You are on page 1of 4

International Border Security Forum

May 2013

Policy Brief

Summary: Border protection is not just an immigration and economic issue now, but a critical national security matter. Airports are the most essential component of border security. There are three basic principles for a successful airport security program: comprehensiveness, concentric layer approach, and risk management. The best airport security approach is one that relies on multiple detection techniques, combining technology with the human agent.

Airport Security: A National Security Challenge


by Raphael Ron

Background The end of the Cold War and the globalization process that accelerated during the 1990s changed the nature of international conflicts from symmetric struggles between states protecting their territory and interests to an asymmetric struggle between states and non-governmental organizations, mostly global, with no territory and limited physical assets. The 9/11 Al-Qaeda attack on the World Trade Center and the Pentagon is the most dramatic example of the change. A small group of terrorists with a very small budget and very limited weaponry were able to change the worlds political landscape in a way never done before. The 9/11 attack has elevated the status of terrorism from a disturbing factor to a strategic threat to national and world security. The importance of protecting the homeland against the new strategic threat has become a top priority for most countries national security agenda. Border protection is not just an immigration and economic issue now, but a critical national security matter. Airports are the most critical component of border security.

Airport Security Principles There are three basic principles for a successful airport security program: comprehensiveness, concentric layer approach, and risk management. 1. Comprehensiveness ensures that the security program covers everything that is relevant to the task (facility security, access control, perimeter, passenger screening cargo etc.) in a balanced manner and across agency lines and that the security operation maximizes the use of available resources. It calls for a clear and unified structure of responsibility, authority, and accountability. There is a need for separation between the regulating agency and the implementing agency to ensure unbiased supervision and enforcement. 2. A concentric layered approach assumes that no single layer of security is capable of meeting the security challenges. It provides the depth that improves our ability to stop or prevent an attack at the earliest possible stage, serving both ground and air security. The layers are as follows: National intelligence has proven to be an extremely effective first

Plac Jana Henryka Dabrowskiego 1 00-057 Warsaw Poland T: +48 22 845 63 10 F: +48 22 828 21 07 E info@gmfus.org

International Border Security Forum

Policy Brief
layer. The capture of the Liquid Bombers plotters is an excellent example of this. The next layer is the use of data stored in various databases accessible to the government for the purpose of implementing an Individual Risk Assessment to all booked passengers. The result of the risk assessment should be integrated and possibly completed at the airport passenger security processing area. Another layer is the airport ground security setup, with a robust surveillance system supported by uniformed and plainclothes boots on the ground. This layer should implement a professional behavior pattern recognition program throughout the airport in order to detect potential perpetrators and challenge them on security terms. Special attention is paid to the curbside and at all entrances to the terminal. Airport employees should play a role in the behavior detection effort to the best of their abilities. The fourth layer is the check-in counter where the passenger leaves bags and identification is verified, bags are tagged and delivered to the baggage security system, where it is checked at the appropriate standard based on the passengers security risk assessment score. Parallel to the bag check, the next layer, the security checkpoint, is where identity is verified by biometric technology (where available). Passengers are directed to different lanes according to their risk assessment score. High risk assessment score passengers should be interviewed by a specially trained agent before they are allowed to proceed to the gate. Behavioral surveillance is implemented at the gate area, with special attention to the boarding process. On the aircraft, the potential presence of air marshals and a crew trained in behavior observation are the next layer and obstacle for the perpetrator. The last and most important layer of protection on board is the reinforced, bulletproof cockpit door (preferably a double door system) and the security procedure to keep it closed. On the ground, a perimeter intrusion detection system (backed up by a quick intervention team) protects the airside against unauthorized access to the ramp or the runways. Additionally, an access control system is used
2

