Analyzing Security

May 8, 2002

Analyzing Security

Industry meets to discuss Security Act, TSA, and possible solutions for airports

By John Boyce, Contributing Editor

May 2002

SAN FRANCISCO - The Aviation and Transportation Security Act of 2001 puts such an enormous burden on the new Transportation Security Administration (TSA) that there are those in the aviation industry who say, "it ain't workable," at least as written and within the deadlines mandated. In March, industry veterans used such thinking as the premise for fleshing out ideas and possible solutions that in time could lead to workable solutions for airports.

Foremost among those elements of the Act that even Department of Transportation Secretary Norman Mineta says can't be in place by the end of 2002 - as the law demands -are 100 percent Explosive Detection System (EDS) inspection of all checked bags and the hiring and training of 40,000 checkpoint screeners.

Dr. Gerald B. Kauvar, a Rand Corporation policy analyst and former staff director for the Gore Commission on Aviation Safety and Security, challenged the aviation industry in his opening address to the recent 2nd Annual Aviation Security Summit at the Westin Hotel-San Francisco Airport to brace the Congress with its doubts.

Making it clear that his was not a Rand company presentation but a personal one, Kauvar told the assembled airport, airline, and related officials, "I haven't heard too much from the civil aviation community saying to the Congress that this ain't going to work, (that) it may be too soon. It's up to you to generate the lobbying pressure to get some of the legislation rolled back. If you're convinced that there are more rational approaches to aviation security, then you are the ones who have to carry that story home and it's a tough story, it really is. It's up to you, all parts of the industry, to make a rational case to Congress and hope they roll it back."

In a later panel discussion, Charles G. Slepian, a security consultant and former security official with the City of New York, further advised the assembly, "We need to tell the people who are making the rules what their opinions are. The fact of the matter is they just don't know.

"Since September 11, I have patrolled the halls of Congress trying to talk to members of Congress, and all of their responses are political. They know nothing of the basics of security, to say nothing of aviation security. So you need to be able to explain to them something they can sell to their constituents and make them look smart. If you do that you'll get your message through to them and they'll respond to you in a manner in which you'd like them to respond.

"If you sit back and wait for a September 11 and have the world come to Congress and say, 'What are you going to do about it?,' they're going to change it. In fact, they're going to tell you what you have to do about it and you're just not going to be able to do it."

In further explaining the act and its implications, Thomas Anthony, a security manager for the TSA, touched on a subject that perplexes airport managers across the country: funding for the mandates in the Security Act.

Referring to all the things Congress demands in the Act, Anthony says, "...the bottom line is that there is not enough money to do all this. The legislation contains language that actually authorizes money but it does not appropriate it. It appropriates some and there is money being taken out of the FAA appropriation as well to address airport improvements. Previously, airport security improvements had not been able to be included in the AIP funding. The legislation now allows that."

Anthony went on to address a broadly held fear that Congress would not follow up on the legislation as Kauvar had pointed out it hadn't with the Gore Commission recommendations. "(TSA Director John) Magaw feels that the Congress cannot let this initiative fail and they will back it up with money," Anthony says.

The U.S. has 453 distinctive air carrier airports, 14 of which are the the world's busiest - annually between 600 and 700 million embarkations take place; over one billion pieces of checked baggage are processed; and some 600,000 people have access to the ramps across the country. With those kinds of numbers, there is a question as to not how, but if, the nation's aviation industry can be protected.

The answer is, of course, yes, it can, but not to the exclusion of all risk, particularly from determined and immensely clever terrorists such as those who perpetrated the 9/11 attacks. "In aviation,'' Kauvar says, "...we must be willing to acknowledge and tolerate risk. We have no protocols or technology that can identify or defeat everyone with hostile intent.

"In the absence of fool-proof systems to identify people with hostile intent and means, we must rely on imperfect systems that reduce every vulnerability."
The heightened awareness and the attendant security systems now in place and those that will be in place in the future do and will, indeed, reduce vulnerabilities. However, according to George Teebay, a retired federal security manager at SFO, in comments at the summit, terrorists will likely try again to use a fueled aircraft as a guided missile because the yield is so high.

"Think about it," Teebay says. "If you're trying to take out an iconic structure - [the] Golden Gate Bridge, a nuclear power plant - I think that despite the risk, despite everything we have done, it takes so few of them to achieve such massive results when you use a force multiplier like that that it may very well be attempted again."

