5. Security Program Plan
Overview
In 1990 the President’s Commission on Aviation Security and Terrorism, formed in
response to the bombing of Pan American Flight 103 over Lockerbie, Scotland, recommended
that the FAA pursue an intensified program of research, development and deployment to
counteract the terrorist threat to the civil aviation system. This mandate was embodied in
the Aviation Security Improvement Act of 1990. In 1997, the White House Commission on
Aviation Safety and Security noted that "The terrorist threat is changing and
growing. Therefore, it is important to improve security not just against familiar threats,
such as explosives in checked baggage, but also means of assessing and countering emerging
threats."
The FAA Aviation Security Research and Development Service maintains laboratories and
research programs exploring advanced technologies applicable to (1) enhanced scanning of
luggage; (2) improved devices for walk-through and hand-held equipment to screen
passengers for weapons; (3) better image processing and decision-making by screening
personnel, including fully automated devices; (4) explosive trace detection technologies
for next generation systems; and (5) means of hardening aircraft against explosions. The
FAA has long been a world leader in research addressing weapons and explosives detection.
A rapidly-emerging area of concern is information security, which can range from
protecting mission-critical computers against intrusion and disruption to countering the
possibility of "cyber-warfare"–malicious attacks intended to disrupt or
damage the functioning of public infrastructure, or to cause large numbers of casualties.
The increasing use and criticality of computer-based communications and information
technologies has created a whole new set of threats and challenges with which the aviation
system must contend. While this concern can be addressed largely through the application
of technologies, tools, and practices being developed by other industries, it is very
important that it be well understood. The basic elements of computer security cut across
all applications, but their manifestations in aviation must be carefully assessed and
countered in the design and upgrading of NAS systems and through a variety of operational
programs.
The DoD has great expertise in several areas central to aviation security, and is
cooperating closely with the FAA wherever its capabilities are relevant, such as threat
assessment, information security, damage characteristics for various explosives
situations, and aircraft survivability. The DoD also has basic responsibility for the
safety, security and integrity of the GPS system, which will be critical to the
nation’s civil aviation navigation system in the 21st century.
FAA R&D activities in this area all relate to specific operational programs,
including assessment of domestic and foreign air carriers and airports, explosives
security, and movement of hazardous goods. A systems approach is being taken in which the
elements of security programs are integrated and coordinated among the many
participants–domestic and international, public and private. Figures 8 through 10
show the Aviation Security roadmap, which, as for the Safety roadmap, reflects the overall
structure previously shown in Figure 1. A complete description of the security program
will be prepared as a supporting document to this plan.
Aviation Security Roadmap
The basic security roadmap in Figure 8, like the overview safety roadmap (Figure 4),
shows three broad thrusts, associated outcomes, and a linkage between operational
solutions and research. Figures 9 and 10 show increasing levels of detail concerning the
role of research and program content.
The Federal Aviation Administration, as the designated lead Federal agency responsible
for the safety and security of civil aviation, is charged with promoting safe travel by
countering the terrorist threat with technologies and procedures that will prevent, deter,
or mitigate any attempts to sabotage civil aviation. Terrorists have demonstrated
expertise in the acquisition, development, and deployment of both rudimentary and
sophisticated improvised explosive devices. The Civil Aviation Security Research,
Engineering, and Development Program addresses these threats as well as non-conventional
threats. The aviation security roadmap closely parallels the safety roadmap in having
major elements focused on information and risk management, prevention and mitigation. It
shows the operational solutions now in place and evolving, with the FAA and joint R&D
programs being conducted to enable the operational solutions to advance sufficiently to
achieve the desired outcomes. While the research is being performed primarily by the FAA,
joint or coordinated efforts the with DoD are also important, and the overall effort draws
on NASA technical expertise as appropriate.
Knowledge Base and Risk Management
The great range and varied nature of potential security threats make data and
information the first line of defense. Only with data of sufficient breadth, depth,
variety and timeliness can the aviation community act effectively and efficiently to
prevent or mitigate incidents. Given the wide range of sources and types of data relevant
to security, establishment of a comprehensive and accessible information data system
continues to be a major undertaking. Its creation and expansion will involve development
of well-defined data needs, standard data-exchange protocols, and centralized data bases
based on consensus standards agreed to by the many and varied information sources and
users.
