Aviation Security Incident

Why We Need to Switch to a Risk-Based Security Model – School Stabbing at Franklin Regional, Active Shooter Incidents at Fort Hood (twice), LAX, and The Washington Navy Yard.

Posted on April 15, 2014 8:42 pm by Caroline Ramsey-Hamilton Comment

When I turned on the news today, I was in the middle of writing an article on the 2^nd Shooting
at Ft. Hood from last week, and then saw that there had been a violent knife attack at a
Pennsylvania high school, with 20 casualties and at least eight injured critically, the next day,
there was a hate crime shooting at the Jewish community center in Overland Park, Kansas.

Once again, we see violence on a mass scale, the FBI has been brought in, and next will come
information on the victims. With two major events, in two weeks, what can we deduce about the
security in place at both Franklin Regional High School, Pennsylvania, and Fort Hood, Texas.

NEWS FLASH: THE CURRENT SECURITY MODEL IS NOT WORKING!

CURRENT SECURITY MODELS

Disaster preparedness is improving, Emergency Management is working, but security is
still not where it needs to be. It is a systemic problem based on the fact that security around
the U.S. is still locked in a REACTIVE mode, not a PROACTIVE mode.

The main reason for this reactive mode in security organizations, is because most security
officers come from a law enforcement background, with a model which is based on crimes
and arrests, and it is totally REACTIVE. A crime happens and police officers go into action
and arrest the perpetrator(s).

CRIME HAPPENS = PERP IS IDENTIFIED = PERP IS ARRESTED

Unfortunately, this reactive model does not work for preventing security incidents and mass violence
because it is INCIDENT DRIVEN, not Risk-Driven. It focuses on individuals, not on a more holistic,
generalized view of Threats, and it totally leaves Solutions (Controls) out of the equation.

After studying pages of after action reviews, post-incident analyses and media sources, the one
recommendation that makes sense is that organizations need to switch to a RISK-BASED,
PROACTIVE mode for security to work.

This was highlighted in a remark made by a Pentagon official, commenting on the 2^ndFort Hood
Shooting on April 2, and the fact that new DOD recommendations for security, had just been released.

“After the Navy Yard shooting in September 2013, another round of recommendations were made
to improve security at all DOD installations, however, a Pentagon official said that the new
recommendations had not yet been put into effect at Fort Hood. At Fort Hood, very little had
changed from 2009 regarding security procedures for soldiers at the entrance gates.”

The question for the Department of Defense is “how could this happen again at the same military
base? I took extra time to study the 89-page document called An Independent Review “Protecting
the Force”, one of 3 reports created after the initial Fort Hood Shooting, whene 13 were killed, and
43 injured.

If you look at the recommendations, they are very bureaucratic and procedural. They could have
been written by an efficiency expert, not by anyone with a background in security, and covered things
like policy changes, and having screening for clergy and psychologists, and improved mental health
programs. These are all important, but they do not provide a secure environment.

The LAX after action analysis’ Number One recommendation was to change
the security focus to a Risk-Based approach.

RISK-BASED SECURITY

The problem with a reactive approach is that you can’t screen and lock down everyone. At Fort
Hood, for example, there are 80,000 individuals living on the base, and probably hundreds of
visitors who go in and out every day. It’s impossible to assess the mental health, and the
‘intentions’ of all of them.

That’s why a Risk-Based Approach works – because it focuses on the potential threats and then evaluates the existing controls to see whether they offer the required amount of protection based on the likelihood of the threat occurring.

You stop violent events by controlling access and by controlling weapons. No matter how unpopular they are, you use metal detectors at certain points, you use security officers at key entrances, you control entrances and exits.

Once the event starts, you can improve security by having faster notification (panic alarms), ability
to block, or disable weapons and attackers, adequate transport, better emergency response, but to
avoid the violence, you need to have strong access control.

The Risk-Based approach makes use of annual risk assessments that are holistic in nature. They
are not done in stovepipes, they include the entire organizations, they include input from staff
members, visitors, students, vendors, soldiers, patients on how they see security from their point
of view, which is always dramatically different from management or administration.

A risk-based approach requires an organization to:

Define potential security risks.
Develop standardized risk assessment processes, for gathering and
analyzing information, and use of analytical technology
Risk-Based Security focuses on PREVENTION OF NEW INCIDENTS
whether they are active shooter, general violence, etc.
Enhances security’s ability to rapidly respond to changes in the threat environment.

MORE BANG FOR THE BUCK

According the LAX (LAWA) after action report, “Simply adding more security does not
necessarily provide better security. Determining priorities and where to achieve great
value for the dollars invested requires regular, systematic assessment of the likelihood
and consequences (risks) associated with a range of threat scenarios that morph and
change more quickly now than ever before.

