On April 22, 1995, FBI agents took custody of Abdul Hakim Murad from Philippine authorities. He had been arrested after a fire broke out in a Manila apartment where he, Ramzi Yousef, and another associate were living and where officials found explosives and bomb-making materials (FBI, 1995). The fire may well have prevented the worst terrorist attack against civil aviation in history. Yousef was later indicted for the 1994 bombing of Philippine Airlines Flight 434, which was determined to be a test run for a plot to blow up 11 American planes simultaneously (Zuckerman, 1996). Although it is horrifying to speculate on what might have happened if the fire had not broken out in Murad's apartment, it is more constructive to focus on what has been doneand what is being doneto improve aviation security.
Arguably the greatest progress in the last 30 years in the fight against terrorist attacks on aircraft has been made in the 10 years since the devastating bombing of Pan Am Flight 103 on December 21, 1988 (Figure 1-1). Although it is difficult to prove a cause-and-effect relationship between government action and the reduction in bombings, three laws passed by Congress (Box 1-1) have undoubtedly had an impact.
The three laws passed by Congress have facilitated the development and deployment of security equipment and procedures, which have improved aviation security. In 1997, the Federal Aviation Administration (FAA) was directed by President Clinton and authorized by Congress to deploy 54 FAA-certified explosives-detection systems1 (EDSs) and more than 400 trace-detection systems in airports around the country. The FAA created the Security Equipment Integrated Product Team (SEIPT) to manage this deployment. The SEIPT assessed the availability of explosives-detection equipment and formulated a plan to deploy this equipment in airports throughout the United States. In a separate program, the FAA began testing hardened unit-loading devices (HULDs) designed to contain an explosive blast. Several HULDs are now undergoing operational testing by commercial air carriers.
Although substantial progress has been made, opportunities remain for the development and deployment of technologies that will make commercial aviation in the twenty-first century even safer. In the future, explosives-detection equipment must have higher throughput rates, lower false-alarm rates, and greater flexibility to detect different types of threat materials. HULDs must be proven to be airworthy and their tare (empty) weight reduced. Even if all of these challenges are met, these technologies must be deployed in a manner that provides maximum protection from terrorist attacks against commercial aircraft.
Aviation security equipment and procedures include the following: bulk2 explosives-detection equipment, trace explosives-detection equipment, HULDs, computer-assisted passenger screening (CAPS), and positive-passenger bag matching (PPBM) (Table 1-1).
The congressionally mandated deployment of bulk explosives-detection equipment began with the installation of the first FAA-certified EDS (the In Vision CTX-5000) and continued throughout 1998. The installation of trace explosives-detection equipment and the implementation of CAPS and PPBM were scheduled for the same time period. Two HULD designs (both LD-3 size) that conform to
1 The following terminology is used throughout this report. An explosives-detection system (EDS) is a self-contained unit composed of one or more integrated devices that has passed the FAA's certification test. An explosives-detection device is an instrument that incorporates a single detection method to detect one or more categories of explosive material. Explosives-detection equipment is any equipment, certified or not, that can be used to detect explosives.
2 In this report, the term bulk explosives includes all forms and configurations of explosives at threat level (e.g., shaped explosives, sheet explosives, etc.).
NAS-3610-2K2C airworthiness criterion have passed the FAA blast and shockholing3 tests. Ten of these HULDs have been delivered to three different airlines for operational testing over the next year.
The FAA/SEIPT is behind schedule in the deployment of aviation security equipment (GAO, 1998; DOT, 1998). When Congress provided $144.2 million for the purchase of commercially available security-screening equipment, the FAA/SEIPT planned to deploy 54 certified EDSs and 489 trace-detection devices by December 1997 (GAO, 1998). The FAA also planned to have CAPS fully implemented by December 1997. When it became clear that these goals could not be met, the FAA set a new goal of deploying 54 certified EDSs, 22 noncertified bulk explosives-detection devices, and 489 trace explosives-detection devices by December 31, 1998, and of implementing CAPS by November 1998. As of January 1, 1999, more than 70 certified explosives-detection systems, six noncertified bulk explosives detection devices, and 366 trace-detection devices had been installed in airports.
Total Architecture for Aviation Security
Protecting civil aviation against terrorist threats is a complex systems problem that has no perfect solution. Significant compromises have to be made in security systems to achieve the highest level of security at an affordable cost while at the same time maintaining the efficiency of air travel. Improvements in aviation security can best be quantified by a security enhancement factor (SEF) that measures improvements in security compared to a baseline level of security in a given year. However, SEF is an exceedingly complex measure because the threats to aviation security, and the available security technologies, are variable and time dependent. In fact, many different detection and protection techniques are being used to counter several different threats, which in turn are influenced by many factors, including geographic location, weather conditions, and the political climate.
The U.S. Department of Defense has been faced with similarly complex systems problems and, through experience, has come to address them in a system-of-systems (SOS) framework. An SOS is a complex of systems, each of which is characterized by measures of performance against threats and costs for acquisition and deployment. The SOS concept can be used to optimize a complex system by providing a top-level perspective. For example, instead of optimizing a particular system A for performance and cost, the optimization of the performance and cost of the SOS as a whole (which might consist of systems A, B, C, and D) may require that performance requirements for system A be reduced or even that system A be eliminated.
An SOS concept would enable FAA management to mount a layered defense against a dynamic threat. A well
3 A shockholing (or fragmentation) test measures the ability of a HULD to prevent perforation of its walls by a metal fragment traveling at a relatively high velocity.
defined SOS framework enhances communication among interested parties, even if the analysis is only semi-quantitative. A well understood measure (e.g., SEF) of the efficacy of the SOS would also provide a credible basis for allocating budgets for system improvements. The SOS approach would enable the FAA to describe and assess the deployment of explosives-detection equipment, HULDs, CAPS, and PPBM, as well as other security equipment and proceduresincluding the performance of human operators. Equipment, procedures, and human operators work hand in glove with other units in the overall airport security system and should be measured and assessed in that framework. In the panel's opinion the only way to assess an inter-twined system with feedback or feed-forward control loops is through an SOS approach. Therefore, the panel adopted an SOS approach to devise a total architecture for aviation security (TAAS) as a framework for assessing aviation security.
This report presents an SOS approach to assessing aviation security, introduces an SEF, and describes the FAA's progress in deploying aviation security equipment and procedures. Recommendations are also made for future deployments of security equipment and implementations of security procedures. The TAAS and SEF are introduced and described in detail in Chapter 2. Chapter 3 defines the roles and responsibilities of the FAA, air carriers, airports, and independent security contractors in the deployment and maintenance of the performance of security equipment and procedures. Chapter 3 also describes a management framework for the deployment. Cargo and baggage handling are discussed in Chapter 4, providing a context for the implementation of security equipment and procedures described in Chapters 5 through 8.
Explosion-resistant containers, or HULDs, are described in Chapter 5. In Chapter 6, the FAA's progress in the mandated deployment of bulk explosives-detection equipment is described, as well as the results of performance testing, including detection rates, false-alarm rates, and throughput rates. The FAA's progress in deploying trace explosives-detection equipment is discussed in Chapter 7, which also includes the panel's rationale for recommending that tests be developed to measure the performance of these devices. CAPS and PPBM are discussed in Chapter 8, including a timeline for their deployment and a description of how they can be used together. Chapter 9 is a discussion of human factors in the operation of security equipment. Evaluations of airport architectures and their relationships to TAAS are presented in Chapter 10. The panel's overarching high-level conclusions and recommendations are presented in Chapter 11.