In addition, ongoing detailed analysis programs are needed to assure that trends and
emerging threats are identified as early as possible, in a commonly understood structure,
quantified by meaningful indexes that clearly convey findings and their implications to
all users. Information must readily be shared with all who need it, while maintaining the
controls and secrecy required for highly sensitive data. The large number of data sources
will necessitate special efforts to make this information infrastructure truly real-time
in its operation and availability so that it can be monitored and used in real-time by
command and control centers.
- Current Operational Solutions
The intelligence analysis of the threat to civil aviation is the basis for determining
the application of aviation security measures. The FAA’s Office of Civil Aviation
Security Intelligence has four central roles:
- Collection, evaluation, analysis, and dissemination of aviation security information and intelligence
- Coordination of domestic and international aviation security intelligence activities with other Government agencies
- Assessment of the threat of criminal actions against domestic and international aviation and FAA facilities
- Performances of analyses leading to development of criminal trends impacting civil aviation security systems.
The basic regulations for aviation security apply to 165 US air carriers, 164 foreign
air carriers, and several thousand cargo forwarders at 459 US airports and 244 foreign
airports. FAA aviation security special agents conduct US air carrier inspections both
overseas and at home, as well as foreign air carrier inspections at US airports. The FAA
performs US airport inspections, facility security inspections, indirect air carrier
inspections, and foreign airport assessments overseas. The FAA also participates in
vulnerability assessments and developing associated action plans.
The Red Team Testing Special Assessment Program involves unannounced monitoring and
testing of the capability of US airports and air carriers to comply with aviation security
requirements. During the assessments, special techniques are used to replicate current
terrorist or criminal modus operandi that pose a threat to civil aviation. The
purpose of the program is to give the FAA the ability to assure that its mandated security
requirements are being applied by US air carriers and airports when FAA inspectors are not
on site conducting a formal and scheduled air carrier station inspection.
- FAA Research
The FAA is conducting R&D necessary to respond to operational requirements directly
linked to current and anticipated security threats. The FAA security research activities
include collaboration with other US government agencies and other governments concerned
with similar threats in order to address threats of similar interest in a cost effective
and efficient manner. An important element of the program is the identification of
technologies that could circumvent or reduce the effectiveness of current detection
systems, and of engineering changes, where feasible, to mitigate any potential weaknesses.
In coordination with private industry and the airports, the FAA is developing
integrated command and control centers combining airport operational security elements
with other airport operation functions. The control center integrates security output and
performance information to a central node for analysis and response.
- Joint and Coordinated Research
In coordination with the DoD, modeling tools are being developed to predict the impact
of a terrorist attack utilizing either explosives or chemical/biological agents. These
tools are used in airport design efforts and to evaluate existing facility risk against
such attacks and to allow for evaluation of countermeasure effectiveness.
Incident Prevention
The primary focus of R&D addressing prevention of security incidents is detection
and screening. The FAA’s explosives and weapons detection program is intended to
eliminate the ability of a terrorist to successfully conceal explosives devices, weapons
or other hazardous materials on aircraft. The purpose of the program is to make improved
explosives detection systems and other devices available to airlines and others
responsible for airline security, both domestic and international, to reduce the
vulnerability of US air carriers and airports to terrorist acts. This research supports,
and is implemented through, the FAA’s primary operational role of establishing
policies and rules for airline compliance with security directives. Much of the R&D is
based on integration of data from multiple sensors, and addresses scanning of baggage,
cargo and personnel. In addition to achieving improved detection, the research seeks
faster, more automated and lower-cost systems that can readily be integrated into the
airport environment.
