Cover Page ACE – Security Module 1 Page 2 American Association of Airport Executives Accreditation Module 1 Airport Certified Employee (A.C.E.) Security The History of Aviation Security Aviation Security Policy Development Roles and Responsibilities Jeffrey C. Price, M.A., C.M. Owner - Leading Edge Strategies Associate Professor – Metropolitan State College of Denver Table of Contents Introduction ..................................................................................................................................... 1 Introduction ................................................................................................................................. 1 Module 1 Objectives ....................................................................................................................... 2 Abbreviations Used in this Module ................................................................................................ 3 The History of Air Terrorism and the Development of Policy and Procedures ............................. 4 The History of Air Terrorism ...................................................................................................... 4 The International Civil Aviation Organization (ICAO).............................................................. 6 The Tokyo Convention, 1963 ................................................................................................. 8 The Hague Convention, 1970 ................................................................................................. 8 The Montréal Convention, 1971 ............................................................................................. 8 Post 9/11 and Today................................................................................................................ 9 The Beginning of Air Terror ....................................................................................................... 9 The U.S. Government Responds ............................................................................................... 11 Air Terror in the 1970s ............................................................................................................. 12 Air Terror in the 1980s ............................................................................................................. 13 Air India Flight 182 – PPBM and Checked Bag Screening.................................................. 13 TWA Flight 847 – Flight Crew Training and Grounded Aircraft ........................................ 14 Rome and Vienna – Airport Attacks ..................................................................................... 15 EgyptAir 648 – Sky Marshals and Commandoes ................................................................. 16 Air Lanka – Employee Facilitated Attack ............................................................................ 16 Pan Am Hijacking – Disable Aircraft and Ramp Security ................................................... 17 El Al Attempted Bombing – Passenger Profiling ................................................................. 17 Korean Airliner Bombing – State Sponsored Air Terror ...................................................... 17 PSA Flight 1771 – Employee Identification ......................................................................... 18 Pan Am Flight 103 – Lockerbie, Scotland ............................................................................ 18 Avianca Flight 103 Bogotá, Colombia – Narco Terrorism................................................... 21 Aviation Security Improvement Act of 1990........................................................................ 21 Air Terror in the 1990s ............................................................................................................. 22 The World Trade Center Bombing and the Oklahoma City Bombing – non aviation events with impacts on aviation security ......................................................................................... 22 FedEx Flight 705 – Employee Hijack Attempt..................................................................... 23 Air France Flight 8969 .......................................................................................................... 23 The Manila Air Plot – Operation Bojoinka........................................................................... 25 TWA Flight 800 .................................................................................................................... 25 Aviation Security and Anti-terrorism Act of 1996 ............................................................... 26 Millennium Bomber – Airport Attack .................................................................................. 27 Problems in Aviation Security Continue .............................................................................. 28 The Airport Security Improvement Act of 2000................................................................... 28 September 11, 2001 .................................................................................................................. 29 Introduction ............................................................................................................................... 33 The Aviation and Transportation Security Act of 2001............................................................ 33 Key Issues ............................................................................................................................. 36 Aviation Security Events since 9/11 ............................................................................................. 42 LAX Airport Shooting – Terminal Attack ............................................................................ 42 Russian Airliner Bombings ................................................................................................... 43 Liquid Bomb Plot – Again .................................................................................................... 43 Attacks on Aviation Continue into the 2010’s ...................................................................... 44 Summary ................................................................................................................................... 46 The Aviation Security System: Agencies, Entities and Responsibilities ...................................... 47 The Department of Homeland Security .................................................................................... 47 The Transportation Security Administration ............................................................................ 47 The Federal Security Director ............................................................................................... 48 Federal Air Marshals............................................................................................................. 50 The Canine and Explosives Program .................................................................................... 51 Explosives Unit ..................................................................................................................... 51 Screening Passengers by Observation Techniques (SPOT).................................................. 51 Aviation Direct Access Screening Program (ADASP) ......................................................... 52 Other Government Agencies................................................................................................. 52 Airport Security ........................................................................................................................ 53 The Airport Security Coordinator ......................................................................................... 53 Law Enforcement .................................................................................................................. 53 Airport Operations ................................................................................................................ 54 Air Carrier Security................................................................................................................... 54 The Airline Station Manager ................................................................................................ 54 Aircraft Operator Security Coordinator (AOSC) .................................................................. 55 Ground Security Coordinator (GSC) .................................................................................... 55 In-Flight Security Coordinator .............................................................................................. 55 Corporate Security and Loss Prevention............................................................................... 55 Industry Organizations .................................................................................................................. 56 Summary ................................................................................................................................... 56 References ..................................................................................................................................... 57 From the Author Ten years after 9/11, we have updated the ACE-Security modules for the third, and not likely the last, time. Many events in aviation security occurred during the past decade and the modules have evolved as well. This module update includes information about the attacks on aviation since the 2007 update, as well as policy and procedural changes. The modules are also becoming focused on the role of the Airport Security Coordinator and the responsibilities of the airport operator in aviation security, rather than a broad-based look at all things avsec. Consider this the Expert ASC course. This module update has reduced some of the details in the history, policy development and airline security areas to make room for more information related to the ASC. While these modules will be as up-to-date as possible upon publication, the industry never stops evolving, and threats and attacks on aviation are ongoing. If you see something out of date, please write to me at jcprice@leadingedgestrategies.com so I can correct it in future versions. While Airport Security Coordinators and airport directors have different perspectives on the role of the TSA and the Federal Security Director at their airports, it is the position of AAAE that the best practices approach to airport security is to work cooperatively rather than uncooperative with the federal government. Additionally, although regulations and certain guidance documents, such as the TSA’s Complete Airport Security Program guide, delineate what actions must be taken to ensure compliance, Federal Security Directors and others have differing interpretations of the regulations and the guidance. Therefore, what may be approved (or not approved) at one airport may not be the case at another simply due to different interpretations from the FSD’s at those locations. Thank you, Jeffrey C. Price, M.A., C.M. Owner, Leading Edge Strategies Associate Professor, Metropolitan State College of Denver Lead Author: Practical Aviation Security: Predicting and Preventing Future Threats, Butterworth Heinemann, 2009. April 1, 2011 ACE – Security Module 1 Page 6 Introduction Introduction The purpose the ACE-Security program is to enhance the knowledge of individuals who operate on an airfield and share in the responsibility for the safety, operation, security and maintenance of airports. A secondary goal is to prepare individuals for the AAAE Certified or Accredited Member programs. Successful study and completion of an examination over this module and three others will result in recognition as an Airport Certified Employee – Security (ACE–Security). The certification represents that each individual has received focused instruction on the current operating practices and knowledge requirements of Title 49 Code of Federal Regulations (CFR) Section 1500 (and associated parts). This course covers all sections during a three-day period. A comprehensive, multiple-choice exam is administered on the fifth day. A score of 70 or higher will result in certification as an ACE–Security. The A.C.E. – Security course is designed to raise the level of awareness and understanding of security to an airport staff member, allowing that individual to make better decisions and judgments when assessing hazards and risks at the airport. The program also allows the individual to implement the requirements of the Transportation Security Administration’s regulations and best security practices. ACE – Security Module 1 Page 1 Module 1 Objectives • Explain the role of ICAO and it’s impact on aviation security regulations and practices • Know the lessons learned in regards to the key terrorists and criminal attacks on aviation • Explain the impact of legislation on aviation security • Know the roles and responsibilities of individuals and entities within the aviation security system ACE – Security Module 1 Page 2 Abbreviations Used in this Module AOA – Air Operations Area AOSC – Aircraft Operator Security Coordinator ASC – Airport Security Coordinator BATF – Bureau of Alcohol, Tobacco and Firearms CASFO – Civil Aviation Security Field Office CHRC – Criminal History Records Check DHS – Department of Homeland Security EDS – Explosives Detection System ETD – Explosives Trace Detection FAA – Federal Aviation Administration FBI – Federal Bureau of Investigation FSD – Federal Security Director GSC – Ground Security Coordinator IATA – International Air Transport Association IED – Improvised Explosive Device ICAO – International Civil Aviation Organization LEO – Law Enforcement Officer NTSB – National Transportation Safety Board SARP – Standards and Recommended Practices TSA – Transportation Security Administration WMD – Weapon of Mass Destruction WTMD – Walk Through Metal Detector ACE – Security Module 1 Page 3 The History of Air Terrorism and the Development of Policy and Procedures The History of Air Terrorism The development of policy and procedures within the aviation security system are most often traced back to specific terrorist or criminal acts. Unfortunately, many of today’s security measures have been paid for with the deaths of innocent lives. Aviation security policy has, unfortunately, been highly reactive. However, one is hard pressed to imagine that the U.S. could have implemented today’s security measures if the events of 9/11 had never occurred. While there were gaps in the system, it was not for a lack of trying to close those gaps on the part of many aviation security practitioners who were in the industry prior to 9/11 – many of whom are still in the industry today, still trying to keep our nation’s airways safe. For many Americans, the terrorist attacks on 9/11 were a shock due to the enormity of the crime but also because no one had ever considered that style of attack. The U.S. aviation security system, and for that matter, much of the world’s aviation security system, was designed to prevent or deter bombings and “traditional” hijackings, such as those conducted for political or financial motives. Few recognized the possibility of using an aircraft as a weapon of mass destruction. However, versions of the aircraft-as-WMD scenario have occurred or been attempted several previous times, both in reality and in fiction. A few are noted here: • In 1970, Eastern Airlines passenger John Devivo stormed the cockpit with a gun, ordering the pilot and first officer to fly around until the plane ran out of fuel and crashed. Shots were fired, wounding the copilot, and Devivo was shot twice as bullets flew out the cockpit door into the passenger cabin. Devivo was subdued, and the plane landed safely. • In 1972, three accused rapists took over a commercial flight and threatened to crash the plane into a U.S. nuclear power plant. • In 1974, Samuel Byck, armed with a handgun and a gasoline bomb, shot his way onto a Delta Airlines jet at the Baltimore Airport intending to crash the plane into the White House. A police officer and the aircraft’s First Officer were both killed. The aircraft never left the gate before Byck himself was shot by a responding officer. ACE – Security Module 1 Page 4 • Also in 1974, Army Private Robert Preston flew a stolen helicopter to the White House, hovering for several minutes before landing on the South Lawn. • In 1987, disgruntled airline employee David Burke on PSA Flight 1771 stormed the cockpit over San Luis Obispo, California, shot a passenger, then stormed the cockpit and killed both pilots. He then committed suicide as the plane plummeted out of control, crashing and killing all 43 onboard. • In 1994, Federal Express employee Auburn Calloway was jump-seating on a FedEx flight when he attacked both pilots with hammers, planning to kill the pilots and crash the plane. Despite severe injuries to the Captain, First and Second Officer, they were able to prevent Calloway from taking over the plane and landed safely. • Also in 1994, the Armed Islamic Group took over an Air France jetliner and planed to crash it into the Eiffel Tower in Paris. French commandoes stormed the plane and killed the hijackers while the plane was on the ground refueling. • Again in 1994, Frank Corder crashes a Cessna 150 into the White House. • Even in fiction, using an aircraft as a Weapon of Mass Destruction had been imagined. In the Tom Clancy novel, Debt of Honor, an airline captain is himself the hijacker; he intentionally crashes his Boeing 747 into the U.S. Capitol. In 1999, the diary of Columbine killer Eric Harris contains a plot to hijack an aircraft and crash it into New York City. However, the lack of success and an overwhelming number of bombings and hijackings (at least 700 hijackings throughout the world since the beginning of aviation) helped form the policies that would prevent more casualties from these types of attacks, but may have also kept our attention focused on a particular style of hijacking, while ignoring, or not realizing, other options available to hijackers. While there have been a few incidents prior to 9/11 in which hijackers attempted to crash an aircraft into the ground, in virtually all instances, few believed that the hijackers themselves would pilot the aircraft. In all of the previous actual incidents, the hijackers attempted to force the pilots to fly into the ground – which is an unlikely expectation. There are only three exceptions – two incidents in which the aircraft captain crashed his ACE – Security Module 1 Page 5 own plane, and in the fictional Clancy novel above, the captain