Another Airport Security Test Failure
I don’t know why anyone is surprised that investigators were able to smuggle things through airport security. Anyone who flies regularly could have told you that.
Entries Tagged "DHS"
Page 24 of 39
New TSA Report
A classified 2006 TSA report on airport security has been leaked to USA Today. (Other papers are covering the story, but their articles seem to be all derived from the original USA Today article.)
There’s good news:
This year, the TSA for the first time began running covert tests every day at every checkpoint at every airport. That began partly in response to the classified TSA report showing that screeners at San Francisco International Airport were tested several times a day and found about 80% of the fake bombs.
Constant testing makes screeners “more suspicious as well as more capable of recognizing (bomb) components,” the report said. The report does not explain the high failure rates but said O’Hare’s checkpoints were too congested and too wide for supervisors to monitor screeners.
At San Francisco, “everybody realizes they are under scrutiny, being watched and tested constantly,” said Gerald Berry, president of Covenant Aviation Security, which hires and manages the San Francisco screeners. San Francisco is one of eight airports, most of them small, where screeners work for a private company instead of the TSA. The idea for constant testing came from Ed Gomez, TSA security director at San Francisco, Berry said. The tests often involve an undercover person putting a bag with a fake bomb on an X-ray machine belt, he said.
Repeated testing is good, for a whole bunch of reasons.
There’s bad news:
Howe said the increased difficulty explains why screeners at Los Angeles and Chicago O’Hare airports failed to find more than 60% of fake explosives that TSA agents tried to get through checkpoints last year.
The failure rates—about 75% at Los Angeles and 60% at O’Hare—are higher than some tests of screeners a few years ago and equivalent to other previous tests.
Sure, the tests are harder. But those are miserable numbers.
And there’s unexplainable news:
At San Diego International Airport, tests are run by passengers whom local TSA managers ask to carry a fake bomb, said screener Cris Soulia, an official in a screeners union.
Someone please tell me this doesn’t actually happen. “Hi Mr. Passenger. I’m a TSA manager. You know I’m not lying to you because of this official-looking laminated badge I have. We need you to help us test airport security. Here’s a ‘fake’ bomb that we’d like you to carry through security in your luggage. Another TSA manager will, um, meet you at your destination. Give the fake bomb to him when you land. And, by the way, what’s your mother’s maiden name?”
How in the world is this a good idea? And how hard is it to dress real TSA managers up like vacationers?
EDITED TO ADD (10/24): Here’s a story of someone being asked to carry an item through airport security at Dulles Airport.
EDITED TO ADD (10/26): TSA claims that this doesn’t happen:
TSA officials do not ask random passengers to carry fake bombs through checkpoints for testing at San Diego International Airport, or any other airport.
[…]
TSA Traveler Alert: If approached by anyone claiming to be a TSA employee asking you to take something through the checkpoint, please contact a uniformed TSA employee at the checkpoint or a law enforcement officer immediately.
Is there anyone else who has had this happen to them?
Chemical Plant Security and Externalities
It’s not true that no one worries about terrorists attacking chemical plants, it’s just that our politics seem to leave us unable to deal with the threat.
Toxins such as ammonia, chlorine, propane and flammable mixtures are constantly being produced or stored in the United States as a result of legitimate industrial processes. Chlorine gas is particularly toxic; in addition to bombing a plant, someone could hijack a chlorine truck or blow up a railcar. Phosgene is even more dangerous. According to the Environmental Protection Agency, there are 7,728 chemical plants in the United States where an act of sabotage—or an accident—could threaten more than 1,000 people. Of those, 106 facilities could threaten more than a million people.
The problem of securing chemical plants against terrorism—or even accidents—is actually simple once you understand the underlying economics. Normally, we leave the security of something up to its owner. The basic idea is that the owner of each chemical plant 1) best understands the risks, and 2) is the one who loses out if security fails. Any outsider—i.e., regulatory agency—is just going to get it wrong. It’s the basic free-market argument, and in most instances it makes a lot of sense.
