Security Practically Nonexistent at Many Small Airports. WABC TV-New York
Eyewitness News, February 5, 2004.





security.20 However, security concerns remain and a few high-profile incidents pointing to
vulnerabilities in GA security have attracted considerable attention and raised concerns among
some policymakers and security experts.
In the first of these high-profile incidents following the terrorist attacks of September 11, 2001, a
student pilot intentionally crashed a small single-engine airplane into a skyscraper in downtown
Tampa, Florida on January 5, 2002. The pilot, described as a troubled youth, reportedly had
expressed support for Osama bin Laden and the 9/11 terrorist attacks, but acted alone and had no 21
known ties to any terrorist groups. More recently, on July 22, 2005, a small ultralight crashed
near the German parliament building and Chancellor’s office in Berlin in what was described by 22
German air traffic control officials as a suspected suicide. The crash prompted German officials
to establish a no-fly zone over central Berlin and again raised concerns in the United States over
protecting key assets from possible attacks using GA aircraft as this incident occurred just over
two months after a high-profile breach of the protected airspace around Washington, DC, by an
unauthorized single-engine airplane that prompted evacuations of the White House and the U.S. 23
Capitol.
On October 11, 2006, the accidental crash of a small single-engine plane, piloted by New York
Yankees pitcher Corey Lidle, into a New York City high-rise condominium—killing Lidle and his
flight instructor and severely injuring one building occupant—renewed post-9/11 concerns over
the safety and security of GA flights operated in closed proximity to major population centers.
Following the crash, the FAA took action by restricting aircraft access to the East River corridor,
a narrow wedge of airspace between Manhattan and Brooklyn where GA flights had been
permitted at low altitudes, mostly on the grounds of safety rather than for security reasons.
However, following the crash, some policymakers resounded their calls for enhanced security 24
measures, such as GA flight restrictions, in the vicinity of New York City.
While these various incidents have received significant attention given the focus on aviation
security following the attacks of September 11, 2001, GA aircraft have been used maliciously in
earlier incidents. Most notably, in the early morning of September 12, 1994, a suicidal individual
with a history of mental illness, reportedly despondent over personal and business problems,
intentionally crashed a stolen small single-engine airplane on the south lawn of the White 25
House. While the airplane was completely destroyed and the perpetrator was killed in the crash,
property damage was minimal and the incident posed no threat to those in the White House.
Although these events have attracted substantial media interest, such incidents are relatively rare.
While they identify real vulnerabilities in GA security, GA advocates caution that they should be
properly viewed in the broader context of risk assessment, which fully takes into account the
security threat and potential consequences to critical infrastructure posed by these aircraft as well

20 Aircraft Owners and Pilots Association. General Aviation and Homeland Security: A Security Brief by the Aircraft
Owners and Pilots Association. Frederick, MD (January 23, 2004).
21 Vickie Chachere.Police: Student pilot who crashed Cessna into Florida building inspired by bin Laden.” Associated
Press Newswires, January 7, 2002.
22 David McHugh. “Small Plane Crashes Near German Parliament. Associated Press Newswires, July 22, 2005.
23 Hugh Williamson. “Ban on Small Aircraft Flying Over Berlin.” Financial Times (London), July 25, 2005.
24 Carol Eisenberg, “FAA Bans Fixed-Wing Planes from East River,Newsday, October 14, 2006.
25 The White House Office of the Press Secretary. Press Briefing by Ron Noble, Under Secretary of the Treasury for
Enforcement and Carl Meyer, Special Agent, United States Secret Service. September 12, 1994. Robert Pear. “Crash at
the White House: The Pilot.The New York Times, September 13, 1994, p. 20.





as the nature and scope of specific vulnerabilities. First, while each of these cases highlights a
potential threat involving general aviation aircraft, it is important to note that in each of these
cases, damage caused by the aircraft was relatively limited and no injuries or deaths to persons on
the ground occurred. Second, while the incidents in Tampa and Berlin and the 1994 White House
incident point to a legitimate concern over suicidal pilots, an examination of National
Transportation Safety Board (NTSB) aviation accident data, spanning from 1962 through 2007,
revealed that suspected suicides using GA aircraft have been extremely rare, occurring at a rate of 26
less than two incidents per year. Perhaps more notably, none of these incidents resulted in any
deaths of persons on the ground.
Two widely reported thefts of GA aircraft in 2005 raised concerns among several policymakers
because they were viewed as indicators of vulnerabilities in GA operations that could be exploited
by terrorists. For example, in an incident that occurred on June 22, 2005, a 20-year-old
Connecticut man allegedly stole an aircraft from a Danbury, Connecticut, flight school and took
two teenage accomplices on a late-night “drunken, three-hour joyride” before landing on a 27
taxiway at the Westchester County, New York, airport. Later that year, on October 9, 2005, a 22-
year-old Georgia man stole a Cessna Citation VII business jet, one that he had served on as a
copilot but was not qualified or authorized to fly on his own, from the St. Augustine, Florida,
airport. The individual took his friends on a late-night joyride of more than 300 miles, landing the 28
jet at its base airport, Gwinnett County (Georgia)-Briscoe Field airport near Atlanta. This
incident raised security concerns because the jet aircraft was flown in close proximity to several
Florida and Georgia cities without raising any suspicion because aircraft operating below 18,000
feet, regardless of size or capability, typically are not required to file flight plans or establish
communications with air traffic controllers when operating under visual flight rules. While thefts
of jet aircraft are extremely rare, in another incident that occurred on December 15, 1997, an
individual with falsified FAA credentials stole a Lear Jet from the Fort Lauderdale Executive
airport in Florida and piloted the airplane to Nicaragua to use the plane for charter flight 29
operations.
Like suspected suicides using aircraft, thefts of small GA aircraft are relatively rare, and thefts of
jet aircraft are practically unheard of. The AOPA notes that, historically, only about a dozen GA
aircraft are stolen each year and recent trends suggest that owners and operators of these airplanes 30
are taking steps to reduce their vulnerability to theft. Statistics from the Aviation Crime
Prevention Institute, Inc. indicate that thefts of GA aircraft have declined considerably since 2000 31
(see Figure 2). Since the declining trend in thefts of aircraft and aircraft parts, like expensive
avionics components, was evident prior to the 9/11 terrorist attacks, it is difficult to draw any
meaningful inferences regarding the potential impact that post-9/11 security awareness and

26 CRS analysis of NTSB Aviation Accident Database and Synopses from 1962-2004 (available at http://www.ntsb.gov/
ntsb/query.asp).
27 Richard Liebson. “1 Held in Drunken Joy Ride in Cessna.The Journal News (White Plains, NY), June 23, 2005, p.
1A.
28 Mike Morris.Bufurd Man, 22, Accused of Stealing Jet.” The Atlanta Journal-Constitution, October 12, 2005.
29 U.S. Department of Justice. Marcos Daniel Jiménez, United States District Attorney for the Southern District of
Florida. “Defendant Sentenced for Transporting Stolen Lear Jet and Possession of False Identification Documents.
Press Release, January 5, 2005: Miami, FL.
30 Aircraft Owners and Pilots Association. General Aviation and Homeland Security.
31 Ibid.; Testimony of Mr. Andrew Cebula, Senior Vice President, Government and Technical Affairs, Aircraft Owners
and Pilots Association, Before the Senate Committee on Commerce, Science, and Transportation Regarding General
Aviation Security, June 9, 2005.





initiatives may have had on reducing thefts. These trends also do not necessarily indicate that GA
aircraft are now less vulnerable to theft, but rather may simply suggest that existing
vulnerabilities in GA security are less frequently exploited, perhaps because of a general
perception that security is now tighter. While airplane thefts may be rare, high-profile thefts, like
the cases cited above, provide some anecdotal evidence that individuals with knowledge of GA
airports and aircraft could exploit existing security vulnerabilities and gain access to aircraft
relatively easily, despite the increased security awareness at GA airports since the 9/11 attacks.
Figure 2. Annual Number of Aircraft Thefts and Thefts of Avionics and Parts from
Aircraft in the United States (1990-2006)
250
200
150
100
50
0
90 9 1 9 2 93 94 95 96 9 7 9 8 99 00 01 0 2 0 3 04 05 06
Aircraft Thefts41564136353624442120111513611118
Avionics, Parts Thefts2119171612131111111191817552886362
Aircraft TheftsAvionics, Parts Thefts
Source: Aviation Crime Prevention Institute, Inc. (www.acpi.org).






While none of the events discussed above has been linked to terrorism, some limited intelligence
information that has been made public suggests a continued terrorist interest in using GA aircraft
to carry out attacks both domestically and overseas. For example, a crop duster pilot in Florida
identified 9/11 suicide hijacker Mohammed Atta as an individual who had approached him in 32
early 2001 inquiring about the purchase and operation of crop duster aircraft. Similarly, U.S.
authorities presented evidence that Zacharias Moussaoui—who was arrested prior to the 9/11
attacks after raising suspicions surrounding his desire to train in large aircraft simulators and
pleaded guilty to conspiring with the 9/11 hijackers—made similar inquiries about starting a crop-
dusting company while living in Norman, Oklahoma. Evidence was also presented that
Moussaoui was in possession of a computer disk containing information regarding the aerial 33
application of pesticides. This evidence raised concerns at the Central Intelligence Agency 34
(CIA) that al Qaeda has “considered using aircraft to disseminate [biological warfare] agents.”
The CIA also suggested that, in initially planning the 9/11 attacks, one of Osama bin Laden’s
associates proposed that the World Trade Center be targeted by small aircraft packed with 35
explosives, but bin Laden himself altered the plan to use large commercial jets instead. If true,
this suggests that terrorists engaged in some deliberative process of weighing the pros and cons of
using small general aviation aircraft as compared to commercial airlines in planning the 9/11
attacks. While the terrorists favored commercial aircraft in carrying out their attack on September
11, 2001, in the post-9/11 environment, heightened security measures at commercial airports
could make GA assets considerably more attractive to terrorists than in the past. While it is
unlikely that small GA aircraft packed with conventional explosives could cause the amount of
destruction inflicted on September 11, 2001, large jet aircraft in the GA fleet or smaller aircraft
carrying chemical, biological, radiological, or nuclear (CBRN) weapons may pose a more
formidable threat.
Although no publically available intelligence on terrorist operations since September 11, 2001,
has indicated any specific threat involving GA aircraft domestically, evidence indicates that al
Qaeda has maintained a continued interest in using small aircraft to attack U.S. interests overseas.
For example, on April 29, 2003, Pakastani authorities apprehended Waleed bin Attash (a.k.a.,
Khallad, Tawfiq bin Attash), the suspected mastermind of the U.S.S. Cole bombing and a known
associate of the 9/11 hijackers, and five other suspected al Qaeda operatives in Karachi, Pakistan.
Soon after the arrests, authorities uncovered a plot to crash a small, explosives-laden airplane into
the United States consulate office in Karachi illustrating al Qaeda’s continued interest in using 36
aircraft to attack U.S. assets. The DHS subsequently issued a security advisory indicating that al
Qaeda was planning to use GA aircraft to attack warships in the Persian Gulf as well as the U.S.
Consulate in Karachi, Pakistan. While the advisory characterized these threats as a demonstrated

32 Statement for the Record of Robert S. Mueller III, Director, Federal Bureau of Investigation, Before the Joint
Intelligence Committee Investigation into September 11, U.S. Congress, June 18, 2002
33 United States of America v. Zacharias Moussaoui (Defendant). Indictment. In the U.S. District Court for the Eastern
District of Virginia, Alexandria Division. December 2001 Term.
34 U.S. Central Intelligence Agency. Terrorist CBRN: Materials and Effects.
35 U.S. Central Intelligence Agency. Unclassified Version of Director of Central Intelligence George J. Tenet’s
Testimony before the Joint Inquiry into Terrorist Attacks Against the United States, June 18, 2002.
36 Associated Press.U.S. Uncovers Al-Qaida Plot in Pakistan; The Terrorist Group Allegedly Planned to Fly an
Airplane into the American Consulate. Telrgraph-Herald (Dubuque, Iowa), May 3, 2003, p. A7.





“fixation” on using aircraft in attacks against U.S. assets, it was strongly criticized by GA
interests for being overly alarmist and overstating the potential threat posed by small GA 37
aircraft.

