On the morning of September 11, 2001, when Mohamed Atta and 18 other al-Qaida-affiliated terrorists checked into their various flights emanating from Boston's Logan International Airport, Liberty International Airport in Newark, N.J., and Dulles International Airport in Washington, D.C., airport security protocols for screening and boarding passengers were dangerously quick and easy. The worst that could happen is that a passenger, like Atta, would be selected for closer scrutiny and subjected to a security procedure called CAPPS (Computer Assisted Passenger Prescreening System), where the only consequence was holding a ticketed passenger’s checked bags until boarding was confirmed.
Prior to Sept. 11, airport security in the United States permitted passengers to approach their gates at the last minute without a boarding pass after they had filtered through a security checkpoint that required no ID and asked no questions. There were no restrictions on liquids in your carry-on bags or box-cutters and knives in your pockets. Your shoes and overcoats were allowed to stay on your person. There were no high-resolution full-body scanners to step through or 3D-imaging X-ray devices to screen your luggage. Prior to 2001, the concept of a suicide bomber on a commercial airline was unimaginable.
According to the 9/11 Commission Report issued in July 2004, more than three years after Atta and the other Saudi-based terrorists murdered close to 3,000 people by crashing commercial airliners into New York’s World Trade Center, the Pentagon and a Pennsylvania field, “By 8:00 A.M. on the morning of Tuesday, September 11, 2001, they had defeated all the security layers that America's civil aviation security system then had in place to prevent a hijacking."
The evolution of airport security since 9/11 has been forged by many subsequent challenges that have grabbed frightening headlines -- from a shoe bomber and potential explosive liquids to the morbidly humorous underwear bomber. These threats also provided the momentum for Congress to pass the Aviation and Transportation Security Act and create the Transportation Security Administration in November 2001, which now is an agency of more than 65,000 employees.
The Evolution of Aviation Security MitigationThe success the TSA has had in thwarting terroristic mayhem in American airports and on its airlines is undeniable when you consider there has not been a successful attack on a commercial airline in the U.S. in the two decades post-9/11. But most security experts agree that success can breed complacency, so aviation security professionals like Lee Kair figure their key role is to ensure that the industry stays one step ahead of the bad guys.
“The issue is that aviation security has always looked at risk as threat vulnerability and consequence. You have to actually have an active threat in order to have a risk that you have to mitigate. Everyone knows there are vulnerabilities, but if there's not a threat, it's challenging to make the argument that you had to put a mitigation in place to counter that threat. If you go back way before 9/11, they initially started putting walkthrough metal detectors in place because there was a handgun threat for a hijack. They weren't necessarily as concerned about explosives, so there was not widespread use of explosive trace detection or other things,” says Kair, a former head of Security Operations at TSA and currently a Principal and Head of Security Risk & Resilience Federal Strategy Practices with the Chertoff Group, a global advisory services firm.
The reality of aviation security is that airlines and airports historically did as much as they felt necessary to maintain the illusion of safety and security with passengers while minimizing the impact on their bottom lines. The heyday of airline hijacking began in earnest on May 1, 1961, when the first U.S. Airline flight was hijacked to Cuba. A National Airlines flight from Marathon, Fla., to Key West, was hijacked by a man carrying a knife and a gun who demanded the flight divert to Havana where he said he had been hired to assassinate Fidel Castro. This began a spate of hijacking to Cuba and elsewhere over the next two decades.
Whether the hijackers demanded a free trip to Cuba, Russia or Rome, or held the airline hostage for a proposed ransom, hijacking wasn’t considered a major threat to industry and was viewed by some executives as the cost of doing business or by passengers as an adventurous inconvenience.
However, as the public and airlines both began to tire of the regular interruptions in operations and the potential for bad outcomes increased, the industry knew they had to act. While airlines were not on board with requiring compulsory passenger screening and establishing terminal checkpoints, the FAA launched an anti-hijacking task force in 1968. The task force eventually decided to make ticket agents the first line of defense since they interacted with passengers getting a boarding pass or tickets and were trained to notice “suspicious” behavior. Of course, this was no more than window-dressing. But a serious detour in the security mindset would take almost 15 years to occur.
The hijacking of TWA Flight 847 transformed the concept of airline hijacks from a nuisance event into a deadly global game of cat and mouse. In June of 1985, for 17 days, TWA flight 847 was forced to crisscross the Mediterranean by Mohammed Ali Hamadei and two collaborators, with his 153 passengers and crew members, from Beirut to Algiers and back again, landing in Beirut three times before finally coming to rest. During the ordeal, passengers were tied up and many beaten. On their initial stop in Beirut, the terrorists severely beat a U.S. Navy Seal and eventually shot and killed him on live television in front of the opened aircraft aft door, throwing his body some 30 feet onto the tarmac. This gruesome, made-for-television event was a catalyst for the post-9/11 mandate for more stringent security and safety regulations.
