Threat Mitigation

Sept. 8, 2001

Threat Mitigation

Aviation security professionals discuss concerns and best practices

By Lindsay M. Hitch

September 2001

SAN FRANCISCO — The Airport Security Summit brings together representatives of government, trade associations, airlines, and airports large and small, in a cooperative forum to relay security troubles and successes. Here, a synopsis of the summit’s high points.

BLURRING THE LINES
The new FAR Part 107 and 108 have been said to blur the lines between airports and air carriers, and industry reps say that’s a good thing.
"There’s no distinction between the airport and the air carrier. It’s everybody providing security together," says Bonnie Wilson, vice president of airport facilities and services for Airports Council International-North America (ACI-NA). "Who’s ultimately responsible should be less of an issue than reaching the goal."
In keeping with that sense of overlapping responsibilities, Wilson says, "We’d like to work harder on the exchange of information. As we all try to do our jobs, the best way to do it is to work with the facts, not the stories, not the anecdotes, but rather the information."
ACI-NA is reportedly working with FAA and other organizations to compile a database of best practices: which systems work, which programs work, which training elements fix the problem, etc.

DETERMINING THREATS
FAA’s strategic plan
The public version of the strategic security plan is available at www.faa.gov under the Security button.

To help in reaching that goal, FAA has taken a systematic approach to determining the types and scenarios for potential aviation security threats. Quinten Johnson, deputy director of security policy and planning, explains that 26 potential threats were recently determined by the FAA, as mandated by Congress. Including a vehicle bomb in front of the terminal, assault on a checkpoint, and complex improvised explosive devices in checked bag walk-aways, those threats were then ranked by the likelihood of terrorist success.
Recognizing that each of those scenarios has variations resulting in different outcomes, the FAA broke the threats down into components. Domestic versus international flights, a complex improvised explosive device versus a dynamite bomb, bags selected for screening versus those not selected: the variations are all detected and dealt with differently. After considering the components, Johnson says the 26 basic scenarios became 109 variants.
Once the threats were exposed, the National Research Council asked FAA to quantify the threats, assigning relative risk factors to each variant. The threats were then evaluated, says Johnson, for target attractiveness, probability of occurrence, likelihood of occurrence, and probability of success.
"The key to this," says Johnson, "[is] what do we have in their way? Our detailed plans were analyzed to see what do we have to put in front of that vulnerability?"

DETERRENCE
"We’re firm believers in physical deterrence and in enhancing security screening," says Rich Davis, manager of operational security for United Airlines.
"It’s a new phenomenon, putting these big machines and the new technologies into our airports nationwide. We have put them in visible positions wherever we could. And this is a big item and deterrent to the bad guy," Davis concludes.
Industry reps emphasize that the appearance of a tight security system can go a long way. People attempt crimes because they believe they can pull them off, they say.
"The minute we let them realize there are gaps in the system and that everybody isn’t watching, then there is going to be a problem," says Wilson. "And it’s going to be an after-the-effect problem; it’s going to be after the crisis that people jump back on the bandwagon. Each and every one of you has created a baseline that makes someplace else a more attractive target."

IMPLEMENTINGNEW TECHNOLOGIES
FAA is devoting $50 million each year for research and development in security technologies to aid in its goals for the next ten years.
"Talking about 100 percent checked baggage screening. That is going to be a mix of technology that is in place today ... in addition to a technology that is coming up," says Johnson.
The first of FAA’s security goals is to have the ability to screen all selected checked bags by the end of 2004 with certified explosives detection equipment.
The second goal is not, as many believe, to be able to screen 100 percent checked baggage by 2010. Johnson explains that the goal is "to begin the transition with the equipment we’ve identified in 2009. We won’t be finished with that until 2014, 2015, if we’re lucky and things go incredibly well."
A recurring concern of participants is not only the existence of adequate technology, but its introduction into existing systems.
"You have to find a way to build the process into the system," says Rick Doubrava, managing director of security for the Air Transport Association.
John Becker, assistant commissioner of security and information systems for O’Hare International Airport, adds that it is important to "find a way to take existing technology that’s newer and migrate it into the technologies that we have. I’d rather spend $3 million every five years than spend $12 million or $26 million every four or five years."