In examining the security risk posed by aircraft that could be utilized in suicide attacks or as
launch platforms for conventional weapons, the threat posed by general aviation aircraft is largely
a function of aircraft weight, payload capacity (including fuel capacity), and speed. Other factors
would likely play a relatively small role in the overall threat posed by particular aircraft. For
example, aircraft agility—a rough measure of its capability to maneuver and evade
countermeasures—may be considered a factor in the risk equation, albeit a relatively minor one.
A small two-seat sport aircraft might be quite agile, but its small size, relatively slow speed, and
limited payload capacity may significantly limit the threat posed by such an aircraft. GA interests 38
point out that most GA aircraft are capable of carrying less payload than a typical light car. For
example, both the Cessna 172 and Piper Warrior—very popular single-engine aircraft—have
maximum takeoff weights of less than 2,500 pounds and useful payloads (including fuel and 39
occupants) of less than 1,000 pounds. By contrast, the truck bomb used in the April 19, 1995,
Oklahoma City bombing was believed to have contained about 5,000 pounds of improvised
explosives and the truck bomb involved in the February 26, 1993 bombing at the World Trade
Center in New York City was believed to contain a 1,300 pound device. While these events
involved unusually large explosive devices, typical light GA aircraft would only be able to carry a
device a small fraction of this size. Thus, at least with regard to being used as a platform for
conventional explosives, the threat posed by light GA aircraft is relatively small compared to 40
trucks which have significantly larger payload capacities.
However, as ground based security measures such as setbacks, barriers, and access controls are
implemented around critical infrastructure, terrorists may view GA aircraft as a possible means to
circumvent these defenses. While many forms of ground transportation, especially trucks, can
accommodate significantly larger payloads than almost all GA aircraft, some observers fear that
aircraft may be used in a terrorist attack because they cannot be as easily thwarted by blockades,
barriers, or other physical security measures. Nonetheless, executing an attack that involves
loading a GA aircraft with a large quantity of explosives may be difficult without raising some
suspicion at the airport, at least domestically where airport operators and pilots have been
instructed to be vigilant for such unusual activities.
While the threat posed by light GA aircraft carrying conventional explosives is limited by the size
and speed of these aircraft, some experts argue that small aircraft may pose a significant threat if
used as a platform to launch a chemical, biological, radiological, or nuclear (CBRN) attack over a
densely populated area. In these cases, payload capacity and speed may not be considered as

37 Ibid.
38 Aircraft Owners and Pilots Association. General Aviation and Homeland Security: A Security Brief by the Aircraft
Owners and Pilots Association. (January 23, 2004, Frederick, MD).
39 Based on information from Cessna Aircraft Company, Information Manual: Skyhawk Model 172P, May 12, 1981,
and Piper Aircraft Corporation, Piper Warrior II Information Manual, Revised September 12, 1990.
40 While weight is not the only consideration in evaluating explosive force, it is meaningful for comparing the potential
threat posed by aircraft and vehicles that differ in terms of their payload capacity.





significant components of the risk equation. Rather, with regard to the CBRN threat, the most
significant element associated with small GA aircraft appears to be their unique capability to fly
at relatively low altitudes above densely populated areas and large congregations of people on the
ground. In fact, the slow speed of these smaller aircraft and the ease at which doors and windows
on non-pressurized airplanes and helicopters can be operated in flight may actually pose a greater
threat from certain types of attacks, such as chemical and biological attacks, as compared to
larger, faster aircraft. Agricultural aircraft used for spraying crops with pesticides and fertilizers
pose a unique threat as a platform for a biological or chemical attack because they are specifically
designed for aerial dispersal and could be exploited by terrorists for this specific purpose.
However, the chemical and biological threat using GA aircraft may not be as ominous as some
casual observers may fear. First, many chemical agents must be released in rather high
concentrations. Some, such as cyanides, may only be effective as a chemical weapon if dispensed 41
in an enclosed area therefore greatly limiting the threat of aerial dispersion. While other
chemical agents—such as caustic mustard agents and military nerve agents—may be effective in
open air settings, the limited payload of small GA aircraft may limit the scope of an aerial attack
using such agents. Second, aerial dispersion of either a chemical or biological agent over
populated areas or large congregations of individuals is likely to be easily detected. If a suspected
aerial dispersion of a chemical or biological agent is promptly reported, a timely public health
response could significantly limit the impact of such an attack. In general, experts believe that if
any chemical or biological attack were to occur—whether using a small airplane or some other
method to attack—it would likely be on a small scale physically, but nonetheless, it may have a 42
large psychological impact on the population.
More specifically, in terms of using small GA aircraft to carry out such an attack, the greatest
threat appears to be to large, open-air assemblies such as major outdoor sporting events and
concerts. In fact, one of several homeland security planning scenarios—developed by the White
House Homeland Security Council in partnership with the DHS—describes the potential effects
of an adversary using a light aircraft to spray a chemical blister agent into a packed college 43
football stadium holding 100,000 people. The scenario’s predicted impact includes 70,000
hospitalizations due to exposure, including many permanent impairments and 150 deaths, but
notes that expedient decontamination could reduce injuries by one half. This would likely be a
worst case scenario in which an extremely large assembly of people could potentially be
victimized. Even in densely populated areas, this degree of impact from an aerial attack not
specifically targeting a large outdoor assembly is unlikely because it might be expected that many
individuals would be indoors or adequately protected by buildings and other structures.
Nonetheless, while such an attack may be limited in terms of its physical impact, it may cause
widespread fear and panic.
By comparison, the threat from radiological and nuclear devices appears to be much greater in
terms of the potential for mass casualties and physical destruction. A small-scale explosive
radiological dispersal device—a so-called “dirty-bomb”—could easily fit inside a suitcase or a

41 U.S. Central Intelligence Agency. Terrorist CBRN.
42 See CRS Report RL31831, Terrorist Motivations for Chemical and Biological Weapons Use: Placing the Threat in
Context, by Audrey Kurth Cronin.
43 White House Homeland Security Council, David Howe, Senior Director for Response and Planning. Planning
Scenarios: Executive Summaries (July 2004, Version 2.0).





backpack,44 and a pilot carrying such a device onto a small airplane may not arouse any particular
suspicion at an airport. However, the threat from such devices is not unique to GA aircraft as
these devices could reach their intended target by other means, including being carried in a small
car or even being carried by a pedestrian. Most experts concede that, once in the hands of
terrorists, it may be difficult to stop an attack with a radiological or nuclear device because many
options are available to deliver the weapon to its intended target. Using GA aircraft is one of
many means for launching such an attack. However, there is no reason to believe that GA aircraft
are any more appealing to terrorists nor any more vulnerable than other possible methods to carry
out such an attack.
Concerns have also been raised over the potential threat that an aircraft attack may pose to a
nuclear power plant, a chemical plant, or other potentially vulnerable infrastructure where a
terrorist attack could inflict widespread damage and mass casualties. A review of security
measures at nuclear reactors prepared by the office of Representative Markey identified several
perceived vulnerabilities at nuclear reactor sites suggesting that these facilities may be vulnerable
to 9/11-style attacks using general aviation aircraft. Based on information provided by the
Nuclear Regulatory Commission, Representative Markey’s office issued a report on nuclear
reactor security that included an assessment of the vulnerability of these facilities to an attack by 45
aircraft. The report noted that while 21 out of 103 reactors in the United States are located
within 5 miles of an airport, 96% of U.S. nuclear reactors did not factor the impact from even a
small aircraft into their design. Four reactors were evaluated during their design to consider
impacts from aircraft weighing up to 12,500 pounds which would include most GA aircraft
except for business jets and large twin engine aircraft. Three Mile Island in Pennsylvania was
cited as the only facility where portions were designed to withstand the impact of large airliners
in addition to smaller aircraft. In contrast, the report noted that some European countries,
including Switzerland and Germany in particular, incorporate safety features such as reinforced
concrete walls and spatial separation of critical safety systems to withstand the crash of certain
types of military and commercial aircraft.
Other examinations of the potential threat to nuclear facilities from aircraft have focused on
perceived vulnerabilities of spent-fuel pools used to cool expended nuclear fuel. However, power
companies maintain that a study modeling the impact of an aircraft crash into a spent-fuel pool
wall concluded that while such a scenario could crush or crack the wall, it would not likely cause 46
a release of radiation.
A report prepared for the AOPA by Robert Jefferson, a nuclear reactor safety consultant,
concluded that the threat to nuclear reactors from small general aviation aircraft is “practically
non-existent” and “...it is unlikely that a terrorist would choose a light general aviation vehicle to 47
threaten a nuclear power plant.” Jefferson’s analysis concluded that even the impact of an
airliner like those used in the 9/11 attacks would, in all likelihood, be unable to penetrate the outer
containment vessel and argued that the analysis referenced by Representative Markey

44 U.S. Central Intelligence Agency. Terrorist CBRN.
45 Staff Summary of Responses by the Nuclear Regulatory Commission to Correspondence from Rep. Edward J.
Markey (D-MA), Member, Energy and Commerce Committee, U.S. House of Representatives. Security Gap: A Hard
Look At the Soft Spots in Our Civilian Nuclear Reactor Security. March 25, 2002.
46 Gary Stoller. “Nuclear Plants near Airports May Be at Risk. USA Today, June 10, 2003.
47 Robert M. Jefferson. Nuclear Safety: General Aviation Is Not a Threat (May 16, 2002), p. 4 and p. 1. Available from
Aircraft Owners and Pilots Association, Frederick, MD.





significantly overstates the risk potential and “...overlooks the fact that by their very design, 48
nuclear power plants are inherently resistant to [airborne attacks].” The report also concluded
that the proximity of nuclear reactors to GA airports does not increase the exposure of these
facilities to terrorist threats.
Although the specific threat posed to nuclear facilities by GA aircraft remains a contentious issue,
the FAA has kept in force restrictions on circling, loitering, or otherwise flying in a suspicious
manner around nuclear facilities. Arguably, these measures would provide little deterrent against
a well-planned terrorist attack. However, they highlight the continued concern over possible
airborne threats to nuclear facilities, whatever the true risk may be. More elaborate measures to
protect nuclear facilities, such as implementing anti-aircraft defense capabilities around nuclear
facilities, are wrought with operational and policy complexities including high costs, questionable
effectiveness, and a potentially high risk of shooting down an errant GA pilot who meant no
harm.
While light GA aircraft appear to pose a relatively limited threat by themselves in terms of
physically damaging critical infrastructure, larger GA aircraft pose a potentially more formidable
threat. Due to the size and speed of some of these aircraft, particularly mid-sized and large
business jets, they could inflict significant damage to buildings and critical infrastructure if used
in a suicide attack. These aircraft have significantly larger payload and fuel capacities which
would have a direct bearing on the degree of physical damage they could cause to buildings and
infrastructure. Thus, in terms of both assessing risk and identifying options for mitigating the
security risk posed by GA, the distinction between small GA aircraft that make up the large
majority of the fleet and larger business jets has important implications. While small aircraft
appear to pose a greater threat as possible platforms for chemical or biological attacks, large
business jets appear to pose more of a threat from being exploited in a suicide attack scenario
similar to the September 11, 2001, attacks using commercial airliners. Because the various sectors
of GA appear to pose distinct threats, risk mitigation strategies arguably should be tailored to
some degree to address the specific security threats posed by different sectors of the GA industry
as well as the specific nature of potential security vulnerabilities that also vary across different
types of aircraft and flight operations.


A variety of options exist for mitigating security risks posed by GA aircraft and flight operations,
many of which have been implemented or are currently under development or consideration. As
previously discussed, the selection of mitigation options may need to be tailored to specific
vulnerabilities and threats of different sectors of the GA industry which may differ significantly in
their degree and scope. While a wide range of options is available, many of the more extensive
and costly options for providing security may not be economically feasible, practical, or
necessary at smaller GA airports away from major population centers. Several available options
center on traditional security techniques to improve access controls and surveillance around GA
facilities and better protect aircraft against theft and unauthorized use. Additional options include
procedures for vetting individuals with authorized access to aircraft and aviation facilities, and

48 Ibid, p. 1.





procedures for clearing passengers. Another possible option for enhancing GA security would be
to address law enforcement and homeland security response to suspicious activities and improved
intelligence tracking of such incidents to identify patterns indicative of possible terrorist activity.
Finally, in terms of adopting a layered security system to augment measures put in place at
airports, airspace restrictions and defenses may be considered to protect high-profile sites and
critical infrastructure from the threat of aerial attacks.
Costs, in terms of direct implementation and oversight costs as well as the indirect costs related to
disruption of air commerce and freedom of movement, are likely to be important considerations
in assessing the utility and feasibility of implementing specific options to enhance GA security.
For example, implementing broadly applied security requirements for all GA airports may impose
significant cost challenges, particularly to small, rural airports where the need for such measures
may be questionable. Also, airspace restrictions tend to be highly contentious because while they
directly impact air commerce and the freedom of movement, they are viewed by some experts as
being of questionable value in preventing a terrorist attack unless coupled with elaborate air
defense capabilities. Deploying air defense capabilities on a large scale to protect against possible
aircraft attacks carries a relatively high cost and involves extensive commitments of resources
and collaboration between the FAA, the DHS and the Department of Defense (DoD). The costs
and benefits associated with various mitigation options can be analyzed in a risk analysis
framework—examining the threat and vulnerability of specific sectors of the GA industry as well
as the potential consequences of various attack scenarios exploiting general aviation—to better
understand the tradeoffs between various options.
Because of the diversity of GA airports, aircraft, and flight operations, and the varied threats and
vulnerabilities posed by different sectors of the GA industry, a logical starting point in mitigating
security risk would be to perform systematic risk analyses or security risk assessments examining
specific components of GA. The FY2006 Department of Homeland Security Appropriations Act
(P.L. 109-90) required the DHS to examine the vulnerability of high-risk areas and facilities to
possible attack from GA aircraft. This mandate focused on the specific vulnerability of critical
infrastructure to attack, which relates more closely to the threat to critical infrastructure and other
significant sites posed by GA aircraft as discussed in this report. In this report vulnerability has
referred instead to the specific weaknesses in security measures to protect GA airports and aircraft
that could be exploited to gain unauthorized access to facilities and aircraft. A comprehensive risk
assessment and risk mitigation strategy would likely take into account both the threat and
vulnerability associated with GA operations as well as the potential cost of consequences
associated with possible terrorist attack scenarios.
Experts acknowledge that various security threats and vulnerabilities to GA exist. An analysis of
GA security by the International Civil Aviation Organization (ICAO) concluded that “[t]he
challenge of designing general aviation security measures focuses on the need to thoroughly
define the threat. Before security standards can be developed, there must be a clear picture of the 49
problem.” Security risk can be viewed as a function of: (1) the threat or threats posed by a
specific type of flight operation or activity measured in terms that attempt to quantify the
probability of various terrorist attack scenarios; (2) the vulnerability or susceptibility of existing

49 Donald Spurston. “Security Requirement for GA Operations Should be Based on Threat Assessment.” ICAO
Journal, Number 8, 2002, p. 18.





