— Volume V No. 1: January 2009 —

The Terrorist Threat to Inbound U.S. Passenger Flights: Inadequate Government Response

Anthony Fainberg

INTRODUCTION

Seven years have elapsed since Richard Reid, a British citizen partially of Jamaican extraction, tried to detonate a shoe bomb aboard an American Airlines flight departing Paris and bound for Miami. The flight was diverted to Boston after his attempt failed. Reid has since been tried and convicted of attempted mass murder; evidence presented at his trial indicated that he was an al Qaeda operative who acted with technical and logistical help of others in that organization. He had, in fact, proclaimed his allegiance to Osama Bin Laden, had traveled to Pakistan and Afghanistan during the previous year, and has been identified as an al Qaeda trainee, at the least.[1] He had also, apparently as part of his efforts for al Qaeda, earlier assessed air security procedures in Israel and reported that security measures were too stringent to expect a high likelihood of success in an attack on a plane there. So he (and his collaborators) decided to attack a U.S.-flag carrier, departing Charles DeGaulle Airport in Paris. Reid used a now famous, home-made chemical explosive – triacetone triperoxide (TATP) – as a detonator, but the main charge in the shoe was composed of pentaerythritol tetranitrate (PETN), commonly used as both a military and a commercial explosive.

Because of his bizarre behavior and strange travel plans (e.g., no luggage for a transatlantic trip), Reid had been blocked from boarding the flight on December 21, 2001[2] by the personnel of a security company hired by American Airlines. He had been interrogated for some time, but security personnel could find no incriminating evidence or other reason to persuade the carrier to deny him boarding rights, and so he was permitted to get on the same flight on the following day. He then tried to destroy the aircraft in flight with his bomb. That he failed was not due to classic security measures or systems but rather to the bravery of a flight attendant (who detected his efforts) and several passengers who assisted her in subduing the criminal.

It was unfortunate that French airport security had no explosives detector at hand that could have found the telltale traces of chemicals on Reid or his clothes. If they had, they probably would have detected at least the PETN on Reid’s shoes, if not on other parts of his body or clothing. We know this because traces of this chemical were found in considerable quantity on the inside wall of the aircraft where Reid sat and against which he placed the bomb – his shoe – while trying to set it off. These traces were easily found three weeks after the fact, even following cleaning of the aircraft.[3]

This essay asserts that the terrorist threat to global civil aviation continues to exist and that the United States aviation system remains a principal target, particularly of al Qaeda. Historical evidence will show that this threat is currently more serious overseas than it is domestically and that the terrorists’ modes of operation often include the introduction of explosives aboard aircraft by passengers. Noting that explosive trace residue detection technology, currently deployed in the United States, could help mitigate this threat, this essay urges that the United States require the application of such technology overseas on flights inbound to the United States. In the past, the Transportation Security Administration (TSA) has been reluctant to act in this direction, probably out of concerns for the sensitivity of the sovereignty of other nations. However, taking note of the fact that the United States already imposes aviation security requirements on inbound flights, and has done so for years, this essay argues that diplomatic means already exist to improve our response to aviation terrorism overseas and that these means should be applied.

The Historical Problem

Since Richard Reid’s attempt, there has been one other similar and major aviation security incident with a less fortunate result. This was a successful pair of attacks on commercial aircraft in which explosives were brought on board by passengers. Chechen women carried bomb vests on two Russian domestic aircraft on August 24, 2004, detonating them in flight and killing all eighty-nine persons on board the two airplanes. No trace detection systems were in place or used on departure; the women had reportedly bribed air security personnel not to inspect them too closely or demand to see identification.

Attempts to simultaneously destroy many U.S. aircraft simultaneously, with the likely hope of eliminating global commercial air travel for many weeks, date further back, at least to 1995 and the “Bojinka” plot in Southeast Asia. This plan was organized in part by terrorist mastermind Khalid Sheikh Mohammed (identified by U.S. authorities as the main organizer of the 9/11 attacks), along with his nephew, Ramzi Youssef, who also organized the first attack in the World Trade Center in 1993.[4] A stream of known incidents since 9/11 confirms the interest of terrorists in targeting civil aviation.[5] All of these incidents had their origins in other countries, not in the United States. The London bomb plot of August 2006 is perhaps the best known of recent cases. In addition, there was the June 30, 2007 attack on Glasgow airport itself, carried out by Islamic extremists. This latter was not an attempt to bring explosives on an aircraft but did demonstrate the intent to target civil aviation.

