It is ironic that today’s topic may relate directly to the shootings at the Washington Navy Yard. If passenger screening is the front door, then airport access control and credentialing programs represent the back door to the aviation security system. From initial reports coming out of Washington today shows that the shooter may have used someone else’s identification badge to access the facility.
I would equate the pre vs. post 9/11 access control and credentialing systems like a football player with pads – since 9/11 we’ve added extra protection but we’re still largely playing without a helmet.
The airport operator handles the majority of the access control systems at an airport. The airport operator is also the major issuer of airport identification credentials, followed by the aircraft operator. Known commonly as the Airport Identification Badge (or just Airport ID Badge) this credential allows an individual who works at an airport to access gates and doors, and authorizes them to be present in certain security areas.
The airline (i.e. aircraft operator) can also conduct background checks and issue airline credentials, but these rarely allow access at an airport. They are identification that allows pilots and crewmembers to access certain security areas but they may have to use airport PIN-encoded systems or have the gate agent let them out onto the tarmac. For this post, we’ll focus on the airport access control and credentialing systems.
ACCESS CONTROL SYSTEMS
Prior to 9/11, airport access control systems were rather complex in nature with the ability to allow access to an authorized individual, deny access to unauthorized individuals and differentiate access (i.e. an employee from one airline doesn’t have access to the doors or gates for another airline). Many airport access control systems were based on card-swipe readers (like the credit card readers at a cash register). The system was updated when new employees were added and their access could be immediately deactivated. However, the majority of the airport systems were not tied to a biometric so someone could loan their badge to another individual (or have it stolen) and could access the airfield.
Post 9/11, the systems are largely the same but many are now RFID or proximity card based, which reduces maintenance issues and extends the life of the hardware. However, the Aviation and Transportation Security Act of 2001 fell short when it came to biometrics. Biometrics are still not required to be part of an airport access control system. While loaning the airport ID badge is considered the unforgivable sin at an airport and may result in the revocation of the badge (and thus the termination of the employee from their job), it still doesn’t prevent someone else from using the ID. I feel this is an area that needs to be corrected – it’s bad enough that of the hundreds of thousands of employees in the aviation system, some are corruptible but with our technological capabilities it only makes sense that an access control system ensure that the person using the credential is actually that person.
The TSA has come out with a qualified products list for biometrics but with few exceptions, the majority of US commercial airports still do not implement biometrics in their access control systems.
CREDENTIALING
Prior to 9/11, all employees who received an airport ID badge were required to undergo an Access Investigation, which required the individual to provide 10 years of employment history – the most recent 5 years was verified by the airport operator and any significant gaps in employment would trigger the full Criminal History Record Check.
To this day, I’m not entirely sure how having a job for the past five years relates to you not being a criminal or terrorist.
The CHRC as it is known, requires the individuals fingerprints to be taken and sent to the FBI. Pre 9/11, this was done “old school,” with fingerprint cards and U.S. Mail to the Office of Personnel Management, then to the FBI, then back to the airport operator. It was a lengthy process that could take up to three months. Considering nearly 97-percent of the airport employee population could pass the Access Investigation, leaving only about 3-percent to have to undergo the CHRC, many employers just hired individuals who could clear the AI.
The CHRC provides the criminal history of an individual to the Airport Security Coordinator (ASC), who in turn determines if the individual has been found guilty (or not guilty by reason of insanity) of any of 28 disqualifying offenses, within the last 10 years. If they have, then no badge for them. If they were convicted more than 10 years ago, then theoretically yes, they are allowed to have an airport ID badge, but many ASC’s write into their Airport Security Program that they have the authority not to issue if the offense occurred beyond the 10 years.
Shortly before 9/11, legislation would have required all airport new employees to undergo the CHRC with current employees being “grandfathered,” in. Computer technology finally caught up with the FBI so electronic fingerprint submissions could finally be accepted. Before the legislation was implemented, 9/11 happened and ATSA 2001 required ALL employees to undergo the CHRC.
In 2008, the TSA begin requiring all employees to also undergo a Security Threat Assessment in addition to the CHRC. The TSA will not say what the STA encompasses but from public statements, previously published materials and logical deduction, the STA pings on numerous government databases to see if anyone is interested in the fact that a particular individual is applying for access to an airport.
Unfortunately, where credentialing still falls short is the fact that there is not a requirement to renew the CHRC once the employee has passed it. The regulations call for the badge holder to self report if they are subsequently convicted of one of the 28 (yea, I’m sure that’s going to be their first phone call after their arraignment) and to surrender their ID badge. The company manager (known as the Authorized Signatory in TSA parlance) whom the individual works for is also supposed to report any change in status of their employees and also obtain any airport ID badges from individuals who are no longer employed at the company or no longer need airport access.
The airport is required to keep 95-percent accountability of all issued identification or else be forced by re-issue badges to the entire population. This keeps ASC’s on their toes chasing down unreturned badges because while the badge can be cancelled from the access control system, it is still “visually valid,” (meaning it looks valid to anyone viewing it) until the after its expiration date. There are hundreds of visually valid ID’s floating around – biometrics would reduce this risk.
So are we safer? Well, a bit. The credentialing layer is much better than pre 9/11 simply by requiring all employees to undergo the CHRC, and now the STA. But, until biometrics are incorporated into access control systems, there will still be a gaping vulnerability for anyone to obtain someone else’s ID badge and access the security areas of an airport or even an aircraft. Just like what may have happened at the Washington Navy Yard.