Airport Security Module 2 PDF

Summary

This document provides information on airport security, focusing on transportation security regulations, airport security operations, and general aviation airport security. It covers topics like Title 49 CFR regulations and security procedures, along with information on general aviation.

Full Transcript

ACE p l o y e e C e r t i fi ed Em Airpor t C U R I T Y O RT S E AIRP Modules 2 © 2005 (first edition) © 2009 (second edition...

ACE p l o y e e C e r t i fi ed Em Airpor t C U R I T Y O RT S E AIRP Modules 2 © 2005 (first edition) © 2009 (second edition) © 2011 (third edition) © 2015 (fourth edition) Copyright American Association of Airport Executives Module 2 Airport Certified Employee (ACE) – Security Module 2: Airport Security Authored by: Jeffrey C. Price, M.A., C.M. Owner – Leading Edge Strategies Professor – Metropolitan State University of Denver ACE Security – Module 2 / 3 of 82 Security TABLE OF CONTENTS Contents Module 2 – Objectives.................................................................................................................................................................................. 6 Introduction to Module 2............................................................................................................................................................................... 7 Abbreviations.................................................................................................................................................................................................. 8 Transportation Security Regulations........................................................................................................................................................... 10 Title 49 CFR Part 1500: Applicability, Terms and Abbreviations................................................................................................................... 11 Title 49 CFR Part 1520 Sensitive Security Information................................................................................................................................. 11 Title 49 CFR Part 1540 Civil Aviation Security: General Rules...................................................................................................................... 15 Definitions................................................................................................................................................................................................. 16 Responsibilities of Passengers and Other Individuals and Persons......................................................................................................... 20 Security Responsibilities of Employees and Other Persons..................................................................................................................... 21 Security Threat Assessments.................................................................................................................................................................... 24 Responsibilities of Holders of TSA-Approved Security Programs............................................................................................................ 25 Title 49 CFR Part 1542: Airport Security....................................................................................................................................................... 25 Format of the Airport Security Program.................................................................................................................................................... 26 ASP Table of Contents............................................................................................................................................................................... 27 Security Programs................................................................................................................................................................................. 29 Changing the Airport Security Program................................................................................................................................................ 30 Airport Security Operations.......................................................................................................................................................................... 32 The Authorized Signatory......................................................................................................................................................................... 33 Intake..................................................................................................................................................................................................... 33 Security Areas and Access Control Overview........................................................................................................................................... 34 Airfield Layout....................................................................................................................................................................................... 37 The Security Areas................................................................................................................................................................................ 38 Access Control Systems........................................................................................................................................................................ 41 Credentialing................................................................................................................................................................................................. 47 Credentialing Check Processes................................................................................................................................................................. 48 The Trusted Agent................................................................................................................................................................................. 48 Criminal History Records Checks – CHRC............................................................................................................................................ 48 Security Threat Assessments............................................................................................................................................................... 51 Exceptions to the Regulations.............................................................................................................................................................. 52 Recordkeeping (electronic or hard copy)............................................................................................................................................... 52 Personnel Identification Systems.......................................................................................................................................................... 52 Enforcing Security Rules and Regulations and the Airport Security Program.............................................................................................. 55 Enforcing the Airport Security Program.................................................................................................................................................... 55 TSA Inspection Authority Process............................................................................................................................................................. 56 Contingency Measures and Incident Management Plans............................................................................................................................ 58 4 of 82 / American Association of Airport Executives Module 2 TABLE OF CONTENTS Contingency Plans..................................................................................................................................................................................... 58 Incident Management.......................................................................................................................................................................... 59 General Aviation Airport Security.................................................................................................................................................................. 59 Introduction............................................................................................................................................................................................... 59 Why GA is Important to the United States............................................................................................................................................... 60 The “Threat” from General Aviation..................................................................................................................................................... 60 The Challenge of Regulating GA........................................................................................................................................................... 62 The General Aviation Hotline and “See Something Say Something”.................................................................................................. 