Spotlight on the TSA

Aug. 26, 2015

“9/11 caught everyone by surprise and Congress had to do something,” says Robert Smallback Jr., managing principal at RCSC-Group Inc. Data Security Division, when discussing the forming of the Transportation Security Administration (TSA). He says that 14 years later, “airline executives will agree a disaster could happen; there are too many variables.”

Smallback’s not the only one in the industry that feels this way. Anthony Roman, founder and CEO of Roman and Associates, a globally based insurance, corporate, fraud, surveillance, and criminal investigation firm, concurs. He says that while TSA’s Recommended Security Guidelines of May 2011 were an “outstanding analysis and recommendations for an ‘ideal’ airport,” no airport like that exists and continuous security breaches are displaying those exact variables Smallback mentioned.

Case in point: Roman mentions a 2013 diamond heist at Brussels Airport as an example of a practical problem with security today. Approximately $50 million in diamonds were stolen after eight gunmen in two cars drove directly onto the airfield in disguised police vehicles. “They used air side roads unchallenged all the way to the terminal air side, pulled right up to the airplane were pilots were unloading passengers, held the pilots at gunpoint and got away unchallenged,” Roman explains. “Every point of airport security failed. Now if that had been an ISIS or Al-Qaeda attack, it would have been remarkably successful.”

Second, a cargo and security check point breach led to the 2014 case at Hartsfield-Jackson Atlanta International Airport in which employees were caught smuggling shotguns, automatic weapons and pistols through the cargo side, then through the security terminal checkpoints, and directly onto passenger aircraft bound for New York City and Chicago. Roman says for over a year the group was successful and the security again, severely broken.

With the recently leaked report of a 96-percent failure rate in finding undercover explosives in 70 tests at eight airports, there’s no question the TSA is up against criticisms and challenges, especially for new Administrator Peter Neffenger. An ex- U.S. Coast Guard, people are hoping he will bring some military-like focus to the organization.

But, as he moves forward, what should airport executives be thinking, doing and saying now?

The good

Brandon Fried is the executive director of the Airforwarders Association (AfA), which represents freight forwarders, those businesses that provide ground and sea transport, but also primarily ship cargo within the the belly space of passenger airlines.

He says as more passengers are opting to skip checked luggage, much additional space is available below for cargo shipments. The Airforwarders Association works regularly with the TSA on regulatory, legislative, environmental and border protection issues. “The TSA is guilty of something else,” Fried says in its favor. “And that’s having a poor public relations effort.”

While the AfA agrees there is a definite need to address security at airports, he also says there have been many positives in the TSA’s risk-based model. By that, Fried says not everyone is looked at the same way and past experience may encourage a certain person to be pulled aside and not another. “I was once told by the TSA that the only normal thing about going through airport security check lines is that you’re going to go through it,” he notes. “They want passengers to be surprised by what they could encounter there.”

What’s working now

Fried and others agree that Pre-Check is a great program and one to focus on, as is Global Entry.

Joel Bacon, executive vice president, Government & Public Affairs, at American Association of Airport Executives (AAAE), says his organization has been very concentrated on the Pre-Check program as well. “We’d like to see more efforts to grow this program, so that they are limiting the size of the haystack where the needle is trying to be found,” he explains. “That’s the piece of this which airport operators have paid attention to and remain interested in.”

The other piece of security Bacon says airport execs watch the most is access control and screening of airport employees. He gives TSA credit for the approach it’s taken in dealing with these issues as of late. First and foremost, Bacon is glad to see the convening of a working group subset of the Aviation Security Advisory Committee (ASAC). Leaders from the airport, airlines, cargo and law enforcement communities are diving deep into the situations and providing recommendations for the TSA and industry to pursue collectively, he explains.

One of these became effective in late July, which is requiring airports to do recurrent background checks on those granted airport badges. The checks are now being required every two years, rather than simply at time of hire. “It’s not easy to undertake, nor is it cheap, but it’s a meaningful step taken as a direct result of the ASAC process and the TSA’s focus on it,” Bacon adds.

He also mentions a program called “Rap Back” that would automatically alert airport management if an employee had a hit on the FBI’s list for a criminal violation.  He says the TSA in addition is devoting more resources to random checks and physical screenings of employees in the secured areas of airports nationwide.

