By Tarique Ghaffur, Chairman of CSD Global Ltd
INTRODUCTION
No one can seriously dispute that there have been big changes in aviation since 2001. Yet the global aviation system is now even more complex and vulnerable and will continue to be a compelling target for current and future terrorists, as illustrated by the terrorist attack on Northwest Airlines Flight 253, 20 minutes away from landing at Detroit Metropolitan Airport on the 25th December 2009. Information regarding the incident and the surrounding circumstances has been slowly emerging in the days since the incident, but it all points to the fact that airport security and intelligence played no role in thwarting the plot. Furthermore, there appear to have been systemic failures, as well as piecemeal reactions, on the part of the authorities accounting for why they were not involved. Internationally, the reaction seems to be a call to implement more scanners, particularly the controversial whole body scanners. Unfortunately, to many observers the incident also serves to highlight the need for a significantly new approach to airline security.
In this article, I intend to consider the incident and the official reaction, before examining the key aviation security issues that the incident raises, such as intelligence, passenger profiling, the effectiveness of current screening, the under-trained, under-paid and under-valued security staff and the fragile security infrastructure. I will then outline a way of working towards an innovative solution for aviation security, based around the concept of security master planning.
THE INCIDENT
On 16th December 2009, Umar Farouk Abdulmutallab purchased a ticket with cash from the KLM airport office in Accra, Ghana for a flight to Detroit via Amsterdam. According to Harold Demuren, the head of Nigeria's Civil Aviation Authority, Abdulmutallab passed through routine screening and check-in processes at Lagos Airport on the 24th December, where his passport and multiple-entry U.S. visa were scanned, and the APIS [Advanced Passenger Information System] returned with no objection. He apparently did not check in any baggage but was spotted with a shoulder bag. Abdulmutallab then passed through a walk-through metal detector and baggage X-ray screening machine, before undergoing secondary screening as he proceeded to the boarding gate. As recently as November 2009, Nigeria had passed an audit by the International Civil Aviation Organization (ICAO) and another by the America Transportation Security Audit (ATSA).
On the 25TH December 2009, Abdulmutallab passed through security at Schiphol airport in Amsterdam, which apparently included a metal detector and luggage screening, before boarding the Northwest Airlines flight to Detroit. As the plane was undertaking its descent into Detroit Airport, Abdulmutallab allegedly tried to detonate an explosive device under a blanket, but the detonator failed and he was subsequently overpowered by passengers. The Airbus A330 jet, with 278 passengers and 11 crew members aboard, was able to land safely.
Initial investigations have revealed that Abdulmutallab had a 15-centimetre packet of powder, believed to be PETN (pentaerythritol tetranitrate) and a syringe containing a liquid, sewn into his underwear. Coincidently, PETN was one of the explosives carried by "shoe bomber," Richard Reid, in his failed attempt to blow up a U.S. passenger jet just before Christmas in 2001, months after the September 11 attacks. Abdulmutallab has subsequently been charged with attempting to blow up the plane.
Evidence is now emerging of Abdulmutallab’s ties to al-Qaeda through his contacts in Yemen, where he has been living recently. On October 29, 2009, Al-Qaida's network in Yemen (AQIY) released the 11th edition of their official magazine Sada al-Malahim, which included an article written by the top commander of AQIY, Abu Basir al-Wahishi, titled "War is a Trick." In the article, al-Wahishi urged would-be Al-Qaida members to target "airports in the western crusade countries that participated in the war against Muslims; or on their planes, or in their residential complexes or their subways." Al-Qaeda in the Arabian Peninsula (AQAP) have subsequently said that the plot was intended to avenge US attacks on militants in Yemen, which according to the Washington-based IntelCenter, would make this the first time the group had stuck outside the Saudi-Yemen area. Abdulmutallab has reportedly told FBI investigators that al-Qaeda operatives in Yemen had supplied him with the bomb and that there are many others just like him in Yemen who will strike soon. Consequently, Yemen is emerging as a country that is increasingly strategically important in the struggle against al-Qaeda.