62 AOPAs Airport Watch................................................................................................................................................................................ 63 TSA Security Guidelines for General Aviation Airports............................................................................................................................ 63 The General Aviation “Airport Security Program”.................................................................................................................................... 65 Title 49 CFR Part 1562 Operations in the Washington, DC Metropolitan Area........................................................................................ 66 The Maryland-3..................................................................................................................................................................................... 66 Reagan National Airport (DCA)............................................................................................................................................................. 66 General Aviation Aircraft Operator and Business Requirements................................................................................................................. 67 Pilot Certificates........................................................................................................................................................................................ 67 Airspace..................................................................................................................................................................................................... 67 Agricultural Aircraft Operations................................................................................................................................................................ 68 Fixed Base Operators................................................................................................................................................................................ 68 General ICAO Recommendations................................................................................................................................................................ 69 Summary.......................................................................................................................................................................................................... 70 Appendix I........................................................................................................................................................................................................ 70 Forms............................................................................................................................................................................................................. 70 Appendix II....................................................................................................................................................................................................... 74 A Biometric Primer....................................................................................................................................................................................... 74 Appendix III...................................................................................................................................................................................................... 76 Perimeter Intrusion Detection System Primer............................................................................................................................................... 76 Appendix IV...................................................................................................................................................................................................... 78 Bomb Threat Card.......................................................................................................................................................................................... 78 Appendix V....................................................................................................................................................................................................... 79 Bomb Threat Stand-Off Distance................................................................................................................................................................... 79 Endnotes........................................................................................................................................................................................................... 80 ACE Security – Module 2 / 5 of 82 Security Module 2 – Objectives Explain Regulations under 1500-1542 Know the requirements of handling Sensitive Security Information Know the elements of Part 1540: Civil Aviation Security General Rules Explain how an Airport Security Program must be written and enforced Explain the requirements of the Security Areas Know the requirements of the access control systems in each security area Explain the function of the Authorized Signatory Explain the credentialing process Know how to develop an enforcement process at an airport Know how to handle a Letter of Investigation from the TSA Explain the difference between contingency plans and incident management plans and what belongs in each section Explain basic General Aviation security requirements Know airport business security guidance and requirements (FBO’s, flight schools) Differentiate airport biometrics Differentiate Perimeter Intrusion Detection Systems 6 of 82 / American Association of Airport Executives Module 2 Introduction to Module 2 Module 2 focuses on the requirements of the Airport Security Program, addressing the regulatory requirements under Title 49 CFR Part 1500, specifically focused on Parts 1503, 1520, 1540 and 1542. This module is a core element in understanding how to effectively meet the regulations regarding airport security and to build airport security systems, methods and procedures to meet the regulatory requirements and ideally, to deter, mitigate or respond to criminal or terrorist acts. The module is designed with a training format and does not always follow the regulatory numbering system. This format better presents the material from an education perspective. Regulatory citations are provided where appropriate. In some instances, Security Directives are referenced, but only when their contents have moved into the public domain (i.e., the three-ounce liquid restrictions). In ALL cases, the regulations should be referenced prior to making decisions about airport security procedures. In no way does the ACE-Security program trump, override or have precedence over the approved regulatory practices in place at any particular airport or aircraft operation. It is important to reiterate here that aviation security is based upon a layered system of defenses, rather than a “silver-bullet,” that prevents all types of attacks. Short of parking all aircraft, any security program will only address a finite number of threats to airports and aircraft. Additionally, any security program will contain certain compromises so that transportation can still take place. It is understandable that there will always be holes in the transportation security system. Some of those exist because they are too expensive or impractical to close, some exist because they must in order for the system to still operate, and some exist not because they are unknown, but because there hasn’t been enough focus yet. A good example here is the active shooter threat. While the threat has been around since the early 1970s, the majority of the U.S. aviation industry did not pay much attention to the threat until after the November 1st murder of a TSA agent by an active shooter. The objective of a layered aviation security system is to develop numerous security processes that combined will stop the vast majority of threats. Understanding this concept is key to understanding how the system is designed to work. Another example can be found when untrained observers see security personnel conducting vehicle inspections at an airport: they may criticize the process because the cursory look does not provide a defense against hijackings or bombing an aircraft. However, the process of conducting cursory searches is not designed to prevent those particular types of attacks. It is designed to prevent a car or truck bomb from getting close enough to blow up the terminal building. In looking at certain contingency measures, outside observers occasionally comment that a particular measure has shortcomings that do not prevent different types of attacks. The U.S. aviation security system consists of multiple layers of protection, each with its own advantages and disadvantages that, stacked together, combine to provide a reasonable, but not impenetrable defense against air terrorism. These layers are balanced against the need to facilitate commerce and keep the air transportation system moving. ACE Security – Module 2 / 7 of 