|
Interesting reading.
Some points that need to be made in summarizing avsec:
- Author on page 2
suggests that U.S. Airports have locked the front and back doors. No
person is stopped from entering a terminal and in some cases can proceed to
within yards of a departure gate without a ticket and without any screening
at all. Workers on the ramp side of the airport can still enter
without any physical screening of themselves and their parcels.
- Page 3: Profiling
is not even an option etc. Starting this summer limited psychological
profiling is scheduled to begin on targeted passengers. Profiling based on
background information is not a prerequisite for an effective
program.
- Pages 4 and
5. There is technology that does identify the presence of explosives
more than 99% of the time. It s true however that it slow mostly
because the larger the container the longer it takes to locate the
substance.
- Pages 6 &
7. The same criticisms apply to Secure Flight and Registered
Traveler. The major difference is that Secure Flight is a TSA program
that will attempt to collect passenger data at no charge to the
public. Registered Traveler has the approval of TSA, is owned by
vendors, passengers pay annually for membership and will provide express
lanes in airports. Both rely on existing data about passengers and
neither reduce the screening burden in and of themselves. Registered
traveler has not received wide acceptance by the traveling public.
Charles G.
Slepian
Foreseeable Risk
Analysis Center, Inc
www.frac.com
> Tuesday, May 16,
2006
>
> Airport Security: Still
Fighting the Last War?
> Airports are trying, but are they flexible
enough to prevent the next
> generation of terrorist attacks?
>
By Alan S. Brown
> Homeland Response
>
>
> To
understand why airport security has consumed from 50 percent to 80
>
percent of the total Transportation Security Administration (TSA)
budget
> since the agency was created in 2001, consider a cardinal rule
of politics:
> Never lose the last war.
>
> This rule is
why the French built the Maginot line after World War I, even
> though
many officers (including then-obscure Charles DeGaulle) foresaw that
>
German mobile armor would sweep around it easily. And it is why
airport
> screeners on the morning of 9/11 searched for guns and large
knives, the
> weapons used by hijackers during the 1970s and 1980s.
>
> "The system did just what it was designed to do. It kept
large weapons off
> the plane but allowed box cutters and Swiss army
knives to pass right
> through," explains Robert Poole, director of
transportation for Reason
> Foundation, a conservative think tank.
>
> Standard hijacking procedures - cooperate to minimize
casualties - made it
> easy for a handful of terrorists with small hand
weapons to convert three
> aircraft into suicide missiles. When
passengers aboard the fourth plane,
> United Flight 93, learned about
the WTC and Pentagon, knives and box cutters
> were not enough to keep
them from rushing the hijackers.
>
> Three months later, Richard
Reid attempted to bring down a Paris-Miami
> flight with plastic
explosive hidden in his shoe. Surprisingly, ICTS
> International NV, the
screening company at the Paris Airport, identified
> Reid as suspicious and
subjected him to a lengthy interrogation. Although it
> confiscated nail
clippers and nail files from other passengers, it had no
> effective way
to check for explosives. Only immediate action by aircraft
> crew and
passengers stopped Reid from detonating his bomb.
>
> The Next
Threat
>
> This sequence of events highlights some important
truths about airport
> security. First, security systems and procedures
did what they were designed
> to do. Second, terrorists were able to
find and exploit vulnerabilities in
> the system. Third, it is easier
for security to aim technology at the last
> threat rather than find the
next, unknown threat. Fourth, people remain the
> most important line of
defense, but they need the right tools to be
> effective.
>
> The question about air security today is whether TSA and airports
are
> building systems and technology flexible enough to deal with the
next round
> of threats. "As soon as you harden one area, you leave
another vulnerable,"
> says Ray Garza, president of CTI Consulting
Services, a Germantown, Md.,
> firm that helps airports improve
security.
>
> "When you upgrade the front door, you'd better
secure the back door because
> that's where they're going to go next,"
says Garza. "And after you do it,
> better check the windows. And then
you better make sure the person ringing
> your front door is really the
delivery guy."
>
> U.S. airports have certainly locked the front door
and the back door too.
> They have undoubtedly improved security from
five years ago. Yet some -
> perhaps many - windows remain open.
>
> Open Windows
>
> Since 9/11, The U.S.
