Richard Duncan heads up the security detail at the U.S.'s busiest passenger airport, with as many as 89 million passenges expected in 2005. He shares his thoughts on access control, the effects of 9/11 and more in this interview with SecurityInfoWatch.com
Photo credit: Courtesy Hartsfield Jackson Atlanta International Airport
[Editor's note: 'At the Frontline' is part of a joint interview that Security Technology & Design and SecurityInfoWatch.com do each month with a top-level security director. For the rest of this interview, see page 84 (the back page) of the May 2005 issue of Security Technology & Design magazine.]
With almost 10 years here at Hartsfield, what are some of your reflections on the way security has changed?
I would say security has changed as much as night and day at airports. When I first came here, our primary initiative at that time was preparation for the Olympics [Atlanta, 1996]. We invested a lot of money and resources into improving the airport to meet the requirements that are necessary to host the international games here. And so there were some improvements done at that time in recognition of the Olympics. When 9/11 took place, that was primarily a change in mindset, because we had already set upon a path to improve the security at the airport, and so we were in better shape than a lot of other airports when it came to what we had to do to prepare the airport to reopen after the 9/11 incident. So we had the people in place and the technology in place that we needed at that time to provide the secure environment. What we have been doing recently is upgrading our perimeter and adding concrete barriers to our fence line, primarily to stop vehicle access from driving through the fence and getting onto the secure side of the airport. And of course there are our large construction projects that have been ongoing and weâ€™re preparing to bring those facilities online within the security environment.
What do you foresee in the next 10 years?
I donâ€™t know what the next 10 years will hold. What we are moving toward would be the ability to better control the movement of individuals and knowing who those individuals are as they pass through an airport. You will see that primarily through the airlines and the TSA getting more information on passengers, and getting more information on and more control of international visitors to the United States through the US-VISIT program ... knowing when they came in and when they leave the country. Then as far as the impact for airport workers, [the future is] having the airport workers better identified and controlled from a biometric point of view as opposed to just a badge and their PIN number for gaining access. The biometric part of it will eventually come into the airport environment.
Itâ€™s about tightening up the access without negatively affecting operations. You always have to consider the impact upon the operation and identify where the risks and vulnerabilities are so that the operation can continue to function even in a secure environment.
What are you doing to manage all of the access control data, as well as your video feeds and security and emergency operations?
Our control room is collocated with the police control center. We have a consolidated public safety answering point here at the airport. It has the monitors; it has the computer-aided dispatch system; it has feeds from the access control system, the panic alarms. Basically, itâ€™s the same as a police dispatch center that youâ€™d find at a major station, but we have one here at the airport to include our E911 system. The police actually control the center because of all the sensitive items that they have to deal with and the telephone systems associated with it. The persons that work in it are under the direct command of the police.
Todayâ€™s airports have a large number of retail shops. Do their CCTV systems interplay with yours?
No. If a retailer wants to install a closed circuit television for keeping watch on their cash register or for loss prevention, that would be a closed network for that retailer. We would not have a need to have access to the interior of their store. Itâ€™s still leased space, so the tenant controls what goes on in there.
We do work with the tenants if thereâ€™s an issue associated with a particular location, and if we have camera coverage near that location, then we will look at that camera to see what took place and provide support for them in that regard, for internal theft.
Where does your security system meet up with the cargo security programs in place?
We work with the cargo operators to control access to their facilities. Personnel access and vehicle access and control of items that items are brought through the cargo area into the airport are what weâ€™re concerned about. Where there facility security interacts with our security line is where I take full responsibility. But if itâ€™s taking place inside their building, then the tenant has the primary responsibility for controlling that activity.
How are you handling security while constructing the underground baggage handling area that is currently being built?
The facility, once itâ€™s finished, will be operated by the TSA. Before the project started, we worked with the planners to establish a security control plan that would allow them to work within that area and ensure that the security lines were maintained at all times. And as the project progresses, we move that line of control depending on where the openings are within that project. Weâ€™re in the final phases of the road side of the project, so at that point we will start dealing with the conveyor belts and the openings that will allow entrance into those facilities.
Delta has announced that they are planning on revamping and renovating part of Concourse C. How will those internal renovations affect the security plan?
Before the process starts, there is a lot of coordination between the contractor, the company that sponsors the contract, and the department of aviation, primarily through our planning and development areas. And those plans are staffed with the various elements to include security, to assess the impact of the contract on the operations of the airport. We then have the opportunity to provide recommendations into those drawings before they're actually implemented at the airport. So we work closely with the tenants and their contractor to ensure that the areas are taken care of as the project develops. We would have to incorporate those changes into our security plan, and also into our electronic surveillance systems, so those would be incorporated within our systems.
