Lessons from the Multiple Security Failures on NW253
Current knee-jerk responses risk making
matters worse not better
|
|
Terrorist and failed crotch-bomber Umar Farouk Abdul Mutallab.
|
An explosive device hidden in
terrorist Abdul Mutallab's underpants almost caused the 25
December destruction of an A330 and the nearly 300 people on
board.
Such a device, being
non-metallic, does not register when going through a metal
detector. Will we now need to feel up everyone's personal
areas as part of security screening so as to protect us against
future similar events?
While such a move seems
unavoidable, and there is now a rush to add whole body scanners
to airport screening stations, such actions overlook better approaches to security.
Executive Summary
Clearly the system designed
to protect passengers and planes failed on 25 December. It
is was only the matching failure of the explosive device itself
(it 'fizzed and caught fire rather than explosively detonated) that saved the 300 passengers on flight NW253
traveling between Amsterdam and Detroit from near certain death.
In sad reality, airport security worked as expected.
This was not an incredibly clever cunning innovative
exploitation of a subtle flaw in airport security, nor was it a
'one in a million' lucky chance. It was instead making use
of known and longstanding vulnerabilities.
Airport
security is not currently able to detect explosives that are
hidden beneath one's clothes, and traditional cursory pat-downs
are careful to discreetly leave a passenger's personal private
areas untouched, so the 'crotch bomb' worn by Abdul Mutallab was
completely undetectable.
More serious is how the many different threads of alert and alarm
that disparate elements of our security services already
possessed about the terrorist did not seem to have been
integrated into a broader picture, and/or, those parts which
were clearly established were not acted upon.
For the future, new airport
body scanner machines promise some improvement in terms of being
able to see under people's clothes, but even these will not
detect all explosives (and/or any other objects) artfully secreted on (and in!) one's person.
The most important
improvements however need to be in the intelligence gathering,
collating, and implementing procedures prior to a potential
terrorist arriving at the airport. Frustratingly, many of
the same problems that surfaced with the 9/11 events have been
repeated and the new 'National Counterterrorism Center' created
subsequently and tasked with ensuring that information from the
16 different US intelligence sources is matched together and
integrated does not seem to have functioned as it should.
We should improve our
airport security functionality, but the best protection against
future terrorist attacks (which may or may not involve airports
and airplanes) is, was, and always will be enhancing the
capabilities of our security services.
Lastly, improved/stricter
airport security protocols need to be matched with more focused
application of such controls so as to minimize their impact on
ordinary safe passengers, and allow for concentrated attention
being given to 'at risk' passengers.
Two Ways to Secure Flights
There are essentially two
very different approaches to protecting flights.
The first approach is the
one we see at the airport - the largely ineffective but
definitely inconvenient 'security' measures designed to prevent
terrorists from taking bombs or weapons onto planes.
Unfortunately, these measures succeed mainly (and even then only
partially) at preventing normal people from carrying water and
pocket knives onto planes while not deterring determined
terrorists.
Because these measures are
very visible to the traveling public, they tend to be the main
focus of most people's security thinking.
The second approach is to
find would-be terrorists before they get to the airport and
prevent them from reaching the airport in the first place.
Such actions are more shadowy and murky, and are harder to
understand and appreciate, and so perhaps don't get as much
attention as they should.
Clearly, in this case,
neither part of the overall security process worked.
Mutallab should never have been allowed to fly in the first
place, and - ideally - his explosive device should have been
detected during security screening.
The Red Flags That Should Have
Warned Us About Mutallab
There were a number of red
flag issues that should have prevented Abdul Mutallab's ability
to fly to the US, or at the very least, singled him out for
extra scrutiny. That none of these, individually or in
combination, failed to create any positive action is clearly the
greatest failure of the incident :
-
His father reported his
developing Muslim extremism and indoctrination in Yemen to both the Nigerian and US
authorities. His father was not just an ordinary
Nigerian. He was a member of the ruling elite of the
country.