Although major aviation-targeted incidents have not come to light every year since 2001, we should not be lulled by the sporadic nature of low statistics. As noted here, and in the endnotes, such incidents have occurred in 2002, 2004, 2006, and 2007. In the field of terrorism, an absence of reported activity for a year or two does not mean that we do not have to worry. Further, government officials may well have more information on the terrorist threat to civil aviation, both at home and overseas, than is publicly available. One may glean this, for example, from worries expressed in a 2002 statement by the Federal Bureau of Investigation5 and in the much more recent statement of Secretary Michael Chertoff before the National Press Club on September 10, 2008.[6] The focus on civil aviation as a terrorist target is also consistent with al Qaeda’s somewhat unimaginative and obsessive-compulsive practice of repeatedly using an attack tactic – if it appears to them to be a good idea – even when it does not succeed at first.[7]

In the seven years post-Reid and four since the Chechen attacks, the U.S. government – that is, the TSA – has apparently not acted to assure that passengers on all foreign commercial flights into the United States be subject to screening for explosives, using chemical trace or vapor detectors. This is in spite of the fact that, for years, the TSA has deployed thousands of pieces of such equipment for use in U.S. airports.

Standard risk assessment and risk mitigation formalism indicate that, given equivalent consequences, one should generally try to reduce vulnerabilities where threats are higher. The apparent inaction of the TSA in regard to flights originating overseas appears to violate this principle. Threats to civil aviation are most likely greater overseas than they are in the United States, but the vulnerabilities of U.S.-bound overseas flights to terrorist attacks are greater than threats to domestic flights, not less. This is because equivalent technical security measures applied to civil aviation in the United States are not required for the overseas, inbound flights.

Where is today’s technology relative to that of the recent past? If anything, today’s trace chemical detectors, used in domestic U.S. airports, are even more capable than those of several years ago. They are able to detect TATP, in addition to other explosives and oxidants that have often been used (or planned to be used) to construct terrorist bombs for detonation aboard aircraft.

These detectors are relatively inexpensive ($25,000-40,000 each), quick to acquire, widely used in United States airports, well understood by aviation security authorities, and easy to operate. Any traveler flying commercially in the United States since 9/11 has almost certainly seen these detectors: they are mostly the size and shape of a breadbox – although some more experimental walk-through portal “puffers” are now being tested – and are located at security checkpoints. The breadboxes are characterized by the sad fact that they are used quite rarely.

Furthermore, even though the 2006 plot against U.S. commercial jets was London-based and involved attacking flights originating in the United Kingdom, newer models of detectors devised by the TSA to counter that particular threat are being pilot tested in the United States but are not (as of this writing) being tested abroad. It would appear that the United States is reluctant to deploy effective technologies outside the country, even on a test basis. Unfortunately, at the risk of being repetitious, outside is where the greatest threat currently dwells.

Use of this trace detection technology would have two effects. First, when properly applied, it could effectively detect attempts to bring explosives onboard aircraft. Second, the deployment and use of such equipment would at least deter terrorists from using this pathway to attack civil aviation. In the past, terrorists have used “dry runs” to test the effectiveness of aviation security. The 9/11 terrorists, in particular, ran many such trials. Therefore, yet another advantage of deploying trace detection technology would be that security authorities could then look for attempts by terrorists to probe the effectiveness of this new technology overseas, thus providing another means to counter attempted terrorism.

The Institutional Problem

Why has the TSA decided not to provide passengers on U.S.-bound flights from foreign airports with the same explosives detection equipment required for securing domestic air travel? The answer is unclear. Some reports, mostly from private statements by government officials, indicate a fear of diplomatic resistance from other nations, who would, it is said, object to the imposition of American security requirements. If true, this concern may be based on a misunderstanding of U.S. ability to impose security on flights into the U.S. from elsewhere. It is true that the sovereignty of other states certainly could become an issue. However, this sovereignty can be and has been respected while, at the same time, assuring desired levels of protection. The U.S. government has taken steps to enable this.