was also the “hijacker.” Air terrorism historically has been reflected in acts of hijacking and bombings. There have been a handful of surface-to-air missile attacks, a few airport shootings and bombings, and even a couple of mortar attacks on airports, but primarily, aviation policy has been built on the premise of preventing hijackings and bombings. Criminal acts are also part of our aviation security record. Assaults on airport employees, airline crewmembers and other passengers (air rage), and sabotage of aircraft and airport facilities are on the list of common criminal activity. The International Civil Aviation Organization (ICAO) The International Civil Aviation Organization (ICAO) was established in Chicago on December 7, 1944, at the Convention on International Civil Aviation to “…secure international co-operation and highest possible degree of uniformity in regulations and standards, procedures and organization regarding civil aviation matters,” which include aviation security measures. ICAO is a specialized agency of the United Nations charged with ensuring the safe and orderly growth of international civil aviation throughout the world. The assembly meets at least once every three years. Each Contracting State is entitled to one vote, and the majority rules. ICAO now consists of 188 member States. ICAO’s Council adopts Standards and Recommended Practices (SARPs) contained in Annex 17 to the Chicago Convention in 1974 for the safeguarding of international civil aviation. The ICAO Security Manual contains guidance material on the interpretation and implementation of the SARPs of Annex 17. In the wake of terrorist attacks on September 11, 2001, ICAO developed an Aviation Security Plan of Action for strengthening aviation security worldwide. ICAO has developed a training program to assist States in implementing the Annex 17 aviation security standards. ICAO’s security-related work is carried out in three inter-related areas: policy initiatives, security audits and assistance to States that are unable to address serious security deficiencies. Security audits are performed under the Universal Security Audit Program and are managed by the Aviation Security Audit (ASA) Section. Short-term or urgent, security-related assistance to countries is available through the Implementation Support and Development (ISD) Program, ACE – Security Module 1 Page 6 managed by the ISD-Security Section. Long-term project assistance is available from the ICAO Technical Co-operation Bureau. Security policy is the responsibility of the Aviation Security and Facilitation Policy (SFP) Section1, which promotes the implementation of Annex 17 through seminars and workshops from airports, airlines and law enforcement agencies, as well as through the dissemination of guidance material. In addressing the evolving threat to civil aviation, ICAO relies on the advice of experts who sit on the Aviation Security Panel. Established in the late 1980s, the Panel is comprised of 27 members nominated by States, and five observers from industry. The Panel develops ICAO security policy, responses to emerging threats, and strategies aimed at preventing future acts. ICAO also oversees the tagging of commercial explosives by their manufacturers, develops programs to enhance the security of travel documents, and develops training and course material for use by civil aviation personnel in topics such as airline and cargo security and crisis management. ICAO documents offer guidance and information on: • • • • • • • • • • • The protection of aircraft, including pre-flight precautions, aircraft searches and control of access to aircraft. Airport access control systems, physical security measures, background checks, personnel identification systems design, and vehicle permits. Quality control, including security inspections and audits, security tests and training of security staff. Airport design as it relates to security, including minimizing the effects of an explosion on people and facilities. Managing responses to unlawful acts against aviation. Security equipment (WTMDs, X-Ray) and explosives. Search and evacuation guidelines. Surface to air missiles defenses that are available on aircraft and procedures airport operators can take to minimize the threat of surface to air missiles. Incident command and emergency operations. Model airport and aircraft operator security programs. Transportation of dangerous goods. 1 In addressing the evolving threat to civil aviation, ICAO relies on the advice of experts who sit on the Aviation Security Panel. ACE – Security Module 1 Page 7 To identify and correct deficiencies in the implementation of ICAO standards, mandatory, consistent, systematic audits are central to ICAO’s Aviation Security Plan of Action. The plan also includes methods to: • • • • • Identify and assess global responses to new threats and take action that includes the protection of airports, aircraft and air traffic control centers. Strengthen security-related provisions in the annexes to the Convention on International Civil Aviation to protect the flight deck. Coordinate with security audit programs. Publish results of security audits but protect confidentiality of those results. Develop follow-up programs to assist states (countries) in fixing deficiencies in their AVSEC (Aviation Security) capabilities. ICAO has held several conventions affecting aviation security including: Tokyo, The Hague and Montreal 1971.2 The Tokyo Convention, 1963 The Tokyo Convention addressed offenses and other acts committed onboard an aircraft that affect the safety of the flight, or individuals on the flight. The Hague Convention, 1970 The Hague Convention required states to make hijackings punishable by severe penalties and to either extradite or prosecute offenders. Additionally, it required government and countries in which a hijacked aircraft landed to take measures to restore control of the aircraft to its owner and “facilitate the continuation of the journey of the passengers and crew as soon as practical…without delay return the aircraft and its cargo to the persons lawfully entitled to it. ” The Montréal Convention, 1971 The Montreal Convention covered attacks on aircraft, whether in-flight or on the ground, and defined three types of offenders: 1. One who commits an act of violence against a person onboard an aircraft in-flight that endangers the safety of the flight. 2. A person who destroys an aircraft or causes damage to the aircraft rendering it incapable of flight or endangers its safety while in-flight. 2 ICAO is now headquartered in Montreal where all conferences are now held. ACE – Security Module 1 Page 8 3. A person who places (or causes to be placed) a device or substance likely to destroy or damage an aircraft. In 1988, the scope of the Montréal Convention was broadened to cover attacks on airports. Throughout the history of air terrorism, ICAO has made numerous recommendations, many of which are highlighted in the text that follows each of the security incidents outlined below. Post 9/11 and Today Following 9/11, the 33rd Session of the ICAO Assembly conducted in Montreal in February of 2002, adopted Resolution A33-1, Declaration on Misuse of Civil Aircraft as Weapons of Destruction and other Terrorist Acts Involving Civil Aviation. As a result, ICAO recommends a uniform approach to aviation security, including an ICAO Aviation Security Plan of Action requiring regular, mandatory, systematic and harmonized audits to enable the evaluation of aviation security in member states. The program is known as the ICAO Universal Security Audit Program (USAP) and is addressed in Module 4. The Beginning of Air Terror The first recorded aircraft hijacking was on February 21, 1931, in Arequipa, Peru. Byron Rickards, flying a Pan American Ford Tri-Motor mail plane, was approached on the ground by armed revolutionaries who demanded to use the plane to drop propaganda leaflets over Lima, Peru. The pilot refused to fly them anywhere and, after a ten-day stand-off, was released after agreeing to fly one of the hijackers to Lima. Between 1947 and 1958, 23 hijackings mostly committed by eastern Europeans seeking political asylum were reported. The world’s first fatal hijacking took place in July 1947, when three Romanians killed a flight crew member (Rumerman 2007). Another new threat started to emerge in the 1950s. The first bombing of a commercial U.S. airliner occurred on a DC-6 as it departed Stapleton International Airport in Denver, Colorado, on November 1, 1955. Jack Graham placed a bomb in his mother’s luggage, hoping to cash in on her life insurance policy. The bomb exploded shortly after takeoff and killed all 44 people on board. Graham was executed in the Colorado gas chamber for the crime, in what was also the first example of the “passenger-dupe” scenario. In 1959, Fidel Castro came to power in Cuba, and, soon after the number of hijackings began to rise in the United States. At first, those wishing to escape from Cuba hijacked flights; later, many hijackings were executed by people wanting to return. In May 1961, the first American airliner was hijacked from Miami to Cuba. Throughout the 1960s, the number of ACE – Security Module 1 Page 9 hijackings mostly committed by those seeking political asylum, or criminals trying to escape a criminal act in the States continued to rise. Throughout the 50s and 60s, other bombings occurred many times to collect on insurance policies. As the frequency of hijackings grew, the government began putting armed guards on aircraft when requested by the air carriers. Thus began the first use of “air marshals,” called Sky Marshals at the time. In September 1961, President John F. Kennedy signed legislation that approved prison sentences of 20 years or more, or the death penalty, for air piracy. After Kennedy’s legislation passed, the frequency of hijackings in the U.S. reduced, until the late 1960s, when a rash of hijackings occurred, starting in 1968 and lasting through 1972. Hijackings also started overseas in mostly the Middle East and were frequently tied to the Palestinian – Israeli conflicts. During this time, the U.S. Department of Transportation placed the total number of hijackings between 1968 and 1972 at 364, worldwide. In August of 1969, Arab terrorists carried out the first hijacking of a U.S. aircraft flying overseas, by diverting an Israel-bound TWA flight to Syria (Rumerman 2007). The late 60s also saw the first and only successful hijacking of an Israeli El Al aircraft, although numerous subsequent attempts have occurred. Three members of Popular Front for the Liberation of Palestine (PFLP) hijacked an El Al plane to Rome. The aircraft diverted to Algiers, and negotiations extended over forty days, with both the hijackers and the hostages ultimately set free. Following the hijacking of eight airliners to Cuba in January 1969, the Federal Aviation Administration (FAA) created the Task Force on the Deterrence of Air Piracy, developing a hijacker profile that could be used along with metal detectors (magnetometers) in screening passengers. In October of that year, Eastern Airlines began using the system, with four more airlines following in 1970. In 1970, the PFLP staged one of the most extraordinary hijackings ever attempted prior to 9/11. On September 6, 1970, multiple hijackers attempted to hijack four aircraft simultaneously, succeeding with only three. Two of the planes were forced to fly to the Jordanian desert, while the third went to Egypt. The pilot of the third jet, a B-747, convinced the hijackers that the plane was too big to land in Jordan. Two aircraft landed at Dawson’s Field, which was a former Royal Air Force airstrip, in Jordan. The planes were evacuated, and, after a standoff that lasted several days, the aircraft were destroyed by explosives and the hostages released. The B-747 that landed in Egypt was wired with explosives on approach into Cairo. Upon landing, the aircraft was evacuated and destroyed by the hijackers, who were then taken into custody by Egyptian officials. ACE – Security Module 1 Page 10 PFLP member Leila Khaled, who had previously, succeeded in hijacking another plane, was the only attempted hijacker that failed that day. Khaled and associate Patrick Arguello, a Nicaraguan, boarded an El Al Boeing 707 bound for Amsterdam, but two of their fellow hijackers were not allowed on the flight as they had sequential passport numbers, which Israeli security officials and the pilot thought to be suspicious. She and Arguello stormed the cockpit in mid flight but were confronted by air marshals. Arguello was shot and killed, and Khaled was wrested to the ground out of fear she might drop one of the two hand grenades she held in each hand. A passenger hit her on the back of her head. She soon awoke to a vicious beating by other passengers. Khaled claims that her intent, and in fact her orders from the PFLP, were not to hurt any passengers, only to threaten them. This is a dangerous assumption in the post-9/11 world, but the concept of a hostage-taker not wanting to severely hurt or kill hostages (essentially, hostages are bargaining “currency”) has been the basis for most hostage negotiation strategies. The plane landed at Heathrow Airport, and Khaled was taken into custody by authorities. She was held for 28 days until released in a hostage exchange with the PFLP. Six days after the initial hijacking, another aircraft was hijacked by a Palestinan faction sympathetic to, but not part of the PFLP, in order to be used as a bargaining tool to negotiate Khaled’s release. In a prisoner trade with Syria, she was allowed to go free. The growing number of hijackings overseas did not go unnoticed in the United States. The U.S. Government Responds After numerous hijackings in 1970, and the discovery of three bombs on commercial airliners that year on September 11, 1970, President Richard Nixon announced a comprehensive anti-hijacking program, which would become the Anti Hijacking Act of 1971. The Act created a formal federal air marshal program (Rumerman 2007) and required the inspection of passengers, but not their carry-on bags. Some airlines were already screening both passengers and carry-on bags on a voluntary basis. • • • Created Title 14 CFR Part 107 Airport Security. Brought the U.S. up to ICAO aviation security standards. Provided for punishment of death or life imprisonment for hijacking, which could be reduced to a maximum penalty of five years imprisonment if the hijackers gave themselves up. Three years later, the Anti-Hijacking Act of 1974 mandated the screening of passengers and their carry on bags by weapons-detecting technology and also put the responsibility of screening onto the airlines. ACE – Security Module 1 Page 11 Air Terror in the 1970s With all the new security requirements in place, hijackers had to look for new ways to hijack aircraft and to get away with it. While overseas, many hijackings would end with the negotiated release of both the hostages and the hijackers, in the U.S., hijackings usually ended with the death or arrest of the hijackers at the hands of police or federal agents, as well as the release of the hostages. With passenger and carry-on baggage screening in place making it more difficult to smuggle weapons on board, a rash of hijackers simply bluffed their way along. In these incidents, a hijacker would hold an inanimate object, such as a TV remote control, or other electronic device, and claim to have a bomb on him or placed in the cargo hold. These types of hijackings did not last for very long and hijackers switched to other means, such as having airport or airline employee’s pre-place weapons onto the aircraft they intended on hijacking. Also, with most hijacks in the U.S. ending on airport taxiways with the death or arrest of the hijackers, one intrepid hijacker devised a new plan. Whether it was his real name or not, Dan Cooper, alias D.B. Cooper, hijacked an aircraft and forced it to land in Seattle, Washington, where he demanded $200,000 in cash and several parachutes. He released the passengers and flight attendants, and then ordered the pilots to fly to Reno, Nevada, and to stay below 10,000 feet. At one point during the flight, he ordered the pilots to deploy the rear air stairs. When the plane touched down in Reno, Cooper was not on it. The incident remains a mystery to this day, although some of the money (marked by the FBI) was discovered years later in a riverbed in Washington State. After Cooper’s “escape,” approximately 20 more hijackers attempted the same feat. Boeing aircraft manufacturers eventually invented the “Cooper Vane,” which would prevent the rear air stairs from being deployed while in flight. Regardless of the methods that have been put into place to prevent, deter or mitigate hijackings and bombings, criminals and terrorists have always come up with other methods to circumvent these preventative measures. This face demonstrates that aviation security is a game of constant and never ending improvement – on both sides. While aircraft have been the most popular targets for air terrorism, airports and airline facilities have also been attacked. In the 1960s and 1970s, internationally, bombers targeted some airline offices. In 1973, a bomb went off in the international terminal building at Los Angeles International Airport. A second bomb exploded in a locker two years later, at New York’s LaGuardia Airport, killing 11 people. Today, locker storage is not allowed in public areas unless the items are first searched or screened. ACE – Security Module 1 Page 12 Since their inception in the 1950s, surface to air missiles, also known as Manned Portable Air Defense Systems (MANPADS) have occasionally been used against commercial aircraft. Usually these incidents happened in war zones, such as in the Sudan, when Rhodesian dissidents used Russian made SAM-7 surface-to-air missiles to bring down Air Rhodesia commercial airliners. Most surface-to-air missile attacks have been against commercial prop aircraft, but about seven or so have been against commercial jets. Air Terror in the 1980s In the early 1980s, hijackings continued to be a common occurrence, particularly in the Middle East. In 1985, two events, the hijacking of TWA Flight 847 and the bombing of Air India Flight 182 would make a significant impression upon the aviation community. By the late 1980s, two other attacks on aviation would occur and set the stage for policy making and industry focus for the next decade. The first took place when an employee killed the flight crew of PSA 1771 over San Diego, California. The other killed 270 people when a bomb detonated on Pan Am Flight 103, over Lockerbie, Scotland. Air India