“The government put mitigations in place as new threats emerged, even though there was recognition there were other vulnerabilities. When you had the shoe bomber attack, which happened right after 9/11, we had to put mitigations in place and take your shoes off and do other things to make sure that bad guys weren't putting bombs in shoes. And then you move forward to the underwear bomber and that's when we put mitigations in for whole body imaging or AIT. Then we saw the explosives being hidden in your carry-on, in different configurations and so they updated training, they put new technology in. That's when we got to CT to have better imaging capability,” explains Kair. “With every new event it's always that risk equation where you have to have a threat as the impetus to being able to put mitigations in place, but it puts you in the position of always saying, ‘Well, why didn't you think of that ahead of time and have these mitigations already in place?’ You're always having to play a little bit of catch up to overcome the threat portion of it and you're always trying to balance efficiency and effectiveness.”
Kair insists that TSA could take security to the next level and make it extremely effective in stopping everyone going through airport checkpoints. However, he admits it would make air travel unbearably cumbersome and require more staffing.
“It’s always that balance of efficiency and effectiveness to mitigate the aviation risk scenario that you're trying to overcome. There are very few times that you can actually increase efficiency and increase effectiveness at the same time, which is why we're excited about what we're doing. It's one of those rare cases where you actually can have a better outcome and be more efficient at the same time,” says Kair, referring to a potentially revolutionary security concept he, The Chertoff Group and Integrated Defense and Security Solutions (IDSS), are collaborating on to take aviation security into the clouds.
A New Slant on Airport Security
Kair has just seen a U.S. patent issued on his innovative system to enhance aviation security operations and provide significantly higher officer performance and efficiency. The Chertoff Group, partnering with IDSS to develop a solution based on Open Architecture DICOS imaging standards utilizing this patented technology, which will allow access and interoperability with any checkpoint or checked baggage computed tomography (CT) system located anywhere in the world.
CT X-ray technology is derived from the medical space and used to find threats to aviation. CT systems take a series of X-ray images of a traveler’s bag, and electronically “stitches” them together into a high-resolution, three-dimensional rendering. A key component of the patent is its covert node, which allows bomb technicians at a secure non-airport location to create bags with real threat items and remotely assess the performance of all officers operating in the massive multiplexing environment concurrently.
According to Kair, government entities armed with these insights can now target individuals for focused instruction and practice, and train artificial intelligence (AI) and machine learning (ML) algorithms. These system-wide performance insights can also inform enhancements to standard operating procedures and detection algorithms.
“Just like with the traditional X-ray, the first deployment of CT has a person standing next to it, evaluating the images. That's a pretty inefficient position because there's a lot going on in that machine and that person is also idle quite a bit. Another problem is that person is on a rotation within the checkpoint, so they move from that position to the walkthrough, to the AIT, to doing bag searches. You don't get much specialization or real proficiency on that one position because they're always on a rotation,” says Kair, explaining that there's a concept called multiplexing -- or remote screening -- where TSA officers take those images, port them to a conference room that's adjacent to the checkpoint, and begin comprehensive screening.
“It is similar to what they do in the check baggage environment, where you have a quiet atmosphere, lights dimmed, and you can concentrate on what you're doing. You have specialized officers, but you can do that at the back of the checkpoint to allow you to multiplex those lanes,” he adds.“What we're working on is really two things. One is related to the patent. The idea is if you're able to port that image to the conference room that's adjacent to the checkpoint, why couldn't you actually port that same image 100 or 1,000 miles away and do remote screening that is very redundant and with a lot of resilience so that you don't have issues with IT security and other risk issues? If you could do that, then it would allow you to shape peaks across the country, by time zone and by carrier so that you can more efficiently utilize your people,” Kair continues. “This solution allows TSA to have specialization where they can implement effective and highly trained people. This system's use of massive multiplexing and associated covert nodes presents a rare opportunity for significant labor savings and increased airport security performance. TSA can build out these interpretation centers across the country to centralize the (airlines’ baggage) screening and realize much more efficiency and better effectiveness.”
Kair says that his team at Chertoff has been working with IDSS using private funding and government contracts to develop this system insisting that the solution is not about reducing headcount but more about moving staff that is doing the image interpretation remotely and having them work as a specialized group. For Kair, it’s all about helping an airport better utilize its staff to mitigate threats that are identified either locally or identified remotely to be more effective in handling those baggage peaks and valleys that every airport across the country experiences. Because image interpretation can be conducted offsite, this is a great solution for cargo carriers, both for passengers and all cargo.
“This could also help achieve regulatory requirements from regulatory authorities such as TSA and the EU,” he concludes, adding that the solution will likely be brought to market at domestic and international airports and that the open-architecture technology is built so any CT manufacturer can use this platform if they use the industry standard DICOS format.
About the Author: Steve Lasky is a 34-year veteran of the security industry and an award-winning journalist. He is the editorial director of the Endeavor Business Media Security Group, which includes magazines Security Technology Executive, Security Business and Locksmith Ledger International and top-rated webportal SecurityInfoWatch.com. Steve can be reached at [email protected]