aviation Security 10
Tomm.
chapter_11.pptChapter 11
The Threat Matrix
In this chapter, we describe the evolution of terrorist activities and various crimes perpetrated within the aviation system. Aviation security practitioners must be able to detect and deter future unconventional terrorist and criminal acts. The security industry is responsible for designing resiliency into aviation security systems such that responses are rapid and effective. Therefore, here we discuss existing and emerging threats to the aviation system and methods for mitigating, preparing, responding, and recovering from terrorist and extreme criminal attacks. This chapter examines practical strategies and tactics for accomplishing these requirements against current and future threats against aviation security.
*
Introduction
The United States has expended significant monetary resources since 9-11 to "fix" the aviation security system; however, as a nation the United States has much more work ahead in developing security systems that can mitigate future threats.
Although part of our responsibility is to detect and deter terrorist and criminal acts, it is also part of our responsibility to build resiliency into the aviation security system such that responses are rapid and effective when a terrorist or criminal act occurs.
Terrorism is a way to inflict harm on a country or entity with little risk to the infrastructure of the terrorist organization. Whenever a citizen sees heightened security, he or she is reminded of the attack that caused the new procedures and may continue to fear another attack.
*
Threat Matrix Introduction
Modern terrorism uses the Internet and other highly advanced technologies along with unconventional forms of implementing an attack.
Therefore, threats can no longer be eliminated through military power. Defeating current and future threats to our global aviation system requires strategies that combine military force where applicable and the construction of a resilient infrastructure.
The most dangerous threat to aviation is perhaps the belief that a threat is unstoppable.
*
Practical Aviation Security – Chapter 11
Threat Matrix
Threat is unstoppable
GA and the use of GA aircraft
"Isn't it easier to rent a truck and fill it with explosives than it is to rent or steal an aircraft?"
Suicide bombers
"You cannot stop someone who is totally committed to attacking you and killing themselves in the process."
The most dangerous threat to aviation is perhaps the belief that a threat is unstoppable.
The first statement is in regard to GA and the use of a GA aircraft to facilitate a terrorist attack. The statement goes something like "Isn't it easier to rent a truck and fill it with explosives than it is to rent or steal an aircraft?" The second statement relates to suicide bombers. The statement goes something like "You cannot stop someone who is totally committed to attacking you and killing themselves in the process."
Although commonly believed, neither of these statements helps prevent the next attack on aviation. The first statement does not negate our responsibility to prevent an aircraft from being used in a terrorist attack, whether it is a commercial service or GA aircraft. In the second case, whereas some terrorists will die for their cause, they will not "donate their lives cheaply."
*
Practical Aviation Security – Chapter 11
Threat Matrix
Terrorists – attack to cause significant harm, primarily economic
Modern threats from terrorism:
Existing threats – frequently used
Emerging conventional threats – new yet probable
Emerging asymmetrical threats - WMD
Terrorists intend to conduct attacks that significantly harm their target—primarily economically. Their objective is not just to cause destruction or kill people but to effect massive change—they want to do something that will stay in the news for months if not years.
Modern threats from terrorism fall into three areas: existing threats, emerging conventional threats, and emerging asymmetrical threats.
Existing threats are those that have frequently been used.
Emerging conventional threats include new yet probable forms of attack, such as the use surface-to-air missiles. Emerging asymmetrical threats include weapons of mass destruction that may cause indiscriminant destruction.
*
U.S. Patriot Act defined international and domestic terrorism
The U.S. Patriot Act defined international and domestic terrorism. International terrorism means activities that
(A) involve violent acts or acts dangerous to human life that are a violation of the criminal laws of the United States or of any State, or that would be a criminal violation if committed within the jurisdiction of the United States or of any State; and
(B) appear to be intended to (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and
(C) occur primarily outside the territorial jurisdiction of the United States, or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum.
Domestic terrorism” means activities that
- involve acts dangerous to human life that are a violation of the criminal laws of the United States or of any State and
(B) appear to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and
(C) occur primarily within the territorial jurisdiction of the United States.
Often, terrorists are using the protection provided by the laws of the country they are trying to attack as a shield for their activities.
*
Practical Aviation Security – Chapter 11
Threat Matrix
Relative Superiority
Condition that exists when an attacking force, generally smaller, gains a decisive advantage over a larger or well-defended enemy.
Six principles affect relative superiority
Simplicity
Security
Repetition
Surprise
Speed
Purpose
McRaven posits that in order for a small force to be successful they need to acquire what is known as relative superiority (McRaven, 1996), which he describes as a condition that exists when an attacking force, generally smaller, gains a decisive advantage over a larger or well-defended enemy. Relative superiority exists when it is achieved at the pivotal moment in the engagement and once achieved, sustained in order to guarantee victory.