Flight 182 – PPBM and Checked Bag Screening On June 22, 1985, Air India Flight 182 exploded off the coast of Ireland, killing 359 people. At the same time, two baggage handlers were killed when a bomb exploded as they transferred baggage from Canadian Pacific Flight 003 to Air India Flight 301 bound for Thailand. Both flights had originally departed from Vancouver. If 9/11 was a watershed event that prompted sweeping changes in a nation’s aviation security system, then the bombings of these Air India flights could be considered Canada’s “9/11”. Authorities believed that both bombs were loaded onto flights that originated in Vancouver, placed on board by a man who purchased tickets on both flights, but boarded neither. Flight 182 had a stopover in Toronto, before heading over the Atlantic Ocean, where it exploded just off the Irish coast. After the bombings, ICAO called a special meeting in Montreal, Canada, and developed an amendment to Annex 17 mandating the reconciliation of passengers with their bags, commonly referred to as positive passenger bag matching (PPBM). Although the PPBM process was already in effect at the airline, it may not have been conducted on either of these flights. Canada also implemented the process of checked baggage screening. The process entailed using conventional x-ray machines to conduct the majority of the screening electronically, with questionable baggage being diverted to personnel for individual inspection. ACE – Security Module 1 Page 13 Even though both ICAO and the International Air Transport Association (IATA) mandated that PPBM be put into effect, many countries and air carriers ignored the practice as being inefficient to flight operations. TWA Flight 847 – Flight Crew Training and Grounded Aircraft On July 14, 1985, Shiite Muslim terrorists (Hezbollah) hijacked TWA Flight 847 en-route from Athens to Rome. With 145 passengers and crewmembers onboard the Boeing 727, the aircraft departed Athens Hellinikon Airport bound for Rome, Italy. Shortly after takeoff, two gunmen carrying guns and grenades seized control of the aircraft and ordered Captain John Testrake to fly to Beirut. A third terrorist, Ali Atwa, was supposed to be on board but missed the flight and was arrested in Greece. The guns and grenades were already on board the aircraft, hidden behind panels in the plane’s lavatories and likely placed there by individuals posing as airline catering personnel. The aircraft began a journey between Lebanon and Algiers. Passengers and flight crewmembers were beaten in order to obtain compliance from both Captain John Testrake and ground controllers. At each touchdown point, some passengers were allowed to leave. Controllers at both airports created additional problems by not allowing the aircraft to immediately land. Air traffic controllers in Algiers tried to close the airport, and Beirut tower controllers shut off the runway lights during a night landing. Terrorists threatened to crash the aircraft into the presidential palace, if they were not given permission to land, and the runway lights came back on. U.S. Navy diver Robert Stethem, who had been subjected to numerous beatings during the ordeal, was shot and killed, his body thrown onto the tarmac in Beirut. The terrorists demanded the release of Shiites in Israeli custody, along with the third hijacker, who had been arrested at the Athens airport. In Algiers, fourteen more terrorists from the Amal organization along with Ali Atwa, the hijacker who was supposed to be on the flight back in Athens, boarded the aircraft as reinforcements. Passengers were segregated on the basis of American or Jewish-sounding names. Among the women was flight attendant Uli Derickson, who was credited with saving the lives of many on board. Derickson spoke German, as did one of the terrorists, enabling communication between the hijackers and the hostages. The only English-speaking hijacker, Ali Atwa, missed the flight. Derickson would intercede during passenger beatings, attempted to hide ACE – Security Module 1 Page 14 American, U.S. Military and Jewish identities of passengers, and eventually negotiated the release of her crew and the women passengers.3 Captain Testrake also demonstrated leadership and courage throughout the hijacking. As the flight headed back to Beirut for the third time, he and his crew worked out a plan to disable the aircraft. The flight crew shut down two of the plane’s three engines and convinced the hijackers that the aircraft could no longer fly. Testrake also worked with mechanics and crewmembers from Middle East Airlines to provide food and medical assistance to his flight crew and remaining passengers. The example of Testrake and Derickson’s bold actions throughout the incident are a testament to the important role flight crew play in the aviation security system. TWA 847 reiterates the need for flight crew to be trained in how to handle volatile, and sometimes violent, situations. The standoff continued for 18 more days, after which all of the hostages were released. Ali Atwa, the terrorist held responsible for the hijacking, is reportedly dead. The hijacking also was significant as the press covered it so extensively. Media representatives were able to interview the hijackers as the aircraft sat on the ground in Beirut and Algiers, and new satellite technology enable the mass media to bring the images immediately into living rooms all over the world. Video images of Captain Testrake and a hijacker holding a gun to Testrake’s head as both peered out the cockpit window of the plane are now a part of aviation security history. An important lesson learned from Flight 847 is that once an aircraft is on the ground, it must be kept on the ground. The use of aircraft as weapons of mass destruction after 9/11 drives this point home. Rome and Vienna – Airport Attacks In December of 1985, the airports in Rome and Vienna were simultaneously attacked by groups of young men armed with automatic weapons and grenades (Wallis 1993, pp 11-12). There was much debate over whether these groups were so-called “suicide squads,” due to the lack of a clear escape plan. However, evidence does not substantiate this claim. The primary targets of the attacks were passengers at the El Al ticket counter. In the case of the Vienna attack, erratic gunfire turned out to be the downfall of the terrorists, as a bullet pierced the glass of an airport bank, triggering an alarm in a nearby police station. The response from the airports was to create a common check-in counter to protect the identity of passengers traveling to Tel Aviv. This requirement would result in lengthy design modifications at many large 3 Derickson’s name would become a household word for the courage and strength she showed throughout the ordeal, and her story was portrayed in a 1980s made-for-TV movie, “The Taking of Flight 847: The Uli Derickson Story.” ACE – Security Module 1 Page 15 U.S. airports, as well as passenger inconvenience. However, the real concern was the ability of airport law enforcement personnel to respond to heavily armed gunman storming the terminal building. Airport police are a required part of every commercial service airport security program, but, depending on the size of the airport, they may not always be on site. To this day at the airport in Rome, a catwalk surrounds the check-in area of the terminal. Police officers armed with submachine guns patrol the area. They wear body armor and are constantly vigilant, watching the passengers in the terminal intensely. The catwalk has bulletproof glass and hard points to provide a level of protection for the officers. EgyptAir 648 – Sky Marshals and Commandoes On November 26, 1985, an EgyptAir Boeing 727 was hijacked on a flight from Greece to Cairo, Egypt. Three terrorists hijacked the flight 22 minutes after takeoff. Egyptian sky marshals engaged in a shootout with the hijackers. The flight landed in Malta, where some women passengers were released, but the hijackers soon began shooting passengers with Israeli or Jewish identities, followed by passengers with U.S. citizenship (Wallis 1993, pp 9/11). Ten hours later, Egyptian troops stormed the aircraft, killing 56 out of 88 remaining passengers and one terrorist. One lesson that seems clear from this incident is that only specially trained troops should be used to storm a hijacked aircraft. Some criticized the troops for storming the aircraft, but others pointed out that terrorists already were killing hostages; so storming the aircraft was an acceptable risk. In the United States in April of 1999, law enforcement agencies were criticized for not immediately storming Columbine high school during student shootings that left 15 dead and over 30 wounded. The question for incident commanders remains: is it better to use ill-prepared and ill-trained personnel when lives are threatened, or will their use cause more damage? Fortunately, the Columbine shootings allowed law enforcement agencies to develop tactical response strategies to rapidly developing incidents. Airport security personnel should ensure their law enforcement officers are trained in these tactics and conduct exercises to be able to rapidly respond to a hijacking or shooting in the airport. Air Lanka – Employee Facilitated Attack On May 3, 1986, a bomb destroyed a Lockheed L1011 belonging to the national airline of Sri Lanka, while the plane was on the ground at Colombo Airport. Of the 128 passengers onboard, 20 were killed and the aircraft was destroyed. A customs officer sympathetic to a separatist ACE – Security Module 1 Page 16 movement was arrested and charged with sabotaging the aircraft, emphasizing the need for employee background checks. (Wallis 1993, pp 14). Pan Am Hijacking – Disable Aircraft and Ramp Security On September 5, 1986, 17 people died on Pan Am Flight 73, a 747, during an attempted hijacking by terrorists dressed to resemble airport security guards. With 379 passengers onboard, the aircraft sat on the tarmac of a Karachi airport. Eventually, 22 people, including two Americans, would die during the standoff. This case sparked an important debate due to the actions of the flight crew. When the first shots were fired, the captain and his flight crew used the emergency escape ropes to leave the aircraft, following recommendations developed in the 1970s by the Federal Aviation Administration (Wallis 1993, 15). This is also concurrent with one of the earlier lessons learned about keeping a hijacked aircraft on the ground. One of the terrorists had wrapped explosives around himself with the intent to blow up himself and the aircraft over Jerusalem. Ensuring good ramp security and thorough employee background checks are lessons learned from this incident. El Al Attempted Bombing – Passenger Profiling Also in 1986, El Al airline security officials at London/Heathrow Airport discovered an attempt by an individual to place explosives on board an aircraft. The security officials uncovered the plot during a routine security questioning of passengers prior to the flight. Anne Marie Murphy, who was five months pregnant at the time, was carrying explosives in her suitcase, unbeknownst to her. Investigators later discovered that her boyfriend, who had placed the explosives in her bag, was a Syrian intelligence agent. Shortly thereafter, U.S. airlines began the process of asking “security questions,” such as, have you packed your own bags, and have your bags been out of your control since you packed them? While it is unlikely that these questions ever deterred a criminal from taking an explosive or weapon on board, in the U.S., the questions were asked by ticket agents, not security personnel trained in detecting deceptive responses and body language. The lesson learned here is, when adopting successful security procedures, the procedures must retain the key elements that make the process successful, which in this case, would be the use of trained security personnel. Korean Airliner Bombing – State Sponsored Air Terror In 1987, a Korean Airliner exploded enroute from Baghdad to Bangkok, killing all 115 on board. A North Korean woman was found guilty of the crime and said she was ordered by North Korean leader Kim Il-Sung to ACE – Security Module 1 Page 17 bomb the aircraft in order to deter people from attending the 1988 Summer Olympics in Seoul, South Korea. The United States placed North Korea on the list of countries that sponsor terrorism. PSA Flight 1771 – Employee Identification On December 7, 1987, USAir employee David Burke, who was placed on investigatory leave by his supervisor due to a theft charge, boarded a Pacific Southwest Airlines flight from San Diego to Los Angeles. Burke’s supervisor, Raymond Thompson, was onboard the flight. What happened next would become a landmark case and would be partially responsible for the expansion of Federal Aviation Regulation Part 107.14 regarding Access Control and employee credentialing. At the time of this event, airline and airport employees were not required to go through screening checkpoints. They needed only to display their airport-issued identification badge or airline identification to security screeners, and they would pass through security without being screened. Burke, who still had his airline ID, carried a loaded .44 Magnum pistol onto the BAE-146 aircraft. Once in flight, Burke killed his supervisor, and then walked into the cockpit, killed both pilots and then himself. All 44 passengers and crew aboard died as the aircraft crashed into a farmer’s field in California’s Santa Ana Hills. In response, a federal law was passed requiring the “immediate seizure of all airline employee credentials” upon termination from an airline position. Most importantly, however, the FAA adopted a rule requiring that all members of any airline flight crew, including the captain, be subjected to the same security measures as the passengers. However, these measures would only apply if the employee accessed the airport concourse (i.e. the Sterile Area) through the security-screening checkpoint. Personnel who accessed the sterile area through airfield access doors would bypass the screening process. This case reinforces the point that any airport security program should require airport access media to be confiscated anytime an employee is placed on leave, or when the employer perceives that the employee may be a potential threat. Pan Am Flight 103 – Lockerbie, Scotland Prior to 9/11, Pan Am 103 was the most analyzed and discussed aviation security incident. Resulting in 270 deaths, it caused a legacy airline to go bankrupt and led to an overhaul of the U.S. aviation security system. On December 21, 1988, a bomb destroyed a Pan Am Boeing 747 over Lockerbie, Scotland, killing 259 passengers and crew, plus 11 citizens of Lockerbie on the ground from falling debris. ACE – Security Module 1 Page 18 Investigators discovered that terrorists, employed by Libyan Airlines, planted a bomb in checked baggage on a Boeing 727 in Malta, which then flew to Frankfurt, Germany and then to London as Pan Am Flight 103A. At London’s Heathrow Airport, the baggage and passengers were switched to a Boeing 747 and the flight designated Flight 103. The terrorists who planted the bomb never boarded the airliner, even though Pan Am and all U.S. air carriers were required to conduct the positive passenger bag match prior to departure. A report later issued by President George Bush’s Commission on Aviation Security and Terrorism stated, “passenger/baggage reconciliation is the bedrock of any heightened civil air security system” (Wallis 1993, 33). Intelligence agencies had knowledge that bombs had been manufactured in West Germany for intended use against aircraft, a specific threat had been made against Pan Am, and an ICAO study into the accidental shoot down by the USS Vincennes of an Iranian Airbus had just been published. The ICAO findings were unsatisfactory to Iran; they wanted the United States to be condemned as aggressors (Wallis 1993, 27). Although the final investigation concluded that Libya, not Iran, sponsored the terrorist attack, U.S. airlines should have been at a heightened state of alert due to the aforementioned situations and events. For instance, two weeks prior to the bombing, the United States Embassy in Helsinki received a telephone call warning that a bombing attack would take place against a Pan-American aircraft operating between Frankfurt and the United States. It gave details as to who would carry out the crime and their proposed methodology (Wallis 1993, 27). Although the United States later decided the call was phony, a judgment made even after the bombing, the FAA did pass on details of the threat to Pan Am and other U.S. air carriers, although it was not relayed to the passengers. The improvised explosive device was a cassette radio player (called a “boombox”) containing the explosive material Semtex and a timing device. The bombing was allegedly supposed to take place over water, which would have left little evidence of a terrorist attack. However, the terrorists apparently did not understand how long the aircraft would be on the ground at London’s Heathrow Airport, particularly as baggage was moved off the 727 onto the 747, which may have resulted in the bomb detonating before the aircraft flew over water. Also, the flight path was not directly east, but over Scotland on a Great Circle route designed to shorten the distance, the aircraft had to fly over the Atlantic Ocean. The device on 103 was set to go off based on a timer, not barometric pressure. However, some explosives are designed to go off when the aircraft reaches a certain altitude – they are triggered with a barometric pressure switch, which has led to luggage being screened in certain countries, such as Israel, with pressure chambers. In 1989, shortly after the Pan Am bombing, a French UTA DC-10 (a subsidiary of Air France) exploded over Niger, killing 170 people on board. The bomb elements ACE – Security Module 1 Page 19 discovered in that attack matched the elements found in the Pan Am bombing, which linked Libya directly to the attack. At the time of the bombing Libya was in a territorial war with Chad, which was backed by France. One hotly debated issue is that the passengers were not warned that the airline had received a bomb threat. Some argue that warning passengers of a bomb threat hands the terrorists another tool to use against aviation. With hundreds of hoax bomb threats made to airlines every year, thenPresident Ronald Reagan said that notifying passengers of the threats would effectively shut down the national airspace system. However, some of the victims advocacy groups that formed after the Lockerbie tragedy support the notification of passengers of any threats against a particular flight. In fact, one Pan Am victims advocacy group, the Victims of Pan Am Flight 103, are so influential that they continue to lobby for changes in aviation security policy and even provided input after the 9/11 terrorist attacks. The Pan Am bombing resulted in a United States presidential commission on aviation security, which determined that: 1. The aviation system is seriously flawed. 