Written by Mr. Itay Levin
THE COURSE OF EVENTS
A car with its three passengers glides smoothly in the direction of the airport, exits the freeway, and decelerates onto the road connecting to the passenger terminal of the national airport.
The license plate number of the car is caught on the camera at the side of the road. The car’s color and model, as shown on camera, are quickly checked against the databases of the Police and the Ministry of Transport. All the data items are compared and cross-verified, and the name of the car owner is displayed. The IMI phone signature of the passengers is identified by the nearest cellular antenna according to instructions that it receives from the core of the Proactive Information Hub (PIH). An intelligence map is spread out over the car passengers. One of the phones in the car belongs to the vehicle owner. There are no negative findings from the Licensing Bureau, the Ministry of Transport or records of the car insurance company.
Initial fusion of the information that came from the PIH engine results in instructions to divert the car solely for scanning its undercarriage, without questioning the passengers. If the system highlights a car as having high risk potential (HRP), the passengers are questioned briefly. A photo of the car undercarriage scan is compared with the photograph taken at the vehicle licensing institute; no anomaly is found.
The car passes the periphery security agent of the airport and continues on its way towards the long-term parking. The security cameras continue to accompany the car. The passengers get out of the car; a photograph of each of them is fixed in the system memory. The PIH core searches for public information on the Internet, containing the names of the passengers and their photographs.
At precisely the same time, another passenger, David Minister, arrives by train at the passenger terminal of the airport.
The passenger is holding a cellular device in his hand. Before arriving at the terminal, the passenger has removed his SIM card and loaded another SIM-card. The phone tracking system immediately has given an alert (a device recognized by IMI) about the SIM card replacement. Right away, checking and mapping of the information linked to the passenger’s mobile begins. The PIH-core accelerates a simultaneous process and checks the internet links according to the name of the device owner. The train station camera at the terminal photographs David Minister.
In a preliminary search, the AIH core does not locate David Minister in any of the popular social networks, which is unusual.
Two days prior to the occurrences at the airport and on the train approaching the airport, the passengers’ reservations are recorded with the national airline company. The information is prepared in the PNR folder for each passenger, and transferred to the PIH system, which begins processing and examining the data generated from the information conveyed by the passenger. The credit card supplied is checked with the credit card company in order to identify certain transactions; the name of each passenger is checked against the various lists of the security services and the Police, and the Ministry of the Interior file is retrieved for uploading relevant information that will be utilized in due course, including a photograph of the passenger and other biometric information. A demographic examination of the name David Minister does not raise any suspicion. His name matches the set characteristics; the various population registries indicate an address in an area that shows that he belongs to the middle socio-economic class. Positive indications begin to appear later in the examination – a stable marriage lasting a number of years, children in school and kindergarten, regular payment of municipal, water and electricity bills over several years from the same address, and payment of taxes in an orderly fashion. The health of the family members is good and it is evident that the AIH is about to recommend a low classification, like Low Risk Potential (LRP) for the passenger.
The examination does not raise any suspicion with respect to classification of the car passengers by the PIH, and they are also about to receive an LRP classification, but then they too change their SIM cards, and enter the terminal building.
The warning lights flash on; when the PIH system finds that a phone call was made between David Minister and one of the car passengers, several hours previously, and prior to their changing their SIM cards. The system identifies a suspicious pattern!
The cellular antenna indicates a gathering of the individuals within a limited area, and in fact all the group members are standing just a few meters apart – over the smart CCTV screens it does not evident that they are traveling together.
The pattern of behavior of the group members as caught on the camera system does not match the pattern established by the cellular system!
The system begins to change its color! The human factor (security professional agent) directed to handle the group members is instructed to handle them accordingly. In the meantime, the social network and internet scanning results have been uploaded. Only David Minister is registered in one network, LinkedIn. His identity and pictures match what is known to the system, with a high level of compatibility.
Integration of the human factor (the agent) in the sensor system multiplies tenfold the stimulus directed towards the passengers, and their responses are recorded and analyzed in a very short time by the sensoring system. The system instructs the agent to check that the identity of each passenger matches the documentation in their possession, and at the same time to check that David Minister’s identity matches the cellular device and iPod found in his possession.
The agent does not find any problem, except for the same hidden link insisted upon by the system, but some sixth sense causes him to feel unease in the company of the passengers. Something in the way they behave, their choice of words, the look in their eyes and their body language gestures conveys a problem to him.
