Comments

Apostrophe July 24, 2007 10:16 AM

Isn’t airline security pretty much a solved problem? El Al pretty much figured it all out, no?

The USA just doesn’t seem want to put in the effort to do it right. And worse, its actual response to the threat so far involves just creation of bureacracy and careless, pointless destruction of civil liberties.

Matt from CT July 24, 2007 10:28 AM

That’s a really good article, and not necessarily for the specific content.

The lesson that you should start small with what you understand well and have the resources to secure properly and THEN work out as resources allow is something that is often forgotten.

Most corporations have information systems that at least rival air travel for complexity of the system. Firewalls are only one small part — when you read the accounts of TJ Maxx, you realize they had a systemic failure that ranged from their perimeter and extended through their audit processes.

Are our resources best spent making sure 95% of systems are 95% properly configured?

Or do we focus in and make sure a core set systems and controls are 100% first?

Bill July 24, 2007 10:44 AM

Interesting article. One point I would make – he seems to be only thinking of hijackers. However, all Al Qaeda needs is to get a bomb with a timer on the plane.

Another point, there have been terrorist attacks at airports themselves (in Rome and Vienna in 1985). While the plane is a target, it’s not the only target.

Joe Buck July 24, 2007 11:04 AM

Getting a bomb with a timer on the plane destroys the plane and kills 200-odd people. That’s very bad, but it doesn’t compare to a 9/11-style attack that kills thousands.

That said, the tactics used on 9/11 will never work again, because the passengers and crew will fight instead of cooperating. To use planes as weapons, the bad guys would need to go after cargo planes, so they could be confident that they could subdue the crew.

Roy July 24, 2007 11:19 AM

Randomly checking employee ID is a wasteful and dangerous shortcut. Suchg a policy would be useful for an employer to cut down on the frequency of employees forgetting their badges, or losing them without reporting them. As a defense against penatration, it is appalingly bad. There should be 100% compliance for ID, and the only way to test this is 100% testing. Spot checking is a horrible idea: in the very long run it will occasionally catch somebody, but that is little help if most of the terrorists will slip through.

Think what would happen if ATMs only did spot checking on PINs. The worst that could happen would be people getting their money stolen, but no lives would be lost.

Spot checking is spotty checking. It should be prohibited.

Anonymous July 24, 2007 11:27 AM

Isn’t airline security pretty much a solved problem? El Al pretty much figured it all out, no?

Let me introduce you to the concept of scalability. The US is about 350 times the size of Israel, and has around 600 times the number of airports. Even if the costs of security scaled linearly (which I doubt) the size differential would be too great to make El Al-level security feasible.

honeypot July 24, 2007 12:03 PM

bottom line…

… corporate and government greed and turf war attitudes dominate security concerns.

StupidQ July 24, 2007 12:31 PM

El Al is a private airline who I believe requires certain security measures be in place or allows them to perform them on their own before stating they will fly out of or into that airport. At least I remember hearing that somewhere, but I could be mistaken.

And while Israel may be a smaller size, it is also a smaller economy. If the monetary costs were diverated from other wasted efforts (opinion so I won’t list any), I’d be willing to bet the funds could be available.

CinnamonBun July 24, 2007 12:35 PM

@Anonymous: if the USA are 350 times the size of Israel, they also have 350 times the resources.

Neither your statement that costs would scale worse than linearly nor your statement that due to the costs being “too great”, El Al-style security would not be “feasible”) are backed up by any data, evidence, or even reasoning; you just declare them to be true.

Please fix that if you want people to take your seriously.

derf July 24, 2007 12:53 PM

I just don’t understand. Isn’t everyone comforted by the fact that our esteemed leaders are preventing the swapping of non-refundable tickets, preventing byo liquids, making passengers stand in line for hours at the checkpoint, and running passengers and bags through a security check with over a 90% failure rate?

Stephen Smoogen July 24, 2007 1:23 PM

@CinnamonBun, any time I have dealt with security and scaling… it has never been a linear fix. You have to add more people or equipment to watch the people/equipment you put into the field, and then you have to add more people/equipment to report on those etc because as soon as you don’t the first failure requires you to put more into place in reactionary mode. So a problem/solution set that works for 10 people can require anything from n*ln(n) to n^x more resources as you increase the size and complexity.

The biggest additional cost factor is that Israeli and American societies have many many different parts to it (from the form of government to the collective histories.) For the American public to change to a system that matches Israeli systems… the US would have to suffered a Holocaust, daily car-bombings, etc on the scale that has happened in the middle east. [EG instead of 12 people dieing a day from terrorism 4200 or so. The reason I think that is that a continual set of small numbers would eventually get lost in the noise of other fatalities.]

