AAAE 9th Annual Aviation Security Summit
by Jeff Price
So what do the industry leaders have to say about the future of aviation security?
Let me start out by saying that everyone wants to work cooperatively, to build partnerships on an intelligence-driven–risk-based-assessment approach to reduce the size of the haystack because at the end of the day it’s all about security.
If that sounds like a convoluted sentence, it is. But, those were the terms that we heard over and over again. I might also add that those are the same terms we hear just about every year. Other recurring themes, that recurred again this year, included the usual “let’s focus on bad people not bad things,” which in the real world ends up meaning – “throw more technology at everything.”
The Opening Session
There were a few patterns that may give us some clues about the shape of things to come. Leading off the sessions this year was newly appointed TSA Administrator John Pistole and Customs and Border Protection Commissioner Alan Birsin. Pistole, as you know, made his big splash on the TSA scene with the enhanced pat downs and roll out of the body imagers. To be fair, the body imaging technology started deployment back in 2004 in various pilot programs and the pat downs have been around for many years, but only recently have they gotten so, well, intimate.
Pistole defended his decision to roll out the enhanced pat downs with hardly any public announcement by saying that he did not want to alert the bad guys to our vulnerabilities.
“In seeing the existing threats, we needed to be doing more than what we are doing,” said Pistole. “We could have altered the public but my concern is that as we educated the American public we’d be educating the terrorists about our vulnerabilities.”
Pistole recently visited Yemen, where the recent attempt at bombing aircraft originated, with just a $4,200 investment on the part of al-Qaeda in the Middle East. He did not leave with a high level of confidence about their security screening. Pistole stated that there continue to be individuals that are already here in the U.S. that want to commit acts of terror. “It’s not just an over there versus over here issue.”
Back in the U.S. one of the options that security experts have promoted for years is the Israeli model of proactive profiling — determining the level of physical screening for each individuals based on an individual threat assessment. The first attempt at this model was part of the Aviation and Transportation Security Act of 2001, called Trusted Traveler. The concept, as outlined in the legislation was a program where volunteers submitted to very thorough background checks and biometrics, in trade for lesser screening at the checkpoint. At the time, the newly formed TSA quickly tossed out the term “trusted” and changed it to “registered,” and the program was defanged to the point where it became only a front-of-the-line pass for those in the program.
TSA also stated at the time that the Registered Traveler program would never be lesser screening, which flew directly in the face of both the legislation and the proven concept of profiling passengers to determine risk. However, it now looks like the program may be gaining momentum. At least Customs and Border Protection is on board with this risk based approach.
“We need your help in promoting trusted traveler programs,” said Customs Commissioner Alan Bersin. Currently, CBP’s Global Entry Program is one working model of an approach that recognizes that 99% of passengers and cargo critical to the U.S. economy are not a threat.
Bersin recognized that challenge of trusted traveler programs is that American’s don’t like to share information with their government. “It’s built into our DNA,” said Bersin. “We need to rethink that bargain. We will share information if (the government) will maintain the information in confidence and use it for the purpose in which it was solicited, and it will help facilitate our movement through not only the airport, but other waits with governmental processing; one could imagine one system that identifies you to all governmental agencies.”
Pistole seemed to be on board at least conceptually with a true trusted traveler program, saying that one of the top priorities in the DHS re-organization is to look at what makes sense in terms of trusted traveler, in terms of the passenger not to be exempt from screening and what makes sense for airports, airlines and the free flow of passengers and goods.
“We’re interested in the success of CBP and what we can learn,” Pistole said. He also noted that some of these considerations were behind the recent decision to exempt pilots from additional screening measures. However, Reno International Airport Director Krys Bart asked Pistole when additional screening exemptions will be forthcoming for airport personnel, who have access to the security areas through the airport’s access control system, but when they enter through the screening checkpoints, they are required to undergo screening. Pistole responded that there are others in the industry who believe that airport employees should go through screening every time they access the airfield and it’s a difficult issues to solve.
While TSA continues it’s chin scratching about whether trusted traveler programs will work, Pistole did point out that in the case of the recent air cargo bomb threat from Yemen, the intelligence layer did work. Al Qaeda’s English publication of Inspire magazine, their propaganda tool, recently went into great detail about how the devices were created in the computer printers and how they were cleaned so that K-9 and explosive trace detection and physical inspection could not pick up on them. Inspire’s articles also lauded the fact that the attack cost Al Qaeda $4,200 however the response by the U.S. and the world to the threat is costing billions.
He also explained why there was an immediate ban on shipping printer cartridges after the threats were discovered. “If you’re going to make two, why not make six or eight or 10?” Pistole said, inferring that the TSA made the decision based on possible additional intelligence that said other similar bombs were already constructed and in the system.
Pistole confirmed that Al Qaeda’s goal is to cause economic harm to the United States.