2. The FAA is highly reactive. 3. There were security lapses by Pan Am and a failure to enforce its own procedures. 4. Stricter positive passenger bag matching would have deterred the tragedy. The commission also resulted in the creation of the Assistant Secretary for Transportation Security for the Federal Aviation Administration, which would later become known as the Associate Administrator for Aviation Security. The commission determined that the x-ray machines currently in use at U.S. airports could not reliably detect the explosive Semtex. The sheriff of South Strathclyde, Dumfries, and Galloway, Scotland, John S. Mowar generated much of the evidence and information that came out of the Lockerbie crash. Mowar’s principal findings determined that the 747 was under constant guard until it left Heathrow as Flight 103. Baggage transferred from the Boeing 727, Flight 103 from Frankfurt, was taken directly to the 747, but passengers were not counted to ensure that all the passengers who boarded the 747 matched the baggage that transferred over from the 727. The sheriff also concurred that positive passenger bag match procedures could have prevented the crash. Regardless, two Libyan nationals were charged with destroying the flight; however, only Abdel-Basset al-Megrahi, former chief of security for Libyan Airlines, would be convicted. In 2003 Libya took responsibility for the bombing and arranged to pay compensation to the families of the victims. Abdel-Basset al-Megrahi was convicted of murder and was ACE – Security Module 1 Page 20 serving a life sentences; however he only served eight years and was released by Scottish authorities in 2009 based on compassionate grounds. He had been diagnosed with advanced prostate cancer and was not expected to live more than 3 months. As of this writing he is still alive (2011) and living in Libya. Also note that this is another incident where airline or airport employees were involved in a terrorist or criminal act. Avianca Flight 103 Bogotá, Colombia – Narco Terrorism One terrorist act that was not politically motivated is worthy of note. On November 27, 1989, a Boeing 727 operated by the Colombian national carrier Avianca blew up while flying between Bogotá and Cali, Columbia, killing all 107 onboard. The unusual suspect of this case is the notorious (and the late) drug trafficker Pablo Escobar, who was alleged to have ordered the bombing in order to kill a Colombian presidential candidate. He also was suspected of bombing other Avianca flights in the 80’s. There are few details regarding this crash. Drug smugglers have routinely smuggled narcotics in commercial aircraft for several years, thus it would not have been difficult to place a bomb onboard the aircraft where it could not be detected. The lessons learned in this case are strict control of the airfield, specifically monitoring who has access to aircraft, performing background checks, and the need to warn U.S. citizens traveling abroad of airports that do not meet minimum ICAO security requirements. By regulation, these warnings are to be posted at screening checkpoints. Aviation Security Improvement Act of 1990 The Pan Am bombing, along with the PSA crash, resulted in the Aviation Security Improvement Act of 1990, which required the development of better explosives detection systems capable of detecting common commercial and military explosives and created FAR Parts 107.14 (Access Control). Prior to 1990, many airport identification badges were crudely constructed, often created with a typewriter, a Polaroid camera and a lamination machine, making them very easy to duplicate. Identification badges also were not often encoded to enable the badge to access a security door, so there were few computer records of whose identification badge accessed a door at a particular time. Many passenger boarding bridge doors and airfield access doors contained a simple cipher lock, and often the combination to the lock was known both to people with and without authorized access. The combinations to such doors were sometimes even etched into the lock or door itself, or were so commonly known as to be completely ineffective as a locking device. Federal Aviation Regulation Part 107.14 Access Control was responsible for the implementation of the comprehensive access control systems in use at airports today. The legislation required computerized access control ACE – Security Module 1 Page 21 systems that maintain a record of who has access to doors and gates. The system can immediately deny access to individuals not having authorized access, distinguish access privileges on the airfield, and prevent individuals without approved access media from accessing the airfield. CCTV cameras were installed at alarmed doors and throughout airports, and security control centers were constructed at airports. Airport identification badges were then coded for access to certain doors based on the individual’s access authority and need for access. Through a computerized system, records were kept for each door or gate accessed and by which individual’s access card. Air Terror in the 1990s Although the 1990s had relatively few terrorist attacks on aviation, several other events, including the first Gulf War in Iraq, caused U.S. airports to go on high alert. The crash of TWA 800 also affected aviation security policies and procedures. In addition, over the course of four days in 1994, the Irish Republican Army lobbed mortar shells onto the airfield at the London/Heathrow Airport. Many of the shells did not explode, no aircraft were damaged, and no injuries were reported; however, the attack did create chaos for several days at the airport. The World Trade Center Bombing and the Oklahoma City Bombing – non aviation events with impacts on aviation security On February 26, 1993, a vehicle-borne improvised explosive device containing 1,500 pounds of urea nitrate and fuel oil was detonated beneath Tower One of the World Trade Center. The attack killed six and injured over 1,000, but the terrorists’ attempt at destroying the WTC was unsuccessful. The plotter of the attack was Ramzi Yousef, who would later be part of the Operation Bojinka plot, to down several U.S. commercial aircraft using liquid based explosives. On April 19, 1995, at 9:03 a.m., a massive, vehicle-borne improvised explosive device contained inside a Ryder rental truck detonated in front of the Murrah Federal Building in Oklahoma City, Oklahoma, killing 168, including several children who were in a daycare facility in the building. U.S. citizens Timothy McVeigh and Terry Nichols were both arrested and tried for the crime. Both were found guilty, and McVeigh was sentenced to death. He was executed on June 11, 2001. Nichols was found guilty on federal charges and is serving a life sentence in prison. Both incidents impacted airport security that year. The FAA would require the 300-foot rule to be implemented in October 1995 during heightened security measures. The 300-foot rule prohibits vehicles from being parked within 300 feet of the terminal building. The distance is based on bomb blast assessments, most specifically the Oklahoma City-sized bomb, which ACE – Security Module 1 Page 22 was a combination of an estimated 4,000 pounds of ammonium nitrate and fuel oil. The 300-foot rule has been a source of consternation to airport managers ever since. Subsequently, some airports have implemented a Bomb Incident Prevention Plan (BIPP) or other forms of blast analysis in order to develop strategies for protecting the terminal building and other facilities affected by the 300-foot rule. Prevention plans generally include reinforced structures and glazing of the glass on the terminal facility. In some cases, these actions have resulted in airports having the 300-foot rule reduced, reclaiming lost parking spaces. FedEx Flight 705 – Employee Hijack Attempt In April of 1994, FedEx second officer Auburn Calloway attempted to hijack Flight 705. Calloway was originally scheduled to be a crewmember on the flight, but due to crew rest requirements (his crew “timed out”), he elected to occupy a spare seat in the cargo area. Calloway, a former Naval Aviator, had recently been called in by airline management to respond to discrepancies in his flight time. He was also experiencing several personal issues, including trouble supporting his exwife and children. Upon leaving an insurance policy on his bed, he took several hammers and a spear gun, loaded them into a guitar case, and boarded Flight 705. Once en route, Calloway invaded the cockpit and attempted to take over the flight. Calloway fought with all three crewmembers while the Captain initiated aggressive flight maneuvers to keep the hijacker off balance. The captain was able to successfully land the aircraft, and Calloway was subdued during the landing; however, all three flight crew members suffered debilitating injuries, which have since prevented them from flying commercially again. There was speculation that Calloway wanted to crash the aircraft and allow the insurance company to provide the payoff to his ex-wife and children, but there has also been some speculation that Calloway intended to crash the aircraft into FedEx headquarters in Memphis, Tennessee. Calloway was convicted of attempted air piracy and is serving a life sentence in a federal penitentiary. This case reinforces the need for management to immediately revoke airport and airline access privileges for personnel suspected of violating employee policies or the law. Air France Flight 8969 The Armed Islamic Group took over Air France Flight 8969 in December 1994 at Algiers. The aircraft flew to Marseille, France, where a group of GIGN (French commandoes) stormed the aircraft and killed all four ACE – Security Module 1 Page 23 hijackers. This incident provides a wealth of information for airport operators on managing a hijacking. The hijackers were armed and dressed in the uniforms of the Algerian presidential police. They boarded the aircraft and began checking passengers’ passports. Flight attendants were used to this process but noted that Algerian police were not normally armed during such inspections. Using assault rifles, Uzi pistols, and hand grenades, the hijackers took over the aircraft while it was still on the tarmac. They also placed a package of dynamite in the cockpit and another in the center of the aircraft and wired them together. In order to confuse law enforcement snipers, they took the uniforms of the cabin crew. The aircraft remained on the ground in Algiers for two days, during which time, a police officer, an embassy employee and a chef were all killed by the hijackers, before being allowed to fly to Marseille. However, a total of 63 passengers had been freed during this time, mostly women, young children and those with medical conditions. Upon arrival in Marseille, the airport directed the pilot to park in a remote area. The hijackers ordered more fuel for the plane and rigged it with explosives, as their true motive was to crash the plane into the Eiffel Tower. GIGN operatives, dressed as airline catering and service personnel, inspected the aircraft, determined access points and ensured that those points were not booby-trapped. The hijackers requested a press conference, then ordered that the plane be moved to the base of the tower, which put the tower in danger if the aircraft exploded. The negotiators were also in the control tower. The aircraft location was a disadvantage to the GIGN, who quickly reorganized their plans and assaulted the aircraft. The firefight ensued as the airstairs carrying GIGN forces approached the aircraft. The hijackers fired through the thin skin of the aircraft fuselage. The front airstairs were placed too high, initially blocking the door from coming open. Hundreds of rounds were exchanged, and grenades were thrown. Snipers could not get a clear shot at the lead hijacker in the cockpit until the first officer got out of the way. The first officer managed to jump out the cockpit window, breaking his leg in the fall to the tarmac. Snipers then shot the lead hijacker. During the shoot-out, passengers began escaping out the rear exits. The final hijacker held off GIGN forces for 20 minutes until being killed by gunfire. Of the 166 passengers that were still on the flight at the time of the raid, 13 were injured but none were killed. Some GIGN forces were also injured but none fatally. All four hijackers were killed. Many lessons were learned from this event. Whenever possible, raids on aircraft should only be conducted by trained operatives, as were the ACE – Security Module 1 Page 24 French GIGN in this case. Also, the aircraft should be kept on the ground. The aircraft was allowed to takeoff in this situation, as Algieran officials would not allow French operatives onto Algerian soil and wanted the airplane out of their country. However, in light of the true intent of the hijackers, crashing into the Eiffel Tower, and the events of 9/11, keeping a hijacked aircraft on ground is critically important. Hijackers used the uniforms of police personnel to bypass security measures. There have been numerous incidents of theft of TSA uniforms, and police and airline uniforms are readily available on the open market, which makes proper credentialing, even of law enforcement personnel, even more important on an airport. A final lesson to take from this incident is that not all hijackings end in a Hollywood style shoot out, where nothing goes wrong for the good guys and everything goes wrong for the bad guys. The situation continued to change throughout the event with airport, airline, flight crew, passengers, air traffic control, negotiators and GIGN forces constantly adjusting their perspectives and tactics. The Manila Air Plot – Operation Bojoinka In 1994, Ramzi Yousef, who is associated with the Al Qaeda terrorist organization, plotted to destroy 12 U.S. airliners on international routes, using liquid-based explosive devices, smuggled aboard in contact lens solution containers. This was a lead-in to the second attempted attack on aviation of this nature, which occurred in August 2006 in London. The attack itself was part of a larger strategy called Operation Bojoinka. Bojoinka, which also included an assassination attempt on Pope John Paul II and President Bill Clinton, as well as an attack on the CIA headquarters building, used a small general aviation aircraft loaded with explosives. None of the attacks ultimately succeeded, but the plot does have interesting similarities to attacks being attempted or discussed today. Yousef is currently in federal custody serving a life sentence for his role in the Bojinka plot and the bombing of the WTC in 1993. The 9/11 Commission used Yousef’s tests of airport security as an example of the inadequacy of current technology, including metal detectors and x-ray machines to detect components such as those that Yousef planned to use. The attack also reinforces the need for flight crews to search aircraft during stopovers when passengers change out. TWA Flight 800 While not declared an aviation security incident, the crash of TWA 800 did have a significant effect on aviation security policy. On July 17, 1996, a Boeing 747 departed John F. Kennedy Airport, New York, bound for Paris, France. It exploded shortly after takeoff, killing all 230 people onboard. Since the explosion took place over water much of the evidence was lost. Initially, the crash of TWA 800 was thought to be a terrorist bombing. Later theories included speculation that the ACE – Security Module 1 Page 25 aircraft was shot down by a surface-to-air missile. In fact, both theories are still widely debated by many experts in both the aviation security and aviation safety industries. Conspiracy theories abound on the Internet, as well. The National Transportation Safety Board (NTSB) never determined the exact cause of the crash but did issue airworthiness directives to examine the wiring on all 747s. Later, mechanics would discover a fuel leak in a Boeing 737, and the mechanics drew the conclusion that an electrical arc onboard TWA 800, a 747, may have triggered the explosion. What did result from the TWA 800 crash was the White House Commission on Aviation Safety and Security, commonly referred to as the “Gore Commission.” President Clinton ordered Vice President Al Gore to study the issue of aviation security, specifically to enhance the partnership between the FAA and regulated aviation parties (airlines and airports), and report back on how to employ the latest technology to detect explosives and weapons. Aviation Security and Anti-terrorism Act of 1996 The Gore Commission’s recommendations resulted in the Aviation Security and Anti-terrorism Act of 1996. The act called for the first automated passenger-profiling program, known as “CAPPS” (computer assisted passenger pre-screening) and changes to checked baggage security procedures. Part of the profiling system included additional security scrutiny for passengers who purchase tickets with cash, had their tickets purchased by another party, or purchased one-way tickets on the same day of their flight. Some passengers also were selected at random. The Act also required changes to checked baggage through the implementation of Explosives Detection Systems (EDS)4 at all Category X airports.5 The EDS equipment would be used for passengers who had been profiled under the CAPPS program or for passengers whose bags had been out of their control between the time they had packed them and checked them in at the ticket counter. Additional changes were made to screen carry-on baggage with the implementation of Explosives Trace Detectors (ETD)6 at all Category X and Category I7 airports. The Act also required the expansion of K-9 explosives ordinance detection and disposal teams at the nation’s 50 4 EDS devices work like medical CAT scan machines, x-raying each bag and “slicing” certain questionable areas for analysis by the onboard computer. 5 Category X airports are the largest in the nation and include Los Angeles International, Chicago O'Hare, Atlanta International, Denver International, JFK, Dallas-Fort Worth and others similarly sized. 6 ETD uses trace particles or vapors to "sniff" narcotic or explosive elements. 