OFFICIAL REACTION TO THE INCIDENT
The official response to this failed attack was robust, as we would expect. President Obama pledged that his administration "will not rest" until all those behind an alleged plot to bomb a US plane are brought to justice and has ordered two reviews (i) into US terrorism databases and (ii) into air travel screening. At the same time, he said his administration had already taken steps to improve security, including extra air marshals and enhanced screening at airports. Homeland Security Secretary, Janet Napolitano, initially praised the nation's aviation-security system, stating, "he was stopped before any damage could be done. I think the important thing to recognize here is that once this incident occurred, everything happened that should have." The following day, she backtracked, admitting the system "did not work in this instance."
The response from the US Transportation Security Administration (TSA) was similarly robust around the immediate tightening of security, yet predictable in its extent. All of the new security measures were directed towards flights heading to the U.S. from other countries; security checkpoint requirements for passengers departing from U.S. airports remained the same. Some of the measures included more pre-flight screening, with passengers subject to "pat-down" searches before boarding, no in-flight entertainment systems on international flights, passengers remaining seated during the final hour of a flight, no access to hand luggage, no eating, drinking, or using electronic devices and a ban on leaving possessions or blankets on laps during this hour. Despite the early prescriptive nature of the measures, the US TSA has eased some of the more stringent restrictions, giving air captains greater discretion around in-flight measures.
Aviation history is littered with terrorist attacks against airports, as well as the hijacking and destruction of airplanes. Terrorist attacks have occurred repeatedly against airports, including Munich (1970), Tel Aviv (1972), Rome (1973 and 1985), Vienna (1985), Athens (1985), Seoul (1985), Reus, Spain (1996), Srinagar, India (2001), Colombo, Sri Lanka (2001), Madrid (2007) and Glasgow (2007). Hijacking of planes has also been extensive, including Rome (1973), Entebbe (1976), Beirut (1985), Egypt (1985), Algeria (1994), India (1999) and Istanbul (2001).
And most tragic of all, there have been tragic losses of life when aircraft have been downed by terrorist attacks, including against airlines such as Cubana (1976), Air India (1985), Korean Airlines (1987), Pan Am, Lockerbie (1988), UTA, Niger (1989) and the United and American Airlines (2001). There are also a number of plots to attack the aviation sector that have been detected, including Al-Qaeda plots in 1995 to blow up US airliners over the Pacific, Richard Reid’s attempt to blow up a Paris-Miami flight using explosives hidden in his shoes in 2001 and the series of planned attacks on transatlantic flights using liquid bombs disguised as soft drinks, foiled by British police in 2006.
Successful and failed terror attacks targeting airplanes have already led to significant changes to the way people fly. For instance, after the September 11 attacks in 2001, pilots began locking the cockpit door behind them to prevent hijackers from accessing the flight controls. In the wake of Richard Reid's failed attempt in 2001 to detonate explosives in his shoes, passengers now have to routinely submit their footwear for inspection prior to boarding a plane. And after authorities uncovered a plot in 2006 to blow up airliners with explosives in liquid containers, new regulations were imposed limiting the amount of fluid each traveller could bring aboard a flight.
Such new safety procedures have a tendency to become permanent, irrespective of the real risk over time. It is also clear that the dynamic that drives changes to aviation security generally tends to be official reactions to terrorist adaptations. The net result is a continuous process of ‘ratcheting’ up the level of intrusive security measures and increasing costs. It is possible that in the long term, terrorists will react to improvements in airport security simply by switching to other targets that are comparably attractive such as mass transit systems, university campuses, and other areas where large numbers of people gather in places that are harder to secure than airports and planes. However, for the foreseeable future, the aviation sector will remain a favoured target of terrorist groups, because it provides iconic targets that are consistently crowded places, enabling indiscriminate attacks to inflict mass fatalities and casualties and cause massive disruption. Ultimately, the reason terrorists attack airports and aircraft is because they can. And aviation security does not help itself by repeatedly and very publicly demonstrating its failings.
