Home >> United States & Canada >> Terror Threats

     Email   Print 

TSA and Aviation Security: What is wrong with their concepts and strategy – Part One

Sammy Elrom - 10/12/2007

Aviation security is an almost forgotten topic, commonly confused with flight security because since 9/11 we did not encounter another such terror attack on American soil. This article is meant to remind us that the threat did not disappear as seen a several recent events. The author demands that Israeli aviation security philosophy be immediately adapted instead of reinventing the wheel.


A retrospective look

There is a no better compelling illustration of the current situation approaching the subject of aviation security than validating once again the saying “the chain is as strong as its weakest link”. This article was initially conceived in July 2003, when it was obvious to me that the chosen strategy and implementation by TSA to protect the commercial aviation and its facilities, was far from the best available methods and technologies. I am compelled to reiterate again the still existing aviation security wide flaws and gaps after reading Giving Human Intuition a Place in Airport Security, written by Joe Sharkey in The New York Times a few days ago. In that interview Kip Hawley, the head of TSA, proudly stated that now we put “new emphasis on a layer of screening called behavioral detection” and also “We started off thinking, (pay attention to started - SE), what is it we do better than anybody else? What’s the advantage we have? And it’s that we see two million people every day. We know what normal is”. Eureka, Mr. Hawley, the highly protected secret is finally revealed. My question is: Why did it take six years to reach this obvious conclusion?

Now, that the TSA discovered one of the basic and most essential security ingredients, are we about to see a revolution in the approach to aviation security; can we expect a new strategy which is much more human-based? And how long will it take until is fully implemented in the security processes? If you ask TSA they will tell you n that they will not move so fast. They intend to advance step by step also trying to take over part of the check in process and this takes time, proper recruiting and special training. But first and foremost it requires a change in conception and in the perception of what aviation security is all about today. “Behavioral detection is a technique, not a science (my underscore – SE). It’s an extra tool for “risk management. It doesn’t constitute a third-degree grilling like the vaunted Israeli airport security” emphasized Mr. Hawley. It is amazing to me how easy it is to miss your target if you are a TSA employee and this interview only strengthen my conviction that TSA still doesn’t get it. Classifying behavioral detection as a risk management category is wrong, unprofessional and dangerous from the get go. Because in aviation security, behavior (and Intel) is everything. When there is an over-use of highly-sophisticated outraging costly systems which are TSA sole and indisputable answer to aviation security the chances of a fatal breakdown, in spite of redundancy, are ten fold higher.

If we are to take TSA to their own word, the much expected long-term strategy, which in some areas is still in early developmental stage, will rely heavily on technology rather than on highly trained security personnel. The main problem with this approach is that the more widely spread the use of technology is, the higher the chances of a catastrophic failure to happened, that even redundant systems will no be able to cope with. Since 9/11, we’ve witnessed numerous incidents where weaknesses were reveled and severe vulnerabilities were exposed. In several cases, only blind luck prevented yet another catastrophic terror attack.


TSA is yet to learn the lesson

The recent foiled plots in London and Glasgow and other EU countries were a stern reminder that terrorists are ready to take whatever the weakest link gives, in this case the weakness of aviation security.

To understand the severity of existing security gaps, it is worthwhile to look into the security breach event in the premises of Sky Harbor Intl’ Airport in Phoenix AZ a few years back, in which a drunk truck driver while chased by police, was able to drive through the airport secured area, drive around the supposedly “clean” perimeter on the tarmac, then pass and penetrate protective fences without facing any counter-measures. Just from watching the incident on live TV it was evident that none of the defense measures and quick response teams were either activated or engaged, neither were alternative intervention & response teams. This event may be defined as a local problem by officials, but could be also considered a real time live indicator as to how weak and semi-professional the system still is.

I am sure that procedures and written material are at hand in any airport, small or large, but let us not confuse regulations and written procedures with in-field actual implementation. This incident was a real eye-opener providing a real time unequivocal assessment as to the true level of ground aviation security and the existing (or the lack of) effective operational methods. Changes were made and probably implemented since that specific event, but the civil aviation as a whole is still one of the weakest links in the overall critical infrastructure protection list. Experts believe that yet another terror event using a commercial jetliner is in the planning because of its spectacular effect. Skyjacking remains one of the methods terrorists prefer, and many alternative targets can be found around and inside airports (i.e. the LAX shooting incident and the recent Glasgow car bomb failed attack) .

After almost six years since 9/11 the time has come to review DHS and TSA strategy and the operational concepts of aviation security. There is no doubt that they are far behind schedule in implementing a comprehensive aviation security strategy molded to fit the extreme changes in international terrorism, and the way it affects transnational and transitional terrorism specifically. Immediately after 9/11 it was acceptable that in the interim aviation security isn’t but a stitched together emergency method following the need to provide immediate security answers and some relief from the 9/11 anxieties and fears. Today though, it is not acceptable that much of the same persists even if some changes were made. Cosmetic changes may look good but do not provide the much needed answers. A thorough revision is a must, especially as we are being reminded again that terror attack threats are on the rise. Suffice to recall the conceptual mistake and the way the sensitive issue of air marshals was handled. A basic problem is that what is in place today is neither comprehensive not effective enough. More so when TSA discourages initiative and rewards dogmatism and “in-between-the-line” thinking and behavior.