-
The NSA and CIA received reports of a
Nigerian national being trained in Yemen to blow up a plane
-
He attended a Yemen/Al Qaeda
terrorist training camp (this may or may not have been known
to all authorities)
-
He was on one of the several
US terrorist watch lists (but not the most serious 'must not
fly' list)
-
The UK government put him on
a 'Banned from entering Britain' list and advised the US
government of their actions
-
He paid cash for his ticket
only a short time prior to traveling
-
He had no checked baggage
(although, to be fair, with the high cost of checking bags,
this is becoming increasingly common)
-
He is a single young Muslim
male traveling alone. Excuse the lack of political
correctness, but all the terrorists who have attacked planes
this decade, and most of the terrorists who have attacked
other things have been single young Muslim males.
Unfortunately, none of these
red flags even caused him to be singled out for heightened
security inspection at the airport, let alone preventing him
from traveling.
And then, at the airport,
with nothing more than the normal default level of security
screening, his hidden bomb was unsurprisingly undetected.
Airport Security Screening - An
Impossible Task
The unavoidable
imperfections in intelligence gathering and attack prevention
prior to terrorists getting to an airport cause us to need a
second layer of defense - security screening at airports.
This gives us the appearance
of security, and to those who know nothing about the
limitations of the screening technology and the types of
materials that terrorists may seek to smuggle through screening,
the whole process seems to be impressive and worthwhile.
But the reality is very
different. For example, internal audits consistently show that
while 80% of banned items such as knives and guns are detected
during X-ray
screening, that leaves 20% that get through, primarily due to the inattentiveness of the scanner
operator and/or the objects being randomly obscured by other items in the
bag.
The percentage of items that
are 'artfully concealed' which escape detection may be
considerably greater.
80% success is not a passing
grade
You'd probably be delighted
to score 80% in a college exam. But detecting only 80% of
weapons that are inadvertently carried through airport
security is not a good result - it is an appalling result.
That means, on average, five terrorists could go to an
airport and one of them would get their weapon safely through
security.
For that matter, a 90%
detection rate is also unacceptably low - it simply requires ten
terrorists to band together to ensure one gets through.
If airport
security is to be valid, it must have a 99% or higher detection
rate, and not even the greatest supporters of the TSA can claim
it will ever consistently achieve those rates of detection - at least not
with present technologies.
Completely undetectable
explosives
More seriously than metallic
guns and knives that will be detected both by the walk through
metal detector and/or the X-ray machine; explosives - be they
liquid or solid or powder - can be carried through the metal
detector, hidden beneath one's clothing, and the metal detector
will not register their presence (due to them not being metal).
There are two ways that may
detect explosives, but one approach failed to work reliably and
has been withdrawn and
the other is too time consuming to be used with every person.
'Puffer' machines had
promised to be a useful new way of detecting explosives.
They would blow air onto a person or object and then scan the
air that had passed over the person/object to see if it
contained microscopic amounts of the chemicals that are
characteristically used in explosives.
Unfortunately,
these puffer machines failed to work reliably in field trial
tests (they tended to report just about any type of chemical
that they detected as being an explosive), and the few that were deployed are now being withdrawn
from service. New software in the future may return this
technology into a more useful role.
Explosive Trace Detection
machines involve using a special test strip of material to wipe
down a surface and collect a sample of the materials on that
surface; the test strip is then analyzed in a machine to
see if there were any chemicals collected in the sample that would
indicate the presence of explosives.
But they are slow in
operation and of course only give a definitive test of the area
swabbed, so are far from a practical and robust method of
detecting the presence of explosives.
Other methods of finding
hidden explosives
Pat down searches of a
person are unlikely to reveal the presence of small but deadly
amounts of explosives concealed around a woman's bust (or in her
bra padding) or around a man's genitals unless they become
extremely personal. A new twist on Mae West's famous line
might become 'Are you pleased to see me, or is that
a bomb in your pocket?'.