82 Security Abbreviations AIT Automated Imaging Technology EDS Explosives Detection System Aircraft Communications Addressing and EOC Emergency Operations Center ACARS Reporting System EOP Emergency Operations Plan AC Advisory Circular ETD Explosives Trace Detection ASAC Aviation Security Advisory Committee FAA Federal Aviation Administration ADASP Aviation Direct Access Screening Program FAM Federal Air Marshal AFSD Assistant Federal Security Director FIO Field Intelligence Officer AOA Air Operations Area FBI Federal Bureau of Investigation AOPA Aircraft Owners and Pilots Association FBO Fixed Base Operator AOSC Aircraft Operator Security Coordinator FFDO Federal Flight Deck Officer ASC Airport Security Coordinator FPS Federal Protective Service ASIS American Society of Industrial Security FSD Federal Security Director ASP Airport Security Program FSP Full Standard Security Program ATR Automated Threat Recognition GA General Aviation ATSA Aviation and Transportation Security GSC Ground Security Coordinator 2001 Act of 2001 HRT Hostage Rescue Team ATSP Airport Tenant Security Program IAC Indirect Air Carriers AVSEC Aviation Security Contingency Plan IAP Incident Action Plan BAO Bomb Appraisal Officer IATA International Air Transport Association BATF Bureau of Alcohol, Tobacco and Firearms ICE Immigration and Customs Enforcement BCP Business Continuity Planning ICAO International Civil Aviation Organization BDO Behavior Detection Officer IED Improvised Explosive Device Computer Assisted Passenger Pre-Screen- CAPPS ing System IFSC In Flight Security Coordinator CASFO Civil Aviation Security Field Office IMS Ion Mobility Spectrometry Nuclear/Biological/Chemical/Explosive Indirect Air Carrier Standard Security CBRNE IACSSP Weapons Program CBP Customs and Border Protection IPP Isolated Parking Position CCSP Certified Cargo Screening Program JTTF Joint Terrorism Task Force CERT Community Emergency Response Team LEO Law Enforcement Officer CIRG Critical Incident Response Group LRBL Least Risk Bomb Location CHRC Criminal History Records Check MANPAD Manned Portable Air Defense System Crime Prevention Through Environmental National Explosives Detection Canine CPTED NEDCP Design Program DAC Designated Aviation Channeler NIMS National Incident Management System DEA Drug Enforcement Administration NTSB National Transportation Safety Board DHS Department of Homeland Security PCSSP Private Charter Standard Security Program EAA Exclusive Area Agreement PIC Pilot in Command 8 of 82 / American Association of Airport Executives Module 2 PIV Personal Identity Verification PNR Passenger Name Record PPBM Positive Passenger Bag Match RAM Random Anti-terrorism Measures RT Registered Traveler SAM Surface to Air Missile SARP Standards and Recommended Practices SeMS Security Management Systems SD Security Directive SIDA Security Identification Display Area SOC Security Operations Center Screening of Passengers by Observation SPOT Techniques SPP Screening Partnership Program SSI Sensitive Security Information SSCP Security Screening Check Point STA Security Threat Assessment TDC Travel Document Check TFSSP Twelve-Five Standard Security Program TLO Terrorism Liaison Officers TSC Terrorist Screening Center TSA Transportation Security Administration TSI Transportation Security Inspector TSO Transportation Security Officer TSOC Transportation Security Operations Center TSR Transportation Security Regulations Transportation Worker Identification TWIC Credential USAR Urban Search and Rescue VBIED Vehicle Born Improvised Explosive Device WMD Weapon of Mass Destruction WTMD Walk Through Metal Detector ACE Security – Module 2 / 9 of 82 Security Transportation Security Regulations Through the Administrative Procedure Act, Executive Branches of the Federal Government are permitted to promulgate rules and regulations through a public “rulemaking” process, which includes the ability of the public to comment before the rules are published. The rules can be found in the Federal Register. In 1970, Title 14 of the Code of Federal Regulations addressed aviation security. Specifically Part 1071 governed Airport Security, Part 1082 governed Air Carrier Security, Part 1093 governed Indirect Air Carriers (freight forwarders) and Part 1294 governed foreign air carriers that operate to and from the United States. Part 191 was created in the 1970’s and governed the protection of Sensitive Security Information (SSI), and Special Federal Aviation Regulation 91 (SFAR 91) covered other Aircraft Operators, such as charter operations. The regulations were often truncated to “FAR”, which stood for Federal Aviation Regulations, Part 107, 108, etc. After 9/11, the Aviation and Transportation Security Act of 2001 transferred the aviation security responsibility as well as federal regulations covering aviation security from the FAA to the TSA, moving the regulations to Title 49 of the Code of Federal Regulations. They are sometimes referred to as Transportation Security Regulations (TSR’s), but officially, they are known as the Title 49 CFR Part 1500 series. Just as there are numerous key personnel in aviation security, there are a variety of regulations that govern each area. This section describes the various key regulations that ASCs should know in order to be effective and compliant. Title 49 CFR Part 1500 addresses transportation security as a whole Title 49 CFR Part 1503 addresses civil penalties and enforcement actions on behalf of the TSA Title 49 CFR Part 1520 addresses the protection of Sensitive Security Information Title 49 CFR Part 1540 addresses the security responsibilities of individuals, and also includes definitions and terms used throughout Title CFR Part 1500 Title 49 CFR Part 1542 addresses airport security Title 49 CFR Part 1544 addresses domestic Aircraft operator security, primarily scheduled service operations conducted under Title 14 CFR Part 121, air charter and air taxi operations covered under Title 14 CFR Part 135, and full-cargo operations covered under Title 14 CFR Part 125 Title 49 CFR Part 1546 addresses foreign Aircraft Operator security Title 49 CFR Part 1548 addresses indirect Aircraft Operator security Title 49 CFR Part 1550 addresses Aircraft Operator security under general operating rules, specifically any commercial flight operation not covered under Part 1544, and Title 49 CFR Part 1552, which addresses commercial flight training security requirements. Title 14 of the Code of Federal Regulations are still relevant to aviation security, as many aircraft operator security programs relate directly to the type of Title 14 CFR component that is being conducted (i.e., scheduled air carrier, charter, etc.). In other words, a security coordinator must understand the type of flight operation (private, scheduled passenger, etc), in order to know which security program must be implemented. Title 14 CFR Part 915 addresses the operation of any aircraft in the U.S. airspace system – the “rules of the road” for pilots. The NTSB also uses the term “Part 91 operation” to distinguish between a private versus a commercial flight operation. Title 14 CFR Part 121 addresses the operations for most of the commercial service airlines. Part 121 explains the operating requirements, training requirements for airline pilots, and maintenance and safety requirements for the aircraft and the airline operation. An air carrier must possess a 121 Certificate in order to conduct scheduled air service of aircraft of a certain size or larger. Title 14 CFR Part 135 addresses operators conducting commercial operations that are generally unscheduled, such as charter or air taxi operations. A 135 Certificate is required for these operations. Some small cargo operations may also fall under the Part 135 requirements. Title 14 CFR Part 125 addresses operating requirements for the full-cargo operators such as FedEx, UPS and DHL. Note that the above operations (Part 121, 135 and 125) are commercial operations, not private operations conducted with one’s 1 Now known as Title 49 CFR Part 1542 2 Now known as Title 49 CFR Part 1544 3 Now known as Title 49 CFR Part 1548 4 Now known as Title 49 CFR Part 1546 5 There are few regulations covering flight in a private aircraft. Most of the regulations relate to commercial flight operations and commercial airports. 10 of 82 / American Association of Airport Executives Module 2 own aircraft. Private operations are addressed under Title 14 CFR Part 91. Presently, few security requirements exist for private operations, but these continue to be discussed in Congress. Title 49 CFR Part 1500: Applicability, Terms and Abbreviations To have a complete understanding of the regulations it’s important to understand a few key definitions. The following definitions are from Title 49, Volume 9 Chapter XII Transportation Security Administration, Department of Homeland Security.  