Entries Tagged "air travel"

Page 18 of 46

Post-Underwear-Bomber Airport Security

In the headlong rush to “fix” security after the Underwear Bomber’s unsuccessful Christmas Day attack, there’s been far too little discussion about what worked and what didn’t, and what will and will not make us safer in the future.

The security checkpoints worked. Because we screen for obvious bombs, Umar Farouk Abdulmutallab—or, more precisely, whoever built the bomb—had to construct a far less reliable bomb than he would have otherwise. Instead of using a timer or a plunger or a reliable detonation mechanism, as would any commercial user of PETN, he had to resort to an ad hoc and much more inefficient homebrew mechanism: one involving a syringe and 20 minutes in the lavatory and we don’t know exactly what else. And it didn’t work.

Yes, the Amsterdam screeners allowed Abdulmutallab onto the plane with PETN sewn into his underwear, but that’s not a failure, either. There is no security checkpoint, run by any government anywhere in the world, designed to catch this. It isn’t a new threat; it’s more than a decade old. Nor is it unexpected; anyone who says otherwise simply isn’t paying attention. But PETN is hard to explode, as we saw on Christmas Day.

Additionally, the passengers on the airplane worked. For years, I’ve said that exactly two things have made us safer since 9/11: reinforcing the cockpit door and convincing passengers that they need to fight back. It was the second of these that, on Christmas Day, quickly subdued Abdulmutallab after he set his pants on fire.

To the extent security failed, it failed before Abdulmutallab even got to the airport. Why was he issued an American visa? Why didn’t anyone follow up on his father’s tip? While I’m sure there are things to be improved and fixed, remember that everything is obvious in hindsight. After the fact, it’s easy to point to the bits of evidence and claim that someone should have “connected the dots.” But before the fact, when there are millions of dots—some important but the vast majority unimportant—uncovering plots is a lot harder.

Despite this, the proposed fixes focus on the details of the plot rather than the broad threat. We’re going to install full-body scanners, even though there are lots of ways to hide PETN—stuff it in a body cavity, spread it thinly on a garment—from the machines. We’re going to profile people traveling from 14 countries, even though it’s easy for a terrorist to travel from a different country. Seating requirements for the last hour of flight were the most ridiculous example.

The problem with all these measures is that they’re only effective if we guess the plot correctly. Defending against a particular tactic or target makes sense if tactics and targets are few. But there are hundreds of tactics and millions of targets, so all these measures will do is force the terrorists to make a minor modification to their plot.

It’s magical thinking: If we defend against what the terrorists did last time, we’ll somehow defend against what they do next time. Of course this doesn’t work. We take away guns and bombs, so the terrorists use box cutters. We take away box cutters and corkscrews, and the terrorists hide explosives in their shoes. We screen shoes, they use liquids. We limit liquids, they sew PETN into their underwear. We implement full-body scanners, and they’re going to do something else. This is a stupid game; we should stop playing it.

But we can’t help it. As a species, we’re hardwired to fear specific stories—terrorists with PETN underwear, terrorists on subways, terrorists with crop dusters—and we want to feel secure against those stories. So we implement security theater against the stories, while ignoring the broad threats.

What we need is security that’s effective even if we can’t guess the next plot: intelligence, investigation, and emergency response. Our foiling of the liquid bombers demonstrates this. They were arrested in London, before they got to the airport. It didn’t matter if they were using liquids—which they chose precisely because we weren’t screening for them—or solids or powders. It didn’t matter if they were targeting airplanes or shopping malls or crowded movie theaters. They were arrested, and the plot was foiled. That’s effective security.

Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.

If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.

This essay previously appeared on Sphere, the AOL.com news site.

EDITED TO ADD (1/8): Similar sentiment.

Posted on January 7, 2010 at 1:18 PMView Comments

Another Contest: Fixing Airport Security

Slate is hosting an airport security suggestions contest: ideas “for making airport security more effective, more efficient, or more pleasant.” Deadline is midday Friday.

I had already submitted a suggestion before I was asked to be a judge. Since I’m no longer eligible, here’s what I sent them:

Reduce the TSA’s budget, and spend the money on:

1. Intelligence. Security measures that focus on specific tactics or targets are a waste of money unless we guess the next attack correctly. Security measures that just force the terrorists to make a minor change in their tactics or targets is not money well spent.

2. Investigation. Since the terrorists deliberately choose plots that we’re not looking for, the best security is to stop plots before they get to the airport. Remember the arrest of the London liquid bombers.

3. Emergency response. Terrorism’s harm depends more on our reactions to attacks than the attacks themselves. We’re naturally resilient, but how we respond in those first hours and days is critical.

