Editor's Note: today we have a guest blog from Kip Hawley, head of the Transportation Security Administration. Hawley discusses how his agency ramped up screening of airport employees at facilities in four Florida cities and San Juan, Puerto Rico. He also discusses why we are not likely to see 100% airport employee screening spread beyond Miami and Orlando. We'd love to hear your comments on this issue.
A couple of orienting points applying to TSA security programs across the board:
- The terrorist we face is adaptive, patient, and intelligent.
- The transportation system is vast and largely open, therefore our job is risk management, not universal protection.
- Static security measures, no matter how good, are vulnerable because they can be engineered around.
- Layers of changing, unpredictable, flexible security measures are best.
- TSA prefers to keep its resources flexible and nimble and not dig in behind new measures targeted for an endless set of newly perceived vulnerabilities.
Two weeks ago, TSA deployed 160 transportation security officers (TSOs), aviation security inspectors, federal air marshals and other personnel to four Florida airports and San Juan to increase existing security efforts by “surging” activities aimed at employee screening. These enhancements directly focused on employees working in airport secure areas:
• a sharp increase in random, unpredictable screening of employees in secure areas;
• limiting secure area access during non-business hours and auditing door access during those hours for suspicious activity;
• deploying integrated teams of federal air marshals, K-9 teams, law enforcement officers and transportation security officers to areas throughout the airport;
• conducting random screening of employees and passengers at boarding gates, including behavior detection; and
• TSOs randomly inspecting aircraft
TSA will continue to rapidly deploy flexible, dynamic security teams to conduct random screenings that cannot be predicted or avoided.
The surge of TSA resources in the recent exercise in Florida and Puerto Rico fits the strategy I outlined at the beginning. We will be doing more of these unpredictable surges around the country, including back again to Florida and Puerto Rico. We do surges continually on a smaller scale with our air cargo strikes, VIPR teams (including in other transportation modes), and every day at every airport with teams of TSOs working with local law enforcement showing up anywhere on airport property.
This is risk-based security. It’s not “sound bite” security.
“Sound bite” security satisfies a particular security concern and is intended to be comforting to the public. Unfortunately, the most appealing “sound bites” include solutions that use a disproportionate amount of resources versus their real, sustained security value. If we are really trying to reduce the risk of a successful attack, we need to stay on task and not get distracted into cutting back on effective security activities to generate a few satisfying media moments.
Risk-based security, on the other hand, dictates that we focus our resources on the high risks, not on the low ones.
We achieve a better overall security result by using our officers most flexibly, not tied down at checkpoints checking and re-checking people that work in the airport every day. Risk-based security shares resources across all risks—high and low—but in strategic proportions. The terrorists’ aim is to beat the system and exploit predictable opportunities. Our strategy is to be nimble, flexible, mobile, and above all, dynamic. We move unpredictably to impede those who think they know the drill.
100 percent security is not realistic for a vast network spread around the world. We cannot protect everybody from everything, everywhere, all the time. Meeting a statistical goal (especially if it is 100 percent) is not usually the best use of a limited amount of resources. Think about this for a minute: If we harden any one security point to 100 percent, we have fewer resources available for critical security in other parts of the airport. Instead, we address all the possible vulnerabilities, known and unknown, by using a risk-based, layered security approach.
Employees everywhere can expect to encounter TSA screening at any time and at any place. Terrorists cannot base their plans on never being intercepted by a security operation. Airport employees are an important part of the security team and are valuable allies and they are not exempt from screening. Like the traveling public and TSA, airport employees have a first-person interest in the smart use of security resources. After the news media moves on from a given issue, we will all have to live with the result. Layers of sustainable, flexible, unpredictable security measures are the best approach in dealing with an adaptable enemy.