The Truth about Airline Security
The size of the system is the reason everything the public and policymakers “think” should work in airline security doesn’t, and the reason our entire approach to airline security is almost completely ineffective against a threat like Al Qaeda. More importantly, it is the reason security almost always fails when tested by covert testers, innocent civilians and, occasionally, persons with intent.
At this moment, there are roughly 5000 commercial airliners in the skies above you. There will be some 28,000 flights today, and 850,000 in the next month — every month. 700 million passengers will pass through airline security this year -- an amount roughly equivalent to the number of breaths you will take in your lifetime.
These passengers will enter “the system,” each at a single lane, of a single concourse, at any of 561 airports around the country. Roughly 400 of them are virtual cities unto themselves, employing thousands of skilled and unskilled workers who pass, unscreened, in and out of employee entrances -- and providing routine and ongoing access to hundreds of catering and service vehicles, through miles of restricted airport perimeters.
The security strategy we use to protect this incomprehensibly large system was designed 40 years ago to deter rank amateurs from carrying guns onto airplanes to hijack them to Cuba. The threat we face today is anything but amateur. Al Qaeda is smart, patient, extraordinarily motivated, well-funded, and, above all, suicidal. There is presently no widely-deployable technology that has a significant chance of keeping such a well-prepared enemy out of such an impossibly large system every time – even most times.
And the data bears this out, confirming prolific failures across all access points to our airliners:
In 2000, federal investigators agents using fake law enforcement identification created using software and information downloaded from the Internet presented themselves as armed law enforcement officers at various Federal buildings, as well as two commercial airports. The investigators were 100 percent successful in penetrating each site and were waved around all airline security at the airports, then issued boarding passes for commercial flights. A copy of the GAO report on this penetration test was later found in an Al Qaeda cave in Afghanistan.
There have been at least three organized “rings” of airport employees arrested since 9/11: One for large-scale theft from passengers’ bags, and two for putting illicit guns and drugs onboard aircraft. The only reason these events did not result in a successful terror attack is because the bad guys were thieves and smugglers, not terrorists. TSA now promises random, but not mandatory inspections of employees. The system is again, simply too large for such inspections to produce meaningful results.
Passenger screening checkpoints are no less porous. The American Airlines shoebomber passed through screening not once, but twice, wearing explosive-laden shoes, and was not detected despite being detained and questioned for hours within a month after intelligence warned of potential shoebombers; an untrained Maryland college student doing his own “personal testing” of airline security successfully planted simulated weapons and explosives on multiple commercial airliners several years ago. He was successful every time he tried -- and in some cases, the weapons were not detected for weeks.
Perhaps most damning, two recent classified TSA reports leaked to the public, confirm TSA screeners at multiple airports, failed to detect more than 90 percent of hidden weapons concealed by testers. This failure rate is nearly identical to that confirmed by a former FAA Red Team leader in covert penetration tests before 9/11. And these failures do not even consider an entire class of nearly undetectable weapons, like carbon knives and liquid explosives.
Folks, if an overwhelming mountain of formal and informal data confirms despite years of work and billions spent, countless congressional hearings, and an ever-increasing latitude to encroach on an innocent traveling public’s civil rights, that we cannot keep bad people or bad things off of our airliners, then it is very clear that a strategic change in the way we approach airline security is needed: Instead of relying on prevention, we must defend our airliners against the attacks that will almost certainly get onboard.
But, we cannot defend 850,000 flights per month using air marshals. To put a team of air marshals on each commercial airline flight would cost $13 billion a year and take a force the size of the United States Coast Guard. It will never happen. We simply don’t have the resources. The latest CNN report, which pilots and air marshals confirm (and which a Federal Air Marshal Service spokesman predictably denies) suggests the number of air marshals is now sufficient to protect fewer than 1% of our commercial flights. One percent. This extraordinarily low coverage level costs $700 million per year! And tripling the size of the air marshal force will make no difference – the system is just too big!
The only fiscally realistic method for hardening the airliner from an attack that has a high likelihood of getting onboard then, is to use the resources already in place. This is why APSA led the fight to give flight crews the critical training, resources and information to serve as what they unwittingly had become -- the First Responders in the Air – and often the only resource immediately available to defend against a terror attack. Where the air marshal contingent could protect only the smallest fraction of flights at a cost of nearly $700 million a year, a large number of federal flight deck officers (FFDO) could protect 100% of our flights, for less than $15 million a year.