More about the ASAC and TSA collaboration can be found here: https://www.tsa.gov/press/releases/2015/07/14/tsa-update-asac-recommendations

Bacon adds that airports are doing their part to reduce the number of access points badge employees can enter to the secure side of facilities. Some doors are being locked and traffic flowed in a way that increases their expectation of being screened at some point, he notes.

Regardless, Bacon agrees airports take the incoming fire when other sectors are not working properly. “This can be frustrating, especially when an airport doesn’t have a lot of control or insight,” he says.

In a statement from Airlines for America, the organization adds the following to this conversation: “A4A members work closely and cooperatively with the TSA on a number of programs. For example, we support TSA’s risk-based approach that has enabled programs like Known Crewmember and TSA PreCheck to improve security while improving the passenger experience.

"Flying is the safest form of transportation and that is because of this multi-layered approach to safety and security, and cooperation between airlines, airports, government, manufacturers and labor, which all have the safety and security of our passengers, crew and aircraft as their highest priority.”

Testing the TSA

As the first chairman of the AAAE’s New Technology Committee, Smallback says while performing airport security of 27 airports in Saudi Arabia (mostly built by American and European companies he saw flaws in their security which echoed those in the U.S. system, such as the baggage handling and security surrounding moving luggage.

At one conference, he was asked by a TSA agent in Europe to not present his thoughts on “uniform blindness” when a few months later, Smallback says a terrorist crew wearing Air Berlin uniforms was stopped because the agent did not recognize them. “Airports are vulnerable while security and police departments are still in reactive mode and must shift to preventing these events,” he adds.

He questions, for example, how a terrorist would even be enrolled in a facial recognition system? “If facial identification was in place at Boston Logan, not a single terrorist would have been enrolled; they were unknown,” he says.

The terrorist element is a touchy and complex subject, Roman explains. The National CounterTerrorism Center manages the watchlist, a different, classified list is not given to the TSA except on a selective basis as it could override other considerations. “If there are major intelligence operations going on, targeting specific terrorists on the classified list could jeopardize these operations, especially if they need the people to move around freely,” he explains.   

Roman says that while terrorists are what the public becomes concerned about, the breaches now being addressed are really related to failure of training and management of personnel at the TSA and opening doors for terrorists. “You can’t reassure your passengers if there’s a failure of leadership and administration in the agency responsible for protecting you,” he says.

Roman explains that he and his teams have gone through security checkpoints with very unusual security equipment in hard Pelican cases that were never questioned, even though the line TSA workers looked confused as to what the items could be. He’s also purposely opted out of the electronic screening to review the pat-down procedures. “Nine of ten, in my view, would have failed to pick up a personal strapped bomb or weapon of some type,” he says.

What’s the answer?
 “First and foremost, there should be armed personnel at every checkpoint,” says Roman. “We don’t have minutes for police to respond.”

When it comes to technological options, the TSA has also gone on record to say it is testing and re-evaluating its equipment choices. (See the organization’s new 10-point plan here: http://www.dhs.gov/news/2015/07/06/remarks-secretary-homeland-security-jeh-charles-johnson-welcoming-tsa-administrator).

Fried adds that while technology is important, the bad guys are smart and the TSA has to be smarter. Smallback says the same, and that part of the equation is having trained employees who work daily in the industry and are able to see unusual occurrences or suspicious behavior. “It’s that awareness which makes security work,” he says.

Fried says that logic says the TSA will throttle back and that may mean longer lines, a statement Neffenger himself confirmed in a recent article. “I would say it’s probably one of the toughest jobs in Washington,” says Fried of Neffenger’s role. “I wouldn’t want the TSA to not be at the checkpoint, because there are a lot of people hell-bent on doing crazy things.”

The new director commented that filling security gaps is the TSA’s concentration, rather than the pace of lines right now. Bacon agrees this is something airports and passengers definitely pay attention to, but he believes real results are being seen, which is encouraging.

“We have identified a process that brings everyone to the table and puts all good ideas together to bring meaningful results in a limited amount of time, and I think that’s what passengers are after, what communities are after and what airports are after,” Bacon concludes. “How do we improve security? It’s an evolutionary process.”