INTELLIGENCE ISSUES
In an intelligence note issued on the 20th November 2009 and obtained by The Associated Press, the FBI and the Homeland Security Department stated that they had no specific information about attack plans by al Qaeda or other terrorist groups covering the period from Thanksgiving (26th November) through to 1st January 2010. However, it is now emerging in unconfirmed reports that the US was aware that "a Nigerian" in Yemen was being prepared for a terrorist attack only weeks before an attempted bombing on a US plane. President Obama has expressed his concerns about the systemic intelligence and security failures that allowed a known Nigerian extremist with connections to Yemen to detonate explosives on a US-bound plane. There clearly appears to be some critical issues emerging around the intelligence infrastructure in place.
In May 2009, despite having studied previously in the UK at University College, London, Abdulmutallab was refused a British visa and placed on a security list, after he applied to study at what turned out to be a bogus college. This meant that he could not come into the UK, but was permitted to pass through the country in transit and was not permanently banned. However, this intelligence would almost certainly have been communicated to the US authorities.
It is also emerging that Abdulmutallab’s father, former First Bank of Nigeria Plc Chairman, Alhaji Umar Mutallab, had reported his concerns about his son to the U.S. authorities in Lagos, Nigeria. In particular, he had informed the Embassy about how his son had embraced radical Islamic extremism, distanced himself from his family and then disowned them, and was prepared to forgo his Nigerian nationality for that of Yemen. Abdulmutallab's father is also reported to have had informed embassy officials about a letter from his son in which he had spoken of "sacrificing himself."
In November 2009, Abdulmutallab was subsequently placed on a list of people with suspected terrorist connections, known as the Terrorist Identities Datamart Environment, or TIDE. The existing system was established by the Intelligence Reform Act of 2004 and was designed to close gaps in intelligence-sharing that allowed a number of the Sept. 11, 2001, hijackers to enter the United States, although the CIA had identified them overseas as terrorism suspects. According to testimony before a Senate committee in early December by Timothy J. Healy, Director of the FBI's Terrorist Screening Center, the consolidated watch list maintained by the FBI currently consists of about 400,000 names. There is also a "selectee" watch-list, containing around 18,000 individuals who must undergo additional security screening before being permitted to board an aircraft. Finally, there are around 3,400 people who have been placed on the no-fly list, leaving about 396,600 individuals with suspected links to terrorism being permitted to fly.
Maintaining a global terrorist watch list is obviously a highly complex task. In the first place, there are literally thousands of suspected terrorism reports coming in each day. The challenges include assembling lists of potential suspects, checking correct spelling of foreign names, with all the variants arising from translation, distributing the information globally, keeping the lists up to date and training agents to operate the system. The inevitable complexity of the watch list process almost certainly guarantees significant delays, errors and flaws, as were identified by a Justice Department audit last spring. The T.S.A. is also reported to be years behind schedule on a plan to take over the process of matching passenger names with the terror watch list, one of the most important recommendations of the Sept. 11 Commission. Historically airlines did the matching, and the Commission complained that they were not as diligent as the government and did not have instant access to the government’s most up-to-date watch lists. So far only 18 of the 80 commercial carriers have switched to a government-run new system; 27 others are still testing it. Whatever the issues with the watch list, the net result was that Abdulmutallab was not on the no-fly list and was therefore able to board without any apparent difficulties.
PASSENGER PROFILING
Given that Abdulmutallab was allowed to fly, this leads on to the controversial issue of passenger profiling. Trans-Atlantic flights to the US are apparently obliged to profile passengers but in many cases passengers receive only a cursory glance rather than a thorough examination of their appearance. Consequently, Abdulmutallab should have been profiled on the way through Schipol airport at Amsterdam, but security officials clearly failed to single him out for further checks. The real problem lies in authorities pursuing a policy of over-reliance on electronically screen everybody in exactly the same way, using technologies that are not necessarily fit for purpose. The Abdulmutallab case clearly identifies the need for serious consideration to be given to the implementation of more sophisticated passenger profiling undertaken by well-trained practitioners.
The Case against profiling is largely based around the view that passenger profiling does not prevent terrorism, can amount to an ethnic witch hunt and may violate passengers' privacy rights. Some analysts even suggest that profiling can be easily circumvented and that increased investment in airport technology is the most effective method.