security weaknesses measured in probabilistic terms reflecting the likelihood that they could be
exploited by terrorists; and (3) the possible consequences measured in terms of predicted damage
or associated cost. Using this risk analysis framework, the relative effectiveness of mitigation
options can be evaluated in terms of how specific security enhancements might reduce
vulnerability and how resources could be allocated in a manner to mitigate threats based on their
likelihood and their potential consequences. The anticipated risk reduction can then be compared
to expected costs in an attempt to determine the most cost effective strategies for enhancing GA
security.
For passenger airline operations, a layered approach to aviation security has been implemented.
This layered system includes passenger name checks against watch lists, passenger and baggage
screening, access controls at airports, hardened cockpit doors, and armed air marshals and pilots
on passenger airlines. The layered approach has a unique advantage in reducing vulnerability by
adding additional safeguards to foil terrorists, thereby greatly reducing the overall vulnerability of
the entire system. In probabilistic terms, the vulnerability of the entire security system is the
combined or joint probability that each individual layer could be breached or circumvented. Thus,
while the threat of terrorism still exists, most experts would agree that, in the case of passenger
airlines, the risk of terrorism has been significantly mitigated by greatly reducing the vulnerability
that security weaknesses could be exploited by terrorists through the implementation of a
multilayered security system.
One challenge often cited and already noted in this report is the diversity of GA airports. In many
respects, the characteristics of GA airports are much more diverse than those of commercial
passenger airports. Yet recognition of this diversity is not always acknowledged in discussions of
GA security risk. In contrast, commercial passenger airports are stratified in a tiered system based
on their security needs: commercial airports are placed into one of five categories (Category X, I,
II, III, IV) based on factors such as the volume of passengers, the level of international
operations, and the proximity to critical assets and locations like Washington, DC. A similar
model could be adopted to categorize GA airports based on their security risks and the particular
security needs of certain classes of GA airports, or in some cases for specific operators of large
fleets of GA aircraft. Toward this goal, the TSA provided, as part of its security guidelines for GA
airports, an airport characteristics measurement tool whereby airports are scored based on a
variety of factors, including their proximity to metropolitan areas and sensitive sites; surrounding
airspace; the number of based aircraft; runway lengths; the numbers and types of flight 50
operations; and the presence of maintenance, repair, and overhaul (MRO) facilities. Using this
tool, airports are scored on a scale ranging from zero to 64. Based on the scoring, airports will fall
within one of four bands, and the TSA has provided suggested security enhancements for each of
the four bands. However, because use of this assessment tool is voluntary, and because the
process is relatively generic and does not consider site-specific factors, it provides only a
rudimentary risk assessment tool and process for GA airport operators.
While the requirement established under the FY2006 Department of Homeland Security
Appropriations Act (P.L. 109-90) mandated a broad examination of the security threat posed by
GA, more detailed security risk assessments can be done either at the airport level or, for some
larger operators such as large corporate and fractional-ownership fleets, at the operator level.
Subsequently, the Implementing the 9/11 Commission Recommendations Act (P.L. 110-53) has

50 Transportation Security Administration. Security Guidelines for General Aviation Airports. Information Publication
A-001, May 2004.





included a requirement for the TSA to develop and implement a standardized threat and
vulnerability assessment program for general aviation airports, and implement that assessment
program “on a risk-managed basis” at GA airports. Also, the act requires the TSA to complete a
feasibility study to assess the concept of providing grants to GA airport operators, based on a risk-
managed approach, for security enhancements. If deemed feasible, the bill authorizes the
implementation of such a grant program.
Due to the diversity of GA airports and the kinds of operations that they accommodate, the risk
picture is likely to vary widely. For example, some small airports in Midwestern and mountain
states might have few security measures in place and therefore may be considered vulnerable.
However because of their remote location—away from major population centers—these airports
may pose little threat. On closer examination, it may be found that such airports may not be
particularly vulnerable to terrorist infiltration based on several factors. For example, a remote
location away from any high-profile sites or densely populated areas might not be particularly
attractive to terrorists, and the close-knit community of airport users in small, rural communities
may be more likely to spot outsiders and detect suspicious activity. On the other hand, a busy GA
reliever airport near a major metropolitan airport may pose a greater risk. Even if such an airport
has implemented various security measures to mitigate risk, it may still be regarded as more
vulnerable than a rural airport because terrorists may be able to more easily blend in with large
numbers of individuals accessing the airfield, and while certain access control measures may be
in place, they may not be adequate for preventing motivated terrorists from circumventing these
measures or exploiting weaknesses in access controls.
The TSA’s approach to risk assessment to meet the sector-specific security plans called for in
Homeland Security Presidential Directive(HSPD)-7: Critical Infrastructure Identification,
Prioritization, and Protection includes the development of a Vulnerability Information Self
Assessment Test (VISAT) for GA airports. VISAT programs have already been developed for
other transportation infrastructure including maritime, rail, bridges, and mass transit, and others 51
are under development for other transportation sectors including rail and trucking HAZMAT.
The GA VISAT is designed to be a self-guided, computer-based assessment tool designed to
assess risk and mitigation at GA airports. However, this TSA approach to assessing security risk
at GA airports has been criticized over its lack of understanding and differentiation of GA from
the air carrier environment and its extensive reliance on standards developed for nuclear power 52
plant security that do not adequately address the public access needs of GA airports. Critics
have argued that the TSA should instead, incorporate more updated threat and risk management 53
standards developed by FEMA that more fully address public access needs. While some of these
recommendations may be incorporated into the final assessment tool issued by the TSA to assess
security risk at GA airports, a comprehensive, standardized tool to perform detailed analyses of
security risks in the GA sector does not currently exist. Many experts believe that such a tool
could be extremely beneficial for identifying risks and designing security programs for specific
airports or specific categories of GA airports.
More detailed security risk assessments can be carried out at the airport level or, for some larger
operators, such as large corporate and fractional-ownership fleets, at the operator level. Among

51 Transportation Security Administration. DHS-Vulnerability Identification Self-Assessment Tool (VISAT).
52 Robert Olislagers. “General Aviation Security: The Ups & Downs of Threat Management.” Airport Magazine,
May/June 2005, pp. 59-61.
53 Ibid.





state initiatives aimed at improving general aviation security at the airport level, several aviation
security experts and members of the GA community have praised the Commonwealth of
Virginia’s approach. The Virginia Department of Aviation, relying on an Aviation Security
Advisory Committee (ASAC) comprised of various aviation agencies and associations, developed
a voluntary program for general aviation airports that provides incentives for capital investment
to those airports that complete security “self-audits” on annual basis and undergo Virginia State
Police audits of security every three years. The audits focus on access controls, maintenance and
upkeep of security aspects of the airport property, and surveillance capabilities and weaknesses at
the airport. Key strengths of the program highlighted by its supporters include the fact that it is a
voluntary, incentive-based program, that it is proactive in its approach, and that it fosters a
cooperative partnership between airports and law enforcement that may prove beneficial in 54
responding to security incidents at the airport. Various other states, such as Massachusetts and
Ohio, either mandate that all GA airports carry out security audits and/or develop a formal 55
security plan or require such actions for an airport to be eligible for state funding.
Based on detailed analyses, cost-effective security programs that address the specific degree and
nature of risk at specific airports can be designed and implemented. Various combinations of
security measures are available and can be tailored for airport-specific or operator-specific
security plans. These include various approaches to: surveillance and monitoring; airport access
controls; and physical security measures to protect aircraft. These specific security systems
implemented by airports and operators may be augmented by broader initiatives such as the
vetting of GA pilots and airport workers at the federal level and establishing specific procedures
and defenses to protect airspace near critical locations such as key federal facilities in
Washington, DC. In the following discussion, these various approaches and the challenges
associated with applying them to GA security are analyzed in further detail.
Surveillance and monitoring of GA operations are a challenge. Of the 5,286 public use landing
facilities in the United States, only about 500 have operating control towers and most of these are
located at airports with regularly scheduled commercial service. Only the busiest airports that
cater exclusively to GA aircraft have operating control towers. These airports usually are
geographically large and congested making surveillance for security purposes from the tower
difficult. What’s more, even at the limited number of GA airports with operating control towers,
most towers are not operated on a continuous basis and close during late night and early morning
hours. Further, even during times of operation, the security role of staffed control towers is
unclear. During operating hours, controllers remain busy performing air traffic separation and
control functions, making it difficult for them to spot unusual activity or detect unauthorized
aircraft usage unless suspicions are raised by unusual requests, improper phraseology, or
procedural violations. Therefore, the mere presence of an operating control tower appears to
provide little additional security to a GA airfield.
Smaller GA airports, most of which do not have operating control towers, are usually not attended
by airport management or fixed-base operators (FBOs) on the field 24 hours a day. Depending on

54 Craig Williams, General Aviation Safety and Security Practices: A Synthesis of Airport Practice, Airport
Cooperative Research Program, ACRP, Synthesis 3, Washington, DC: Transportation Research Board of the National
Academies, 2007.
55 Ibid.





the frequency of traffic, an airport may be attended only during daylight hours, or sometimes
during limited evening hours. Aircraft may still use many of these airports during late night and
early morning hours as runway lights can be controlled from the cockpit using onboard radios.
Airport access controls and surveillance during these unattended hours presents a unique
challenge to airport operators. On the one hand, accessability is important to meet the needs of air
commerce by allowing operations such as late night arrivals and departures for business trips and
overnight cargo delivery to small communities. Furthermore, maintaining airport accessibility at
night provides a critical safety function allowing pilots sufficient alternate landing sites if
required to deviate for weather or mechanical reasons. Providing adequate site security for GA
airports while allowing airport access for these purposes, including access for transient aircraft,
presents a daunting challenge.
Full time security is a costly option for many small airports. Remote sensing and surveillance
using cameras and motion sensors, for example, may offer a somewhat more cost effective
alternative, but requires close coordination with local security forces and law enforcement to
respond to suspected threats or security breaches. Uncertainty and high false alarm rates in
detection systems can drive up costs associated with security response and can lead to
complacency that may limit the effectiveness of these systems. However, these remotely
monitored security systems provide an alternative to security monitoring for many airport sites
where full time on-site security is cost prohibitive. At least one vendor provides tailored security
packages, integrating alarms, cameras, entry and access controls, fencing, lighting, motion 56
detectors, and acoustic sensors. A key element of these types of integrated security systems is
their monitoring capabilities, including remote internet-based monitoring of cameras and other
intrusion detection devices, and the capability to tie into local law enforcement networks for
coordinated response. However, these integrated systems can be quite costly to install, maintain,
and operate. Consequently, the GA community, in coordination with the TSA, has applied a long-
established method of providing security and surveillance in residential neighborhoods—the
neighborhood watch concept—to GA airports throughout the United States.
To enhance surveillance at airports, the TSA, in cooperation with the AOPA and the National 57
Response Center, launched an airport watch program at GA airports in December 2002. The
airport watch program is similar to a neighborhood watch program and relies on the cooperation
and participation of pilots, airport tenants, and airport workers to observe and report suspicious
activity. Educational and training materials have been made available to these individuals to
increase their awareness regarding potentially suspicious activity, and a hotline—1-866-GA-
SECURE—has been set up to log reports of suspicious activity. Under the program, instructional
materials advise observers to call local law enforcement using 911 if they believe the situation
potentially poses an immediate threat.
Since its inception, the Airport Watch program has been credited with alerting authorities to
suspicious activities at GA airports on several occasions. For example, the AOPA cited one
peculiar incident as a demonstration of the effectiveness of the airport watch concept. In August
2004, two men of “Middle Eastern appearance” presented themselves at an airport near St. Louis

56 Robert Ross.Keeping GA Safe.”
57 Transportation Security Administration.General Aviation—Hotline.”





offering cash to charter a helicopter and presenting driver’s licenses from two different states as
identification. The charter operator also noted that the men were driving a vehicle registered in a
third state and observed the men removing “odd shaped luggage” from that vehicle in preparation
for the flight. Based on these observations, the charter operator stalled the suspicious individuals
and notified the FBI and local law enforcement who responded and arrested the two individuals.
The suspicious characters turned out to be reporters on assignment to demonstrate how easily 58
terrorists could hijack a helicopter. The AOPA noted several other successes of the Airport
Watch program including the capture of a suspected con man in Kansas who attempted to rent
aircraft at several facilities, and several cases of suspicious inquiries regarding aircraft rentals,
charter flights, flight instruction, and use of hangar storage space. These incidents all resulted in
responses by federal law enforcement authorities, although none have been specifically linked to 59
terrorism.
Despite the benefits and successes of the Airport Watch Program, which have been achieved at a
relatively low cost, there are several challenges to implementing a successful watch program. A
major limitation of the Airport Watch Program is that it may be difficult—especially for untrained
observers—to distinguish suspicious behavior from normal activities. Past terrorist attacks have
indicated that terrorists are likely to use methods that avoid arousing suspicion. In essence,
terrorists have in the past hid in plain sight and may be likely to do so in the future.
In the case of general aviation, the all too obvious example of a clandestine rendezvous where
cargo is loaded from a suspicious vehicle onto a small aircraft at a remote area of the airport may
likely be regarded as too risky by terrorist groups to attempt. Rather, terrorists may try to blend in
as well as possible. This could lead to two undesired consequences: high false alarm rates and
possible racial and ethnic profiling by well-intentioned pilots and airport tenants. High false alarm
rates could place a strain on local law enforcement, especially in rural areas and small
communities where law enforcement support is limited. Other limitations to these types of
programs are that the response time of local law enforcement is often slow, and local law
enforcement—especially in small, rural communities—may not be adequately integrated with
homeland security systems to receive a timely notification when an incident is reported, although
observers are specifically instructed to dial 911 if they believe the situation poses an immediate
threat. Another difficulty is that local law enforcement may become complacent if a large number
of false alarms are reported at local airports. Despite these obvious limitations, Airport Watch is
regarded by many as a model program in the sense that it raises awareness and provides a
relatively inexpensive means of providing surveillance. The program could potentially be
improved by providing more detailed information and training to pilots, airport tenants, and
airport workers in observational techniques—such as behavioral pattern recognition—to improve
the quality of information provided to the Airport Watch hotline or relayed through other
notification channels.
One challenge in implementing an Airport Watch Program is that it is highly dependent on the
observations and reporting of untrained individuals. This difficulty is compounded by the fact that
suspicious terrorist activities may not appear out of the ordinary to the casual observer. While