nder §1500.3, the term Administrator means the Under Secretary of Transportation for Security identified U in 49 U.S.C. 114(b) who serves as the Administrator of the Transportation Security Administration. Under §1502.1, The Administrator is responsible for the planning, direction, and control of the Transportation Security Administration (TSA) and for security in all modes of transportation. The Administrator’s responsibility includes carrying out chapter 449 of title 49, United States Code, relating to civil aviation security, and related research and development activities, and security responsibilities over other modes of transportation that are exercised by the Department of Transportation. Person means an individual, corporation, company, association, firm, partnership, society, joint-stock company, or governmental authority. It includes a trustee, receiver, assignee, successor, or similar representative of any of them. Transportation Security Regulations (TSR) means the regulations issued by the Transportation Security Administration, in title 49 of the Code of Federal Regulations, chapter XII, which includes parts 1500 through 1699. TSA means the Transportation Security Administration. United States, in a geographical sense, means the States of the United States, the District of Columbia, and territories and possessions of the United States, including the territorial sea and the overlying airspace. Under §1500.5 Rules of construction, “must” is used in an imperative sense (as in “shall”), and “may” is used in the permissive sense to state authority to do the act prescribed as in, “no person may,” or “a person may not.” The term “includes” means “includes but is not limited to.” These definitions may seem insignificant to the average reader but to an ASC the appropriate understanding of these terms can mean the difference between no fine and paying hundreds of thousands of dollars in civil penalties. NOTE: as stated previously, the module will not necessarily address each applicable regulation sequentially, but in context to the overall document. Therefore, we break with the sequential list of regulations here and jump to Title 49 CFR Part 1520. The module does address Part 1503 later on. Title 49 CFR Part 1520 Sensitive Security Information ASCs will handle a variety of documents, many of which are designated for a specific type of use, prohibited from certain disclosures, and in some cases, classified for national security purposes. When an ASC receives a Security Directive, they will many times have to disseminate the information on the SD, but under the qualification of need-to-know, should not just photocopy it an hand it out. ASCs should develop procedures to distribute materials and procedures marked as SSI to the various relevant stakeholders (i.e airport police, security, operations). These procedures may require the development of an internal SSI distribution memorandum system which, once established, should be described in the Airport Security Program. The Air Transportation Security Act of 1974 created Sensitive Security Information (SSI) by allowing the FAA to create a method for sharing intelligence information with airport operators and air carriers. After 9/11, SSI was expanded into all forms of transportation and moved into Title 49 CFR Part 1520. Confidential, Secret and Top Secret information is considered Classified National Security Information – a.k.a., Classified Information. SSI is not. SSI fits into a category considered Sensitive but Unclassified. ACE Security – Module 2 / 11 of 82 Security “For Official Use Only” and “For Law Enforcement Sensitive” are also considered Sensitive but Unclassified information. A third category of information is Public Information and includes all other information not previously addressed. Airport security personnel handle all types of information and, in some cases, may receive National Security clearances to handle information up to Secret. SSI is defined as: Information obtained or developed which, if released publicly, would be detrimental to transportation security. SSI examples include the No-Fly and the Selectee List, Screening Standard Operating Procedures, Security Directives, Information Circulars, Airport Security Programs and the Aircraft Operator Standard Security Program. For Official Use Only (FOUO) is information not typically6 protected by regulation, such as the building plans for a federal building that could adversely affect a Federal program if publicly released without authorization. Law Enforcement Sensitive7 (LES) information includes documents that are intended for official use only that contains material that could adversely affect or jeopardize investigative activities.8 Examples of LES material are the FBI Intelligence Bulletins. LES information is not to be released to the media or the general public, nor is it to be sent or posted via non-secure Internet servers. While FOUO and LES are included in the category of Sensitive but Unclassified, they are not based on U.S. law or protected by a federal regulation. SSI is based on U.S. law and on Title 14 CFR Part 1520. Thus, unauthorized disclosure of SSI may result in civil penalties, whereas breaches of FOUO and LES may not. Other characteristics of SSI include: SSI has stronger protection from court-ordered production requests than LES and FOUO. SSI is protected from public release under the Freedom of Information Act (FOIA). SSI is always SSI, regardless of the entity that holds the information. SSI documents must be marked as SSI. In an effort to increase information sharing, the President signed an Executive Order on Controlled Unclassified information (CUI). SSI falls within that category, but until appropriate handling policies are developed, CUI protocols are not to be used with SSI. Classified Information (CI) is information of which “unauthorized disclosure could reasonably be expected to cause identifiable or describable damage to the national security.”9 Certain airport security personnel may request or receive access to Classified Information. The three primary categories of CI are Confidential, Secret and Top Secret. “Confidential” is applied to information that could cause damage to national security. “Secret” is applied to information that could cause serious damage to national security. “Top Secret” is applied to information that could cause exceptionally grave damage to national security. The type of “damage” referenced above must be articulated by the entity that assigned the classification. “Damage” generally refers to information related to vulnerabilities or capabilities of systems, installations, projects, plan or protection services, intelligence (including covert) activities, intelligence sources, methods or cryptology, foreign government information, and numerous other categories as explained in Executive Order 13526. In order to be classified as SSI, the information must be related to transportation security, its release must be detrimental, and it must fall under the one of the 16 categories of SSI defined by the Federal Regulation (49 CFR Part 1520.5(b)). SSI is information obtained or developed in the conduct of security activities, including research and development, the disclosure of which TSA has determined would: C  onstitute an unwarranted invasion of privacy (including, but not limited to, information contained in any personnel, medical or similar file); Reveal trade secrets or privileged or confidential information obtained from any person; and/or Be detrimental to the security of transportation. 6 Some States have established requirements for handling FOUO information but it is not a federally regulated classification. Check with your local and State regulations for further restrictions on this term and others. 7 Note that in the case of Law Enforcement Sensitive, there are a variety of definitions. We have elected to use the definition used by the TSA in their SSI training aviation presentation, available on the TSA’s website. 8 Note that in the case of Law Enforcement Sensitive, there are a variety of definitions. We have elected to use the definition used by the TSA in their SSI training aviation presentation, available on the TSA’s website. 9 Executive Order 13526, December 29, 2009. 12 of 82 / American Association of Airport Executives Module 2 The 16 categories of SSI related to aviation security, are: 1. Security Programs and Contingency Plans (the Airport Security Program and the Aircraft Operator Standard Security Program) 2. Security Directives (SDs) 3. Performance Specifications (checkpoint or checked baggage screening equipment) 4. Information Circulars (ICs) which include information advisory in nature about a potential threat 5. Vulnerability Assessments 6. Security Inspection or Investigative Information (including incidents, violations, or inspections that might reveal a security vulnerability) 7. Threat information (the details of bomb threats or other threats) 8. Security Measures (access control measures recommended by the Federal government, Federal Air Marshal deployment and the operation of Federal Flight Deck Officers (FFDO)) 9. Security Screening Information (screening procedures, no-fly and selectee lists, security screener tests and results, performance data from screening equipment, electronic images on TSA-owned screening equipment) 10. Security Training Materials (such as SIDA training records) 11. Identifying information of certain security personnel (individuals issued a SIDA badge, Transportation Security Officers, Federal Air Marshals and FFDOs) 12. Critical aviation infrastructure asset information (any list identifying systems or assets, physical or virtual, that is vital to the aviation system, which the incapacity or destruction of such would have a debilitating impact on transportation security). This may include information about the airport access control and alarm monitoring system. 