Government Accountability Office (GAO) has issued 36
> reports
highlighting airport security shortcomings. It has criticized
>
everything from screener training, worker access systems, and cargo
>
shipments to out-of-control implementation of programs to prescreen
and
> register travelers. The Dept. of Homeland Security (DHS), which
now includes
> TSA, has only begun to look for ways to focus security
resources on the most
> risky passengers.
>
> TSA has many
critics. Poole, for example, claims TSA has a built-in
conflict
> of interest because it sets and regulates security policy
while employing
> the baggage and passenger screeners who implement it.
>
> "How can it regulate itself," asks Poole. He argues that airports
should
> take responsibility for their own security while TSA pays for
some equipment
> and audits procedures. He also wants to see a more
risk-based approach to
> passenger screening, even if that means
profiling based on suspicious
> patterns of behavior and purchases.
>
> Hans Weber, president of San Diego, Calif.-based Tecop
International Inc.
> and a member of several security panels constituted
after 9/11, also makes
> the case for profiling. "So far," he explains,
"our policy is to keep bad
> things from getting on airplanes, and we
define those bad things based on
> what terrorists have shown us in the
past.
>
> "After 9/11, we banned small knives. After Reid, we
bought 1,000 explosion
> detection systems costing $1 million each to
check for bombs. Once we
> defined that threat, then we had to worry
about man-portable antiaircraft
> missiles. We go on and on, defining
threats and using technology against
> them.
>
> "Our
enemies will always be a step ahead of us in defining the next bad
>
thing. They'll see where we put defensive measures, then go where our
>
defense is weakest. We can't possibly afford to protect against
everything.
> We can't continue to go after bad things exclusively. We
have to factor in
> bad people, and that means we have to profile."
>
> Overlapping Layers
>
> Weber argues that
profiling could eliminate known passengers who do not pose
> a threat.
That would enable security personnel to spend more time on unknown
>
travelers. Profiling, however, is not even an option until TSA and DHS
>
implement the computerized information systems they need to capture
and
> analyze passenger records.
>
> Some of these
programs, such as Registered Traveler and Secure Flight, are
> moving
towards fruition. Yet both have had significant implementation
>
problems and remain far behind schedule. Meanwhile, airports must
>
concentrate on "bad things" through a series of overlapping security
>
systems.
>
> "There's no way to eliminate 100 percent of the
risk when someone is willing
> to give their life," explains James
O'Bryon, a Belair, Md., consultant who
> chairs the National Research
Council's Committee on Assessment of Security
> Technologies for
Transportation.
>
> Instead, he suggests multiple, overlapping
barriers. "It's sort of like
> holding a balloon," he explains. "If you
squeeze one part, it bursts out
> somewhere else. If we put in enough
systems to act as deterrents, maybe we
> can force terrorists to go
somewhere else where they're less comfortable and
> catch them if/when
they make a mistake."
>
> The security squeeze starts with
passengers and carry-on luggage screening.
> Passengers, usually
shoeless, walk through a metal detector while their
> baggage goes
through an X-ray system. The system relies on nearly 40,000 TSA
>
employees and a much smaller number of private security guards to read
the
> X-ray images and correctly identify potential weapons or bombs in
carry-on
> bags.
>
> They must also try to guess which
passengers might be carrying explosives or
> ceramic knives on their
persons. "There are technologies that can detect
> what you have under
your clothing, but they clearly outline your body so
> they're deemed
unacceptable [because of privacy] so far," says Weber. Even
> without
those tools, screeners are the most important barrier to keeping
>
dangerous people off airplanes.
>
> There are many ways to
improve screener effectiveness, says Colin Drury,
> director of State
University of New York at Buffalo's Research Institute for
> Safety and
Security in Transportation. An expert on inspection systems,
> Drury
argues that feedback is the best way to improve performance. Most
>
X-ray machines, for example, can insert images of threats - guns,
knives,
> bombs - into images of bags going through the machine. "That
keeps them
> trained and alert," says Drury.
>
> He also
recommends tests to select people with a strong sense of spatial
>
relationships, frequent assignment changes to maintain sharpness and
>
training programs that expose screeners to progressively more
difficult
> images so they can build better mental models of threats. "A
side-on knife
> is easy to spot," he says, "but it takes training to
understand what you're
> looking at when the knife is pointing straight
up at you."
