Airline Security - A Security Professional's View
November 4, 2002
Bio - Chuck Wilmink
Status of Airline Security in Canada
Definition of Security
Initial Response to 9/11
The Proper Response
Other CATSA Initiatives - Peddling Snake Oil
Passenger Screening Agents
Explosive Vapour Detection Equipment (EVD)
Hiring CATSA Managers and Increasing Transport Canada Inspectors
1. Regulate Security Responsibility
2. Deploy Police Officers at Passenger Screening Points
3. Increase Training and Efficiency Standards of Passenger Screening Agents
4. Airline and Airport Employee Security
5. Limit Airport Authority Involvement in Passenger Screening Security
6. Combine the Aerodrome Operators and Airlines Security Regulations
7. Cargo Security
A - Crypto-Gram Newsletter
Airline Security Regulations
Biometrics in Airports
Diagnosing Intelligence Failures
A security professional with over 15 years experience in the field, including:
Five years as a Reserve Police Constable with the Vancouver
Six years as general manager of a large private security firm,
partial duties included the set up and management of contracts at the
Vancouver International Airport with Air Canada, Canadian Airlines and
Two years as a Corporate Security Manager for Canadian Airlines,
stationed at YVR. Partial duties
included performing security audits at Canadian and US airports that Canadian r
Two years as Director of the Canadian Centre for Information
Technology Security (CCITS).
Independent consultant, managing partner of Corporate Security
Masters of Business Administration
Bachelor of Science
Certified Information Systems Security Professional (CISSP)
Federal Bureau of Investigations (FBI) Airline Terrorism Training Program
RCMP Aviation Security/Explosives Detection Course
With the recent passing of the first anniversary of the
tragic events of September 11th, a very important question to ask
is "Are our airports and airlines more secure and safer today"?
The short answer is yes, but not much.
There is still much more that could be done to improve aviation
Airline travel is more secure as a direct result of the
US led fight against terrorism, specifically the disruption of the Al Queda
terrorist cells. Members of this
group are busy trying to stay alive and are not able to finance, plan and
train for more large scale attacks.
Another cause for increased security is the paradigm
shift by flight crews and passengers in how they respond to hijackings.
Instead of a passive response and the hope of a peaceful ending through
negotiations, flight crews and passengers are now more likely to fight back
against hijackers and deny them the opportunity to use the aircraft as a
guided missile. This is exactly
what the crew of the American Airlines flight did when passenger Richard Clark
tried to light a bomb hidden in his shoe during a cross Atlantic flight.
This leaves the question, what about the new security
initiatives of the Federal Government, have these helped increase aviation
security? The short and long
answer to this is a resounding no.
In the December 2001 Federal Budget, the Canadian
Government created the Canadian Air Transport Security Association (CATSA).
CATSA took over the responsibility for aviation security from the
airlines, and was given a budget of 2 Billion dollars over five years.
To finance this budget, a new departure tax of $12.00 per flight went
into effect on April 1st of this year.
To date, the results of this new department and tax
have been zilch. CATSA has been collecting the security tax for almost seven
months, and yet there has been no dramatic change to how pre-flight screening
is conducted at the airports. In
fact, CATSA is now paying the airlines to manage the same pre-flight screening
system that the airlines were providing at their own cost prior to September
By taking away the security responsibility from the
airlines, the Federal Government has reduced the airlines' ability and
incentive to proactively develop and deploy effective preventative security
measures. But it is the airlines
who have the financial and contractual responsibility for providing secure
flights, the comprehensive knowledge of airline operations and the in-house
security professionals who can design and implement effective security
improvements. The creation of a
government security agency now allows the airlines to reduce or side step
their security responsibilities, and blame any future incidents on the
The most interesting fact about CATSA is all the
initiatives they undertook before they had even hired their CEO
leader/visionary. CATSA has
introduced cockpit upgrades, put to tender the design and implementation of
new training standards and even hired managers at the Class 1 airports to
oversee the preflight passenger screening.
CATSA has undertook serious responsibilities and expensive initiatives
before they have even had a chance to work out their mandate and study how
they should proceed.
Here are my recommendations on how to provide a quick
and truly effective increase in security levels at Canadian Airports, keeping
cost increases at a minimum:
Re-deploy the police officers stationed at airports from their
community police offices to the actual passenger screening points.
Under existing Transport Canada regulations there must be police
officers on site at airports at all times to respond to a security incident at
the screening points in under five minutes.
Presently, these police officers are kept busy by staffing airport
community police offices and responding and investigating crimes that occur on
site. These police officers would
be much better utilized if they were stationed at the passenger screening
points and became part of the team protecting anyone from bringing weapons
onto planes. They could be trained by CSIS on recognizing known
terrorists, plus their presence at the screening points would provide a strong
backup to the existing security screeners.
The folly of the current situation is that the police presence at
airports is paid for by the airlines to protect against terrorism threats, but
they spend their time on regular police duties that the rest of the airport
community should be receiving through the municipal taxes they pay.
Deploy Canada Customs Officers at the passenger screening
These agents are competent, well trained and experienced in
checking passengers' bags for illegal items.
Why not have them check the passengers leaving the country as well as
those coming in?
Similar to police and firemen, make ongoing training an integral
part of the security screeners' duties.
Require them to spend 10 to 20 percent of their work week
training on computer simulators to increase their weapons and explosives
Utilize members from the Canadian Military Joint Task Force 2
(Anti Terrorist group) and local police officers to perform penetration tests
at the passenger screening points at all airports.
The number of Transport Canada inspectors is small, and once
they do one test at an airport they become well known to the security staff.
Instead, give them a crew of 10 to fifteen police officers who they can
train to perform the weapons detection tests.
Require a set percentage of passengers' checked luggage to be
hand searched for explosive devices.
Presently none of the checked luggage that goes into the bellies
of the planes is security screened.
Station security officers at the airline's cargo facilities to
perform security checks on all cargo shipments.
Send all cargo packages through X-ray machines.
Currently there are very minimal security checks done, and not
by trained security personnel but by the cargo agents.
Levy a security fee on all cargo shipments.
Require all employees working at airports to go through security
screening checkpoints every time they enter the airside areas (where they have
close access to the luggage and planes).