13. Systems security information, including any information involving the security of operational or administrative data systems operated by the Federal government and critical to aviation security (including automated security procedures and systems) 14. Confidential business information (bid information submitted to DHS or DOT, trade secret information or commercial, financial information requested by DHS or DOT) 15. Research and Development related to security 16. Other information not otherwise described that TSA determines is SSI Documents and information not typically considered to be SSI are the Airport Layout Plan (ALP), the Airport Master Plan and the Airport Emergency Plan10 (AEP). Typical SSI documents also include training that discusses the “Common Strategy II,” airline flight manuals that provide information related to the Common Strategy or FAM procedures, procedures related to airport/SIDA badges, correspondence between Transportation Security Inspectors (TSIs), and stakeholders that may reveal vulnerability. Only ‘covered persons’ may access SSI. Covered persons includes airport and airline officials, maritime operators, Federal employees, vendors, contractors, and grantees, among others. Covered persons have a need-to-know SSI if access is required for the performance of official duties. DHS or DOT may limit access to specific SSI to certain employees or covered persons. For example, a vendor with an airport/SIDA badge may have access to security training information related to performing his or her job in the SIDA, but may not have access to information relating to the deployment of Federal Air Marshals. The previous list is not all-inclusive of covered persons. Under §1520.7, other covered persons include indirect air carriers, fixed base operators, armed security officers under §156211, airline reservation personnel, participants of a national security committee established under 46 U.S.C. 70112, industry trade associations that have entered into a non-disclosure agreement, and each person receiving SSI. A complete list is in §1520.7. Other individuals may have a need-to-know if they supervise others with a need-to-know SSI, if they train others with a need- to-know SSI or if they are requesting as part of a court order12. Members of the media are not covered persons and do not have a need-to-know. Any requests from the media for SSI should be referred to the TSA’s Public Affairs Office (current contact information is on the TSA’s website). The SSI regulation mandates specific and general requirements for handling and protecting SSI. 10 Some airports have marked their AEP as SSI, but this may make it difficult for mutual aid and non-governmental agencies to respond during an emergency. Additionally, this creates more copies of the ASC that must be available. 11 Related to the Reagan National Airport general aviation access security program. 12 When in doubt, ASCs should always consult with the FSD before releasing SSI. ACE Security – Module 2 / 13 of 82 Security You Must – Lock Up All SSI: Store SSI in a secure container such as a locked file cabinet or drawer (as defined by Federal regulation 49 CFR Part 1520.9 (a)(1)). You Must – When No Longer Needed, Destroy SSI: Destruction of SSI must be complete to preclude recognition or reconstruction of the information (as defined by Federal regulation 49 CFR Part 1520.19). You Must – Mark SSI: The regulation requires that even when only a small portion of a paper document contains SSI, every page of the document must be marked with the SSI header and footer shown at left (as defined by Federal regulation 49 CFR Part 1520.13). Alteration of the footer is not authorized. At the time of publication the following paragraph was the approved language for marking each page as SSI, but check the TSA website for changes: WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know,” as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 USC 552 and 49 CFR parts 15 and 1520. When not working on SSI, persons without a “need to know” should lock SSI materials in a desk drawer or file cabinet to prevent access. Under the regulations, those with the responsibility of handling SSI are required to take reasonable steps to prevent the unauthorized disclosure of SSI. TSA recommends the following best practices: Use an SSI cover sheet on all SSI materials (available on the TSA website). Electronic presentations (e.g., PowerPoint) should be marked with the SSI header on all pages and the SSI footer on the first and last pages of the presentation. Spreadsheets should be marked with the SSI header on every page and the SSI footer on every page or at the end of the document. Video and audio should be marked with the SSI header and footer on the protective cover when able and the header and footer should be shown and/or read at the beginning and end of the program. CDs/DVDs should be encrypted or password-protected and the header and footer should be affixed to the CD/DVD. Portable drives including “flash” or “thumb” drives should not themselves be marked, but the drive itself should be encrypted or all SSI documents stored on it should be password protected. When leaving your computer or desk you must lock up all SSI and you should lock or turn off your computer. Taking SSI home is not recommended. If necessary, get permission from a supervisor and lock up all SSI at home. Don’t handle SSI on computers that have peer-to-peer software installed on them or on your home computer. Transmit SSI via email only in a password-protected attachment, not in the body of the email. Send the password without identifying information in a separate email or by phone. Passwords for SSI documents should contain at least eight characters, have at least one uppercase and one lowercase letter, contain at least one number, one special character and not be a word in the dictionary. Faxing of SSI should be done by first verifying the fax number and that the intended recipient will be available promptly to retrieve the SSI. SSI should be mailed by U.S. First Class mail or other traceable delivery service using an opaque envelope or wrapping. The outside wrapping (i.e. box or envelope) should not be marked as SSI. Interoffice mail should be sent using an unmarked, opaque, sealed envelope so that the SSI cannot be read through the envelope. SSI stored in network folders should either require a password to open or the network should limit access to the folder to only those with a need to know. Properly destroy SSI using a cross-cut shredder or by cutting manually into less than 1⁄2 inch squares. Properly destroy electronic records using any method that will preclude recognition or reconstruction. SSI Airport Security Cameras Identification Guide Since CCTV cameras are used in a variety of ways at an airport, including for criminal surveillance at the security checkpoints and other areas around the airport property, such as parking garages. They are also used to detect activity, which may fall under the heading of SSI; such as imagery from an x-ray machine or imagery that reveals methods of penetrating secure areas. TSA has published guidance on whether a particular CCTV image is considered SSI. 14 of 82 / American Association of Airport Executives Module 2 Essentially, videos revealing information that a passenger may learn simply by watching the screening process (such as a passenger being hand wanded, patted-down or having his bag searched) is generally not considered SSI. However, any release of security camera footage must be submitted to the Federal Security Director for approval. Additional guidance on airport security camera footage (including still imagery taken from a security camera) may be obtained from the TSA. SSI Best Practices Limiting the number of Airport Security Program copies to as few as possible makes keeping track of, and updating, the ASP easier and more secure. The Airport Security Coordinator, the airport manager, the police department and the TSA should have full copies of the ASP. For other operators, including air carriers, tenants, vendors and contractors, the manager of each business should receive a downsized copy of the ASP, eliminating any information that is not directly pertinent to that business. This document is sometimes referred to as an Airport Security Participant Manual or Tenant Security Manual and gives the ASC greater flexibility in educating airport tenants on security programs and regulations. Additionally, anyone receiving a copy of an ASP should sign a confidentiality agreement or letter, agreeing not to disclose or copy any portion of the ASP without the written approval of the Airport Security Coordinator. A copy of this letter is available at TSA’s website. The ASP should be kept in a secured location at all times. Whenever an update is issued to the ASP, each recipient of that update should make a log entry in his or her copy of the ASP stating that he or she has received the update and either destroy through an approved means, or return the previous sections to the ASC. Any draft copies, notes, or e-mails relating to the development of the ASP should be properly secured or destroyed. Confidential