to protect sterile and other sensitive areas of the airport. Armed quick intervention teams must be available at all times to respond promptly to any development. The best example of a multi-layer security program is probably Tel-Aviv Ben Gurion Airport, where the surveillance starts at a vehicle checkpoint as you enter the airport ground and is maintained consistently through various layers described above. 3. The Risk Management approach is an alternative to the one-size-fits-all approach implemented in most airports worldwide. The main difference between the one size and the risk management approaches is that the one size approach ignores the fact that different people (passengers) represent different risk levels. As a result, the one size approach implements a single level of security to 100 percent of the population so that it forces the threshold down due to cost, privacy time and other factors. Using the one size approach, security checkpoints were challenged many times by real terrorists including on 9/11, the Shoe Bomber, the Underwear Bomber, the Chechen Black Widows, and more. It failed with every challenge. The only country that successfully developed and implemented a risk management solution was Israel, as early as the 1970s. The Israeli risk management approach was based on individual passenger risk assessments done through interview techniques carried out at the airport prior to checking in for the flight. In this system, the interview and document check resulted in risk level classification, which was followed by a search level compatible to the adjudged risk level. In other words, a high risk passenger was subjected to a much more thorough search than a low risk passenger. Through the years, with emerging new technologies, many of the inconveniences involved in the higher end risk searches have been modified, but the principle of managing the risk by applying compatible measures remained the backbone of the Israeli solution. It is during the last few years that the value of the risk management approach was embraced by other countries, including the United States to some extent. The U.S. implementation of risk management in airport security policy at this time is limited to voluntary trusted passenger programs like Pre-Check and Global Entry and to a Transportation Security Administration (TSA) version of behavior detection.

International Border Security Forum

Policy Brief
Detection of Items or Detection of Intentions? The one size traditional checkpoint concept is based on the assumption that we can prevent acts of terrorism by preventing banned items from being carried on to the aircraft. There are many issues that question the validity this assumption. The first and maybe the most important one is an accumulating number of failures, despite the constant efforts to improve the detection technology used at the checkpoint. Yet, when we examine the reasons for the failure in depth, we find some fundamental weaknesses in the item detection only approach. The first problem arises when we build a list of banned items. The problem with terrorist tool box is that it is full of unexpected surprises such as improvised weapons and other devices. On the morning of 9/11, we did not consider box cutters and small knives a threat. The morning after, they became the leading threat, and TSA agents and other airport security personnel worldwide were spending most of their time confiscating them. Only lately, as part of a more analytical approach, has TSA changed the rules and small knives are no longer on the list. TSA finally recognized that locked cockpit doors have reduced the risk of the small knife. Another example is the liquid issue. Suddenly, after the good work of British intelligence, we realized that liquid explosives are known to terrorists (2006) and they intended to use them in order to overcome security checkpoint screening. Is this really the case? Have we forgotten the notorious Ramzi Yusuf, the mastermind of the first attack on the World Trade Center in 1993, who successfully experimented with a liquid explosive bomb on board a Philippine Air flight in 1994? Have we forgotten the North Korean intelligence bombing of a South Korean airliner with liquid explosives in 1987, killing all on board? The answer to these disturbing questions is that we didnt have the technology to detect liquid explosives at the time and we were unwilling to give up our security paradigm that we can secure aviation by use of detection technology alone, as limited as the technology was and still is. We are a technology savvy society. We love technology because we know we can trust it to do what it is designed to do. Terrorists love our detection technology because they can trust that it will not do what it is not designed to do and never did before. In a sense, our technology gives the terrorist a positive feedback on what to expect. That
3