Presently employees go through unchecked, and are able to take
with them bags and other items in which they could easily hide weapons or
Utilize drug sniffing dogs to randomly check passengers luggage
as they are checking in.
Redo criminal records checks on everyone with a Restricted
Airside Pass (RAP) on an annual basis.
situations can change quickly. People
can develop drug habits, or undergo crisis in their lives that lead to
criminal behavior. Once a person
is connected with criminals, there may be pressure on them to put a package on
a plane, or leave a weapon in the washroom for someone to pick up.
Each case must be looked at separately.
If CATSA were to implement changes like these, the
security levels at Canadian airports would increase dramatically.
Many of these changes would not be expensive to implement, they just
require that security become the first priority in operations at the airports.
As a security professional, I define security as:
protective actions/measures taken to reduce risk to an acceptable level.
I think it is very important that the public be made
aware that even after security measures have been applied, there are still
residual risks left over. In the
case of airline transportation, security measures are being applied but not
all risks can be protected against.
Security is not some all-encompassing magical potion
that can be applied to a problem and make everything safe. Total protection in most cases impossible.
US presidents get shot/assassinated, warships get sunk/damaged, banks
get robbed, and occasionally airplanes get hijacked and/or destroyed.
For a business with residual risk, they will have to
decide what risks they want to transfer to a third party through the use of
insurance and what risks they are willing to accept themselves.
In the case of the public, they should be made aware of the residual
risks, and make their own decision whether they want to fly or not.
It is also appropriate at
this time to note the difference between terrorism security and criminal
security concerns. Prior
presenters to this committee, former police officers, commented that they
faced roadblocks in trying to investigate organized crime at Pearson Airport.
This is purely a criminal problem, and is distinctly different from any
terrorism threats or concerns. If
anything, the organized crime factions will help in the fight against
terrorism because disruptions due to terrorism would break up their illicit
The initial response of the Federal Government,
Transport Canada and CATSA was to put a huge burden on the airline passengers
by greatly increasing the scope and time of the pre boarding security checks.
This may give the illusion of increasing security and helping to
protect the public, but in reality it provides no net security gains.
Taking the nail clippers away from a pilot or a passenger will not stop
a hijacker/terrorist from attacking with a broken wine bottle, fork, pen,
martial arts or simple brute strength.
It does not look like a comprehensive Risk Analysis was
completed. The serious security
vulnerabilities of baggage, cargo and airport employees were not addressed.
It is still possible for an airport or airline employee to put a bomb
or weapon in their lunch bag and gain access to anywhere in the airport and on
any airplane. It is still
possible for a passenger who is willing to die to put a bomb in their suitcase
and have it checked in and stored in the belly of a plane without being
checked. It is still possible for anyone to go to an airline cargo
facility and ship a package with a bomb in it to any destination in the world.
It is still possible for a person to put a bomb in a package, put it in
Canada Post, and have it carried in the belly of a passenger plane, or they
can also ship it via Fed-ex, UPS or Purolator and in one of their planes.
CATSA and Transport Canada have spent a lot of money and efforts on passenger screening, but this is only one small part of airline security. There are many other ways in which someone could sabotage and airport or airplane. These other vulnerabilities must be protected against, otherwise all of the money and effort being spent on passenger screening (over five hundred million dollars) is wasted.
What should have happened after 9/11 is that Transport
Canada and the Public Policy arm of the Federal Government should have
performed an in-depth Risk Analysis of aviation security in Canada, in
consultation with security experts, airline officials and the general public.
What are the risks/threats/vulnerabilities?
What is the likelihood of attack (occurrence rates)?
How can the risks be reduced?
What level of the minimum levels of protection is acceptable?
What is the cost of the preventative measures to reduce risk?
What measures can the Canadian public afford?
Who would benefit from these measures?
How should the costs be assigned?
Unfortunately, it does not appear any of this was done. Instead the Federal Government rushed in the $12.00 security tax, and the formation of a new department, the Canadian Air Transport Security Agency (CATSA) to oversee the spending of the taxes collected.
As mentioned previously, the initial measures of increasing passenger screening standards do very little to increase overall security. In fact, they can almost be considered as a snake oil remedy, they make it appear to the general public that security has been increased, but in actual fact nothing positive has been done.
The second initiative has been the reinforcing of the cockpit doors. This is a good protective measure, but one weakness is that pilots still have to come out of the cockpit to use the washroom.
The third initiative was to take over control of the
passenger screening agents from the Airlines, and assume the cost.
While hoping to increase the effectiveness of the screeners by
increasing training standards, what this move has really done is take the
responsibility away from the airlines to protect their own flights and given
it to a federal bureaucracy who is not really accountable to anyone.
Before there was incentive on the airlines to provide effective
screening to protect their flights and protect against the human, financial
and reputation losses due to a hijacking or terrorist incident.
Now this responsibility lies with CATSA, a government agency, who does
not have the same financial and business reasons to ensure top level security.
Instead of taking over responsibility for passenger
screening, CATSA would have been better off concentrating on training and
proficiency standards for the screeners, and set the bar so high that the
airlines would have had to significantly increase the resources and attention
they gave to passenger screening to ensure it met safety standards.
They would no longer be able to tender the contracts and accept low
ball bidders who pay minimum wages to their staff and attract low quality
Another initiative has been the ordering of explosive
vapour detection (EVD) equipment to screen checked luggage. The search for
explosives through the detection of trace elements of the explosives is a very
complex test, and one that is not foolproof.
EVD equipment is very expensive, has limited throughput (bags checked
per hour), has a high number of false positives (in 20% of the bags checked
the machine falsely detects explosives present) and requires many security
personnel to operate it.
Vancouver International Airport recently received their
first EVD machine, and located it in their Transborder (US bound) bag room.
The machine is capable of checking 200 bags per hour, but 1,200 bags
per hour go through this area in peak times.
It is physically not possible to EVD screen every piece of luggage.
It would require too many machines, significantly more screening staff,
major renovations to airport baggage room facilities and would add a
significant time delay. As well
it would do nothing about all of the bags in transit from the smaller Class 2
and Class 3 feeder airports in Canada, or for all the cargo packages shipped
in the belly of passenger planes. All
this for a technology that is very complex and not 100% foolproof is not a
reasonable allocation of resources.