McRaven explains how six principles, simplicity, security, repetition, surprise, speed and purpose, affect relative superiority. Each of these principles relate to the perspective of aviation security practitioners in designing methods to deter or effectively respond to a terrorist or criminal incident.
Simplicity relies on three elements – focusing on a limited number of objectives, having good intelligence and using innovation.
Security relates to operational security (OPSEC) while the attack is being planned and pieces put into place (training, acquisition of materials, funding).
Repetition is indispensable in achieving success and relates to training to perform the operation.
Surprise is not the same as relative superiority. Surprise provides for momentary advantage and while usually necessary for success, is alone is not sufficient for success.
Speed, which also relies on proper security and constant repetition (i.e. training) relates to the ability to take action quickly.
Purpose means all personnel are focused on a single goal, which reduces extraneous objectives, isolates and limits the intelligence required, which, combined, makes operational security that much tighter.
*
Practical Aviation Security – Chapter 11
Threat Matrix
Difficulty in measuring deterrence
Terrorists have a planning stage, research and planning stage, execution stage
(SARA) Select target, Analyze and assess, Research and attack
Adding to the frustration of counter terrorism operations is the difficulty in measuring deterrence.
The TSA has been roundly criticized for not catching any terrorists through their screening and behavior detection processes, but there are two issues here. TSA is not fundamentally a law enforcement agency or else it would likely reside in the Department of Justice.
The FBI and other law enforcement agencies have caught numerous terrorists and criminals since 9/11.
The Department of Defense, through the nation’s military forces, the CIA and related agencies have eliminated an untold number of terrorists, including most notably Osama bin Laden, potential terrorists and terrorist support networks since 9/11.
Terrorists have a planning stage (target selection, analyzing and assessing the mission), a research (reconnaissance) and planning stage, and an execution stage (the attack), and that the use of all the stages are inseparable and integrated (Ronczkowski, 2012). Thus, the four stages within the terrorism model are: Select target, Analyze and assess, Research and Attack (SARA).
In the absence of the integration the mission will fail. Terrorists do not randomly and spontaneously pick their targets – they are selective in order to maximize the tragedy. This provides law enforcement and security personnel the advantage of being able to identify and deter a plot in advance of the attack.
*
Practical Aviation Security – Chapter 11
Threat Matrix
Pre-incident indicators to terrorist or criminal activity
Nationwide SAR Initiative (NSI)
State and Local Anti-Terrorism Training (SLATT) Program
SAR Program (suspicious activity reporting)
To promote the training of state and local law enforcement officers in identifying pre-incident indicators to terrorist or criminal activity, there are a couple of programs: Nationwide SAR Initiative, and the State and Local Anti-Terrorism Training (SLATT) Program funded by the DOJ.
SLATT provides training and resources to law enforcement personnel on the threats presented by terrorists and violent criminal extremists. SLATT provides anti-terrorism detection, investigation, and interdiction training. The program has been in place since 1996, but received little attention prior to 2001.
NSI training directed at state, local, and tribal law enforcement and public safety professionals in identifying, reporting, evaluating, and sharing pre-incident terrorism indicators to prevent acts of terrorism. NSIs programs include documented and verified behaviors and indicators that, when viewed in the totality of circumstances, may indicate terrorism-related criminal activity.
While there is some debate how is was developed, the SAR program (suspicious activity reporting) which is promoted through the SLATT and NSI programs, has become an essential resource in the counter terror and counter criminal efforts. Today, it is the backbone of the Intelligence Reform and Terrorism Prevention Act of 2004, which required the creation of the Information Systems Council (ISC) – the Council was charged with overseeing the development of an interoperable terrorism information sharing system environment.
SAR is based on the behaviors and activities that have been historically linked to preoperational planning of and preparation for terrorist attacks, which include: acquiring illicit explosive materials, abandoning suspicious packages or vehicles to determine the response time of security or police, taking measurements or photographs of areas not normally of interest to the public, testing security measures and others.
The SAR program allows police to paint their own picture of what is happening in their communities rather than relying on their federal partners.
*
Practical Aviation Security – Chapter 11
Threat Matrix
Domestic and international terrorist group activities include:
Recruitment
Preliminary organization and planning
Preparatory conduct
Terrorist act
Domestic and international terrorist group activities include (Ronczkowski, 2012):
Recruitment: membership of a group, attendance at rallies and meetings, exposure to Internet recruiting or informational sites, personal recruitment and accessing extremist literature
Preliminary organization and planning: identify and clarify roles, exposure to terrorist training materials or actual training, discussion of potential targets, drawings, assignments
Even the lone-wolf operator, usually the hardest to interdict, must begin with some type of target selection (planning), acquisition of weapons or explosives (preparation) and the attack (execution).