And chemical plants do have security. They have fences and guards (which might or might not be effective). They have fail-safe mechanisms built into their operations. For example, many large chemical companies use hazardous substances like phosgene, methyl isocyanate and ethylene oxide in their plants, but don’t ship them between locations. They minimize the amounts that are stored as process intermediates. In rare cases of extremely hazardous materials, no significant amounts are stored; instead they are only present in pipes connecting the reactors that make them with the reactors that consume them.
This is all good and right, and what free-market capitalism dictates. The problem is, that isn’t enough.
Any rational chemical plant owner will only secure the plant up to its value to him. That is, if the plant is worth $100 million, then it makes no sense to spend $200 million on securing it. If the odds of it being attacked are less than 1 percent, it doesn’t even make sense to spend $1 million on securing it. The math is more complicated than this, because you have to factor in such things as the reputational cost of having your name splashed all over the media after an incident, but that’s the basic idea.
But to society, the cost of an actual attack can be much, much greater. If a terrorist blows up a particularly toxic plant in the middle of a densely populated area, deaths could be in the tens of thousands and damage could be in the hundreds of millions. Indirect economic damage could be in the billions. The owner of the chlorine plant would pay none of these potential costs.
Sure, the owner could be sued. But he’s not at risk for more than the value of his company, and—in any case—he’d probably be smarter to take the chance. Expensive lawyers can work wonders, courts can be fickle, and the government could step in and bail him out (as it did with airlines after Sept. 11). And a smart company can often protect itself by spinning off the risky asset in a subsidiary company, or selling it off completely. The overall result is that our nation’s chemical plants are secured to a much smaller degree than the risk warrants.
In economics, this is called an externality: an effect of a decision not borne by the decision maker. The decision maker in this case, the chemical plant owner, makes a rational economic decision based on the risks and costs to him.
If we—whether we’re the community living near the chemical plant or the nation as a whole—expect the owner of that plant to spend money for increased security to account for those externalities, we’re going to have to pay for it. And we have three basic ways of doing that. One, we can do it ourselves, stationing government police or military or contractors around the chemical plants. Two, we can pay the owners to do it, subsidizing some sort of security standard.
Or three, we could regulate security and force the companies to pay for it themselves. There’s no free lunch, of course. “We,” as in society, still pay for it in increased prices for whatever the chemical plants are producing, but the cost is paid for by the product’s consumers rather than by taxpayers in general.
Personally, I don’t care very much which method is chosen: that’s politics, not security. But I do know we’ll have to pick one, or some combination of the three. Asking nicely just isn’t going to work. It can’t; not in a free-market economy.
We taxpayers pay for airport security, and not the airlines, because the overall effects of a terrorist attack against an airline are far greater than their effects to the particular airline targeted. We pay for port security because the effects of bringing a large weapon into the country are far greater than the concerns of the port’s owners. And we should pay for chemical plant, train and truck security for exactly the same reasons.
Thankfully, after years of hoping the chemical industry would do it on its own, this April the Department of Homeland Security started regulating chemical plant security. Some complain that the regulations don’t go far enough, but at least it’s a start.
This essay previously appeared on Wired.com.
Shoe Scanners at the Orlando Airport
I flew through Orlando today, and saw an automatic shoe-scanner in the lane for Clear passengers.
Poking around on the TSA website, I found this undated page. It seems they didn’t pass the TSA tests, and will be discontinued:
The shoe scanning feature on the machine presented for testing on August 20 does not meet minimum detection standards. While significant improvements were made, (in fact a new machine was submitted) the shoe scanner still does not meet standards to ensure detection of explosives.
GE’s been apprised of these results and TSA and GE have agreed to continue working together. TSA and its partners at the laboratory stand ready to further test the GE shoe scanner feature upon completion of additional detection capability enhancements to meet the agreed upon security requirements.
The machine currently in use in Orlando does not meet minimum detection standards and several additional security measures are required by TSA to mitigate the shortfalls of the shoe scanner feature. Accordingly, the prototype shoe scanner used in Orlando will be discontinued, effective October 10. It had been hoped that an acceptable scanner would be available, but given that the lab prototype does not meet all standards, TSA will not authorize the shoe scanner feature for security purposes in any of the airports where it is currently deployed and awaiting use. The GE Kiosks may be used to read biometric cards associated with the Registered Traveler program but will not provide a security benefit.
