Federal Reports

Our objective was to determine opportunities for the District to mitigate stamp stock shipment losses.

What We Looked AtThe United States has the largest and most diverse general aviation community in the world. In 2017, the Federal Aviation Administration (FAA) issued a new rule, referred to as BasicMed, which implemented an alternative way for many general aviation pilots to establish medical eligibility without having to undergo the previous medical certification process. As of April 2020, more than 55,000 pilots had been registered for BasicMed. To aid in their oversight of the new BasicMed process, then Chairmen Bill Shuster of the House Committee on Transportation and Infrastructure and Frank A. LoBiondo of the Subcommittee on Aviation requested that we examine FAA's implementation of the new BasicMed requirements. Our audit objectives were to assess FAA’s (1) procedures for implementing new medical requirements for certain small aircraft pilots, including identifying challenges to its implementation, and (2) plans for measuring the impact of the new BasicMed process on aviation safety. What We FoundFAA issued the BasicMed rule in compliance with the Act on January 11, 2017, and provided guidance and conducted outreach to stakeholders to implement the program. Under BasicMed, pilots can fly an aircraft the moment they complete the online medical course and submit other required information. However, FAA lacks an effective process to confirm pilots meet all eligibility requirements, such as whether they have a valid U.S. driver’s license. FAA also does not have a process to verify that pilots’ medical examinations are being performed by State-licensed physicians as required. In addition, FAA’s plan to measure the safety impact of the program is limited by a lack of available data. According to FAA, it may take several more years until there is sufficient data to identify trends and evaluate the rule’s safety impacts, due in part to the lengthy process for accident investigations. Our RecommendationsFAA concurred with our two recommendations to improve FAA’s process for verifying pilot’s eligibility for the BasicMed program and measuring the program’s impact on aviation safety.

What We Looked AtFAA oversees the safety of civil aviation through a complex network of information systems at air traffic control facilities. Cyber-based threats are rapidly evolving and may put air traffic control systems at risk for compromise. The FAA Extension, Safety, and Security Act of 2016 directs FAA to develop a comprehensive, strategic framework to reduce cybersecurity risks to civil aviation. Part of FAA’s efforts to implement this framework involves coordination and collaboration on aviation cybersecurity with the Departments of Homeland Security (DHS) and Defense (DOD) through the Aviation Cyber Initiative (ACI). The former Chairman of the House Committee on Transportation and Infrastructure requested that we examine FAA’s roles, responsibilities, and actions as an ACI member. Specifically, we assessed ACI’s progress in achieving its mission. What We FoundFor 3 years, FAA and its ACI partners have been providing regular updates to Federal agencies on their work, and are collaborating with Federal and aviation industry cybersecurity stakeholders. In May 2019, the Secretaries of DHS, DOD, and the Department of Transportation (DOT) finalized the approval of a charter that outlines ACI’s objectives. As DOT’s representative, FAA is an ACI co-chair with DHS and DOD. The co-chairs report to an Executive Committee of senior Agency executives. At the first ACI Executive Committee meeting in May 2019, 10 priorities were set for 2019 and 2020. ACI has implemented three of these priorities and they are on-going. ACI has also initiated work on the remaining seven. However, ACI has not developed mechanisms to monitor and evaluate results for meeting milestones and timetables for its priorities. ACI lacks an integrated budget and dedicated resources. As a result, FAA and its ACI partners face challenges in achieving its priorities; these challenges could inhibit FAA’s ability to develop a comprehensive and strategic framework for cybersecurity. RecommendationsTo enhance FAA’s progress in achieving ACI’s mission, we made one recommendation. FAA concurred with our recommendation.