The next Christmas Attack? – The threat of 3D Printer attacks

Posted on December 23, 2013 by Administrator

Written by Mr. Itay Levin

I have to say that I don’t have any information at this moment regarding any plot targeting civil aviation for the coming Christmas but the history of civil aviation is full of examples of attacks during this sensitive period of time.

Looking to create an advantage the adversary is always looking to surprise the security deployment and the latest threat we see on the horizon is the introduction of a new source of weapons – the 3 Dimension Printing Machines.

During the year 2013 we were witness to the production of two 3D printed Guns;

  1. The first one is a one shot hand gun manufactured by DEFENSE DISTRIBUTED out of Austin Texas USA. The company that developed the Liberator 3D printed gun released some YouTube videos demonstrating firing the weapon. The handgun shoots a single bullet and the only metal component is the firing pin and the bullet itself.
  2. The second 3D weapon is the Solid Concept’s pistol.  The pistol is a replica of the 45-caliber, M1911 semi-automatic that served as the U.S. military’s standard-issue sidearm. Solid Concepts said it has fired nearly 2,000 rounds using the pistol without a single malfunction.

3D objects are created when the 3D printers lay down a fine layer of powder and then using a laser to fuse granules together, build an object layer by layer from the ground up.

Can the 3D printed weapon be used as an element of assault against the civil aviation industry?

I think the answer to this question could be answered on two levels:

  1. The Liberator, a single shoot weapon is only a short step away from the ability of presenting a metal free single-shoot weapon. The relevant question here is whether a single shot weapon may be enough to demonstrate a credible threat to the industry. It is a fact that disassembled gun parts may overcome the detection capability of current detection technology but I believe that the outcome of the ability to shoot one single shoot should not accounted as a relevant threat.
  2. The Solid Concept’s multi shoots weapon cannot even be considered as a worthy challenge to the detection technology but if we considered an attack against the industry ground facilities by multiple attackers then it should be considered that this is a threat we face today with existing weapons by use of illegal arms.

Looking philosophically into the phenomenon of the 3D printing it will enable the adversary to create at his convenience any element he may need. This brings us back to the idea that weapons don’t come by themselves but must be brought to the place of attack and in my view we must recognize the adversary or we shall be overcome by the next Christmas attacker!

Posted in Aviation Security | Tagged , , , , , , , , , , , , | Leave a comment

Could the clash between fans have been prevented?

Posted on December 11, 2013 by Administrator


Written by Mr. Israel Eliyahu

I could not stay indifferent while watching the merciless violence between two groups of fans during the match between Atletico Paranaense and Vasco da Gama in Joinville, Santa Catarina, Brazil (8th December).


The videos, documenting the events as they occurred (17 minutes from match kickoff) were difficult to watch but also raised many questions in my mind regarding stadium security.
It was painfully apparent that too many minutes passed without adequate response from security forces and even then their reaction did not seem particularly effective…

During a period when all eyes are focused on Brazil as it prepares to host the World Cup in 2014, and while there may now be reason for concern after this violent breakout on Sunday, I personally wouldn’t go so far as to say that the preparation within the framework of the World Cup will be quite different.

However, let’s try to focus on this painful case and draw some lessons from it.
Intelligence & Evaluation of risks
In this case, the security forces are unable to explain the poor deployment due to absence of threat or lack of preliminary risk management. Both clubs have a history of violence and rioting fans.  It should be noted that Atletico PR were playing this game in a neutral venue, Joinville, as punishment for prior fan trouble at home…
Add to that the fact that the match was a fate sealing game that could have seen Vasco da2 Gama downgraded to a lower league and you’ll get a recipe for a flammable situation.

Security Forces & Responsibilities
One of the questions that is often asked when discussing sports events security relates to the responsibilities of private security and official security forces. In addition, we must address the resources, skills and competency of local forces dealing with the existing threats.
These issues are now even more relevant after analyzing the deployment of forces in Joinville, Santa Catarina, on December 8th.
Analyzing public sources I am able to understand that local authorities in the state of Santa Catarina decided that the safety of spectators inside the stadium would be guaranteed by a private security firm hired by Atletico PR and not by the police, who were stationed inside. Law enforcement was to intervene inside the ground only if a “substantial risk” developed.
There is no doubt that the police response time was too long and carrying a cost in human life and property.

Another worrisome issue is why the security forces did not take care to produce an effective buffer between the fans of each club? A buffer zone is usually decided during the preliminary design phase of each security operation and takes into account the positions of fans, the area that should be allocated for effective separation, use of physical means for preventing this buffer from collapsing and of course the use of a trained security force that is capable of stopping rioters who try to violate public order.

In this case, the bottom line indicates that all the aforementioned security circles collapsed.