Preparatory conduct: theft and weapon acquisition, counterfeiting, procuring identification, bomb-related activities and weapon modifying
Terrorist act: bombings assassinations, hostage taking, hoaxes, threats, hijackings
*
Practical Aviation Security – Chapter 11
Threat Matrix
Key indicators of terrorist activity:
Surveillance
Elicitation
Testing security
Acquiring supplies
Suspicious persons
Trial runs
Deploying assets
The key indicators of terrorist activity have been defined as (1) surveillance, (2) elicitation, (3) testing security, (4) acquiring supplies, (5) suspicious persons, (6) trial runs, and (7) deploying assets. In addition to what has already been listed, these activities should also be regarded as suspicious (with respect to context):
Counter surveillance and testing of security procedures
Elicitation of information from security and police personnel
Attempts to enter secure facilities, or attempts to smuggle contraband onto the premises
Stockpiles currency (cash), weapons, ammunition, or in possession of multiple forms of identification, passports, driver’s licenses
Espouses extremists views in the workplace, social media or in personal communications
Attempts to acquire or in possession of blueprints, layout plans of sensitive or governmental infrastructure
Commits hoaxes or makes statements to determine the response
*
Existing Threats: Aircraft Bombings, Aircraft Hijackings, and Airport Attacks
The traditional method of attack on aviation continues to be bombings or hijackings.
The concept of using an aircraft as a weapon of mass destruction, although not new, was certainly not within the scope of thinking by the intelligence communities throughout the world and before 9-11.
*
Aircraft Bombing: Passenger, Baggage, and Cargo
In 2006, the TSA stated that bombings were a greater threat to aviation security than hijackings. Bombs continue to be one of the most popular weapons of terror and remain an active current threat.
The TSA has implemented an operational solution in the form of restricting the amount of liquid that can be taken onboard and conducting random use of explosive trace detection technologies. These processes are inconvenient to travelers and not as effective as they need to be to prevent a bombing.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 359
Existing Threats: Aircraft Bombings, Aircraft Hijackings, and Airport Attacks
Security screening
checkpoint
Checked baggage
screening
The security screening checkpoint must be outfitted with technology that will detect explosives and metal on a passenger, and with technology that provides a better look inside carry-on baggage—technology that can distinguish between dangerous liquids and other substances from nonthreat items.
Checked baggage screening technologies are effective at identifying many prohibited materials, and these systems should continue to be implemented, inline to the automated baggage systems, wherever possible.
Focus must shift to the other methods a bomb can be introduced to an aircraft as terrorists and criminals will shift to the path of least resistance, which right now is represented primarily by cargo, mail, and placement of a device by an aviation employee.
There are programs that require random screening of airport workers by TSA personnel to counteract this threat.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 361
Existing Threats: Aircraft Bombings, Aircraft Hijackings, and Airport Attacks
Bomb Threats
Bomb threats disrupt an operation
Must notify TSA of any bomb threat
Bomb threats to an airline, an industry that relies heavily on-time performance, can be a major disruption as flights are delayed or canceled across the national airspace system, personnel and resources are diverted for hours to handle the crisis, and other airport operations are interrupted.
Presently, handling the bomb threat from the air carrier perspective depends on where the call comes in. A call to:
An airport authority - will result in the airport responding by notifying air carriers and the TSA.
The airline - may not result in notification to the airport or other agencies.
If the threat is clearly a hoax or so unspecific as to not warrant further action, determined through a vetting process conducted by the airline security personnel, the airline may elect to not notify other agencies.
When an aircraft operator receives a bomb threat, the in-flight security coordinator of the flight in question must be notified, and any applicable threat measures that are part of the aircraft operators’ security program must be implemented.
The aircraft operator must also notify the airport operator at its intended point of landing when an aircraft has received a threat. The aircraft operator must attempt to determine whether any explosive or incendiary device is present by conducting a security inspection on the ground before the aircraft’s next flight, or if already in flight, as soon as possible after landing.
If an aircraft in flight receives a bomb threat or notification from the ground that a bomb may be onboard, the flight crew must be immediately notified so that in-flight security precautions may be taken. This may involve the movement of a suspicious package or item to an area of the aircraft known as the least risk bomb location (LRBL), where the aircraft manufacturer has determined that an explosion will result in the least damage to the aircraft.
If a threat is received and related to the facilities used by an aircraft operator, the airport operator must be immediately notified, along with the other domestic and foreign aircraft operators at that specific airport. The aircraft operator must conduct a security inspection before continuing to use the threatened facilities or areas.