REACHING TOO HIGH?
Another concern for Becker is the issue of continually striving for bigger and better technology.
"We have a 10-ft. fence around our entire perimeter. We have taught-wire around a fifth of it. Who’s to keep a helicopter from coming in? Do I put a dome over my airport? Realistically I can do that but what’s the cost?"
Becker says that although the flying public doesn’t like to hear it, there is a balance between threats and the costs to protect against those threats.
"Technology is a great aid in the effort to provide a safe environment for passengers and employees, but let’s ensure that the technology we are providing is effective and prudent," Becker says. "Efficiency is important, not just in your staff, but in the technology you’re going to use."

THE INSIDER
Biological and chemical threats
Since the first responders to biological and chemical threats in terminals and on aircraft are airport personnel, a number of organizations are working to put together a basic reference manual.
Bonnie Wilson, vice president of airport facilities and services of Airports Council International-North America, reports that the process is underway.
"We’ve gotten some help from FAA, we’ve gotten a lot of help from FBI. Our good friends at the Department of Transportation Office of Intelligence and Security are willing to spearhead the effort to gather information about who knows what about whom and when," Wilson says.
She adds that they will try to "collect some basic information to the degree that we can give it to the first responders and say, if it sounds like this, call this number, if it sounds like that, call this number."

The threat is not really that of an "inside job", but rather of employees — insiders — failing to do what is necessary from a security standpoint, say participants.
Challenging is one of many areas industry reps are concerned with regarding employees’ compliance with procedures and regulations.
Wilson says, "You could get a false impression that people aren’t challenging when in fact they may be. So the test that we put together is just to see not who’s challenging and when they’re challenging, but how they’re challenging."
Training is often said to be the best solution.
"A lot of the thing is foundation," says Davis. "Does everybody who’s responsible for these regulations know what they’re supposed to do and know why they’re supposed to do it? And know the impacts of not complying?"
"One of our biggest problems right now is people don’t know what SIDA means. They’ve been through the SIDA training but they don’t know what the access control means, they don’t understand the zoning. They don’t understand a lot of that. More importantly, I can deal with the people who have these badges not understanding it. When my signatories don’t understand it, I have a problem," says John Becker.
Employee apathy is also cited a primary concern of participants. An understanding of the regulations is the first step, they say, but employees need to feel that adhering to procedures will have a positive impact.
Mollie Crawford, security director for National Airlines, says, "Compli-ance starts with educating your personnel that what you’re asking them to do makes sense. What you’re asking them to do has positive effects, not because the boogie-man FAA is going to get you, but because there are real bad guys out there.
"Your best people, who understand why they’re doing what they’re doing, do it. They do it every day, they do it with every passenger. They do it every time because they believe it is the right thing to do and they believe it has value. It is the thing that fails the common sense test, the thing where your line personnel who have to perform the task do not see value, that you don’t have compliance."
Mark Denari, manager of aviation security and special systems for San Francisco International Airport, says that his security staff strives to determine why an employee failed to comply and to correct the problem from a training perspective.
"When somebody fails to control access, there are some things we do. We might confiscate the ID and ask them to step of the AOA, but we do more than that. We train, we engage, we ask them questions. We try to find out just how much they know. Do they really know what access control is? We really have to get to that level of involvement to really see and sustain changes in terms of controlling access."

EMPLOYEES’ OTHER JOBS
"We have to remember that even though we’re all involved in the security aspect of what we do, there are dozens of other emphases and requirements that are out there for any airline employee," says Doubrava. "You’ve got safety, you’ve got environmental, you’ve got internal air carrier programs that require certain performance levels, and you can’t keep somebody on the edge, it’s like an adrenaline flow. You can’t whip them with the whip and try to make a requirement of 100 percent effectiveness."
Attendees stress the need to recognize employees’ other responsibilities. While security is a key factor, getting the job done is the primary objective, they say.
"I don’t think I’ll ever forget the testimony last spring before the Senate Aviation Subcommittee by Irish Flynn," relates Johnson. "He said, when an airport or air carrier employee is out on that ramp, they often have to make a choice between looking around to make sure that an FAA inspector isn’t challenging them or being decapitated by the prop of a turboprop jet that they’re walking past.
"And having to make that choice he said he would be very pleased with an 80 or 85 percent compliance rate of some of the requirements for access control on the ramp, just because of that operating environment. And nobody battled an eye, recognizing security is not the only thing that aviation workers have to contend with on a regular basis."