EVD equipment can be a valuable tool, used to perform random searches of bags to deter passengers from packing explosives in their luggage, but there is no way it can be considered a single, foolproof method of stopping explosives from getting onto a plane.
Hiring CATSA Managers and Increasing
Transport Canada Inspectors
CATSA has hired a Security Manager for each Tier 1
airport. Many of these managers
are former Canadian Airlines operations managers.
They know airport operations really well, but their security knowledge
is very limited. If these people
are responsible for security, how come they do not have a strong background in
Transport Canada has hired extra Inspectors, and they
have been busy at airports auditing the work of the airlines check in staff.
Their favourite tactic is to watch passengers checking in, and then ask
the passenger if the check-in agent asked them the security profiling
Did you pack your bags yourself?
Have your bags been out of your care and control?
Did anyone ask you to carry anything onboard the plane?
If the passenger tells the Inspector that they were not
asked these questions, the Inspector writes a violation notice to the airline,
which comes with a $10,000 fine. Air
Canada currently has over 35 of these violations outstanding.
Transport Canada is trying to make themselves look like
they are doing something towards improving security, but this charade has
absolutely no effect on security and is really just a make work project.
They have statistics showing how many checks they are doing, but the
checks are of very little value, and really take their time away from doing
useful security functions (see recommendations later).
The US government, through the FAA, recently stopped
requiring the asking of the security profile questions because they realized
they have no positive effect on security.
If a terrorist wants to go on a flight with a bomb in their luggage,
all they have to do is lie to the questions.
Actually they don't even have to lie, they did pack the bag themselves
- they just won't tell the check in agent that they packed a bomb in there.
With respect to the
question about the bag being out of a passengers care and control, for 90% of
the passengers the bag has been in their control, and for the other 10% who
have had their bags out of their control, they are most likely to answer yes
because the don't want to go through the hassle of doing a security check on
their luggage. A common example
of this is people on tours who leave their bags outside their hotel room for
the hotel porters to pick up and load on the bus for them, or the passengers
from cruise ships. The bags have
been out of their control, but they never admit this at check in. In my two years of being stationed at Vancouver International
Airport, I was never once contacted by a check in agent to come check a bag
from a passenger who admitted that the bags had been out of their control.
The primary purpose of the questions may be to promote understanding of security among passengers, but, if so, this has signally failed. Some other means of passenger awareness/education, such as advertising the possible risks of leaving bags unattended, might be more effective.
The new security initiatives have the impression of
improving security, but they do not really address the true security problems
of airline security in a meaningful way.
Too much emphasis is being place on the passenger, and not enough on
the many other ways a plane can be hijacked/sabotaged.
Why tax passengers $12.00 per flight, and spend $400 million dollars on passenger screening security, when nothing is being done to protect against the many other ways that hijackers or terrorists could get weapons or explosives on board an aircraft. In other words, why pay all this attention and money to protect the front door, and leave the windows and back door wide open?
A common problem in the security industry is that
people, organizations and business do not pay proper attention to security
concerns because they are not aware of the problems, and there is no fiscal
incentive for them to spend money on security.
Security is seen as a lost cost, or non revenue generating expense that
is to be avoided if at all possible. This
is supported by the fact that security incidents or attacks are hard to
predict, and there is a good chance that a company will never be a victim of a
serious security incident. As a
result, many companies ignore their security responsibilities, or give them
token attention because they are required to have a security department due to
the industry they operate in.
In order to ensure that airlines and all other companies working in the airline transportation field devote proper attention and resources to security, legislation or regulations should be introduced that assigns liability for airline security to the airlines. Every airline and airport authority should be required to designate a Chief Security Officer (CSO - similar to the Chief Information Officer requirement from the Personal Information Privacy and Electronic Documents Act) in their executive. This person would be responsible for doing an annual risk assessment of all operations, and designing and implementing a security plan that reduces risks to mandated or acceptable safety levels.
By regulating company executives to address and sign
off on security, you are making them aware of the risks their company faces
and the dangers (including their own personal liability as a Director) if they
don't act. This personal
responsibility will also ensure that they devote sufficient resources and
management support to the security department to enable them to perform their
duties. Too often in today's
business world, the security department reports to a low level manager, and
are blocked by the senior executive of other departments when they try to
introduce security initiatives. Unfortunately,
proper security sometimes means that business process will get done slower,
may be more expensive, and may not be allowed at all (for example, not letting
the cargo departments accept packages from unknown shippers - this would
increase security but it would also turn away a lot of business and greatly
In order to ensure companies follow the CSO guidelines,
their annual risk assessment and security plan should be audited by an
accredited outside individual, organization or agency, in the same way
financial records are audited by accounting firms.
This regulation does not require companies to develop large security teams and devote a large portion of their revenues towards security. It simply requires them to asses the risks against their company and install reasonable protection measures to protect the people and assets of their company. Hopefully it will give the regular security departments more authority and resources to perform their duties.
2. Deploy Police Officers at
Passenger Screening Points
Re-deploy the Police Officers assigned to the airports
to the passenger screening points from the community police offices they
currently staff. Transport Canada
regulations require an armed response to emergencies (someone with a weapon)
at the passenger screening points within five minutes. This requirement is met by the airlines paying for a set
number of police officers to be stationed at the airport full time.
Currently, these officers keep themselves busy by staffing a community
police office and responding to police incidents in the airport concourses and
This police presence is paid for by the airlines for
passenger screening security, why not station these officers directly at the
screening points full time? They
could be trained by CSIS, the RCMP and JTF2 to lookout for known terrorists.
They could also supervise an electronic biometrics recognition program
which could be used to catch Known terrorists.
The static presence of uniformed police officers at the screening
points would also act as a strong support for the passenger screening agents.
Passengers would be much more compliant to having their bags thoroughly
checked when they have the uniformed presence of a police officer right in
front of them.
One month after 9/11, my family went on a vacation to
Fort St John. We were at YVR and
as we got to the front of the passenger screening line, two pilots stepped in
front of us to undergo the security check.