An invisible signature stamps the passengers and their baggage.
The passengers and their baggage are classified with a strict HRP classification. Their baggage is referred for strict checking in the (Hold Baggage System) HBS, and they themselves undergo a strict check on entering the sterile area of the terminal.
The duty officer in charge at the terminal checks the type of airplane that the suspicious group is planning to board, while emphasizing the protective measures – the crew of the airplane is not equipped to the satisfaction of the officer.
“As a matter of routine, I am in immediate need of a plane security team for the flight; the team members should be equipped accordingly with an AMSCS (Air Marshal Surveillance & Communication System). Make sure that the suspicious passengers receive full security coverage during the course of the entire flight. Their number is border line in relation to the security risk-classification for this flight.”
The group of passengers has gathered at the Coffee Rotunda, the pride of the terminal and the airport, to drink coffee.
Aurora Wine, the airport’s director of security, joins them – “Dear friends, in my opinion you have failed again. We are prepared for your flight.”
A scene from a science fiction movie? Is this a situation that is actually taking place somewhere in the world?
THE THREE FUNDEMENTAL ELEMENTS OF AVIATION SECURITY
THE DECISION ELEMENT –ANALYZING THE FLOW OF INFORMATION
In my previous post, I pointed to the extremely problematic nature of security reliance on strategic intelligence, and the lack of tactical intelligence. In my opinion, we should accept this aspect as a viable line of defense. There are numerous and varied reasons for this, but at its root there is the argument that the flow of information is an integral and basic part of the experience in the industry, which is being defended.
The determination of Carl von Clausewitz (“Vom Kriege”- On War) that “In the form of a defensive battle, the contact line will always be breached” is the correct way to understand the contribution and the limitation of this line of defense.
The flow of information today from commercial and intelligence sources and the open cybernet world enable large amounts of varied data to be gathered, which, with suitable fusion and extraction can bring about an amazing result. In the language of intelligence experts, the intelligence-picture can be presented in a rich multi-colored today.
The semantic search as a set of techniques for retrieving knowledge from richly structured data sources like ontologies as found on the Semantic Web. The next generation of intelligence solutions built on technology available today:
- Automation of many traditionally ‘labor intensive’ intelligence tasks (entity extraction, entity resolution, name matching, etc.).
- Open, flexible, extensible solution based on intelligence cycle.
- Rules/policies automation. NPL for business logic and policies.
- Ontology-based processing of semi-structured and unstructured data.
- Semantic and statistical based analysis and inferencing.
- World only. Business rule meshing, optimization and inferencing. Run stack additional rules.
- End-to-end security and governance. Unlimited scalability for all data types, formats and structures.
- High throughput real-time data processing and event detection.
- Integration of real-time and historical data – “on the fly.” Golden File.
- Continuous monitoring and auditing of all user activity.
Information security and the right to privacy are complex challenges that are today found in almost every aspect of our lives.
Are the legal authorities forbidden what is permitted to companies such as Google or Facebook, which keep track of every step in our lives, our information consumption habits and consumption of consumer products?
Information is currently conveyed from the international air ticket reservation system, under a long series of agreements between countries and organizations from various countries. We are currently witnessing the move in the United States, where the passenger volunteers information to the authority in order to facilitate the inspection processes– and why not?
Technically, the two challenges of safeguarding the information and preserving the rights of the individual can be overcome by formulation of appropriate laws, and separation between the information gathering and analysis systems and the various consumers. A good friend of mine, who developed one of the most advanced systems, calls this “the right information to the right person at the right time”; no less, but also no more!
Incidentally, the most absurd thing as far as I am concerned is that, again, the issue of cargo handling is left for another occasion, and is not clearly and logically handled within the framework of the above-mentioned agreements.
It is advisable that the information-sharing issue be fully or partially managed by the international aviation organizations, just as is done regarding commercial matters in the industry.
THE PHYSICAL SCREENING ASPECT
Following the targeted terror attacks of 9/11, a misguided doctrine was formed that was summed up in the sentence “One size fits all.” However, a decade later, the recognition of a conceptual change is beginning to permeate the world of aviation security.
Unsurprisingly, the security personnel are joining forces with the aviation industry in demanding individual security checks. The industry has been demanding for some time to make security checks easier for the passengers and to restore glory to the industry, a manifestation of which can be seen both in the initiative of the IATA to design the “checkpoint of the future”, and in the statement of Christoph Blume, the head of the German airport industry association ADV told a German newspaper that grouping passengers into different categories of risk could put an end to the ever-growing number of security checks.
