The nature of terrorist groups and their activities continues to change. One report noted that since 1993, there has been a steady decline in terrorism in both the Middle East and Western Europe. Although terrorist attacks are becoming less frequent, they are becoming more lethal. Terrorists have “set out to distinguish themselves in the busy arena of international banditry, terrorist incidents seem to become more random, more arbitrary in their targets, less connected to any identifiable cause.”(Butler 2000). In the recent spate of suicide attacks by Palestinian extremists in the spring to fall of 2001, it was reported that this suicide offensive, which commenced 1 January 2000, had killed nearly fifty Israelis and injured fifty more by 17 August 2001. The dramatic assault by suicide hijackers of four commercial airlines on 11 September 2001 in the United States underscores the impact that such operations have, as well as underlining the evolutionary terrorist philosophy that “bigger is better,” particularly when the terrorists utilize high-concept low-technology against prestigious targets such as the Pentagon and World Trade Center (De Spiegeleire 2002). From investigations following the aftermath of September 11, we are learning that there were in fact many disparate pieces of intelligence information that
Threat assessment approaches involve many factors, but three of the most common are a terrorist group’s intentions, past activities, and capabilities (Cordesman 2002). These factors are detected throughout the analytical and investigative processes and should be applied when developing threat assessments. Throughout much of the world, airport security is based on the Standards and Recommended Practices developed and published by ICAO (the International Civil Aviation Organization) (Congressional Budget Office 2000). The organization is part of the United Nations. For more than 50 years, it has been the supreme law-making body relative to international civil aviation. It is a political organization, as any agency of the United Nations must be. Countries with major aviation infrastructures have to make additions to the recommendations to ensure threats applicable to operations in their jurisdiction are fully covered. Some airlines operating to the less well protected airports have to overlay additional procedures of their own on to those provided by the local airport management.
The status of the IATA Intensified Aviation Security Program was underlined by the Council of Europe in a review of aviation security. The council referred to the IATA activity as the “only objective survey program available to the industry and to governments” (Government Accounting Office 2000). A 1989 ministerial-level meeting convened by ICAO also made reference to the airlines’ survey activities. The ministers recommended that the UN agency should provide an international security survey program under the organization’s auspices to states—on request. ICAO was not to initiate moves. Even with this limitation (the airlines did not have to contend with such restrictions), such a service from ICAO to its members could have been of value. However, the political nature of the UN agency made implementation difficult to achieve. In 2001, thirteen years after the idea was first mooted within ICAO, the Thirty-third Assembly of the ICAO reached the same conclusion as the earlier meeting of ministers. Delegates to the Assembly resolved that the UN agency should conduct “regular, mandatory, systematic and harmonized aviation security audits to evaluate security in place in all Contracting States at national level and, on a sample basis, at airport level for each State, under the ICAO Aviation Security Mechanism.” Another high-level ministerial aviation security conference resulted from the Assembly’s conclusion. It convened in February 2002 and recommended that a multigovernment-sponsored survey program, the Aviation Security Plan of Action, be established.
Some airport security performances can be seen and measured by travelers as they pass through terminal buildings. Consider, for example, the requirement for passengers and their hand baggage to be screened. The purpose of screening is to prevent any weapons being carried on to an aircraft. ICAO recommends that screening points should comprise an x-ray unit, for hand carried items, positioned alongside a walk-through metal detector (a magnetometer) for passenger screening (Gallagher 2004). The UN agency calls for this equipment configuration to be manned by teams of five screeners, the team members rotating their functions on a 20-minute cycle. This is achieved by separating the five with one directing the flow of hand baggage while another monitors the video display unit (VDU). This shows images of the items being x-rayed. A third team member hand searches any items selected during the x-ray process for further examination. The fourth screener controls the movement of passengers through the magnetometer while the fifth person is there to manually frisk those who trigger its alarm. The fifth person will sometimes be seen using a handheld metal wand as a frisking aid. The purpose of rotating staff is to minimize the boredom associated with routine security tasks and in particular to prevent the person monitoring the video display unit from becoming ineffective. Twenty minutes is considered the maximum time a screener can view a screen effectively. Rotation adds variety to the team members’ tasks and ensures an all-round understanding of the total function.
The above description of a five-person team at work describes the optimum. Around the world variations on this theme will be seen. At some locations the magnetometer is dispensed with, screeners using a handheld wand to search all passengers. At some airports, screeners physically hand search all passengers. A passenger passing through an airport security check point can see at a glance whether the ICAO-recommended screening unit is in place. Travelers can judge for themselves the effectiveness of other systems. In Europe, the ICAO configuration, with teams of five screeners, is in widespread use. In the United States it was seldom seen before September 2001. At most domestic airports two-person units were the standard, and their performance always left much to be desired, as did the quality of their management.