What are some of the inherent challenges of trying to secure construction zones?
One of the inherent challenges of dealing with construction zones is ensuring that the persons that are working in that zone are controlled at all times while theyâ€™re within that zone, and that they stay only within that authorized zone. The way we do that is that we badge as many of the construction workers as we can. Some construction workers, because they only show up one day to deliver a product or for a very short period of time to do something, are allowed to be escorted by the contractors into the area. They get signed in and logged out of the facility. Currently itâ€™s a manual process. Weâ€™ve looked at the electronic systems, but it would be a challenge because it would often be at a remote gate.
Is the employee mindset on security changing? Are people still thinking, â€œSecurity, oh, thatâ€™s just Richard Duncanâ€™s concernâ€, or have employees starting to embrace it and see that security is everyoneâ€™s concern?
We try to instill upon everybody that comes through our office for a badge that security is their responsibility and that itâ€™s everybodyâ€™s responsibility. And the individual has to sign a statement as to what their individual responsibilities are in relationship to security. Then we reinforce that through the Hartsfield Harry program. The other side of our program is the compliance and enforcement aspect of it, so if my people observe an individual violating a security process, then they can receive a breach of rule notice, and a breach of rule notice can result in the losing of your access, additional training, and even a penalty or fine associated with it. That breach could be anything â€“ propping a door open, not wearing your badge, failing to challenge an individual, failing to control someone you bring into the area â€“ those types of things are outlined within the program?
We also conduct security awareness training, and they receive a briefing on the security procedures they are expected to implement. We started our Hartsfield Harry program in 2000. And one of the reasons we recommended that program is because people are hesitant to get outside of their comfort zone. That is, if they see someone who is not properly wearing their badge, they might let that person go. But with the Hartsfield Harry program, it encourages employees to challenge people on the ramp. And if you are caught without your badge, they can come up and challenge you. And if you are the person who is playing the â€œHarryâ€ role, then they are rewarded with a $25 check, and their names are entered into a drawing for an even larger award. To me that program has been very positive because we have had a lot of good comments coming from them [the ramp employees].
Can you tell our readers more about your badging system?
As far as materials, we probably use in the neighborhood of 50,000 sets of badge materials in a year, and thatâ€™s a combination of new issues, reissues, and of course the replacement process for damaged badges. If someone loses a badge, itâ€™s reported to us and thereâ€™s a penalty or a replacement fee associated with a lost badge. We donâ€™t have that great of a loss factor. We have to keep our loss factor down below 5 percent; thatâ€™s a TSA requirement. If you go above 5 percent, you have to replace your entire badge sequence.
When 9/11 happened, what were your first thoughts and your first reaction?
Well, for the first hour or so, when the first plane hit, everybody thought it was an accident, so it was more of trying to assess what had taken place. And then information started coming in and we realized it had a lot more implications than just one airplane hitting a building, and then there was the second airplane. By the time the second airplane hit, we had already started forming our command and control center to start operating and assessing what impact it would have upon our airport. And as the day progressed, we implemented the security measures that came down from the FAA at that time. Probably within a couple hours, they basically stopped flights out because they told everyone that the airspace would not be opening back up soon. So once the airspace was closed, the logical thing to deal with was â€œWhat are you going to do with all the people who are standing here waiting to take a flight?â€, and so we started encouraging passengers to leave the airport and find some other means of traveling or finding some other location that they could go. We cannot sustain that large a number of people for a very long period of time.
Did you have to increase the size of your staff following 9/11?
I think we basically had already started putting in requests to increase security and the security staff, and I think Iâ€™ve added directly onto my staff maybe six positions since 9/11. And then this year, we have added additional staff, primarily in preparation for the new facilities that will be coming online in the airport. We have 36 full-time security staff members. In addition to the police, we also have a contract security staff that also provides access control staff at the gates. These would be the people who actually interact with the people who are trying to authenticate their badges as they come onto the airport.
Can you describe the basic processes you use to respond to security incidents?
The first is the notification that goes out. There is a notification system in place thatâ€™s run primarily through our operations station. They will send out a notification to our tenants, the airlines and the DoA (Department of Aviation) staff to tell them what has taken place, and then they will update those notifications. Once the incident has taken place and is beginning to stabilize, we also have a group working on the coordination and preparing to reopen the airport. So itâ€™s a continuous type of operation that takes place to ensure that all parties are kept informed of the activities.
Notification is primarily through text messages, Blackberry type of notification and some paging that would take place in the airport. We will use the airport-wide paging system to notify people also.