The latest generation of new
scanners which 'see' through clothing to show the operator the
outline of the person's body beneath their clothing, and to also
show any other objects that may be concealed between body and
clothing, have been slow to be deployed due to ridiculous
concerns about the screening operators getting to see shadowy
images of people's naked bodies.
Indeed, and to be sensitive
to these concerns, the person viewing the screen images is in a
different location so that he (she) can't see the actual people
as well as their images.
Additionally, at least some
types of current machines that use this type
of screening may be a bit slower than a walk through metal
detector (you have to enter the booth and wait 30 seconds while
the machine takes your picture), but that is not a reason to
deploy the machines, it simply means more detectors need to be
purchased to allow for the same throughput of passengers.
But even these new machines are not the
universal panacea that some people believe them to be. It
is believed that
Al Qaeda have managed to purchase such devices themselves
and are practicing where and how to conceal explosives so they
don't register on these new scanners.
Impossible to find hiding
places too
And there remains the
ultimate hiding place - inside one's body. This approach
has been used, with complete success, for decades by drug
smugglers and people bringing contraband into prisons.
The amount of explosive
needed to blow a hole in the side of a plane is not great, and
so a terrorist doesn't need to secret a lot of material
internally. Two to three ounces of PETN (this seems to be
the preferred explosive of most terrorists) is probably
sufficient, depending on where the explosive is located compared
to the plane fuselage. The shoe bomber had about two
ounces of PETN in his shoe bomb, and the crotch bomber had about
three ounces of PETN in his crotch bomb. If either
terrorist had successfully detonated his device, he could have
destroyed the plane he was in.
If a larger explosion was
desired, all that would be needed is for two or more terrorists
to travel together and pool their explosives once on board.
Intelligence Gathering and
Analysis Is Also Imperfect
It is very easy to employ
the clarity of 20:20 hindsight to the murky vision that security
services have of the myriad of threats all around us, and it is
also very easy to focus on one specific scenario and to seek a
perfect response in that one specific case.
The reality is that
intelligence gathering and analysis is imperfect at many levels.
The information that is first obtained is seldom exact, but may
be a series of vague data points from sources of varying
reliability.
This is not a black or white
world, and intelligence analysis involves attempting to
interpret subtle hues of gray before deciding on a black/white
outcome - allowed to fly or not? Where should the line be
drawn? If it is too permissive, we risk allowing
terrorists to fly. If it is too restrictive, then we again
get besieged with unhappy grandmothers, infants, congressmen and
senators who are mistakenly told they may be terrorists and
can't fly.
Most of all, our
intelligence services have too much information and too little
resource to collate it, to analyze it, and to act upon it.
Even the newly established National Counterterrorism Center,
designed to act as a central clearing house for all intelligence
information, obtained from all sources, about all potential
terrorists, has been shown to be imperfect in executing its
tasking in this situation. At the time of writing,
intelligence officials are reduced to saying that they cannot
explain how they failed to join all the dots and recognize/act
upon the many red flags associated with Mutallab.
Plus, when terrorists are caught, we are constrained in our
ability to interrogate them (and, to be blunt, to subsequently
execute them), being shackled by rules of law that the
terrorists themselves do not honor, but use to shelter behind,
and rules of evidence that often prevent the security services
from revealing the full extent of their knowledge about
terrorists and their actions, for fear of compromising their
sources.
Like eco-sensitive
fisherman, we even practice a 'catch and release' program
whereby terrorists are caught, detained, and then released,
freeing them to try again, or at the very least allowing them to
report back with valuable information about how we respond to
their actions.
Intelligence Measures are the
Best Security
Even though intelligence
activities are currently far from perfect, that is not a reason to reduce
our reliance on them. Instead, it is a reason to enhance
and improve our intelligence resources.