>
> Even so, given the enormous flow of people
through airports, screeners have
> little time to subject passengers to
intensive interrogations.
>
> Check In
>
>
Screeners may not search passengers, but they test 100 percent of
their
> checked-in baggage for explosives. This is done with X-rays,
computer
> tomography (CT), chemical swabs or even bomb-sniffing dogs.
>
> Some of the equipment is quite sophisticated. CT systems,
for example, work
> like hospital CAT scan systems. As a bag moves
through the unit, a rotating
> lens takes X-ray "slices" that a computer
reassembles into a
> three-dimensional image. Complex mathematical
algorithms assess the density
> and energy absorption and scattering of
the materials in the bag. If the
> patterns match those of known
explosives, the bag receives further
> attention.
>
> The
system is far from perfect. "It really galls me that we haven't we got
a
> competent explosive detection system," says Aaron Gellman of
Northwestern
> University's Transportation Center in Chicago. "We have far too many
false
> positives, and a lot of false negatives too."
>
>
Experts understand Gellman's frustration. "A foolproof explosives
detector
> is extremely difficult to design," says Weber, who made his
name designing
> measurement equipment. "The difference in atomic
composition of explosives
> and safe molecules is often a matter of the
placement of an atom or two.
> This is a very small difference to
detect.
>
> "The very few techniques that are really specific to
explosives detection
> have two weaknesses," he continues. "First, none
cover the broad range of
> explosives. Second, they are very slow, not
500 bags per hour but one bag
> per 15 minutes.
>
> "For
high-speed process, we have to use techniques that are not fully
>
specific to explosives," he says, referring to X-rays and CT. "In the
>
universe of stuff they detect, explosives overlap with safe molecules. As
a
> result, the false alarm rate is high. I know how to make bags from
perfectly
> acceptable materials that will alarm 100 percent of the
time," he says. Yet
> Weber sees improved technologies on the horizon.
>
> So does O'Bryon. "I've been watching for more than eight
years, and we've
> made quite a bit of progress," he says. "Detection
rates have grown more
> reliable, and false alarms have gone down though
they are still too high."
>
> O'Bryon believes explosive
detection systems are reliable enough for
> automatic detection, passing
through the vast majority of bags and kicking
> out those that need
further attention.
>
> Poole points to GAO studies that show fully automated
systems could
> eliminate up to three-quarters of the people now needed
to screen checked-in
> baggage. "The payback for these systems is only
one to two years, but the
> way funding works in Washington, TSA operations have first
claim on budget
> monies. If anything is left over, it can then go into
the capital budget,"
> he says. This makes it unlikely TSA will install
more automated systems
> without Congressional action.
>
>
Outside In
>
> In the past, terrorists posing as passengers have
hijacked airplanes. But
> what happens if the threat comes from workers
inside the airport?
>
> "An airport is like a community, like a
small town," says Garza. "Think
> about trying to protect your community
from people who live there, from
> visitors, from people going through."
>
> It creates massive access control problems. In many ways,
this is a problem
> U.S. security firms are accustomed to solving. They
begin with establishing
> a perimeter fence and monitoring it with
motion detectors, pressure sensors,
> and microwave and laser sensors.
Inside the perimeter, swipe cards, PIN
> numbers and even biometrics
give employees access only to those areas they
> are authorized to
enter.
>
> "Even then, you still need guards at the gates," says
Garza. "A driver may
> swipe his card and he's okay, but who's that
person in the passenger seat?
> You have to have someone there to ask
that question."
>
> Yet the biggest weakness in perimeter
security remains the human element,
> says Weber. "The fundamental
vetting of workers is still weak," he says. "It
> is unreasonable to
think we can separate certain weaknesses in our society -
> the ease of
ID theft, the ease with which people can get a new driver's
> license
and assume a new identity - from how airports hire people. There are
>
too many loopholes, and too many people who want to make money selling
>
data."
>
> Weber's concern is underscored by a June 2004 GAO
report. It criticized TSA
> for not requiring fingerprint-based criminal
history checks and security
> awareness training for all airport
workers.
>
> GAO also criticized air cargo security, which is
essentially based on a
> trust system. The system relies on certified
shippers, such as UPS and
> Federal Express, to put security procedures
in place and pay special
> attention to new or unusual customers.