Clearly, a terrorist operative could be well trained in counter- profiling behaviour. However, the evidence from both the successful and the foiled terrorist attempts, suggests that technology is also susceptible to both technical and human error as well as capable of being circumvented. Unfortunately, there is a significant reluctance to implement international profiling standards that would screen different passengers in different ways, for fear of being branded politically incorrect.
Profiling is basically about conducting risk assessment of an individual or a situation, and can actually operate on several levels, ranging from the coincidence of a number of travel factors to behaviour pattern recognition. Experts now say a more sophisticated system of profiling is required in order to cope with the increased threat. Passengers should therefore be profiled from the moment a ticket is purchased and continue through to their arrival at an airport, up to and including the flight, with the focus on behaviour, allied to checks on their documentation, background and travel patterns. Significant travel pattern factors would include single travellers, purchasing last minute one way tickets for cash, with little or no luggage, presenting a requirement to investigate further. The fact that Abdulmutallab had bought his ticket in cash in Ghana, a country different to that of his port of embarkation, boarded in Nigeria with no hold luggage for a two week trip to America over Christmas and about whom some agencies, and his father, had security concerns, should in itself have set some alarm bells ringing.
Once in the airport, then profiling would shift to some form of sophisticated behaviour pattern analysis. It is generally difficult to profile terrorists, particularly around race. For instance, 10% of the Muslims living in the UK are white. Therefore this should be a race-neutral profiling technique in which screeners look for how people act, rather than the shade of their skin. Passenger profiling that focuses solely on race, gender or age is "not smart security" and in fact, profilers are generally prohibited from relying on race or other discriminatory factors to identify potential terrorists. It is therefore absolutely essential that passenger profiling has robust oversight to make sure that profiling remained fair.
Passenger profiling is not meant to be a substitute for screening, but rather a composite element of the wider aviation security process, which is about preventing perpetrators of all criminal acts, such as unruly passengers, criminals and terrorists, from boarding aircraft. The key advantage of profiling is that it responds to future threats as well as to those of the past and enables us to then select the right technology to screen passengers with. The use of technologies and profiling techniques in an ethical way would be a great way to move beyond the well-debated conflict between liberty and security. However, they are not mutually exclusive and should be seen as complementary, if they form part of an integrated security plan.
EFFECTIVENESS OF CURRENT SCREENING
The failed Detroit terrorist attack has raised further extensive debate around the effectiveness of the current screening technology, particularly in relation to the earlier assassination attempt in August 2009 against the Saudi Prince Mohammed bin Nayef, the chief of anti terrorism operations in Saudi Arabia. Under the pretext of participating in Saudi Arabia’s amnesty programme for Islamist militants who pledged to give up violence, suicide bomber Abdullah Hasan Tali al-Asiri offered to give himself up directly to the Saudi Prince. With a package of PETN explosives concealed in his underpants, al-Asiri was able to pass through various security screening checkpoints undetected and get close to the Saudi prince, before the chemical device was detonated on receipt of a mobile phone signal. The method of concealment, the use of PETN and the origin of the bomb (i.e. Yemen), suggest that the Prince Nayef assassination attempt and the Detroit plot have some obvious similarities.
Following on from Saudi incident, the Detroit terrorist attack initially appeared to be the first known case when PETN explosives have been moulded into the body shape and sewn into underwear, in an attempt to circumvent the available screening devices at airports. PETN is widely used by the military and commercial mining outfits and was commonly used in terrorist plots in the 1970s and 1980s. As a result it was among the first detectable explosives when tests were developed and can be easily detected with today's airport swabbing technology, but it usually requires that a passenger or their luggage be singled out for screening. This method is used at major airports, including Schiphol, but according to investigators, Abdulmutallab was not screened for explosives in Amsterdam.
However, it has also emerged that a Somali man had tried to board a commercial flight from the Somali capital, Mogadishu, in November 2009, carrying powdered chemicals, liquid and a syringe, possibly similar to those used by Mr Abdulmutallab. The Daallo Airlines plane was due to fly to the northern Somali city of Hargeisa, then to Djibouti and Dubai. It is an interesting consideration as to how an individual was intercepted in one of the most difficult and least equipped airports in the world, whilst Abdulmutallab passed through a range of security checks at major airports.