58 Aircraft Owners and Pilots Association. Proof AOPA Airport Watch Concept Works. August 12, 2004. Frederick,
MD: AOPA.
59 See Testimony of Mr. Andrew Cebula.





convicted terrorist Zacharias Mossaoui’s peculiar inquiries about flying large jet aircraft and his
obvious lack of qualifications to seek such training did raise suspicions at the flight school where
he sought advanced jet training, terrorist behavior patterns are likely to be much more subtle.
None of the 9/11 terrorist pilots nor Mossaoui attracted similar attention during their initial
training in small GA aircraft. Qualified pilots seeking to rent light aircraft also may attract little
attention and a pilot loading a small single-engine airplane with dangerous chemicals or
biological agents may look no different than a pilot loading his personal effects on board for a
weekend getaway. While single incidents like this typically arouse little suspicion, aggregate
behavior that might appear somewhat odd or suspicious could collectively signal possible terrorist
or criminal activity.
An additional downside of programs like the Airport Watch Program is that they could result in
unintended racial or ethnic profiling by well-intentioned observers. For example, would the
individuals in the St. Louis incident cited by AOPA have raised similar suspicions if they were not
of “Middle Eastern appearance?” Besides the potential for falsely targeting individuals in certain
racial and ethnic groups, there is also the danger that, conversely, untrained observers may not
notice suspicious behavior patterns exhibited by other individuals. Intelligence sources suspect
that al Qaeda is seeking to recruit non-Middle Eastern individuals for the very reason that they
may be less likely to raise suspicions. More specific guidance and training to airport workers,
tenants, and pilots could improve the effectiveness of the Airport Watch Program and other
surveillance operations.
A possible solution to overcome some of these limitations involves the implementation of
behavioral pattern recognition techniques. As described in a commentary on GA security,
behavioral pattern recognition was highlighted as being “... designed to maximize detection while 60
minimizing, if not eliminating, issues of civil liberties.” Behavioral pattern recognition—which
is in use at airports worldwide and has been highlighted in numerous profiles of Israel’s El Al
airlines’ pre-boarding security screening—examines deviations from normative behavioral
patterns. It has been suggested that behavioral pattern recognition could be applied in the GA
environment by providing specific training to maintenance and line workers, for example, making
them an integral part of an airport’s security network rather than having a small number of 61
employees responsible for security.
One challenge in behavioral pattern recognition is that single events may not stand out, but
aggregate samples of slightly unusual activity may provide telltale signs of preparations for
launching a terrorist attack. However, assimilating and correctly interpreting this data remains a 62
significant challenge. For this reason, a “reporting tree” is recommended for guiding decisions
about responding to suspicious behavioral patterns. The “reporting tree” concept is integrated into
the TSA’s security training for flight schools, which is a required security training element for
flight school employees under Title 49, Code of Federal Regulations, §1552.21 et seq., but has
not yet been expanded to other aspects of GA security. A reporting tree might include notifying a
supervisor, such as a chief flight instructor or flight school manager, about strange inquires or
behaviors exhibited by a student pilot, and escalating this information up the reporting tree to law
enforcement or federal officials only if the behavior is repeatedly demonstrated and, in aggregate,
raises enough concern that it warrants further action. In this manner, the Airport Watch program,

60 Robert Olislagers. “General Aviation Security,” p. 61.
61 Ibid.
62 Ibid.





in coordination with specific training and guidance in techniques such as behavioral pattern
recognition and the use of reporting trees, has the potential to contribute to the intelligence
gathering function at a relatively low cost by enlisting the support of a broad segment of the GA
community.
Controlling access to general aviation airports is a significant challenge for many reasons. First,
as already discussed, few general aviation airports are continuously attended or monitored, and
doing so is likely to be costly and resource intensive. Second, general aviation airports support a
wide variety of operations and consequently must provide extensive access to airports, aircraft,
and facilities to support and sustain these varied operations, including late night cargo operations,
training flights, and maintaining adequate numbers of landing facilities that are continuously
available for safety in the case of diversions due to weather or mechanical difficulties.
Providing airport access for transient operators also presents a unique security challenge for GA
airports, especially during hours when the facility is not attended. However, restricting airports
from transient access has significant consequences both for air commerce and for safety. For
example, restricting access after hours may impede air commerce and business, especially in
remote areas that rely significantly on the presence of a GA airport. Professionals who use GA
aircraft to conduct business in these areas may be reluctant to do so if they run the risk of being
denied access to the airport because of a late running business meeting that extends beyond the
operating hours of the airport, for example. Also, for safety reasons, sufficient numbers of GA
airports need to remain accessible, at least for landing aircraft, to provide suitable alternate
airports in case of emergency or diversion due to weather.
Supporting airport access during non-attended hours poses significant security challenges. Access
control measures must adequately accommodate transient users or the airport runs the risk of
becoming inaccessible to certain users. Various options exist for providing both local and
transient operators with adequate access to the flight line. For example, at airports implementing
access controls to aircraft storage and operations areas, keypad locks can be installed to control
access to flight lines. Codes could be provided to transient operators in case they need to access
aircraft after hours and could be changed frequently to prevent unauthorized access. Alternatively,
more sophisticated access controls can be implemented using key code or card reader systems
where transient operators are provided with codes or cards that expire and cannot be used after a
certain period.
Display of identification badges in aircraft operations areas may also improve security by
identifying those individuals with authorized access to these areas. This can alert observers and
security personnel to possible unauthorized access. TSA security guidelines for GA airports
suggest that airport identification credentials include features such as a photograph showing a full
face image, the holder’s full name, the airport name, employer information, a unique
identification number, the scope of access and movement privileges through easily interpretable 63
means such as color-coding, and a clear expiration date.

63 Transportation Security Administration. Security Guidelines for General Aviation Airports.





Pilots, for whom access privileges at multiple airports are needed, require a standardized
identification that is easily recognizable at all airport facilities. Presently, FAA certificates do not
contain photographs of the certificate holder. However, current regulations require pilots to carry
government-issued photo identification, such as a driver’s licence, and present that identification
along with their pilot credentials upon the request of a law enforcement officer or federal official.
ATSA (P.L. 107-71) directed the FAA to study ways to improve pilots’ licenses such as including
photos. While the FAA, in response, has taken steps to make newly issued pilot certificates more
tamper-resistant and more difficult to forge, many pilots still carry older style paper certificates
that can be easily forged. The Intelligence Reform and Terrorism Prevention Act of 2004 (P.L.
108-458, Sec. 4022) requires the FAA to begin issuing improved pilot certificates that include a
photograph of the holder and have the capability to accommodate a digital photograph, a
biometric identifier, and any other unique identifiers that the FAA may determine to be necessary.
While specific plans for issuance of the new pilot certificates with photographs have not yet been
announced by the FAA, statutory language provides for the use of designees such as designated
pilot medical examiners to issue these new licenses in an effort to “minimize the burdens on 64
pilots.” Advocates for GA pilots have pushed for the use of designated aviation medical
examiners for issuance of the new certificates, noting that forcing pilots, particularly pilots in
rural areas, to travel to an FAA flight standards district office would be, in their opinion, an 65
unacceptable burden.
While these new pilot credentials must include the capability to store biometric information, the
use of biometrics for identification purposes and access controls in the GA environment
introduces many complex technical and policy questions. Implementing biometric access controls
at GA airports may be feasible in some cases, but presents significant challenges because of the
need to obtain and encode biometric information for transient operators as well as those local
tenants, pilots, operators, and airport workers who are authorized to have unescorted access to the 66
flight line. While biometrics have distinct advantages in terms of logging and tracking access to
restricted areas, privacy issues, cost, and logistics may make them difficult to implement
effectively in the GA airport environment. However, biometrics may play a more significant role
at the GA operator level of security where they could be implemented to control access to
operator facilities such as aircraft storage and maintenance hangars. Biometrics may also be used
on more limited sets of individuals and integrated into ID card access systems for local aircraft
owners, operators, pilots and airport workers. Doing so may allow security efforts to focus more
directly on those individuals at an airport that pose more of an unknown threat, such as charter
passengers not known to their flight crews and other airport visitors.
Because GA airports must maintain a level of reasonable accessibility to facilitate the freedom of
movement by air and air commerce, surveillance, access controls, and physical security measures
to protect aircraft and facilities, if needed, must be designed to accommodate a diverse set of
legitimate airfield uses. For this reason, implementing access controls and physical security on
par with commercial passenger airports is likely to be unrealistic. However, conducting

64 P.L. 108-458, Sec. 4022.
65 Aircraft Owners and Pilots Association. Pilot ID Process Needs to be Convenient, Inexpensive, AOPA Reminds the
FAA. Frederick, MD, July 8, 2005.
66 In this context, the flight line refers generally to those areas of an airport where aircraft are accessible including
hangars, tie-down areas, and ramps (aprons).





background checks and vetting individuals who routinely access GA airports is seen as a possible
technique for assessing potential threats and also as a possible means to focus security resources
on conducting surveillance and applying access control measures on visitors who are of an
unknown risk.
Vetting of transportation workers and others who routinely access transportation facilities has
been a cornerstone of several statutorily mandated projects related to transportation security. For
example, the TSA is required to conduct background checks of workers at commercial passenger
airports, and the TSA has several ongoing projects, such as the Transportation Worker
Identification Credential (TWIC) Program and various airport access control pilot studies, that are
attempting to integrate background checks and vetting with the use of biometric access
credentials. While it may be some time before these would be mature enough to be considered for
application in the GA environment, there are already several statutory requirements for vetting
GA pilots, pilot applicants, and more recently, prospective aircraft charter and lease customers.
The most widely known of these GA programs is the TSA’s alien flight training rule (Title 49,
U.S.C. §44939; Title 49 Code of Federal Regulation, Part 1552), which requires the TSA to
conduct background investigations of non-U.S. applicants seeking flight training in the United
States for aircraft weighing more than 12,500 pounds and requires flight schools or flight
instructors to notify the TSA whenever a non-U.S. applicant wishes to initiate flight training in
smaller aircraft weighing less than 12,500 pounds. U.S. citizens seeking any type of flight
training, including proficiency checks and periodic flight reviews by flight instructors, must
present a valid birth certificate and a government-issued photo ID, such as a driver’s license or
passport, to demonstrate that they are not subject to these background check requirements.
In response to law enforcement and intelligence information revealing that the 9/11 hijackers and
accomplice Zacharias Moussaoui received flight training in the United States and amid concerns
that foreign terrorists could further infiltrate flight schools in the United States, the Aviation and
Transportation Security Act (ATSA, P.L. 107-71) initially placed the Department of Justice in
charge of conducting fingerprint-based record checks for alien flight school applicants seeking
training to fly aircraft weighing more than 12,500 pounds. Under Vision 100 (P.L. 108-176), this
responsibility was moved to the TSA, the process was streamlined to limit the impact of the
process on legitimate flight training activities, and reporting requirements were expanded to
include a notification requirement whenever foreign flight school applicants initiate flight training
in the United States in smaller aircraft weighing less than 12,500 pounds.
A lesser known component of TSA’s efforts to vet pilots (whether they are GA pilots, charter
pilots, or airline pilots), aircraft mechanics, and dispatchers is the use of threat assessments to
screen holders of and applicants for FAA certificates, ratings, or authorizations. Rules pertaining
to the security threat assessments for FAA certificate holders and applicants were promulgated on 67
January 24, 2003. Under these rules, the TSA notifies the FAA whenever an FAA certificate
holder or applicant is determined to present a security threat. The FAA, in turn, will deny,
suspend, or revoke the individual’s FAA certificate as appropriate. While parallel rules were
initially issued to carry out security threat assessments for both alien applicants and citizen
applicants, the rule pertaining to U.S. citizens was criticized because it lacked adequate

67 Transportation Security Administration.Threat Assessment Regarding Citizens of the United States and Alien
Holders Who Hold or Apply for FAA Certificates; Final Rules.” Federal Register, 68(16), pp. 3756-3769 (January 24,
2003).





