Threat Mitigation
Aviation security professionals discuss concerns and best practices
By Lindsay M. Hitch
September 2001
BLURRING THE LINES
The new FAR Part 107 and 108 have been said
to blur the lines between airports and air carriers, and industry reps
say that’s a good thing.
"There’s no distinction between
the airport and the air carrier. It’s everybody providing security
together," says Bonnie Wilson, vice president of airport facilities
and services for Airports Council International-North America (ACI-NA).
"Who’s ultimately responsible should be less of an issue than
reaching the goal."
In keeping with that sense of overlapping
responsibilities, Wilson says, "We’d like to work harder on
the exchange of information. As we all try to do our jobs, the best way
to do it is to work with the facts, not the stories, not the anecdotes,
but rather the information."
ACI-NA is reportedly working with FAA and
other organizations to compile a database of best practices: which systems
work, which programs work, which training elements fix the problem, etc.
DETERMINING THREATS
FAA’s strategic plan
The public version of the strategic
security plan is available at www.faa.gov under the Security button.
To help in reaching that goal, FAA has
taken a systematic approach to determining the types and scenarios for
potential aviation security threats. Quinten Johnson, deputy director
of security policy and planning, explains that 26 potential threats were
recently determined by the FAA, as mandated by Congress. Including a vehicle
bomb in front of the terminal, assault on a checkpoint, and complex improvised
explosive devices in checked bag walk-aways, those threats were then ranked
by the likelihood of terrorist success.
Recognizing that each of those scenarios
has variations resulting in different outcomes, the FAA broke the threats
down into components. Domestic versus international flights, a complex
improvised explosive device versus a dynamite bomb, bags selected for
screening versus those not selected: the variations are all detected and
dealt with differently. After considering the components, Johnson says
the 26 basic scenarios became 109 variants.
Once the threats were exposed, the National
Research Council asked FAA to quantify the threats, assigning relative
risk factors to each variant. The threats were then evaluated, says Johnson,
for target attractiveness, probability of occurrence, likelihood of occurrence,
and probability of success.
"The key to this," says Johnson,
"[is] what do we have in their way? Our detailed plans were analyzed
to see what do we have to put in front of that vulnerability?"
DETERRENCE
"We’re firm believers in physical
deterrence and in enhancing security screening," says Rich Davis,
manager of operational security for United Airlines.
"It’s a new phenomenon, putting
these big machines and the new technologies into our airports nationwide.
We have put them in visible positions wherever we could. And this is a
big item and deterrent to the bad guy," Davis concludes.
Industry reps emphasize that the appearance
of a tight security system can go a long way. People attempt crimes because
they believe they can pull them off, they say.
"The minute we let them realize there
are gaps in the system and that everybody isn’t watching, then there
is going to be a problem," says Wilson. "And it’s going
to be an after-the-effect problem; it’s going to be after the crisis
that people jump back on the bandwagon. Each and every one of you has
created a baseline that makes someplace else a more attractive target."
IMPLEMENTINGNEW TECHNOLOGIES
FAA is devoting $50 million each year for
research and development in security technologies to aid in its goals
for the next ten years.
"Talking about 100 percent checked
baggage screening. That is going to be a mix of technology that is in
place today ... in addition to a technology that is coming up," says
Johnson.
The first of FAA’s security goals is
to have the ability to screen all selected checked bags by the end of
2004 with certified explosives detection equipment.
The second goal is not, as many believe,
to be able to screen 100 percent checked baggage by 2010. Johnson explains
that the goal is "to begin the transition with the equipment we’ve
identified in 2009. We won’t be finished with that until 2014, 2015,
if we’re lucky and things go incredibly well."
A recurring concern of participants is not
only the existence of adequate technology, but its introduction into existing
systems.
"You have to find a way to build the
process into the system," says Rick Doubrava, managing director of
security for the Air Transport Association.
John Becker, assistant commissioner of security
and information systems for O’Hare International Airport, adds that
it is important to "find a way to take existing technology that’s
newer and migrate it into the technologies that we have. I’d rather
spend $3 million every five years than spend $12 million or $26 million
every four or five years."
REACHING TOO HIGH?
Another concern for Becker is the issue
of continually striving for bigger and better technology.
"We have a 10-ft. fence around our
entire perimeter. We have taught-wire around a fifth of it. Who’s
to keep a helicopter from coming in? Do I put a dome over my airport?