The regulations require that aircraft operators notify the TSA of any bomb threat against a flight or an airline facility. However, the aircraft operator can exercise some discretion when determining whether a particular threat is credible enough to stop air carrier operations and contact the TSA.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 362
Existing Threats: Aircraft Bombings, Aircraft Hijackings, and Airport Attacks
Aircraft Hijacking
Still the potential for hijacking to occur
“Commonly known strategy”
Active resistance
Even though numerous procedures have been implemented to prevent an aircraft from being hijacked and, if hijacked, to prevent it from being used as a weapon of mass destruction, there is still the potential for hijackings to occur. On average, since 9-11, there have been approximately 5 to 10 hijackings or hijacking attempts each year worldwide.
The antihijack strategy practiced today is essentially active resistance—also not a secret. Security practitioners can no longer assume that hijackers will not have knowledge of how an aircraft works.
In 2005, the DHS rolled back some of the items on its prohibited items list because of the effectiveness of active resistance.
To continue to reduce the hijacking threat, consideration should be given to requiring airline personnel to receive hands-on self-defense training and to allow local and state law enforcement officers to carry their weapons onboard.
*
Managing a Hijack Incident
Most strategies are confidential
Most strategies for managing hijack incidents are confidential and should not be made public.
Conventional wisdom and lessons learned are not a secret; if the incident occurs when the aircraft is still on the ground, the strategy is to do everything possible to keep it there. Response should include:
Moving the aircraft to an isolated parking position (IPP)
The flight crew should attempt to disable the aircraft.
Barricades should be placed around the aircraft to prevent it from taking off
Inform TSA
Local law enforcement must manage the on-scene tactical issues until the FBI can arrive, assemble, and deploy
This may take 30 - 45 minutes or more. Local police and airport personnel must know how to handle the situation
Specific hijack management strategies should be discussed with federal, state, and local security personnel, including the FBI and TSA, and training conducted for first responders.
Once the aircraft is airborne, numerous variables come into play, including the potential that the aircraft will be used as a weapon or that it will be shot down by military aircraft.
*
Airport Attack: Armed Assault
Third most frequent kind of attack on aviation
The armed assault of an airport terminal building ranks as the third most frequent kind of attack on aviation. The results can be deadly, resulting in a massive loss of life and a major disruption to operations.
A highly visible and heavily armed police presence can be an effective deterrent to such attacks. An airport is particularly vulnerable when there are long lines at the screening checkpoints or when there are weather closures, resulting in thousands of people crowded into the terminal building and in security and ticketing lines. Airport operators should deploy additional law enforcement during these times.
These types of assaults usually involve prior surveillance and local coordination. Therefore, the activities of the terrorists may be detected before the attack.
*
Reinforcement
- The most dangerous threat to aviation is perhaps the belief that a threat is unstoppable
- Bombs continue to be one of the most popular weapons of terror and remain an active current threat
- Focus must shift to the other methods a bomb can be introduced to an aircraft as terrorists and criminals will shift to the path of least resistance
- The regulations require that aircraft operators notify the TSA of any bomb threat against a flight or an airline facility
- There is still the potential for hijackings to occur
- Most strategies for managing hijack incidents are confidential and should not be made public
- The armed assault of an airport terminal building ranks as the third most frequent kind of attack on aviation
Emerging Conventional Threats
Most emerging conventional threats have already occurred against nonaviation targets, such as attacks on military facilities, embassies, hotels, and businesses.
It should be assumed that these forms of attack will eventually be used against aviation.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 365
Emerging Conventional Threats
Airport Attack: Improvised Explosive Device
Bombs continue to be most
common weapons
Most significant challenge is
properly identifying an object
as an IED
Bombs are among the weapons most used by terrorists and extreme criminals.
In response to the bombing of the Murrah building in Oklahoma City in 1995, U.S. airport operators began advising the public in 1996 that unattended bags will be removed and destroyed.
One of the most significant challenges with respect to IEDs is properly identifying an object as an IED. This is particularly difficult at an airport where, despite public announcements, baggage and briefcases are routinely left unattended (even shortly) every day.
When a bag has been left unattended:
Note the location
Carefully examine for travel date, identification information, general condition
Security should make a public announcement asking for the owner of the bag to identify him or herself or ask if anyone can identify who may have left the bag or item
Notification should be done at least 50 feet from the item, radio and cell phone transmissions may detonate an IED
The area surrounding the item should be evacuated until law enforcement arrives
The quickest way to check for an IED in an airport is to use a K-9 explosives detection team.
Personnel handling incoming mail should be trained on what to look for to detect whether a parcel or letter contains an IED or a chemical/biological/radiological agent.
