Don’t hit the snooze on this alarm
2012 February 18 by leadingedgestrategies
When an alarm system is broken, you fix it, you don’t turn off the alarm. But that’s what Congressman Mike Rogers-R (Alabama) who is also the chairman of the Transportation Security Subcommittee Congressman said in a recent Bloomberg article – he believes that the terrorist threat has changed and that we should look at getting rid of the air marshal program. Was George Bernard Shaw right? Do we truly learn nothing from history?
Let’s say your house gets robbed, so you buy an alarm system. Then, you don’t get robbed again for 10 years. Should you conclude that the threat is now gone and you should get rid of the system? No, most people would logically conclude that the alarm system is what’s keeping the house from being robbed again. Then, take it a step further and post a sign in front of your house stating that the system is now inactive. How ludicrous would that be? But, it’s apparently what is now being considered.
The air marshals have had some problems recently. The solution should be to fix the problems, not get rid of this essential layer of aviation security. Air marshals were among the first responses to hijackings to ever be employed (JFK deployed them back in the early 1960s to deter hijackings). Throughout history, as we’ve applied additional security measures, the air marshal program has come and gone and come and gone – and every time it goes away we pay the price. In fact, nearly 3,000 people paid the price on 9/11 when we decided back in the 80s, that the hijacking threat was essentially gone and we should just focus on bombs.
While you cannot point to defeated terrorist attacks or hijacks attempts as a result of the air marshals, I can almost guarantee without them, the terrorists will have renewed resolve that they can once again use hijackings as a weapon in their arsenal.
What are we thinking? Is the thought that passengers will suddenly rise up against an attempted hijacking – against knife-wielding bad guys, maybe, but it’s short-sighted to think that the next hijacking will look like the last one. It will probably not. In fact, the next hijacking may have hijackers with pistols, IED’s and submachine guns that have been smuggled on board by airline or catering employees – it’s a tactic that’s been used frequently in the past and why should the terrorists not return to what’s worked for them in the past? Do we really want to bring guts and skin to a gunfight, and also tell the bad guys that there is NO chance an air marshal will be on board?
Air marshals should be here to stay. They are part of an integrated, layered security system – and if there aren’t any attempted hijackings on their watch, then maybe they are doing their job. Take them away, and I can almost guarantee the bad guys will break out the old blueprints and start planning the next 9/11. This is one alarm system we don’t want to hit the snooze on.
http://www.businessweek.com/news/2012-02-17/air-marshals-cost-effectiveness-questioned-by-u-s-house.html
Is that you, John Wayne, is this me?
2012 January 25 by les-admin
Aviation Security Summit, Day Two, General Session II
2011 December 13 by leadingedgestrategies
Aviation Security Summit, Day Two, General Session II
Aviation Industry Perspectives
Jeff Price C.M. Principal, Leading Edge Strategies, Associate Professor, Metropolitan State College of Denver
Stephen Alterman, President, Cargo Airline Association
Duane McGray, Executive Director, Airport Law Enforcement Agencies Network
“Beware of people bearing gifts as they might have liability attached,” warned ALEAN director Duane McGray in the last of the public aviation security sessions. McGray addressed earlier issues with TSA joint operating issues with airport law enforcement and the deployment and use of the vapor-wake detection dogs, mentioned yesterday by Congressman Rogers.
McGray clarified that the term “vapor-wake,” was used by Auburn University in the initial pilot studies, but that today the program is formally known as the Passenger Screening Dog Program (PSDP). In the U.S. there was an initial planned deployment of 275 teams and that the United Kingdom has used the program for man years.
McGray stated that of the pilot airports, presently, none of the airports will accept the dog teams after the pilot is over. “It’s not a performance issue, it’s resolution,” said McGray, In the thirty plus year history of K-9 use at airports, when a dog indicated a possible explosive device, the situation was treated as an actual device until determined to be okay. However, with PSDP, when a dog detects an explosive element and tracks down the individual believed to be responsible, a TSA bomb appraisal officer is called, who then interviews the individual, then notifies airport police if they believe further scrutiny is needed. McGray noted that this is the reverse of the existing process.
Steve Alderman discussed the fact that while TSA met the deadlines for 100% all cargo screening in the U.S. but not the international deadlines, was not their fault. “We’re dealing with the governments of sovereign nations.” Alderman believes that it will be 2012 or 2013 before foreign governments can meet the international air cargo screening requirements.
Alderman cautioned attendees that the vaunted air cargo screening program and other initiatives hailed by politicians and regulators over the past day and half are not as far along as stated, but that they `x3c4bvckjfrward.