Weird Terrorist Threat Story from the Raleigh Airport
This is all strange:
In a telephone interview, Fischvogt also told me, “we received word from the pilot about the suspicious activity before the flight landed.” Fischvogt explained that when Flight 518 landed, it sat on the tarmac for 45 minutes before FBI “took jurisdiction,” boarded the plane and arrested two people. DHS and local law enforcement were also present on the tarmac but “FBI took over the sight and the situation,” Fischvogt said.
“Wait a minute,” I asked, “The passengers were stuck inside the plane with two bad guys for 45 minutes before law enforcement boarded the aircraft?” I wanted to make sure I heard Fischvogt correctly.
“Yes,” Fischvogt confirmed.
Consider the agencies present 24/7 at the federalized Raleigh-Durham International Airport: FBI, DHS, (TSA & Federal Air Marshal Service), Joint Terrorism Task Force, ICE (Immigrations and Customs Enforcement) and airport police. And yet it took seven law enforcement agencies some forty-five minutes to put a single officer on the plane to counter the threat and secure the aircraft?
My analysis is that the delay was caused by FBI and DHS fighting over who had jurisdiction; protocol over ‘acts of air piracy’ are a constant source of bickering between the two agencies and have been the subject of at least one DHS Inspector General’s Report.
Of course the threat was a false alarm, but still….
EDITED TO ADD (10/9): Read the comments. The author of this blog seems to be a fear-mongering nutcase. (I should have read more about the source before posting this.)
Remote-Controlled Toys and the TSA
Remote controlled toys are getting more scrutiny:
Airport screeners are giving additional scrutiny to remote-controlled toys because terrorists could use them to trigger explosive devices, the Transportation Security Administration said Monday.
The TSA suggests travelers place remote-controlled toys in checked luggage.
The TSA stopped short of banning the toys in carry-on bags but suggested travelers place them in checked luggage.
Okay, let’s think this through. The one place where you don’t need a modified remote-controlled toy is in the passenger cabin, because you have your hands available to push any required buttons. But a remote-controlled toy in checked luggage, now that’s a clever idea. I put my modified remote-controlled toy bomb in my checked suitcase, and use the controller to detonate it once I’m in the air.
So maybe we want the remote-controlled toy in carry-on luggage, where there’s a greater chance of detecting it (at the security checkpoint). And maybe we want to require the remote controller to be in checked luggage.
Or maybe….
In any case, it’s a great movie plot.
EDITED TO ADD (10/4): Here are two news stories and the DHS press release.
Government Employee Uses DHS Database to Track Ex-Girlfriend
When you build a surveillance system, you invite trusted insiders to abuse that system:
According to the indictment, Robinson, began a relationship with an unidentified woman in 2002 that ended acrimoniously seven months later. After the breakup, federal authorities allege Robinson accessed a government database known as the TECS (Treasury Enforcement Communications System) at least 163 times to track the travel patterns of the woman and her family.
What I want to know is how he got caught. It can be very hard to catch insiders like this; good audit systems are essential, but often overlooked in the design process.
Unisys Blamed for DHS Data Breaches
This story has been percolating around for a few days. Basically, Unisys was hired by the U.S. Department of Homeland Security to manage and monitor the department’s network security. After data breaches were discovered, DHS blamed Unisys—and I figured that everyone would be in serious CYA mode and that we’d never know what really happened. But it seems that there was a cover-up at Unisys, and that’s a big deal:
As part of the contract, Unisys, based in Blue Bell, Pa., was to install network-intrusion detection devices on the unclassified computer systems for the TSA and DHS headquarters and monitor the networks. But according to evidence gathered by the House Homeland Security Committee, Unisys’s failure to properly install and monitor the devices meant that DHS was not aware for at least three months of cyber-intrusions that began in June 2006. Through October of that year, Thompson said, 150 DHS computers—including one in the Office of Procurement Operations, which handles contract data—were compromised by hackers, who sent an unknown quantity of information to a Chinese-language Web site that appeared to host hacking tools.