The security supervisor had a list of all pilots scheduled to fly that
day and looked for the pilots names. The
pilots explained that they would not be on the list because they were filling
in and walked right past the security supervisor.
I could see the look on the supervisors face, he knew he should stop
the pilots, but he did not have the courage to do so and let them go.
If there had been a police presence at the screening point, the
security supervisor could have summoned them over and had them deal with the
Similar problems occur all the time with passengers and their oversized luggage. There is a plastic frame in front of the x-ray machine that is supposed to screen out over size bags. Countless times per day a passenger will lift the screen up and try and sneak their bag through. Sometimes the security agents stop them and send them back to passenger check in, but often times they will let the passenger through after being intimidated by an overbearing passenger.
This past summer I coordinated the security for the Air
Canada Championship, the PGA golf tournament in Surrey BC.
In the past years we have had volunteer security officers at the front
gates checking spectators for cell phones and cameras, and it was amazing how
many spectators would lie and say they had no phone, and then later be found
on the course with their cell phone or pager buzzing.
This year, due to new requirements by the PGA that no bags be allowed
on the course, we had uniformed RCMP officers at the front gate helping the
volunteer security officer do the checks.
It was amazing the different response from the public, once they saw
the uniformed police officers they happily submitted to the search.
Stationing the police officers at the passenger screening points would have the same positive effect. Passengers would be much more compliant, searches would be more thorough, and there would be reduced problems with passengers trying to bully their way past.
3. Increase Training and
Efficiency Standards of Passenger Screening Agents
Increase the number of bags that have to be hand searched.
Reduce the number and size of carry on bags passengers are
allowed to increase search efficiency (more time per bag and smaller packages
Require the security screeners to undergo on the job training
every week, perhaps ten to twenty per cent of their time should be spent on
Provide computer enhanced training, where images of weapons and
explosive devices are laid on top of images of regular bags.
Have CSIS and police agencies submit the latest weapons they come
across so that the screeners become aware of them and can recognize them.
Increase the testing capabilities of the Transport Canada
Inspectors by allowing them to use police officers from local detachments to
do the penetration tests. Once an
Inspector does an audit, all the passenger screening staff know who the
inspector is and will obviously be on the lookout for them.
The Inspectors would be much more efficient if they could train a whole
team of penetration testers and bombard the checkpoints.
This increased testing would be both an educational tool, improving the
screeners skills, and it would also keep them on their toes (not allow them to
Look at deploying Canada Customs Officers at the check points,
either as supervisors or as senior searchers. They are trained and experienced in searching luggage for
contraband items. They are
already stationed at all Tier 1 airports, rotate their schedule and assigned
duties through the passenger screening points.
Raising the standards and expectations on passenger
screening agents will force the companies that provide these services to
employ higher caliber employees and will result in more effective screening.
and Airport Employee Security
Create a separate entrance to the airside areas for
employees and make them go through the same screening process as passengers.
Right now employees go through a simple security check of showing their
Restricted Airside Pass (RAP) to a security officer, or at non-staffed entries
simply using the access card on the back of their RAP.
Right now they are allowed to take anything in with them, and are never
searched by security. It would be
incredibly easy for them to take a weapon or explosive device into a
restricted area and place it on a plane or give it to a passenger who has
already undergone their security check. This
is a major loophole that must be addressed.
Another tool that can be used to increase security for
employees is the use of biometrics (see the Schneier article attached).
The use of biometrics would protect against individuals forging a RAP
pass and gaining easy access to the planes.
There seems to be a great emphasis put on the fact that
all employees at airports undergo a criminal background check and thus can be
considered safe. The first
problem is that these criminal background checks take several weeks to
complete, and in the interim an employee is given a temporary pass that allows
them to go into the restricted areas as long as they are accompanied by an
employee with a regular pass. The
airlines are constantly hiring new people to clean their planes at minimum
wages. Osama Bin Laden could
apply for one of these positions, receive his temporary pass, and immediately
have access to planes and cockpits. He
could put a bomb in his lunch bag, go to work, and one minute when the
supervisor isn't looking hide the bomb somewhere on the plane.
The other problem with relying on the criminal
background check is that it only catches those people with a criminal record.
All of the 19 hijackers involved in the 9/11 attacks were in the US on
legitimate visas (though two of them received their official documents
posthumously from the INS).
What if someone in Canada with no criminal record
suddenly decides to become a terrorist. With
no criminal record they will be given their RAP pass, and can have free reign
of the restricted areas of airports. In
reality, the criminal record check done for RAP passes is more of a feel good
procedure than an effective security measure.
Because there is little that can be done to prevent
someone with terrorist or criminal intent obtaining work at an airport
(similar to the problem with checking all passengers for the same intent) it
is necessary to perform a thorough physical security check on each employee
and the bags they carry with them every time they enter the restricted areas
of airports. This will add extra
costs, and cause time delays for employees getting to work, but it is absolutely
necessary for security reasons.
5. Limit Airport Authority
Involvement in Passenger Screening Security
The airport authorities have mentioned that they are
the natural pick to assume the responsibility of passenger screening security,
considering they already manage the other security services at airports.
It is true that overall security would benefit if it was combined under
one roof, but the airport authorities may not be the best organization to
oversee the entire security team. The airport authorities main concern is to
ensure that their airports run smoothly and that the passengers have an
enjoyable experience. Unfortunately,
good security means that there will be delays, inconveniences and disruptions
to passengers at airports, all things that go against the philosophies and
mission statements of airport authorities.
Another important issue is cost. Allowing airport authorities to manage passenger screening,
yet having the airlines or CATSA pick up the cost, gives the airport
authorities a free reign to overstaff the operations and pass on the excessive
costs to passengers or tax payers.
The final and most important reason not to give the
airport authorities responsibility for passenger security screening is the
poor track record they have in providing regular security at Canadian
airports. At Vancouver,
Calgary, Winnipeg, Edmonton and other Canadian Airports, the Domestic baggage
retrieval area for passengers is wide open to the public.
Anyone can come in and take any bag off the carousel.
