Item | Responsibility | Inadequate Control |
Executive Departments and Agencies | ||
1 | Issue security regulations and procedures | DHS regulations and procedures have not identified important vulnerabilities or threats. |
DHS regulations and procedures create new vulnerabilities and threats. | ||
DHS regulations and procedures are only issued after an attack has occurred. | ||
DHS regulations and procedures are rescinded in response to external pressure. | ||
2 | Issue flight guidelines, aviation regulations, and air traffic rules | FAA does not receive necessary policy and regulatory advice from the RTCA and proper administration from the DoT. |
RTCA advice and DoT administration interferes with the FAA’s ability to issue guidelines, regulations, and air traffic rules that promote strong security. | ||
RTCA advice and DoT administration are not provided to the FAA until after an attack has occurred. | ||
RTCA advice and DoT administration are not present during a critical period. | ||
3 | Provide leadership for the development and operation of NGATS | Senior leadership lacks competence or places minimal priority on security issues and therefore does not adequately implement the security strategy. |
Senior leadership intentionally disrupts the security strategy. | ||
Senior leadership does not exercise good judgment or place priority on security issues in the period before an attack. | ||
Senior leadership stops providing competent judgment and making security a priority due to external pressure. |