Customs Commissioners Bersin noted that we would not have been able to detect the cargo bombs if we had not received the intelligence tip from Saudi Arabia. Pistole said that he has less confidence in the international cargo security systems than he does about the U.S. cargo system. ICAO and IATA are among several groups currently working on upping international cargo screening standards.
The Leadership Roundtable
Next was TSA’s Leadership Roundtable, featuring John Sammon, Asst., Administrator, TSNM, Doug Hofsass, Deputy Asst. Administrator, TSNM, Robin Kane, Asst., Administrator, Security Technology, Lee Kair, Asst. Administrator, Security Operations, with AAAE’s Carter Morris, SVP, Transportation Security Policy, facilitating.
Despite all the earlier discussions of trusted traveler and behavior recognition programs, this session focused almost entirely on technology. AAAE’s Carter Morris noted that with the deployment of the AIT’s it represents the most technology into the checkpoints since 2002.
Robin Kane said that TSA is on track to complete it’s deployment of 500 Advanced Image Technology machines (the body imagers) before the end of 2010 and are also on schedule for an additional 500 to be deployed in 2011. Some airport officials criticized TSA’s deployment for both a lack of communication and a lack of accurately addressing the requirements of the AIT’s, in terms of space and power requirements. Mike Keegan from the Minneapolis/St. Paul Airport thanked Kane for the AIT’s but not for the power requirements, which were much higher than what the airport officials were told by TSA.
Overall, there were several comments about TSA personnel at airports throughout the U.S. drilling holes in the floor of checkpoints and making other changes without communicating with airport personnel. TSA officials at the conference promised better communications.
Centennial Airport Director Robert Olislagers asked about the deployment of the Automatic Threat Recognition (ATR) technology that will eliminate the actual x-ray image of a person and replace it with a stick figure outline that highlights suspected threat items. Olislagers noted that he recently went through Amsterdam/Schipol airport where the technology is already in place.
Kane stated that the technology in Amsterdam experiences a 70-80% nuisance alarm rate, which is not considered operationally feasible nor desirable for the TSA. Kane did note that they have worked with the manufacturers on stricter requirements and are working on better algorithms to reduce the false alarm rates and make them ready for U.S. deployment.
Another “failure to communicate,” is with the TSA’s new Tactical Response Plans, which requires local TSA personnel to generate contingency plans based on scenarios. However, these plans aren’t always shared with airport officials or local law enforcement officers, nor are the plans coordinated with the Airport Security Program contingency or incident management plans. Lee Kair said he wants Federal Security Directors working with Airport Security Coordinators, the FBI and the airport security consortia to make sure the plans are better coordinated.
And one more failure to communicate popped up with the Screening Partnership Program (aka Opt-Out), where the State of Montana has four airports that have had applications in for contract screeners to replace the TSA personnel for over a year. Kair responded that the applications have been on hold until the new Administrator has had an opportunity to review the program and they hope to have a resolution shortly.
TSA says that the airlines have also contributed to delay at screening checkpoints with their checked baggage fees. The fees have driven up the numbers of bags that passengers carry-on, thus increasing the total number of images per passenger. Additionally, passengers bags are more cluttered making it harder to discern their contents.
“The biggest challenge we’re running into is the public’s behavior with the “turtle” bags,” noted Kair referencing what TSA calls carry on bags that are overstuffed and form a turtle shell on top. “There are more images per passenger and that’s the largest challenge we have for security.”
Screening Technology
Attempting to solve some of these problems was the Security Technology Development and Deployment presentation, facilitated by Mark Crosby, A.A.E. Chief of Public Safety and Security for Portland International Airport.
“The passenger knowing what to do is the most important element to the speed of the screening process,” noted, Peter Kant, VP, Global Government Affairs for Rapiscan Systems, one of the major technology providers for screening equipment.
This opinion was reinforced by Ellen Howe, Director of Business Development – TSA for L-3 Communications Security & Detection Systems, noting that most false alarms at the checkpoint are due to people not properly divesting.
The Large Aircraft Security Program
The Large Aircraft Security Program, rule-making for general aviation aircraft and airports is set to again make a public debut. The previous NPRM received over 10,000 comments and was so poorly conceived that it was pulled off the table. TSA decided to include industry comment during the formation of the 2nd version rather than doing it on their own.
John Sammons said that the rule-making is coming out soon, but it’s focused on the best practices, is risk-based and airplane centric, rather than putting up fences at every general aviation runway in the country. Sammons says the focus is on general aviation aircraft that go into and out of commercial service airports.
Robert Olislagers noted the differences in general aviation versus commercial service operations, saying, “we know 99% of our clients, we are very asymmetric, we don’t have public schedules or public arrivals, we are a moving target to hone in on.”