Passengers who take time to get from the plane to the retrieval area
can have their bags stolen before they get there. The problem is not only
theft, but outsiders could hide explosive packages in suitcases that
passengers may be taking on to connecting flights.
As a Corporate Security Manager for Canadian Airlines
stationed at YVR, I worked with the local RCMP officers to combat the theft
problem but received no help from the YVR Airport Authority.
It is still a problem today, with thefts occurring constantly.
Yet the YVRAA will not address the problem.
In Terminal 3 at Pearson, the airport the baggage retrieval areas
is still in the restricted area, and accessible only to disembarking
passengers. This commitment to security should be the standard at all
The second example is the design of the Transborder
(US) check in area at YVR. All
passengers check in at the kiosks and their bags are marked with the airline
bag tags. By regulations, the
bags are now the responsibility of the airlines.
However, after passing through the ticket kiosks the passengers have to
carry their bags through a duty free shop before they reach US Customs.
During this time, passengers often do some shopping, and leave their
bags unattended, or decide to come back out to go to a bank machine.
Well, this is in direct contradiction of the Transport Security
Regulations, and the Inspectors have been fining the airlines for this.
This problem is solely due to the design of the airport, and the fact
that YVR can charge the Duty Free store high rents because the passengers are
forced to walk through it.
Issues like these show that the airport authorities at time put customer satisfaction and revenues ahead of security issues. Only with extensive auditing, and joint control by the airlines, should the airport authorities be given control of passenger screening security.
6. Combine the Aerodrome Operators
and Airlines Security Regulations
Presently there are two sets of security regulations in
place at airports, the Aerodrome Act that regulates the airport authorities
and the Air Carriers Act that regulates the airlines. These two sets of regulations are written in typical
government and legalese code, and do not clearly define all of the security
responsibilities and duties of either group.
As a result, there is a conflict between the two groups, and certain
security functions are disputed or fall through the cracks.
I have two good examples of this from my time at YVR.
First, late one night (1:00 a.m.) I was doing an audit of security at
the new International terminal and I accidentally set off an alarm at a
boarding gate that was not in use. I
sat down to wait for the security guard to respond so that I could explain the
alarm, but after 35 minutes no one showed up to reset the alarm.
I continued with my audit, and two hours later when I walked past the
gate again the doors were still in alarm and the strobe light above the door
was still flashing. The next day
I contacted YVR security and asked them how come they did not respond to the
alarm. They informed me that they
don't respond to these alarms, that the airlines are responsible for the
passenger boarding gates. I asked
them if they had let anyone in the airlines know (this was a trick question,
how would they know which airline to call? - the gate was not in use) and they
confirmed that they had not let any one know about the alarm.
Here is an instance where the security system is wired to the airport
authorities monitoring station, where there is no airline staff assigned or
using the gate, where none of the airlines even have any designated security
staff, and yet the airport authority refuses to take responsibility for the
alarm and check it out. The
dangers of not responding to these alarms is that passengers can easily pass
through the doors and have access to the cockpits of unattended planes, or
pass through another emergency door and find themselves on the tarmac.
The second example dealt with an unattended bag found
by a passenger check in agent at an unoccupied check in kiosk at YVR (the
check in kiosks are all standard, managed by YVRAA and assigned to the
airlines for specific flight check ins).
The agent notified security about the unattended bag (a big security
risk, the bag must be searched for explosives) and security attended the
scene. One hour later the
passenger agent contacted me because the bag was still there.
By this time the agent and surrounding staff were quite concerned about
the risks associated with the bag, and asked me to follow up with airport
security. I contacted airport
security and they informed me that the bag was at a check in kiosk, so it was
not their responsibility - it was the airlines responsibility. I informed them that our agents were not trained in searching
bags for explosives, and that the bag did not have one of our bag tags on it
so there was no legal grounds for our staff to search the bag.
Finally after talking with a supervisor I was able to have the security
staff respond to the bag and do a proper search.
These two examples show that there is a clear conflict between having two entities (the airlines and the airport authorities) responsible for different parts of security, and how easy it is due to self interested interpretations of the two security acts for serious problems and inefficiencies to occur. The irony of the situation is that the Airlines pay for both groups, yet the two systems work against each other and result in inefficient security services to the airlines, airports and the public.
7. Cargo Security
Require every Cargo operator to perform security
screening on every package they ship. This
would be similar to the screening that carry on baggage goes through, x-ray
screening and random hand and EVD searches on a set percentage of parcels.
After the attacks on 9/11 one course of action could
have been to do nothing, to maintain the status quo. The last terrorist attack in Canada was 1985, Air India, and
since that time there have been no major attacks against Canadian planes.
As a result of Air India, positive bag match was introduced which
allows only the luggage belonging to a passenger actually on board an aircraft
to be allowed into the cargo holds. The
events of 9/11 were so drastic, and quite possibly a once in a lifetime
occurrence, that perhaps airline security could be left alone.
Well this is not the case, airline security is in fact pretty weak, and
corrective actions had to be taken to increase safety and public confidence in
Good security is like an onion, it has many layers and
to get to the treasure at the centre you have to pass through each one.
In order to provide effective security for airline transportation, you
must layer different security measures on top of each other with the goal of
making the sum of defenses impenetrable.
Because airline transportation is so complex (passengers, baggage,
cargo, airports), it requires an enormous amount of different security
policies, procedures and equipment to create a comprehensive security plan
which can provide adequate protection against the associated risks.
The different layers of protection must include passenger screening,
baggage searches (EVD and dogs), searching cargo packages, increased perimeter
security at airports, strong employee security, increased criminal records
checks, redeployment of uniformed police officers, biometric recognition
systems and more.
Ineffective security is like a chain, you cut one link and the rest become useless, no matter how strong they were. To date Transport Canada and CATSA have concentrated their efforts on passenger screening, the front end and most visible part of airline travel. Special attention must also be paid to all of the other vital areas of airline security including cargo, airport premises, airport employees and support services. They have committed vast efforts and financial resources to date, but if they do not focus attention to the other areas of airline security as well, all of their work will be in vain. It makes no sense to devote five hundred million dollars per year to protecting the front door, while leaving the rest of the industry wide open to attack.