The other most common methods of screening across most airports are X-Ray machines for items such as hand luggage and general baggage and a mixture of physical searches and metal detectors for detecting metal items on people, such as firearms. Body searches are generally used to reinforce metal detector screening and do not generally cover the private areas, where people such as Abdulmutallab would hide the explosives. Terminal 5 at Heathrow has new 'advanced threat identification Xray' machines, that scan bags from four angles and this is apparently the world's first deployment of a checkpoint X-ray that can automatically detect explosives and liquids in carry-on bags. However, none of these methods would have identified the PNET concealed on Abdulmutallab.
Some of the newer and more advanced technology has hit a range of challenges. For instance, "puffer machines" which blew air onto passengers to dislodge trace amounts of explosives, were abandoned by the US TSA in May 2009. The machines were considered to be very expensive and the highly sensitive equipment regularly broke down when exposed to normal dust or humidity found in airports. They also were also not as effective as expected in finding bombs.
Many European airports are currently trialling scanners capable of detecting liquid explosives, which may eventually remove the need for restrictions. Scientists now say that they have developed a quick technique using nuclear magnetic spectroscopy to identify either liquids that could be mixed to form an explosive, or that are already mixed. However, at the present time, these options are either too expensive or require too much time for the practical screening of thousands of pieces of luggage.
The most controversial new screening device uses the whole-body imaging technology, also known as Millimetre Wave (MMW) technology. The machines look like small booths and use radio frequencies to scan underneath clothing and produce a 3D image of the individual's body. While the scanner does not produce an image of the naked body, it can show the body's contours with embarrassing clarity, resulting in widespread privacy concerns that it is too intrusive. Because of these privacy concerns, the US House voted 310-118 in June 2009 to prohibit the use of whole-body imaging for primary screening; the measure, still pending in the Senate, would consequently limit the use of the devices to secondary screening. However, in the aftermath of the Detroit incident, there is strong pressure to internationally roll out these devices, despite the previous objections.
At the present time 20 U.S. airports, including JFK in New York City and LAX in Los Angeles, have around 40 MMW scanners in place. However, this needs to be viewed in the context of the 2,200 checkpoint lanes nationwide. Other countries have also begun using or evaluating MMW for airport screening, including the UK, Netherlands, Japan and Thailand. Amsterdam's airport has been running a test project with full-body scanners for three years, mainly for a few European flights. One machine being tested there over the last few weeks, made by L-3, is designed to enhance passengers' privacy by having software, rather than a human, analyse the image generated by the scanner. If the software detects an anomaly, it then alerts a human screener to look at the person.
The whole-body imaging machines are considered to be effective in identifying prohibited items, like liquids and C4 for potential explosives, will be detected. But unlike some of the currently employed screening machines, which can identify banned chemicals directly, MMW scanners are only "anomaly detectors." They can see through clothing to reveal metallic and non-metallic objects or other suspicious items on a passenger's body, but they cannot identify explosives by their chemical signatures. Another weakness of MMW scanners is that they cannot see inside a person’s body, so a determined terrorist could conceivably hide explosives inside their body cavities. The machines are also relatively expensive, costing around a million US dollars, 20 times more than a standard X-ray machines.
Some experts believe the type of explosive, or at least the packaging, allegedly concealed under Mr Abdulmutallab's clothing would have been detected by the MMW or whole body scanners increasingly being used at major airports. But not everyone has to pass through the machines - particularly if they are in transit from another country as Abdulmutallab was - due to concerns about cost and time delays. Equally, airports are reticent to discuss issues such as the level of false alarms, which could be as high as 40%, or the level of failures by screeners to identify dangerous objects, because of such factors as rapid screener turnover or inadequate attention to human factors. With literally billions of pieces of luggage passing through airports each year, the task of re-screening or hand searching is at the least challenging. It is clear that one of the biggest enemies of security anywhere is routine and the consistent degree of attention required by screeners over time is difficult to maintain. As a consequence, technology can only work well within its own limitations, when used to assist qualified, motivated and well-trained human beings.