Both McGray and Alderman noted that the lines of communication with the TSA and the industry are more open than ever before which has improved relationships and processes.
###
Aviation Security Summit, Day Two, General Session II
2011 December 13 by leadingedgestrategies
Aviation Security Summit, Day Two, General Session II
Addressing the Insider Threat: Airport Access Control and Perimeter Security
Jeanne Olivier, A.A.E. Asst., Director, Aviation Security and Technology, Port Authority of New York and New Jersey
Laurie Aaron, VP, Quantum Secure
Christopher Runde, Director, Strategic Business Development, Alert Enterprise
Jeanne Olivier kicked off the session, talking about how “intelligence,” and other related information is an essential component to perimeter security, not just technology.
Ten years after 9/11, airports continue to implement both TSA mandated security measures, but also locally identified security measures.
“We’ve come to understand that different aspects of the “don’t knows,”‘ said Olivier. We now know that there are things that we don’t know. We know that there is some technology and certain processes have helped us close some security gaps.
Laurie Aaron brought some perspectives on the insider threat: can go undetected until too late; there is a higher chance of success and lower chance of being caught and can be disastrous.
National Infrastructure Advisory Council (NIAC) defined insider threat. Click here for more information: http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf
Aaron discussed an OIG report on insider threat within aviation focuses on the badge issuance process, the failure to properly conduct background checks, airport workers using security badges to access checked baggage and secured areas of the airfield. She pointed out several past incidents where airport employees were able to smuggle guns, drugs and in one case, Mark A. Russo Long Island Macarthur Airport who not only lied to obtain an airport ID badge, but was in the position of checking the credentials of others who applied for airport ID.
Aaron defined the challenge of credentialing in being that there are hundreds of employers asking you (the airport security manager) to give hundreds of employees access to the airfield.
Aaron also discussed the phases of implementing biometric based access control:
Phase I: combine the STA and CHRC process using a secure two-way submission
Phase II: Biometric used for identity verification (useful for spot checked on the ramp)
Phase III: Biometric used on Smart Card
Phase IV: Biometric used in physical access control
Chris Runde, formerly of the TSA, added to the issue of the insider threat, is that many times the anomalies are clear after the fact, but the damage has already been done. But, Runde noted, that key to the process of effective security in credentialing, is to remove manual processes, review physical access and logical access policies and remove access upon termination of personnel who have access to the system.
Runde also noted that through security systems integration, the system can note characteristics of unauthorized access attempt irregular use patterns, and a combination of role and attempted access. As rules are applied and tested (such as use patterns) the system becomes smarter and you can refine the process to focus on specific patterns and rules that will identify the real threats.
###
Aviation Security Summit, Day Two, General Session I continued
2011 December 13 by leadingedgestrategies
Aviation Security Summit, Day Two, General Session I
Aviation Security: A Look Back and A Look Ahead
Carter Morris, SVP Transportation Security Policy, AAAE
Douglas Hofsass, Deputy Asst., Administrator, TSNM, TSA
Doug Hofsass has been with TSA for quite sometime. He was on the emergency response team for United Airlines for Flight 93, then served as the Federal Security Director at LaGuardia and has served in several roles at TSA HQ. He has been extraordinary in his outreach to industry throughout his time.
Hofsass acknowledged that there have been challenges, particularly with the implementation of several Security Directives, but that with Administrator Pistole, TSA is trying to bring industry into the conversation earlier in the process to assess what will work and will not work. Hofsass pointed to successful programs such as the In-Depth Security Review (ISDR) but that there is more work to be done.
Hofsass commented that ‘”people feel better about working with TSA since they used to,” which was met with numerous positive head nods throughout the room.
“IDSR is one of the most successful initiatives that TSA and airports have taken on,” said Hofsass. With the trade associations, airport operators and TSA at the table, the IDSR began with the mission to clean up the SD’s, but has turned into a regulatory review and created a vehicle that can be activated, “we have a trusted group of individuals … that we can bring in and do an immediate threat stream analysis.”
Other benefits of IDSR have been good pilot programs to look at insider threat and other technology and process solutions, that are economical for airports.
Hofsass noted that when TSA personnel are discussing issues with Pistole, his first comment is, ‘have we talked with industry about that?’
TSA’s Transportation Security Network Management (TSNM) branch is now being reorganized to Security Policy and Industry Engagement (SPIE) will have the responsibility of driving policy for the industry but will go outside of commercial aviation.
Hofsass said that general aviation’s revised Large Aircraft Security Program (LASP) regulations, and the Foreign Repair Station regulations, are on the front burner.
