Lessons from the aviation Sector – post 10/8

On 10 August 2006, a plot intending to cause in-flight explosions on multiple aircraft leaving the UK to the US was foiled. Following this, it is reasonable to speculate on what the impact of such an attack might be on other modes of public transport. Lessons from the aviation sector could be used to protect public transport from such an attack or minimise the impact if such an event was attempted again.

Historically, governments and the aviation industry have responded to such attacks in a reactive manner. Only rarely do either group take a proactive approach. Why this should be is a case for a separate argument in itself. Suffice to say, the same reactive response is generally typical of all countries and of the majority of airports and airlines.

The UK has had moments when it has taken a different view, not wholly proactive but then again not totally re-active. It was reactive in the 1970’s after the hijackings that were so spectacularly ended with the destruction of the aircraft on the ground at Dawsons Field in Jordan with the requirements placed on airlines to introduce an effective (then) anti hijacking regime using X-ray and metal detectors for weapons, handguns, grenades etc. It was then somewhat proactive in 1976 by directing the major airports to take direct responsibility for screening passengers and their carry on baggage. It was at this time that the BAA (then the British Airports Authority) first became involved in providing a more intensive security operation for civil aviation. Prior to this the airports only security function was to provide a very basic access control function into the airside parts of the airport, this was little more than a gatekeeper role and quite different from the functions carried out by the access control staff today.

By far the most proactive action of the UK regulator, then known as the Department of Transport (DOT – now known as the DfT) came about as a direct consequence of the tragic events on the 21 December 1988 with the destruction of Pan American flight PA103 over Lockerbie, Scotland. This event caused a sea change in the security measures throughout the UK and for over 10 years raised the profile of the UK Civil Aviation security regime to one of, if not the highest (excluding Israel which is designed to operate in a permanently hostile environment) levels in the international civil aviation transport. Although the attack on the PA103 was a direct attack on US interests, and the role of the UK authorities and the airport operator (BAA) at Heathrow, had no involvement in respect of screening the transfer checked baggage (this was a function conducted by the airlines own security subsidiary and in accordance with US FAA regulations) the impact of the event was immense and ongoing. The UK DOT, working in conjunction with the airports introduced a range of new and pro-active measures to try to prevent such an event happening again.

Checked Baggage Screening

One of the most obvious measures introduced after Lockerbie, but still a reactive one, was the development of the integrated 100% checked baggage screening system using automatic explosive detection technologies. These were developed through active co-operation between the manufactures, the airports and the DOT to be state of the art in the early 1990’s. The automatic explosive detection were integrated into the baggage handling system under a concept developed by myself as head of Group Security for BAA and a small team of specialist airport baggage handling engineers. This culminated in 1993 with the successful operational trials at Glasgow International Airport of a multi layered screening process. Ongoing development of the technology with manufactures, the UK DfT and the airports, has resulted in this concept becoming the de facto standard worldwide, with a few minor variations on the type of technology deployed, but essentially the same concept.

The technology used for checked baggage screening is now well established and is unlikely to change significantly in the immediate future as the systems are designed to detect the most common threat in checked baggage, an improvised explosive device containing plastic explosives. The threat of liquid explosives being used in checked baggage is less likely for checked than carry on baggage and the threat of carrying inert materials and mixing them post security screening is non existent.

Are there any lessons from the aviation sector to be learnt here?

Doubtful as the technology is so large and is designed to be used as part of an integrated baggage handling system and although possible it is not really suitable for mass screening as needed in say the metro systems unless it was used for selected travellers only.

Access Control – Staff Screening

There were a number of proactive measures which were introduced following the Lockerbie incident and space prevents relating all of them. However, one of the key proactive measures introduced throughout UK airports was the requirement to identify security restricted areas (now known in EU parlance as critical parts) and for screening of all staff and items taken into these areas to the same standard as passengers. This was done as in the immediate period after the incident it was not clear how the IED (bomb) was introduced and some concerns were expressed that it may have been taken airside by a member of ground staff – as the only check in place at Heathrow and any other international Check was a basic ID check. Screening of staff, vehicles and items carried by staff prior to being allowed into the security restricted areas has been in daily operation since February 1990 at Heathrow and within a few months at all other UK airports. It is a measure that until recently has only been adopted by a few other countries and in the past two years, following the horrific 9/11 events, by the European Union (EU) although it is not fully in force until July 2009 in all EU member states, and despite the reactive measures by the US following 9/11, this is a key security measure that they have yet to implement.