Collaborative engagement in a security risk assessment process across the community builds
the buy-in needed to develop and sustain a holistic security program over time. Leaders must
be open to challenging established practices and demonstrate a willingness to change direction”.

Making the switch to a Risk-Based security program is the best recommendation for those who
want to protect their staff, students, patients, vendors, clients, soldiers, and visitors from a mass
casualty event, or for all the organizations who don’t want to have a terrible incident happen in
the first place!

Caroline Ramsey-Hamilton

President, Risk and Security LLC

Caroline@riskandsecurityllc.com

www.securityinfowatch.com/blogs

www.riskandsecurityllc.com

Loss of Malaysian Airlines Flight Points Out Airline Security Weaknessess

Posted on March 24, 2014 12:02 pm by Caroline Ramsey-Hamilton Comment

Monday, March 25, 2014.

This morning the Malaysian Government stated that based on all their “new”
calculations, they have concluded that Flight 370 went down in the southern
Indian Ocean.

Has terrorism been counted out for this flight – no. Until the whole story is known,
it will be impossible for anyone at this point to say that this happened because of pilot
error, mechanical failure, bad weather, or anything else. However, as we watched
the near continuous news coverage of this ill-fated flight, it was impossible to ignore
the many security weaknesses that were revealed as the drama played out, and
experts proposed possible new theories, even alien abduction!

The airlines around the world, and even the Federal Aviation Administration (FAA),
have always maintained their unique security standards, unlike other industries
which have generally accepted security practices that are used worldwide. This
standardization of security elements has made it easier for multinational corporations
with offices worldwide, to secure their supply chains, ensure improved safety and
security for their employees, contractors and vendors, and, in my opinion,
contributed to making the world a safer place.

Unfortunately, this uniformity and standardization of security practices is not
mirrored in the airline industry globally, and even blatantly ignored by other
airlines, operating in other countries.

International travelers often see the little sign that says something like: THIS
AIRPORT HAS BEEN CLASSIFIED AS UNSAFE. Of course, because these
airports are often the only airport in the country, they are used anyway.

But the fate of Flight 370 has shocked some security experts by uncovering the
lack of security at a respected airport, generally thought to be safe and secure.

For example, right after 9/11, the FAA moved quickly to security the cockpit of
U.S. planes, and keep them locked and secure during flight. So it was quite a
surprise to have a young girl smiling and telling CNN how she partied with the
co-pilot in the cockpit during a recent flight.

“The FAA rule sets new design and performance standards for all current and
future airplanes with 20 or more seats in commercial service and all cargo
airplanes that have cockpit doors. Specifically, the rule:

Requires cockpit doors to remain locked. The door will be designed to prevent
passengers from opening it without the pilot’s permission. An internal locking device
will be designed so that it can only be unlocked from inside the cockpit.

Controls cockpit access privileges. Operators must develop a more stringent
approval process and better identification procedures to ensure proper
identification of a jump seat rider.”

As the tragedy has unfolded day by day, security experts can see vulnerabilities
in the way security controls are both either not required or are not correctly and
consistently implemented on planes around the world.

The “Tombstone Mentality” of the airline industry and civil aviation organizations now
have the tombstones for 370 individuals, and everyone hopes that even though we
don’t know know exactly why this flight went down, we can all see that there are
weaknesses in international security that need to be addressed in the aftermath of
this tragedy.

The LAX Shooting and the Active Shooter Threat

Posted on November 3, 2013 9:26 am by Caroline Ramsey-Hamilton Comment

With the 3^rd Active Shooter incident in less than 45 days, you are probably wondering what is happening here? Why are we having so many active shooters?

There are not any easy answers, but one thing is certain, all the shooters in the Navy Yard Shooting, the Sparks Middle School shooting, and the LAX Shooter all suffered from psychological problems.

In the LAX shooting, the shooter ‘s parent had tried to contact the police because of a suicide text they had received, but it was already too late.

Police red tape being what it is – thorough, the urgency was lost and the incident was already in process before anything had been done.

BUT NOTE: The text was a HELP ME. And it was noticed, but not followed up in time.

All these shooters had major mental issues, that people had noticed, and
that people had remarked on, and that people had worried about.

We don’t know where all the guns in the incidents were purchased, or just picked up at home and taken to the scene.

BUT we know that most of the active shooters had mental issues, which means that the screenings must be approved, and more help available for these individuals, before they can kill or hurt others.

Remembering the Tragedy of 9/11

Posted on September 11, 2011 2:21 pm by Caroline Ramsey-Hamilton Comment

Today is the 10^th Anniversary of 9/11. Like most other Americans, like the Kennedy assassination so many years ago, the memories are indelibly burned into my soul.