Signs include:
Excessive string or tape on a parcel,
Lopsided or uneven parcels,
Rigid or bulky parcels with the package clearly too small for the contents,
Oily stains or discoloration,
Wrong name and address or wrong title,
Strange odors
Letters with restrictive markings such as “personal” or “only to be opened by” written or printed on them,
Badly typed or written addresses,
Excessive postage,
Packages that have been mailed from a foreign country,
Misspelled words,
Absence of a return address
Some airports may consider installing small X-ray devices in their mailrooms to scan all incoming mail.
*
Vehicle-Borne Improvised Explosive Device
300 foot rule
The basic concept behind a vehicle-borne improvised explosive device (VBIED), is to fill a car or truck with large quantity of an explosive, drive it to the target area, then detonate it, either from inside the vehicle, by a remote command or timing device.
The “300-foot rule” took effect in 1995, in response to the bombing of the Murrah building in Oklahoma City, and prevents unattended vehicles from being parked within 300 feet of an airport terminal building.
Vehicle checkpoints on roads accessing the airport can be a deterrent and airport design can help mitigate an attack by a VPIED.
*
Airport Attack: Suicide or Homicide Bomber
Common belief suicide bomber
cannot be stopped
Unlike command-detonated improvised explosive devices (IEDs), suicide bombers adjust to the environment, identify law enforcement and security measures, flee and return another day, or relocate into a crowd or key infrastructure to increase destruction. A suicide bomber can also quickly move into position and detonate.
Another advantage is a common belief that a suicide bomber cannot be stopped. This is not true. Suicide bombers are committed to dying in the attack. However, they do not want the attack to be a wasted effort and thus will spend considerable time planning for the attack, often receiving help from others.
Once a suicide bomber is loaded up and walking to the target area, stopping the attack is very difficult—but not impossible. In Israel, police and citizens are trained in tactics to defeat suicide bombers. These have been shown to be about 80% effective when employed by someone trained in the proper techniques.
Suicide bombers typically carry 2 to 30 pounds of plastic explosives attached to a firing trigger kept in their hand, pocket, or chest area. Pushing a button or toggling a switch completes the circuit and detonates the bomb. Sometimes, the bomber pushes the button to arm the device. When the button is released, the bomb explodes. This technology makes it difficult for law enforcement to stop a detonation.
Occasionally, nails and bits of metal are wrapped with the IED to increase the damage caused by the blast. There have even been rumors of suicide bombers injecting themselves with the AIDS virus in an attempt to spread the disease during the blast. Chemical and biological elements may also be mixed in to an explosive. However, one challenge to this concept is that the temperatures created by the explosion may vaporize these elements.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 369
Emerging Conventional Threats
Airport Attack:
Perimeter Breach and Standoff Weapons
The perimeter of an airport will include fencing, gates and access control systems, and other barriers. Perimeters have received low priority as few attacks on airports of aircrafts occur through or over a perimeter fence.
An airport perimeter can be exploited in many ways including:
An armed assault by aggressors can drive through a perimeter gate,
Individuals posing as airport security guards could access the airport perimeter without creating notice.
Natural barriers, such as water or densely wooded or populated areas, impact the ability of an airport to keep that section of the airport perimeter secure.
Some foreign airports are switching to stronger fencing and including detection monitoring capabilities such as seismic sensors triggered when an individual touches the fence. Due to cost of seismic sensors, many larger airports combine CCTV with smart software to keep track of a perimeter.
Equally important are threats that occur just outside of an airport’s perimeter fence, such as rocket-propelled grenade (RPG) attack, an aerial IED, or an automatic weapon attack on an aircraft that is taking off or landing.
One other potential standoff attack has been brought up in the media, but its actual use remains in question. In Iraq, some observers have discussed the use of so-called aerial IEDs. An aerial IED is a shaped-charge explosive that is placed along the known flight paths of a helicopter. When the helicopter flies over the IED, it is detonated, sending a cloud of shrapnel into the flight path. The helicopter quickly ingests the shrapnel, causing the engine to flame out at a high speed and low altitude. The helicopter crashes before the crew has time to react. With the known flight paths around an airport, this type of device could be very effective.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 371
Emerging Conventional Threats
Aircraft Attack: MANPAD
Launched by one person to strike an aerial target
Manned Portable Air Defense systems, which distinguish them from vehicle, vessel, or land-based air defense systems, MANPADs can be launched by one person to strike an aerial target. MANPADs can reach speeds of Mach 2 and altitudes up to 18,000 feet.
Another challenge to the MANPAD threat is that it does not have to be fired on an airport or even near an airport to ensure a hit. A RAND study concluded that the envelope for firing a MANPAD was 870 square miles around Los Angeles International Airport.
Other factors to consider in relation to MANPADs are whether an attacker can actually hit the target and whether the missile with a small warhead (less than five pounds) can cause enough damage to take down a large commercial airliner.