Airport security protects us
against one type of threat only, and in one sort of form only,
and in one place only. We have to first define a threat,
and then we have to create a defense against it.
But intelligence is not so
rigidly defined. Intelligence seeks out bad people with
bad intentions, no matter whether their intentions are to bomb
planes or to do any other type of nefarious deed, in any other
location. Intelligence is open ended whereas point
security measures at airports and elsewhere are closed in their
capabilities.
Intelligence gathering also
rarely inconveniences most travelers. While we have agents
gathering intelligence in the Middle East and Africa, their
actions in no way interfere with our ability to conveniently fly
between any two places.
The Greater Limitations of
Airport Security
The thing about airport
security is that it is a mono-dimensional level of security that
is imperfect at best, and in creating this imperfect level of
protection, it massively inconveniences millions of ordinary
innocent people every day.
Airport security is also
visible to terrorists. They can test it, they can 'game'
it to uncover and exploit any weaknesses in the system, they can
even acquire the exact same screening equipment and experiment
with it to work out how best to prevent banned items from being
detected.
For example, terrorists can
disassemble firearms and then see what shapes and angles of the
component parts look least suspicious when going through X-ray
machines. They can also hide items (guns or explosives)
inside other items and see if they are detectable or not.
They can turn our reliance on hardware completely around and use
it against us.
Airport Security is Unavoidably
Porous, Unselective and Boring
By its nature, airport
security is a 'last ditch' defense against terrorist attack.
By definition, all known terrorists should have already been
detected/deterred from reaching an airport, and so therefore
airport security necessarily must treat everyone as similarly
suspicious.
But in doing so, airport
security also must compromise between a 100% approach to
security, which really truly would have us all naked and getting
rubber glove type exams (and as for how we'd have the contents
of our stomachs tested, who only knows) and a more permissive
approach to security which recognizes that 99.99999% or more of
all passengers are ordinary people who need no security
screening at all.
To put it another way, and
bluntly, a TSA screener could spend their entire working life
offending people by groping their crotches and never find
anything more than what should be there. So after ten
years of such a thankless task, how alert do you think he will
really be when reaching between the legs of the umpteen
millionth passenger he's had to grope?
It is really no wonder so
much material slips through TSA screening, because much of a TSA
screener's life is boring routine, which makes it hard to stay
alert and to simultaneously treat each person passing through
with respect and courtesy, but also as if they are a potential
terrorist.
Furthermore, the TSA - as
gargantuan as it is - simply does not have the personnel to give
detailed searches to every person passing through security.
What is Needed
We need three new things to
give us better security.
1. Improved Intelligence
Resources
Many people like to deride
our intelligence services. This is unfair. They do a
good job with insufficient resource and in a world that is
overflowing with too much data and too many potential
terrorists.
The solution to their
current failings and weaknesses is to give more resource to the
intelligence services, and to boost their role as the key
element of our defense against terrorism, not to constrain them
still further.
2. Adapting Airport
Security to Match Different Passengers and their Risk Profiles
We need to differentiate
between high risk, moderate risk and low risk passengers, and we
need to then devise different levels of security checking for
each of these categories of passenger.
A 'one size fits all'
approach will not catch the dedicated terrorist, but will
massively inconvenience ordinary passengers and discourage many
people from flying, adding further to the ills of the airline
industry. It will be too intrusive for normal people, but
will never be sufficiently rigorous to catch the most determined
terrorist with the most artfully concealed explosive.
We need both positive and
negative vetting of passengers. Positive vetting to move a
passenger from normal risk to low risk, and negative vetting to
move a passenger from normal risk to high risk.
We need to sacrifice all
dysfunctional concessions that are currently made in the name of
political correctness, and accept the reality that 99% of would
be terrorists are, by some amazing coincidence, Muslim
extremists, and are young, single and male. Call it
profiling, or call it common sense, but whichever way you slice
it, you can't get away from the fact that very few 80 year old
WASP grandmothers have attempted to blow up a plane. The
time and resource spent searching them is time and resource that
should be selectively applied instead to passengers who fit a
profile - be it racial or otherwise.