7 Category I airports are the second-largest commercial service airports in the US. ACE – Security Module 1 Page 26 largest airports and the creation of fingerprint-based criminal history background checks. The regulation also introduced the Access Investigation, whereby applicants for airport or airline identification media were required to provide 10 years of employment history. The airport or airline then had to verify the most recent five years of employment history. If there were unexplained gaps in the five years, (or the ten) then the employee would undergo a Criminal History Record Check (CHRC).8 If he or she cleared this check, airport or airline access media could be issued. The purpose of the 10-year check was supposed to point out areas of time in which the applicant may have been out of the country or to determine if the person had served time in prison. Time spent in school, or owning a business, which could be proven with transcripts and tax forms, respectively, counted as “employment.” The FBI often took two to three months before findings were returned to the airport. When a CHRC would find that the applicant was guilty of other crimes that were not included on the disqualification list, such as burglary or simple assault, the airport was banned from advising the applicant’s future employer of these convictions, which meant convicted felons worked at the nation’s airports and airlines. Other requirements of the 1996 Act were to conduct mandatory aircraft searches for all international flights, the establishment of an airport consortium to discuss aviation security issues, performance standards for screeners, and a requirement that companies and the FAA address high turnover rates of screening personnel. However, despite the regulation, no significant changes were made with respect to screening standards during that time. The establishment of the airport consortia benefited several major commercial service airports. The consortia often consisted of airport management and airport security managers meeting with local Federal Bureau of Investigation (FBI), Bureau of Alcohol, Tobacco and Firearms (BATF), FAA security, and other law enforcement agencies to discuss aviation security issues and develop contingency plans. The Gore Commission also concluded that attacks on airlines are attacks on the country, not necessarily the company. This conclusion would later be used to help justify the creation of the Transportation Security Administration and the Department of Homeland Security, to support the argument that security is an inherently governmental function. Millennium Bomber – Airport Attack In December of 1999, Ahmed Ressam was arrested at the Port Angeles, Washington dock when he attempted to smuggle a vehicle-borne 8 Explained in detail in Module 2 ACE – Security Module 1 Page 27 improvised explosive device (VBIED) through the Customs area. He intended to set off the device at the International Arrivals Bradley Terminal Building at Los Angeles International Airport. He was caught when a suspicious Customs agent, Diana Dean, noticed that Ressam was acting “hinky.” As inspectors took a closer look at his vehicle, they noticed several green bags filled with a white powdery substance. Although the 300-foot rule was instituted in the 1990s in response to the Oklahoma City and WTC bombings, Ressam’s attempt demonstrates that the use of a VBIED against an airport has been considered and attempted. To this day, the entry lanes to LAX are guarded with armed LAX police officers that conduct targeted and random searches of vehicles. This practice is common at Ben Gurion Airport in Israel; however, the practice has not been adopted at most other U.S. airports, nor is it required by regulation during normal security conditions. Problems in Aviation Security Continue In the 1990s, the FAA’s Red Team, a group of specially trained operatives who are not subject to standard FAA testing protocols, repeatedly breached airport and airline security systems across the United States (Thomas 2003, 58). After numerous failed tests in Frankfurt, Germany, the FAA ordered the Red Teams to quit testing because none of the concealed items were ever found. Since the Red Team did not use standard FAA protocol in its tests, it could not use its findings in civil enforcement against the airlines or airports (Thomas 2003, pp 58). ICAO also discussed chemical attacks, particularly after cult members associated with Aum Shinrikyo released Sarin gas into the Tokyo subway system, killing 11 and wounding over 5000, in 1995. However, again it was considered by security agencies that a chemical weapon attack from an aircraft would be far too complex. A terrorist could more easily conduct a chemical gas attack inside an airport terminal, a thought that sent airport security managers at airports such as Atlanta Hartsfield, Seattle-Tacoma, Denver International, and others that operate underground train systems, scrambling for contingency plans to respond to such an attack. The Airport Security Improvement Act of 2000 Passed just one year before the September 11th attacks, the Act concentrated on maximizing the use of EDS machines, noting that the machines that had been deployed were screening fewer bags in a day than they were designed to screen in an hour. The Act also required the FAA to enact rulemaking that would hold individuals directly accountable for noncompliance with access control requirements, issue regulations requiring airport operators to have a security compliance program that rewards compliance, and ensure that airports and air carriers provide ACE – Security Module 1 Page 28 comprehensive and recurrent training, teaching employees their role in airport security. The Act also required all employees at Category X and I airports to undergo the CHRC process. The legislation reiterated the 1996 legislation by calling for certification of airline screeners and screening companies, strengthening background checks and providing a better accounting of airport access media. For several years, the FAA had been working on a rewrite of FAR Part 107 and was just wrapping up that project in the summer of 2001. Unfortunately, many of these initiatives were still in the works on September 11, 2001. September 11, 2001 On 9/11, at 7:55 a.m., American Airlines Flight 11, a Boeing 767, departed Boston bound for Los Angeles. It was hijacked and flown into the North Tower of the World Trade Center, destroying it. At 8:05 a.m., United Airlines Flight 93, a Boeing 757, departed Newark bound for San Francisco was hijacked; however, passengers fought back and the aircraft crashes into a field in Shanksville, Pennsylvania. At 8:10 a.m. American Airlines Flight 77, a Boeing 757, departs Washington bound for Los Angeles. It was hijacked and flown into the Pentagon. At 8:15 a.m. United Airlines Flight 175, a Boeing 767, departs Boston bound for Los Angeles. It was hijacked and flown into the South Tower of the World Trade Center, destroying it. Everyone onboard all of the flights were killed, with a total death toll nearing 3,000, including over 300 police and firefighters. The U.S. government held international terrorist Osama bin Laden and the terrorist organization Al Qaeda responsible for the attacks. In the largest aviation terrorist attack in the world, it was discovered that the hijackers trained at U.S. flight schools. In 2002, President George W. Bush commissioned The National Commission on Terrorists Attacks Upon the U.S., also known as the 9/11 Commission. The report outlined both the structure and actions of the 9/11 attacks themselves, provided a broader look into the issues that contributed to the attacks and provided a series of recommendations for fixing the aviation security system. The Commission concluded that, among other failures, the civil aviation did not understand the grave threat it faced, nor did it adjust its policies and practices to defeat the threat. Ultimately, while there had been previous attempted hijackings with the intent of crashing the plane into a ground target in the U.S., this scenario had not entered into the thinking of aviation security practitioners. The hijackers learned how to fly at various flight schools in the United States. They boarded the aircraft with box cutters and knives, items that screening policy allowed at the time, and possibly mace or tear gas, items ACE – Security Module 1 Page 29 that were not allowed but were commonly missed at security screening checkpoints. The Al Qaeda terrorist group was held responsible for the attacks. Led by Osama bin Laden, Al Qaeda had been responsible for numerous terrorist attacks worldwide, including the truck bombing of the Khobar Towers at a U.S. Air Force Base in Saudi Arabia and the suicide bombing of the USS Cole, a Navy cruiser. The specific details of how the hijackers took over the cockpit are largely unknown. However, several inferences can be drawn based on the status of the commercial aviation security system at the time. Cockpit doors were not reinforced, and in fact were quite flimsy, allowing easy access. With the pilot-in-command responsible for in-flight security, according to air carrier security and federal aviation regulations, disturbances in the cabin often brought one of the flight crew out of the cockpit to handle the situation. Therefore, another method of entry into the cockpit by the hijackers could have been to cause a commotion in the cabin area, luring one of the flight crew to open the cockpit door. The 9/11 Commission concluded that the hijackers had previously taken the same flights as the ones they hijacked in order to assess the flight crew procedures as related to the cockpit (Commission 2004, pp 245). Two of the terrorists were on CIA watch lists, but the lack of those lists being shared with the FAA resulted in their movements going unnoticed on 9/11. Additionally, two of the hijackers were selected for additional screening under the CAPPS program. However, at the time, CAPPS only required that their bags accompany them onto the aircraft thus still enabling the hijackers to board the plane. Without a major hijacking in several years, the industry was more focused on preventing airline bombings rather than hijackings. This attitude was demonstrated by security policies and procedures that focused more on preventing bombings. Also, at one airport, two of the hijackers set off the walk-thru metal detectors but a CCTV recording of the subsequent hand wand process showed the process to be inadequate to finding any prohibited items. The public speculated on the ability of the hijackers to be able to pilot such large commercial service aircraft. All of the hijackers held at least a Commercial Pilot Certificate, each had over 250 hours of flying time, and all had spent some simulator time in similarly sized aircraft. While it may be difficult to take off and land an aircraft, or to fly it during bad weather, flying en route in good weather and good visibility was within the capabilities of pilots trained to the level that the 9/11 hijackers were trained. In describing the concept of emergency response, the 9/11 Commission stated: “Emergency response is a product of preparedness. On the morning of September 11, 2001, the last best hope for the community of people ACE – Security Module 1 Page 30 working in or visiting the World Trade Center rested not with national policymakers but with private firms and local public servants, especially the first responders: fire, police, emergency medical service, and building safety professionals”(Commission 2004, pp 278). The faster an entity is able to recover from an attack, the less damage there will be from that attack and the less likely the attack will be repeated due to its limited impact. Although the 1993 attack on the WTC had resulted in better evacuation plans, as well as the installation of radio repeaters throughout the buildings, there were numerous problems that could have been foreseen and resolved. First, many in the WTC argued that if there was a fire, a roof rescue using helicopters could be conducted. This argument was reinforced in 1993, when a few evacuations took place by roof. Even some in the NYPD Emergency Services Unit believed that a roof rescue was part of the plan. However, the roof rescue plan had been removed. There was not a helipad on the North Tower, and the South Tower helipad was not certified by the FAA for use. As a result, several citizens attempted to gain access to the roof but found the doors locked. While there were police helicopters hovering in an attempt to try a roof rescue anyway, the intense smoke and lack of visibility, flames, updrafts and numerous antennas on both of the buildings prevented the helicopters from landing. The important lesson here is to ensure that the emergency plans are communicated throughout the agencies that are affected. Other problems with response were caused by interagency conflicts between the New York Police Department, the Fire Department of New York, and the Port Authority Police Department, which was responsible for law enforcement and emergency response throughout the towers. Chain of command issues existed between the agencies, along with a general inability of the agencies to communicate with each other due to different radio systems. Adding to the communications problems were jammed 911 phone lines and the fact that dispatchers who were fielding the calls were also not aware of the proper evacuation plans for the towers. Some dispatchers were advising individuals to go to the roof and await a roof rescue by helicopter. Some companies, such as Morgan Stanley, evacuated immediately, an act that saved the lives of their employees. Other companies, particularly in the South Tower before it had been struck by United 175, had initially evacuated but then returned to their offices when it was discovered that it was the North Tower that had been hit, a fatal decision for many of them. Another challenge was that the security system command center for the South Tower was located in the North Tower. Many people died in the South Tower while waiting for overcrowded elevators and were unable to access stairwells due to a lock-release order to the building’s access control system. The software that would override ACE – Security Module 1 Page 31 the lock-release order was located in the North Tower and was destroyed when the first plane hit. Despite many failures in the response to 9/11, there were plenty of successes. In less than 20 minutes, over 1,000 responders descended on the Towers and initiated the largest rescue effort, ever. Thousands of lives were saved due to the mitigation and preparedness actions taken after the first WTC bombing and the dedication of police, fire and civilian personnel. Casualties were also limited at the Pentagon due to the rapid and coordinated response of police, fire and military personnel and mitigation measures, such as safety glazing in the windows of the Pentagon, installed after the Oklahoma City bombing. Ultimately, the 9/11 Commission pointed to six specific weaknesses in the aviation security system: • • • • • A pre-screening process that focused on detecting potential aircraft bombers and not potential hijackers. Sloppy checkpoint screening and permissive rules regarding small knives. A lack of in-flight security measures, such as air marshals and reinforced cockpit doors. An industry-wide strategy of complying with hijackers in a non-confrontational manner. A lack of protocols and capabilities for executing a coordinated Federal Aviation Administration (FAA) and military response to multiple hijackings and suicidal hijackers (Elias 2005, pp 1). Many of these weaknesses were addressed in the Aviation and Transportation Security Act of 2001. ACE – Security Module 1 Page 32 The Aviation Security System since 9/11 Introduction With few significant changes, the aviation security system stayed essentially the same between the Gore Commission in 1996 and the terrorist attacks of 2001. The terrorist attacks of September 11th triggered the most sweeping changes in security in the history of aviation. Privately contracted screeners were replaced by federal employees at almost all commercial service airports, cockpit doors were reinforced, air marshals put back on aircraft, and some pilots started carrying guns. But the most significant change resulting from September 11th was the new perception of hijackings by the United States and the world. Hijackings were no longer considered a political act, with the strategy of getting the negotiators to talk to hijackers as a way to peacefully resolve the situation. As a result of the September 11th hijackings, aircraft were now turned into weapons of mass destruction capable of leveling the tallest buildings in the world and killing thousands of people at one time. This change in perception was obvious in several air rage incidents taking place after September 11th, in which passengers intervened to protect the cockpit. One of the most significant cases of passenger intervention took place in December of 2001, when several passengers prevented suicide bomber Richard Reid from igniting an improvised explosive device in his shoe. The Aviation and Transportation Security Act of 2001 Passed on November 19, 2001, ATSA created sweeping changes in both airport and airline security. The ATSA created the position of Undersecretary for Transportation Security, transferring authority for all civil aviation security functions to the TSA. ATSA also created the position of Federal Security Director for every commercial service airport.9 Prior to 9/11, the FAA’s Civil Aviation Security Field Office (CASFO) handled security inspections and enforcement at commercial service airports. The Federal Security Act of 1996 created the position of Federal Security Manager (FSM) at the Category X airports to oversee many of the security functions. This arrangement occasionally created conflict with the local CASFO’s “Cat X agent,” who was also there to oversee enforcement and compliance with the airport security plan, federal regulations and aircraft security equipment. 