And as an added bonus, all of these measures protect us against non-airplane terrorism as well. All we have to do is stop focusing on specific movie plots, and start thinking about the overall threat.

Probably not what they were looking for, and certainly not anything the government is even going to remotely consider—but the smart solution all the same.

Posted on January 7, 2010 at 10:53 AMView Comments

Nate Silver on the Risks of Airplane Terrorism

Over at fivethirtyeight.com, Nate Silver crunches the numbers and concludes that, at least as far as terrorism is concerned, air travel is safer than it’s ever been:

In the 2000s, a total of 469 passengers (including crew and terrorists) were killed worldwide as the result of Violent Passenger Incidents, 265 of which were on 9/11 itself. No fatal incidents have occurred since nearly simultaneous bombings of two Russian aircraft on 8/24/2004; this makes for the longest streak without a fatal incident since World War II. The overall death toll during the 2000s is about the same as it was during the 1960s, and substantially less than in the 1970s and 1980s, when violent incidents peaked. The worst individual years were 1985, 1988 and 1989, in that order; 2001 ranks fourth.

Of course, there is a lot more air travel now than there was a couple of decades ago. Although worldwide data is difficult to obtain, U.S. air travel generally expanded at rates of 10-15% per year from the 1930s through 9/11. If we assume that U.S. air traffic represents about a third of the worldwide total (the U.S. share of global GDP, which is probably a reasonable proxy, has fairly consistently been between 26-28% during this period), we can estimate the number of deaths from Violent Passenger Incidents per one billion passenger boardings. By this measure, the 2000s tied the 1990s for being the safest on record, each of which were about six times safer than any previous decade. About 22 passengers per one billion enplanements were killed as the result of VPIs during the 2000s; this compares with a rate of about 191 deaths per billion enplanements during the 1960s.

Why? Because over the past decade, the risk of airplane terrorism has been very low:

Over the past decade, according to BTS, there have been 99,320,309 commercial airline departures that either originated or landed within the United States. Dividing by six, we get one terrorist incident per 16,553,385 departures.

These departures flew a collective 69,415,786,000 miles. That means there has been one terrorist incident per 11,569,297,667 mles flown. This distance is equivalent to 1,459,664 trips around the diameter of the Earth, 24,218 round trips to the Moon, or two round trips to Neptune.

Assuming an average airborne speed of 425 miles per hour, these airplanes were aloft for a total of 163,331,261 hours. Therefore, there has been one terrorist incident per 27,221,877 hours airborne. This can also be expressed as one incident per 1,134,245 days airborne, or one incident per 3,105 years airborne.

There were a total of 674 passengers, not counting crew or the terrorists themselves, on the flights on which these incidents occurred. By contrast, there have been 7,015,630,000 passenger enplanements over the past decade. Therefore, the odds of being on given departure which is the subject of a terrorist incident have been 1 in 10,408,947 over the past decade. By contrast, the odds of being struck by lightning in a given year are about 1 in 500,000. This means that you could board 20 flights per year and still be less likely to be the subject of an attempted terrorist attack than to be struck by lightning.

In 2008, 37,000 people died in automobile accidents—the lowest number since 1961. Even so, that’s more than a 9/11 worth of fatalities every month, month after month, year after year.

There are all sorts of psychological biases that cause us to both misjudge risk and overreact to rare risks, but we can do better than that if we stop and think rationally.

Posted on January 6, 2010 at 2:59 PMView Comments

TSA Logo Contest

Over at “Ask the Pilot,” Patrick Smith has a great idea:

Calling all artists: One thing TSA needs, I think, is a better logo and a snappy motto. Perhaps there’s a graphic designer out there who can help with a new rendition of the agency’s circular eagle-and-flag motif. I’m imagining a revised eagle, its talons clutching a box cutter and a toothpaste tube. It says “Transportation Security Administration” around the top. Below are the three simple words of the TSA mission statement: “Tedium, Weakness, Farce.”

Let’s do it. I’m announcing the TSA Logo Contest. Rules are simple: create a TSA logo. People are welcome to give ideas in the comments, but only actual created logos are eligible to compete. (When my website administrator wakes up, I’ll ask him how we can post images in the comments.) Contest ends on February 6. Winner receives copies of my books, copies of Patrick Smith’s book, an empty 12-ounce bottle labeled “saline” that you can refill and get through any TSA security checkpoint, and a fake boarding pass on any flight for any date.

EDITED TO ADD (1/6): Please leave links to your submissions in the comments, and I will add them to the post. After the contest is over, I’ll choose five finalists and post them. The winner will be chosen by popular acclaim.