The private security guards, who were well prepared prior to the game, ran for their lives as soon as the violence broke out.
One may ask: Do private security personnel have the right skills, resources and authority to deal with such a violent event? Why police forces were not present in the stands to stop the hooligans from the beginning?
It is reasonable to think that presence of police forces in the stands may deter and prevent extreme fans to misbehave.

This distressing event raises many more questions about how local security forces (police) failed in preventing violence and maintaining public order – whether the amount of police manpower and composition were satisfactory? Where they well trained? Did the police use undercover forces among the fans? Was there any prior intelligence could have lead to identifying problematic fans in advance?  Did the police use security cameras to enhance collecting of information during the match And many more…

The game itself was stopped for an hour and 14 minutes and a helicopter had to land in the field in order to evacuate the wounded.

As a response to the event, FIFA President Mr. Sepp Blatter promised that the 2014 World Cup in Brazil will offer an enhanced security concept with cooperation between private companies and governmental agencies to protect fans and players participating in the event.
We all hope that the lessons from the incident in Joinville (and many other violent events) will be successfully implemented and allow us, the football fans, to enjoy the game and especially to return home safely!

Posted in Sports events, Uncategorized | Tagged , , , , , , , , , , , | Leave a comment

Crisis in Thailand

Posted on December 2, 2013 by Administrator

Written By Stephen Philips – Bangkok

Crisis on the streets of Bangkok. Cancelled reservations. A fall of inbound tourism. Loss of revenue. Falling room rates. Thailand is rocked by political riots, let us consider another scenario……….thailand-protest

AK-47s crackling, grenades exploding and blood-splattered shoppers madly dashing for the exits. Mumbai or Nairobi? Yes, but not Siam Paragon, Emporium, Central World or any of Bangkok’s 5 star hotels. Or so we believe, until the day it actually happens.

It would not be difficult to launch such an attack in Thailand. One large heavy crate could hold all the arms and ammunition needed. Getting a dozen jihadists for a murderous suicide attack would be complicated, but Muslim extremists have been going off to wage jihad in Iraq, Lebanon, Afghanistan, Somalia and Syria for some time and we have an endless supply of home-grown volunteers in Yala, Narathiwat, Pattani and part of Songkhla provinces.

 

So let’s assume that a group of terrorists have just opened fire in Siam Paragon or a 5 star hotel. What next?

Police will rush in as quickly as they can with guns drawn. The tactic is hazardous for THAILAND-POLITICS-PROTESTpolice but saves lives. So, running into one of Siam Paragon’s many entrances come two policemen. The terrorists in front of them have AK-47s, at least a dozen 30-round magazines, hand grenades and pistols. The two officers will probably die heroically and they may buy time for many people to escape.

The next two officers will be a minute later, one of the two will probably be injured, but they will probably hold the entrance open, allowing more people to escape. The terrorists will probably fall back from all entrances now and start grabbing hostages. Twenty minutes later, more officers will arrive, each with an assault rifle, a submachine gun or a sniper rifle and maybe 150 rounds each.

The policemen near the doors will be relieved as they are almost out of ammunition. The terrorists are nowhere near the exterior of the shopping mall and more people are able to get out, but it is soon clear that the terrorists have retreated to the interior with a large number of hostages. Attempts to probe the situation and push this interior perimeter will quickly result in more firefights.

The police around Siam Paragon will be stretched thin. Most have only a pistol and soon their ammunition will run low. Soldiers carry large supplies of ammunition; police don’t. No doubt reinforcements will soon arrive but the same problem would persist.

In Mumbai and Nairobi, around this time, military troops started to arrive. In Siam Paragon, this won’t happen. The nearest Thai infantry battalion is in the suburbs and is not fully up to strength nor is it prepared for civil emergencies.

The police around Siam Paragon are on their own and it may take days longer than it did in Mumbai and Nairobi to be ready to force a conclusion, as we witnessed during the Red Shirt occupation of central Bangkok in 2010.

By that time, in the interior of the mall, several hundred hostages will have been sorted out: Israelis and Jews for beheadings posted on Twitter, young women for rape and children wired to grenades for when the rescue attempt comes. Negotiations will be a gift of time for the terrorists to continue to build barricades and amuse themselves.

In the end, the interior will be set on fire and all of the hostages killed before the last of the terrorists push out against the encircling police to seek their own ‘martyrdom.’

There is no solution to this scenario, but there are simple measures that might be considered………. security awareness and intelligence to provide early warning and disruption of such a plot is our best defense. Aware, trained and astute staff, suppliers and guests are essential.

This is not a scenario anybody would hope for, but the nature of terrorism is to surprise and horrify. Attacks on shopping malls, hotels, hospitals and high-rise residences, allow terrorists to seize many hostages and control them. This is the ‘threat’ we must plan for.