John Moore July 24, 2007 1:28 PM

As Bruce has pointed out, airline attacks are passe. The solution was implemented by the passengers and crew of UAL Flight 93. This is why after 9/11, the few airliners targeted were blown up in Russia by two people per plane smuggling bomb components aboard and assembling in flight. The UAL 93 solution seems to be overlooked. Also overlooked is this fact: The cockpit door only buys the pilots time. What they do in the time allowed is crucial. Donning oxygen masks and depressurising the cabin come to mind. 30,000 feet is higher than Everest and you’ve only got about 30-60 sec of consciousness without oxygen at that altitude. I don’t know how many portable cylinders of oxygen are carried per plane, but I’m guessing it’d be hard to break into a cockpit when you’re gasping for each breath. Such a measure buys the pilots some breathing room (pardon the pun), but I don’t know if such a procedure has ever been rehearsed. These things are usually accidents. The NTSB says that you have about 8 sec before impairment of cognitive function sets in.

A Fake American July 24, 2007 1:32 PM

That said, the tactics used on 9/11 will never work again, becausThat said, the tactics used on 9/11 will never work again, because the passengers and crew will fight instead of cooperating. To use planes as weapons, the bad guys would need to go after cargo planes, so they could be confident that they could subdue the crew.e the passengers and crew will fight instead of cooperating. To use planes as weapons, the bad guys would need to go after cargo planes, so they could be confident that they could subdue the crew.

As happened on 9/11. Yes.

Geoff Lane July 24, 2007 1:41 PM

Let’s see. Near 100% change of successfully smuggling a weapon on board. Only 5% chance of finding an air marshal on board.

As far as I can see, beyond the locked and armoured cockpit door, there is no effective security at all.

dragonfrog July 24, 2007 1:44 PM

An interesting article, he makes some good points, but makes mistakes on other fronts.

For example, the idea of securing the small, high-value targets (planes) instead wasting resources on large, lower-valued ones which you can’t thoroughly secure anyway (airports) is a good one.

However, he seems stuck on the idea of attackers using a plane as a missile again – which can’t happen. It only worked once because the attackers had the passengers fooled that this would be one of those hostage crises on the tarmac, after which everyone would go home looking dishevelled but relieved. That bluff will never work again.

And, just generally, he assumes that airports aren’t terrorist targets, just airplanes. In fact, we have examples of terrorist attacks against considerably lower density targets than an airport’s non-secured areas would offer – e.g. bombings against restaurants in Israel, office buildings in Oklahoma, and so on.

Pat Cahalan July 24, 2007 1:56 PM

@ Dragonfrog, A Fake American

However, he seems stuck on the idea of attackers using a plane as a
missile again – which can’t happen. It only worked once because the
attackers had the passengers fooled that this would be one of those
hostage crises on the tarmac, after which everyone would go
home looking dishevelled but relieved. That bluff will never work again.

On the contrary, it has worked again, post 9/11. Search the blog and you can find references – there are documented cases of airplane hijackings since 9/11.

he assumes that airports aren’t terrorist targets, just airplanes

I don’t believe this is the case; the author states that airports are essentially indefensible, not that airports aren’t targets. Airplanes are a high value target because they can be used as cheap but devastating missiles. Airports are certainly also a target, but so are stadiums, train stations, malls, etc.

Brandioch Conner July 24, 2007 2:56 PM

@Geoff Lane
“As far as I can see, beyond the locked and armoured cockpit door, there is no effective security at all.”

Exactly. Security is about evaluating the threats and minimizing the risks.

Terrorists on board take control of the plane and crash it into a building causing 1,500+ deaths.

Now, secure the cockpit and they can only blow up the plane causing 200+ deaths.

Now, improve the searches to catch the explosives and the terrorists can only (at worst) kill all the passengers. 200+ dead, but the plane is intact.

Now, more flights travel with plain clothes security, there is an increasing chance that the terrorist will be captured after only a few deaths.

If you cannot remove the threat, reduce the effectiveness.

Filias Cupio July 24, 2007 4:55 PM

John Moore: The cockpit door only buys the pilots time. What they do in the time allowed is crucial. Donning oxygen masks and depressurising the cabin come to mind.

I’m pretty sure pilots don’t have a ‘depressurize the plane’ button. I think the best they could do is to stop pressurizing it, and wait for the pressure to slowly drop due to leakage. I couldn’t quickly find any indication of how long this takes, but I expect it would be quite a few minutes. It may still be a viable strategy, however.