The Entries:

photo
Sean Flanagan
photo
Tom B
photo
Rhys Gibson
photo
Baz (1)
photo
Baz (2)
photo
Russell Nelson
photo
Kurushio
photo
Cathy
photo
Tonio Loewald
photo
I love to fly and it shows (1)
photo
Evanda
photo
Shesparticular
photo
MrJM
photo
Amy
photo
Hudsn
photo
Auximinus
photo
DS
photo
Pox Voldius
photo
I love to fly and it shows (2)
photo
Brendan McTague
photo
Andy S.
photo
Pope Noonius I
photo
Travis McHale
photo
T
photo
Matthew Williams
photo
Will Imholte


EDITED TO ADD: vote on the finalists here.

Posted on January 6, 2010 at 8:42 AMView Comments

Breaching the Secure Area in Airports

An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting the evacuation of a terminal and flight delays that continued into the next day. This isn’t common, but it happens regularly. The result is always the same, and it’s not obvious that fixing the problem is the right solution.

This kind of security breach is inevitable, simply because human guards are not perfect. Sometimes it’s someone going in through the out door, unnoticed by a bored guard. Sometimes it’s someone running through the checkpoint and getting lost in the crowd. Sometimes it’s an open door that should be locked. Amazing as it seems to frequent fliers, the perpetrator often doesn’t even know he did anything wrong.

Basically, whenever there is—or could be—an unscreened person lost within the secure area of an airport, there are two things the TSA can do. They can say “this isn’t a big deal,” and ignore it. Or they can evacuate everyone inside the secure area, search every nook and cranny—inside the large boxes of napkins at the fast food restaurant, above the false ceilings in the bathrooms, everywhere—looking for anyone hiding or anything anyone hid, and then rescreen everybody: causing delays of six, eight, twelve, or more hours. That’s it; those are the options. And there’s no way someone in charge will choose to ignore the risk; even if the odds of a terrorist exploit are minuscule, it’ll cost him his career if he’s wrong.

Several European airports have their security screening organized differently. At Schipol Airport in Amsterdam, for example, passengers are screened at the gates. This is more expensive and requires a substantially different airport design, but it does mean that if there is a security breach, only the gate has to be evacuated and searched, and the people rescreened.

American airports can do more to secure against this risk, but I’m reasonably sure it’s not worth it. We could double the guards to reduce the risk of inattentiveness, and redesign the airports to make this kind of thing less likely, but those are expensive solutions to an already rare problem. As much as I don’t like saying it, the smartest thing is probably to live with this occasional but major inconvenience.

This essay originally appeared on ThreatPost.com.

EDITED TO ADD (1/9): A first-person account of the chaos at Newark Airport, with observations and recommendations.

Posted on January 6, 2010 at 6:10 AMView Comments

Matt Blaze on the New "Unpredictable" TSA Screening Measures

Interesting:

“Unpredictable” security as applied to air passenger screening means that sometimes (perhaps most of the time), certain checks that might detect terrorist activity are not applied to some or all passengers on any given flight. Passengers can’t predict or influence when or whether they are be subjected to any particular screening mechanism. And so, the strategy assumes, the would-be terrorist will be forced to prepare for every possible mechanism in the TSA’s arsenal, effectively narrowing his or her range of options enough to make any serious mischief infeasible.

But terrorist organizations—especially those employing suicide bombers—have very different goals and incentives from those of smugglers, fare beaters and tax cheats. Groups like Al Qaeda aim to cause widespread disruption and terror by whatever means they can, even at great cost to individual members. In particular, they are willing and able to sacrifice—martyr—the very lives of their solders in the service of that goal. The fate of any individual terrorist is irrelevant as long as the loss contributes to terror and disruption.

Paradoxically, the best terrorist strategy (as long as they have enough volunteers) under unpredictable screening may be to prepare a cadre of suicide bombers for the least rigorous screening to which they might be subjected, and not, as the strategy assumes, for the most rigorous. Sent on their way, each will either succeed at destroying a plane or be caught, but either outcome serves the terrorists’ objective.

The problem is that catching someone under a randomized strategy creates a terrible dilemma for the authorities. What do we do when we detect a bomb-wielding terrorist whose device was discovered through the enhanced, randomly applied screening procedure?

EDITED TO ADD (1/5): In this blog post, a reader of Andrew Sullivan’s blog argues that the terrorist didn’t care if he blew the plane up or not, that he went back to his seat instead of detonating the explosive in the toilet precisely because he wanted his fellow passengers to see his attempt—just in case it failed.

