Are we still utilizing primitive countermeasures in aviation security? Are we doing enough to mitigate current and evolving threats?

In the past years, a number of aviation related incidents have unceasingly tainted the commercial aviation industry.  Since 9/11 one can make reference to the December 2001 ‘shoe bomber’ plot, the 2002 attempt to shoot down an Israeli aircraft in Kenya, the August 2006 liquid explosives plot to bring down transatlantic flights, the December 2009 Christmas bomber, the 2010 cargo IED plot, the 2014 Malaysia Airlines flight MH370 disappearing over the South China Sea, the 2015 German Wings Flight 9525 incident, deliberately crashed in the French Alps , and the just recent Airbus A321 operated by Russian airline Metrojet from Sharm el-Sheikh to St Petersburg which also went down in the Sinai Peninsula in Egypt.

Despite efforts and concerted actions from the International Civil Aviation Organization (ICAO), European Commission (EC), the Transportation Security Administration (TSA) and other Regulatory Bodies in other regions around the globe to improve aviation security, the aviation industry is still faced with a good number of critical threats:

Threats from Explosive Devices:

Throughout the years, terrorists have continuously refined their strategies and tactics to conceal improvised explosive devices (IEDs) from security screening equipment and from personnel performing aviation security duties. This was evidently put on show in the 2010 Yemen cargo bomb plots, where terrorists concealed the ‘almost imperceptible’ explosives in printer cartridges. Another example being the Christmas bomber incident in December 2009, where the destined suicide bomber concealed explosives in his underwear while he managed to surpass various aviation security and other controls.

Following an escalation in the use of IEDs in the aviation industry, Regulatory Bodies have looked into ways of closing an evident gap in security systems and increasing safeguards for passenger and cargo aircraft by deploying and regulating Explosive Trace Detection Equipment (ETD), Explosive Detection Dogs (EDDs), and Security Scanners (also known as body scanners).

Not withstanding the deployment of the above security equipment in the aviation security industry, IEDs are still considered to pose a significant threat to the aviation industry; this in view of the current limitations of the screening technologies and methodologies employed.

Security Scanners can be definitely defeated by concealing IEDs internally, either by surgically implanting devices into the body of a would-be suicide bomber, or by inserting explosive devices into body cavities.

Alternatively, IEDs concealed within complex electronic devices or other complex luggage or cargo content are most likely to defeat visual inspections of security personnel, which at most times have the ‘time’ and ‘customer care’ element working against them.

ETDs and EDDs can be overcome by a number of tactics. For example a number of ETD (although not all ETDs) do not have the capability of detecting all explosive compounds. Furthermore, both ETD equipment and EDDs are not designed or trained to detect components of improvised incendiary devices (IIDs), making the use of such components rather attractive for terrorists.

Both ETDs and EDDs are designed or trained to detect vapors or minute particles. IEDs can be vacuum packed, sealed, masked or cleaned so as to radically decay the ability of ETDs or EDDs to detect explosive vapors or particles.

Behavior profiling also proved futile towards passenger-borne IED and IIDs. Umar Farouk Abdulmutallab managed to surpass two interviews by security personnel prior to boarding and attempting to ‘down’ the Northwest Airlines Flight 253 in 2009.

Insider Threats:

A British Airways computer expert, Rajib Karim spent three years looking into ways on how to carry out a terrorist attack on Britain. Karim’s motive was to smuggle a bomb onto a transatlantic aircraft. To perform the terrorist act, he further attempted to recruit as accomplices others, including a baggage handler at Heathrow Airport and another employee from airport security.

This attempt from an insider cannot be looked upon in isolation. One can mention the 2007 JFK airport plot where authorities disrupted a plot by Islamic extremists to attack a JFK jet fuel storage and pipeline system, and the 2009 plot by Indonesian terrorist Noordin Top to target commercial aviation at Jakarta’s main airport, which also included assistance from a former mechanic working with Guarda Indonesia.

Although National Authorities are known to perform background and other criminal verifications on persons requiring unescorted access into airports, such checks still have not impeded employees granted access to secure areas of airports in performing acts of unlawful interference or other criminal activities.

The insider threat issue further develops towards a worse scenario when one look at non-Western airports in regions such as South Asia or West Africa. In such regions local authorities have immeasurable difficulties when it comes to background or criminal record checks on airport staff, in view of inadequate or inaccessible terrorist and criminal intelligence databases.