The contractor also allegedly falsely certified that the network had been protected to cover up its lax oversight, according to the committee.
What interests me the most (as someone with a company that does network security management and monitoring) is that there might be some liability here:
“For the hundreds of millions of dollars that have been spent on building this system within Homeland, we should demand accountability by the contractor,” [Congressman] Thompson said in an interview. “If, in fact, fraud can be proven, those individuals guilty of it should be prosecuted.”
And, as an aside, we see how useless certifications can be:
She said that Unisys has provided DHS “with government-certified and accredited security programs and systems, which were in place throughout 2006 and remain so today.”
Psychoecology and the DHS
The Department of Homeland Security (DHS) has gone to many strange places in its search for ways to identify terrorists before they attack, but perhaps none stranger than this lab on the outskirts of Russia’s capital. The institute has for years served as the center of an obscure field of human behavior study—dubbed psychoecology—that traces it roots back to Soviet-era mind control research.
[…]
SSRM Tek is presented to a subject as an innocent computer game that flashes subliminal images across the screen—like pictures of Osama bin Laden or the World Trade Center. The “player”—a traveler at an airport screening line, for example—presses a button in response to the images, without consciously registering what he or she is looking at. The terrorist’s response to the scrambled image involuntarily differs from the innocent person’s, according to the theory.
Mission Creep at Counterterrorism "Fusion Centers"
Fusion centers are state-run, with funding help from the Department of Homeland Security. It’s all sort of ad hoc, but their purpose is to “fuse” federal, state, and local intelligence against terrorism. But—no surprise—they’re not doing much actual fusion, and they’re more commonly used for other purposes.
From a Congressional Research Service report dated June 6, 2007:
Fusion centers are state-created entities largely financed and staffed by the states, and there is no one “model” for how a center should be structured. State and local law enforcement and criminal intelligence seem to be at the core of many of the centers. Although many of the centers initially had purely counterterrorism goals, for numerous reasons, they have increasingly gravitated toward an all-crimes and even broader all-hazards approach. While many of the centers have prevention of attacks as a high priority, little “true fusion,” or analysis of disparate data sources, identification of intelligence gaps, and pro-active collection of intelligence against those gaps which could contribute to prevention is occurring. Some centers are collocated with local offices of federal entities, yet in the absence of a functioning intelligence cycle process, collocation alone does not constitute fusion.
The federal role in supporting fusion centers consists largely of providing financial assistance, the majority of which has flowed through the Homeland Security Grant Program; sponsoring security clearances; providing human resources; producing some fusion center guidance and training; and providing congressional authorization and appropriation of national foreign intelligence program resources, is well as oversight hearings. This report includes over 30 options for congressional consideration to clarify and potentially enhance the federal government’s relationship with fusion centers. One of the central options is the potential drafting of a formal national fusion center strategy that would outline, among other elements, the federal government’s clear expectations of fusion centers, its position on sustainment funding, metrics for assessing fusion center performance, and definition of what constitutes a “mature” fusion center.
Honestly, the report itself is kind of boring, even for this sort of thing. There’s an interesting section on proactive vs. reactive security (p. 25):
Most fusion centers respond to incoming requests, suspicious activity reports, and/or finished information/intelligence products. This approach largely relies on data points or analysis that are already identified as potentially problematic. As mentioned above, it could be argued that this approach will only identify unsophisticated criminals and terrorists. The 2007 Fort Dix plot may serve as a good example—would law enforcement have ever become aware of this plot if the would-be perpetrators hadn’t taken their jihad video to a video store to have it copied? While state homeland security and law enforcement officials appear to have reacted quickly and passed the information to the FBI, would they have ever been able to find would-be terrorists within their midst if those individuals avoided activities, criminal or otherwise, that might bring to light their plot?
It is unclear if a single fusion center has successfully adopted a truly proactive prevention approach to information analysis and sharing.
Here’s another article on the topic.
Sidebar photo of Bruce Schneier by Joe MacInnis.