Posted in Uncategorized | 1 Comment

They Didn’t Train Us Part 2

Posted on November 26, 2013 by Administrator

By Mr. Vikas Chauhan

They never trained us…….“When a suicidal gunman entered a New Jersey mall on Monday night and opened fire, store manager Daisy Rodriguez locked the doors and hid in the back of her shop, nothing guiding her but instinct.”I was panicked. I was scared. I was just shaking,” said Rodriguez, 21, a manager at Soma Intimates in the Westfield Garden State Plaza Mall in Paramus. “They never trained us.” She adds…” November 8th. Reutersimages

Last week’s thought provoking blog by Dotan (They didn’t train us!!) about the critical need to train employees on security got me into thinking feet to highlight quick examples of how training (or lack thereof) can create substantial impact.

 

If they were trained!!

During Mumbai 26/11 attacks many people were trapped inside the Taj Hotel during the hotel siege by armed terrorist. The well trained hotel employees came to the rescue of many trapped guests and were able to save many lives. The HBR media report http://hbr.org/2011/12/the-ordinary-heroes-of-the-taj/ provides further details.

During the March 2010 German bakery blasts at Pune, as per media reports, the customers at the bakery reported the presence of an unclaimed bag to the bakery staff.  Eye witness claimed that the bag was lying there for over 40 min and nothing was done as a preventive measure. On being asked by the law enforcement agencies, the waiter claimed that he told the cashier, who in turn claimed that he didn’t know what to do & simply forgot about it while dealing with customers in the busy bakery. Had the bakery staff been trained on the Standard Operating Procedure (SOP) to handle an unclaimed (or suspicious) baggage, maybe the terror incident could have been averted which led to the loss of 17 lives and over 60 seriously injured.

 In fact, in many security conscious communities, right at the primary grades, the young students are trained & made aware of the safety & security drills, including Dos & Don’ts. This helps in creating a safety & security mindset which then becomes their second nature.

Posted in Hospitality Sector, India, training | Tagged , , , , , , , , , , , | Leave a comment

They Didn’t Train us…

Posted on November 14, 2013 by Administrator

“When a suicidal gunman entered a New Jersey mall on Monday night and opened fire, store manager Daisy Rodriguez locked the doors and hid in the back of her shop, nothing guiding her but instinct.”I was panicked. I was scared. I was just shaking,” said Rodriguez, 21, a manager at Soma Intimates in the Westfield Garden State Plaza Mall in Paramus. “They never trained us.” She adds…” November 8th. Reuters2013-09-21T145336Z_01_NAI122_RTRIDSP_3_KENYA-ATTACK

Following a long list of security events taking place in soft targets such as malls and hotels, I find myself dealing again with the subject of lack of security training for employees. Experience has shown us time and time again that once the security event/attack begins the first few seconds of reaction are critical to saving lives. In fact one could say that there is a mathematical equation factoring time and death.

It is our conviction that the effective creation of a security aware employee can only be achieved through a comprehensive system that gradually surrounds the community member with several layers, namely: the creation of awareness procedures for non-security employees; followed by the conducting of training programs for the formal distribution of security-related knowledge; and finally providing a continuous process of education which will provide employees with constant boost to the knowledge already gained. Together, they make up the Comprehensive Approach, an ongoing process that begins as soon as the employee enters the community and provides a ground in which security awareness becomes second nature to him or her.

Procedures – Employees have to be provided with a set of security procedures intended to help integrate security-promoting activities into their everyday routine. These have to create a common security-related terminology across the community, fostering motivation and improving communication.

Training – Training is a central element of the security program to enhance non-security community members’ participation in the security effort. It is designed to make employees more aware of the risks posed to the facility in which they work and help them assimilate the security-related procedures relevant to their position in the community. Besides conveying knowledge to the participants, training has from our experience the added benefit of elevating the level of motivation among employees.

Education – Employees will undergo the training component of the program upon beginning their work at the facility; however training is not a continuous process and its effect can therefore be assumed to weaken with time. Employees’ Education helps keep the level of security awareness at the facility high at all times. It is a continuous system that keeps on running in the background of the employees’ daily operations throughout their professional life span. This way employee’s receive ongoing reminders of what they had learned during training and their motivation levels are kept high as they are reminded of what they can do to make a difference.2013-11-08T214930Z_1_CBRE9A71OMK00_RTROPTP_2_USA-RETAIL

Posted in training | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Overcoming Resistance to Change and Cost Management in Hotel Security Training

Posted on July 3, 2013 by Administrator

Written by Asaf Amedi

The doctrine that guides every formidable security infrastructure comprises three essential security aspects: a sound security concept, well-trained human resources and advanced technology. The paramount importance of these three aspects cannot be further reiterated when you consider that the costs of prevention are a mere fraction of the possible costs of external failure in the form of damages and litigation. The following article focuses on the software of these three aspects for hotel operators that is the human resource aspect. The importance of the development of a uniform training system is most valuable in obtaining a highly competent force but yet security practitioners often face insurmountable challenges that inhibit training development and implementation, ranging from change resistance to prohibitive costs, to name a few.