safeguards for redress and remedy if FAA certificate actions were taken in response to what the
TSA determined to be a security threat. Critics argued that the rule gave the TSA significant
power over the issuance of pilot certificates and other aviation credentials without any oversight
or redress for the TSA to demonstrate the specific evidence or basis for its decision to identify a 68
certificate holder or applicant as a security threat. In response to concerns raised regarding the
TSA’s power over security-related certificate actions and the lack of an adequate redress process,
Vision 100 (P.L. 108-176, Sec.601) mandated the TSA to establish a redress and remedy process
entitling U.S. citizens subject to certificate action on the basis of a security threat assessment to a
formal redress hearing before an administrative law judge and an appeals process before a panel
convened by the Transportation Security Oversight Board. The TSA has not yet issued revised
rulemaking to conform with the statutory requirements set forth in Vision 100, and therefore,
existing regulations to enforce FAA certificate actions on the basis of security threat assessments 69
no longer apply to U.S. citizens. However, security threat assessments for alien FAA certificate
holders and applicants remain unchanged. It has been reported that, despite the fact that TSA
cannot prompt certificate actions solely on the basis of security background checks, FAA
databases of pilots, mechanics, and other certificate holders are routinely culled to identify any 70
individuals with known or suspected links to terrorism.
Although security threat assessments for citizen pilots, mechanics and other FAA certificate
holders and applicants have been suspended until the TSA develops a process and issues
rulemaking to conform with statutory requirements for redress and remedy, regulations still
require fingerprint-based criminal history records checks for charter pilots who fly aircraft 71
weighing more than 12,500 pounds. However, other GA pilots—who make up the majority of
the almost 600,000 active pilots in the United States—are not required to submit to any formal
background screening or checks. Some critics of background checks and vetting maintain that
they are costly and an unnecessary intrusion into the privacy of citizens. On a pragmatic level,
some question whether background checks for GA are needed at all, particularly at small, rural
airports where pilots, ramp workers, and others who frequent the airport are largely known to
each other. Nevertheless, background checks and other vetting activities have been looked upon
favorably by policymakers as a core component of a layered security system and could be further
expanded in their application to GA operators.
One area where background checks and security threat assessments is being incorporated into GA
operations is for the vetting of prospective charter and lease customers. Under statutory
provisions set forth in the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-
458, Sec. 4012), the TSA is charged with the task of setting up a mechanism for charter and
aircraft lease operators to voluntarily submit the names of prospective clients seeking access to
aircraft weighing more than 12,500 pounds for screening against the consolidated terrorist watch
list. Aircraft operators may deny individuals access to aircraft if their name is found to match
watch list records. While the legislative language limited the applicability of this vetting
procedure to aircraft weighing more than 12,500 pounds, the feasibility of extending this

68 See, e.g., Llewellyn King. “Adm. Loy, You Know Better: Rescind This Rule.” White House Weekly, 24(10), March
11, 2003, 1-2.
69 Transportation Security Administration. Memorandum to the Dockets from Pamela Hamilton, Director of Aviation
Initiatives Regarding TSA Rulemaking Docket No. TSA-2002-13732 and TSA Rulemaking Docket No. TSA-2002-
13733. March 16,2004.
70 Aircraft Owners and Pilots Association, GA Security: GA Pilots Are Not a Threat, Available at
http://www.gaservingamerica.org/GA-Pilots-Security.htm.
71 Title 14 CFR §1544.101 and §1544.230.





capability to charters and leases of smaller aircraft, based on the initial experience with larger
aircraft, was debated during consideration of this legislation. While terrorist database screening of
prospective charter and lease customers as legislated is voluntary, policymakers may also
consider whether mandatory screening of aircraft charter and lease customers is warranted.
However, because the capability to screen names against terrorist watch list information is tied to
the functionality of the controversial Secure Flight program for prescreening airline passengers,
implementation of a charter and lease customer prescreening mechanism—which is currently not
operational—may be further delayed by ongoing difficulties in meeting congressionally mandated
safeguards for data and privacy protections and redress and remedy for aggrieved individuals who
are erroneously identified as suspected or known terrorists. Presently, language in the FY2007
Department of Homeland Security Appropriations Act (P.L. 109-295) prohibits full-scale
deployment of the Secure Flight system until the GAO certifies that these lingering concerns are
adequately addressed.
Besides prospective charter and lease customers, the screening of prospective aircraft purchasers
can serve as an important deterrent to prevent terrorists or organizations that support terrorism
from acquiring aircraft that could be used in a terrorist attack. Under Department of the Treasury
regulations, promulgated to meet requirements of the USA PATRIOT Act (P.L. 107-56), aircraft
sales must comply with various information sharing, reporting, and records keeping requirements 72
aimed at identifying suspicious transactions and preventing money laundering. However,
because many other large-scale financial transactions such as the sale of houses, boats, and cars
must be similarly reported, the volume of transactions may make it difficult to quickly identify
suspicious aircraft transactions. The main intent of these regulations is to spot potential attempts
to launder illegal funds in support of terrorist or criminal activities, and therefore the regulations
are not specifically designed to vet purchasers of GA aircraft against terrorist watch lists. The
capability to detect aircraft sales to suspected terrorists or their associates and vet aircraft
purchasers against terrorist watch lists under these reporting requirements remains unclear.
Other than surveillance, access controls, and background checks, there are a variety of other
options for enhancing the general physical security of airport facilities. One of the most obvious
of these measures is erecting physical barriers, such as chain-link perimeter fencing, around
security sensitive locations on the airfield. However, the TSA cautions that while physical
barriers, such as fencing, walls, electronic boundaries, and even natural barriers, can protect
airport areas from unauthorized access, these methods by themselves will not prevent determined
intruders from gaining access. The TSA further notes that excessive spending on extensive
perimeter enhancements may actually be detrimental to an airport’s overall security posture to the 73
extent that these efforts take away from opportunities to improve upon other aspects of security.
Besides fencing, protective lighting can often serve as an effective deterrent against theft, 74
vandalism, unauthorized access, and other illegal activity at night.
While various combinations of physical barriers and lighting may deter unauthorized access at
airports, the TSA notes that storing aircraft in hangars provides one of the most effective methods

72 See Title 31 Code of Federal Regulations, Part 103.
73 Transportation Security Administration. Security Guidelines for General Aviation Airports.
74 Ibid.





of securing GA aircraft.75 However, at many GA airports, hangar space is in short supply and the
demand for hangars make them very costly, especially for some small, privately owned aircraft.
Language in the Century of Aviation Reauthorization Act—Vision 100 (P.L. 108-176, Sec. 149)
provides greater flexibility in the allocation of federal Airport Improvement Program (AIP) funds
for the construction of hangars at GA airports. Also, to foster private investment in hangar
construction, additional language in Vision 100 (P.L. 108-176, Sec. 165) provides assurances for
long-term lease agreements between tenant aircraft owners who build hangars using their own
funds and airport operators.
While surveillance, access controls, and physical security measures at airports can provide
effective deterrents, these measures may be costly and challenging to implement at many GA
airports, especially smaller airports. Measures to physically secure aircraft can be viewed as
either an additional layer of security to prevent theft and unauthorized access to aircraft at airports
with extensive surveillance and access controls or as a primary means of security at some airports
with more limited security capabilities.
Physical security measures for aircraft may include cabin and ignition locks that may already
exist for certain aircraft as well as supplemental immobilizing devices such as propeller, throttle,
control surface, and tie-down locks. The TSA’s Security Guidelines for General Aviation Airports
recommends storing aircraft in locked hangars, consistent use of aircraft door locks, using keyed
ignitions when appropriate, and not leaving keys in aircraft as some basic steps to secure GA
aircraft. The guidelines also recommend using an auxiliary lock such as commercially available
propeller, throttle, or tie down locks to further protect GA aircraft. The TSA suggests that “[p]ilots
should employ multiple methods of securing their aircraft to make it as difficult as possible for an
unauthorized person to gain access to it.”
While building or renting secured hangar space may be cost prohibitive to many light aircraft
owners, locks and other security devices may provide a common sense, cost-effective means to
reduce the vulnerability of GA aircraft to theft. Given that aircraft are high value assets, locks
may offer a relatively low-cost means to reduce vulnerability. Purchasing and installing secondary
locks could benefit aircraft owners and operators by providing added protection against theft and
unauthorized access.
In the absence of explicit federal standards or requirements, some states have taken initiatives to
require specific actions for securing GA aircraft. New Jersey, for example, has implemented a
stateside “two-lock rule” requiring any aircraft parked or stored at a GA facility within the state
for more than 24 hours to either secure the aircraft with two distinct locking devices or disable the 76
aircraft in a manner to prevent theft or illegal use. Propeller locks and throttle locks may provide
relative low cost, relatively effective deterrents to unauthorized use and theft of aircraft.

75 Ibid.
76 U.S. Government Accountability Office. General Aviation Security: Increased Federal Oversight Is Needed, but
Continued Partnership with the Private Sector Is Critical to Long-Term Success. GAO-05-144, November 2004.





The specific intelligence and law enforcement evidence pointing to al Qaeda’s interest in crop
dusting aircraft in the months leading up to 9/11 suggests that the agricultural sector of general
aviation should be particularly alert to suspicious activities. Because agricultural aviation
operations largely take place in rural environments, away from highly populated areas, increased
awareness of this threat coupled with operators increasing their vigilance and taking steps to
secure their aircraft may serve as an adequate deterrent. However, the unique capabilities of
aircraft, both airplanes and helicopters, used in aerial application make them specifically
attractive to terrorists. For this reason, the TSA recommended to operators of agricultural aircraft
that they use multiple security devices—such as throttle and control locks, propeller locks, and
hidden ignition switches—to secure aircraft, store aircraft in hangars with electronic security
systems and steel doors, and when hangars are not available, park heavy equipment in a manner 77
to prevent the movement of aircraft. The National Agricultural Aviation Association has
provided additional guidance to operators of agricultural aircraft advising them to: secure
pesticide storage areas; implement procedures for the shipping and receiving of chemicals; secure
facilities and limit access; post security signs; improve lighting of storage areas; secure fences
and gates; conduct security inspections to check for signs of intrusion or tampering; maintain logs
to track visitor access to facilities; coordinate with local law enforcement and fire departments; 78
and develop site security plans as required to comply with HAZMAT regulations.
Besides agricultural aircraft operations, another sector of GA flying that has raised security
concerns has been flight schools. Flight schools have been spotlighted, in large part, because of
intense media coverage of the apparent relative ease that some of the 9/11 hijackers were able to
obtain flight training in the United States, and the reported lack of safeguards to prevent incidents
like the intentional crash of a small single-engine airplane into a downtown Tampa, Florida
building piloted by a student pilot who stole the aircraft while conducting an unsupervised pre-79
flight inspection.
To address lingering concerns over flight school security, Vision 100 (P.L. 108-176) requires
specific flight school security awareness training for all flight school employees. To meet this
statutory requirement, the TSA has developed a standardized computer-based flight school
security awareness training program, although flight schools have the option of developing their
own security training program that must obtain TSA approval. New hires must receive initial
security awareness training within 60 days of employment, and employees must complete annual
recurrent training in security awareness. The training indoctrinates flight school employees on
fundamentals of security awareness, security practices, and appropriate responses to suspicious
events. In addition to the statutory requirement for security awareness training, the TSA has 80
issued several recommendations for flight schools in its security guidelines for GA airports.
These recommendations largely focus on increasing surveillance and supervision of students and

77 Transportation Security Administration. Security Guidelines for General Aviation Airports.
78 Regulatory Consultants, Inc.Secure Your Operation Today. Agricultural Aviation, July/August 2005, 17-18.
79 Jean Heller and Alicia Caldwell. “Flight Schools: Breach of Trust Difficult to Prevent.St. Petersburg Times,
January 8, 2002.
80 Transportation Security Administration. Security Guidelines for General Aviation Airports.





renter pilots and better controlling access to aircraft and aircraft keys. Other steps that may be
taken by flight schools to improve security include background checks of prospective employees,
particularly prospective flight instructors and maintenance personnel; establishment of formal
written security procedures for employees and customers; display of identification by employees;
and various access controls and surveillance measures for the flight line.
In addition to agricultural aviation and flight schools, another sector of GA with unique security
needs is business aviation. Larger, faster business jets introduce unique security concerns because
of their size and speed as well as their relatively high value and, in some instances, the
prominence of passengers carried on board these aircraft. While business jets make up a relatively
small percentage of general aviation aircraft, their larger size, heavier payload, and faster speed
introduce unique risks. Chartered business jets and turboprops also pose a unique risk because,
unlike corporate or privately owned aircraft, flight crews often do not know their passengers.
In coordination with the TSA, the National Business Aviation Association has implemented a 81
program promoting aviation security best practices among business aircraft operators. The
program focuses on various facets of operator security including identifying security roles within
an operator’s organization; providing security training to flight department personnel;
establishing sound physical security measures to control access to facilities and aircraft; issuing
photo IDs for crew members; conducting pre-flight security inspections of aircraft; matching
baggage to passengers; maintaining positive control of baggage; and developing and keeping up
to date site-specific security and emergency response plans.
Based in part on the NBAA’s initiatives regarding aviation security best practices, the TSA
initiated a pilot program, called the TSA Access Certificate or TSAAC program, for business
aircraft operators in the spring of 2003. The TSAAC program was initially offered to operators
based at Teterboro Airport (TEB) in New Jersey, and was later expanded to include operators at
Westchester County Airport (HPN) in New York, and Morristown Airport (MMU) in New Jersey.
While the specifics of the TSAAC program are regarded as security sensitive information, the
program generally requires operators to implement security procedures similar to the operational
security measures required for charter aircraft operators who fly aircraft weighing more than

12,500 pounds. Elements of the program include various physical security measures for aircraft,


vetting of customers and other visitors, control of passengers and baggage, access controls for the
flight line and aircraft operations areas, and the utilization of threat intelligence. Aircraft
operators approved under TSAAC are allowed entry into the United States from all foreign
destinations, whereas nonparticipating aircraft had been restricted to entry into U.S. airspace from
only a limited number of “portal” countries. These restrictions were rescinded in August 2006 for
aircraft weighing less than 45,500 kg (roughly 100,000 pounds), effectively eliminating the
incentive for TSAAC participation. As a result, there is presently no clear need to expand the
TSAAC program. The NBAA, however, remains hopeful that the security standards developed

81 National Business Aviation Association. NBAA Best Practices for Business Aviation Security. Washington, DC:
National Business Aviation Association, Inc.





under TSAAC can be applied in a manner that would provide additional benefits to participants 82
and create incentives for applying security best practices among business jet operators.
Procedures allowing certain GA operations to resume at the Ronald Reagan Washington National
Airport (DCA) were mandated under Vision 100 (P.L. 108-176). Because DCA is in such close
proximity to Washington, DC, it had generally been off limits to GA operators for almost four
years following the terrorist attacks of September 11, 2001. However, on August 18, 2005, DCA
reopened to GA operators on a very limited basis under an interim final rule detailing extensive 83
security requirements for GA operators to gain access to the airport. These security requirements
are collectively referred to as the DCA Access Standard Security Program (DASSP). In addition
to adhering to security protocols similar to those outlined in the TSAAC program, operators
wishing to fly to and from DCA under DASSP must: have their flight crews cleared by
background checks; submit passenger and crew member names for vetting against terrorist watch
lists; submit to physical screening of passengers, crew members, and baggage; transition into
DCA from a designated gateway airport, of which there are presently 17; and post armed security
officers on board each flight to and from DCA. Operators must reimburse the TSA for the direct
costs associated with these security measures which in effect makes access to DCA cost
prohibitive for most GA operators. As currently implemented, the security provisions for access
to DCA are designed primarily to accommodate larger charter operators and high-end corporate
aircraft. The program is not currently available to privately-owned aircraft, but the TSA indicated 84
that the program may be expanded in the future.
While corporate and privately owned aircraft primarily deal with passengers known to the pilots
and operators, passenger charter aircraft present unique security challenges because customers are
sometimes unknown or unfamiliar. Charter aircraft weighing more than 12,500 pounds maximum
takeoff weight must adhere to specific security regulations referred to as the twelve-five security 85
program in reference to the aircraft weight criteria. Twelve-five security program requirements
include passenger identification checks, fingerprint-based criminal history records checks for
flight crew members, application of specific bomb and hijacking notification procedures and
requirements, and implementation of a TSA-approved operator security program. Each operator
must designate a security coordinator within the organization, provide training and information to
employees with security-related duties, and have procedures in place to coordinate with law
enforcement entities responding to security threats. Although cockpit doors are not required for
twelve-five operations, if an aircraft has a cockpit door, procedures must be in place to restrict
access to the flight deck.