9 While the legislation called for an FSD at each commercial service airport, it was soon discovered this requiement was financially and operationally impractical. In some cases, the FSDs are assigned to more than one commercial service airport. There is an FSD designated to oversee security at each commercial service airport; however, not all airports have their FSD on site. ACE – Security Module 1 Page 33 The Federal Security Director for each airport is responsible for overseeing baggage and passenger screening and for ensuring that airports meet regulatory requirements. The FSD approves the Airport Security Program and works with the airport operator on the implementation of Security Directives and federally mandated security programs, such as behavior detection, travel document checking and random anti-terrorism measures. ATSA brought Federal Air Marshals (FAM) back to the airways. The air marshal program began in the 1970s; however, throughout the ‘80s and ‘90s the program continued to reduce its numbers, and by 9/11, only consisted of about 33 agents, mostly operating on high-risk international flights. Airport perimeter security was addressed in ATSA and required airports to develop procedures or methods to screen all personnel and goods entering the secure area of an airport. This requirement included establishing pilot programs to test biometric technology for access control and developing security awareness programs for airport and airline personnel. Most significantly, ATSA federalized the screening workforce and established training and employment guidelines for screening personnel. ATSA required 100% screening of checked baggage by December 31, 2002, which was a significant requirement in terms of money and the ability to manufacture such equipment. While all TSA screening personnel were to be deployed by November 19, 2002, a deadline the TSA met, meeting the checked baggage requirement was a bit more difficult, and the definition of “screened” was interpreted to include Positive Passenger Bag Match, in order to meet this deadline. The requirement to screen passengers and baggage before allowing the individual or the item on board an aircraft is placed on the aircraft operator, not on the airport. However, the airports must be properly equipped and designed to operate such screening devices. At most commercial service airports within the U.S., passenger and baggage screening is conducted by the TSA; however, it is still the responsibility of the aircraft operator to disallow any person or item from being placed on their aircraft that has not undergone the appropriate screening process. This practice helps ensure that aircraft operators conducting operations at foreign destinations continue to comply with the same security standards they are required to comply with in the U.S. At the time ATSA was passed, much of the EDS equipment was not available for deployment, nor did the manufacturer’s production rate of the equipment allow airports to meet the federal deadline of December 31, 2002, for 100% screening of checked baggage. In fact, by the end of 2002, only a couple of airports could meet this requirement. ATSA allowed ACE – Security Module 1 Page 34 aircraft operators to not only use positive passenger bag matching, but also K-9 teams, manual search, or other technology to meet the 100% checked bag requirement. To date, this “allowance” is still in place until all commercial service airports are able to implement EDS technology. ATSA also addressed air cargo issues, most notably cargo on commercial passenger airliners, but some new regulations did apply to the “all-cargo” carriers such as UPS and FedEx. ATSA called for procedures to be implemented as soon as practicable to screen cargo carried aboard commercial airliners. In 2006, rulemaking for air cargo operators was passed and was implemented in 2007. ATSA made it illegal to assault airport screening personnel or anyone involved with aviation security, including the flight crew. While assault is illegal in all 50 states, ATSA made it a crime, prosecutable in federal court. ATSA called for the development of technology to detect or neutralize chemical and biological weapons. To help fund the security measures, a $2.50 per passenger fee was also added for all passengers flying commercially. The 300-foot went from being a contingency plan to the rule. Airports were not allowed to keep vehicles parked within 300 feet of their terminal building, unless the airport operator could demonstrate to the TSA that safeguards were in place. Criminal history record checks finally got their long needed overhaul. Now, all employees who are granted unescorted access to the airfield are required to undergo a CHRC. Even previously “grandfathered” employees are required to undergo the fingerprint-based checks. Computer and fingerprint machines in airports now allow quicker access to the FBI databases. One loophole in ATSA with regard to the criminal history background check system is the lack of a requirement to verify the identity of the individual applying for unescorted access. With false documents, an applicant who does not have a criminal history, but may be an illegal alien or a terrorist, can apply for an airport identification badge, clear the background check, and be issued unescorted access media. Several airports across the United States had hundreds of employees arrested by the Immigration and Naturalization Service for being illegal aliens. These employees had unescorted access to the airfield and secured areas. Many airports now pay private contractors to verify the identity of applicants. However, this procedure is not funded by the federal government. The TSA issued a Security Directive subsequent to 9/11 to require airports to verify the identity of badge applicants. ACE – Security Module 1 Page 35 Other requirements within ATSA include the requirement to reinforce cockpit doors on commercial passenger airliners. Many commercial aircraft today also have enlarged viewing holes and, in some cases, CCTV video of the cabin. General aviation security was addressed with regards to rules on commercial charter or cargo flights on aircraft exceeding 12,500 pounds. ATSA required passenger manifests on international flights coming into the U.S. to be transmitted to TSA within 15 minutes of departure, but in 2007, new legislation was passed requiring the aircraft operator to transmit the passenger manifest prior to departure. Key Issues ATSA also initiated several new programs including some designed to test concepts and others designed to streamline the security processes, including the Screening Partnership Program (SPP), Trusted Traveler, the Transportation Worker Identification Credential (TWIC), and Secure Flight. THE SCREENING PARTNERSHIP PROGRAM (AKA OPT-OUT) ATSA required the TSA to establish pilot projects at up to five airports where employees of qualified private companies under federal oversight would perform screening. The law requires those contract screeners to meet all the requirements applicable to federal screeners. The TSA calls this the Screening Partnership Program, but it is commonly referred to in industry as “opt-out.” The initial opt-out airports are: • San Francisco, Category X. • Kansas City International, Category 1. • Greater Rochester International (New York), Category II • Jackson Hole Airport (Wyoming), Category III • Tupelo Airport (Mississippi), Category IV • In each of the above instances, with the exception of Jackson Hole, the airports are assigned contractors that the TSA has hired. In Jackson Hole, designated and trained airport employees conduct the screening. All U.S. commercial service airports have been able to apply for Opt-Out since November 19, 2004. The total number of opt-out airports as of 2011 is 17; however, several other airports have had applications in to the TSA for quite some time. In 2011, the TSA made a controversial decision to reject existing and future opt-out applications unless there was a clear benefit to the TSA. Congressional response has not been favorable to this decision, and the issue is likely to continue as a topic of debate. Opt-out allows an Airport Operator to have screening carried out by the screening personnel of a qualified private screening company, provided ACE – Security Module 1 Page 36 that the level of provided screening services and protection is equal to or greater than that provided by federal government personnel and that the screening is provided by companies owned and controlled by U.S. citizens. The federal government, however, maintains supervisory control over screening personnel and performs the actual acquisition of the contractor. The TSA notes that airport operators may be allowed to participate in the selection process and potentially manage the private screening company if the airport itself applies to be the screening company (such as in the case of Jackson Hole, WY). On April 22, 2004, the TSA released a report on performance of the pilot program. The report used three criteria: security effectiveness, cost, and customer and stakeholder impact. The report concluded that the effectiveness of screening was equal to, and, in one case above the average level, of federalized airports, and that costs were not significantly different. When measuring customer and stakeholder impact, the results were mixed. Some passengers felt safer with the federalized screeners and passenger wait times at the opt-out airports were slightly lower at the larger airports. There was not enough data available at the smaller airports to support any conclusion on wait times. The difference in the opt-out private screening program versus the privatized screening companies used prior to 9/11 is that the new program is funded and managed by the federal government, not the airlines. Additionally, screeners must now meet certain minimum training and performance standards, receive higher compensation and have direct federal oversight. The use of private screening companies is common at airports throughout the European Union and at Israel’s Ben Gurion International Airport. Some advantages of opt-out are that it allows airports to streamline the hiring process of screeners (the federal process is quite lengthy and collective bargaining is approved for TSA screeners, which some feel may make the process of hiring and firing employees longer) and the airport operator could conceivably use airport funds to increase staffing levels, thus reducing passenger wait times – still the subject of debate. Additionally, contractors have significant discretion in operational and management decisions, including overhead, materials, recruiting, compliance, and scheduling. The TSA’s major goals for the opt-out program are security, customer service, competitive costs, and a privatepublic sector partnership. Contractors generally experience a lower rate of workers compensation claims and can often cover the same responsibilities with up to 20% less staff. Initially, one critical area the TSA did not address is liability should a weapon or explosive get through a private screening checkpoint and that neglect result in death and/or destruction to an aircraft; however, this is now changed. Under Section 44920 of Title 49, United States Code, ACE – Security Module 1 Page 37 airport operators are not liable for any claims for damages filed in State or Federal court (including a claim for compensatory, punitive, contributory, or indemnity damages) relating to the Airport Operator's decision to submit an application to the Secretary of Homeland Security under subsection or the decision not to submit an application; or from any act of negligence, gross negligence, or intentional wrongdoing by a qualified private screening company or any of its employees in any case in which the qualified private screening company is acting under a contract entered into with the Secretary of Homeland Security or the Secretary's designee; or employees of the Federal Government providing passenger and property security screening services at the airport. Also helping to provide legal protection is the The Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act), which provides legal liability protections for providers of Qualified AntiTerrorism Technologies – whether they are products or services, which include private screening companies. The protections extend to their clients:the U.S. government and, potentially, the airport operator. The role and responsibility of the FSD does not change with a privatized screening company, but how the FSD carries out their duties does change. With a federal work force, the FSD has direct supervision and control over the screening workforce and the implementation of administrative policies. With a contractor providing the workforce, the FSD has responsibility for overall security but not direct control over the administration of the workforce. In 2010, the implementation of an aggressive form of pat-down at the screening checkpoints by screening personnel renewed calls for privatized security. However, many of the politicians who sought the private companies were under the mistaken belief that a private company would not use the aggressive pat-down process. This is not true. While the personnel at the checkpoint may change with a private contractor, the approved screening procedures do not. TRUSTED TRAVELER ASTA called for a Trusted Traveler program, which was rapidly renamed Registered Traveler (RT) by the TSA, which rendered the original intent of the program ineffectual. Trusted Traveler was to allow certain passengers the opportunity to bypass certain or all screening processes in exchange for telling the government more about themselves. TSA balked at this program and approved the Registered Traveler program instead, which only provides front-of-the-security-line privileges. RT participants must undergo a Security Threat Assessment (STA)10 in order to confirm that they do not pose or are not suspected of posing a threat to 10 The STA includes checking each applicant's identity against terrorist-related, law enforcement, and immigration databases that TSA maintains or uses. RT applicants who receive an approved STA result may become program participants (Source: http://www.tsa.gov/what_we_do/rt/index.shtm) ACE – Security Module 1 Page 38 transportation or national security and provide biometrics data (fingerprint and retina scan). The RT program is market-driven and offered by the private sector, with TSA largely playing a facilitating role. Some airports have expanded the RT privileges to include: • Modified airport configuration to minimize RT passenger wait times, including dedicated or integrated lines and lanes – bypassing even the frequent flyer lines. • Enhanced customer service for RT participants, such as divesting assistance, concierge service for luggage, and parking privileges. • Discounts for service or concessions (at certain airports). Up until 2011, the TSA had been adamant that RT status would not result in a lesser standard of screening for participants. However, TSA is now reassessing the true “Trusted Traveler” concept, but, as of this writing, it is still in its early stages. SECURE FLIGHT (FORMERLY CAPPS II) In 1996, the Gore Commission recommended the first passenger profiling system, known as the Computer Assisted Passenger Prescreening System (CAPPS). In January 2003, TSA proposed a new system called CAPPS II, which would have required passengers to provide airlines with a large amount of personal information to be checked against various government databases, including the No Fly and Selectee list. The program was massaged and ultimately became known as Secure Flight. Under Secure Flight, TSA takes over responsibility for checking airline passengers’ names against terrorist watch lists. TSA has now taken over responsibility for comparing Passenger Name Record (PNR) information of domestic air passengers to a greatly expanded list of known or suspected terrorists in the Terrorist Screening Center (TSC) database. Secure Flight is intended to: • • • • Prevent individuals on the No Fly List from boarding an aircraft. Identify individuals on the Selectee List for enhanced screening. Facilitate passenger air travel by providing fair, equitable and consistent matching process across all aircraft operators. Protect individuals' privacy. ACE – Security Module 1 Page 39 Along with Secure Flight, the Department of Homeland Security manages the Advance Passenger Information System (APIS), which allows DHS to collect passenger manifest information for international flights departing from or arriving in the United States prior to boarding. TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL (TWIC) The TWIC program provides a tamper-resistant, biometric credential to transportation workers requiring unescorted access to secure areas of transportation facilities – it is expected that this program will migrate to the aviation community within a few years. In addition to TWIC being included into ATSA, in 2004, President George W. Bush signed executive policy Homeland Security Presidential Directive-12 (HSPD-12), which directed the agencies to unify the government's identification badge systems through a new standard. The concept of the TWIC program is to improve security by establishing a system-wide common credential, used across all transportation modes, for all personnel requiring unescorted physical and/or logical access to secure areas of the transportation system. TSA has plans to implement a systemwide common architecture to meet current and future, physical and logical access requirements for all personnel, of all transportation modes, in all TSA areas of responsibility. The goal is to have one standardized credential that is universally recognized and accepted across the DOT, and that can be used locally using a scalable architecture. The card will be multi-modal and used in aviation, maritime, trucking, and other surface transportation. Presently, most individuals working at an airport or other transportation facility must have an access media card (access/ID), which is encoded to allow them access to certain areas. These cards serve as both identification credential and access key. Challenges in implementing TWIC into the aviation program are the large number of proprietary access control systems at hundreds of U.S. commercial airports and the ability, by regulation, of the airport operator to restrict access to the security areas of the airfield. Some early TWIC cardholders claim that their credential provides them access to any airfield, which is wrong on two accounts. The TWIC is not an access card, only an identification card, and airport operators through Title 49 CFR Part 1542 (Airport Security) and through Title 14 CFR Part 139 (Public Protection) have the right to decide who can access the Security Areas. An additional challenge is that airport operators want to know the level of background check that has been completed before allowing an individual access to their airport. TWIC presently does not allow airport operators to see the records of their cardholders. Along with TWIC, ATSA called for the establishment of a uniform identification system for