Access Control

July 8, 2000

Access Control

OIG evaluates airport security

By Jordanna Smida, Associate Editor

July 2000

The Office of the Inspector General (OIG), Department of Transportation, is responsible for conducting independent evaluations of FAA programs at U.S. airports. In its recent series of security audits the OIG discovered improvements were needed in access control with respect to background investigations, employee ID badges, and training.

According to Alexis Stefani, OIG's assistant inspector general for auditing, any airport employee having access to a secured area is required to have a background check for violations of certain crimes.

The 1990 Aviation Security Improvement Act directed FAA to require employment investigations and FBI criminal checks for individuals who would have access to secure airport areas. The Act included a list of 24 disqualifying crimes. In 1992, FAA proposed a required ciminal check for all individuals with unescorted access privelages and to expand the list of disqualifying crimes, explains Stefani. In 1995, FAA expanded the list to 25 to include felony arson.

In her report to Congress, Stefani states that, "Our recent review of the industry's compliance with FAA's background investigation requirements at six U.S. airports found that the requirements were ineffective." The current process for the checks, the OIG discovered, is labor intensive, and at times "impossible."

"It's very paper intensive and you're really not learning that much about the individual from this," she states.

Employee reviews
The OIG reviewed employee files at the six airports it investigated. For 35 percent of the employee files reviewed it found no evidence of a background check. It also discovered employee information was no longer on file or couldn't be verified and nine percent of the active airport IDs were in the possession of employees who were terminated or no longer needed access to secured areas (See chart 1).

In 1992, when the recommendations for background checks were made, processing fingerprints and conducting the criminal check took up to 90 days, Stefani says. "Today, it would be done with an automated print system ... we can get these checks much quicker," she states. "We're recommending that they [airports] go to 100 percent fingerprinting." Though criminal background checks may resolve some of the issues, it may not be enough to deter employees from breaching security.

OIG had also found that employees were very willing to give up their ID badge for money. "Potentially you have a trigger for a credit check. A person may not have a criminal record, but maybe they're just in a financial bind," she states. "You've got to consider them as part of the whole package."

Part of the problem with the the background check is the list of 25 crimes, says Stefani. Much to the OIG's surprise, drugs are not included on the list. "They [crimes on the list] are really based on things such as concepts behind hijacking, terrorism, and espionage," she states. This carries a risk, she says, because the list doesn't consider crimes such as drugs, that can lead to problems. She found that employees are willing to place items on aircraft for money or allow someone else access to the aircraft. A new bill has been sent to Congress that calls for expanding the list of crimes for background checks.

Access Control; Foreign Workers
Until further decisions are made by Congress or FAA regarding access control, Stefani says there are certain things airports can do to ensure access control security.

Many of the airports Stefani assessed relied on tenants to conduct employee certifications and checks. "That's where we saw the biggest breakdown," she states. She found that airports which conducted the certifications themselves had better results.

Another issue many airports face is trying to conduct a background check on immigrants or foreign workers. Though the Immigration and Naturalization Service (INS) has information that may help airports with checks, Stefani says it comes down to two questions, "Is it valuable and should we get it?" Though airports with high numbers of foreigners working would benefit, Stefani says, "We have raised the issue, but we don't have enough to recommend FAA and INS into cooperating at this point in time."

The issue of security becomes everyone's responsibility at the airport, requiring every department to take an active role, Stefani explains. Though the OIG wasn't able to gain access to airports through cargo areas and airport-based businesses as much as they did through terminal entrances, Stefani says everyone needs to take responsibility for security. On the airside, she advises the same, "You've got so many players, it's difficult. The airport is responsible for it and yet it's going to be the air carrier employees that carry it out," Stefani states. Someone needs to be challenging the employees on the tarmac and watching them, she says.

Interactive Training
The training process for new employees is a key element to airport security, Stefani says. At some airports, she found the training to be interactive with sessions incorporating tests, videos, and discussions between employees and trainees. In another case, when Stefani spoke with individuals after a video, she discovered, "English was their second language, so you're not sure how much they understood."

Other airports are successfully using a reward/penalties program where employees are tested for proper procedure and action. One example is a larger airport's "Bogus Bobs" program, where airport management designates certain people to walk around the airport and test employees. If the Bobs are not challenged, the employees are written up, but if they are challenged properly, that employee receives $25. "You have to keep reminding people that security is important," Stefani says.

Improvements show
The OIG's active role in security has prompted the FAA to put more emphasis on its security programs and access control issues, Stefani says.

In the 1999 audit which ended in March(1999), OIG was able to gain access 68 percent of the times it tried. That statistic has improved by half in this year's audit, which ended in March. OIG was only able to gain access 32 percent of the times it attempted. Stefani says, "It shows that we've made a major stride. ...The percentages of the times that we got in compared to what FAA is achieving now shows that if you are out there testing and reminding people of security and how important it is, you can make a difference."

OIG Security ’To Do' List
1. Airport-conducted certifications;
2. Interactive employee training;
3. Establish a reward/incentive program;
4. Conduct security tests with a Bogus Bob or other secret security program;
5. Remind all employees that they are responsible for security.