Resistance to Change

Process changes undeniably affect employees, induce anxiety and trigger resistance, especially if they are drastic or cross departmental boundaries as adopting new security procedures do. If not mitigated, resistance can give rise to resentment, a scenario no employer wishes to be entangled in. The resistance may also stem from operational impact, turnaround times, customer satisfaction parameters, commercial considerations, comfort zones etc. which can make the change initiative look unpopular & unwelcome. Employee resistance, can however be prevented or mitigated through creation of an environment of mutual trust and flexibility. Employees need to rallied as participants contributing towards the betterment of a facility’s security for the welfare of its guests, not simply executors of standard operating procedures. Quite often, ground up suggestions from actual personnel involved can result in extremely insightful and valuable improvements, rather than purely top-down perspectives or that solely from external consultants. The entire organization Picture1needs to be involved towards a common purpose, not simply security personnel in silo.

Management commitment is a prime change agent in winning employees over and striding towards a common goal in implementing security training and change. Overcoming employee resistance to change is essential for both everyday security operations and in times of crisis, although unfortunately often overlooked. The difference between profiting in the long-term and short-term lies in how successful hotel operators enlist employees in the change.

Costs

Reiterating above, costs of prevention are a mere fraction of the possible costs of external failure in the form of damages in reputation, infrastructure, welfare and endless litigation. The protection that is accorded to all stakeholders including guests, employees, visitors, contractors, the physical structure of the premises and all that is contained therein and pertinent to the property, determines a hotel’s reputation and business conduct. Hotel operators are generally willing to spend on physical security system components as these are perceived to be generate longer term returns. Yet hotel operators are less willing to invest in necessary training of staff for reasons of its short term nature or due to high turnover rates. When they do, staff training is usually done in silo to a select group of security personnel.

What all hotel operators can cost effectively do is train all staff and not just security personnel on the importance of security, and areas to look out for in everyday operations and in times of crisis. Trained hotel staff who can identify and respond in an appropriate fashion to potential or actual risks, especially those on the frontline from the bellman to the chambermaid, are the perpetual eyes and ears of a hotel, and more valuable and cost effective than any advanced security system can be. Training programs may range from straightforward to highly complex hence there is no reason for hotel staff to not be given the opportunity for at least basic training on areas to look out for in everyday operations and in times of crisis, as well as appropriate reactive protocols.

Should resources be constrained or expertise lacking, hotel operators should consider outsourcing such tasks to qualified security service providers who will take care of provision of all training requirements and support services at fixed hourly rates. This allows for easier computation of budgets and free upper management to pursue other revenue generation activities. Depending on a hotel’s budget, a combination of security schemes can be explored for the most cost effective solution, i.e. engagement of independent consultants complementing in-house security management or entirely outsourcing all security tasks to qualified security service providers.

 Summary

All that being said, a hotel operator must not neglect conducting due diligence in selection of qualified security service providers, including verifying vendor licensing, reputation, references and stability. It is also crucial to examine the extent and depth of the proposal given in accordance with price quoted and ensure necessary areas are covered such as security screening process, training programs and materials, extent of supervision, support services and personnel wage structures

Mr. Asaf Amedi is Head of Business Development Singapore Office

 

Posted in Hospitality Sector | Tagged , , , , , , , , | Leave a comment

SECURITY IN THAILAND………

Posted on June 9, 2013 by Administrator

by Stephen Philips

Greetings from the Land of Smiles!

This country with its wonderful beaches and islands in the south, with its forested mountains and multitude of rivers in the north and its enchanted and dazzling temples Thailandthroughout the land, draws around 15 million tourists each year.

Visitors are drawn to Thailand not only for its beaches, islands and mountains but also because it is, or gives the impression of being a very “laisser-faire” society, where everybody can do whatever they want and nobody will complain or bother them.

Thailand is however, apart from being the Land of Smiles, also the Land of of Illusions. It is in fact not a “laisser-faire” society at all, but a land of strict mores and customs and the longer you stay and the better a visitor understands the culture, the more they will understand that “laisser-faire” behaviour is not only unacceptable, but can well be offensive to local Thais.

One of the most important illusions is that of Thailand being a safe country, it is not and the issue of security is an ever-present need that is very rarely met. Security is seen, similarly to Life Insurance, something that one does not want and indeed will not spend any money to implement unless one has experienced a disaster or is convinced by a very good salesperson and/or security expert that it is in fact an essential part of everybody’s life, citizens, tourists and every business.