>
> In an October 2005 report, GAO identified problems with TSA
shipper
> information and how it uses the data to identify shippers who
may present
> potential risks. It also notes that many shippers may have
financial
> problems meeting TSA's security requirements.
>
> Data Fusion
>
> Airports have gotten better at stopping
what Weber calls "bad things," but
> nearly five years after 9/11, TSA
has made only modest progress in
> preventing airline ticket sales to
terrorists. Under the current
> prescreening system, TSA distributes a
terror watch list to airlines, which
> then check ticket sales against
it.
>
> Some agencies have been reluctant to provide full
intelligence on terrorist
> identities on such a widely distributed
list. "We'd be giving information
> out to reservation agents that only
high-level security people should
> handle," says Poole.
>
> TSA was
supposed to implement a new prescreening system, called CAPPS II,
>
years ago. It would have required passengers to provide their
birthday,
> address, phone number and possibly other data. CAPPS II
would then check the
> information against terror watch lists,
commercial databases and criminal
> records.
>
> Privacy
advocates objected to such intrusive screening, especially after one
>
of TSA's subcontractors was caught mining sensitive data for patterns.
In
> its latest incarnation, CAPPS II has morphed into Secure Flight.
Under it,
> TSA will check passenger names against a centralized
interagency list of
> terrorists and mark some passengers for additional
scrutiny.
>
> "It is an outrage," says Poole. "Secure Flight doesn't use
pattern
> recognition. It doesn't tie things together. Airlines should
not be in a
> position where they have to make decisions based on
fragmentary
> information."
>
> The program itself remains
behind schedule. According to a February 2006 GAO
> report, TSA not only
slapped the program together in haste but has not yet
> determined what
passenger data it will require from airlines or what
> technologies it
will use to match names.
>
> Meanwhile, TSA's Registered
Traveler program has completed five pilot
> implementations at five
airports and plans to roll out the program at
> interested airports
later this year. The program asks frequent travelers to
> volunteer
information about themselves as well as fingerprints and an iris
> scan.
This information will be stored on an identity card that allows
>
registered travelers to move rapidly through airport security.
>
> Like Secure Flight, Registered Traveler has been years in the making.
Along
> the way, it has lost the backing of some of its early
supporters. The Air
> Transport Association of America (ATA), for
example, opposes it because it
> offers few benefits to frequent fliers.
"When it was first proposed,
> screening lines were long and it promised
real benefits," says ATA
> spokesperson Victoria Day. "Now lines are
much shorter, and there's no
> guarantee registered travelers would not
have to take off their shoes or
> take out their laptops like everyone
else."
>
> Risk
>
> Yet ATA's response misses the
larger question about how to balance resources
> and risk. According to
Alex Ralli, vice president of airport operations for
> Parsons
Transportation Group, there are three basic models for airport
>
security. The Israeli approach relies on security personnel to profile
and
> intensively interrogate potential suspects. Europeans, on the
other hand,
> combine profiling with automated baggage checking.
>
> The United States, says Ralli, has been moving
from a reactive to a more
> proactive mode. "Our intentions are good,
but our freedom makes us
> inherently vulnerable. We don't tolerate
profiling or standing in line for
> three hours for an interrogation."
>
> The Israelis, who live in a nation the size of
New
Jersey,
have only a
> handful of international flights each day. The
United
States has
about 4,400
> movements daily. It has not time to adopt Israeli
practices. It needs to
> find its own ways to become proactive.
>
> That's why one of the first recommendations made by Weber's security
panel
> after 9/11 was to screen for bad people. Registering frequent
travelers and
> prescreening ticket purchasers would reduce the number
of people security
> personnel would have to deal with in the airport.
>
> Using software to screen ticketing and credit information
for patterns that
> match potential terrorist profiles would help even
more. It would enable
> airports to devote more resources to the most
risky fliers.
>
> "In my opinion," says Weber, "we can keep
putting new layers of technology
> in place for each new set of bad
things, but we're at our limits. We've
> spent 80% of our budget on
bombs in checked bags, so we don't have enough
> money to implement
systems to find explosives on people. There's no way in
> hell we have
money to go after antiaircraft missiles.
>
> "And all along,
we're not dealing with the fundamental issue. We're fighting
> bad
people and not bad things," he says.
>
> And there is no way
airports can keep up with the evolving threat unless
> they do
both.
>
>
|