Rob Mayfield July 24, 2007 5:45 PM

From the article:
“Everything I’m writing is easily available to a motivated intelligence-gathering cell. There are other problems I won’t discuss, because the information is not publicly available. That doesn’t mean it’s not real.”

It doesn’t mean that interested parties prepared to do bad things don’t know, it just means the public don’t know, and probably the TSA et al don’t know.

The public aren’t the threat here. I’m not a blind proponent of full disclosure in all instances, but I certainly have no faith in security through obscurity, it simply doesn’t work – obscurity is only effective against disinterested people – sometimes the pain of disclosure is a necessary evil.

Daniel Pawtowski July 24, 2007 6:57 PM

@Filias Cupio-
Easier than depressurising: The pilots are belted into their seats, as are most of the passengers. The terrorists are, presumeably, standing up to beat on the cockpit door. Perform a few negative-G maneuvers to slam their heads into the ceiling until they quiet down.

AirlinePassenger July 24, 2007 7:08 PM

>
That said, the tactics used on 9/11 will never work again, because the passengers and crew will fight instead of cooperating

As Bruce has pointed out, airline attacks are passe. The solution was implemented by the passengers and crew of UAL Flight 93

However, he seems stuck on the idea of attackers using a plane as a missile again – which can’t happen
<

I for one am very very glad you people have no involvement or association with airline security. The box you think inside is very very tiny.

>
The cockpit door only buys the pilots time. What they do in the time allowed is crucial. Donning oxygen masks and depressurising the cabin come to mind.

I’m pretty sure pilots don’t have a ‘depressurize the plane’ button
<

You are correct, it’s not a button. In most cases it’s a switch. However, please see the above response.

Kees July 24, 2007 7:29 PM

@ Daniel Pawtowski “Perform a few negative-G maneuvers”

And break the wings of the plane doing that? Airliners are not fighter jets… They’re not built to withstand massive G-forces.

Reality Check July 24, 2007 8:18 PM

Let’s do an El Al Reality Check.

Look at the numbers. There are about 28,000 flights in the US per day. With an average of 100 passengers per flight (which is low, but allows for connecting flights), that’s 28,000,000 people who fly. Let’s say that those flights occur evenly across 20 hours (which they don’t – most are within a 10 hour timeframe, but let’s be conservative again). That’s 1,400,000 passengers per hour.

El Al conducts a personal interview with each passenger prior to departure. Given 1.4 Million passengers, that means we’d need between 250,000 and 500,000 interviewers to screen then. Given the reality of peak load, it’s more like 500,000-1,000,000 people to interview the passengers. Given a 20 hour day, accounting for shifts and peak loading, we’d need 1,000,000-1,500,000 TSA interviewers.

Now do you see why we can’t apply small-scale El Al practices to the US system? They have 34 planes. We have thousands. They have a couple million passengers per year. We do that every day.

It’s not a matter of money, it’s simply not possible to hire that many trained, intelligent people.

And don’t bring up the trusted passenger program as a way to reduce the load. Bruce has repeatedly pointed out that it’s not effective, and actually more dangerous than blanket screening. Forged credentials are worse than no credentials.

The ALPA head hit the nail on the head:

#1 protect the cockpit. Arm the pilots.
#2 protect the cabin. Train the crews.
#3 protect the cargo. Bomb-proof containers.
#4 protect the planes. Monitor at night, and search the ground staff.

I’d even go so far as to add sniffing dogs roaming the airports, and dump a lot of the stupid TSA security theater garbage.

Negative G July 24, 2007 8:22 PM

I beg to differ on the comment about ‘breaking the wings off’. A 777 wing bends 70-80 degrees before failure, and the engineer shared that it was designed to be able to do a loop. Boeing is taking bets that the new 787 wings will touch before failing.

I’ve watched flight attendants get slammed to the ceiling and almost knocked out. There have been documented cases of them being killed because of turbulence.

I think a controlled negative G maneuver would be a hell of a lot better than uncontrolled turbulence.

wkwillis July 24, 2007 9:06 PM

The reasons that restaurants give cops free coffee is that they want them to get into the habit of stopping there. For security.
So why don’t cops fly free?

Dan July 24, 2007 9:59 PM

@Kees: And break the wings of the plane doing that? Airliners are not fighter jets… They’re not built to withstand massive G-forces.

You’re probably not an aeronautical engineer, so I doubt you’d really know whether they were or weren’t designed for that. As another posted has already stated, those planes can go through a LOT before they will just break apart.