On September 11, I was flying to a conference in Chicago, so I got up at 5 am to catch the 7:45 plane from BWI to Pittsburgh. I was on the next plane to Chicago and it boarded at 9:35 and pushed out onto the runway. I was waiting for it to take off when my cell phone rang and it was my son, Michael, who said, “They flew a plane into the Twins Towers in NYC”. As a security professional, I knew what that meant.

After a confusing 15 minutes, the plane went back to the gate, and they told us the flight would be delayed for 6 hours, but as we walked off the plane, the man next to me got a call on his cell and said, “They hit the Pentagon”.

There was a hotel at the Pittsburgh Airport so I immediately ran over there and checked in because I knew there would be no planes leaving today, I noticed the huge crowd at the bar, watching the TV. My brother worked in NYC, my sons and friends were in DC, so the phone lines weren’t working, but I signed on to AOL and was able to connect with them to say I was all right.

They evacuated the airport, but I was up in my mini command center by then. I must have gotten 400 emails that day and I was watching the coverage on TV and crying, and then I heard about United Flight 93.

It took me about 2 days to get home. A friend DROVE from the conference in Chicago to Pittsburgh and picked me up at midnight on 9/11. We drove together through the Appalachian mountains to her home south of Philadelphia. She had small children and wanted to get home fast.

We arrived at about 9 am on 9/12, after driving all night. I slept for 4 hours on her son’s bed, and then her husband took me to the Amtrak station at Wilmington and I took the train back to BWI. It felt like I was moving through a bad dream.

Next, I tried to get my car, which was in the parking structure by the terminal, but it was blocked and they said I wouldn’t be able to get my cars for several more days, so I took a cab back home.

I remember driving up my street and seeing the American flags on houses, and I remember thinking about why I didn’t know all these neighbors and how I would change that in the future. I remember how blue the sky was, not a cloud, not a plane. It was surrealistically quiet.

I know several people who were killed in the Pentagon, and many in NYC who were dramatically affected, including the children in the NY suburbs who got called out of class one by one, to hear that their father, or mother was gone.

My theory is that people who lived on the west coast didn’t feel the impact quite as much as we did – who had been to the Pentagon every week, and been in the Twin Towers.

A friend of mine in San Diego who was proud of not having a TV, and who got up early that morning to order a sheet set on QVC. She was in the middle of her order when the operator started crying and could not continue – she kept telling Kathy, “please turn on the TV and call back tomorrow”.

Just for me, I think I am permanently damaged by what happened on 9/11, and I think the whole country shares a continuing sorrow and grief from this event.

We won’t let it happen again.

TSA – Why pat-downs are ridiculous and after 9 years – they still can’t spell RIS*K management. Follow the money.

Posted on November 23, 2010 1:29 pm by Caroline Ramsey-Hamilton Comment

Every fifteen minutes, the media is full of images of children being patted down at the airports. The media is stirring up the porridge on this story. But think for a moment – TSA is spending 90% of it’s budget, resources and energy on passengers who are not and will never be a threat. And that leaves only 10% to spend on legitimate and potentially dangerous travelers. This raises several questions.

First – why? When the DHS espouses it’s emphasis on RISK MANAGEMENT – it’s clear that they don’t follow it. The private company that runs the screening programs makes substantially more money by screening everyone, if they only had to screen real suspects – their income (which is over $8 Billion per year) could be cut in half!

By applying the risk management principles that are in their charter – they would be able to spare the poor traveling public and spend more time and more resources on checking and double-checking the potential terrorists.

Most rational people can watch an airport scanner line for two hours and realize it is an enormous waste of resources for very little results and testers can routinely smuggle in knives, lighters and whatever else they want.

The inability of TSA to adopt a rational approach to airport screening – and remember – they still don’t’ screen the cargo riding on the same plane – is just lining pockets including the lobbyists who have been pushing the extra-expensive full body scanners.

The justification for this big expenditure is that is avoids the dreaded “profiling”. We should be profiling – we should be checking people who like to visit Yemen for Easter. We should be doing intense screening of young men between the ages of 18 and 30 who have recently traveled in or out of Pakistan.

Here’s a partial list of who we shouldn’t waste time and resources screening:

Children under 10
Active and Retired Military
Civilian Federal Employees
Civilian Federal Partners
Members of a ‘Preferred Traveler Program’
Individuals who opt for an intensive background check
Senior Citizens over 70

But you know what they say – Money Talks… and it’s talking to me this Thanksgiving week.

Do Terrorists have Lower IQ’s?

Posted on January 12, 2010 1:42 am by Caroline Ramsey-Hamilton Comment

Is it nature or nurture? Do you think there’s a correlation between the intelligence of a person and their choice of terrorism as a vocation?