September 30, 2001
Note (from Chuck Wilmink):
Bruce Schneier, who wrote this article, is the (in my humble opinion) leading
scientists/researchers/businessmen in information security in the World.
I highly recommend his most recent book, Secrets & Lies, for a
fascinating, yet easy to read, introduction to the world of computer security.
It is a must read for anyone in the security industry.
The Crypto-Gram newsletter is an online editorial that Schneier puts out
on the 15th of every month. The
newsletter deals with topical issues in security, and again is a must read for
people in the security industry. Please
go to the web site http://www.counterpane.com/
to find the full edition with all of the references and links.
This is a special issue of Crypto-Gram, devoted to the
September 11 terrorist attacks and their aftermath.
In this issue:
* Airline Security Regulations
* Biometrics in Airports
* Diagnosing Intelligence Failures
(Not Included in this condensed version)
* Terrorists and Steganography
* Protecting Privacy and Liberty
* How to Help
Watching the television on September 11, my primary reaction was amazement.
The attacks were amazing in their diabolicalness and
audacity: to hijack fuel-laden commercial airliners and fly them into
buildings, killing thousands of innocent civilians. We'll probably never know
if the attackers realized that the heat from the jet fuel would melt the steel
supports and collapse the World Trade Center. It seems probable that they
placed advantageous trades on the world's stock markets just before the
attack. No one planned for an attack like this. We like to think that human
beings don't make plans like this.
I was impressed when al-Qaeda simultaneously bombed two
American embassies in Africa. I was more impressed when they blew a 40-foot
hole in an American warship. This attack makes those look like minor
The attacks were amazing in their complexity. Estimates
are that the plan required about 50 people, at least 19 of them willing to
die. It required training. It required logistical support. It required
coordination. The sheer scope of the attack seems beyond the capability of a
The attacks rewrote the hijacking rule book. Responses
to hijackings are built around this premise: get the plane on the ground so
negotiations can begin. That's obsolete now.
They rewrote the terrorism book, too. Al-Qaeda invented
a new type of attacker. Historically, suicide bombers are young, single,
fanatical, and have nothing to lose. These people were older and more
experienced. They had marketable job skills. They lived in the U.S.: watched
television, ate fast food, drank in bars. One left a wife and four children.
It was also a new type of attack. One of the most
difficult things about a terrorist operation is getting away. This attack
neatly solved that problem. It also solved the technological problem. The
United States spends billions of dollars on remote-controlled precision-guided
munitions; al-Qaeda just finds morons willing to fly planes into skyscrapers.
Finally, the attacks were amazing in their success.
They weren't perfect. We know that 100% of the attempted hijackings were
successful, and 75% of the hijacked planes successfully hit their targets. We
don't know how many planned hijackings were aborted for one reason or another.
What's most amazing is that the plan wasn't leaked. No one successfully
defected. No one slipped up and gave the plan away. Al-Qaeda had assets in the
U.S. for months, and managed to keep the plan secret. Often law enforcement
has been lucky here; in this case we weren't.
Rarely do you see an attack that changes the world's conception of attack, as these terrorist attacks changed the world's conception of what a terrorist attack can do. Nothing they did was novel, yet the attack was completely new. And our conception of defense must change as well.
Airline Security Regulations
Computer security experts have a lot of expertise that
can be applied to the real world. First and foremost, we have well-developed
senses of what security looks like. We can tell the difference between real
security and snake oil. And the new airport security rules, put in place after
September 11, look and smell a whole lot like snake oil.
All the warning signs are there: new and unproven
security measures, no real threat analysis, unsubstantiated security claims.
The ban on cutting instruments is a perfect example. It's a knee-jerk
reaction: the terrorists used small knives and box cutters, so we must ban
them. And nail clippers, nail files, cigarette lighters, scissors (even small
ones), tweezers, etc. But why isn't anyone asking the real questions: what is
the threat, and how does turning an airplane into a kindergarten classroom
reduce the threat? If the threat is hijacking, then the countermeasure doesn't
protect against all the myriad of ways people can subdue the pilot and crew.
Hasn't anyone heard of karate? Or broken bottles? Think about hiding small
blades inside luggage. Or composite knives that don't show up on metal
Parked cars now must be 300 feet from airport gates.
Why? What security problem does this solve? Why doesn't the same problem imply
that passenger drop-off and pick-up should also be that far away? Curbside
check-in has been eliminated. What's the threat that this security measure has
solved? Why, if the new threat is hijacking, are we suddenly worried about
The rule limiting concourse access to ticketed
passengers is another one that confuses me. What exactly is the threat here?
Hijackers have to be on the planes they're trying to hijack to carry out their
attack, so they have to have tickets. And anyone can call Priceline.com and
"name their own price" for concourse access.
Increased inspections -- of luggage, airplanes,
airports -- seem like a good idea, although it's far from perfect. The biggest
problem here is that the inspectors are poorly paid and, for the most part,
poorly educated and trained. Other problems include the myriad ways to bypass
the checkpoints -- numerous studies have found all sorts of violations -- and
the impossibility of effectively inspecting everybody while maintaining the
required throughput. Unidentified armed guards on select flights is another
mildly effective idea: it's a small deterrent, because you never know if one
is on the flight you want to hijack.
Positive bag matching -- ensuring that a piece of
luggage does not get loaded on the plane unless its owner boards the plane --
is actually a good security measure, but assumes that bombers have
self-preservation as a guiding force. It is completely useless against suicide
The worst security measure of them all is the photo ID
requirement. This solves no security problem I can think of. It doesn't even
identify people; any high school student can tell you how to get a fake ID.
The requirement for this invasive and ineffective security measure is secret;
the FAA won't send you the written regulations if you ask. Airlines are
actually more stringent about this than the FAA requires, because the
"security" measure solves a business problem for them.
The real point of photo ID requirements is to prevent
people from reselling tickets. Nonrefundable tickets used to be regularly
advertised in the newspaper classifieds. Ads would read something like
"Round trip, Boston to Chicago, 11/22 - 11/30, female, $50." Since
the airlines didn't check ID but could notice gender, any female could buy the
ticket and fly the route. Now this doesn't work. The airlines love this; they
solved a problem of theirs, and got to blame the solution on FAA security
Airline security measures are primarily designed to
give the appearance of good security rather than the actuality. This makes
sense, once you realize that the airlines' goal isn't so much to make the
planes hard to hijack, as to make the passengers willing to fly. Of course
airlines would prefer it if all their flights were perfectly safe, but actual
hijackings and bombings are rare events and they know it.