Rob Mayfield July 24, 2007 11:03 PM

@Negative G
“Boeing is taking bets that the new 787 wings will touch before failing.”

Complete structural failure is one thing, but at what point does the flex make the wing unserviceable for continued flight? The tests I’ve seen video off look more like what the marketing department might like, but I don’t believe the engineers stress the wings to each degree then release and take the aircraft out for a spin to see if it still works in a practical sense …

Beside the point really – you don’t need to stress them that far to get a facial imprint of a terrorist in the roof lining …

Absurd Theater July 24, 2007 11:24 PM

@Reality Check

#1 protect the cockpit. Arm the pilots.
pilots fly. many don’t want to be armed. some will be incapable. stray bullets will be flying towards passengers. at least some pilot oversight is required to fly the aircraft.

#2 protect the cabin. Train the crews.
I suppose the petite flight attendant must first pass the “unarm the burly fanatical terrorist test??? before attending flight attendant school. or do I have that reversed?

#3 protect the cargo. Bomb-proof containers.
is that fool-proof bomb-proof containers?

#4 protect the planes. Monitor at night, and search the ground staff.
is searching the ground staff anything like searching the passengers?

reality check complete.

Peter July 25, 2007 4:15 AM

There seems to be an assumption, both by the original writer and other commentators that pilots are 100% clean and good and will never do any harm. What about the small risk of putting a potentially suicidal pilot in a locked and inaccessible cockpit with a gun ? Kills / threatens colleagues, takes plane on tour…

As others have said, risk assessment, mitigation and less theatre please.

pointfree July 25, 2007 5:43 AM

@Stefan Wagner:
“Which new world war?”

Excellent point, if only it were made more often! If only it was understood by the clowns we elect! People have been committing acts of terrorism pretty much ever since there were people – many more recent examples, middle east, England/Ireland, sub-continent, Japan – all in the name of some God or other.

The actual risk that terrorism presents the average person is less than a fraction of people’s daily risks that they take for granted – car accident, tripping over the cat, wife stabbing you when she finds you washed your socks with her lingerie. That point is made all the time, but it escapes so many people. Flying in a 900km/h aluminium cylinder put together by people who were pushed for time, hung over, and pissed off for not getting their last pay rise – serviced by people who are judged for their cost effectiveness and speed at ‘expediting’ problems – has always scared the crap out of me, long before people flew them intentionally into buildings. That said, I’m still far more likely to be crushed by the steam train crossing the wooden trestle bridge I drive under nearly every day on the way to work than killed by some Jihad nitwit hijacking a commercial jet.

As Bruce, the author of the article Bruce refers to here, and many many others have said so many times, the vast majority of the money spent on so-called security in the airline industry is wasted on theatre.

The biggest threat we all face is that the TSA and their equally inept counterparts in nearly every country will get away with the wasting of billions of dollars that would be better used pretty much anywhere instead of the theatre it supports at the moment.

It’s not a war, it never has been, it never will be.

Anonymous July 25, 2007 6:59 AM

“Similarly, another successful 9/11 would devastate our country in
ways we can’t even imagine”

Wow. The mightiest country the planet has ever seen would be devastated by another hijacked passenger plane.
Makes you wonder why the Soviet Union spent so much money on nukular weapons when it is that easy to bring the US to its knees.
Dudes and dudettes, thousands of your fellow citizens are killed by the usual everyday violence, car accidents, too much high fructose corn syrup and trans fats and lack of health insurance every day, and your government and your consumerism creates BILLIONS of debt every single day. So why would another 9/11 scale attack DEVASTATE the US?

You morons are in urgent need of therapy.

bob July 25, 2007 7:12 AM

I’ve been saying this for years; TSA “security” is an armored bank vault door mounted on a rickety wooden outhouse. Simply dont use passengers as the attack vector, use ground crew. Also this doesnt address the 1000s of semi-retired airliners sitting in the desert waiting for someone with a (not all that large) checkbook to drive them away.

@Bill: Dont forget the most spectacular payoff ever from an airport (vice aircraft) bombing; the one that caused KLM and Pan Am to divert to Tenerife in 1977.

Anonymous July 25, 2007 7:18 AM

it’s simply not possible to hire that many trained, intelligent people.

Certainly not in the USA…

Anonymous July 25, 2007 7:21 AM

“Perform a few negative-G maneuvers”
And break the wings of the plane doing that? Airliners are not fighter jets…
They’re not built to withstand massive G-forces.