82 National Business Aviation Association. TSA Access Certificate (TSAAC),Washington, DC: National Business
Aviation Association, Inc., Updated February 22, 2007.
83 Transportation Security Administration. Ronald Reagan Washington National Airport: Enhanced Security
Procedures for Certain Operations; Interim Final Rule. Federal Register, 70(137), 41586-41603 (July 19, 2005).
84 See CRS Report RS22234, Homeland Security: Protecting Airspace in the National Capital Region, by Bart Elias.
85 See Title 49, Code of Federal Regulations, §1544.101(e).





In addition to these requirements of the twelve-five security program, operators of passenger
charter flights in aircraft weighing more than 100,300 pounds maximum gross weight or an
aircraft with 61 or more passenger seats must implement additional security measures laid out in
the TSA’s Private Charter Standard Security Program (PCSSP), including a requirement for 86
physical screening of passengers and accessible baggage. Also, regardless of aircraft weight, if a
passenger-carrying charter flight loads or unloads passengers at a designated sterile area of a
commercial airport (that is, beyond the security screening checkpoint), that operation must also
adopt the private charter security program. The private charter program prohibits passengers from
carrying weapons, explosives, and incendiary devices, and requires that metal detectors and x-ray
systems used in the screening of charter passengers meet standards established by the TSA.
However, physical screening of passengers can be conducted by TSA-approved private screeners
and is not typically carried out by federal screeners unless arrangements are made to enplane and
deplane from the sterile area of commercial airports. Private charter operators of these larger
aircraft must establish procedures to prevent unauthorized access to aircraft and other access
controlled areas as specified in the operator’s security program and must carry out a security
inspection of aircraft whenever access control measures, such as posted security guards or
adequate access controls to aircraft, are not maintained. In addition to flight crew members, other
employees of private charter operating large aircraft that have unescorted access to aircraft and
secured areas must submit to fingerprint-based criminal history records checks, and security
coordinators and crew members must complete annual recurrent security training.
While the twelve-five and private charter security programs specifically apply to charter
operations, the TSA requires GA operators authorized to enplane or deplane into the sterile area
of commercial passenger airports to conduct TSA-approved physical screening of passengers, 87
flight crew members, and their carry on items. While these regulations are in place to make
allowances for certain GA operations that might be permitted to enplane and deplane at sterile
airport areas while preventing the introduction of weapons, explosives, or incendiary devices into
the commercial passenger aircraft environment, corporate and privately owned GA aircraft are
rarely granted access to sterile areas. Also, while the required adoption of a twelve-five security
program is only required of charter operators, regulations stipulate that GA operators of aircraft
weighing more than 12,500 pounds maximum takeoff weight could be required to conduct
preflight security searches and screen passengers, crew members, and carry-on items before
boarding in accordance with security procedures approved by TSA if notified to do so by the 88
TSA. While these security measures have never been implemented, they could become effective
upon notification to operators through means such as the Notices to Airman (NOTAM) system
and may be carried out, for example, upon receipt of specific, credible intelligence suggesting a
terrorist plot to hijack business jets.
According to CBP, almost 400 private aircraft enter the United States on international flights
made by private aircraft every day. Almost 500,000 people, passengers and crew, enter the United 89
States on board private aircraft annually. Private aircraft crossings of the expansive land and

86 See Title 49, Code of Federal Regulations, §1544.101(b) and (f).
87 See Title 49, Code of Federal Regulations, §1550.5.
88 See Title 49, Code of Federal Regulations, §1550.7.
89 Department of Homeland Security, Bureau of Customs and Border Protection, “Advance Information on Private
Aircraft Arriving and Departing the United States; Proposed Rule,” Federal Register, 72(180), pp. 53394-53406.





water borders of the United States pose a persistent threat of narcotics and human smuggling. In
the post-9/11 context, concerns have been raised that terrorists may infiltrate the U.S. borders
using GA aircraft to transport operatives and weapons, including possible weapons of mass
destruction. There is also concern that terrorists could launch a 9/11-style suicide attack using
large GA aircraft flights that originate outside of U.S. borders to attack ground targets.
Current CBP regulations for private aircraft, designed largely to counter cross-border narcotics
trafficking, require advance notification one hour prior to an inbound border crossing. Aircraft
entering U.S. airspace are required to file a flight plan, establish radio communication with air
traffic controllers, and must be assigned a unique “squawk” code to identify their radar blip to air
traffic controllers and others that may be monitoring airspace for security purposes. Aircraft
transiting from Mexico or other countries in Central and South America must fly to the first
designated airport of entry nearest to their border crossing point to clear customs prior to
continuing their flight, unless they receive a waiver from this requirement. Aircraft entering from
other countries, including Canada, however, may proceed to any designated airport of entry.
While these procedures are designed to identify and track inbound flights, they provide only
limited capability to vet inbound flights because no information on passengers is currently
provided in the required advance notification transmissions.
A provision of the Implementing the 9/11 Commission Recommendations Act of 2007 (P.L. 110-
53) required the Bureau of Customs and Border Protection (CBP) to develop a system, under
which all GA aircraft entering U.S. airspace must submit passenger information as part of the
advance notification to check against appropriate government databases. This information can be
vetted against terrorist watchlists and FAA aircraft and pilot registry databases to detect any
anomalies that may be indicators of increased risk associated with a specific flight.
CBP published proposed rulemaking to fulfill these notification requirements on September 18, 90
2007. In addition to meeting the mandated requirements for vetting inbound international
flights, the CBP proposal would also require advanced notice and departure manifests to be
transmitted one hour prior to outbound international flights. While GA advocacy groups, like
AOPA, generally support the premise of enhancing security regarding international flights
utilizing GA aircraft, they have raised concerns about the proposed notification procedures which
would require electronic filing of all such flight information via the Internet. Under the proposal,
pilots that do not have Internet access at their point of origin would be required to land at a
facility outside U.S. airspace having Internet access to file the appropriate electronic notification
prior to proceeding into U.S. airspace. AOPA considers this requirement overly restrictive, noting
that many pilots operating into the United States, particularly those originating in remote areas of
Canada, may not have Internet access at their point of origin. The AOPA has suggested that
telephone and cockpit radio transmissions be continued as acceptable alternative means for
notifying CBP. The AOPA has also suggested that pilots be allowed “...to provide their passenger 91
information upon arrival during their face-to-face meetings with Customs as they do today.”
However, this request to delay transmission of passenger data appears to contradict the statutory
requirement in P.L. 110-53 that requires passenger information to be submitted before entering
U.S. airspace. The CBP proposal notes that while the pilot is ultimately responsible for

90 Ibid.
91 Aircraft Owners and Pilots Association, Regulatory Brief: U.S. Customs and Border Protection Proposed Rule
Advance Information on Private Aircraft Arriving and Departing the United States, Frederick, MD, Updated Thursday,
November 15, 2007.





transmitting the information, he or she could authorize someone else to submit the information.
This leaves open the possibility that third party vendors could set up systems for receiving the
required information via telephone or other means and submit it electronically to CBP. Private
flyers and GA advocacy groups may, nonetheless, oppose this alternative because of the possible
costs and privacy issues associated with third party receipt and transmission of passenger and
crew data.
Besides the vetting of flight crews and passengers on inbound international flights by GA aircraft,
tracking those aircraft is also an issue of considerable concern. Tracking flights along the northern
border has been a particular challenge because it lacks the extensive low altitude radar coverage
that is available along the southern border in some locations. Drug smuggling along the northern
border has been a persistent problem, including smuggling activity using small GA aircraft that
can operate into and out of remote landing strips without detection. There is some concern that
terrorists could use similar tactics to transport weapons, including weapons of mass destruction,
and operatives across U.S. borders without being detected. While CBP and Immigration and
Customs Enforcement (ICE) Air and Marine Branch (AMB) aircraft patrol the northern border
and interdict suspicious flights, monitoring of flight activity, particularly low altitude flight
activity along the northern border remains a significant challenge. The DHS aviation operations
capabilities along the northern border are more limited in size and scope than those along the
southern border, particularly along the U.S.-Mexico land border.
In addition to manned flights to patrol both the southern and northern borders, CBP initiated
unmanned aerial vehicle (UAV) patrols along the southern border in 2004, and is expanding
southern border UAV operations and initiating UAV patrols along the northern border. These
unmanned systems are viewed as having high endurance capability, meaning that they can stay
airborne for extended periods of time, thus significantly augmenting the surveillance capabilities 92
of existing ground radar and manned aircraft patrols of the U.S. borders. The AOPA, however,
has raised considerable objections and safety concerns over the DHS utilization of unmanned
aircraft noting that airspace restrictions to keep GA flights away from UAV operations cause
inconvenience to GA operators and may impact safety, particularly in and near mountainous areas 93
where small aircraft may be forced to operate over rugged terrain to avoid restricted airspace.
Aviation security measures addressing GA flight operations have focused extensively on
imposing flight restrictions over various potential terrorist targets. These security-related airspace
restrictions have been highly contentious because: they have a direct impact on air commerce and
the freedom of movement by air; the potential for airspace violations has significant
repercussions for both professional and private pilots; surveillance, airspace protection, and
enforcement of airspace restrictions can be costly and resource intensive, and the effectiveness of
some of these airspace restrictions has been questioned by the GA community and aviation
security experts.

92 Michael J. Pitts, Director, UAS Program Office, U.S. Customs and Border Protection, Office of Customs and Border
Protection Air and Marine, Presented at FAA UAS Tech Conference, January 2007, Arlington, VA.
93 Aircraft Owners and Pilots Association, AOPA Alerts Congress to UAV Threat to GA Operations, Frederick, MD,
March 29, 2006.





While a variety of low-altitude flight restrictions have been in place for many years around
sensitive locations for reasons of national security, the number and scope of these restrictions
have expanded significantly since the terrorist attacks of September 11, 2001. The most
comprehensive of these restricted areas is the airspace around Washington, DC, which consists of
a Flight Restricted Zone (FRZ), 15-nautical miles in radius, and a larger 30-mile radius—referred 94
to as the Washington, DC Air Defense Identification Zone (ADIZ)—where flights must adhere
to specific flight plans and air traffic communications and surveillance requirements.
The airspace in the National Capitol Region (NCR) around Washington, DC has been placed
under close surveillance and special flight restrictions primarily affecting GA aircraft ever since
September 11, 2001. Previously, the airspace around Washington, DC was relatively open and
accessible to GA as well as commercial aircraft. While the airspace directly above some sensitive
locations—like the White House and the Capitol—was then and still is prohibited airspace (i.e.,
generally off-limits to all civil aircraft), this comprised a relatively small portion of the total
airspace in the NCR. Before September 11, 2001, GA aircraft were routinely permitted to operate
over Washington, DC, and the surrounding area so long as these prohibited areas were avoided
and applicable air traffic procedures were followed. Washington Reagan National Airport (DCA),
which is located in close proximity to downtown Washington, DC, and key federal facilities, was
open and accessible to most GA aircraft. However, following the 9/11 attacks, airspace
restrictions in the Washington, DC region have gone through several significant changes to
address heightened security concerns.
As flight operations resumed following the terrorist attacks of September 11, 2001, a no fly 95
zone—25-nautical miles in radius, extending from the surface to 18,000 feet—around
Washington, DC, was established. All civil airports within this area, including DCA remained
closed to both the airlines and GA traffic. Commercial flights gradually resumed at DCA starting
in early October 2001, and limited GA operations were permitted in the airspace within the 18 to
25-nautical mile ring around DCA. In December 2001, the size of the restricted airspace around
Washington, DC, was reduced to roughly a 15-nautical mile radius, the dimensions that continue
to exist today for the area known as the Flight Restricted Zone (FRZ). The FRZ extends from the
surface up to 18,000 feet.
In February 2002, the ban on GA operations in the FRZ was eased somewhat, permitting the three
GA airports located within its boundaries—referred to as the Maryland three or sometimes the

94 The term Air Defense Identification Zone (ADIZ) has long been in place and refers to any area of airspace where the
identification, location, and control of aircraft are required in the interest of national security. Prior to September 11,
2001, this term generally referred to buffer zones around coastal waters and international borders of the United States.
Since September 11, 2001, the ADIZ concept has been expanded to include zones within the United States such as in
the vicinity of Washington, DC.
95 Nautical miles are the standard measure of distance in aviation. One nautical mile is roughly equal to 1.15 statute
miles.