law enforcement officers traveling with their ACE – Security Module 1 Page 40 firearms. This program has not moved forward independently since the passage of ATSA and may ultimately be wrapped up in the TWIC. ACE – Security Module 1 Page 41 Aviation Security Events since 9/11 Shortly after 9/11, in November 2001, the Nuclear Regulatory Commission temporarily ordered the closure of 500 general aviation airports across the U.S., when they believed that intelligence indicated a possible plot to attack nuclear facilities, using aircraft. The NRC ordered the closure of any airport within a three-statue mile radius of a nuclear facility. Commercial service airports were not affected. Then, on December 22, 2001, Richard Reid, a British citizen and convert to Islam, was arrested for trying to light a fuse to set off explosives concealed in his sneakers while on American Airlines Flight 63 from Paris to Miami. Reid was initially identified as a potential risk by contract airport security screeners conducting routine passenger security questioning. Reid was already considered suspicious, as he was a British citizen, traveling on a Passport issued in Brussels while flying from France to the United States. These inconsistencies, particularly the Brussels passport issued to a citizen of the U.K., resulted in Reid being referred to Paris police, who questioned and released him. A flight attendant noticed Reid’s unusual behavior, and she, along with other passengers, subdued him until the plane made an emergency landing in Boston. Two doctors onboard injected him with sedatives. Reid admitted he is a disciple of Osama bin Laden and allegedly was trained at an Al Qaeda terrorist training camp. He pleaded guilty and is serving a life sentence for air piracy. In 2002 and 2003, two surface-to-air missile attacks on commercial airliners made headlines. In November 2002, a pair of surface-to-air missiles was fired at an El Al charter flight as it departed Mombassa, Kenya, both missing their target. In the other incident, a DHL Airbus 300 cargo aircraft was hit with a surface-to-air missile as it departed Baghdad International Airport. The wing caught fire; however, the aircraft landed safely. In this incident, terrorists fired two SA-7’s at the aircraft, but only one hit the plane. A French TV crew filmed the incident. LAX Airport Shooting – Terminal Attack On July 4, 2002, a gunman opened fire near the El Al ticket counter at Los Angeles International Airport, in the Bradley International Arrivals Hall. The attack killed two people and wounded four others. The gunman was shot and killed by an El Al security agent. An El Al official stated they had received prior intelligence of a potential attack of this nature. The shooter, Hesham Mohamed Hadayet, was armed with a .45 caliber handgun, a 9 mm handgun and a knife with a six-inch blade. He did not have to pass through screening to reach the ticket counters and was therefore able to enter the public areas and commence his attacks without warning. ACE – Security Module 1 Page 42 In interviews conducted with LAX, it was learned that authorities, and LAX police officers with submachine guns in a tactical response formation, responded to the scene just moments after the El Al agent killed Hadayet. This detail is important to note, as many airport police officers are still ill-equipped to handle heavily armed gunman. Some airports such as LAX and Boston/Logan have equipped some of their police officers with submachine guns, providing their officers the capability of an adequate response to similarly armed attackers. Russian Airliner Bombings In August of 2004, suicide bombers destroyed two Russian airliners. Both bombers boarded the aircraft at Russia’s Domodedovo International Airport. They were able to bypass some security processes, such as not having the proper passports, by bribing airline ticketing personnel. It is assumed that they were able to pass through the screening checkpoint wearing the explosives as Russia’s walk-thru metal detectors, (similar to those used in the U.S.) do not detect explosives, only metal. Over 89 passengers and crewmembers died in the bombings. Both female bombers concealed the explosives in their braziers. Shortly thereafter, the TSA initiated a pat-down procedure for passengers requiring secondary screening, as well as initiated the deployment of Portal Trace Detectors (PTDs). The PTD is slightly larger than a metal detector, but it can detect trace elements of explosives on an individual. These were in limited use throughout the country but have been replaced by body imaging technology. Liquid Bomb Plot – Again Although the plot to blow up 11 to 12 U.S. bound commercial airliners was originally planned in 1994 by Ramzi Yousef, the same plot, uncovered in August 2006, seemed to catch many in the government and the general public by surprise. The plot, uncovered by United Kingdom MI-5 internal intelligence authorities, was similar to the Yousef plot in that it was intended for individuals possessing small amounts of liquidbased explosives to board commercial aircraft departing the U.K. for the United States. The explosives would be smuggled in small containers, such as contact lens solution bottles. After the attack was uncovered and thwarted, the resulting impacts on the aviation industry and the flying public are still being felt. Initially, U.K. authorities banned travelers from virtually all carry-on baggage including laptop computers, cell phones, iPods and other personal music devices, and nearly all liquids, including bottled water. In the United States, liquids in excess of three ounces were banned from being carried on-board unless the items were purchased after the passenger cleared the screening checkpoint. ACE – Security Module 1 Page 43 While some individuals who are clearly less educated on the aviation industry publicly speculated that this incident should require that passengers not be allowed to even have carry-on bags, the complete ban on these items was lifted after a few weeks in the U.K. and restrictions were relaxed a bit in the U.S., as well. During the ban, many passengers reported broken or stolen laptops, cell phones and other electronic equipment, and millions of dollars in cosmetics and other liquids were thrown away at security screening checkpoints. The primary challenge during the ban was that current screening technology is unable to detect liquid-based explosives. Although passengers are restricted to bottles containing three ounces or less of liquids (everything else has to be checked), there is considerable debate about the ability of a terrorist to either 1) take on several bottles each containing three ounces of a liquid-based explosive or 2) work with a accessory to combine liquids and construct an explosive device once on the aircraft. Restricting carry-on baggage, particularly laptops for business travelers and on ocean transit flights, limits the ability of the individual to work while on the flight. Forcing expensive electronic equipment, particularly laptop computers, into checked baggage opens the door for widespread and expensive theft, property damage and identity theft and corporate espionage if the information on the laptops is stolen and sold, not to mention the potential invasion of privacy rights. Since a large share of airline revenue is made from the business traveler, it is important to accommodate their business activities, or they will seek other options, such as private charter operations, or telephone conferencing. Another challenge created by such policies occurs when travelers are forced to check cell phones. If so, they are unable to use such devices while in the boarding area prior to the flight. While this primarily affects business travelers, it could also be a security of flight issue, as the use of cell phones on United 93 allowed passengers to be informed of the hijacker’s intentions, enabling them to fight back. The rapid implementation of the liquid ban resulted in thousands of people jamming airport ticketing and screening lines, creating a tempting target for a suicide bomber using a personal improvised explosive device or a VBIED. The liquid bomb plot highlights a key area that must be addressed within aviation security, which is the need to keep up with developing threats and technologies (for example, no technology was being used that could detect liquid-based explosives, although the attempt first occurred 11 years earlier). Attacks on Aviation Continue into the 2010’s In late 2006, there was a plot uncovered to shoot down an El Al airliner in Geneva. This discovery resulted in El Al installing counter-MANPAD (C-MANPAD) systems on their aircraft. These systems are similar to ACE – Security Module 1 Page 44 those used on military aircraft and rely on the dispensing of flares to trick a MANPAD into following the flare instead of the aircraft. In late 2006 and early 2007, several attacks occurred on the airport in Madrid, Spain, a suicide bomber attempted attack at the airport in Islamabad, Pakistan, and a vehicle-borne improvised explosive device attack occurred on the terminal building in Glasgow, Scotland. Also in 2007, the Implementing the Recommendations of the 9/11 Commission Act was passed, which mandated the inspection of 100% of all air cargo, and created Fusion Centers, which serve as intelligence focal points for homeland security related information. In 2008, TSA personnel stopped an individual with explosive-making materials in his backpack at the Orlando International Airport. In 2009, Najibullah Zazi was captured while plotting an attack on the New York City subway system. He was a shuttle bus driver at Denver International Airport. On December 25, 2009, Umar Farouk Abdulmutallab attempted to ignite a bomb hidden in his underwear on board Northwest Airlines Flight 253. Passengers and flight attendants prevented him from completing the attack and was taken into custody on six criminal counts, including attempted use of a weapon of mass destruction and the attempted murder of 289 people. In 2010, al Qaeda in the Middle East took responsibility for placing two bombs in ink printer cartridges and shipping them via air cargo. This plot renewed a focus on both al Qaeda’s attacks on the U.S. and the world in general, and accelerated air cargo security measures. Additionally, one of the leaders of al Qaeda in the Middle East, Anwar Al-Awlaki, is becoming a propaganda specialist of sorts with YouTube broadcasts and via his magazine, Inspire. The Yemen air cargo attack was featured in an issue of Inspire, discussing how the bombs were constructed and bragging that the attack cost just about $4,000 for al Qaeda, but is resulting in billions of dollars being spent by the U.S. and other countries to try to prevent future such attacks. This is inline with one of the strategies of al Qaeda, which is the economic weakening of the U.S. On January 24, 2011, an apparent suicide bomber detonated their explosives in the public terminal area of Moscow’s Domodedovo Airport, killing over 30 people and injuring more than 150. The attacks in airport public areas have increased debate over how to protect the airport as a whole instead of a singular focus on the screening checkpoint. On average, about five to six hijackings, along with numerous incidents of air rage and airport attacks occur worldwide every year. ACE – Security Module 1 Page 45 Summary Up until 9/11, many of the aviation security measures were established as a result of a new form of attack or repeated attacks. When hijackings and bombings increased beyond the public’s ability to tolerate them, the use of air marshals and passenger and carry-on baggage screening were implemented. In the 1980s, as international terrorism focused more on aviation, and employees became perpetrators and facilitators of air security incidents, the aviation industry increased regulations on airport access control and credentialing. Throughout the 1990s, moderate changes were made; however, with few exceptions, air terrorism had virtually ceased to exist in the U.S. The 9/11 attacks brought the U.S. back to the forefront of air terrorism, and the Transportation Security Administration was created along with the passage of the Aviation and Transportation Security Act of 2001. Throughout the 2000’s and into the 2010’s, attacks on the United States, specifically on aviation, continue to occur. Our industry remains challenged by having to make tough decisions about where to put our money and resources to prevent the next attack. Television, books and movies have provided an unending stream of ideas for criminals and terrorists. As far back as the classic movies, “Airport,” “Airport 75,” “77” and “79,” “Die Hard 2,” and others, Hollywood has discovered dozens of ways to put the aviation security system to the test. In fact, the specific strategy of hijacking an aircraft and crashing into the nation’s Capital was explored in the plot of Tom Clancy’s book Debt of Honor. Instead of looking at these books and movies as a source for terrorist ideas, security professionals might view them as potential future threats to be mitigated, prepared for, or defended against. ACE – Security Module 1 Page 46 The Aviation Security System: Agencies, Entities and Responsibilities The Department of Homeland Security The Homeland Security Act of 2002 created the Department of Homeland Security within the Executive Branch. Several governmental agencies were relocated or consolidated under DHS including the U.S. Coast Guard, TSA, the U.S. Secret Service, and the Federal Emergency Management Agency. Former U.S. agencies such as the U.S. Border Patrol, U.S. Customs and the U.S. Immigration and Naturalization Service were blended into DHS and reorganized under Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CPB). The primary mission of DHS is to: (1) help prevent terrorist attacks in the U.S., (2) reduce the country’s vulnerability to terrorism, and (3) assist in recovery after an attack. The Transportation Security Administration Created by the Aviation and Transportation Security Act of 2001, the TSA does not just oversee aviation security functions. The agency also oversees maritime and land security, and certain security intelligence and operations policy. The context of this document will address the aviation security function. The TSA’s organizational chart has changed frequently since the organization’s inception. For the latest organizational chart and structure refer to www.tsa.gov. Of importance to aviation security practitioners with respect to the TSA is that the agency is primarily responsible for aviation security at the federal level. The TSA provides staffing for the screening checkpoints and baggage screening and ensures compliance with federal transportation security regulations. Within each commercial service airport, the TSA also serves in an oversight capacity and an operational capacity through the activities of the Federal Security Director and his staff. TSA also is involved in numerous other programs, including: The Federal Air Marshal Program – hiring, training, and operations of FAMs. National Explosives Detection Canine Team Program – started in 1970 by the FAA to train and certify canines and their handlers. Training and certification of Federal Flight Deck Officers (FFDO) – the program to provide firearms and self defense training to pilots of commercial air carriers. ACE – Security Module 1 Page 47 Crew Member Self Defense Training Program – a basic self defense awareness program combined with hands on training at a local community college. Armed Security Officers Program – provides armed security officers for use on general aviation flights arriving and departing from Reagan National Airport. Office of Training and Development - provides rapidly deployable, national level resources regarding all aspects of Chemical, Biological, Radiological, Nuclear and Explosives (CBRNE). The Federal Security Director At the local level, most airports and airline operators work directly with the Federal Security Director (FSD) appointed to their airport. FSD duties include: • • • Service functions, including the screening of passengers, checked baggage and cargo. Regulatory functions, including airport and aircraft operator compliance inspections and approvals of airport security programs, oversight of the canine program and internal investigations. Administrative functions, including staffing, budget and finance personnel, human resource personnel, engineering, procurement, public relations officers and stakeholder managers. The Federal Security Director is responsible for providing day-to-day operational direction for federal security functions at the nation’s commercial service airports. The FSD is the local ranking TSA authority at each airport and is responsible for the leadership and coordination of TSA security activities, including tactical planning, execution, and operating management for coordinated security services. The job description for the FSD lists the following responsibilities: Organizing and implementing the Federal Security Crisis Management Response Plan. Implementation, performance and enhancement of security and screening standards for airport employees and passengers. Oversight of passenger, baggage and air cargo security screening. Airport security risk assessments. Security technology implementation and maintenance within established guidelines. Crisis management. ACE – Security Module 1 Page 48 Data and communications network protection and recovery and its impacts on federal security responsibilities. Employee security awareness training. Supervision of federal law enforcement activities within the purview of the FSD and TSA. Coordination of federal, state, and local emergency services and law enforcement. FSDs are assigned to an airport, or in the case of smaller airports, a group of airports. The FSD is assisted by two to three deputies, an Assistant Federal Security Director (AFSD) for Regulatory Inspection and an Assistant Federal Security Director for Screening. In some cases, an additional deputy for Law Enforcement may also be included. The AFSD – Regulatory Inspection is the principal advisor to the FSD on all matters concerning enforcement and compliance with airport and aircraft operator security programs and Security Directives. They plan, coordinate, and manage an inspection program for compliance by airlines and other airport tenants with airport and aviation security policies and regulations. They oversee a staff of Transportation Security Inspectors (TSIs) responsible for conducting comprehensive assessments and investigations of airport and air carriers to: • • • • • • Determine security position, monitor compliance with applicable transportation security policies, regulations and agreements. Identify potential problem areas or deviations from prescribed standards. Ensure overall adequacy, effectiveness and efficiency of security posture. Provide technical guidance to airports and air carriers on the development and/or modification of a large number of security plans to ensure compliance with regulatory requirements. Determine when enforcement action should be initiated and recommend the type of action and level of penalty. Review and analyze assessment reports and testing results with special attention given to identifying unusual trends or airport/air carrier actions that appear to have potential for developing a security problem. ACE – Security Module 1 Page 49 The AFSD of Screening manages the security screening staff, including checkpoint supervisors, manages screening operations, and administers regulations and policies pertaining to TSA’s aviation security program. Screeners are known as Transportation Security Officers (TSO), whose authority is only in relation to screening, not other airport operator functions; TSOs do not have inspection authority over airport or aircraft operator security programs, nor are they certified law enforcement officers. Some TSOs serve as Behavior Detection Officers (BDO), while others work in the Travel Document Check area of the screening checkpoint. The AFSD for Law Enforcement is one of the few, true law enforcement agents within the TSA (beside air marshals). AFSD-LEOs coordinate with local and state law enforcement for protection of the airport, as well as manage the Bomb Appraisal Officer (BAO) program. The third division overseen by the FSD is administrative, often comprised of stakeholder managers who coordinate with airport and aircraft operators on security issues, public relations officers, finance, human resource and other administrative personnel. Federal Air Marshals On September 11, 2001, the Federal Air Marshal program consisted of about 30 FAMs flying mostly international flights. Today, thousands of air marshals fly on tens of thousands of flights each month on a wide variety of routes and aircraft. The Department of Homeland Security is naturally reluctant to release the total number of air marshals it currently employs. It would be a matter of simple math for terrorists to figure out the odds of air marshals being on a particular aircraft if they knew the total number of marshals employed by the agency. Federal Air Marshals disguise themselves as ordinary travelers to maintain a low profile and blend in with passengers aboard mostly high-risk routes on U.S. carriers. They are authorized to carry firearms and work in teams to prevent hijackings. Federal Air Marshals are trained in the Federal Law Enforcement Training Center in Glynco, Georgia, and are badged and credentialed federal agents. Aircraft operator requirements for carrying Federal Air Marshals are covered in section 1544 of Transportation Security Regulations. Air marshals must meet the highest standards for marksmanship, for obvious reasons, and are there to protect the flight deck from intrusion. Many times, they may not intervene in a passenger disruption, until or unless the safety of the flight is jeopardized. In one recent case, an individual exited an aircraft lavatory and joked to an air marshal (unknowingly) that he was constructing a bomb in the lav. The flight immediately landed in Denver, Colorado, and the individual was taken into custody. ACE – Security Module 1 Page 50 The Canine and Explosives Program The TSA National Explosives Detection Canine Program (NEDCP) exists to deter and detect the introduction of explosive devices into the transportation system. In addition, bomb threats cause disruption of air, land and sea commerce, and pose an unacceptable danger to the traveling public and should be resolved quickly. Explosives detection canine teams are a proven, reliable resource to detect explosives and are a key component in a balanced counter-sabotage program. The use of highly trained explosives detection canine teams is also a proven deterrent to terrorism directed towards transportation systems and provides a timely and mobile response support to facilities, rail stations, airports, passenger terminals, seaports and surface carriers. A more complete description of the canine and explosives program is covered in a subsequent module. Explosives Unit The Explosives Unit provides an expert, rapidly deployable, national level resource to conduct all aspects of transportation explosives security, including: countermeasures development, testing and evaluation of explosives effects and detection systems; explosives incident management, technical support to DOT and other transportation security personnel; Weapons of Mass Destruction Program Management, post-blast investigations where a bombing is suspected; Least Risk Bomb Location (LRBL) assistance to pilots with suspected Improvised Explosive Devices (IEDs) in flight, and explosives security surveys and other technical explosives assistance. Missions are performed for both U.S. and foreign governments. A more complete description of the Explosives Unit is covered in a subsequent module. Screening Passengers by Observation Techniques (SPOT) The SPOT uses Transportation Security Officers (i.e., screening personnel) to conduct behavior observation and analysis techniques in the public areas of the airport terminal building. The program is designed to spot suspicious behavior and is in use by law enforcement and other security services throughout the world (TSA 2007). “TSA's SPOT-trained security officers are screening travelers for involuntary physical and physiological reactions that people exhibit in response to a fear of being discovered. TSA recognizes that an individual exhibiting some of these behaviors does not automatically mean a person has terrorist or criminal intent. SPOT does, however, help our security officers focus appropriate resources on determining if an individual presents a higher risk or if his/her behavior has a non-threatening origin. Individuals exhibiting specific observable behaviors may be referred for additional screening at the checkpoint to include a handwanding, limited pat down and physical inspection of one's carry-on baggage. Referrals are based on specific observed behaviors only, not on one's appearance, race, ethnicity or religion” (TSA 2007). ACE – Security Module 1 Page 51 While SPOT has yet (as of August 2007) to catch a terrorist as he or she attempts an attack, the program has captured several criminals or individuals wanted by the law. Behavior pattern assessment is widely used at many international airports. Aviation Direct Access Screening Program (ADASP) The Aviation Direct Access Screening Program (TSA 2007) focuses on screening employees who already are entering the Sterile or Security Areas of the airport. TSA personnel will dispatch to certain locations in the airport (commonly locations where airport and airline employees and airport tenants are moving from an airfield Security Area into the Sterile Area) and conduct an identification check and handwand the employee. In some cases, personnel conducting ADASP checks will perform them at a perimeter gate where vehicles can access the Security Areas of the airfield. The program, started in the fall of 2006, deploys officers anywhere, anytime to inspect workers, their property and vehicles. These officers ensure workers follow proper access procedures when entering secure areas, display the appropriate credentials, and do not possess items unrelated to their work that may pose a security threat. Outside the airport, random inspections include scrutinizing delivery trucks or personal vehicles at access gates. Inside the airport, roving patrols screen workers with handheld metal detectors and examine property for threat items that are unrelated to their work. Temporary checkpoints are also created beyond access points to ensure access protocols are followed and workers are screened before entering the terminal. These measures do not impact wait times at security checkpoints (TSA 2007) It is important for ADASP personnel to coordinate with airport operations and law enforcement agencies in case they need support, such as in the case of an unruly or uncooperative employee, or if they find a threat item, which ADASP teams have on several occasions. However, so far, in no instance has there been proof that the threat item was intended to be used in a terrorist attack on aviation. Other Government Agencies Commercial service airports, both large and small, can encounter a variety of other government agencies, each of which has a role in the national airspace system and some directly or indirectly in aviation security. These other government agencies consist of Immigration, Agriculture and ACE – Security Module 1 Page 52 Customs inspectors, along with U.S. Post Office and FBI personnel. The FBI often designates at least one agent to handle aviation security issues at each field office. Additionally, FBI personnel respond to hijackings, bomb threats and security incidents on airports. Airport Security Washington, D.C. may set the policy for aviation security, but it is the local airport operator for who ensures those policies are implemented, followed and enforced. The Airport Security Coordinator Another requirement of ATSA is that each commercial service airport must have at least one Airport Security Coordinator on duty and available 24 hours a day, seven days a week. Since this is an impossible task for one person, many airports have opted to have one primary Airport Security Coordinator, as well as several other personnel trained to act in the Airport Security Coordinator capacity as backup (in the event of vacations, travel, sickness, etc.). The Airport Security Coordinator is responsible for drafting the Airport Security Program (ASP), which must be approved by the TSA. The function of the ASP is outlined in more detail in the module on airport security. The ASC must also be trained to be an ASC using the curriculum guidelines set forth by the TSA (and outlined in Part 1542). The ASC is responsible for conducting background checks on individuals with unescorted access to the airfield, managing the access control system, granting access to airlines, contractors, tenants, and vendors, conducting security training for employees who receive an airport identification badge, managing the security guards, and/or overseeing security enforcement on the airfield and in the terminal building. The ASC works with the police or sheriff’s department assigned to the airport and other federal, state and local law enforcement agencies to design and implement security contingency plans for bomb threats, hijackings, airport attacks and other threats. The ASC is also responsible for managing the airport’s K-9 bomb dog detection program. Law Enforcement Law enforcement agencies at an airport are responsible for enforcing laws, just as they would be on the streets of any city or county. Additionally, they have the responsibility to respond to screening checkpoints and provide immediate response to security situations. Law enforcement agencies also manage any K-9 bomb dog programs, conduct VIP handling and are usually the first responders to any major security incident. ACE – Security Module 1 Page 53 K-9 bomb detection dogs are provided by the TSA. The dogs and their handlers are trained by the TSA, but it is the local agency’s responsibility to provide the police officer, pay their salary, and take care of the bomb detection dog once it is trained. Some of the expenses are reimbursed by the TSA. The police chief or sheriff must work closely with the ASC to provide protection for the traveling public and affect a mutually beneficial response to airport incidents. Airport Operations At larger airports, a separate division, commonly referred to as airport operations, handles airfield inspections, security escorts, and various other duties, but these personnel are often the first line of response and/or detection of security problems. Since the ASC is often an administrator role, at most airports it is the responsibility of airport operations personnel to coordinate security guard, law enforcement, and fire rescue response to airfield situations. Therefore, the ASC should coordinate closely with airport operations personnel. At small airports, airport maintenance personnel often double in the operations role; at very small commercial service airports the operations function may be conducted by the airport manager. The most important point regarding airport security is the ASC drafts the ASP. This plan is essentially a promise to the TSA, explaining how security regulations will be met at each particular airport. The ASP is unique to each airport, and once the TSA approves the ASP, the airport must follow it. Air Carrier Security Screening was the majority of the air carrier security function prior to 9/11 and was moved to the domain of the federal government with the enactment of ATSA. However, there are still several key air carrier security functions. The Airline Station Manager At each commercial service airport, one individual is designated as the station manager for the airline. This individual is responsible for the safe and secure travel of the passengers on the airline, and also addresses numerous administrative tasks like human resources, budgeting, and other business functions. Whenever a security incident involves a commercial aircraft, the station manager is most often the sole representative of the airline to the airport, the TSA, and/or law enforcement agencies. The station manager is often the only one with the authority to make decisions on behalf of the airline. ACE – Security Module 1 Page 54 Aircraft Operator Security Coordinator (AOSC) One individual is designated by each aircraft operator to be the primary point of contact for the TSA. The AOSC is similar in role and function to the Airport Security Coordinator and is responsible for the airline’s compliance with federal regulations. Often, large aircraft operators will designate additional AOSCs, one each for their major hubs. Ground Security Coordinator (GSC) The ground security coordinator is an airline employee who has been trained by the airline to coordinate the security functions of each flight. The GSC works with the airline station manager and the flight crew. In large commercial service airports, many airline gate agent personnel are trained as ground security coordinators. Additional information about the role of the ground security coordinator and the role of air carrier security is covered in a later module. In-Flight Security Coordinator The in-flight security coordinator is the pilot-in-command (PIC) of a particular aircraft. The PIC has final responsibility for the safety of the flight. Corporate Security and Loss Prevention Air carriers employ corporate security personnel who are responsible for receiving and disseminating information from the Transportation Security Administration, in addition to other risk and loss prevention duties. Corporate security personnel also oversee the security training of flight crews and ground personnel. Human resource personnel often take care of ensuring that fingerprintbased CHRCs are completed. However, the AOSC is ultimately responsible for ensuring these checks are properly conducted. ACE – Security Module 1 Page 55 Industry Organizations A number of industry organizations influence aviation security policy: • • • • • • • • • • • • • • American Association of Airport Executives Air Line Pilots Association Air Transport Association Airport Law Enforcement Agencies Network Airports Council International – North America Airline Pilots Association Allied Pilots Association Association of Flight Attendants National Association of State Aviation Officials Coalition of Airline Pilots Associations National Air Carrier Association National Air Transportation Association National Business Aviation Association Regional Airline Association Many of these organizations speak through the TSA’s Aviation Security Advisory Committee (ASAC). Other organizations are added or removed from the committee depending on the issue. As an example, when the ASAC considered general aviation airport security guidelines, organizations such as the General Aviation Manufacturers Association, the National Air Transport Association and the U.S. Parachute Association were part of the committee. Summary The TSA employs Federal Security Directors to oversee security at each commercial service airport, most specifically the screening function. Each airport has its own Airport Security Coordinator who primarily controls access to the airfield, background checks and the badging and training of personnel. The ASC drafts the Airport Security Program, which is an explanation of how federal regulations will be followed and met at the airport. Local law enforcement agencies, airport operations and maintenance personnel are often integral to the fulfillment of the ASP – being in the airfield, they are the so-called “tip of the spear.” Air carriers continue to serve security roles through their station manager, ground security coordinators and pilots. Industry trade associations represent various interests throughout the aviation system including airport operators, the airlines, business aircraft operators and general aviation aircraft owners and pilots. ACE – Security Module 1 Page 56 References AirDisaster.com. (2007). "Special Report: Pacific Southwest Airlines Flight 1771." Retrieved 8/20/07, 2007, from http://www.airdisaster.com/special/special-pa1771.shtml. Commission (2004). The 9/11 Commission Report. Washington DC. Elias, B. (2005). Aviation Security-Related Findings and Recommendations of the 9/11 Commission. C. R. Service, Library of Congress: 20. Rumerman, J. (2007). "U.S. Centennial of Flight Commission." Retrieved 8/20/07, 2007, from http://www.centennialofflight.gov/essay/Government_Role/security/ POL18.htm. Thomas, A. (2003). Aviation Insecurity. New York: Prometheus Books. TSA. (2007). "Screening Passengers by Observation Techniques (SPOT)." Retrieved 9-7-07, 2007, from http://www.tsa.gov/what_we_do/layers/spot/index.shtm. TSA. (2007). "TSA Enhances Security With Employee Screening." Retrieved 9-7-07, 2007, from http://www.tsa.gov/what_we_do/layers/employee_screening.shtm. TSA. (2007). "VIPR Teams Enhance Security at Major Local Transportation Facilities." Retrieved 9-7-07, 2007. Wallis, R. (1993). Combating Air Terrorism. New York: Brassey's. ACE – Security Module 1 Page 57