TSA’s wrong approach

”This new system is working. Since February 2002, TSA has intercepted more than 1,500 firearms and more than 54,000 box cutters”, declared then TSA Deputy Admin. Stephen McHale in a testimony on 11/5/03, before the Senate Commerce, Science and Transportation Committee. The statement, although old, comprises in one sentence all that is wrong with aviation security. It summarizes TSA philosophical approached and the methods used to tackle this acute problem. Furthermore, it presents a clear picture as to how security personnel is trained and what the pure professional approach is. It seems as if DHS and TSA have not yet learned at least part of the obvious security lessons.

Heavily relying on hi-tech as the magic. solve-all” remedy instead of developing and improving the professional human factor, will prove life costly and dangerous. Until otherwise proven, why invest almost all available resources in technology? Terrorists will always be able to choose the target, the location and the timing. A target will be attractive to terrorists if it can potentially cause scores of casualties. This given, how certain are the big bosses at TSA that excessive high-tech is the best available answer to the threats today and in the feasible future? How far can we go with using technology to replace a human being? And in any case, where there is a machine-human interaction, who is in command? In other words, does the system rely on machine results or does the personnel have the power to overwrite machine reading? And if this procedure exists, why not use human capabilities more frequently?


Why is El Al aviation security so effective

Supporters of TSA’s current approach argue that comparing ElAl strategy and techniques with those used in US aviation security is like comparing apples to oranges, thus unreasonable. It is an argument that may sound plausible since El Al runs approx. 50 flights per day compared to more than 35,000 domestic and international daily flights by American companies. Still, this is not a valid comparison because what really counts is the strategies and the overall approach to the encountered and expected problems, not the number of flights. Some US airliners hired Israeli experts to improve security, but their initiative is not part of TSA strategy and is not mandatory. This article attempts to analyze El Al’s aviation security approach as an anchor reference aimed at proving why TSA must go back to the basics of aviation protection and make the proper changes in its procedures, its mentality and technology. To better understand the danger of over-using high-tech instead of people please read the article Uber-technology in www.omedia.org


The “why we shouldn’t do it” argument

Some insiders argue that even if US aviation security would be as effective as El Al, the tightened security measures would become a main motivator for terrorists to find alternative targets, which will increase the likelihood of opening a new terror front, creating new problems while resources are scarce and daily needs are growing exponentially. Such unsubstantiated claims definitely show a side-blind tunnel-vision approach which only substantiate the knowledge gap as to the “why”, “when”, “where” and “how” terrorists operate. More so, it reveals a troubling deep misunderstanding of the core ideology and religious-based underlying reasoning developed by extreme religious verbiage and highly sophisticated means used by terror organizations. If a new strategy is to be based on the Israeli approach, then this argument would be the less fact based since terrorism today does not divide activity in fronts or regions; it is transnational, transitional, and very much transparent.

Real-time rapid information sharing suffers still from the initial TSA birth diseases. It is a continuous impediment to the efforts of sharing vital information, resulting for example with a no-fly-list that contains wrong, non updated and widely misspelled names, which have become a repeated embarrassment to TSA, among which it is to mention the gross mistakes translating Arabic written names to English. This lack of info sharing manifests itself in many ways, sometimes creating absurd situations, but more so exposing the weakest links to terrorists known to scout airport premises with the purpose of finding security gaps that can be exploited. Implementation of stringent, unexpected and in-depth security checks is of primary importance and should be based on a randomly changing routine which would deny visible patterns from being studied by terrorists’ supporters and scouts. Undoubtedly, the security procedures, the triage system and the security check procedures used by TSA are not only expected and highly routine oriented, but its patterns are easy to define and learn. Predictability is in this case equivalent to no security.

El Al on the other hand is using a unique profiling method which is constantly updated and its efficiency continuously questioned. Much due to that, El Al has not encountered a hijacking since 1968 but was able to thwart numerous terror attack attempts, bomb planting, terminal passenger attacking and direct shooting attacks. A critical part of this highly effective system is the constant real time incoming updated information from domestic intelligence and police agencies, from international agencies such the Interpol and the Scotland yard, continuous information exchange and comparison of sources and information, all overlapping several databases for accuracy and redundancy.

As an integral part of the covert aggressive yet overt subtle gathering of real-time operational Intel, frequent random and targeted passenger questioning is conducted, some times in double or more sessions. As seen in the past, ordinary questioning which is part of this profiling method, may turn into a full interrogation if any warning lights lit up.

TSA keeps concentrating its main efforts on reactive countermeasures and technological coverage, which obviously involve heavy advanced hi-tech equipment while deterrence and risk management are of secondary importance. When a security system is so much based on technology, it is expected that in spite of the hi-tech equipment the results will vary, because of the human factor. Even if trained, not all security personnel has reached or maintain the same professional knowledge and capabilities. And how many passengers that “weapons” where found in their belongings, were actually terrorists, (excluding the shoe-bomber” who actually passed the inspection without suspicion)? None.