On the other hand, the head of the TSA, Mr. Pistole, who has a background in intelligence, refers to a number of key points:
- There is a serious and ongoing threat to American aviation and there is no indication that this will let up in the near future.
- The quality of the terror attacks emerging from Yemen regarding cargo planes in 2010 and explosive underwear in 2009 is very high, and is at the upper limit of the American security system’s capability.
- The adversary is very sophisticated, learns the capabilities of the scanning equipment very quickly and manages to create designs and methods to circumvent the equipment.
- If the American security system does not succeed in knocking the adversary off balance, it is inviting an attack on itself that will be successful.
- A great deal of intelligence and information currently exist, but are not properly manifested in the security and prevention system.
- The heads of the aviation industry, after a decade that brought companies to bankruptcy and liquidation, will support steps that up to now have been considered unacceptable and not politically correct.
Unbalancing the adversary can be quickly achieved, by integrating the human factor (professional expert security agent) to the security system. Each of you, if you remember how you felt when stopped by a traffic policeman or questioned by an immigration officer in a foreign country, can immediately imagine the feeling of discomfort experienced by the adversary when questioned by the agent. The idea is to stimuli and detect the reaction.
On examining the activities of spies and secret agents, they usually testify that they easily cope with technological measures; however, in the face of a situation of surprising, information-based questions, they find it difficult to maintain their composure.
Moreover, if we increase the integration of the human factor to the security system, we must not be satisfied with including the security personal. Why not increase the security community to include other airport employees? To the airport services’ employees, and so on.
THE IN-FLIGHT SECURITY ELEMENT
Failure after failure, success after success, can be summarized as the difference between countries that take this aspect seriously as against those that do not.
The 9/11 terror attacks were a clear and direct assault on the last security layer of in-flight security, and the response that was given in the form of thousands of screening machines and sniffers is in no way an improvement!
It is also clear today that a team of ten brutal, determined and well-trained terrorists on a plane will not find it difficult, even without any special means of attack, to take over most of the flights in the world.
It is customary to argue that cockpit doors have been reinforced and protected against a potential breach; against this argument every serious locksmith can be quoted; each will claim that a door is only a delaying obstacle, and therefore only the time between the start of an attack and until the door is broken down should be measured. Protection of the cockpit door is a good start, but it is definitely not sufficient.
Integrating technology into airplane security is something that is necessary and inevitable. A few companies around the world have begun to equip their pilots with a camera that transmits a picture of the galley and the area outside the cockpit door. Indeed, a welcome initiative, but in no way sufficient.
At least two technological systems have been tested in recent years and have been found to contribute to the level of security, either because they come as a complete surprise to the adversary or because they restore control to the pilots, both literally and metaphorically. What is surprising is that not even one system has been sold, even though its cost, in the more expensive case, only comes to 0.5% of the entire cost of the airplane.
The scenario detailed in the first section of the article should be seen as comprehensive and including also the other flight operation elements; i.e., commercial cargo, catering and additional services necessary for the operation.
I wish to emphasize that, if “One size fits all” is not valid for passengers, then it is also not valid regarding the handling of commercial cargo.
As an exception, I am intentionally overlooking security of the cyberspace aspect, not because the need for it does not exist, but for other reasons of my own. Nonetheless, it is quite obvious that, if it is possible to divert a train off the rails or to cut off the flow of air to a subway tunnel, aviation is no less vulnerable.
In the ongoing competition between terrorists and security forces, the initiative must not be left in the hands of the attackers, and the defenders must ensure that they have the ability to neutralize the situation and/or go on the offensive. These days, it is not sufficient to be the hunter – “Let’s roll”!
Written by Mr. Itay Levin
Mr. Levin has just recently joined Lotan Security and is an expert in the area of protective security with extensive experience in aviation security, security systems management, critical infrastructure and corporate protection. Mr. Levin’s experience is based on his past work managing international aviation security systems spread over a wide geographical area for ELAL Airlines Security. His responsibilities included managing the officers in charge and supervising projects and large scale operations. He was responsible for hundreds of employees and thousands of day-to-day security operations in a highly competitive commercial environment for 10 years, many of them during an era of high profile terror attacks. This unique combination of maintaining the highest security standards while taking the needs of the commercial environment into consideration are what helped to make him unique in the industry and a leader in the field.