FACING 'THREAT VECTORS' The summit's keynote speaker, Rear Admiral Cathal Flynn, a former associate administrator for civil aviation security with the FAA, is not convinced that with the security measures being put in place at airports that terrorists will attempt a similar attack to that of 9/11, but "anything is possible."

However, he points out, the number of "attack vectors" at American airports, each with its own peculiar design, are immense:

o bombs on passengers and their cabin luggage, possibly disassembled;
o bombs on checked luggage;
o bombs in cargo, catering carts, paper towels, etc.;
o bombs placed by ramp workers or intruders; or
o weapons placed on board aircraft by ramp workers and other employees.

Additionally, crowded lobbies are vulnerable to attack; terminals can be attacked with vehicle bombs; and, airports and aircraft can be attacked by Surface to Air Missiles.

It was this multitude of potential threats that had Kauvar lamenting the fact that the Security Act and Transportation Security Administra-tion appear to be emphasizing EDS and passenger screening to the detriment of other forms of security.

Reporter's Notebook: What Officials Are Saying about Security
Select comments from officials at the 2nd annual Aviation Security Summit, hosted by the World Research Group in San Francisco in March.

"The lack of a pattern is a pattern. We have to recognize that. The typical low intensity warrior - and that is what we're dealing with -strikes in one place, watches the buildup of resources and defenses ...and has the luxury of time to make the decisions that, now the defenses are here, we're going to go over here. The changing pattern of threat is one we can count on. And while they (terrorists) have not used the threat vector of cargo since Bangkok in 1995, we can probably count on them trying it again."

o Thomas Anthony, TSA manager, civil aviation security division, Western Pacific Region Headquarters
"Yesterday's gratitude for the increased security measures is today's complaint. We have greatly increased the checkpoint transaction time - random searches and searches for cause at the gate.... Unfortunately, the perception is that the truly random searches at the gates focus on people who won't complain in writing: elderly folks and certain late middle-aged white guys wearing neckties."
o George Teebay, retired federal security manager at SFO.
"The Port Authority of New York and the entire New York Congressional delegation has supported a move to only use retired law enforcement and military personnel, firefighters, etc. at JFK. We need professionals."
o Charles Slepian, a security consultant and former security official with the City of New York, talking about law enforcement personnel at check points.
"At SFO we believe the airports should take the lead for 100 percent EDS (explosive detection system) screening. If you want it to turn out the way you wanted it, you need to take the lead. Everything you do in advance, including design, coordination, and all of the other work can certainly be enhanced once they (EDS machines) arrive. We were told (by TSA) that there is nothing wrong with an airport stepping forward and assuming a role of leadership."
o Mark Denari, Summit chairman and security chief at SFO.
"America's reaction is a little like the drunk who has lost his keys and is looking for them under the street light. His friend says, 'Why are you looking for them there, you dropped them over here.' The drunk replies, 'This is where the light is.' The light has been shining on the screeners for quite some time so Congress said the first thing we need to do is take care of the matter of screeners. Certainly the screeners needed to be included, but everybody has to recognize that they were not at fault as far as I can see."
o Rear Admiral Cathal Flynn, keynote speaker and former associate administrator for civil aviation security at the FAA.
"We insisted that the National Guard use 45s instead of the M16. The M16 is a useless weapon close in.
o Richard Duncan, security manager, Atlanta Hartsfield International
"Develop an initial security operations training curriculum specific to your airport with a mandatory level of in-service training which addresses evolving threats, regulatory issues, and operations requirements. It is critical that self-testing is performed to ensure that the personnel at these checkpoints are in compliance with the regulations and procedures."
o Marie De Rocco, deputy chief of security and safety, Miami International Airport, speaking of employee and vehicle screening at ramp access points.
"As valuable as explosive detection systems can be in deterring and detecting the placement of bombs on aircraft, bombs in checked baggage represent only one threat.... And it is important to remember that not one bomb has ever been detected by an explosion detection system machine or other security methods currently in place."
o Dr. Gerald Kauvar, Rand Corporation senior policy analyst and former staff director for the Gore Commission on aviation and security.
"Only the partnership of all the major entities involved--air carriers, airport operators, federal screening forces and security managers, and local law enforcement--can devise workable plans. The government should develop requirements for system performance, but the local partnership should have the mandate to design systems that meet national requirements while maximizing passenger and baggage throughput."
o Dr. Gerald Kauvar, Rand Corporation senior policy analyst and former staff director for the Gore Commission on aviation and security, on building a security plan from the bottom up rather than from the top down.
"The chemical and biological attack threat is increasingly credible at major U.S. Airports."
o Dr. Larry D. Brandt, manager systems research department, Sandia National Laboratories, Livermore, CA

- J.B.