-1G means everyone without a seatbelt will start to experience zero gravity. -2G means they will slam into the cabin roof, hard. Every plane can do this.

bob July 25, 2007 7:24 AM

“I’m pretty sure pilots don’t have a ‘depressurize the plane’ button”

Its neither, its a dial/keypad which allows you to enter the altitude which the pressurization system is supposed to emulate within the cabin, typically around 8,000 feet. As the plane goes up more air is bled from the engine compressor stages to pump up the cabin. As it goes down it pumps less in allowing it to bleed off. If the aircraft touches down with the system still operating (like if they landed at Leadville, CO; ~10,000 feet) a squat switch on the landing gear tells the system to stop pumping altogether so the doors will be openable.

Anonymous July 25, 2007 7:34 AM

#3 protect the cargo. Bomb-proof containers.

Anyone remembers the Mythbusters episode where they did all kinds of funny things with a pressurized airliner cabin? Like shooting a gun through the window and stuff, and setting off explosives inside?
In their last attempt at “explosive decompression” they used about 100g of det-cord and some cardboard to improvise a shaped charge, and managed to blast out a HUGE section of the cabin.

http://kwc.org/mythbusters/2004/01/mythbusters_explosive_decompre.html

Anonymous July 25, 2007 7:38 AM

“I’m pretty sure pilots don’t have a ‘depressurize the plane’ button”
Its neither, its a dial/keypad which allows you to enter the altitude which
the pressurization system is supposed to emulate within the cabin, typically
around 8,000 feet.

Well, the problem is that the oxygen masks will be deployed automatically when the pressure drops below 14000ft…

Richard Braakman July 25, 2007 9:03 AM

That’s a good thing. The oxygen masks will keep the passengers alive, but oxygen is only available to people in their seats — not to people standing around the cockpit door.

frankie July 25, 2007 6:33 PM

@Daniel Pawtowski, Negative G and Dan
“those planes can go through a LOT before they will just break apart”…

Liners are carefully optimized (for economic reasons) to fly the way they are supposed to, which makes them unfit for such manoeuvres. Exceptionally skilled pilots can certainly perform them in ideal conditions. But if performed less than perfectly the output could easily be lethal, for many reasons some of which are, in no special order:
– the aerodynamic loads can and will break control surfaces (see AAL 587)
– a liner’s streamlined airframe makes it prone to overspeed when in an unusual attitude, with unrecoverable consequences
– successfully recovering from an upset may require more altitude than available.

If an average pilot was to attempt them on any ordinary day (maybe flying without a clear view of the natural horizon, maybe at low altitude, and under pressure from a hijacking) the chance of success wouldn’t be significantly higher than that of crashing the aircraft. Also, simulators won’t help on training this specific skill.

Commercial aviation did investigate this idea, coming to the conclusion that it is a bad one. There was an interesting report on April 2003 issue of IFALPA Safety Bulletin (http://www.ifalpa.org/safetybulletins.htm) where those manoeuvres were defined as “counter terrorist manoeuvres”, but it’s apparently unavailable on line any more. Those interested may be able to get it from IFALPA. The file name was “03SAB009_Aggressive Manoeuvring.pdf”

incredulous July 25, 2007 9:13 PM

>
-1G means everyone without a seatbelt will start to experience zero gravity. -2G means they will slam into the cabin roof, hard. Every plane can do this.
<

i’m at 1g now.
at 0g i experience weightlessness.
at -1g i accelerate towards the roof.
at -2g i accelerate faster.

not every plane can do this.

where do you people come from?

Anonymous July 26, 2007 6:31 AM

Mythbusters overlooked the effects of 500 MPH winds outside the plane. A category 5 hurricane is only 156mph, and those rip homes apart.

guvn'r July 27, 2007 8:45 AM

@frankie, good info, ty. one thing tho, “the chance of success wouldn’t be significantly higher than that of crashing the aircraft.”

actually the chance of crashing would probably be higher by an order of magnitude or more than the chance of success (Tex Johnson’s roll not withstanding!).

frankie July 29, 2007 5:35 AM

@guvn’r: You are obviously right as far as real aerobatic manoeuvres (like Johnston’s B707 barrel-roll) are concerned, but proposed “counter-terrorist manoeuvres” weren’t nearly as extreme. Yet they were deemed unsafe if attempted by the average pilot.
AAL587 accident (report at http://www.ntsb.gov/publictn/2004/AAR0404.htm) shed some light on the complexity of training airline pilots to safely operate at the edge of the flight envelope their aircraft is capable of.
“If I can’t train you to do it safely, don’t try it” is quite a common principle in aviation. Maybe there’s a lesson to learn for IT Security…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.