- Current Operational Solutions
Security Systems. In 1996, the FAA established an integrated
product team to plan, purchase and install sophisticated explosives detection devices and
other advanced security equipment. The team includes working representatives of air
carriers and airport authorities. The team has been involved in all aspects of the
deployment of automated security screening technologies, including the Explosive Detection
System, explosive trace detectors, Computer Assisted Passenger Screening, and the Screener
Proficiency Evaluation & Reporting System (SPEARS). The FAA sets performance standards
for certification of detection equipment. The criterion includes explosive amounts,
detection rates, false alarm rates, and system throughput.
The SPEARS Program consists of computer-based training of screeners, tools to aid in
evaluating screeners for initial selection, and threat image projection which exposes
screeners to threats on a periodic basis thus maintaining screener attention and
vigilance. The dangerous goods program focuses on compliance and enforcement efforts
involving hazardous materials. The program was initiated as a result of growing hazardous
materials incidents involving air transportation and includes inspections of air carriers,
aircraft repair stations, air freight forwarder facilities, and air shippers of dangerous
goods.
The FAA canine program includes training, evaluation, and certification of explosives
detection team dogs and handlers. By the end of 1998, there were approximately 154 canine
teams deployed at 40 airports. In addition for being used as a highly mobile system to
search bags and cargo, the teams also perform visible patrols and training to increase
deterrence.
The intelligence analysis of the threat to civil aviation is the basis for determining
the application of aviation security measures. This is accomplished by synthesizing
intelligence and threat information into products such as security programs, security
directives, information circulars, and threat assessments. These products are needed by
the operations and policy and planning offices for ruling on carrier amendments to
approved security programs, determinations of foreign airport security effectiveness, and
support in changing regulations. Decisions to impose additional security measures result
from coordinated effort among operations, policy, and intelligence specialists, US and
foreign air carriers, and airport operators.
Information Security. The FAA is currently engaged in a broad and
comprehensive effort to ensure that safety- and mission-critical computer-based elements
of the National Airspace System are fully protected against intrusion, disruption, damage
or incorrect functioning as a result of external attacks. While this is primarily an
operational rather than R&D issue, it involves highly specialized knowledge and
skills. The new "open" computing environment has highlighted the need to move
away from the rigid protection engineering that has been used extensively. The
international, industrial, commercial, and government communities have responded to this
need by moving to develop and adopt a "common criteria" that will allow for
interoperability between systems while providing appropriate protection for them which the
NAS Security Architecture.
Selected NAS systems are being analyzed to identify their security needs and to assist
in developing a methodology that can be applied across all NAS systems. This will
facilitate the development of an overall architecture and a security operational concept.
In parallel, assessments of new security products and services will supplement the
experience of other government agencies and the private sector to provide a catalog of
available security products and services. A management structure for the information
security function also will be developed and implemented to efficiently administer the
security processes, not only from an operational viewpoint but also to assist in the
acquisition phase of the life cycle. This management structure will provide for a
combination of centralized and distributed security management.
The NAS Security Architecture will be developed through analyses and tradeoffs with
respect to requirements, cost, degree of security, performance, etc. To ensure
compatibility and effectiveness of security measures within individual systems, while also
securing an appropriate degree of uniformity across NAS systems, a system-wide operational
concept will be considered part of these analyses and trades. Interaction with other
efforts under the NAS Architecture, such as the Information Architecture, will be
essential to ensure consistent, compatible outcomes.
- FAA Research
Detection Capabilities. The FAA Explosives, Weapons, and Other
Threat Material Detection Program is responsible for developing technologies to prevent
explosives, weapons, and other threat materials from being introduced on aircraft. One
objective of this program is to develop a "checkpoint of the future,"
emphasizing technologies able to screen people and their carry-on items efficiently and in
a non-intrusive manner. The critical elements are equipment performance, operational
issues including human factors, and integration to ensure smooth and timely processing of
people and their carry-on belongings.
Another goal is improvement of the performance of checked baggage security systems,
particularly with regard to impact on airport and airline operations. That program also
addresses human factors considerations in terms of allowing alarm resolution to occur as
efficiently and effectively as possible. Another program is focused on providing a level
of security for cargo and mail transported on passenger aircraft that is commensurate with
that provided for checked and carry-on baggage and passengers.