DC-three airports—to reopen on a limited basis.96 Potomac Airfield, Washington Executive
Airport/Hyde Field, and College Park Airport, resumed operations of based aircraft whose pilots
were vetted through background checks and adhered to strict security protocols. In February
2005, FRZ restrictions were further relaxed allowing transient aircraft to fly to and from these
airports provided that their pilots had passed background checks, received special training, and 97
adhered to specific security procedures. The reopening of these airports has been a politically
sensitive issue. Both Washington Executive and Potomac airports are operated by small business
entities that have been significantly impacted by the flight restrictions, while College Park
airport—established in 1909 as a site for the Wright brothers to train military aviators—is
considered the world’s oldest continuously operated airport.
In February 2003, additional steps were taken to secure the skies above Washington, DC, by
establishing an outer area, beyond the FRZ, where GA flights must operate under close
surveillance and in constant 2-way radio contact with air traffic controllers. This area is known as
the Washington, DC Air Defense Identification Zone (ADIZ) and its existence has been highly
controversial because of the operational requirements it imposes on GA aircraft. The ADIZ came
into existence, not immediately following September 11, 2001, as many mistakenly assume, but
rather as part of Operation Liberty Shield, an operation launched by the DHS to enhance
homeland security during the build-up toward the war in Iraq. The Washington ADIZ was
established as a temporary flight restriction, and a similar ADIZ was established around New
York City for brief period during the winter and spring of 2003. A smaller scale restricted area
was also put in place over downtown Chicago during that time. The temporary restrictions in
New York and Chicago have since been rescinded, but the Washington, DC, ADIZ has remained
in place. Largely in response to criticism that the special procedural requirements for flying inside
the DC ADIZ were overly burdensome to operators, including some whose flight paths brought
them no closer than 50 miles away from Washington, DC landmarks, the size of the ADIZ was
reduced in size to a 30-mile ring around DCA in August 2007 (see Figure 3).

96 Federal Aviation Administration.Enhanced Security Procedures for Operations at Certain Airports in the
Washington, DC Metropolitan Area Special Flight Rules Area; Final Rule.” Federal Register, 67(33), 7538-7545
(February 10, 2005).
97 Title 49 Code of Federal Regulations, Part 1562, Subpart A.





Figure 3. Previous and Current Configurations of the Washington, DC, Airspace Air
Defense Identification Zone (ADIZ) and Flight Restricted Zone (FRZ)
Source: CRS analysis and graphic based on applicable FAA Notices to Airmen (NOTAMS).
Prior to this resizing of the ADIZ, the area covered by the ADIZ consisted of the 30-nautical mile
ring around DCA plus the additional airspace extending for 20 nautical miles around both Dulles
International (IAD) and Baltimore/Washington Thurgood Marshall International (BWI) airports.
During that time, the ADIZ has a lateral extent—not including the FRZ which it completely
encapsulates—of more than 3,000 square nautical miles. As a result of the August 2007 change
made by the FAA, the size of the ADIZ was reduced to an area roughly 2,000 square miles in
size. Thus, the area included in the ADIZ was reduced by roughly one-third as a result of this
change. Like the FRZ, the ADIZ extends from the surface to 18,000 feet, and this has remained
unchanged.
Along with this reduction in the size of the ADIZ the FAA implemented a new speed restriction
around Washington, DC, limiting aircraft operating below 18,000 feet outside the ADIZ but
within 60 nautical miles of DCA to speeds below 230 knots. The rationale for this being that
faster moving aircraft would offer less time to prepare and launch defensive measures to prevent a
possible terrorist attack using aircraft. By imposing a speed restriction, airspace security monitors





could more rapidly identify fast-moving threats and initiate a defensive response. The GA
community has not voiced any particular opposition to this measure, in large part, because only a
relatively small percentage of GA aircraft are even capable of speeds greater than the 230 knot
limit.
While the ADIZ, in both its previous and current form, has been established as a temporary flight
restriction, it is expected that the FAA will seek to make the current ADIZ airspace configuration
and special procedures permanent. However, when the FAA proposed to make the ADIZ in its
prior form permanent in August 2005, it was barraged by more than 20,000 public comments, 98
almost all opposing the plan. The AOPA, in particular, strongly opposes making the ADIZ
permanent, and contends that the ADIZ confuses both pilots and controllers, diverts controller’s
attention from their primary aircraft separation duties, causes considerable departure delays for 99
GA flights, and confines training flights to limited airspace creating a potential safety hazard.
The AOPA also asserts that flight activity at airports within the ADIZ has decreased by about 30
to 50 percent since the ADIZ was put in place, and fuel sales at area airports have declined by as 100
much as 45 percent. Implementing ADIZ procedures also involves a sizable federal investment,
costing about $11 million annually, according to FAA estimates for additional air traffic 101
controllers and equipment to monitor flights in the ADIZ. The AOPA has consequently voiced
concern that “[i]f the ADIZ is not eliminated or modified, it will permanently jeopardize the 102
economic viability of general aviation operations in the Washington area.” Critics of the ADIZ
have viewed the reduction in its size as a positive step toward reducing the operational burden
associated with the special flight procedures required to operate inside the ADIZ, although the
AOPA and others maintain that the ADIZ should be completely eliminated and replaced with less
burdensome measures that can provide an equivalent level of security.
Other than the airspace restrictions around Washington, DC, various security-related flight
restrictions have been put in place to protect national security interests and ostensibly to protect
potential high-profile terrorist targets from aerial attacks. At various times since September 11,
2001, flight restrictions have been imposed to protect airspace around major U.S. cities and other
potential terrorist targets. For example, during the build up toward the war in Iraq in early 2003,
additional airspace restrictions were put in place around New York City, Chicago, and Disney
theme parks in addition to establishing the ADIZ around Washington, DC to augment the FRZ
that had already been put in place following the terrorist attacks of September 11, 2001. Flight
restrictions around major cities besides Washington, DC were lifted, but have been reinstated for
brief periods during times when the national security threat level has been elevated or when
special events warranted the establishment of temporary flight restrictions. However, the flight
restrictions around Disney theme parks have continuously remained in effect and are now
mandated in statute. In addition to these restrictions, the Consolidated Appropriations Act of 2004
(P.L. 108-199, Sec. 521) establishes permanent flight restrictions over stadiums and motor

98 See DOT Docket No. FAA-2004-17005, available via dms.dot.gov.
99 Aircraft Owners and Pilots Association, Air Traffic Services Brief: Security Officials Want Washington, D.C., Air
Defense Identification Zone (ADIZ) to Be Made Permanent, Frederick, MD, Updated Wednesday, August 29, 2007.
100 Ibid.
101 Federal Aviation Administration.Washington, DC Metropolitan Area Special Flight Rules.”
102 Ibid.





speedways during Major League Baseball (MLB) games, National Football League (NFL) and
National Collegiate Athletic Association (NCAA) division I football games, and major auto
racing events. These flight restrictions establish a three nautical mile radius around the effected
facility extending from the surface to 3,000 feet. GA aircraft are generally prohibited from this
airspace, but exceptions may be made for flight operations directly related to the sporting event,
broadcast coverage of the sporting event, or to provide safety and security for the event.
Exceptions may also be made in cases where the venue is in close proximity to an airport, in
which case aircraft may enter into the restricted area if necessary to land or takeoff from the
airport using standard air traffic procedures. These restrictions have been criticized by some
because they are selective in the events that are covered by the statutory mandate and therefore do
not encompass all large-scale outdoor assemblies. The restrictions have also been criticized
because the relatively small size of restricted airspace, while often interfering with flight
operations, is considered by many to provide an inadequate perimeter for establishing adequate
airspace protections to the sites they are intended to protect.
In addition to the stadium and theme park overflight rules, the temporary flight restricted areas
put in place around sites visited by the President are particularly troublesome for many pilots.
Unlike the stadium and Disney theme park areas which encompass a relatively small footprint,
the flight restrictions put in place for presidential visits encompass a much wider area. The area of
these restrictions has grown from a 3-mile radius extending 3,000 feet in altitude before 9/11, to a
30-nautical mile radius reaching up to 18,000 feet in altitude. This effectively increased the
footprint of the restricted airspace around the President from just over 28 square miles to more
than 2800 square miles, and increased the cubic volume of protected airspace around the
President by 600%. Typically, during a presidential visit, GA flights are completely prohibited
within 10-nautical miles of the designated site. Between 10 and 30 nautical miles from the
designated site, flights below 18,000 feet must be on active flight plans and in constant
communication with air traffic controllers.
The fact that these airspace restrictions to protect the President are often put in place with little
advance notice has the potential of catching pilots off guard. Because these presidential
movement temporary flight restrictions (TFRs) change dynamically with the President’s schedule,
pilots can be easily misinformed or confused about the specific location of the restricted airspace
and the effective times of the restrictions, which usually includes a block of time around the
President’s expected presence but can change on short notice. Also, these restrictions are often
defined in terms that may not be meaningful to GA pilots whose aircraft may lack the
navigational capability to identify the boundaries of restricted areas. The FAA and user groups
such as AOPA have worked to increase pilot awareness regarding the movements of the President
and provide pilots with up to date information regarding presidential movement TFRs including
graphical depictions of affected airspace. Nevertheless, identifying these airspace boundaries
continues to be a challenge, particularly to pilots flying primarily by visual means and relying on
landmarks on the ground to avoid airspace incursions. The AOPA and other GA advocacy groups
have questioned the need for restrictions over such a wide area and have lobbied to keep the 103
impacts of these security measures on airspace accessibility to a minimum.

103 See, e.g., Aircraft Owners and Pilots Association. Members of Congress Join AOPA Outcry Over Presidential
Movement TFRs. Frederick, MD; May 16, 2003.





Besides these specific objections to security-related flight restrictions, many aviation interests and
homeland security specialists have raised broader policy questions about the effectiveness of
these various airspace restrictions and special operating procedures, noting that enforcing airspace
restrictions is costly and resource intensive and providing protection to defend sites against aerial
attacks is an even greater challenge. The resource requirements and associated costs for
monitoring restricted airspace and providing airspace protection around critical sites raise policy
questions regarding the appropriate balancing of these measures with efforts to address other
homeland security threats, and the effect of these measures on air commerce and the freedom of
movement by air.
Surveillance and monitoring capabilities present a significant challenge for protecting airspace.
This is, in part, because detailed information on specific GA aircraft is not provided to air traffic
controllers and airspace monitors unless the aircraft is transmitting a unique identifying code to
air traffic radar sites. Under the current radar system, providing GA aircraft with unique
identifiers and tracking all GA aircraft could, at times, prove overwhelming for air traffic
controllers. Under present day air traffic control procedures, pilots must file flight plans, receive
unique identifier codes to transmit, and make radio calls to air traffic controllers to establish
“radar contact” allowing controllers to identify and track a specific flight. Under normal
circumstances in clear weather, many flights never file a flight plan nor contact air traffic
controllers because they are not required to do so. But, to operate inside certain restricted airspace
like the Washington, DC ADIZ, pilots must follow the aforementioned procedures for filing flight
plans, transmitting unique identifying codes, and communicating with air traffic controllers—
procedures that are often workload intensive for both pilots and controllers. Technologies may
provide a solution that could ease pilot and controller workload associated with these
transactions. For example, Mode S transponders are capable of automatically relaying detailed
aircraft identifier information to air traffic radars, but most smaller GA aircraft do not have this
technology and it is expensive to install. Similarly, emerging technology called Automated
Dependent Surveillance-Broadcast (ADS-B) can transmit detailed aircraft information to ground
stations and other aircraft, but this new technology is only beginning to become available and
surveillance capability is not yet available in all parts of the United States. While ADS-B shows
significant promise for improving safety as well as security, the FAA is still developing its
investment strategy in this technology. In the meantime, surveillance of GA aircraft must rely on
current radar capabilities, involving close coordination between pilots and air traffic controllers.
This imposes additional workload on both pilots and controllers. This increased workload has a
direct bearing on FAA resources. For example, the FAA estimates that making the Air Defense
Identification Zone (ADIZ) around Washington, DC permanent will cost about $11 million per
year, mostly linked to increased labor costs associated with processing flight plans and providing
air traffic services to aircraft operating under visual flight rules (VFR) that would otherwise 104
present little or no impact on the air traffic control system.

104 Aircraft operating under VFR may, on occasion, request traffic advisories or “flight following” from air traffic
controllers on a workload-permitting basis. However, except for regulations established for security monitoring
purposes, VFR aircraft are not required to interact with air traffic services unless flying in specially designated airspace
near towered airports or above 18,000 feet.





While security measures are being implemented authorizing certain GA operations within the
restricted airspace, curtailing frequent inadvertent airspace violations by unauthorized aircraft that
complicate surveillance and defense efforts is an ongoing challenge. According to NCR
Command Center statistics, there were almost 3,500 airspace incursions between January 27,

2003, when the center first opened, and July 17, 2005—a rate of almost four incidents per day.