Following a spate of terrorist attacks in the Middle East in the 1980s, including the hijacking of TWA Flight 847 after departing Athens, the U.S. Congress passed the International Security and Development Cooperation Act of 1985, which, as reflected in 49 U.S. Code Section 44907 – Security Standards at Foreign Airports – requires the government to assure desired levels of security on flights into this country. If foreign governments do not agree to the employment of such measures, paragraph (d) (1) (D) specifically states:

The President may prohibit an air carrier or foreign air carrier from providing transportation between the United States and any other foreign airport that is served by aircraft flying to or from the airport with respect to which a decision is made under this section.

The authority for U.S. government action unquestionably exists.

On the other hand, perhaps the government feels that, eventually, this problem will be solved by the voluntary actions of foreign airport security authorities. It is true that a few nations have, on their own, begun to use trace detectors on outgoing flights, at least on an occasional basis. But there is no guarantee, or even likelihood, that these detectors will be required by foreign authorities for all U.S.-bound flights in the near future. Nor is there any evidence that the U.S. government has taken steps to assure widespread overseas deployment of such equipment. Such steps should be taken.

In a related context, the TSA has made public its reticence to interfere with the aviation security practices of other nations. It recently stated explicitly, in a report by the Government Accountability Office (GAO), that it will not “impose its security requirements on foreign countries.”[8] This is in reference to a different but equally disturbing security gap – one that continues today, domestically as well as overseas – having to do with inadequate screening for explosive devices in cargo aboard passenger aircraft. Congress has required 100 percent screening of such cargo for explosives by August 2010. TSA is now taking steps to meet this mandate for flights originating in the United States, but not for those originating overseas.[9] This method of attack – placing explosives in cargo – has been attempted by terrorists in the past.

Somewhat in contradiction to the TSA statement cited above is the recently announced “Joint Statement of Purpose on Coordination of Efforts to Enhance Air Cargo Security” between the TSA and the Energy and Transport Commission of the European Union.[10] While not specific in technical detail, this accord does express an agreement with other nations to develop “compatible standards and practices to enhance civil aviation security,” aiming at the “rapid introduction” of detection technologies for air cargo security. Thus, at least on this level of generality, and dealing with air cargo, there is a demonstrated willingness on the part of TSA to engage our overseas aviation partners. Similar efforts could and should be devoted to the use of appropriate technologies for the screening of passengers.

Any reluctance to require other countries to impose U.S.-approved security measures is not ruled by precedent; in fact, it runs counter to past practices. Over the past several decades the U.S. government, through the Federal Aviation Administration, has negotiated bilateral security agreements with several countries hosting the “last point of departure” of a commercial flight into the United States. These accords were usually arrived at in fairly collegial fashion. The hidden, but well-understood leverage for the FAA was the knowledge that, if an agreement were not reached, the United States could and would eventually prevent aircraft from the country in question from landing at U.S. airports. This approach worked quite well in terms of negotiating agreements with a minimum of fuss and discord.

The U.S. government has taken action against some nations for lax security standards. The International Security and Development Cooperation Act, cited earlier, was invoked when flights between the United States and the Murtala Muhammed International Airport in Lagos, Nigeria, were banned between 1993 and December 22, 1999.[11] Milder forms of sanctions have been imposed on other countries from time to time: for example, warning notices have been posted on occasion in U.S. airports to inform passengers bound for Haiti and Indonesia of security concerns there. Similar concerns over airport security – which could have led to such postings – were expressed to the government of Greece in 1996.

Another example of the ability of the United States to affect aviation security practices overseas is secondary screening (that is, screening in addition to that employed at the standard airport checkpoint) on U.S.-bound flights. Such screening has been arranged in the past through FAA-proposed modification of bilateral agreements and practices. This occurred, for example, following the destruction of Pan Am 103 by Libyan-supported terrorists in 1988. The screening was performed by air carrier personnel in some locations and by local authorities in others, where local laws required the use of local nationals in such security roles.