information should be passed on to those authorized to receive it in written format and preferably in person. However, discussions relating to the ASP, including security procedures and practices, should not be transmitted by e-mail if possible. Electronic copies of the ASP, such as CDs, may be issued to approved entities, but the file on the CD that contains the Airport Security Program, or other SSI materials, must be password protected. Airport personnel should be trained in the handling of SSI and should not discuss SSI in public areas. ASCs should always exercise caution in the handling and dissemination of Sensitive Security Information. Under §1520.17, the consequences of unauthorized disclosure of SSI are grounds for a civil penalty and other enforcement or corrective action by DHS, and appropriate personnel actions for Federal employees. Corrective action may include issuance of an order requiring retrieval of SSI to remedy unauthorized disclosure or an order to cease future unauthorized disclosure. With the current culture moving towards a world where everything gets posted on Facebook, Twitter or YouTube, or some other social networking site, it is important to remind personnel with SIDA badges, or those that handle other forms of SSI that they are not allowed to divulge this information to anyone that doesn’t have a need to know, and that certainly includes the general public or Facebook friends, Twitter followers and so forth. Title 49 CFR Part 1540 Civil Aviation Security: General Rules There are certain regulations that apply to all individuals and entities involved or in contact with the aviation security system. This includes employees, passengers and companies. Under §1540.1, this subchapter and this part apply to persons engaged in aviation-related activities. Title 49 CFR Part 1540 addresses several areas within the regulations, including, indirectly, the authority of the Federal Security Director and associated personnel, and the individual responsibility each person within the aviation security system. Under §1540.3, Delegation of authority, the Administrator (of the TSA) is named in this subchapter as exercising authority over a function, the authority is exercised by the Administrator or the Deputy Administrator, or any individual formally designated to act as the Administrator or the Deputy Administrator. Where TSA or the designated official is named in this subchapter as exercising authority over a function, the authority is exercised by the official designated by the Administrator to perform that function. What this essentially means is that the authority of the TSA Administrator can be (and often is) delegated to the Federal Security Director, who makes regulatory interpretations and other assessments on behalf of the TSA. ACE Security – Module 2 / 15 of 82 Security Definitions Part 1540 also provides a definition of security terms used throughout the regulations. Air operations area (AOA) means a portion of an airport, specified in the airport security program, in which security measures specified in this part are carried out. This area includes aircraft movement areas, aircraft parking areas, loading ramps, and safety areas, for use by aircraft regulated under 49 CFR part 1544 or 1546, and any adjacent areas (such as general aviation areas) that are not separated by adequate security systems, measures, or procedures. This area does not include the secured area. The entire airfield of a commercial service airport must, at a minimum, be designated an Air Operations Area. AOA is a security term (as opposed to the Title 14 CFR Part 139 term Airport Movement Area – which designates only runways and taxiways) that explains the security measures that must be carried out in that area. Airport operators can increase the security in various areas of the airport by creating a Security Identification Display Area or a Secured Area – both terms are explained later in this module. AOAs may also be combined with Security Identification Display Areas (SIDAs). Within the area designated as an AOA, Airport Operators must: Implement an access control system. Be able to detect and respond to unauthorized persons or vehicles within the AOA. Ensure that security information is provided for personnel working in the AOA. Post warning signs to the general public that they are about to enter an AOA.  ircraft operator means a person who uses, causes to be used, or authorizes to be used an aircraft, with A or without the right of legal control (as owner, lessee, or otherwise), for the purpose of air navigation including the piloting of aircraft, or on any part of the surface of an airport. In specific parts or sections of this subchapter, “aircraft operator” is used to refer to specific types of operators as described in those parts or sections. The key change in the definition of an Aircraft Operator from the old security regulations is the deletion of the term “scheduled passenger operations.” However, this small change in wording resulted in an entirely new perspective. Aircraft Operators were traditionally viewed scheduled passenger commercial air carrier (i.e. the airlines). However, the term Aircraft Operator now covers both scheduled and nonscheduled (public and private charters) passenger operations. Airport operator means a person that operates an airport serving an aircraft operator or a foreign air carrier required to have a security program under part 1544 or 1546. Airport security program means a security program approved by TSA under §1542.101. Airport tenant means any person, other than an aircraft operator or foreign air carrier that has a security program under part 1544 or 1546, that has an agreement with the airport operator to conduct business on airport property. Airport tenants include businesses on the airport, such as restaurants and gift shops, general aviation facilities, including Fixed- Base Operators (FBO), certain cargo companies, catering companies, and contractors or vendors who have facilities on the airport. It is important to distinguish between airport tenants as those normally associated with having a facility on the airport, and airport contractors or vendors who either service or deliver products to the airport but may not have permanent facilities or lease space on the airport property. While the regulations do not define contractors or vendors, it is a good idea to define those terms and entities within the ASP and set forth their parameters and operating restrictions on operation within the AOA, SIDA, Sterile or Secured Areas. As defined in this section, airport tenants does not include Aircraft Operators, most commonly airlines or charter operators, as Aircraft Operators are considered Regulated parties. Airport tenant security program means the agreement between the airport operator and an airport tenant that specifies the measures by which the tenant will perform security functions, and approved by TSA, under §1542.113. 16 of 82 / American Association of Airport Executives Module 2 Prior to 9/11, Airport Operators were required by the FAA to take full responsibility for the actions of their tenants. If the employee of an airport tenant violated a security procedure enforceable under the ASP or federal regulations, then subsequent enforcement action was taken against the airport, rather than the tenant. It was then up to the airport to pursue legal remedies against its tenant. Airport Operators had some relief through the use of Exclusive Area Agreements (defined later in this section) with Aircraft Operators; however, airports could not make the same agreements with all other airport tenants. After the Part 107 re-write, and as subsequently embodied in Part 1542, Airport Operators can utilize an Airport Tenant Security Program, which is similar to the Exclusive Area Agreement but applicable to non-Aircraft Operators. Tenants assume certain security responsibilities from the airport under an ATSP (except for law enforcement response requirements). Each ATSP must be approved by the Airport Operator, the tenant and the TSA, at which point it becomes part of the Airport Security Program. However, the use of an ATSP is generally for large tenants (not individual t-hangar tenants), such as FBOs, large corporate operators or aircraft manufacturers. Within an ATSP the Airport Operator must establish an enforcement program, which has many of the same elements as the TSA enforcement programs under 1503. Approved, unless used with reference to another person, means approved by TSA. Airport Security Programs, amendments and the implementation of Security Directives are some documents that must be approved by TSA, which means to be signed and dated by the appropriate authorizing party. Cargo means property tendered for air transportation accounted for on an air waybill. All accompanied commercial courier consignments, whether or not accounted for on an air waybill, are also classified as cargo. Aircraft operator security programs further define the term “cargo.” Certified cargo screening facility (CCSF) means a facility certified by TSA to screen air cargo in accordance with part 1549. “Certified cargo screening facility” refers to the legal entity that operates a CCSF at a particular location. Certified cargo screening program (CCSP) means the program under which