Thailand is a country of seeming calm and relaxation, what is generally not known 2013-04-05t104805z_1_cbre9340u0700_rtroptp_3_thailand.grid-6x2however is that there has been a Muslim insurrection which has been going on for over 100 years (with a dramatic rise in intensity over the past 20 years), with thousands of related murders and disfigurements.

Thailand is a land of 65 million citizens. The state religion is Buddhism. Buddhists make up 95% of the population. Muslims (Sunni) make up 4% of the population, of which over 80% live in the four southern provinces along the Malaysian border, the Greater Patani region (Satun, Yala, Pattani, Narathiwat)

Greater Patani (which converted to Islam during the 15th century) was an autonomous region until 1902, when subsequent to an agreement between Malaya (Malaysia), Great Britain and Siam (Thailand) it was divided up between Malaya and Siam, much against the wishes of the local Muslim population. The four provinces absorbed into Siam became a province that was under direct rule from the Bangkok government. Sharia law was abolished in1902 but Islamic law was restored to a large extent in 1945.

History shows the vacillation of the various Thai governments  over the past century, towards the four provinces has ranged from appeasement to vicious implementation of Thai wishes and back to appeasement.

Generally the attitude of the Thai governments towards the four provinces has been one of mistrust, patronization and misunderstanding, whereas the attitude of the local Muslim population has been one of fear, resentment, disapproval of Thai rule and ongoing actions to undermine that rule.

One of the greatest challenges in implementing any form of security strategy in Thailand is the fact that the state religion is Buddhism, Buddhists making up 95% of the population. Perhaps the most striking aspect of Buddhism is the acceptance by Buddhists of matters and situations as they are and the related unwillingness of individuals and organizations to make or accept change as well as the unwillingness to confront people who are challenging the status quo or situations that develop despite the status quo.

Thus from the individual security guards up to senior government, police or military officers it is very rare that anybody will stand up and face evil or implement any action that will help to eradicate or even question that evil.

For those of us who love Thailand and who are able to recognize the situation, we have an obligation to make every effort to protect not only the 15 million tourists who visit the country every year, but also to protect each and every individual Thai citizen and resident from evil of every type.

We open our arms and welcome visitors to this Land of Smiles, our challenge is that we are also obligated to ensure that a psychology and understanding of security is implemented throughout the land, from top to bottom to ensure that we can face these challenges with the most formidable means at our disposal and with the help of those people and organizations outside of Thailand who understand how to deal with these challenges better than ourselves.

About Mr. Stephen Philips:

Mr. Philips is the Managing Director Asia Pacific region for Lotan HLS & Defense and the owner of Asia Hospitality Security.  Mr. Philips has held senior operational, marketing and management positions for key international industry leaders, including Four Seasons Hotels & Resorts, Le Meridien Hotels & Resorts and Raffles International Hotels & Resorts. is dedicated to the implementation of a security psychology and the related training, choice of technologies and implementation within the hospitality industry.

Posted in Thailand | Tagged , , , , , , , , , , , , , , , | Leave a comment

Extended Security Communities as Part of the War Against Terror

Posted on February 28, 2013 by Administrator

The report last week from India on http://uk.news.yahoo.com/hyderabad-blast-7-feared-dead-141443751.html caught my eye as well as my heart.

“At least 12 people have been killed and dozens others injured in two bomb blasts in the southern Indian city of Hyderabad which police have branded an act of “terrorism”. The blasts were about five minutes apart and took place in the early evening – the first going off just after 7pm local time.The first device went off near a cinema, and as people fled the area a second went off near a bus station, in the busy district of Dilsukh Nagar.

The bombs were attached to two bicycles about 500ft apart, according to Home Minister Sushilkumar Shinde.

Questions have been raised after it emerged Indian intelligence agencies received non-specific warnings of an imminent terror strike.”

The past several decades have seen official security agencies locked in battle against an adversary that continuously demonstrates its adaptability in the face of the security measures employed. All across the world, security deployments attempt to enhance their forces by adding personnel and technology to the protection of their facilities. While such attempts might meet some of the ever-evolving challenges posed by the adversary’s resourcefulness, they are inevitably constrained by economic factors, training restrictions, customer service issues etc.

Our extensive experience has taught us that protected assets are characterized by a large community of service providers, vendors, maintenance workers, and so forth. Most members of this community, while not formally trained in security matters, are characterized by great familiarity with the facility as well as a strong sense of commitment to its safety and to the wellbeing of its occupants.

Potential force multipliers who, while not ultimately engaged in security work, may nevertheless be harnessed to the effort of enhancing the facility’s security by detecting and reporting irregular activity around them.

Security awareness consists of two complementary cognitive factors that coincide in the mind of the security-informed community member: Appreciation of the threat and Comprehension of how it may be mitigated.

Possessing both Comprehension and Appreciation, the non-security community member is well equipped to effectively contribute to the facility’s security effort. His motivation to contribute to the effort increases, his ability to detect irregular activity is enhanced and his willingness to report it when encountered – boosted.