Unfortunately, despite overwhelming and bipartisan congressional mandates for TSA to create a streamlined and urgent program to deploy large numbers of volunteer pilots as federal flight deck officers, a recalcitrant TSA instead used its discretion to obstruct the access of pilots to the program and discourage them from volunteering by implementing layer upon layer of unprecedented and nonstandard applications and operational protocols. One example, requiring FFDOs to carry weapons “off-body,” requires removing the gun tens of times a month and increases the chance of loss, theft and accidental discharge.
Today, while several thousand pilots now serve effectively and conscientiously as FFDOs in spite of the obstacles, the great majority of previously enthusiastic pilots find TSA’s implementation of the program unpalatable. Almost 2/3 of our nation’s pilots -- a resource of nearly 50,000 potential FFDOs -- now refuse to volunteer. And the FFDO program – the only program which can capably defend our entire fleet from terrorist attack -- today protects only a small fraction of flights.
Hardening the targets is not only about providing a defensive capability, it is about giving our airborne first responders the information they need to interpret what is happening. But, the last TSA threat advisory provided to flight crews was issued years ago. While critical information continues to circulate to law enforcement and ground personnel, it is now almost never shared with air crew, who are generally regarded as members of the general public instead of critical assets in the war against radical Islam.
When Richard Reid attempted to detonate his explosive laden shoes aboard an American airlines flight over the Atlantic Ocean several years ago, the flight’s captain had not received a bulletin about potential shoe bombs circulated among airport security and law enforcement a month earlier. As a result, he made the decision to store the confiscated shoes, not in the designated bomb area on the aircraft, but in the cockpit – because he didn’t know what they were.
Some months ago, a critical threat bulletin was issued to airline ground security coordinators, as well as circulated among TSA and law enforcement. Its subject matter concerned information relevant to airborne aircraft. Unfortunately, it was not distributed to flight crew and not only am I prohibited from discussing its content here, I am not allowed to share it with my crew when I fly the day after tomorrow.
It simply shouldn’t be this way.
Policy changes that encourage flight and cabin crews to come forward as critical resources for airline threats by removing bureaucratic obstructions is absolutely crucial. Every airliner’s crew should have the information, resources and training to deal effectively with a terrorist attack, just as we do fires and other threats.
Layer upon layer of new and more intrusive security, reacting to the latest “just-discovered threat” cannot be the default response as time goes on. Focusing on defending the targets, and smarter, more selective passenger screening, as well as research and investment into less intrusive standoff screening and behavioral profiling, advantages not only the security of the traveling public -- it dovetails nicely into the revenue objectives of the airline industry by not alienating the very passengers the industry needs to remain robust. And it addresses the civil rights concerns of passengers who feel unnecessarily violated by the screening requirement.
I am greatly concerned, however, that we may have little time before we are shown demonstrably, how woefully unprepared we are for new attacks on our country, and our bureaucrats rush to the microphones to tell us how they can’t be everywhere at once. It was 8 ½ years from the first attack on the World Trade Center to the second. It has been six-and-a-half since then.
The incidents I am familiar with cause me to believe with absolute certainty that Al Qaeda is actively gathering intelligence and strategizing for new airline attacks within the United States. The probes are real. Intelligence gathering is taking place in our airports and on our airplanes on a continuing basis. The bad guys are not dissuaded by anything we are doing in airline security. And they long ago figured out everything I am writing here.
In the absence of time to reinvent the system, it falls to Congress to provide critical new legislation that at least hardens our airliners against new 9/11’s. We need legislation developed in consultation with front line air crews and front line air marshals – first responders with no revenue or bureaucratic agenda -- that empowers our crews with training and information, urgently streamlines the federal flight deck officer program and encourages volunteers, trains flight attendants and TSA personnel to recognize subtle suspicious behaviors, and increases the specialization of our air marshals to take advantage of their skills and expertise. Airline security needs to be risk-based; but it also must be resource-based. And we have fewer resources than we would like to believe.
Most of all, our federal agencies must be willing to look at their own failures and limitations with open eyes. They must admit them, then work aggressively to address them where they can -- instead of offering hollow platitudes a sixth grader could see through to try to keep us from seeing the emperor has no clothes. Doing other only undercuts our confidence and keeps us at risk.
If the past is any guide, Al Qaeda will become more inventive and better prepared, their weapons and tactics more imaginative and more complex, and their operational security, better over time. Airline security cannot be operated as a desperate, reactive response to the latest threat, but must be managed as a system that can more easily counter a threat wherever it is uncovered on a regular basis.
In the end, the only measure of the viability of airline security is to ask, “If Al Qaeda hijacked 10 airliners tomorrow, could any of them hit a building?” Right now, you don’t want to know the answer.