Threats from Ranged Weapons:

Man-portable air defense systems (MANPADS) are nowadays considered to be one of the fast growing physical threats following the outbreak of Libya’s civil war in 2011.  Some reports indicate that missiles stolen from Libya have spread as widely as Niger, the Gaza Strip, and the Sinai Peninsula.

Although it is a known fact that MANPADS are not capable of targeting aircraft at cruising altitudes, commercial aircraft would become vulnerable for several miles during the ascend and descend maneuvers particularly when keeping in mind that such commercial aircraft are not normally equipped with countermeasures systems.

Furthermore, a substantial wide range of weapons could also be used to target commercial aircraft, mainly when taxiing prior to takeoff, or after the aircraft has landed. For example, the rocket-propelled grenades (RPGs), which are known to be inaccurate at extended ranges, have still been used to shoot down rotary wing aircraft in a number of combat zones. RPGs have also been used in at least one plot against El Al aircraft.

Threats against Airports:

Moving away from the threat to aircraft and focusing on the threat to airports one can presume that the inclination for airport attacks may at times be driven by the vulnerability criteria, where terrorists target vulnerable areas of the industry rather than going for the multi-layered secure areas of the industry.

Since aviation security is concerned and mainly focused on the safety and security of departing aircraft, any person or object in contact with or boarding departing aircraft has to go through some sort of regulated security control. 

In view of this, aviation security can be said to provide very basic and (at times) unregulated security coverage at landside areas (also known as public areas), while giving top priority to security controls and the screening of passengers, staff, visitors, vehicles and items gaining access from landside areas to the Security Restricted Area (SRA) of airports. Other security procedures and provisions are also in place for cargo and other supplies.

In 2007, Glasgow International Airport was attacked when two men drove an SUV loaded with petrol and propane canisters in the direction of the terminal facade, hitting security barriers, crashing into the glass doors then set ablaze. Security bollards outside stopped the vehicle from entering further inside the terminal thus avoiding mass casualties.

In 2011, the landside arrivals hall of Domodedovo International Airport was the target of a suicide bombing. Thirty-five persons lost their lives while at least 135 persons were injured in the blast.

We all know what happenned in Brussels and Istanbul in 2016.

Facing Reality:

While one understands that the threat to the aviation industry is real and there to stay, it is also crucial to appreciate the hard fact that having 100% security can never be the case. As long as passengers, baggage and cargo are allowed onboard aircraft, and as long as staff and visitors have access to aircraft, the industry will continue to be exposed to a number of internal and external risks and threats.

It would be realistic to articulate that terrorists can be quite imaginative and adaptive towards identified vulnerabilities. It is no secret that they vigilantly scrutinize security measures in place, and then exploit the identified vulnerabilities at their desired pace and when deemed opportune to meet their objectives.

In the context of the aviation industry, terrorist orgnisations recruit candidates who are not only committed enough to sacrifice their lives, but who would also need to have the courage to steadily proceed through airport operations and security checkpoints without giving themselves up. Such behavior and nerve have been the principal successful element of several terrorist activity. 

This ‘trained behavior’ may sound uncomplicated and simply the act of following a plan in theory. However, the actual application of such an act under the intense stress of a suicide maneuver has to be very challenging. This may be looked upon as one of the possible vulnerabilities of (even) a well-planned terrorist act. 

Although for a number of times behavior profiling did not provide its expected results, it may be at times easier to observe behavior blunders rather than to recover professionally concealed explosive devices. Such behavior faults may be evidenced, or even provoked, by security personnel or other trained operational staff during interviews or operations. In such cases, unpredictable variations in security procedures and protocols, where a potential attacker is unaware and hence not prepared of what security procedures will be applied next is also another ‘eye opener’ for security personnel and other staff making part of the aviation security chain.

To conclude, aviation security should also be more reactive to emerging threats. With an industry where the reliance on computer systems for almost every aspect, and at the same time the increasing challenges of cyber warfare, the Aviation Industry seems still dormant when it comes to cyber security and to counter such emerging threats.

A good football player positions himself where the ball is being played, but a great football player set himself where the ball is going to be.

Cyber security experts agree on one thing – It’s not a matter of ‘if’ but a matter of ‘when’. Doing nothing is not an option!

Mail: [email protected]

Mob: +971 056 398 8360