A Repair Station Security Refresher

Oct. 15, 2018
Know the regulations; the FAA may suspend or revoke the certificate of a repair station or maintenance technician that fails to correct security deficiencies or is deemed an immediate security risk

In 2014, more than a decade after receiving Congressional direction through the 2003 FAA reauthorization bill, the Transportation Security Administration (TSA) issued security rules for repair stations.

TSA had initially ignored the mandate, focusing its limited resources on other, more significant threats (ARSA called Congress’ directive “a solution in search of a problem”). Unfortunately, Congress doubled down by halting FAA foreign repair station certifications until the rules were issued.

In August, a Horizon Air employee at Seattle-Tacoma International (Sea-Tac) Airport stole a Q400 turboprop and eventually crashed it into a Puget Sound island. Considering the relevant facts, it appears little could have been done to prevent the unauthorized flight. As a result, the industry seems to have evaded the usual rush to rulemaking or legislative action that follows such outlier events.

What we can do instead is use the event over Washington State as a reminder to understand and comply with the security rules that are in place. After meeting the minimum standards, repair facilities should adopt commonsense measures that go above and beyond the basic legal requirements to protect employees, customer property, and the public.

TSA took a relatively measured and reasonable approach. It focused oversight on the point of greatest perceived risk – where maintenance personnel have access to flyable aircraft on or near an airport. However, if you have a part 145 certificate, no matter what your company does or where you do it (unless you’re located on a U.S. or foreign government military base), Title 49 of the Code of Federal Regulations (CFR) part 1554 applies to you.

For repair stations not located at airports, compliance is fairly straightforward. The regulations require compliance with TSA Security directives and allowance of unannounced TSA inspections.

However, if a repair station is located on or adjacent to an airport, under 49 CFR § 1554.101, the facility must also:

1. Designate a point of contact (POC) for TSA who is responsible for security compliance and must be available 24 hours a day, seven days a week.

2. Restrict access to, and prevent the unauthorized operation of, large aircraft (more than 12,500 pounds) that are capable of flight.

3. Verify background information for TSA POCs and those having access to the means used to prevent the operation of large, unattended aircraft.

4. Maintain records to demonstrate compliance.

Under 49 CFR § 1542.113, a repair station that is the tenant of an airport must also comply with the airport’s security program. All individuals allowed unescorted access to a Security Identification Display Area (including an employee of a repair station at an airport) are fingerprinted and must pass a background investigation that includes a criminal record check, employment history verification, and TSA Security Threat Assessment check against terrorist, immigration, and law enforcement databases.

Companies that fail to comply face dire consequences. Under 49 CFR part 1554, subpart C, the TSA may direct the FAA to suspend or revoke the certificate of a repair station that fails to correct security deficiencies or is deemed an immediate security risk. (For individuals holding mechanic or repairman certificates, the TSA can also direct FAA suspension or revocation under 14 CFR § 65.14.)

The TSA rules establish a security baseline. Additional risk mitigation practices include alarm systems, video surveillance, employee security training, perimeter locks and fences, local law enforcement engagement, employee badging and security guards. As ARSA tells policymakers all the time, good security is good business and it is inherent in how repair stations operate. But industry must make good on that promise by holding itself to a higher standard than the regulations require. If not, the maintenance industry may find itself burdened by additional onerous regulatory requirements in the future.

ARSA has developed a number of resources to help maintenance providers understand their obligations under the security rules. By visiting arsa.org/security you can access a compliance checklist and an online training program in addition to a review of the association’s engagement with TSA since 2007. Of course, there’s no substitute for reading the rules yourself!

If you have specific issues or questions related to dealing with the TSA, contact ARSA about my representation of repair stations on the TSA’s Aviation Security Advisory Committee (ASAC). ASAC provides advice to the administrator on aviation security and policy matters and provides a venue to help improve the government’s approach to aviation security.

By knowing the rules, exceeding them when necessary and helping make them better, we allow regulators to focus on the areas of greatest risk to the government and allow us to focus on keeping aircraft safely in the air.

Christian A. Klein is the managing member of Obadal, Filler, MacLeod & Klein, P.L.C. overseeing the firm’s policy advocacy practice. He represents trade associations as a registered federal lobbyist and provides strategic communications and legal counsel services to clients. He is executive vice president of the Aeronautical Repair Station Association and was recently appointed to TSA’s Aviation Security Advisory Council.