A missile can be deterred by providing its tracking sensors (seeker head) with something else to chase or by confusing its sensors. With the seeker head not knowing which direction to go, the missile “goes stupid” and either self-destructs or falls to the ground. Antimissile technologies used to protect aircraft include flares, laser jammers and high-energy lasers.
*
Reinforcement
- Most emerging conventional threats have already occurred against non aviation targets
- Bombs are among the weapons most used by terrorists and extreme criminals
- The “300-foot rule” took effect in 1995
- A common belief that a suicide bomber cannot be stopped
- An airport perimeter can be exploited in many ways
- Natural barriers, such as water or densely wooded or populated areas, impact the ability of an airport to keep that section of the airport perimeter secure.
Emerging Asymmetrical Threats
Asymmetrical threats include threats that either have not occurred against aviation or have occurred against aviation and are highly irregular, such as attacks using chemical weapons, cyber attacks, and attacks using general aviation aircraft.
Chemical/biological/radiological/nuclear forms of attacks, and all four are generally considered weapons of mass destruction.
Chemical/biological terrorism has become more popular because of its heightened fear factor. It is difficult to detect, most often easily and anonymously spread by air, and requires extensive decontamination rendering facilities unusable for long periods.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 373
Emerging Asymmetrical Threats
Chemical Weapons
Categories
Four Nerve
Blistering
Blood
Choking
Common Types
Sari
VX
Mustard Gas
Lewisite
Any weapon that uses a manufactured chemical to kill people. Chemical weapons are broken down into five categories:
Nerve agents
Blistering agents
Blood agents
Choking agents
Irritants
The most effective method of dispersal of chemical agents is through the air. First responders arriving at the scene of a potential chemical attack may note patients in respiratory distress or patients with severe eye irritations, skin redness, or other symptoms. Blistering, skin legions, tightening of the chest, and accumulations of fluid in the chest or larynx may indicate a chemical attack.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 373
Emerging Asymmetrical Threats
Biological
Common types:
Anthrax
Smallpox
Botulin toxin
Ebola
Ricin
Bacillus anthracis
The aviation system makes possible the rapid and widespread spread of a biological agent once an infection has begun. It may take several days before symptoms of an infection manifest, during which time thousands may have been exposed.
Biological weapons are difficult to manufacture, more so than chemical weapons.
There are several types of biotoxins including: botulinum toxins, Ricin, saxitoxin, anthrax, cholera, Ebola virus, and the plague.
Biotoxins, whether the result of a terrorist attack or not, can result in quarantines and loss of business for several weeks until the disease runs its course. Examples of this were the recent SARS and bird flu outbreaks in Asia.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 374
Emerging Asymmetrical Threats
“Dirty bomb” or Radiological Dispersal Device (RDD)
Radiological
A radiological dispersal device (RDD) commonly called a “dirty bomb,” combines a conventional explosive, such as dynamite, with radioactive material.
Some have called this type of device a weapon of mass disruption, not destruction. At an airport, such a weapon could shut down large areas of a terminal building for months, or years, and possibly even require the destruction of the contaminated portion of the facility.
A variety of radioactive materials, including Cesium-137, Strontium-90, and Cobalt-60, are commonly available and could be used in a RDD attack. According to the Nuclear Regulatory Commission, the levels or radiation possible in a dirty bomb from these sources would not be sufficient to kill anyone or even cause severe illness.
Certain other radioactive materials dispersed in the air could contaminate up to several city blocks, creating fear and possibly panic and costly cleanup. Prompt, accurate, nonemotional public information might prevent the panic sought by terrorists
First responders must be aware that radiation is invisible; may exist in a liquid, solid, or gaseous state; and that someone does not have to come into direct contact with a radioactive substance to be exposed to the effects of radiation.
The first priority when responding to an incident where an RDD has been deployed is to establish a large perimeter and administer to the medical needs of those affected.
Individuals who have been exposed to radiation do not pose a threat to responders, but individuals who have been contaminated will represent a health threat to responders
*
Practical Aviation Security – Chapter 12
Textbook Page No. 375
Emerging Asymmetrical Threats
Nuclear
Delivered by a variety of methods
Many threats from nuclear devices
There is a higher risk of a nuclear device entering the United States by sea than the threat of nuclear weapons being employed in the United States against a major city.
A nuclear device could be delivered by a variety of methods (e.g., truck, rail, maritime), but the risk of a nuclear device being placed on an aircraft is significant.
An aircraft can access areas that ground-based vehicles cannot and can carry a nuclear device to an optimum detonation position that could ensure the widest dispersion of radiation, electromagnetic pulse, and blast wave pressure.