UNDER-TRAINED, UNDER-PAID & UNDER-VALUED SECURITY STAFF
Airport security generally, and the immediate response to the failed Detroit bombing in particular, has been about machines and technology, with little or no reference to the critical human component. However, technology can never replace the human being and yet throughout the world, technology remains the principal method of security that we rely on for baggage and carry-on screening in our airports. In many countries governments have left the task of maintaining security to the airport authorities, who are in the business of transportation to make money. As a result, they will usually hire the security firms who mount the lowest bid for the task of maintaining airport security. Unfortunately, the personnel that result from this process are generally poorly trained, poorly paid (often at subsistence levels), and overworked, as well as poorly motivated and incentivised to feel good about themselves or their work. In such circumstances, the risk of a high turnover among screeners in particular is very real, resulting in a chronic shortage of experience. Amazingly, the decision as to whether or not an airport or plane is secure ultimately falls to undertrained, underpaid, undervalued staff. Many experts believe that the central weakness of airport security systems are their failure to invest properly in privatised workforces. Consequently there is a case for greater focus on hiring highly trained security professionals in airports instead of always turning to more expensive technology.
THE FRAGILE SECURITY INFRASTRUCTURE
In the aftermath of the failed Detroit bombing, there have been subsequent incidents that continue to demonstrate the fragility of the aviation security infrastructure. In the first incident, an Italian bomb squad detonated an abandoned package found in the restroom near the check-in area at Milan's Malpensa airport. The device was found to contain a triggering device and a radio receiver attached to it, but did not have any explosives inside. In the second incident, Dutch officials have admitted that a journalist has gained access to protected areas at Amsterdam Schiphol Airport in order to make a report about the failed bombing of Northwest Airlines Flight 253.
Amsterdam Schiphol Airport has seen several serious security breaches over the past few years. In February 2008, a colleague of Dutch television journalist Alberto Stegeman secured work as a baggage handler through a temp agency. Stegeman then used his colleague’s overalls and ID pass to place a fake bomb, together with a digital timer and fake explosive blocks in the luggage hold of a passenger plane bound for Cairo. In December 2008, Stegeman was able to bypass security using a very simply faked KLM worker’s pass, and gain access to the royal plane used by Queen Beatrix, the royal family and ministers without being noticed.
In the last five years, there have been numerous instances of journalists breaching the security of international airports to identify vulnerabilities. In 2004, Sky News filmed a series of security breaches over the course of four weeks. At Heathrow’s Terminal 1, the undercover reporter found an unlocked safe with over 20 keys to various offices, as well as a high visibility vest and a radio used by the cleaning staff in an unlocked office. In Terminal 2, he found a route to reach the tarmac and therefore the planes, via unlocked doors. The reporter also found a British Airways Aviation Security Manual, which included security contingency plans, details of bomb threats and suggested activities in the event of hijacks. Over the four week period the undercover reporter was never stopped and his ID was not checked.
Journalist, Jeffrey Goldberg has been consistently testing airport security at many different airports, including Los Angeles, New York, Miami, Chicago and his home airport, Washington’s Reagan National. He has regularly carried a variety of al-Qaeda T-shirts, Islamic Jihad flags and Hezbollah videotapes, as well pocketknives, box cutters, nail clippers, cigarette lighters, matches, dust masks and lengths of rope through security checkpoints. In dozens of trips, he has only been selected for secondary screening on four occasions. In 2008, he was able to pass through the security of Minneapolis–St. Paul International Airport, using home-made counterfeit boarding passes.
In 2004, an investigation by CBC News found more than 1,000 uniforms and security badges from federal airport screeners had been lost or stolen during the first nine months of that year. Some of the lost items were subsequently discovered on the online auction site, Ebay. This issue raises a number of questions, including how many other security uniforms and airport ID passes, go missing or are stolen each year?
It is clear that apart from being major primary employers, airports also provide extensive employment opportunities for a broad range of secondary contractors and other staff in the supply chain, many of whom require regular access to different parts of the site. As a consequence there could potentially be thousands of people working in some capacity within the airport environment at any time, which in turn raises significant questions around the vetting procedures they have in place to cope with such volumes.