Indeed, in the case of U.S. carriers operating inbound flights, no particular agreement is even needed with the host country: TSA and FAA regulate these carriers when operating either domestically or overseas. Security plans governing overseas security measures for U.S. carriers operating overseas, known as Air Carrier Standard Security Plans (ACSSP), were explicitly approved by the FAA for the U.S. government. Today’s analogous version, with TSA now the cognizant authority, is the Aircraft Operator Standard Security Plan, under 49 CFR Part 1544. Foreign air carriers flying inbound are not de jure regulated. But, de facto, they must submit to U.S. security requirements in that their security measures, listed in Model Security Plans (MSP) must be “accepted” rather than “approved” by TSA if the foreign carrier wishes to land in the United States (under 49 CFR Part 1546).

Additionally, bilateral agreements with foreign partners can formalize and indeed already have formalized security arrangements that the United States desires on inbound flights. This is usually done with respect to assuring practices consistent with recommendations and standards in Annex 17 (Aviation Security) of the Chicago Convention of 1944 on International Civil Aviation and agreed to by the International Civil Aviation Organization (ICAO). Inspectors from the TSA (formerly from the FAA) are based overseas and visit airports in other countries to assess, for the U.S. government, whether the security practices there conform at least to ICAO standards. In some cases, the standards of Annex 17 are exceeded, following specially negotiated bilateral agreements between the United States and certain countries hosting inbound flights.

There is thus no question that the United States has diverse legal and political means at its disposal to protect its citizens and visitors on inbound commercial aircraft. The only question is exactly what these requirements will be and whether the U.S. government will insist on increased protections when justified by threat assessments, based on past incidents and on present information. What should be required is a set of security measures and technologies equivalent to the ones imposed on air carriers and those practiced at airports domestically. These should include the widespread application of trace chemical detection to (at least) a subset of selected passengers, both for deterrence and as a protective measure. They should also include the congressionally-mandated 100 percent cargo screening on flights into the United States, as well as on domestic flights.

ISSUES

This discussion may be summarized by addressing several questions.

Is there still a terrorist threat to civil aviation and is the international threat more serious than the domestic threat?

Yes and yes. Disrupted plots, incidents that appear to be tests of aviation security systems and actual attempts of various types on civil aviation, have occurred persistently since 9/11. Most of these incidents involved the use or planned use of contraband items smuggled on board by passengers. Occasional statements from official sources, such as the Federal Bureau of Investigation and the Secretary of Homeland Security, indicate that intelligence sources consider that aviation continues to be a terrorist target. Reasonable people would conclude that the threat is real and current.

Nearly all disrupted plots involving U.S. civil aviation were planned to originate overseas (e.g., in London and Paris). A series of bizarre events, referenced in note 5, that appeared to be tests of security systems occurred overseas (Sweden, Pakistan, Morocco, and France). Attacks or planned attacks on aircraft have originated at overseas locations (Kenya, France, United Kingdom). None of these events occurred or had its planned origins in the United States. Jihadi terrorist cells have been broken up in the United States in the past, but no serious round-ups have been reported for several years. Far stricter immigration controls and visa requirements have been imposed in the United States since 9/11. One concludes that the major threat to civil aviation continues to be external to the United States, in great part because of the difficulty terrorists have in developing a strong presence here. This is not surprising given the intensive effort devoted to detecting terrorists and keeping them out – an effort aided by the long distances and logistical problems most terrorists face in getting to the United States.

Of course strategies should not be confined to fighting the last battle or, equivalently, the last mode of terrorist attack. We have to think ahead and plan to protect against new and plausible modes of attack against civil aviation or, more broadly, against the United States and the rest of its critical infrastructure. Nevertheless, we should not leave the last terrorist attack type inadequately defended against, especially since our current adversaries have a tendency to repeat themselves and maintaining inadequate defenses would be an open invitation to strike.

How many people fly into the United States every year?