The past few years has seen an increase in training non-security communities but still many security heads are complaining that this has not lead to the desired results.

In my opinion, In order for us to begin implementing this concept we should first start with the changing of our terminology. We need to comprehend that these communities are part of our security deployment and are therefore an Extended-Security community and not a non-security community as they are called in many places around the world.

Let’s embrace them as part of the deployment and then we will be able to reap the benefits of the move. Imagine how these extended security communities could have saved the day In March 2010, in the German Bakery blast at Pune, in which a bag which contained the explosives was found un-attended at the bakery by its staff. Due to  lack of security awareness trainings, the staff didn’t know what to do & precious moments ( and hence the opportunity to mitigate the blast) were lost. The powerful explosion killed 17 & injured more than 60 people.

Written by Mr. Vikas Chauhan and Mr. Dotan Sagi

Posted in Aviation Security, Critical Infrastructure, India, Safe City, security Philosophy, Sports events, Uncategorized | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

The Checkpoint of the Future – Validating the Need for Change

Posted on July 20, 2012 by Administrator

Written by Mr. Itay Levin

It is a perfectly simple matter to explain the need for a change in the current approach to airport checks on passengers and the hand luggage they carry. A review of the attacks and attempted attacks in the last decade will lead us to the conclusion that the check made when a passenger goes from the check-in area to the departure gate does not provide an effective answer to the many and varied threats.

The security check is ineffective against the “target audience” it is intended for – it is irritating and burdensome for “innocent” passengers but does not provide a proper defense against terrorists.

We have to stress that the checking process is important but its implications for the flight process as a whole are highly significant:

  • High financial outlay – The Airports Council International (ACI) reported an increase in airport security costs from 7% to up to 35% of the overall budget in a decade.
  • Considerable waste of time – The check has become the most significant element of the total time spent at the airport. It has also led to aircraft spending more time on the ground and to a reduction in the number of movements each platform (aircraft) can perform or the airport can accommodate. Additional implications include missing connecting flights and more.
  • Serious damage to passenger service – Passenger service indexes are in constant decline due to prolonged waits and time wasting, and in many cases security staff have no service awareness. A serious deterioration in the relationship between the consumer public and the authorities is a direct result of lack of public trust in the ability of the authorities to provide genuine security.
  • Loss of potential profits – The prohibition on the sale or transportation of merchandise, the curtailment of free time at the airport, and other factors have led to huge losses for airport operators and airline companies.

Since the security check does not remove a considerable portion of the possibilities for attack, does not identify actual or potential hazards, and causes substantial damage to the industry it is supposed to serve, the question is why do we cling to this concept of security? Is there an alternative to the currently held view? Can better results be achieved by thinking afresh and developing new tools? Can we expect a better process in the future? And there are many other questions.

The industry served by the security procedures

Basic components of the world of aviation transport have not undergone any major changes for decades.

The platform has remained practically unchanged: The range, speed and capacity of aircraft have changed little. The threats have not led to the addition of any security measures, and most of the “classic” threats to aviation in the last 40 years are still there. As an exception we would mention the heightened threat level as a result of the possibility of using the dimension of cyberspace.

The infrastructure has practically not changed: The same terminals have been serving us for decades with only minimal changes and those built in the last few years have not changed in appearance. The dramatic changes in computerization and advanced communications have failed to make their mark on flight procedures and certainly not on the design of the infrastructure. Security measures that were initially implemented at the expense of passenger convenience and the commercial areas are freeing up some of the space and moving behind the scenes.

The service consumers have not changed: Flight has not become available to additional sectors of the population in the last two decades. The vast majority of the flying public has lost faith in the aviation security system and considers it a nuisance.

The service providers are divided among those airlines that have adapted to the creation of low-cost travel and those that remain stagnant in an attempt to survive in a clearly unprofitable industry. Airports which have traditionally been a business in which it has been difficult to lose money, have become less attractive for the most part.  Some have even lost large sums due to the need to make vast direct investments in security and because of other indirect repercussions of the increasingly stringent security requirements after each attack.

The majority of airline companies are in desperation over the inability of the security establishment to stop attacks but their financial situation does not permit them to contribute towards security.

The adversary

The face of the adversary in the aviation sector changes every 15-20 years. If the sixties were the years of the Cuban revolutionaries and the seventies and eighties belonged to the Palestinians, in the nineties it was the turn of the “Afghanistan graduates” who gained notoriety principally through Al-Qaeda and the movements associated with it.

Is a new adversary going to appear in the next few years and what form will it take? That is the key question when we are trying to identify the adversary and the type of operation that will be its hallmark.

What effect the flow of information will have on groups and individuals worldwide is hard to predict, but it is certainly possible to set out general lines and trends in light of the “Arab Spring”, the slaughter in Oslo, and other events.