"The cargo is a vector, the mail is a vector, we have all kinds of people with access to the aircraft and that's why these single-point solutions are no good," Kauvar says.

"...You can't do just one thing, you've got to do a lot of things. And the more things you do, you create a synergistic effect.... If we spend $30 billion on EDS, what do you think is going to be left over for the rest? Nothing, exactly."

Flynn took defense of aviation one step further. He endorsed EDS, stringent measures of ramp access control, the use of biometrics in identifying and screening of passengers and airport employees, a "Trusted Passenger" program, and many of the technologies being employed in the defense of airports.

But, he emphasizes, the first line of defense is not at the airport but with those who operate in the national security apparatus: the National Security Agency, Attorney General, Immigration and Naturalization Service, CIA, FBI, and other law enforcement agencies.

Flynn says that the heads of those agencies have said they were unable to "give assurances to us that there is not right now a group preparing as intensively as the 9/11 attackers were in the months before that attack" for another attack. He calls that lack of assurance lamentable.

"The whole idea of protecting anything," Flynn says, "be it nuclear facilities or aviation security, is that you put up sufficient defenses that if people are to attack it, they have to do such extraordinary things that because they are extraordinary, they will come to the attention of those intelligence and law enforcement organizations whose panorama includes such organizations as Al-Qaeda....

"So the question for the future is, can Al-Qaeda be disrupted? Because if not, it's almost impossible to protect civil aviation despite all the good efforts of all the people in this room and all the people you represent. That is why it is a lamentable situation that we would permit those people (intelligence and law enforcement groups) in the front lines to say we can't give you any guarantees.... If the terrorists are able to operate as they did in the years before 9/11, they will succeed again. These are very clever people."

Mark Denari, the chairman of the conference and the director of aviation security and special systems at SFO, in his opening remarks, made reference to the subject of trust at airports. It was a subject that emerged throughout the two-day summit.

"Our system was one in which the passengers weren't trusted and the employees were," Denari says. "Now, we have a system where nobody is trusted. We're in a situation where one's trust and integrity has been called into question as we all enter the air transportation system."

In a discussion of ramp access and the idea of a trusted passenger program in which perhaps frequent fliers, after undergoing background screening, are expedited through security, Ron Polillo, an aviation security specialist, states the TSA position on trust: "The TSA doesn't trust anybody."

And, according to Teebay, neither should anybody else. "After 30 years in private sector security," he says, "I have a real problem with the word trust because it leads us down a path we don't want to go. If we're going to have a system that we can rely on ... everybody who goes into a secure area has to be screened or we don't have a system. The law says every person who goes through a secure area will have a screening process similar to that of a passenger."

Regarding ramp access, Molly Crawford, security chief at National Airlines, takes exception to the idea that everybody, including flight crews, should have to go through a screening process before being allowed on the ramp on into aircraft.

"You can't lump all employees in one group," Crawford says. "Ship captains can wreck an aircraft, sure. Flight attendants could smuggle a weapon on board if they want to die on board. These are people we've known for years and years.

"If you want to take a closer look at FBOs - they're a bunch more transient in nature - I have no problem with that. You want to take a look at ground operations people, I might agree to that. But especially the crew members, I have trouble holding them to the same standard."

In his discussion of access control Clint Welch, the security manager at San Diego International Airport, indicates that trust is not an issue if reasonable measures are taken to ensure the security of the ramp and the aircraft.

"We can raise the level of investigation we're doing on the employees...." Welch says. "We have to train people. We have to get them to understand their responsibilities and their accountability for their actions at the facility."

Welch goes on to say that he believes that random searches of people entering a sterile area are as effective as 100 percent searching. He explains further that he thinks more restrictive access control is called for in that only personnel who have an absolute need to be in a certain area should be there. "Restrict access to the personnel in that area that is absolutely necessary," he says. "No visiting."