Approximately 6 percent of total U.S. passenger traffic on U.S. air carriers is on international inbound flights. For the first four months of 2008, this amounted to about 15 million persons, assuming half of international flights are inbound and half are outbound and both halves have roughly the same capacity. It is likely the yearly total would be nearly 50 million persons, with a large percentage of these U.S. citizens.[12] There are also a large number of passengers on inbound flights aboard non-U.S. carriers. Although representing only a fraction of the total number of air passengers in the United States, 50 million+ people constitutes a very large number of travelers to put at unnecessary risk.

Are there currently available detection technologies that could reduce the terrorist threat to international civil aviation?

There are several such technologies, not only in existence but also widely deployed in the United States. These include computerized tomography scanning systems for checked baggage (which is not required of inbound flights from overseas) and for some cargo; use of canine olfactory capabilities; and various explosive trace residue and vapor detectors for passengers, carry-on baggage, checked baggage, and cargo. Other nations do use some of these techniques, but the United States does not require their use on incoming flights to provide equivalent levels of security to those that exist domestically. The United States could require use of such technologies on incoming flights of foreign origin, as it has for years required other security procedures on such flights.

How much would it cost it cost to deploy and operate sufficient trace detection systems to screen passengers at all last points of departure to the United States? Is this cost practicable?

The cost would be approximately one percent of the cost of deploying checked baggage screening systems within the United States, as was correctly and well done by TSA following 9/11. A few tens of millions of dollars in capital cost would suffice, plus several million (conservatively, on the order of ten million) additional dollars per year for operation and maintenance. In comparison, solving the checked baggage problem domestically – an essential step – cost several billion dollars in capital acquisition over several years. Of course, additional diplomatic effort, including discussions with other nations, would have to be expended as well, with resources to this end probably taken out of ongoing operational government funds. The U.S. has supported an overseas civil service infrastructure for years, which maintains aviation security liaisons with nations from which flights to the United States originate.

Are there legal and diplomatic mechanisms available to the United States to ensure the implementation of additional security measures for inbound flights? Have such measures been employed in the past?

Existing legislation and past practices in this regard are cited above. The answers are: yes and yes.

CONCLUSION

There is a continuing terrorist threat to commercial civil aviation. The threat is global, but the United States remains a principal target of such attacks. Many threats, past and future, revolve around the scenario of weapons or explosives brought onto aircraft by passengers. Chemical trace detection equipment, relatively inexpensive and quite effective, could be applied to reduce this threat significantly, both by actual detection and by deterrence. Such equipment is widely deployed domestically by the United States, but it is not broadly used in other countries.

The United States can and should require the use of such equipment to screen passengers on all inbound flights, to avoid repetitions of Richard Reid-type attacks in the future. It should, in fact, take broader steps to require the application of security measures equivalent to those used in the U.S., including the use of appropriate technologies, on inbound foreign flights at their last points of departure.

Anthony Fainberg is a physicist and analyst, specializing in national security affairs. He recently retired from the federal government, following service in several agencies and departments, including the Department of Homeland Security, the Transportation Security Administration, the Federal Aviation Administration, and the Defense Department, as well as in the former congressional Office of Technology Assessment (OTA).  He was trained as a particle physicist, earned his PhD at University of California, Berkeley in 1969. He was one of the first to study comprehensively the role of technology in counter terrorism, in OTA reports in 1991-2. His other interests include nuclear non-proliferation and countering nuclear terrorism. Mr. Fainberg can be contacted at fainberg666@comcast.net.

Acknowledgement: The author would like to thank Dr. Fred Roder for reading the manuscript and providing many helpful suggestions.

Copyright © 2009 by the author(s). Homeland Security Affairs is an academic journal available free of charge to individuals and institutions. Because the purpose of this publication is the widest possible dissemination of knowledge, copies of this journal and the articles contained herein may be printed or downloaded and redistributed for personal, research or educational purposes free of charge and without permission. Any commercial use of Homeland Security Affairs or the articles published herein is expressly prohibited without the written consent of the copyright holder. The copyright of all articles published in Homeland Security Affairs rests with the author(s) of the article. Homeland Security Affairs is the online journal of the Naval Postgraduate School Center for Homeland Defense and Security (CHDS). http://www.hsaj.org

http://www.hsaj.org/