During a nuclear attack on a city, the airport will represent one of the primary locations for evacuation and for acceptance of outside supplies. The airport may also become a location for city officials to regroup and coordinate disaster relief efforts. Airport security managers will be faced with trying to maintain a secure operating environment.
*
Practical Aviation Security – Chapter 12
Emerging Asymmetrical Threats
The Future is Here: Insider Threat and Directed-Energy Weapons
Use of lasers pointed at aircraft cockpits
Remotely operated weapons
“Radicalized” citizens
A disturbing trend has occurred in the past ten years that affects both aviation safety and security issues – the use of lasers pointed at aircraft cockpits.
The result is a light show within the cockpit, which distracts the pilots at best, and when the pilot(s) are hit directly with the laser, temporary blindness and permanent eye damage can occur.
An FBI memo stated that al Qaeda had explored lasers as a weapon, including a possibility of lasing aircraft cockpits to interfere with pilots’ ability to operate their aircraft safely.
The threat to aviation from directed energy weapons is clearly the danger of blinding the pilots, which itself is hazardous enough, but when combined with a follow up rocket-propelled grenade or surface to air missile attack, puts the pilots in a highly disadvantageous position to take evasive action.
Another new form of attack is the use of remotely operated weapons, which are used by the U.S. military in static, ground robot, or unmanned aerial vehicles. The cellular communication networks and even wifi networks allows communication with the bomb or weapon, which can be detonated or fired remotely, giving terrorists a stand-off capability.
One of the most difficult types of attack to stop and respond to is a “contextual attack,” where attacks and attackers mimic their surroundings.
These types of attacks have the lowest probability of being viewed as an anomaly or threat as the individual is within the context of their surroundings in terms of dress, ethnic profile and mannerisms and behaviors, cover stories and actions.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 376
Emerging Asymmetrical Threats
Within the Aviation Community
A potential threat from within the aviation system lies in the GA community
Attacks from within the aviation community are the most difficult to deter as “insiders” have access throughout much of the aviation system.
Many of the security layers in place to prevent outsiders from successfully attacking aviation can be bypassed through the normal course of business for an aviation employee.
A potential threat from within the aviation system lies in the GA community, as GA aircraft are more accessible than a commercial service aircraft, yet the majority of GA aircraft serve as inferior tools for destruction.
The most damaging threat from use of GA aircraft would probably result from the use of a large corporate aircraft or light GA aircraft filled with explosive material or a CBRN agent and flown into a ground target.
In a study conducted by the U.S. Office of Technology Assessment, the agency estimated that a small private plane, on a windless night, loaded with 220 pounds of anthrax spores and flying over Washington, D.C., could kill between 1 million and 3 million people and render the city uninhabitable for several years
If a GA plane were used to create mass destruction, the resulting flight restrictions and congressional lawmaking would probably cause the economic demise of GA.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 377
Emerging Asymmetrical Threats
Infrastructure
Aviation and airports are considered critical infrastructure
DOD now includes “information warfare” as the fourth battlefield, joining land, sea, and air
Attacks on the critical infrastructure of the country relate to the aviation community in a variety of ways. Aviation and airports are considered critical infrastructure, along with the communication channels needed to interact with aircraft in flight.
An attack on a power plant could leave an airport without the power necessary for air traffic control, runway lighting access control, and CCTVs systems. Many airports have backup generators for the air traffic control tower and other essentials; however they are normally not capable of running all of the remaining areas needed for an airport to function.
A cyber attack could affect air traffic control, emergency first responders, financial sectors and airport security systems as they all rely on computers.
Police fire and emergency medical service agencies are notified and dispatched through the telecommunications systems and through computer-aided dispatch computers with satellite information systems.
The U.S. Department of Defense now includes “information warfare” as the fourth battlefield, joining land, sea, and air.
Ultimately, protecting the aviation system from asymmetrical attacks will take foresight and action before an attack occurs.
*
Counterterrorism: Terrorism Defense Planning
This section discusses the methods and options for aviation security practitioners to use before, during, and after a security emergency.
It is largely based on published emergency management models and the National Incident Management System (NIMS).
Airport security personnel along with law enforcement and other emergency workers are expected to be trained in the NIMS functions. To benefit fully from this section, it is recommended that you complete the NIMS training modules available at www.fema.gov.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 378
Emergency Management Cycle
The Emergency Management Cycle
There are three elements to the emergency management cycle: mitigation/preparedness,
response, and recovery.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 378
Emergency Management Cycle
The mitigation phase encompasses the actions taken to either prevent an attack or mitigate the effects of an attack.