Former FAA Security Director, Cathal “Irish” Flynn, questioned Hofsass about White House and Congressional pressure to “do something,” when there is an attack, and whether TSA now has the wherewithal and credibility to stand up to lawmakers and say they are already addressing the issue and that knee-jerk legislation is not necessary.
“Having one of the world’s most respected and counter-terrorists chief, does not hurt,” said Hofsass. Hofsass noted that Pistole has opened doors to key communities that had not previously been accessible by previous Administrators.
Reno Airport Director Krys Bart questioned Hofsass about recent FSD proclivities to pushing TSA responsibilities back to airport operators, speaking specifically about exit lane staffing. Bart noted that this is similar to the early days of TSA.
“Is there a mandate for airports to man exit lanes at airports,” asked Bart.
“Not that I’m aware of,” replied Hofsass.
Several years ago, TSA did change exit lane staffing responsibilities to the airport operator where the exit lane was remotely located from the security checkpoint, but Bart claims that some TSA FSD’s are telling airport operators that they now need to staff the exit lanes that are co-located with the screening checkpoints.
###
Aviation Security Summit, Day Two, General Session I
2011 December 13 by leadingedgestrategies
Aviation Security Summit, Day Two, General Session I
U.S. Customs and Border Protection Leadership Discussion
Carter Morris, SVP Transportation Security Policy, AAAE
David Aguilar, Deputy Commissioner, U.S. CBP
(written in real-time during the session – please forgive grammatical and structure errors – comments are paraphrased, unless enclosed in quotes)
Aguilar started off by connecting the importance of CBP to the aviation industry as essential partners in counterterrorism.
The system will always be a “work in progress,” said Aguilar, discussing the border protection and aviation security industries,” because they will always adjust to what we do.”
The perspective of border protection has changed – previously, border protection was about methods, maritime, aviation, land – today, it’s about flows. The flow of commerce and personnel which requires a different strategy. “Used correctly, risk management and data management make us safer and more dynamic.”
“We have become managers of information,” said Aguilar about his agency that handles over a billion data lines of information are shared every day. “What we do and how we manage that information is critical to managing the security or our nation.”
CBP is now asking whether they can use the technology and processes beyond security, to assist the 98% of legitimate people and goods that are traveling across our borders – Aguilar believes they can.
Like TSA, CBP is another agency that’s moving towards risk based security – using intelligence and data to focus resources on the small population of individuals who require additional scrutiny. Also, CBP is working towards stopping terrorists and criminals from entering the U.S. early on in the detection process, not at the last point of failure.
Air cargo advanced screening pilot – the impetus for the air cargo screening was the Yemen air cargo bomb plot in October 2010. Aguilar said that it became critical to understand what was coming into the country before it leaves the International departure point. In just four months the pilot program begin screening cargo from 28 different countries in the Middle East. Aguilar however did not address the method of screening.
Aguilar says that the promise of “sooner, safer, cheaper,” has been met but there is more work to do.
Aguilar then expanded briefly on the Beyond the Border Action Plan, which is available on the CBP website. Beyond the Border articulates a shared approach to security in which both countries work together to address threats within, at, and away from our borders, while expediting lawful trade and travel (CBP website).
###
Aviation Security Summit General Session IV continued
2011 December 12 by leadingedgestrategies
Aviation Security Summit General Session IV
International Aviation Security – A Global Perspective
Moderator: Benjamin DeCosta, A.A.E.
John Halinski, Asst., Administrator, Global Strategies, TSA
Zohar Gefen, Manager, Security Division, Ben-Gurion Airport
James LoBello, Cargo Security – America’s Region, Lufthansa Cargo AG
(written in real-time during the session – please forgive grammatical and structure errors – comments are paraphrased, unless enclosed in quotes)
Halinski: TSA has approximately 250 individuals operating overseas and a mandate to promote the implementation of global transportation security processes, while ensuring compliance with worldwide and TSA standards. Mission areas include: Compliance, Engagement/ Outreach, Capacity Development.
The key to fulfilling this mission is developing good relationships with the host government. TSA can’t tell the host government what to do.
There are several U.S. regulations that address foreign aviation security, including:
49 US Code 44934 (TSA Representative Program) resulting from Pan Am 103 in 1988
49 US Code 44907 (Foreign Airport Assessment), resulting from TWA 847 in 1985
44916: Foreign Air Carrier Inspections
114 ICAO
49 US Code 44924 Repair Stations
49 US Code 44906 Foreign Air Carrier
Part 1546 Foreign Air Carriers
Liquids and Gels (LAGs): TSA is working with the European Union and pilot programs with respect to screening LAGs – attempting to balance security with facilitation – “is there an ability to use a risk-based methodology.”