Threats and vulnerabilities

Many security measures are currently being deployed without first defining the threats that face them and the vulnerabilities with which they have to cope. The failure to define these parameters clearly leads to lack of focus, waste of resources, and inability to achieve the level required to perform the tasks derived from the ultimate goals.

Defining the high-level objectives in the following way will help put the focus on strengthening weak points:

1. Preventing the blowing up of a passenger plane and its passengers.

2. Preventing an attack on an area of population concentration with a passenger/cargo plane.

3. Preventing and/or thwarting the hijacking of a plane.

4. Preventing/thwarting a mass attack at an airport.

5. Preventing the killing of passengers and crew in flight with a non-conventional weapon.

6. Preventing/thwarting a deadly attack on an airport’s computer systems.

The threat relevant to each high-level objective is determined on the basis of a number of parameters taken into account by every airline and airport.

For example I will consider the prevention/thwarting of a hijack. In this example we will examine the onboard precautions and then the precautions on the ground. In order to hijack a plane today, it is necessary to take command of the aircraft controls.

We will first examine whether this can be done by a remote takeover of the aircraft’s computers. Next we will examine the durability of the cockpit door and wall against weight and time. To demonstrate this point, I would explain that a plane flying over land and able to land in a relatively short time and a plane over the ocean represent two completely different scenarios. The cockpit door is locked and bolted, but as strong as it may be it will in time yield to weight on it as with any door. Another key parameter is whether the air crew is trained and equipped to combat a threat (flight crew – security guards). Has an on-board system has been installed to help the flight crew neutralize any hijack attempt? The security guards capabilities must be examined, since here too there is obviously a certain threshold whereby even an armed and well-trained guard cannot overpower a large number of attackers, and if he surrenders then his weapons will be directed against the cockpit.

In contract to the precautions in place and the crew, the tools the attacker is likely to use must be examined.  For example, will a simple weapon be able to force the cockpit? Is a loaded weapon suitable for achieving the purpose, and if so what type of weapon? Could a non-conventional weapon help an attacker successfully execute a hijack? Could a personal computer with a powerful transmitter take control of the aircraft’s systems? All these parameters will instruct us in the relevant reference threat for screening passengers and their hand luggage before they board the plane.

Risk management

Applying all the security precautions to every operation and implementing them at the highest sensitivity level is not the way to deal with the various threats. Risks have to be managed so as to allow the optimum level of activity for a reasonable risk. The risk level and probability must be determined by the governing body – the House of Representatives, the government, the President – and the ways and means by the regulator.

Summary

Designing the Checkpoint of the Future is essential in light of the ongoing failure of common sense and logic, economic considerations, and above all from an operative standpoint. The decision to protect human lives should apply to and be backed up by the proper action and tools to achieve that worthy end.

The knee-jerk reaction that has created endless “security solutions” to the dangers facing us is not the way to achieve the objective of effective security in the service of the aviation industry. All work done on the subject of the Checkpoint of the Future must look forward beyond the procedures currently employed.

 

Posted in Aviation Security | Tagged , , , , , , , , , , , | Leave a comment

Black Swans in the Security World

Posted on June 25, 2012 by Administrator

In 17th century Europe, they would use the expression “Black Swan” to refer to something impossible, because obviously only white swans exist and there are no black swans in nature. However, in 1697 the western world was astonished by the discovery of black swans in far-off Australia!!!

In other words, the unequivocal assumption that there are no black swans was refuted in a moment by one observation that proved the precise opposite. Since then the meaning of “Black Swan” has changed to an event that is considered impossible but that could later prove to be highly possible.

The “Black-Swan-Theory” was formulated by the philosopher “Nassim Taleb” and published in 2007. According to the theory, a black swan is an exceptional event of extremely great importance which ostensibly could not have been predicted – but from an historical perspective can be expected to occur once every so often.

Nassim’s “Black-Swan-Theory” has three main features:

  1. Extreme Exceptionality – Such an event is so exceptional that it is almost incomprehensible based on past events. It comes as a total surprise to its observer who will be amazed that it occurred.
  2. Dramatic Effect – The event has an extreme impact on the future.
  3. Could have been Predicted in Hindsight – Anyone looking at the event after it has occurred has the impression or belief that such an event could have been anticipated to occur from time to time.

In effect, Taleb’s black swan theory focuses on two features of the unpredictable:

  1. I.            Its momentous impact
  2. II.            The fact that despite everything its occurrence could have been foreseen.

Taleb argues that the vast majority of seminal events in history that were unforeseen at the time, in retrospect, when we look back, can be explained by rational causality.

A black swan is a High Impact Low Frequency Event – that is to say, the effects of such events on the future are extreme, but they occur at a low frequency.