This scale provides an ideal opportunity for potential attackers to undertake the detailed surveillance required for an operation, or bring components into the airport, whilst minimising the risk of detection. As can be seen in the examples outlined above, it is fairly easy to get incorporated into the mass of ‘grey people’ that move unchallenged in the background throughout the airport. Their familiarity with the security people consequently presents a high risk to security.
In 2009, there have been a number of incidents that highlight the cause for concern around aviation security. For instance, in April, a gunman was able to get past security checkpoints and then onto the tarmac and board a CanJet plane at Sangster International Airport in Montego Bay, holding 174 passengers and eight crew hostage. Early in December, a Lufthansa flight en route from Frankfurt to Detroit with about 200 passengers, had to make an emergency landing at Keflavik International Airport in Iceland, after it was found to be carrying luggage whose owner had not boarded the plane. Also in December, a man posing as a maintenance worker managed to board an Air India flight from Medina, Saudi Arabia, and remain undetected until after takeoff. The worrying thing is that these types of security breaches are not isolated incidents.
Government agencies also find it difficult to maintain a consistent approach to aviation security. In what is arguably the number one security breach of 2009, the US TSA accidentally posted a 2008 manual marked "sensitive security information" and containing complete details on its airport screening procedures on the Internet. The TSA manual included details for screening passengers, checking for explosives devices, what size of electrical wire can go undetected by airport screening machines, which items that screeners can decide not to check, including wheelchairs, special rules for handling the CIA, diplomats and law enforcement officials, the technical settings and tolerances used by metal and explosive detectors at airports and the fact that screening procedures may be reduced to 25% of normal levels during busy travel periods.
The report also suggested that individuals from 12 countries - Cuba, Iran, Syria, Afghanistan, Algeria, Iraq, Lebanon, Libya, North Korea, Somalia, Sudan and Yemen - are singled out for special screening, unless they have been specifically cleared. Also this year, it was discovered that eight years after the September 11, 2001 terrorist attacks, the owners and operators of critical infrastructure, including airport shuttle buses, are not allowed to screen their employees against the terrorism watch list.
In the UK, other issues have come to light. Ten members of a suspected Islamist terror cell, said by MI5 to be plotting to blow up a shopping centre and a nightclub in Manchester, had been granted licences to work as security guards by the Security Industry Authority (SIA), a Home Office body that regulates the private security industry permission by the Home Office to work as security guards in Britain, including all the major airports. When arrested, two of the students were working for a cargo firm which had access to secure areas at Manchester airport. Critics say the case highlights serious flaws in the system for vetting overseas applicants for the permits as foreign migrants do not need to have their applications counter-signed by a British referee. Officials have also apparently admitted privately that they do not even attempt to make checks on applicants’ address histories in Pakistan.
Any security chain will only be as strong as its weakest link and there seem to be many of those in the integrated aviation system incorporating all of the airports in the world. It is therefore possible for terrorists to identify the weakest points of entry in to this complex system and then plot routes of the least resistance to get to target destinations. Every mistake creates the kernel of an opportunity that will not be missed by those seeking to exploit it.
WORKING TOWARDS A SOLUTION
The key issue around the threat from terrorist attacks is to keep a sense of perspective, without becoming complacent. While terrorism is not a transcendent threat, global terrorism has demonstrated over the past few years that it is unrealistic to believe that all security efforts will deny every attack every time. The liturgy of failings and deficiencies in airport security clearly demonstrates that airport security systems are porous and that the aviation system cannot be made 100% terrorist-proof, just like we will never get homicide rates down to zero. However, 100% focus and effort on security should be non-negotiable. Air travel has survived decades of terrorism, including attacks on planes in flight. It has survived 9/11 and it will survive the next successful attack. Therefore the most pragmatic approach is to protect airports as far as possible, by minimising safety and security threats, vulnerabilities and risks and where incidents do occur, respond effectively, rapidly and proportionately, to minimise the impact and to deal with the consequences.