Staff screening: two schools of thought – single point of failure, vs. holistic approach to insider threat. ICAO is soon to come out with a staff screening requirement, but TSA believes that’s a single-point-of-failure, and that instead, we should have a layered affect, with background checks, random searches, etc.
Cargo: TSA is working closely with ICAO on transshipment cargo. Currently attempting to define high risk cargo, and how to phase realistic Standards and Recommended Practices that don’t kill the industry. “It’s not just about the regulators, it’s about business.”
National Cargo Security Program Recognition: looking at how foreign governments are doing cargo, then accepting their procedures if they are acceptable.
A 100% inbound cargo strategy is based on a risk based model. We will have to “sell” this, whatever process TSA develops, to the world, since we cannot mandate what foreign governments do – we can only mandate what U.S. air carriers do.
AIT/body scanners: TSA has moved forward with deployment – the EU is deploying the millimeter wave. We are seeing that body scanners are becoming much more accepted world wide.
Gefen: Ben Gurion is a medium sized airport, conducting about 12 million enplanements per year.
Passenger security in Ben Gurion is only one part of airport security. The main objective is to prevent explosion or hijacking on an airplane departing from Israel. Ben Gurion must also keep an eye towards budget, image and customer service.
There are four levels of security: a supportive infrastructure, state of the art technologies, regulations and the human factot (well trained and educated security personnel).
Passenger security starts with a short interview done by a security agent to determine the level of threat – we have several levels of threat. We use various materials and protocols, along with detection of suspicious behaviors. We check bags through CT scanners according to the level of security of the passenger. The process ends with passenger inspection before entering the sterile zone.
In the next few years, expect some changes to the passenger process in Ben Gurion – known as “the advanced technology concept,” which means implementing a holistic security solution, blending our human factor processes and technologies.
Gefen believes that there is nothing better than the “eye and touch” of a human security agent.
LoBello: noted that unlike passenger and baggage screening, air cargo screening is the responsibility of the air carrier.
The need for mutual recognition – ensure that air cargo is protected within various and changing government mandates; supply chain focus means securing ‘once,’ at the origin, having reliable partners and use of existing programs. The final focus is on technology and training.
The screening of air cargo is significantly more complicated than baggage – passenger bags are transported to security, prepare for security, with simple, density, definitive single commodity security clearing. Cargo is the complete opposite.
Ben DeCosta opened up the issue of Duty Free, liquors, and perfumes so that individuals are better able to buy and transport these items, without losing them at screening checkpoints. Halinski said that the EU has established 4 different types of technologies, from the most intrusive (open the bottle and pass a test-strip into it), to technology that allows you to keep your bottle(s) in the bag. However, he pointed out that airports tend to buy the cheapest technology, rather than the most effective.
TSA’s response to the duty free and LAGS issue is to conduct pilot-programs and see what works.
Gefen was asked about his impression of U.S. TSO’s – he adroitly deflected the question, “I’m not in a position to criticize the TSA.” However, DeCosta followed up by asking how Israel manages to do the security process and not only provide customer service, but make the passenger feel safe (something the U.S. TSA has been criticized for in the past).
Gefen responded that not everyone has to go through the exact same process but that it looks like everyone goes through the same process – not everyone takes off their shoes, but only a few selected people. However, they are moving to a single technology system that will check everyone the same, but (apparently) retain the risk based processes that are currently in use. (Author’s Note: language barriers here prevented a clear understanding of where Israel is going in the future of screening).
###
Aviation Security Summit General Session IV
2011 December 12 by leadingedgestrategies
Aviation Security Summit General Session IV
GAO’s Perspectives on Transportation Security
Sarah Pilli, Manager, Transportation Security Policy, AAAE
Stephen Lord, Director, Homeland Security & Justice Issues, GAO
(written in real-time during the session – please forgive grammatical and structure errors – comments are paraphrased, unless enclosed in quotes) (GAO-11-238T)
GAO Reports for this year:
Harmonizing U.S. International Aviation Security Standards (Dec 2, 2010)
TSA’s Behavior Detection Program (SPOT) April 6, 2011 (GAO 11-461T)
Setting Checked Baggage Explosive Detection Requirements (GAO-11-740), July 11, 2011
Airport Perimeter and Access Control (GAO-11-938T), Sep 16, 2011
TSA’s Foreign Airport Assessment (GAO-12-163), Oct 21, 2011
TSA Information Sharing – Awareness and usefulness of Disseminated information (GAO-12-44) Nov 21, 2011
TSA’s Transportation Worker Security Threat Assessments, (GAO-12-60), Dec 8, 2011
GAO is currently working on:
Currently looking at General Aviation – Alien Vetting at U.S. Flight Schools
Screening Partnership Program comparison of private and federal screening performance
Screening of inbound air cargo (looking at TSA’s mandate on screening 100% of cargo)
AIT program
Canine Certification and Training (assess the process of certifying dogs)
Future work:
TWIC access control technologies
TSA Behavior Detection (SPOT II)
TSI Workforce, how deployed and utilized
Risk-based screening
Bomb Appraisal Officer
Air cargo explosives detection technologies
Questions
Portland: questions on the future of the use of canines at airports – both the issue of TSA’s proprietary teams, and the canine teams that are used by airport law enforcement.