Some Interesting Quotes and Issues
“Security cannot bring business to a standstill,” Ann Zipser, Director of Global Policies & Programs, TSA. (This was nice to hear — TSA acknowledging that you cannot kill aviation while trying to protect)
In speaking to air cargo security, which is a $50 billion dollar a year business, Tim Figures, Acting Director of Transport Security and Contingencies Directorate, U.K. Department of Transport, “(they) need the opportunity to get their devices into the system at the weakest point…the challenge is that attacks have a low likelihood but a high impact.” (Figures hits the nail on the head here and reinforces the point that we must concentrate on each layer of security)
Joram Bobasch, Executive Vice President ICTS Europe Holdings, in an always entertaining and informative presentation noted that the aviation industry serves 3.3 billion people, but only gives ‘the perception of service.’ He criticized TSA for happily saying that wait times were below 30 minutes, whereas many people would never wait 30 minutes for many things, like getting a cup of coffee or waiting for a table in a restaurant. Bobasch presented a queue management system that filters individuals into 3 lanes based on an individual risk assessment.
The industry issue of where actual screening begins was brought up during the Airport Security Operations and Law Enforcement presentation featuring Francine Kerner, Chief Counsel for TSA, and Duane McGray, Executive Director of the Airport Law Enforcement Agencies Network. This is a growing challenge for the industry as it involves Fourth Amendment issues of search and seizure.
Airport police officers throughout the country are having issues with TSA finding prohibited items in checkpoint queue lines, and in public terminals. The Administrative Search clause to the Fourth Amendment says that there must be a clear point designated where the administrative screening process begins. The TSA has decided that wherever they post a sign is where the process begins. However, airport police officers and their local district attorney’s are not so certain of this definition and are still refusing in many cases to conduct searches or detain individuals. I guess the “because I said so,” argument doesn’t work so well with TSA either.
From a legislative perspective, several Congressional staffers were on hand to try to provide some clues about what will be important in the next session. Based on their comments look for:
- A DHS reauthorization bill that will continue to address air cargo security, but also address a greater role of intelligence in counterterrorism
- More emphasis on expanding the registered traveler program, which is apparently supported by both side of Congress
- More emphasis on the screening partnership program
And a final issue, that comes up at every security summit is TSA’s use of Security Directives to take the place of actual rulemaking.
Reno’s Krys Bart again challenged TSA’s decisions to do no outreach to airports on the pat-down procedures before the fact and requested that TSA look at some sort of expedited rule making process, rather than misusing Security Directives
Congressional staffers his behind their usual defense by saying that they didn’t want to hinder TSA’s flexibility in responding to threats. This is an old argument with airport officials also not wanting to hinder TSA’s flexibility, but also not wanting TSA to abuse the SD process in order to avoid the longer and more difficult (but also more thorough and intelligent) process of amendments or formal rule making. The vast majority of SD’s in fact do not address specific threats, but are mainly used to finesse certain administrative procedures. I think the industry can count on SD’s continuing to be used to both address threats (what they are supposed to do), and to make rule changes in order to circumvent the NPRM or Amendment process
So, at the end of this day, everyone talked about the same things they’ve talked about since 9/11, except we didn’t hear the term “new-normal,” anymore. Everyone wants to work cooperatively, build partnerships, and reduce the size of the haystack, by using more personal contact and less technology. Maybe Pistole will be the one that actually follows this formula.
Commentary on the Security Summit:
I’ve attended the security summit just about every year since they started. Every year we hear the same things, but every year we do just the opposite. The profiling is lauded, then we get more technology into the airports. Congress promotes more private screening and registered traveler, and so far, past TSA Administrators have put both programs on either slow tracks or just outright derailed them.
Now that Customs is seeing success with their Global Entry Program and Congressional pressure on TSA continues, particularly in light of the ‘don’t touch my junk,’ body imaging and pat down controversies, perhaps 2011 will see be the year where we see a true passenger profiling program. A program that begins with the booking of the ticket, which kicks off a risk assessment process, that continues to the screening checkpoint.
Along with this, would also be a good look at employee screening. A similar risk assessment and background check program could be used to make reasonable determinations of risk with additional personnel going through physical screening and others, who require it by their job function, bypassing the checkpoints through approved access points.
Don’t look for the airlines to get rid of their checked bag fees — ever. That’s a tax-free cash cow that will not be going away. Instead, TSA and the industry should focus on changing their procedures to fit passenger travel habits, rather than trying to change the travel habits. For frequent flyers, we can move and adjust — our behavior can be modified. However, for the traveling public that once or twice a year jumps on a plane to head to Disney World’s or Aunt Edna’s for Thanksgiving, which make up the majority of the passenger traffic, we need to work on a system that better accommodates them.
Finally, the issue of where screening begins vs., airport police response needs a better solution than TSA saying “because I said so.” We need some judicial guidance here. This also brings to light the perennial issue of TSA working with the airport operator on security issues. I’ve personally seen the strides TSA has made in achieving a better understanding of airport management issues so I believe things are going the right direction. However, I hope that these attempts to actually cooperate will reach to the Administrator and senior staff ranks.