facilities are authorized to screen cargo to be offered for transport on certain passenger aircraft in accordance with 49 CFR part 1549. Checked baggage means property tendered by or on behalf of a passenger and accepted by an aircraft operator for transport, which is inaccessible to passengers during flight. Accompanied commercial courier consignments are not classified as checked baggage. Escort means to accompany or monitor the activities of an individual who does not have unescorted access authority into or within a secured area or SIDA. The term “Escort” has been used for many years on airports. However, the term was not clearly defined by regulations. While the regulations now provide a definition, each Airport Operator must determine the parameters of an acceptable escort. Most often, those parameters include requiring an individual with unescorted access privileges to maintain the escorted parties in visual contact and within close proximity. Additionally, the parameters often place limitations on the number of people a person with unescorted access privileges can escort at one time. The TSA issued a Security Directive in 2007 clarifying the escort requirements, which essentially includes ensuring un-badged personnel are continuously monitored and accompanied. Exclusive area means any portion of a secured area, AOA, or SIDA, including individual access points, for which an aircraft operator or foreign air carrier that has a security program under part 1544 or 1546 of this chapter has assumed responsibility under §1542.111 of this chapter. Exclusive area agreement means an agreement between the airport operator and an aircraft operator or a foreign air carrier that has a security program under parts 1544 or 1546 of this chapter that permits such an aircraft operator or foreign air carrier to assume responsibility for specified security measures in accordance with §1542.111 of this chapter. The Exclusive Area is that portion of an airport where a regulated party, including Aircraft Operators, Indirect Air Carriers, and foreign Aircraft Operators, assume certain security responsibilities (with the exception of law enforcement). This is similar to the Airport Tenant Security Program but the EAA is used by Regulated Parties and the Airport Operators security requirements over the Regulated Parties activities are less involved than with the ATSP. ACE Security – Module 2 / 17 of 82 Security FAA means the Federal Aviation Administration. Flightcrew member means a pilot, flight engineer, or flight navigator assigned to duty in an aircraft during flight time. Indirect air carrier (IAC) means any person or entity within the United States not in possession of an FAA air carrier operating certificate, that undertakes to engage indirectly in air transportation of property, and uses for all or any part of such transportation the services of an air carrier. This does not include the United States Postal Service (USPS) or its representative while acting on the behalf of the USPS. Loaded firearm means a firearm that has a live round of ammunition, or any component thereof, in the chamber or cylinder or in a magazine inserted in the firearm. Passenger seating configuration means the total maximum number of seats for which the aircraft is type certificated that can be made available for passenger use aboard a flight, regardless of the number of seats actually installed, and includes that seat in certain aircraft that may be used by a representative of the FAA to conduct flight checks but is available for revenue purposes on other occasions. Private charter means any aircraft operator flight— (1) For which the charterer engages the total passenger capacity of the aircraft for the carriage of passengers; the passengers are invited by the charterer; the cost of the flight is borne entirely by the charterer and not directly or indirectly by any individual passenger; and the flight is not advertised to the public, in any way, to solicit passengers. (2) For which the total passenger capacity of the aircraft is used for the purpose of civilian or military air movement conducted under contract with the Government of the United States or the government of a foreign country. Many kinds of private charter operations exist including, but not limited to, small aircraft or commercial service aircraft being used to carry specialized clients, or large air carrier aircraft drawn into service to carry professional sports teams or musical acts. Public charter means any charter flight that is not a private charter. Scheduled passenger operation means an air transportation operation (a flight) from identified air terminals at a set time, which is held out to the public and announced by timetable or schedule, published in a newspaper, magazine, or other advertising medium. It’s important to distinguish scheduled passenger operations from public charters. Scheduled passenger operations have a set timetable: for example, an aircraft will depart from Point A at 8 a.m., every morning, Monday through Friday, and fly to Point B, arriving at 9 a.m. Non-scheduled, public charter operations sometimes have similar schedules, which can cause confusion, but charter operators do not advertise themselves to the public as a scheduled operation and may have varied arrival and departure times and locations. Scheduled air carriers also hold themselves out to the public as a scheduled air carrier, as well as publish flight schedules. Further, they are certificated by the FAA as scheduled air carriers under Title 14 CFR Part 121. A public charter often operates under a different operating certificate and are commonly used by tourist organizations such as Sun Country, Apple Vacations or similar all-encompassing resort operations13. Screening function means the inspection of individuals and property for weapons, explosives, and incendiaries. Prior to 2010, the Screening Function officially began at the first point of screening, whether that is when an individual places his property onto the x-ray or EDS machine belt, or when the individual himself passes into a walk-through metal detector, millimeter wave imaging system or similarly approved method. However, in 2010, TSA declared that screening officially begins essentially wherever they put up a sign stating something to the effect that ‘individuals may be screened beyond this point.’ This issue is one of contention for many airport law enforcement agencies and local district attorneys, so the definition may be subject to future judicial review. 13 In these cases, the aircraft is the conveyance used by the public charter (i.e. resort operator) company. Passengers are not buying a seat on the plane, they are purchasing a vacation package and the aircraft is simply their transport to their destination. 18 of 82 / American Association of Airport Executives Module 2 Screening location means each site at which individuals or property are inspected for the presence of weapons, explosives, or incendiaries. Secured area means a portion of an airport, specified in the airport security program, in which certain security measures specified in part 1542 of this chapter are carried out. This area is where aircraft operators and foreign air carriers that have a security program under part 1544 or 1546 of this chapter enplane and deplane passengers and sort and load baggage and any adjacent areas that are not separated by adequate security measures. Within the Secured Area, Airport Operators must: Employ an access control system that meets three essential requirements: (a) the ability to identify and allow access to authorized personnel; (b) the ability to distinguish access for those authorized to be in the Secured Area; (c) the ability to immediately deny access to an unauthorized individual or a previously authorized individual. Be able to detect and respond to unauthorized persons or vehicles within the Secured Area. Establish a personal identification system (ID badges), as every Secured Area is also a SIDA. Ensure security training for personnel working in the Secured Area. Post warning signs to the general public that they are about to enter a Secured Area. The key difference between an access control system in an AOA and that of a Secured Area is that the Airport Operator must implement an access control program must be able to allow access to those who have authorization, immediately deny access to those without authorization and differentiate access for individuals who have access to certain areas of the Secured Area but not others. Security Identification Display Area (SIDA) means a portion of an airport, specified in the airport security program, in which security measures specified in this part are carried out. This area includes the secured area and may include other areas of the airport. Within the SIDA, Airport Operators are required to: Be able to detect and respond to unauthorized persons or vehicles within the SIDA. Establish a personal identification system (ID badges). Ensure security training for personnel working in the SIDA. The SIDA definition does not have a requirement for access control or the requirement to post signage; however, it does contain all of the other elements of the Secured Area. Secured Areas must always be SIDAs, but not all SIDAs are Secured Areas because the SIDA does not