On 655 of these occasions, “government assets” were deployed or diverted to intercept the
intruding aircraft. Based on this experience, about one in every five to six incursions requires an
intercept, and this occurs about five times a week. However, all but one of these incidents was
inadvertent. In three high-profile incidents, all inadvertent, the U.S. Capitol was evacuated,
raising concerns over the adequacy of airspace protections among lawmakers.
Curbing inadvertent violations is likely to become increasingly important as more GA operations
return to DCA and the three Maryland airports within the FRZ, making the task of surveillance
and tactical response all the more critical. Pilot training is likely to be an important tool for
mitigating these inadvertent airspace violations. In fact, significant efforts have been made by
user groups such as the AOPA, in coordination with the FAA, to increase pilot awareness and
understanding of the airspace restrictions and provide training materials via the Internet to pilots
regarding security-related flight procedures, including training on operating in the Washington
ADIZ airspace. Besides this information and training, additional measures to improve in-flight
situational awareness may help curtail inadvertent airspace violations. Available technologies
may provide GA pilots with improved positional awareness to avoid airspace violations. For
example, global positioning satellite (GPS) moving map displays can provide pilots with precise
navigation capabilities. These systems are now widely available for use in GA aircraft and could
be programmed to include features to raise situational awareness regarding airspace restrictions
and requirements. A more controversial option under consideration is stiffer penalties and
stepped-up enforcement for airspace violations. User groups oppose additional punitive actions
beyond those already available to the FAA and point out that the threat of a shoot-down is already
a strong enough deterrent for pilots to take heed.
Besides the resources and costs associated with monitoring flights, the capability to establish
formidable airspace protections in restricted airspace is a central issue for homeland security. The
effectiveness of airspace protections and interagency coordination in providing homeland security
and defense is at the crux of the policy debate over effective airspace security. This is because
airspace restrictions by themselves are not particularly useful tools unless a coordinated response
to protect critical assets within those protected areas are effective. Merely relying on enforcement
tools is not likely to be of significant benefit because terrorists are likely to care little that they are
violating airspace restrictions in carrying out an attack.
The North American Aerospace Defense Command’s (NORAD’s) Operation Noble Eagle is
charged with the task of interdicting aircraft believed to pose a national security risk. Since
September 11, 2001, fighter jets have scrambled to respond to almost 2,000 domestic air security 105
events. While these incidents include escorts of international passenger airliners where
passengers’ names matched information in terrorist databases, the large majority of these

105 First Air Force. Operation Noble Eagle: Defending America’s Skies. Tyndall Air Force Base, FL.





interdictions involved intercepts of small GA aircraft that strayed into restricted or prohibited
airspace. In the environment of heightened security since the 9/11 attacks, the FAA, NORAD, and
aviation user groups such as the AOPA and the NBAA have made extensive efforts to heighten
pilots’ awareness regarding airspace restrictions and proper procedures to follow if intercepted by
DHS, law enforcement, or military aircraft.
Despite these intensified efforts to protect major metropolitan areas and critical sites from aerial
attacks, it has been reported that military officials have concluded that stopping a 9/11-style 106
attack would be difficult unless fighter jets were already airborne. Maintaining a constant
airborne defense presence, however, would be extremely costly and resource intensive. Ground-
to-air missiles have been deployed around Washington, DC, but are largely seen as a measure of
last resort for protecting a limited number of key locations against an aerial attack, whether that 107
attack may involve GA aircraft or commercial airliners.
Because of the continuing challenges in providing effective national airspace defenses, the
adequacy of airspace protection initiatives will likely depend on close cooperation and
coordination between the FAA, the DHS, and the DoD as well as effective command and control
within each of these organizations. Presently, event response is coordinated through the FAA’s
Domestic Events Network (DEN), a continuously operated unclassified network for sharing
critical incident information regarding aircraft deviations and violations of security restricted
airspace, and the TSA’s Transportation Security Operations Center (TSOC), the central hub for
exchanging information regarding aviation threats located in Herndon, VA. The function of these
facilities is to provide a shared situational awareness of aviation threats including, but not limited
to, threats posed by GA aircraft. Besides the TSA, NORAD, and the FAA, other key agencies
involved in airspace surveillance and protection include the Coast Guard and Customs and Border
Protection (CBP), which provide air interdiction and situation response within the DHS, as well 108
as the Federal Bureau of Investigation (FBI). These agencies also coordinate with federal, state,
and local law enforcement to integrate threat response.
Coordinated threat response was observed in the May 11, 2005 event where an errant small
private airplane penetrated deep into the FRZ around Washington, DC. The coordinated response
to this threat included deployment of fighter jets, helicopters from the United States Coast Guard,
and federal and state law enforcement assets to interdict and intercept the aircraft. While the
response to this perceived threat was by most accounts well coordinated, concerns have been
raised that response to a more formidable threat, such as a faster moving aircraft attempting to
evade airspace protections and defenses may be much more difficult to interdict and may require
a carefully orchestrated response involving close coordination between responsible agencies.
While these agencies continue to assess and refine their monitoring and response capabilities,
Congress may continue to conduct oversight of interagency coordination to ascertain whether
there is an adequate level of preparedness to deal with airborne threats, including threats posed by
GA aircraft, and assess whether steps taken to protect critical assets from aerial attacks do not
unduly burden GA operators or compromise flight safety. While the focus to date has been
airspace protection in and around Washington, DC, Congress may also examine whether the
capability and coordination between federal, state, and local agencies to monitor and protect

106 Associated Press. “Intercept Tests Show U.S. Air Vulnerability.” January 15, 2004.
107 Statement by Honorable Paul McHale, Assistant Secretary of Defense for Homeland Defense before the Committee
on Government Reform, United States House of Representatives, July 21, 2005.
108 Ibid.





airspace in other areas of the country is adequate and appropriately balances homeland security
needs with air commerce and aviation safety concerns.


GA security was a topic of considerable legislative interest during the 109th Congress. Based on a
Senate-passed amendment introduced by Senator Clinton (S.Amdt. 1106 to H.R. 2360),
conference report language in the FY2006 DHS Appropriations Act (P.L. 109-90) required the
DHS, in coordination with the Department of Transportation, to “...study the vulnerability posed
to high-risk areas and facilities from general aviation aircraft that could be stolen or used as a
weapon against those areas.” Areas to be considered in the assessment included critical
transportation infrastructure, nuclear facilities, military bases, and highly populated areas with
similarly situated critical infrastructure. The analysis was required to identify vulnerabilities at
GA airports, the sufficiency of existing security measures, and any additional security measures
that could be implemented.
Additional legislation introduced in the House sought site-specific measures to improve security
at GA airports. The Strengthen Aviation Security Act (H.R. 2649), introduced by Representative
Markey on May 26, 2005, would have required airport operators to develop site-specific
vulnerability assessments for each GA airport and develop a plan for addressing vulnerabilities
identified within one year of enactment. H.R. 2649 would also have required background checks
and terrorist database screening for individuals with access to general aviation aircraft. The bill
would have also required all GA aircraft to be secured by visible immobilizing devices such as
prop locks while parked at GA airports.
In addition to these measures, H.R. 2649 called for establishing no-fly zones during periods of
high terrorist threat levels and any other applicable times identified by the DHS around all
sensitive nuclear facilities, chemical facilities where a release of hazardous materials could
endanger one million or more lives, and any other facilities designated by the Secretary of
Homeland Security.
Also during the 109th Congress, Representative Sweeney introduced the General Aviation
Security Act of 2005 (H.R. 3397). This bill would have required all operators of public and
private-use airports in the United States to register with the DHS and undergo a registration
renewal process every three years. The proposed registration process was to include a security
plan documenting site-specific security procedures consistent with the TSA’s most recent security
guidelines for GA airports. In developing security plans, operators would have been required to
provide a written description of how the airport has addressed each recommendation or justify
why a particular recommendation was not adopted. The legislation called for using self-
assessment tools (such as the GA VISAT) to identify airport characteristics for security purposes
in the development of airport-specific security plans. In addition to providing security plans to the
DHS as part of the registration process, airports would have also been required to submit their
security plans to local law enforcement agencies having jurisdiction over the airport.





H.R. 3397 also would have mandated that all public-use airports:
• Ensure that all aircraft crews verify the identity of all aircraft passengers;
• Maintain logs of all transient aircraft for a minimum of five years;
• Make a list of emergency telephone contacts available to all airport personnel;
• Restrict the access of unlicensed individuals and student pilots to aircraft keys;
• Require aircraft renters to present government-issued identification in addition to
their pilot’s license;
• Post applicable security warning signs and advisories where appropriate;
• Provide emergency responders with confidential emergency locator maps of the
airport identifying items such as runways, ramp areas, fence lines, and gates; and
• Familiarize local law enforcement with the airport and consult with them in
developing security procedures.
Additionally, at all GA airports—both public-and private-use—all aircraft would have been
required to be double-locked with one external lock and one lock inside the aircraft. Also, at all
GA airports, hangars would have been required to be locked when not in use and adequate
fencing would have been required for secure areas.
Besides these more comprehensive measures addressing GA security, concerns over airspace
violations that complicate the task of protecting critical assets from aerial attack prompted the th
introduction of legislation in the 109 Congress calling for stiffer fines for airspace violators and
mandatory pilot training on airspace restrictions. In response to concerns over frequent violations
of restricted airspace near Washington, DC, Representative Blunt introduced the Capitol Airspace
Enforcement Act (H.R. 3465). The bill called for civil penalties ranging from $10,000 up to
$100,000 for violations of the 15-mile radius Flight Restricted Zone (FRZ) around Washington,
DC, and fines of up to $5,000 for violations of security protocols while operating in the larger Air
Defense Identification Zone (ADIZ). The measure also included a requirement for mandatory
pilot training regarding the airspace restrictions and proper operating procedures and compliance
with airspace restrictions. While this legislation was not passed, the FAA issued a proposal to
require special security procedures awareness training for all pilots operating aircraft under visual 109
flight rules within 100 nautical miles of Washington, DC. This proposal, however, has been
criticized by the AOPA which believes that a 100-mile radius is too large and thus would
unnecessarily mandate additional training for many pilots that never operate in or near the
Washington, DC ADIZ. The FAA has developed a Washington, DC ADIZ training module for GA
pilots; however this training is currently optional. Nationwide, in the five-year period following
the 9/11 Attacks, the FAA has documented more than 6,500 violations of security restricted
airspace, with almost 50% of these occurring in the airspace around Washington, DC. Airspace
security procedures training for pilots is seen as an important step toward curtailing inadvertent
violations. However, these statistics suggest that, while the greatest need appears to be for
training regarding the Washington, DC airspace, increased training and awareness of airspace
restrictions in other part of the country may also be needed.

109 Department of Transportation, Federal Aviation Administration, “Special Awareness Training for the Washington,
DC Metropolitan Area, Federal Register, 719128), pp. 38118-38125.





While GA advocacy groups, like the AOPA and the NBAA, support education and training for
pilots flying in and near restricted airspace and have taken considerable steps on their own
initiative to provide educational materials regarding the airspace restrictions, they strongly oppose
stricter penalties and believe that administrative actions and fines already available to the FAA
along with the potential threat of a shoot down already serve as sufficient deterrents for 110th
inadvertent airspace violations. During the 109 Congress, these groups have voiced significant
concerns over the impact of airspace restrictions and homeland security regulations on air
commerce and the freedom of movement by air. These groups have also opposed comprehensive
legislative measures, such as H.R. 3397, that sought to mandate broad security requirements over
the wide range of GA airports and operations cautioning that imposing such mandates “...would
be ridiculously expensive, is unnecessary, and ignores the guiding principle of making 111
investments in security based on risk.” In response to this criticism, attempting to tailor
homeland security policy to fit the risk posed by widely varied GA operations, allocating budgets
and resources to address security priorities, and addressing concerns about potentially impeding
air commerce or compromising aviation safety are likely to remain ongoing challenges for the
Congress. Given recent indications of continued congressional interest in GA security issues, the thth
various legislative proposals offered during the 109 Congress may be revisited during the 110
Congress.


Several Members of Congress have expressed continued interest in the security of general
aviation operations. At a January 17, 2007 hearing held by Senate Committee on Commerce,
Science, and Transportation, Senator Rockefeller raised security concerns over small general
aviation aircraft, and urged the TSA to increase staffing and resources devoted to GA security.
TSA Administrator, Kip Hawley, responded that a more robust plan for enhancing GA security is 112
forthcoming, however the TSA has not yet proposed any specific regulatory changes related to
GA operations. In the interim, GA industry observers anticipate that increased random inspections
of GA aircraft, particularly on GA ramps at larger commercial airports, are likely to increase in
the near term. Further congressional oversight of GA security efforts and the introduction of th
related legislation is anticipated during the 110 Congress.
The Implementing the 9/11 Commission Recommendations Act (P.L. 110-53) includes a specific
section (Sec. 1617) on requires the TSA to develop and implement a standardized threat and
vulnerability assessment program for general aviation airports, and implement that program at
selected GA airports based on risk. Also, the act requires the TSA to complete a feasibility study
to assess the concept of providing grants to GA airport operators for security enhancements. If
deemed feasible, the bill authorizes the implementation of such a grant program. The act also
includes a specific mandate requiring GA aircraft operators to submit passenger information and
advance flight notification to U.S. Customs and Border Protection (CBP) before entering United

110 Spencer S. Hsu. “Bill Targets Errant Pilots. The Washington Post, August 22, 2005, p. B1.
111 Aircraft Owners and Pilots Association. Congressional Bill Threatens GA With Expensive Security Mandates.
Frederick, MD (July 22, 2005).
112 Jonathan Marino, “Lawmakers Call on TSA to Step Up Inspections of Private Planes, Government Executive Daily
Briefing, January 17, 2007. Washington, DC: National Journal Group, Inc.





States airspace for vetting against appropriate databases. As previously noted, CBP has issued
proposed rulemaking to carry out this mandate, but the CBP proposal is controversial because it
appears to limit transmittal of the required flight information only be electronic means which may
cause difficulties for flights operating out of remote locations that do not have easy access to the
Internet.
Bart Elias
Specialist in Aviation Policy
belias@crs.loc.gov, 7-7771