Realistically I can do that but what’s the cost?"
Becker says that although the flying public
doesn’t like to hear it, there is a balance between threats and the
costs to protect against those threats.
"Technology is a great aid in the effort
to provide a safe environment for passengers and employees, but let’s
ensure that the technology we are providing is effective and prudent,"
Becker says. "Efficiency is important, not just in your staff, but
in the technology you’re going to use."
THE INSIDER
Biological and chemical threats
Since the first responders to biological
and chemical threats in terminals and on aircraft are airport personnel,
a number of organizations are working to put together a basic reference
manual.
Bonnie Wilson, vice president of airport
facilities and services of Airports Council International-North America,
reports that the process is underway.
"We’ve gotten some help from
FAA, we’ve gotten a lot of help from FBI. Our good friends at
the Department of Transportation Office of Intelligence and Security
are willing to spearhead the effort to gather information about who
knows what about whom and when," Wilson says.
She adds that they will try to "collect
some basic information to the degree that we can give it to the first
responders and say, if it sounds like this, call this number, if it
sounds like that, call this number."
The threat is not really that of an "inside
job", but rather of employees — insiders — failing to do
what is necessary from a security standpoint, say participants.
Challenging is one of many areas industry
reps are concerned with regarding employees’ compliance with procedures
and regulations.
Wilson says, "You could get a false
impression that people aren’t challenging when in fact they may be.
So the test that we put together is just to see not who’s challenging
and when they’re challenging, but how they’re challenging."
Training is often said to be the best solution.
"A lot of the thing is foundation,"
says Davis. "Does everybody who’s responsible for these regulations
know what they’re supposed to do and know why they’re supposed
to do it? And know the impacts of not complying?"
"One of our biggest problems right
now is people don’t know what SIDA means. They’ve been through
the SIDA training but they don’t know what the access control means,
they don’t understand the zoning. They don’t understand a lot
of that. More importantly, I can deal with the people who have these badges
not understanding it. When my signatories don’t understand it, I
have a problem," says John Becker.
Employee apathy is also cited a primary
concern of participants. An understanding of the regulations is the first
step, they say, but employees need to feel that adhering to procedures
will have a positive impact.
Mollie Crawford, security director for National
Airlines, says, "Compli-ance starts with educating your personnel
that what you’re asking them to do makes sense. What you’re
asking them to do has positive effects, not because the boogie-man FAA
is going to get you, but because there are real bad guys out there.
"Your best people, who understand why
they’re doing what they’re doing, do it. They do it every day,
they do it with every passenger. They do it every time because they believe
it is the right thing to do and they believe it has value. It is the thing
that fails the common sense test, the thing where your line personnel
who have to perform the task do not see value, that you don’t have
compliance."
Mark Denari, manager of aviation security
and special systems for San Francisco International Airport, says that
his security staff strives to determine why an employee failed to comply
and to correct the problem from a training perspective.
"When somebody fails to control access,
there are some things we do. We might confiscate the ID and ask them to
step of the AOA, but we do more than that. We train, we engage, we ask
them questions. We try to find out just how much they know. Do they really
know what access control is? We really have to get to that level of involvement
to really see and sustain changes in terms of controlling access."
EMPLOYEES’ OTHER JOBS
"We have to remember that even though
we’re all involved in the security aspect of what we do, there are
dozens of other emphases and requirements that are out there for any airline
employee," says Doubrava. "You’ve got safety, you’ve
got environmental, you’ve got internal air carrier programs that
require certain performance levels, and you can’t keep somebody on
the edge, it’s like an adrenaline flow. You can’t whip them
with the whip and try to make a requirement of 100 percent effectiveness."
Attendees stress the need to recognize employees’
other responsibilities. While security is a key factor, getting the job
done is the primary objective, they say.
"I don’t think I’ll ever
forget the testimony last spring before the Senate Aviation Subcommittee
by Irish Flynn," relates Johnson. "He said, when an airport
or air carrier employee is out on that ramp, they often have to make a
choice between looking around to make sure that an FAA inspector isn’t
challenging them or being decapitated by the prop of a turboprop jet that
they’re walking past.
"And having to make that choice he
said he would be very pleased with an 80 or 85 percent compliance rate
of some of the requirements for access control on the ramp, just because
of that operating environment. And nobody battled an eye, recognizing
security is not the only thing that aviation workers have to contend with
on a regular basis."