The industry issue here is that the previous model for canine use at airports, was that the airport provided local police, who were sent to training with the FAA and issued an explosive detecting K-9. In the late 2000′s, TSA begin training and deploying their own canine explosive detection teams, in addition to the airport teams. Some airport operators feel that this has created overlap of responsibility and span of control and caused confusion.
It seems that GAO’s report will focus more on the effectiveness on canine teams, rather the responsibility and control.
###
Aviation Security Summit General Session III continued
2011 December 12 by leadingedgestrategies
Aviation Security Summit General Session III
Security Technology Development and Deployment
Colleen Chamberlin, Staff VP Transportation Security Policy, AAAE
Peter Kant, VP, Global Government Affairs, Rapiscan
Edward Olin, Senior Manager, Program Management, Homeland Security Solutions, Raytheon Technical Services Company, LLC
Moninder Birdi, President, Birdi & Associates Inc.
(written in real-time during the session – please forgive grammatical and structure errors – comments are paraphrased, unless enclosed in quotes)
Peter Kant: the focus post 9/11 was to roll out equipment that met legislative mandates, view technologies as discrete applications, meet detection certification and create funding processes. Post 9/11, it was about how fast can we get anything that meets the bare minimum out. Now, the next question is, what is the next question?
Can you create a risk based model?
Current statue: systems view, greater integration of technology; update certification standards, global harmonization of standards, introduction of operating standard PGDS and Checkpoint Design Guide and more focus on operational suitability and effectiveness.
Kant pointed out to a key problem within the industry, is that U.S. screening technologies in the U.S. is similar to those machines used in many other countries, however we rescreen everyone when the move from one airport to another.
Future –
Risk Based Screening – focus on merging multiple technologies, building the ability to assess risk and provide the appropriate level of screening: passenger, baggage and cargo, improve cost and efficiencies while meeting regulatory standards, compatible and sustainable.
Security Manufacturers Coalition – working together to meet future detection and inspection needs, to create a single type of process for the passenger, but allow varying levels of security for the regulator.
_____
Edward Olin gave a presentation on how airports and airlines can better facilitate the installation of explosive detection systems.
Monider Birdi gave a presentation on how to develop an Airport Security Program using his experience at Los Angeles International Airport.
– the most secure airport in the world has no airplanes, or passenger – the most operational efficient airport in the world has no security -
Aviation Security Summit General Session III
2011 December 12 by leadingedgestrategies
Aviation Security Summit General Session III
Innovative Approaches to Security Infrastructure
Carter Morris, SVP Transportation Security Policy, AAAE
The Honorable Michael Jackson
(written in real-time during the session – please forgive grammatical and structure errors – comments are paraphrased, unless enclosed in quotes)
Jackson, formerly of the TSA, believes that TSA needs to think and do differently, the way they acquire and use technology. The problem is not in technology, but in how it deals with the private sector. “The fundamental question, needs to be asked, is what is inherently governmental and what is not.”
Jackson discussed a proposal to streamline the federal procurement process.
Jackson was part of building the TSA over 10 years ago – Carter Morris asks his impressions ten years later and how much of his initial vision are still online.
A: Jackson believes the focus on risk is a move forward, but remains worried that we let our ambition, pushes us into a “magic wand,” situation, where the industry believes it’s the solution to a complex problem. The key is ensuring that the person that presents themselves to you is the person who they say they are. What’s known as “pre-check” today, Jackson said was an initiative he went to Congress with several times without success.
It’s frustrating to think that we give a shakedown to “little old ladies,” but if we tell everyone that we’re not going to screen little old ladies, that’s exactly where you’ll find the next bomb.
Jackson also encouraged a review of the rules and processes, that may no longer be necessary due to newer technologies.
Av_Security on Twitter
- #TSA continues to battle recent accusations of inappropriate screening at Dallas/Ft. Worth airport. http://t.co/y2nqNkIz #aviation #security