Mitigation strategies as they relate to the aviation security function can include the following:
Conducting threat and vulnerability analyses of facilities and infrastructure
Reinforcing structures such as the terminal building, installing safety glass, and locating parking away from the terminal building or airline administrative offices
Monitoring new hazards and intelligence information
Keeping abreast of security activity through industry publications, security newsletters, and communication with the federal security director
Following codes and ordinances (building and zoning, fire, hazmat)
Imposing financial penalties or offering incentives to airport tenants, aircraft operators, vendors, contractors, and employees who do not adhere to security rules
Consistently enforcing rules, inspections, patrols, and violation notices
Providing security awareness training for airport and aircraft operator personnel
Building partnerships and relationships with other airport tenants and emergency responders
Ensuring sprinkler and alarm systems are fully functional and have backups
A critical mitigation function is the threat and vulnerability assessment.
Preparedness consists of:
Leadership
Training
Readiness
Exercise support
Technical and financial assistance
to strengthen emergency workers and the community as they prepare for disasters.
Federal regulations require that EOP exercises are conducted at least once a year and that a full-scale exercise is conducted every third year.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 378
Emergency Management Cycle
The mitigation phase encompasses the actions taken to either prevent an attack or mitigate the effects of an attack.
Mitigation strategies as they relate to the aviation security function can include the following:
Conducting threat and vulnerability analyses of facilities and infrastructure
Reinforcing structures such as the terminal building, installing safety glass, and locating parking away from the terminal building or airline administrative offices
Monitoring new hazards and intelligence information
Keeping abreast of security activity through industry publications, security newsletters, and communication with the federal security director
Following codes and ordinances (building and zoning, fire, hazmat)
Imposing financial penalties or offering incentives to airport tenants, aircraft operators, vendors, contractors, and employees who do not adhere to security rules
Consistently enforcing rules, inspections, patrols, and violation notices
Providing security awareness training for airport and aircraft operator personnel
Building partnerships and relationships with other airport tenants and emergency responders
Ensuring sprinkler and alarm systems are fully functional and have backups
A critical mitigation function is the threat and vulnerability assessment.
Preparedness consists of:
Leadership
Training
Readiness
Exercise support
Technical and financial assistance
to strengthen emergency workers and the community as they prepare for disasters.
Federal regulations require that EOP exercises are conducted at least once a year and that a full-scale exercise is conducted every third year.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 379
Emergency Management Cycle
Response covers four stages:
Alert and notify other emergency response agencies
Warn the public
Protect citizens and property
Provide for the public welfare
Restore normal services
Response
Response encompasses those actions taken during an emergency.
Response covers four stages:
Alerting and notifying other emergency response agencies,
Warning the public,
Protecting citizens and property, and
Providing for the public welfare,
followed by beginning the restoration of normal services.
*
Recovery
Short-term
Long-term
Recovery involves those activities that are necessary to restore normal operations. Recovery is divided into two phases:
Short term - often overlaps with the response phase as agencies begin to restore interrupted public services and reestablish transportation routes, such as resuming flights
Long term -may continue for months or years while facilities are reconstructed and the impact of the event is analyzed. Processes to mitigate future occurrences need to be developed.
It is imperative that a careful accounting is made of monies spent, resources used, and personnel from outside agencies that provided assistance, so that insurance companies and the Federal Emergency Management Agency (FEMA) can provide adequate funds to cover losses.
*
Practical Aviation Security – Chapter 12
Textbook Page No. 380
Emergency Management Cycle
NRP applies to natural disasters and terrorist acts
NIMS lays out basic concept of incident management
The National Response Plan &
National Incident Management System
The National Response Plan (NRP) applies to natural disasters and terrorist attacks as defined in the Robert T. Stafford Disaster Relief Assistance Act.14 It can also be invoked when the U.S. president determines that federal assistance is needed to respond to a local event.
The plan applies to numerous federal agencies and the American Red Cross.
FEMA has the responsibility for managing the response plan and for conducting federal preparedness, planning and management, and disaster assistance.
National Incident Management System (NIMS)
National Incident Management System (NIMS) - provides a consistent nationwide template to enable all governmental, private-sector, and nongovernmental organizations to work together during domestic incidents.
NIMS lays out the basic concepts of incident management and includes comprehensive sections on preparedness, resource management, communications, supporting technologies, and the ICS structure: operations, planning, logistics, administration, and command.
*
Conclusion
As threats from terrorist and criminals continue to evolve, so must our responses to those
threats. Our prime goal in aviation security is to employ security professionals that strive for maximum effectiveness in their areas of responsibilities.
As a result, aviation security is now a highly dynamic and complex system of layers containing policies, strategies, tools, and processes. We must now look to the future and use these resources to anticipate emerging threats.
Above all, it is essential that aviation security professionals work toward the continuous development of sustainable methods and technologies that can detect, deter, and respond to existing and new threats.
*