Given the abundance of human and financial resources allocated to TSA, and the ongoing personnel training and programs, some would agree that the aviation security system is working well. Others, including myself and many aviation security experts, will continue to have serious concerns about the current policies and methods intended to protect commercial aviation.

The outside thinkers see aviation security in a broader context, and are aware of the fact that statistical data is not an true indicator that the system works. On the contrary, these are warning signs that the bureaucratic system, once again, is working well, while the real aviation security challenges are not properly addressed and dealt with. A huge hierarchic, bureaucratic, multi-lateral multi-layer organizations, which the DHS and TSA became to be, can’t permit independent thinking or rule bending. Uniformity and compliance are key factors in this type of heavy, slow moving processing systems; pushing the envelope is a not-acceptable.

Moreover, while passengers’ “carry-on-board” bags are checked and screened, cargo is only partially screened. Furthermore, while pilots and flight attendants are particularly checked at every departure and arrival, mechanics, helpers, office staff, caterers, baggage handlers, airplane cleaners, maintenance and repair staff, and many other in an around the tarmac, are not properly screened or closely monitored. Yet, it is the people in those positions that are the closest to the most vulnerable part of the security system because of their formal, easy access. Although it may not look as such, this personnel is in a much more sensitive position than a pilot or a flight attendant. It is still relatively easy to bypass existing security measures, reach the tarmac and move around in restricted areas without being immediately picked up. We have had a living proof in the Arizona incident and in other similar events which didn’t attract the media’s attention or were minimized by TSA.


Better safe than sorry

The most common remark when comparing El AL’s security methods is that it is much easier to deal with the problem when it’s of the size of Israel as compared with US’s huge commercial fleet. Those that believe so, imply that size dictates the organizational structure, which in turn dictates how the system operates. If this assumption would be true, it makes sense to have a large bureaucratic basis to enable management of responsibilities. But a bureaucratic approach to a highly sensitive security system, always creates lack of efficiency and potential problems with execution of critical missions. The question is whether the existing doctrine is the best available strategy. I doubt it.

The best remedy to an acute problem is as extreme and aggressive as the sickness, given that the goal is to neutralize or eradicate it as quick as possible. When the security authorities in Israel and El Al understood the extensive damaging results to Israel’s deterrence by terrorists hijacking an Israeli airliner, the answer couldn’t be but one: it cannot happen again. The doctrine developed was action, not reaction. TSA operates mainly on a reactive “wait-see-respond” modus operandi. Passive protection is the wrong path to follow.


The problem lays in the strategic concept, not in the details

A large organization as TSA became to be must be managed by strict regulations, enforced rules and supporting procedures. Thus, when a security event occurs, it is dealt within the highly regulated rules and restrictions. TSA puts its emphasis on better training programs for operators and screeners, so that they can check better, faster and more accurately. The training is designed to take into account that passengers must be moved faster down the security check line to shorten the waiting time and minimize complaints. This practical business approach of customer service first designed to please the customer is proper if aviation security were about being customer friendly. The fact that aviation security is about security & safety first is totally opposed to behaving nice and friendly as a policy matter.

Security is never customer-friendly and any attempt to make it as such creates significant weaknesses and impediments. Effective and tight security is about preventing a perpetrator at all cost, all the time, from bypassing or fooling the system. This critical objective is not achievable if a political, religion or ethnic“ ”passenger correctness” is in placed, like the unwritten rules according to which TSA employees act, because of such considerations. In addition, TSA has to deal with real problems of information sharing, system compliance, interoperability, rivalries within DHS departments, and other urgent issues which are not resolved yet on a regular basis. The computerized system, which many looked upon as the savior tool to prevent pre-flight and in-flight terrorism is still functioning on a slim common basis of interest and on a shrunk and insufficient database, coupled by lack of background information and misleading data fed into the system without efficient filters in place. Relevant info from alternative sources are not, and in most critical situations cannot be dissipated in real time due to interoperability issues, incompatibility, lost data and a continuous lack of cooperation, in spite of serious efforts to overcome responsibility and command problems . Anti-productivity rivalries still play a destructive role, while mid and high level management occupying the increased number of offices departments and units, continue to play power games that only generate more problems.

Moreover, security correctness results de facto in an approach that prevents collecting essential information directly from passengers, and forbids aggressive questioning when necessary. The reluctance to attack the source of the potential problem resulted in unnecessary futile procedures which cannot produce ad-hoc, real time information. Security wise, passenger questioning is not an integral part of the filtering and sifting-through process today, because of political correctness aimed at pleasing the business aspect while compromising on the security part of the equation. CAPPS II for example, was intentionally construed so that it does not contain sensitive information on passengers, and even mentioning the place of birth of a person in the lists is considered offending, because such questions fall under the definition of profiling, a taboo word not to be even mentioned let alone to actually be used.