The challenge with aviation security in the past several years is it’s tendency to become a huge game of whack-a-mole. Every time one threat is identified, we turn all our resources to hitting that one, then another one pops up. What we need are comprehensive solutions that improve the “system,” and that continue to improve the system as threats change – then maybe Congress stop passing single-solution legislation. Will the Gerardo Hernandez Airport Security Act do that, or are we just hitting another mole on the head?
On September 16, the House of Representatives gave final approval to H.R. 720, the Gerardo Hernandez Airport Security Act (named after the TSO killed in the line-of-duty at LAX), which requires TSA to monitor and verify airport response plans for active-shooter situations and other dangerous incidents. Sounds good right? Let’s see.
First, airports are already required to have security incident plans, but only bomb threats, hijackings, or “unlawful acts of interference” are specified. Active shooter isn’t specifically mentioned in the existing regulations, but based on past history and inferences in TSA guidance which says that risks should be assessed and responses developed for identified threats, every airport operator should have an active shooter incident management plan in their Airport Security Program. Congress should not have had to tell them to do it. Many airports did implement them about 2-3 years ago on their own, but there aren’t standards place for what constitutes “preparedness” for an active shooter at an airport.
Next, the bill directs TSA to:
Airport Response Plan Reviews
- Conduct outreach to all U.S. airports at which the TSA performs, or oversees the implementation and performance of, security measures.
- Give necessary technical assistance to verify that such airports have in place individualized working plans for responding to security incidents inside the airport perimeter, including active shooters, acts of terrorism, and incidents that target passenger-screening checkpoints.
- Report to Congress on the outreach findings, including an analysis of the level of preparedness such airports have to respond to such incidents.
To the first bullet point, several months ago, TSA directed airports to hold active shooter drills and to so within 30 days. That’s impractical. Effective drills take time to put together. Yes, it CAN be done, but do you want it done right or just have everyone go through the motions so you can say that it’s done? I’m also wary of the term “conduct outreach.” I want to clarify – “outreach” doesn’t mean issuing directives (overtly or covertly) to airport operators to “jump,” so the regulators can measure how high. Outreach means going to airport operators and saying, ‘here’s what the problem seems to be, what do you think? And, what can WE, by working together, industry and regulator, do about it? Let’s hope outreach actually means outreach.
To the second bullet point, Airport Security Coordinators are pretty much the experts at perimeter security, since it’s their mainstay, but not everyone takes it as seriously as they should. We’ve had too many fence jumpers in the past couple of years. Do we need better training (which I’m always for) of personnel on the airfield to spot suspicious individuals? It’s already a requirement but is it being tested? Trained properly? Re-trained as needed? What about other options? Are more police and security officers needed to patrol the airfield? Security officers are a low cost option to increase the eyes and ears on the airfield, but is that the solution? The National Safe Skies Alliance has been focusing on Perimeter Intrusion Detection Systems (PIDS) to see what works and what doesn’t, but is that what we need? The answer to all of these questions is – maybe. I think an airport-by-airport assessment is valid though to determine the best methods of improving airfield security – in some cases, that’s going to be PIDS, while in others, it may be increased patrols, or better training and re-training, and testing, of individuals on the airfield to spot unauthorized personnel. Which would should you do or what combination – read on . . .
Bullet three – let’s just hope airports are given time to develop these responses. Look, you can get it good, fast or cheap – pick two, but you don’t get all three. Let’s make sure it’s cost-effective for airports and that it’s above all, GOOD!
Airport Incident Management and Training
- Identify best practices that exist across airports for security incident planning, management, and training.
Establish a mechanism through which to share those best practices with other airport operators nationwide.
There is ALREADY a system in place to do this. It’s called SECURITY MANAGEMENT SYSTEMS (SeMS), the sibling to Safety Management Systems, and already in use throughout the world. The only thing the FAA has been slower in moving forward than UAV regulations is getting Safety Management Systems to airports. But, at least they are moving in a forward direction. SeMS isn’t anywhere near where it needs to be here in the US in the security conversation. Haven’t heard TSA talking about it. Haven’t seen it as a topic at conferences. And with the exception of a few airports, such as San Antonio that has incredibly progressive management, I haven’t seen the airport industry grab on to a process that ICAO and IATA have already been implementing.
SeMS focuses on assessing the risks, putting the money where the risks are, instead of chasing whatever Congress or the media’s flavor of the week is; SeMS implements quality control to measure the effectiveness of the security measures, and builds a culture of security. BUT, the key to SeMS is engaging everyone in security, not a regulatory official just issuing unreasonable fiats so they can report back to HQ that the box has been officially checked.
TSA Employee Training
- Certify annually to Congress that all screening personnel have participated in practical training exercises for active shooter scenarios.
- Analyze for those same committees how TSA can use cost savings achieved through efficiencies to increase over the next five fiscal years the funding available for checkpoint screening law enforcement support reimbursable agreements.
Okay, so here’s where SeMS can help – AGAIN! First, some background. When TSA issued active shooter guidance after the November LAX shooting, the guidance pretty much just focused on what TSA personnel should do – what about the rest of the airport? This has long been the problem is that TSA often forgets that the screening workforce is only one part of the entire security system. It is the regulatory responsibility of the AIRPORT operator to have a law enforcement response. What TSA TSO’s should do in an active shooter is run-hide-fight (see City of Houston’s excellent film on this). Again, Safe Skies came up with a solution and engaged the Emergency Film Group to put together some excellent active shooter training for airports. I’ve used EFGs materials to train other programs, and they did a really good job here.
Here’s the ultimate kicker – when the bad day happens it won’t be the regulatory agency in court. It’s going to be the airport operator.
Now, what needs to happen is a comprehensive solution to airport incidents – that engages all stakeholders, not just TSA. SeMS can AGAIN help with this – building a safety culture, training, training and training, exercises, putting plans together that involve all the agencies on an airport, instead of just one – the key is this folks, we need to be on the same team here and work together to identify the problems, and the solutions. It’s time to stop playing whack a mole when it comes to airport security, but soon, we’re going to miss one and then it’s game over.