Are there any lessons from the aviation sector to be learnt here?

Probably not, as there has been no suggestion that staff collusion has been a factor in any attacks on other modes of transport.

Passenger Screening

The evolution of passenger screening has been largely reactive due to the known weaknesses in the traditional ‘Walk Through Metal Detectors (WTMD)’, these do exactly what they say, they find metal only, and are unsuitable for detection of other threats. For example, they provide no protection against ceramic and plastic weapons or explosives. The ‘explosives’ threat can be countered to some degree by the portals using trace/vapour sampling but these have to be used in addition to WTMD’s as they do not detect metal, ceramic or plastic weapons.

This broader threat is to some degree managed by the recent trials of whole body X-rays and the later generation of Millimetre wave systems, some of which have been trialled at UK rail stations. These are quite successful but rely heavily on the skills and alertness of the operator as with most security systems. They have the ability to detect both weapons and explosives although there are limitations for some materials and locations. For example, shoes can be a problem, so this type of technology would need to be supported by additional systems to detect the type of device carried by Richard Reid in his unsuccessful attempt to bring down an aircraft from Paris to Miami in December 2001. His attempt was foiled by alert members of the cabin crew and not by any technology deployed at airports. This threat is still potentially with us and one company, GE, has developed a Qudrupole Resonance (QR) based explosives detector for screening potential shoe bombs. It is possible that we may see this technology trialled at some US airports in the near term, but until this has been proven successful passengers can expect to remove their shoes for screening by the carry on baggage X-rays at many airports.

Are there any lessons from the aviation sector to be learnt here?

Possibly for rail and maritime but unlikely for mass screening of passengers at busy metro stations, as the airport systems are designed to screen significantly lower volumes of people at any given five minute period than travel through busy metro stations at peak times. As with the technology for screening larger pieces of baggage, this is best used for screening selected travellers only.

Carry on Baggage Screening

As with the passenger screening process, the X-ray of carry on baggage has been the cornerstone of the aviation security procedures, and like the WTMD was developed to counter the threat of hijack weapons being taken on board an aircraft. Despite the PA103 and the 9/11 events there has been no significant improvement in the systems currently used at airports around the world today. Despite many past claims since the rapid (post Lockerbie) introduction of dual energy X-ray systems, these (conventional) X-rays simply do not automatically detect explosives. To achieve explosive materials detection it is necessary to use the more expensive advanced technology systems or the even more expensive EDS systems used in 100% checked baggage screening. None of them are designed to detect the recently rediscovered threat of liquid explosives, whether mixed as a single compound or in its constituent parts. Detection of liquid explosives, or their components, is extremely difficult to detect and not surprisingly the UK and US took the extreme measure of banning all liquids in aircraft cabins to counter the immediate threat. The long term viability of this measure is current under debate both within the UK and its European neighbours. Irrespective of whether the ban on the carriage of liquids continues, the threat of a plastic explosive device remains significant and current technology used at airports for carry on baggage screening provides little protection against that.

The US is considering trials on smaller EDS type systems for screening carry on baggage at airport check points, as the larger systems are unsuited for use in screening checkpoints. Even with the smaller systems, apart from cost, there are other significant factors – such as capacity issues. However these systems are likely to experience high levels of false alarm for one of the terrorist’s favourite plastic explosives – sheet or thinly rolled out plastic such as Semtex.

A recent collaboration between one of the leading X-ray manufacturers Rapiscan and an Australian based technology company, QR Sciences, has resulted in a combined X-ray and Quadrupole Resonance (QR) system which when used as a combined system provides both weapons and automatic detection of plastic explosives. This technology has been successfully tested in the US recently and at the moment is probably the best option available for hijack and plastic explosive detection in carry on baggage.

QR systems use radio-waves to automatically detect plastic explosives typically used in civil aviation attacks, including very thin or sheet explosives, as well as bulk plastic explosives – including those which may have been distributed into smaller amounts for concealment in carry-on bags. This significantly strengthens two critical vulnerabilities that exist today at the checkpoint, namely the reliance on operators ability to identify cleverly conceal IED’s and the ability to detect sheet or distributed explosives.

Are there any lessons from the aviation sector to be learnt here?

Certainly for rail and maritime and selected passengers at busy metro stations

Behavioural Pattern Recognition

It is to be expected that one of the ongoing problems will be the shortage of technology at most airports to be able to screen everyone to the same high standard, so the industry and governments will have to look for ways to select people for deeper screening, or alternatively, identify those individuals and groups who pose less of a threat or no threat at all. This is usually referred to as profiling but as we have heard in recent times it suggests that selection has ethnic or race onnotations which, outside of Israel, would be deeply unpopular.