Research is also being conducted to quantify canine detection capabilities for various
classes and quantities of explosives and associated compounds. This data will be used to
identify baseline performance capabilities and identify methods to improve canine
detection performance.
Human Factors. The people who use and interact with security
technology and procedures are a critical element in the success of the overall system.
Accordingly, FAA’s research includes a specific activity concerned with aviation
security human factors. Research is conducted in the human factors area to develop
selection, training, testing, and monitoring techniques (including computer-based
techniques) for personnel responsible for performing security procedures and/or operating
existing or developmental security systems. Human factors input is provided during the
design phases for new security procedures and systems.
Technology Integration .The Airport Security Technology
Integration Program focuses on the security of the airport environment and the security of
FAA facilities, equipment, and communications. The program addresses personnel access,
physical security, positive passenger bag matching, advanced threats to the NAS, and
decision support tools such as simulation and modeling.
Safe Skies. The Safe Skies Program is a cooperative effort between
government, municipal, and industry groups to address civil aviation security issues. The
program has provided a public airport test bed for security technologies that are
transitioning from research and development to fielded systems. Research is being
conducted in human factors, screener assist x-ray equipment, trace explosive detection,
and technology integration through the Safe Skies Program.
Security Equipment Evaluation. The Independent Test and Evaluation
Program provides objective analysis of security equipment performance, and advises
prospective users on deployment strategies, configurations and procedures. The program is
responsible for developing and maintaining protocols for tests and evaluations of security
devices and systems, and develops and maintains all aspects of the system certification
process.
Incident Mitigation
Although prevention of all incidents is the primary aim of the aviation security
program, the possibility of an on-board explosion must be faced for many years to come. In
response to this harsh reality, the FAA security research program includes an
aircraft-hardening component to protect commercial aircraft from catastrophic structural
damage or critical system failure due to an in-flight explosion. This effort focuses on
determination of the minimum size explosive that would result in aircraft loss, and the
methods and techniques that can be applied to the current and future fleet of commercial
aircraft, including baggage and freight containers, to reduce their vulnerability to
explosive effects. This work is closely coordinated with DoD, which has extensive
experience in aircraft damage reduction, and has also drawn on expertise in NASA and the
Department of Energy, as well as the aircraft and container industries.
This program also addresses the vulnerability of aircraft to spurious or high-energy
electromagnetic interference to electronic systems, and assesses the threat presented by
highly mobile surface-to-air missiles.
- Operational Solutions
The FAA Aviation Explosives Security Program provides round-the-clock expert advice on
the management of civil aviation security incidents involving actual or suspected
explosive devices. The program provides training on emergency procedures involving
explosives and explosive devices to FAA, airport, air carrier, and law enforcement
personnel.
The Federal Air Marshals (FAMs) are a covert, armed security force capable of rapid
deployment and tasked with conducting both anti-hijacking and counter-hijacking
operations. FAM teams are deployed on a continuing basis to provide protection for
passengers and crews onboard US air carriers on selected domestic and international
routes.
- FAA Research
The Aircraft Hardening Program develops methods to protect commercial aircraft from
catastrophic structural or critical system failures due to in-flight explosions. The
program also investigates aircraft vulnerability to spurious electromagnetic or
high-energy signal interference with aircraft electronic systems and assesses the threat
presented by manually operated, highly mobile surface-to-air missiles.
Research is also being conducted to identify and/or develop technologies to mitigate
the threat from chemical and biological agents.
- DOD Research
The Global Positioning System, originally designed to serve the needs of US military
forces throughout the world, has rapidly evolved into an extremely valuable tool for use
in many civil activities, particularly transportation. GPS now plays an important role in
a variety of applications across virtually all modes of transportation, and will be at the
heart of aviation radio navigation in the early 21st century. The President has issued a
directive that specifically recognizes the need to protect the security of space-based
assets. The Defense Department, which has responsibility for the system, is conducting
research to make the GPS less vulnerable to interference.
Return to Top
Next Section