Posted on January 5, 2010 at 11:41 AMView Comments

Adopting the Israeli Airport Security Model

I’ve been reading a lot recently—like this article on the Israeli airport security model, and how we should adopt more of the Israeli security model here in the U.S. This sums up the problem with that idea nicely:

On the other hand, no matter how safe or how wonderful the flying experience on El Al, it is TINY airline by U.S. standards, with only 38 aircraft, 46 destinations, and fewer than two million passengers in 2008. As near as I can tell, Cairo is their only destination in a majority Muslim country. Delta, before the Northwest merger is included, reported 449 aircraft and 375 destinations.

Ben Gurion Airport is Israel’s primary (not only) international gateway. In 2008, Ben Gurion served 11.1 million international passengers and 470,000 domestic passengers, roughly comparable to the 10 million total served at Sacramento, the airport I use most often. Amsterdam served 47.4 million total, and Detroit served 35.1 million total in 2008.

By American standards, in terms of passengers served, Ben Gurion is a busy regional airport.

Simply put, the Israeli airport security model does not scale.

EDITED TO ADD (1/7): More.

EDITED TO ADD (1/12): Interview with El Al’s former head of security.

Posted on January 5, 2010 at 7:04 AMView Comments

Christmas Bomber: Where Airport Security Worked

With all the talk about the failure of airport security to detect the PETN that the Christmas bomber sewed into his underwear—and to think I’ve been using the phrase “underwear bomber” as a joke all these years—people forget that airport security played an important role in foiling the plot.

In order to get through airport security, Abdulmutallab—or, more precisely, whoever built the bomb—had to construct a far less reliable bomb than he would have otherwise; he had to resort to a much more ineffective detonation mechanism. And, as we’ve learned, detonating PETN is actually very hard.

Additionally, I don’t think it’s fair to criticize airport security for not catching the PETN. The security systems at airports aren’t designed to catch someone strapping a plastic explosive to his body. Even more strongly: no security system, at any airport, in any country on the planet, is designed to catch someone doing this. This isn’t a surprise. It isn’t even a new idea. It wasn’t even a new idea when I said this to then TSA head Kip Hawley in 2007: “I don’t want to even think about how much C4 I can strap to my legs and walk through your magnetometers.” You can try to argue that the TSA, and other airport security organizations around the world, should have been redesigned years ago to catch this, but anyone who is surprised by this attack simply hasn’t been paying attention.

EDITED TO ADD (1/4): I don’t know what to make of this:

Ben Wallace, who used to work at defence firm QinetiQ, one of the companies making the technology, warned it was not a “big silver bullet”.

[…]

Mr Wallace said the scanners would probably not have detected the failed Detroit plane plot of Christmas Day.

He said the same of the 2006 airliner liquid bomb plot and of explosives used in the 2005 bombings of three Tube trains and a bus in London.

[…]

He said the “passive millimetre wave scanners” – which QinetiQ helped develop – probably would not have detected key plots affecting passengers in the UK in recent years.

[…]

Mr Wallace told BBC Radio 4’s Today programme: “The advantage of the millimetre waves are that they can be used at longer range, they can be quicker and they are harmless to travellers.

“But there is a big but, and the but was in all the testing that we undertook, it was unlikely that it would have picked up the current explosive devices being used by al-Qaeda.”

He added: “It probably wouldn’t have picked up the very large plot with the liquids in 2006 at Heathrow or indeed the… bombs that were used on the Tube because it wasn’t very good and it wasn’t that easy to detect liquids and plastics unless they were very solid plastics.

“This is not necessarily the big silver bullet that is somehow being portrayed by Downing Street.”

A spokeswoman for QinetiQ said “no single technology can address every eventuality or security risk”.

“QinetiQ’s passive millimetre wave system, SPO, is a… people-screening system which can identify potential security threats concealed on the human body. It is not a checkpoint security system.

“SPO can effectively shortlist people who may need further investigation, either via other technology such as x-rays, or human intervention such as a pat-down search.”

Posted on January 4, 2010 at 6:28 AMView Comments

Separating Explosives from the Detonator

Chechen terrorists did it in 2004. I said this in an interview with then TSA head Kip Hawley in 2007:

I don’t want to even think about how much C4 I can strap to my legs and walk through your magnetometers.

And what sort of magical thinking is behind the rumored TSA rule about keeping passengers seated during the last hour of flight? Do we really think the terrorist won’t think of blowing up their improvised explosive devices during the first hour of flight?

For years I’ve been saying this:

Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.

This week, the second one worked over Detroit. Security succeeded.

EDITED TO ADD (12/26): Only one carry on? No electronics for the first hour of flight? I wish that, just once, some terrorist would try something that you can only foil by upgrading the passengers to first class and giving them free drinks.

Posted on December 26, 2009 at 5:43 PMView Comments

1 16 17 18 19 20 46

Sidebar photo of Bruce Schneier by Joe MacInnis.