On the other hand selection by a person’s behavioural pattern (BHP) and, if available, their previous travel patterns (this would need to be done at the time of booking and would rely on heavily on airlines and governments co-operation to share passenger information) would flag up people who should be screened by the best available technology and allow those who pose a lower risk to be screened by the basic (current) level.

It is unlikely that passengers travel pattern information is going to be provided in the near term as airlines, let alone governments, are reluctant to share commercial or confidential information with others. So this leaves us with behavioural pattern recognition carried out by all staff who have a public interface, such as check in staff, customer service agents, and security staff engaged on screening and patrolling.

Are there any lessons from the aviation sector to be learnt here?

Certainly, although BHP is not widely used at airports where it is in use it is considered a key element of the layered security programme and one that in my opinion will ultimately be rolled out as a new ‘standard’.

Regulations

The aviation industry (airports and airlines) has a long history of regulation with the basic United Nations organisation ICAO with its Annex 17 Standards and Recommended Practises, which form the backbone of International Regulations. Although none of these are mandatory the majority of the 189 contracting states use this as their baseline international security measures. Within Europe prior to the 9/11 event, many European countries (currently 42) applied the baseline measures set out in the ECAC Policy Statement in the Field of Civil Aviation Security, Document 30. This was a somewhat more detailed group of standards than the baseline ICAO, but similarly not enforceable. Therefore, as with ICAO, if a contracting state chose not to implement standards or recommended practises, there was little that the other states could do other than regard passengers and flights from those countries as presenting a potential security hazard. In practise this rarely happened. A number of ICAO and ECAC contracting states, the UK amongst them, had their own civil aviation legislation in place and this was in most instances enforceable by local legislation.

The events of 9/11 in 2001 caused the European Union to review its former position in respect of civil aviation security and with the publication of EC Regulation 2320/2002 in December 2002. It created a new EU wide common basic standard on aviation security, followed by a series of implementing Regulations which applies to all (currently 25) EU Member states plus Switzerland which has voluntarily adopted the EU civil aviation security regulations.

Unlike the ICAO and ECAC standards, the EU common basic standards are enforceable by European Law and are therefore more strictly complied with. Member states must comply with the common basic standards but are free to implement additional measures depending on their individual needs or risk assessment.

This is exactly what the UK did on the 10 August with the extreme measures in respect of carry on baggage and the ongoing ban (at the time of writing this article) on the carriage of liquids. It is not know whether the UK DfT took into its confidence what extreme measures it had under consideration to counter such an attack. If so then the industry should have perhaps been more prepared than it appears to have been. It is possible that the actions of the regulator came as something of a shock – we may never know. If so, it marks a change of policy from that was experienced immediately after the Lockerbie incident, where the regulator was in regular and open dialogue with the industry on likely measures in the event of another incident.

Are there any lessons from the aviation sector to be learnt here?

The main lesson to be learnt from recent events is that the industry and regulators need to (continue to) work very closely to ensure that any future measures implemented are those that can be sustained without crippling the business and are consistent with the actual threat. This is not intended as a comment on the detail of the actual threat or the justification of the extreme measures imposed, simply a recognition that when such measures are imposed overnight there are bound to be repercussions, some of which may be minimised if all parties take a proactive view and plan ahead for the ‘unthinkable to happen’ – which given the events of 9/11 and now 10/8 are no longer unthinkable.

Conclusions of key lessons learnt

The specific security measures in place for civil aviation have evolved over a period of at least three decades; some of these may be applicable to other modes of transport, but not for mass screening. The cost and space issues associated with the aviation style screening processes mean that it can be deployed for similar or lower traffic flows, but not for mass screening in metro systems. Some of the technologies can certainly be deployed but given the throughput limitations there needs to be an effective process to select the people who are considered to pose the greatest threat. This must and should not be ethnic or race based but rather based on behavioural observation as the most effective means of identifying the new breed of terrorist including the alarming growth of potential male and female suicide attackers of any age.

The second, and perhaps in the current climate key lesson, is that the transport industry, if it has not already done so, must open and maintain a close dialogue and stakeholder relationship with their specific regulator in order to successfully plan ahead for future attacks on our transport industry and ensure that there is a series of contingency plans already in place to minimise the disruption to their business operations. In short prepare to keep your business in business.