The black swan theory maintains that a small number of black swans explain almost everything that happens in our world; from the success of ideas, via the flourishing of religions and the outbreak of wars, to the rise and fall of great powers, countries, and economies.

I would like to put the black swan theory into the context of security against acts of terror:

One example, and perhaps the most famous, that depicts the black swan is what happened in September 2001 in the U.S.A. – the aerial attack on the World Trade Center and the Pentagon. We will examine if this event meets the criteria for definition as a black swan.

  1. There is no doubt that it was an extremely unusual event in its impact, and all over the world everyone who witnessed it was stunned.
  2. It had an enormous impact in the period that followed and its effect can still be seen in every airport in the world. Security operations were stepped up dramatically and this had a profound effect on all the activities of the global aviation industry and on the colossal resources allocated to operations as a whole.
  3. In retrospect, unequivocal evidence and testimony were discovered of the growing strength of the Al-Qaeda movement and its intention to sponsor just such an event. There is also evidence that the party attacked had a great quantity of intelligence information prior to the attack.

Why do black swans occur?

One of the main reasons for the existence of black swans is to be found in the nature of man.

The disasters caused as a result of black swans are extremely rare events and there is a tendency to ignore the possibility that they will occur. The impact of these events is likely to be so great that it is convenient to ignore them and the signs that they are imminent. Ignoring them in this way leads to a 100% certainty that when the disaster occurs, it will be a multi-victim one.

First conclusion:

When a terrorist organization tries to create a black swan, its purpose is to sow terror, to shock and to strike an effective blow to the consciousness of the party attacked.

Nassim Taleb analyses the three main illusions that prevent man from relating correctly to history. The writer calls them the “three blocks”:

  1. The Illusion of Understanding – Everyone thinks he knows the world around him. The world however is more complex than it seems and the great majority of circumstances and connections are simply lost on us.
  2. Distorted Retrospection – We can only evaluate situations after the fact. Then, everything appears obvious and predictable.
  3. Overrating of Indicative Factual Information and the Limitations of Intelligent People and Experts – If we honestly examine a large part of these “black terror swans”, they are undoubtedly the creations of human planning and it is possible to foresee their occurrence. We have to process our thinking and enter into the attacker’s mind so as to anticipate how he will act, however exceptional that may be.

Second conclusion:

A man-made black swan can be foreseen if we employ the “appropriate” thought processes to identify the tell-tale signs.

There is a high probability that black swans (whether acts of terror or natural disasters) resulting from inactivity or lack of preparedness can be prevented but only if we take a proactive approach to planning for the extreme scenario. Early and precise planning allows us to identify all those weaknesses and vulnerable points the opponent will try to exploit, and bolster them against a threat, thus preventing a dramatic impact. In the context of security, if we conduct a professional review of the risks and pinpoint both the threats and the weak points, the probability of a black swan will be drastically reduced. Such a review must include the following equation:

Damage x Probability  =  Risk

Third conclusion:

Calculated risk management allows us to deal with extreme situations.

Preparedness, no matter how thorough, is not enough to win, since the opponent will always have the advantage of being the instigator. He will try to gain the upper hand through tactics, deception and surprise. A terrorist will try to surprise in at least one parameter: location, time and means, whereas the victim, if he wants to prevent an extreme event, needs to act at peak capability to neutralize the attacker and foil his plans.

Fourth conclusion:

A black swan can be avoided if we succeed in surprising the attacker, foiling his plans, and putting him off balance.

Fifth conclusion:

The recognition that it is certain that a catastrophe will occur must be at the basis of the awareness of all security personnel – we may be surprised but we must not be stunned.

How can we deal with black swans the moment they occur?

In his black swan theory, Taleb recommends, therefore, considering the possibility of a disastrous collapse in a certain sector as being certain, and being prepared to deal with it. This is basically a recommendation to be mentally prepared with the aim of keeping the awareness level functioning at peak capacity.

Summary:

A proactive security setup based on managing risks and pre-emptive action to put the opponent/attacker off balance will have a high probability of preventing a black swan.

Written by Mr. Itay Levin

Mr. Levin has just recently joined Lotan Security and is an expert in the area of protective security with extensive experience in aviation security, security systems management, critical infrastructure and corporate protection. Mr. Levin’s experience is based on his past work managing international aviation security systems spread over a wide geographical area for ELAL Airlines Security.  His responsibilities included managing the officers in charge and supervising projects and large scale operations.  He was responsible for hundreds of employees and thousands of day-to-day security operations in a highly competitive commercial environment for 10 years, many of them during an era of high profile terror attacks.  This unique combination of maintaining the highest security standards while taking the needs of the commercial environment into consideration are what helped to make him unique in the industry and a leader in the field.

 

Posted in security Philosophy | Tagged , , , , , , , , , , , , , , , , , | 1 Comment