The big question is whether or not the current approach to aviation security is ‘fit for purpose’ in the 21st Century? The current ‘reactive’ approach to security does not appear to be good security. It is based on some form of illogical ‘retro thinking,’ whereby we focus on protecting ourselves against the specific tactic of the previous terrorist, hoping that this will ensure our safety from the next terrorist attack. As a consequence, the security agenda is unfortunately being driven by resourcefulness of the terrorist. The security reaction is simply to bolt a series of piecemeal and exclusive security measures and tactics onto an already flawed aviation security system. The cumulative effect is a constantly shifting ‘one-size-fits-all’ security approach that is amorphous, poorly defined, disparate and ineffective, and ultimately creates increasing levels of disruption and inconvenience to the majority of travellers. If we continue down this path, the next attack will merely produce another reactive bolt-on solution.
In order to move forward, there is now an urgent need to re-think our approach to aviation security.
In particular, we need to engage in new thinking that is more holistic and strategic, seeking innovative and integrated safety and security turnkey solutions. For a start, security needs to be treated as a first tier business activity, operating under the supervision of an overarching international body. Just like air traffic control operates to international standards, there is a clear need for international rules, protocols and standards for aviation security. At the same time, there is a need to develop new methodology to enable the massive amounts of global information to be properly risk assessed, prioritised and actioned. The international standards in turn need to migrate seamlessly into national and local oversight, where operational infrastructure should be configured in such a way as to enable security authorities to get things done quickly. This whole approach requires holistic thinking around aviation security, both vertically and horizontally.
As a consequence, this new thinking will require a high level strategic approach that incorporates an overarching security strategy, comprehensive risk management, fully joined-up governance and effective programme support. The strategy needs to be fully integrated into the national security strategy and achieve high levels of international confidence in the security arrangements. Critical to all of this is the development of high level strategic master planning.
There are a number of key considerations in adopting this high level approach. First of all there is a need to recognise that the environment is complex, unpredictable and adaptive and therefore we need to consider the whole environment within the concept of master planning. Secondly, it is important that security and safety are a primary consideration in all aspects of planning and delivery, seeking the right balance between (i) risks, costs and operational requirements, and (ii) independency and interdependency with multi-agency partnerships. Finally, we need to get safety and security right so people feel reassured.
The master planning approach requires the development of comprehensive risk assessment for all of the human assets, physical assets, critical infrastructure assets, financial assets, information/data assets and virtual assets, such as reputation. This process then enables the construction of comprehensive integrated physical, technical and human security footprints, which are subsequently overlaid with an effective integrated command and control structure, supported by comprehensive emergency planning. This approach seeks to minimise risks from the outset and provide effective responses where required, as opposed to continually having to react to situations as they occur.
The intention is to develop the physical and technical security footprints in such a way as to intelligently minimise the size of the human security footprint, which contains the most potential frailties. Then it is important to ensure that there is sufficient capacity and capability within the human security footprint to make a proportionate contribution to the integrated effort. Joining up the three security footprints requires careful integration into the command and control infrastructure. Finally, there is a need to ensure that there is a well established state of emergency preparedness, incorporating emergency planning, exercising and testing, crisis management, business continuity and media management. Each of the security footprints is carefully constructed around all of the identified vulnerabilities and threats that comprise their specific risk component and then integrated into the overall Master Plan, along with an integrated command and control infrastructure and emergency preparedness.
We are now at a critical crossroads for aviation security. The choices are simple: we can carry on as we are; or we can face up to the difficult challenge of rethinking our approach. I believe that by adopting an integrated strategic approach, based on security master planning, we will engage in holistic thinking rather than narrow silo thinking, we will be responsive rather than reactive. Safety is a neutral agenda because everyone wants to feel safe, particularly when they travel by air. We therefore have a collective responsibility to ensure that we do not miss this opportunity right now to make a difference.
(This article has been compiled from open source materials and personal views)
Tarique Ghaffur is the Chairman of Community Safety Development (CSD) Global Ltd, a London-based, internationally focused company offering innovative solutions around master security design and consultation, global investigation, asset protection and security training and development (Visit www.csd-global.com). He retired from the Metropolitan Police in London in November 2008 after 34 years service, reaching the rank of Assistant Commissioner.