This is not to say that all airport security is
useless, and that we'd be better off doing nothing. All security measures have
benefits, and all have costs: money, inconvenience, etc. I would like to see
some rational analysis of the costs and benefits, so we can get the most
security for the resources we have.
One basic snake-oil warning sign is the use of
self-invented security measures, instead of expert-analyzed and time-tested
ones. The closest the airlines have to experienced and expert analysis is El
Al. Since 1948 they have been operating in and out of the most heavily
terroristic areas of the planet, with phenomenal success. They implement some
pretty heavy security measures. One thing they do is have reinforced, locked
doors between their airplanes' cockpit and the passenger section. (Notice that
this security measure is 1) expensive, and 2) not immediately perceptible to
the passenger.) Another thing they do is place all cargo in decompression
chambers before takeoff, to trigger bombs set to sense altitude. (Again, this
is 1) expensive, and 2) imperceptible, so unattractive to American airlines.)
Some of the things El Al does are so intrusive as to be unconstitutional in
the U.S., but they let you take your pocketknife on board with you.
Biometrics in Airports
You have to admit, it sounds like a good idea. Put
cameras throughout airports and other public congregation areas, and have
automatic face-recognition software continuously scan the crowd for suspected
terrorists. When the software finds one, it alerts the authorities, who swoop
down and arrest the bastards. Voila, we're safe once again.
Reality is a lot more complicated; it always is.
Biometrics is an effective authentication tool, and I've written about it
before. There are three basic kinds of authentication: something you know
(password, PIN code, secret handshake), something you have (door key, physical
ticket into a concert, signet ring), and something you are (biometrics). Good
security uses at least two different authentication types: an ATM card and a
PIN code, computer access using both a password and a fingerprint reader, a
security badge that includes a picture that a guard looks at. Implemented
properly, biometrics can be an effective part of an access control system.
I think it would be a great addition to airport
security: identifying airline and airport personnel such as pilots,
maintenance workers, etc. That's a problem biometrics can help solve. Using
biometrics to pick terrorists out of crowds is a different kettle of fish.
In the first case (employee identification), the
biometric system has a straightforward problem: does this biometric belong to
the person it claims to belong to? In the latter case (picking terrorists out
of crowds), the system needs to solve a much harder problem: does this
biometric belong to anyone in this large database of people? The difficulty of
the latter problem increases the complexity of the identification, and leads
to identification failures.
Setting up the system is different for the two
applications. In the first case, you can unambiguously know the reference
biometric belongs to the correct person. In the latter case, you need to
continually worry about the integrity of the biometric database. What happens
if someone is wrongfully included in the database? What kind of right of
appeal does he have?
Getting reference biometrics is different, too. In the
first case, you can initialize the system with a known, good biometric. If the
biometric is face recognition, you can take good pictures of new employees
when they are hired and enter them into the system. Terrorists are unlikely to
pose for photo shoots. You might have a grainy picture of a terrorist, taken
five years ago from 1000 yards away when he had a beard. Not nearly as useful.
But even if all these technical problems were magically
solved, it's still very difficult to make this kind of system work. The
hardest problem is the false alarms. To explain why, I'm going to have to
digress into statistics and explain the base rate fallacy.
Suppose this magically effective face-recognition
software is 99.99 percent accurate. That is, if someone is a terrorist, there
is a 99.99 percent chance that the software indicates "terrorist,"
and if someone is not a terrorist, there is a 99.99 percent chance that the
software indicates "non-terrorist." Assume that one in ten million
flyers, on average, is a terrorist. Is the software any good?
No. The software will generate 1000 false alarms for
every one real terrorist. And every false alarm still means that all the
security people go through all of their security procedures. Because the
population of non-terrorists is so much larger than the number of terrorists,
the test is useless. This result is counterintuitive and surprising, but it is
correct. The false alarms in this kind of system render it mostly useless.
It's "The Boy Who Cried Wolf" increased 1000-fold.
I say mostly useless, because it would have some positive effect. Once in a while, the system would correctly finger a frequent-flyer terrorist. But it's a system that has enormous costs: money to install, manpower to run, inconvenience to the millions of people incorrectly identified, successful lawsuits by some of those people, and a continued erosion of our civil liberties. And all the false alarms will inevitably lead those managing the system to distrust its results, leading to sloppiness and potentially costly mistakes. Ubiquitous harvesting of biometrics might sound like a good idea, but I just don't think it's worth it.
Diagnosing Intelligence Failures
It's clear that U.S. intelligence failed to provide
adequate warning of the September 11 terrorist attacks, and that the FBI
failed to prevent the attacks. It's also clear that there were all sorts of
indications that the attacks were going to happen, and that there were all
sorts of things that we could have noticed but didn't. Some have claimed that
this was a massive intelligence failure, and that we should have known about
and prevented the attacks. I am not convinced.
There's a world of difference between intelligence data
and intelligence information. In what I am sure is the mother of all
investigations, the CIA, NSA, and FBI have uncovered all sorts of data from
their files, data that clearly indicates that an attack was being planned.
Maybe it even clearly indicates the nature of the attack, or the date. I'm
sure lots of information is there, in files, intercepts, computer memory.
Armed with the clarity of hindsight, it's easy to look
at all the data and point to what's important and relevant. It's even easy to
take all that important and relevant data and turn it into information. And
it's real easy to take that information and construct a picture of what's
It's a lot harder to do before the fact. Most data is
irrelevant, and most leads are false ones. How does anyone know which is the
important one, that effort should be spent on this specific threat and not the
thousands of others?
So much data is collected -- the NSA sucks up an almost
unimaginable quantity of electronic communications, the FBI gets innumerable
leads and tips, and our allies pass all sorts of information to us -- that we
can't possibly analyze it all. Imagine terrorists are hiding plans for attacks
in the text of books in a large university library; you have no idea how many
plans there are or where they are, and the library expands faster than you can
possibly read it. Deciding what to look at is an impossible task, so a lot of
good intelligence goes unlearned.