Terrorists love our detection technology because they can trust that it will not do what it is not designed to do.
was the idea behind the Shoe Bomber attack in 2001 and the Underwear Bomber attack in 2009. In both cases, they were proven right. They managed to take their devices through the checkpoint undetected. In fact, statistics tell us that there has never been a case of stopping an actual terrorist attack through the item detection solution alone. On the other hand, when we add a human component that is able to identify inconsistencies, raise questions, and look for answers about the legitimacy of the passenger, the formula becomes much more powerful. You may detect even an explosive device carried by an innocent passenger without his or her knowledge. That was the case of Anne Marie Murphy, a pregnant young Irish woman trying to board an El AL flight to Tel Aviv carrying a bomb made by Syrian Intelligence and given to her by her Palestinian boyfriend without her knowledge in 1986. It was through the Israeli interview-based procedure that inconsistencies in her story emerged and led to the detection of the highly sophisticated concealed bomb. In short, the best approach is one that relies on multiple detection approaches, combining technology with the human agent. This decreases the level of predictability for the terrorist, making that person unsure of what to expect. With todays advanced information technology in the hands of professional aviation security personnel and the ability to conduct interviews with a small number of selected passengers, the chances of terrorists succeeding in getting on board with their tools are getting smaller. This is the foundation to build on, refining both the technology available and the interview techniques. Challenges Although the three-tiered approach outlined above has been proved effective, challenges remain. Terrorists continue to seek out gaps, learning from the experience of failed attempts. In order to remain successful, we need

International Border Security Forum

Policy Brief
to focus on the following areas of continued refinement of technology and procedures: Develop and implement a real risk-based aviation security program that will provide an effective solution and that will also meet our civil rights threshold. Develop and implement a computerized non-discriminatory passenger risk assessment tool. Establish a behavior pattern recognition program throughout all airports. Design checkpoints to accommodate different levels of searches in accordance with the passenger risk levels found through behavior pattern recognition programs at the checkpoint area. Revise the structure of responsibility, authority, and accountability for security at the airport level to adapt to the multi-layered security and risk management approach to airport security, including the creation and operation of a unified command and control center. Ensure separation of regulator and implementer roles. Create and use an international clearinghouse for information sharing that will overcome the reluctance of states to share security information; if not possible, create bilateral agreements or limited club style solution. Implement a comprehensive airport security program starting with a comprehensive threat and vulnerability analysis resulting in a security plan that covers all security aspects at the airport regardless of agencies boundaries. In the final analysis, there is no silver bullet solution to airport security. Rather, it is a process of continued development and refinement. The Israeli experience has shown, however, that the right-sized mix of different components allows airport security professionals to stay one step ahead of the terrorist. While no system is bulletproof, there are abundant data sets now available to help develop more effective procedures worldwide.
About the Author
Raphael Ron (rafi.ron@nasscorp.com) is a leading aviation and homeland security expert with more than 40 years of security and counter-terrorism experience worldwide. He is the former director of security at Tel-Aviv Ben-Gurion International Airport and the Israeli Airport Authority from 1997 to 2001. In 2001, formed New Age Aviation Security and New Age Security Solutions, where he is president and CEO.

About the International Border Security Forum


The German Marshall Fund of the United States (GMF) hosts the International Border Security Forum to enhance understanding between senior multilateral policymakers and build cooperation on the most pressing border security challenges. This program brings together political level representatives from the member states of the European Union, the United States, Canada, and Israel. The format of the meetings is an off-the-record conversation among a small, yet highly selective group of senior policymakers, and designated senior experts. The accompanying series of policy brief deepens the discussion and provides information to the larger border security community.

About GMF
GMF strengthens transatlantic cooperation on regional, national, and global challenges and opportunities in the spirit of the Marshall Plan. GMF does this by supporting individuals and institutions working in the transatlantic sphere, by convening leaders and members of the policy and business communities, by contributing research and analysis on transatlantic topics, and by providing exchange opportunities to foster renewed commitment to the transatlantic relationship. In addition, GMF supports a number of initiatives to strengthen democracies. Founded in 1972 as a non-partisan, non-profit organization through a gift from Germany as a permanent memorial to Marshall Plan assistance, GMF maintains a strong presence on both sides of the Atlantic. In addition to its headquarters in Washington, DC, GMF has offices in Berlin, Paris, Brussels, Belgrade, Ankara, Bucharest, Warsaw, and Tunis. GMF also has smaller representations in Bratislava, Turin, and Stockholm.

You might also like