The Aviation and Transportation Security Act mandated the Federal Aviation Administration to assume responsibility for all passenger and baggage screening at U.S. airports. Screening staff members were to become government employees. A newly appointed under secretary of transportation for security had to “develop standards for the hiring and retention of security screening personnel” (Gallagher 2004). He was also to be responsible for their training. The under secretary has to be aware that once staff have been engaged and deployed on the screening task, their management becomes a key ingredient in the security process. The actual function of checking passengers and their hand baggage is a highly routine and therefore potentially boring job. As ICAO recognized, with boredom comes inefficiency, and this has to be guarded against. Acts of unlawful interference are not everyday occurrences, and the likelihood that a screener will actually be in a position to prevent a tragedy is extremely remote. Indeed, a person may work as a screener for years and never be able to claim a “strike” against terrorism. Boredom and complacency have to be met with effective human resources management routines. These same supervisory techniques have to offset the proven inability of people to monitor VDU screens for periods in excess of 20 minutes without becoming blind to the objects of their search.
In the United Kingdom, the major London airports come under BAA management. Like other airport managements in the United Kingdom, the BAA was charged with providing passenger and hand baggage screening checkpoints. They adopted the full ICAO recommendations. The BAA obtains its income from the airlines that use the airports and from the commercial franchises that operate there. Any outlay on security is ultimately recovered from these companies. The BAA does not go out to tender for the service, nor does it seek the lowest bid. The security service is provided from within the authority’s own resources, and the cost is simply recovered from its customers. The BAA can afford to offer the highest standards. The Department of Transport—now named the Department of the Environment, Transport and the Regions—is the administrative body responsible for aviation regulation, including monitoring performance. The British system means that the standard of security is not inhibited by the Treasury Department, since it is not funded by the government.
Other examples of how other countries have achieved high standards of threat assessment exist. One such is Malaysia. The Malaysian airport security policy is very relevant to the task Congress has given to the Federal Aviation Administration. The country is a federation of 13 states, of which 11 are on the southern half of the Malaya Peninsular (the independent city-state of Singapore is the southern tip). Two of the states are on the island of Borneo. Malaysia Airlines provides the key communication link among the various parts of the federation and operates both domestic and international flights. The many airports throughout Malaysia’s continental land mass and the islands come under the responsibility of the Civil Aviation Authority (CAA). To meet the security task, the CAA created a national force with staff ranks ranging from guards through a gambit of officer grades up to the director. This has provided a career structure for persons entering the security service. When the authority was first created, the salaries of the airport security force exceeded that of normal police officers in similar positions. This made recruitment easy. Some personnel transferred to the airport security force from the national police force itself.
The Malaysian model would adapt well for the United States. Although individual U.S. airports have their own managements, the Federal Aviation Administration now has responsibility for passenger and baggage screening at all of them. A recruitment and training program of the type established by the Malaysia CAA could be implemented in America. (Such a program could also apply to sky marshals). Flexibility of staff movement given the existence of a single employer, the aviation administration, also exists. A centrally managed licensing or certification program, essential if competency standards are to be regulated, is also possible. Promotion should be dependent, in part, upon qualifications gained through a central system of federal examinations. A federal qualification would have validity should an individual wish to move location. In this way performance throughout the country could be standardized.
The preceding paragraphs have considered the human element in a practical airport security operation. Rightly so because even where machinery is used, it is generally operated by a staff member. But effective and appropriate equipment is a vital part of the security mix. An x-ray is of little value if it cannot do the job for which it is intended. The Lockerbie bomb bag was x-rayed before it began its fateful journey. Its operator was not trained in x-ray use, and by itself the machine could not sound an alarm. Times have changed. Hi-tech machines are providing part of the answer. In Europe, the Far East, and elsewhere heavy capital investment has brought such technology into the security equation. But despite the two Presidential Commissions and other acts before the passing of the Aviation and Transportation Security Act, no appropriate investment was made in the United States. Even congressional directives to the Federal Aviation Administration had failed to move forward the standards of airport security.
Another element of overt security at airports is the presence of armed guards, often police officers, sometime military personnel, patrolling the terminal building. Congress has called for armed guards to be positioned at each baggage-screening point. In other countries, armed support is generally provided by means of a rapid response team. Even where armed patrols are used, employing rapid response teams capable of reaching any threatened point within two minutes is the preferred approach. Another element of overt security at airports is the presence of armed guards, often police officers, sometime military personnel, patrolling
Much airport security is conducted away from the public gaze (Mpa Ronczkowski 2004). Perimeter security, access control, and facilities protection are all largely unseen by the public. All are vital to an airport security program and can have a direct impact on passengers. Consider the attempted seizure of a Pan Am jumbo in Pakistan. At Karachi, the terrorists dressed themselves to resemble airport guards. They obtained a vehicle similar to those used by the airport authority and then drove up to a perimeter checkpoint that guarded the entrance to the airside of the airport. Despite instructions requiring identity cards to be examined, no challenge was mounted to the vehicle or to the men. The terrorists were simply waved through. This gave them unimpeded access to the Pan American aircraft that was in the process of boarding. Poor perimeter security had a very direct impact on the passengers: Twenty-two of them died in the attack.
