Skip to main content

My OpEd in the LA Times was necessarily short and readers may be interested in more detail on certain points. Here is background material for those who want to dig deeper.

Context for PreCheck

The Underwear Bomber struck seven years ago at this time of year and sent shockwaves through the security community, including TSA. TSA urgently deployed body scanners of a type that could, delicately speaking, see through underwear. That caused an uproar. TSA also ordered its officers to don gloves and probe sensitive areas of passengers who had set off a screening alarm. For different reasons, both were unforced errors by TSA and caught the attention of the White House, including President Obama, who felt compelled to make a joke about it in his 2010 State of the Union address.

TSA felt the heat and wanted to come up with a security innovation that would go down well with the public. PreCheck drew on a string of ideas going back to 2001 that security should be smoother for the vast majority of passengers who pose no terror threat whatsoever.

“Buzz Words”

Today, TSA just calls it smarter security. https://www.tsa.gov/tsa-precheck/tsa-precheck-how-it-works

The original program always talked about risk-based security as intelligence driven:

"TSA’s screening process has evolved from a post 9/11 one-size-fits-all security approach to an intelligence-driven, risk-based strategy. TSA risk-based security practices expedite screening for known and trusted travelers at security checkpoints while focusing resources on high-risk and unknown passengers." https://www.tsa.gov/sites/default/files/resources/rbs_factsheet_0.pdf

In the sense that PreCheck bars people who were identified by intelligence or law enforcement agencies as possible terrorists, then it was intelligence-driven. But using that standard for PreCheck is ridiculous since those people already get extra screening or are on the No-Fly list. The movie Patriots Day, out now, reminds us of the tragic and preventable Boston Marathon bombing. The FBI sent agents to talk to the Tsarnaev brothers and investigate them as possible terror suspects. And cleared them. Even they did not meet the “intelligence-driven” definition used in PreCheck.

The other problem with “intelligence-driven” in the PreCheck context is that intelligence actually tells us the opposite; specifically that terrorists pick clean operatives. If TSA uses current intelligence to evaluate risk, it would not be out enrolling everybody they can into pre-9/11 security for everybody not flagged by the security services.

Enrollment Issues

Operationally, TSA’s Pre-Check enrollment process suffers from the same problems identified five years ago by a Government Accountability Office report on the Transportation Worker Identity Credential (TWIC). http://www.gao.gov/new.items/d11657.pdf

In that report, the GAO drolly commented that TSA’s process was “not designed to provide reasonable assurance that only qualified applicants” can get approved.

Operational Problems

Near-empty Pre-Check lanes mean that the remaining lanes choke on having to screen all the regular travelers. DHS/TSA executives were inspired to fix the problem by approving the euphemistic ‘managed inclusion’ of just adding regular passengers to Pre-Check lanes. That resulted in Congressional hearings and the DHS IG reported an ensuing 96% failure rate.

The party line is to solve the Pre-Check operational problem by driving up membership and hiring more staff. Until the enrollment and risk assessment holes are closed, that is a very expensive, dangerous security risk.

Short-Term Fixes for PreCheck

In the interests of space, I left out details of what I would suggest as short-and medium-term solutions. Here are a few ideas:

-- Immediately scrub the PreCheck enrollees for false identities. That can probably be accomplished best and most quickly by getting permission from members, and then using, commercial data. If the results show that PreCheck has already been penetrated, the program should be suspended.

-- Deploy K-9 teams at PreCheck lanes.

-- Use Behaviorally trained officers to interact with and check the credentials of PreCheck passengers.

-- Use Explosives Trace Detection cotton swabs on PreCheck passengers at a much higher rate. Same with removing shoes.

-- Turn on the body scanners and keep them fully utilized.

-- Allow liquids to stay in the carry-on since TSA scanners can detect threat liquids.

-- Work with the airlines to keep the PreCheck experience positive.

-- Work with airports to place PreCheck lanes away from regular checkpoints so as not to diminish lane capacity for non-PreCheck passengers. Rental Car check-in areas could be one alternative. Also, downtown check-in and screening (with secure transport to the airport) is a possibility.

Medium-Term Solutions

-- Overhaul the disingenuous “privatization” program where airports may ask to hire private companies to replace TSA. That system is simply TSA’s procedures performed by contractors plus a mark-up. There is no innovation or additional security thinking allowed. TSA should invite outside security experts to put together proposals for a best-in-class security operation, and subject to TSA approval, innovate along with airports and airlines. This would save money and inject innovation into the system.

-- Crack open the oxygen-starved system through which TSA buys billions of dollars of technology. Currently, a few companies bundle their hardware and software and monopolize the contracts within the cloistered DHS laboratory approval system. TSA should issue public performance standards and allow software developers to write algorithms and hardware companies to build prototypes that together meet a given security requirement. TSA should certify a portfolio of world-class labs here in the U.S. to have approval authority rather than keep everything bottled up at, and dependent on, the DHS lab. This will turbocharge technology innovation and immediately drive down cost.

-- Free the people! In its officers, TSA has the enormous potential of the human brain smothered in mind-numbing operational procedures and medieval compensation schemes. Facing adaptive enemies, as we are, TSA needs to have its front-line officers well-trained, super-connected and highly motivated. After TSA unionized, performance-based pay was dumped for a de-motivating seniority system. Since then, TSA’s management has become a thicket of layers nested on top of a workforce that is carefully following its static checklist. The absence of public outrage does not equal high performance. A motivated workforce with fewer layers of management will provide better security and will drive out excess cost.

-- Look at a dramatic reduction of the legacy prohibited items list. In consultation with the FAA, flight crew representatives, airlines, and other parties it is time to make it a federal offense to intimidate a member of the flight crew with a sharp object or anything else. With that penalty in place, it won’t be necessary to ban small sharp objects at the checkpoint and that will free up officers to focus on explosives and weapons with catastrophic consequences.

-- Along the same lines, it may now be possible to remove liquid restrictions since existing checkpoint technology very likely can detect threat liquids like hydrogen peroxide, even inside a carry-on. This is an extension of what is already done with Pre-Check passengers. Both suggestions will improve security and markedly speed up the screening process.

-- TSA was given millions of dollars to hire more staff so that the lanes would clear up. One of the costs of that was to effectively dismantle the behavior observation layer of security as TSA stacked its resources at their checkpoints. That is the opposite of what TSA should do – lighten up at the checkpoint, spread security throughout the airport (really, the transportation sector) and network tirelessly with its intelligence, industry and foreign partners.

Twitter Facebook Pinterest LinkedIn

ISIS has claimed responsibility for the bomb that destroyed Metrojet Flight 9268.

If their claim proves to be true, the bomb appears to be of very familiar design and uses a beverage container to carry the explosive.

The first step on any action plan to safeguard aviation from similar attacks is to properly execute existing security measures. In this case, the 3.4-ounce or 100ml restriction on carried-on liquids should have stopped the attack.

As we consider additional security measures in the wake of the Metrojet and Paris attacks, we must first button-down what is already in place.

http://www.nytimes.com/live/paris-attacks-live-updates/isis-brags-about-explosive-that-brought-down-russian-jet/

Twitter Facebook Pinterest LinkedIn