Note that this isn't to say
that the only terrorists are Muslim extremists, and neither is
it to say that a Muslim extremist couldn't disguise himself to
look like a 'normal' person. So while it might make sense
to recognize that young single male Muslims are more likely to
be terrorists than 80 yr old WASP grandmothers, unfortunately
the security forces have to be alert to terrorism coming from
just about any unexpected demographic group.
We should allow people to
pay for the costs of receiving a security vetting clearance that
will move them to a lower level of airport security attention
for a certain period of time before expiring and needing to be
repeated.
This not only provides a
better travel experience for 'safe' travelers, but also frees
the TSA to concentrate on other passengers of more dubious
provenance.
3. The Best Bomb
Detection Equipment
The misplaced prudery that
is demonstrated by people concerned at having shadowy images of
their bodies projected privately onto computer monitors and seen
only by impersonal TSA representatives is stunning in its short
sighted stupidity.
Most of us would much rather
that someone somewhere got to briefly see a computer image of
our body outline somewhere in private than to be subjected to a
several minute rigorous pat-down in public, complete with a need
to remove one's bra and have it inspected, and with close
attention also given to our groin area.
While the new whole body
imaging scanners do not promise to be a complete solution to
hidden explosives, they are a much better approach to airport
security in general than current metal detectors and pat-downs.
What is Not Needed
More Air Marshals :
Unless there is a Federal Air Marshal (FAM) alongside every
passenger, watching them the entire journey, there is no point
in having more FAMs. The amount of warning that anyone
would get when a passenger decided to explode an obscured bomb
is anywhere from zero seconds to very few seconds, and the
amount of time to respond and prevent that bomb explosion is
even less.
By the time any on board FAM
was located and advised of the imminent threat, and by the time
the FAM moved from where he was (probably up front in first
class) to where the terrorist was (probably somewhere in the
back in coach class, and if the terrorist has any smarts, in a
window seat, both to be closer to the side of the plane so the
explosive will have greater effect and also to be further from
the aisle and interference) whatever the terrorist was planning
to do would either already be done or have been prevented by
alert responsive ordinary passengers.
Summary
We are very fortunate that
the lesson inherent in the failed crotch-bombing attempt is so
cheap, with no people being harmed in the process.
But we must not complacently
equate a failed bombing attempt with an unimportant security
threat. The failings of our security processes are real,
and the enemy - Al Qaeda and all the other various terrorist
groups - are well aware of these failings.
We need to act positively
and sensibly to correct the weaknesses exposed by this incident,
and to improve the safety and security of all passengers in a
way that does not ridiculously and ineffectively add to the
present inconvenience of travel.
Specific security measures
against a specific threat (such as are found at airports) imperfectly protect us against that
specific threat only. General counter-terrorism procedures
(such as conducted by our intelligence services and military)
protect us against terrorism in general. We need to proceed
forwards accordingly and focus more on general counter-terrorism
operations.
Lastly, we need to
appreciate that terrorists don't destroy our freedoms and our
way of life - it is our response to terrorists that threatens to
do this.
So if we are to introduce still
stricter security measures, we need to - at the same time -
become more selective in terms of who we impose these security
measures on. Not only does misdirected attention to
ordinary safe travelers annoy and upset such people and
discourage them from flying (and thereby harm the very aviation
industry the entire process is ostensibly in place to protect), but it also
drains precious resource and attention away from the people who
truly deserve stricter attention.
Related Articles, etc
|
If so, please donate to keep the website free and fund the addition of more articles like this. Any help is most appreciated - simply click below to securely send a contribution through a credit card and Paypal.
|
Originally published
1 January 2010, last update
30 May 2021
You may freely reproduce or distribute this article for noncommercial purposes as long as you give credit to me as original writer.
|