I’m not talking here about the brilliant, twisted strategists who create the idea of the revolution. I’m talking about the mules – the new recruits who can’t wait to blow themselves up for the cause. Or shoot and kill innocent people – like the Holocaust Museum incident in 2009.

Take “The Underpants Bomber”, for example. If he REALLY wanted to blow up the plane, why didn’t he go into the bathroom and light himself up there? Why go back to his seat where it is always crowded anyway? Only one conclusion can be reached – he is stupid! He suffers from a serious flaw in his reasoning ability.

One of the most interesting films I have seen recently was done by Fareed Zakaria and which aired on HBO. It is called, “Terror in Mumbai” and Fareed narrates it.
Take the forty-five minutes needed to watch it because it is incredible and goes right to my point about terrorists being dumb.

After the Mumbai bombing attacks started, the government was able to hook up to the actual cell phones being used by the terrorists to communicate with the Big Brain Terror Leader ( also called his Controller, or Handler??) back in Pakistan. So the movie is actually the real conversations between the operatives and their Controller.

At one point, the Controller tells them to set the hotel mattresses on fire. They try but can’t get a fire going, so the Controller screams into the phone – go back and light them again.

The on-the-ground terrorists seem to have no idea of how to kill anyone, and are almost goaded into doing it by the Controller on the phone who has to explain to them what to do next, and who you hear him screaming into the phone, “Shoot him in the head”.

They seem almost like puppets and, as you watch the movie, you realize that these guys couldn’t terrorize anyone on their own. They are uneducated, unsophisticated young men who probably would have gone sightseeing if the Controller hadn’t kept a tight rein on them.

Some people think there are more of these unthinking people around than the thinking kind. I hope that isn’t true, and it really speaks to the power of education and sophistication as the best weapon we have against this sort of mindless terrorism

Categories:
Aviation Security Incident
Facilities Security
Terrorism

Fireworks Ignite After Latest Airline Terrorism Incident

Posted on December 26, 2009 9:06 pm by Caroline Ramsey-Hamilton Comment

It was a surprise to see the biggest news on Christmas was that a Nigerian terrorist managed to get on a plane coming to Detroit from Amsterdam with some sort of explosive strapped to his leg.

AND – the alleged terrorist was on the NO-FLY LIST. Just think about this for a moment. A recent paper from the Naval Postgraduate School on Homeland Security estimated that the costs of the no-fly list, since 2002, range from approximately $300 million (a conservative estimate) to $966 million! And after spending over $300 million, the terrorist is able to get right on the plane, WITH EXPLOSIVES STRAPPED ON, and fly to the U.S.

Besides being a risk expert, I was mom who didn’t let her boys have toy guns. So imagine my shock at THINKING (to myself) that maybe we should let certain
Cleared passengers fly PACKING.

The passengers on the flight under discussion are the ones who subdued the perp, and I have a feeling that US airlines passengers would all be happy to take over their own security while flying the un-friendly skies.

Despite spending billions on patting down the grannies and business travelers along with 9 year old girls – someone can still board a plane and fly right into the U.S. with
explosives strapped on.

A simple risk formula applied to this entire passenger screening program shows that the entire TSA passenger screening program is too expensive for the results they are getting. The biggest cost waster is the idea that every single air traveler is treated exactly the same way. This is the elephant in TSA’s conference room. Every traveler is NOT the same. The most simplistic metrics show that:

1) Terrorists are more likely to be men.

2) Women over 60 are not likely to blow anything up.

3) Small children and federal employees are unlikely to be
Smuggling in explosive devices.

As the noted expert, Stephen Flynn, pointed in his book, America the Vulnerable, this policy creates huge cost, creates inefficiency and does not stop the dedicated terrorist.

Instead of being run as a gigantic stimulus program for the underemployed, TSA should sharpen it’s focus and began to start a true profiling program. A profiling program doesn’t have to target certain groups or type of individuals, but it should work towards automatically EXCLUDING the large groups of people who are unlikely to be a threat; let them opt for “cleared” status by completing a background check, and if these many individuals were automatically cleared, it would leave the TSA screeners more time to MORE RIGOROUS checks on potentially dangerous individuals, and ENSURE THAT PEOPLE ON THE NO-FLY LIST — DO NOT FLY!

Sounds obvious doesn’t it, but instead, the U.S. budget is being squandered on thousands of unnecessary screens, while the potential targets are not getting the indepth, and in-airport screenings they need to have.

These inane policies are not just indefensible – they are dangerous – and the latest incident just proves the point.

Categories:
1
Aviation Security Incident
Risk
risk assessment
Risk Assumptions
Terrorism
Threat Assessment
TSA Passenger No-Fly List

Tags:
Airline Security
Aviation Security
risk assessment
Terrorism
TSA