The central screening–sterile lounge concept has distinct security advantages. It provides a distance barrier between the potential discovery of terrorists and their ultimate target, the aircraft. It allows time for police or other covert forces to respond to an incident before any would-be hijackers can reach their goal. Passenger and hand baggage screening remoted to the departure gate allows the terrorist to approach within paces of their objective before being challenged. In the latter scenario, anyone intent on seizing an aircraft and believing there is a danger that their weapons will be discovered can use them at that point. In a matter of a few steps they are on the aircraft. Delaying security screening until the departure gate area actually simplifies the terrorists’ task.
Gate screening requires individual teams of personnel (ICAO recommends a minimum of five workers for each such point) to be present for each aircraft operation. An airport with 20 gate departures in an hour would need 100 people to be on duty. In the early stages of the operation, passengers are likely to arrive in small numbers with sizable time gaps between them, thus underutilizing the staff. Nearer to the aircraft leaving, the numbers increase causing lines. Almost inevitably delays occur. With a central screening system, the same 20 departures could probably be handled with four checkpoints that could be supplemented as necessary but that in any event present major savings in personnel. It has to be remembered that unless a government authority is picking up the cost of security and placing the burden on a central treasury, the airline passenger will eventually pay for any waste of personnel and equipment through the price of the airline ticket.
It is interesting that the airport at Singapore reached its high security standing without central screening (Taillon 2002). It positioned passenger screening at the departure areas, with individual holding lounges beyond the security check point. This allowed the airport management to overcome what was a shortcoming in the design of the building, namely, incoming and outgoing passengers using the same walkways. ICAO calls for segregation of inbound and outbound passenger flows. Most modern airport designs incorporate this separation. At Changi, the authorities allocated sufficient human resources to ensure security standards were met, accepting the additional cost of the increased staff numbers. A “panic” button that linked all screening stations with the covert response team also locked access to the boarding gate in the event of a terrorist incident, thus affording additional protection to any aircraft parked alongside the terminal building.
Retina Network Security Scanner, available from eEye Digital Security provides an accurate, cost-effective, and fast network security-assessment tool to identify known vulnerabilities (Wallis 2003). Retina also includes Common Hacker Attack Methods (CHAM) to help you discover unknown vulnerabilities. For example, iris scans involve an individual placing his or her eye close to a reader that identifies the unique characteristics of the individual’s iris. The reader, a camera, captures a high-resolution image of the iris. To date, iris scans have been employed in special fast-track lanes at Schiphol Airport in Amsterdam. The iris scan program allows participants to move through security quickly. Fingerprint recognition technology captures a person’s unique fingerprint from impressions made by the ridges in the finger. The image is recorded by a scanner, enhanced, and then converted into a template. Systems that utilize fingerprints sometimes compare an individual’s fingerprint directly against a database. For instance, the FBI maintains a database full of fingerprints, called the Integrated Automated Fingerprint Identification System, which contains about 45 million prints and is used in the agency’s investigations. Other times, a person’s fingerprint is compared against the biometric data stored on the card. For instance, immigration officials have begun matching an individual at the U.S. border with the fingerprint stored on his or her ID card that was issued by the Department of State or the former INS in the last five years. Facial recognition technology identifies people by analyzing facial features that are not easily altered. Cameras in London use facial recognition technology to identify criminals; and more recently, the Illinois Department of Motor Vehicles has employed the technology in its driver’s licensing system to prevent individuals from obtaining multiple driver’s licenses. To place the biometric data on driver’s licenses, policy makers may choose from magnetic strips, two-dimensional bar codes, laser cards, and smart cards. Many cards that use the aforementioned types of biometric data are examining the use of smart cards because they can store data and be used for multiple purposes, as well as because each card has its own encryption system.
ICAO has developed standards for the fencing and control of airport perimeters (Handberg 2002). So too have rules governing the security of aircraft on the ground. These have been endorsed by most of the organization’s member states, including the United States and Great Britain, but the latter recognize only their responsibility for airports within the United Kingdom. They do not accept responsibility for the protection of British-registered aircraft at overseas airports. As has been discussed earlier in this work, many locations in third world countries do not apply ICAO rules. In such countries there is no effective airport security. The airlines are on their own. They have to take whatever action is appropriate to protect their operation. Security standards applicable at their home airports will not exist throughout their network. If airlines fail to introduce company security procedures to supplement those provided by the airport managements at deficient locations, their passengers and crews are at genuine risk. Given that some aircraft have been penetrated on the runway itself, their programs might have to be extended to include mobile patrols escorting aircraft before takeoff.
There does not have to be, cannot be, one single plan for airport security. ICAO has published guidelines in the shape of a model International Airport Security Program, but they are only guidelines. Airports considered to be at high risk will necessarily have to massage the model program to meet their own needs. Airport design will affect the implementation of any security plan. Geographical locations and physical environments will dictate aspects of any program. Municipal, national, and federal policing arrangements will have an influence on an airport’s security defenses. National and international politics will affect the level of threat posed to operations at any given airport or to any given airline. This threat has to be assessed and a program put in place to control the risk. For this reason, an airport management cannot simply take a security proforma and adopt it as its own. It has to be worked upon, preferably in a collaborative effort by the airport management, the airlines using the facility, and the local, national, and federal security services.