We also don't have any context to judge the
intelligence effort. How many terrorist attempts have been thwarted in the
past year? How many groups are being tracked? If the CIA, NSA, and FBI
succeed, no one ever knows. It's only in failure that they get any
And it was a failure. Over the past couple of decades,
the U.S. has relied more and more on high-tech electronic eavesdropping
(SIGINT and COMINT) and less and less on old fashioned human intelligence
(HUMINT). This only makes the analysis problem worse: too much data to look
at, and not enough real-world context. Look at the intelligence failures of
the past few years: failing to predict India's nuclear test, or the attack on
the USS Cole, or the bombing of the two American embassies in Africa;
concentrating on Wen Ho Lee to the exclusion of the real spies, like Robert
But whatever the reason, we failed to prevent this terrorist attack. In the post mortem, I'm sure there will be changes in the way we collect and (most importantly) analyze anti-terrorist data. But calling this a massive intelligence failure is a disservice to those who are working to keep our country secure.
There are copycat criminals and terrorists, who do what
they've seen done before. To a large extent, this is what the hastily
implemented security measures have tried to prevent. And there are the clever
attackers, who invent new ways to attack people. This is what we saw on
September 11. It's expensive, but we can build security to protect against
yesterday's attacks. But we can't
guarantee protection against tomorrow's attacks: the hacker attack that hasn't
been invented, or the terrorist attack yet to be conceived.
604-323-0242, E-mail: email@example.com
Accomplished senior corporate and IT security professional with excellent business and management skills. Looking for opportunities to interface with “C” level professionals to investigate current security risks and develop appropriate Corporate Security Plans consistent with bottom line profitability and client satisfaction.
Information Systems Security Professional (CISSP)
Masters of Business Administration, Simon Fraser University
Bachelor of Science, University of British Columbia
senior management and entrepreneurial skills:
over an unsuccessful institution with no programs and in three months had
developed a leading information security training program and filled the
first class with 15 students. Built
up program to break even point. By
the end of the first year, the certificate program received international
attention, and as a result attracted students from Korea and Sweden to
come to Vancouver to enroll in the program.
a new security firm and expanded it to 120 employees and 3 million dollars
a year in sales.
media relations, contributed a regular column for the Vancouver Sun and
frequently interviewed on television, radio and newspaper as a security
security upgrades at Canadian Airline’s two largest facilities, their
Calgary head office and Vancouver operations/maintenance base (2 billion
dollar asset). Installed
physical security equipment, changed duties and deployment of unionized
security staff and introduced new security focused policies and procedures
for all employees to create environments where security was significantly
improved and became a daily part of operations.
experience in working with senior officials in the RCMP, Municipal Police
Departments, Canada Customs, Canadian Military, US Marines, FBI, University
and College executives, Chief Security Officer of Microsoft, and other
senior executives from private and public organizations.
CENTRE FOR INFORMATION TECHNOLOGY SECURITY (CCITS)
September 2000 to June 2002
for developing, marketing and managing all areas of CCITS, a joint venture
between the Justice Institute of British Columbia and the University of British
Columbia. Developed partnerships
with other educational institutes to deliver the program across Canada, and with
the leading industry professional association to deliver the program world wide.
information security issues in the community through a regular column in the
Vancouver Sun, frequent television interviews on CTV and Global, newspaper
stories and interviews in The Vancouver Sun, The Vancouver Province, The Courier
and Silicon North, and on radio stations CKNW, CBC and CHMB (Chinese Radio
PGA AIR CANADA CHAMPIONSHIP
Position - Vice Chairman of Security Committee, 1996 - Present
and implemented the initial security plan, and each year co-ordinate and
supervise 150 volunteers to provide security for the annual PGA golf tournament
INTERNATIONAL & AIR CANADA
Security Manager, August 1998 to September 2000
for facility and equipment security world wide, and for managing Canadian's
union security department. Conduct annual security audits of Canadian Airlines
stations (hangar, office, cargo and airport facilities). Perform interviews and
investigations in security or criminal incidents involving Canadian employees,
clients, contractors and passengers; taking appropriate actions to stop losses
immediately and making recommendations to prevent similar problems from
and managed the security upgrades of the main CAI facility that contained 5,000
employees, $400 million facility, $400 million parts inventory and $1.2 billion
in airplanes. Upgraded/changed the
scope of duties of the on-site unionized security team to dramatically increase
security effectiveness. Designed
and managed the implementation of physical security and policies and initiatives
during design and construction of the new CAI head office in Calgary.
Manager, September 1993 to July 1998
of the original three-person management team hired to start the company,
individually responsible for starting the security officer division. Duties
included all facets of providing security services, from marketing, sales and
contract negotiations to developing client security plans, system operations and
quality control. After two years promoted to general manager for the entire
company. After four years Viking had one hundred and fifteen employees, and
invoiced over three million dollars annually in sales. Clients included The Bank
of Nova Scotia, General Motors Place, Concord Pacific, Henderson Development,
The Pan Pacific Hotel, Canadian Airlines and Air Canada.
1988 - September 1993
Constable, training and experience in Police Officer patrol duties, criminal
self-defense, control tactics and traffic direction.
MUSIC '91 and EARTH
VOICE FESTIVAL '92
‘91 was a province-wide concert tour which attracted crowds of up to fifteen
thousand people to temporary sites throughout BC's smaller communities for
artists such as Bryan Adams, MC Hammer, Kenny Rogers, The Doobie Brothers, John
Denver, Crosby Stills and Nash, Natalie Cole, Linda Ronstadt, and Bob Hope.
Responsible for the complete design, implementation and management of site
security, emergency planning, crowd control, traffic and parking. Hired and
managed a full time security crew of ten; and in addition recruited, hired and
trained 40 - 180 local residents in each community to act as crowd control
The Information Systems Security Association (ISSA), The Computer Security Institute (CSI), former ASIS member, Rugby (UBC Varsity, UBC Old Boys Rugby Club), Basketball, Golf, Fraternity member (Phi Gamma Delta)