| by Dr. Ruwantissa Abeyratne
( February 22, 2013, Montreal, Sri Lanka Guardian) In the evening of Monday 18 February, 8 hooded jewel thieves, armed with automatic weapons and dressed in police uniforms aboard two vehicles equipped with blue police lights, forced their way through Brussels International Airport’s perimeter fence, racing, with the police lights flashing, to Flight LX789 which was scheduled to leave for Zurich at 8.05 pm. The passenger aircraft had just been loaded with diamonds from an armored van from Antwerp. The hoodies seized diamonds worth tens of millions of dollars and the heist was carried out with Swiss timing and precision. As the aircraft would have taken off almost immediately after the precious cargo was loaded, the thieves knew exactly when to strike - just 18 minutes before takeoff. They vanished into the night with their treasure.
All this supports a theory being explored by the investigating police – that the thieves could have had access to insider information. Airports worldwide are painfully aware of the dangerous threat posed by insider information, whether in the context of robberies or terror attacks.
At the High Level Conference on Aviation Security, convened by the International Civil Aviation Organization from 12 to 14 September 2012 in Montreal, participants noted the gravity of the insider threat and the need to implement 100 per cent screening of persons other than passengers. This includes personnel at the airport, visitors and others who do not carry a boarding card. The Conference was reminded that States needed to acknowledge that the roles of people other than passengers that are working in civil aviation can present particular vulnerabilities that should be addressed.
There is already a Standard promulgated by ICAO which requires each State to ensure that persons other than passengers, together with items carried, being granted access to security restricted areas are screened; however, if the principle of 100 per cent screening cannot be accomplished, other security controls, including but not limited to proportional screening, randomness and unpredictability, should be applied in accordance with a risk assessment carried out by the relevant national authorities.
A risk content statement issued by the Conference highlights the insider threat as being of compelling significance. It emphasizes the danger of vulnerability associated with insiders which may be considered greater if they have access to the last layer of security in a way that a passenger does not, and points out that the likelihood associated with insiders might be less if they have already been subject to vetting and selection procedures and/or screening. It cautions that the consequence of a threat associated with insiders might be greater if an insider has access deeper within the system. For instance, an insider could perpetrate a more credible and thus more disruptive hoax. In summary, the Statement explains that the methodology involves considering each role within the system and whether it offers a particular tactical advantage in relation to each threat type or whether it poses the same issues as passengers, and that, in applying this methodology, it is possible to consider insider vulnerabilities as part of an integrated risk assessment.
It is indeed very difficult to preclude, detect and face an act of unlawful interference carried out with the internal support of persons who have access to security-restricted areas, even though such persons may have had their records verified. The danger and risk are compounded by the fact that such persons usually have access to sterile lounges and other security-restricted areas where they have the opportunity to mingle with passengers and therefore could well interfere with their carry-on baggage and/or the checked baggage already inspected. They also have access to aircraft during ground and pre-flight services. One suggestion in this regard is that in all access control points, conditions should be created securing that 100% of persons who are not passengers, as well as the articles transported, are subject to security inspections with whatever of the different means available for this purpose, including manual inspection.
Some other ways to combat the threat of the insider are: a) supervise or accompany daily / seasonal workers in the restricted security area; b) Closely examine all officials, employees or staff entering the restricted security area; closely examine all Janitors before permitting them to enter the aircraft; oversee the restricted security areas and facilities related to flight operations by patrolling periodically or continuous surveillance using closed circuit television (CCTV); inspect all cabin carry-on, baggage and cargo as well as food (catering items) and equipment required and sold in flight (stores) and watch them before and during the loading onto the aircraft; oversee the process of boarding passengers and loading of goods; aircraft security check before departure (pre-flight security check); supervise, control and update the permit issuance and use of appropriate entry of airport, including applying background checks and stop list procedure; implement security awareness training for all airport pass applicants; carry out internal and external quality control regularly based on risk assessment; and be aware of religious, social and cultural approaches among stakeholders.
Innovation in air cargo security lies in two areas: advancement of technology; and intelligence. It is submitted that, critical to a discussion of technology and innovation is the subject of supply chain security. Preeminent among technological progress is the need to establish basic security packaging mandates for shippers. Cargo is either being flown or stored at any given point in time and therefore both phases must be covered in the tracking and identification of cargo.
Military intelligence could play a significant role in ensuring cargo security. As a mirror reflection of the “known shipper” and “known consignor” practice, military intelligence can be employed to track and identify unknown consignors as well as insiders. Taking into consideration the aircraft bombings that have taken place (some of which have been discussed in this article) it is fair to conclude that most of these attacks were perpetrated by groups of incendiary persons. Military intelligence, which essentially is information relating to the armed forces of a foreign country that is significant to the planning and conduct of another country's military doctrine, policy, and operations, largely penetrates such groups and could be effectively used to take pre-emptive and preventive measures against threat to air cargo security.
States should ensure that appropriate security controls, including screening where applicable, are applied to cargo and mail, prior to their being loaded onto an aircraft engaged in passenger commercial air transport operations. The operative words here are “security controls” which brings to bear the reality that different States could have different security controls and that they should be harmonized in ensuring supply chain security and global security standards. Screening and examination of cargo and mail are paramount to this consideration.
States should establish a supply chain security process, which includes the approval of regulated agents and/or known consignors, if such entities are involved in implementing screening or other security controls of cargo and mail. A regulated agent is an agent, freight forwarder or any other entity who conducts business with an operator and provides security controls that are accepted or required by the appropriate authority in respect of cargo or mail.
If laws and practices are the glue that keeps air cargo security together, political will is the fuel which will ignites its progress and development. The thrust of political will essentially lies in a security culture that must be visible in every State. A security culture would make States aware of their rights and duties, and, more importantly, enable States to assert them. Those who belong to a security culture also know which conduct would compromise security and they are quick to educate and caution those who, out of ignorance, forgetfulness, or personal weakness, partake in insecure conduct.
This security consciousness becomes a "culture" when all States as a whole make security violations socially and morally unacceptable within the group. In building a security culture within States it is imperative that consideration should also be given to the development of a process for ensuring that all Member States are notified when deficiencies identified during the course of an ICAO security audit conducted under the Universal Security Audit Programme (USAP) remain unaddressed for a sustained period of time. A notification process could involve the use of information which does not divulge specific vulnerabilities but enables States to initiate consultations with the State of interest to ensure the continued protection of aviation assets on a bilateral basis. States have to adopt a security culture that admits of an overall approach to the threat as a potential harm to humanity. This should inevitably include strict adherence by States to globally accepted principles.
This discussion and the techniques addressed therein is not meant to be restricted to airports. Banks, corporate entities, schools, cinemas, supermarkets, shopping malls - , in fact any place where people may gather in numbers - could be vulnerable targets for acts perpetrated with insider information. Advanced military intelligence, if used in an unobtrusive manner, could be an effective tool.