include an access control requirement. A SIDA may be combined with an AOA, in which case, it includes access controls and signage, but not necessarily access controls that meet the higher requirements of a Secured Area. SIDAs may also stand-alone and be off-airport fuel farms14, aircraft rescue and firefighting facilities, maintenance facilities, within cargo facilities or other areas outside and away from areas where passengers enplane and deplane. Since 2006, all cargo ramp areas on an airport are required to be SIDAs (thus, making them SIDA/AOAs). In order to help airport and Aircraft Operator employees better understand the various meanings of Secured Area, SIDA and AOA, some airports have simply created the definition of “Restricted Area” within their ASP, to both simplify the wording in their security programs, and on their publicly posted warning signs. Restricted area or secure areas are terms that the airport must further define within their own ASP’s in order to meet the regulations in Part 1542. ASCs should work with their local FSD or stakeholder manager to assist in these areas. Standard security program means a security program issued by TSA that serves as a baseline for a particular type of operator. If TSA has issued a standard security program for a particular type of operator, unless otherwise authorized by TSA, each operator’s security program consists of the standard security program together with any amendments and alternative procedures approved or accepted by TSA. Standard security programs include many aircraft operator security programs such as the Aircraft Operator Standard Security Program, the Twelve-Five Standard Security Program, the Indirect Air Carrier Standard Security Program, and others. 14 TSA issued additional guidance on the security of fuel farms on June 6, 2007. This information can be found in the Airport Security Program Guide and 49 CFR 1542 Implementation Guide. ACE Security – Module 2 / 19 of 82 Security Sterile area means a portion of an airport defined in the airport security program that provides passengers access to boarding aircraft and to which the access generally is controlled by TSA, or by an aircraft operator under part 1544 of this chapter or a foreign air carrier under part 1546 of this chapter, through the screening of persons and property. Unescorted access authority means the authority granted by an airport operator, an aircraft operator, foreign air carrier, or airport tenant under part 1542, 1544, or 1546 of this chapter, to individuals to gain entry to, and be present without an escort in, secured areas and SIDA’s of airports. Unescorted access to cargo means the authority granted by an aircraft operator or IAC to individuals to have access to air cargo without an escort. Responsibilities of Passengers and Other Individuals and Persons This section of 1540 applies to individuals and other persons, meaning that it applies to employees of an airport, airline, tenant, contractor, vendor, government agency or otherwise is connected to the aviation system, plus passengers or even visitors to the airport. The creation of these regulations made it possible for TSA to leverage fines against individuals. Prior to §1540 the TSA (and the FAA before it), typically went just after airport or air carrier operators when there was a violation. This section opened the door for individual enforcement actions. Fraud and Intentional Falsification of Records No person may make any fraudulent statement in any application for a security program, access medium15 or identification medium (§1540.103). In order to receive airport access/ID media, applicants must Personally Identifiable Information (PII) to the Airport or Aircraft Operator. Aircraft Operators must also attest to the airport or Aircraft Operator that an applicant has passed a fingerprint-based CHRC and is authorized to receive airport access/ID media16. Pre 9/11 FAA investigations discovered two disturbing trends. Applicants would willingly provide false information so that they could receive airport access/ID media, and, Airport tenants will falsely verify that the background check17 had been conducted on their employees, when in fact it was not. Individuals also may not reproduce or alter for fraudulent purposes any report, record or security program or access medium. What are the parameters for an individual making a false statement? I n order for an individual to make an intentionally false statement that individual must know that the statement is false and have an “intent to deceive.” If a person makes a statement in good faith that he or she believes is true, then the elements of a false statement do not exist. Fraud exists when action is taken based on false information. Therefore, if an individual applying for airport access/ID media knowingly writes down a false statement, he or she has likely only made a “false statement” and cannot yet be guilty of fraud. However, if access/ID media is issued, or other actions are taken based on that false information, then the individual may be guilty of the criminal act of fraud. If an individual suspects a situation involving a false statement or fraud, they should immediately report it to the TSA. Operation Rampcheck: identity theft has made its way into the aviation security world. This practice created one critical gap in security and was identified soon after the passage of the Aviation and Transportation Security Act, when hundreds of airport workers with access to security areas were arrested at airports across the United States. In many cases, illegal aliens had falsified applications for airport access/ID media. While fingerprint-based, criminal history record checks were conducted on these personnel, the regulations never required (nor funded the program) to verify the identity of the individual submitting the information. If the illegal aliens were not wanted for a criminal act, and Airport and Aircraft Operators did not know they were illegal aliens, they were issued access/ID media granting them unescorted access to airport Secured Areas. 15 Such as an airport identification badge. 16 The Airport Operator can decide whether to accept the results of the check, (or to conduct its own check) before issuing the access/ID media. 17 A pre 9/11 process known as the Access Investigation. The process has since been eliminated from the regulations but some airports still require it. 20 of 82 / American Association of Airport Executives Module 2 The TSA issued a Security Directive in 2007 on this practice, and airports are now required to review the passports or birth certificates of access/ID media applicants before issuing such media. Some airports have contracted identity verification out to private companies, and in many cases CBP personnel will provide training to airport access control office/badging personnel in the identification of fraudulent documents. Security Responsibilities of Employees and Other Persons Section 1540.105(a)(1) prohibits anyone from tampering or interfering with a security system, measure or procedure, nor modify, attempt to circumvent, or cause a person to tamper or interfere with, compromise, modify, or attempt to circumvent any security system, measure, or procedure. This could include the airport access control system, screening personnel, or airport or TSA enforcement personnel. This section further prohibits individuals from being in a Security Area without complying with the required access control, system, measure or procedure (§1540.105(b)(2)), and prohibits individuals from loaning their access/ID media to another individual. Individuals may not alter their airport access/ID media nor circumvent the access control system by climbing a fence or by disabling or tricking an access control device. Even individuals who have the rightful access to an AOA, SIDA or Secured Area, but do not enter those areas through the appropriate access control measures, are subject to enforcement action18. Testing Airport Security: Since the Airport Operator must enforce the provisions of the Airport Security Program, most airports have established programs to test individuals on airport security measures. Unless authorized under the Airport Security Program, this section also prohibits unauthorized tests of any airport security system. By extension, through the application of airport rules and regulations, and its Airport Security Program, this section is used to enforce the security regulations on an airport, since almost any violation can be considered tampering, circumventing etc., the security system. While unauthorized testing has been a favorite method of journalists seeking to publicize gaps in the security system. While there may be some merit to some of this testing, it diverts security resources from areas of true concern and oftentimes points out perceived weaknesses within the security system that are best handled in a nonpublic manner. Some common challenges Airport Operators face include employees who like to decorate their airport access/ID media with stickers and pins. Also, in some cases, temporary employees, such as construction workers or contractors, will bypass a security system in an area where they are working19, which is prohibited. According to the regulations, the first case fits the definition of altering the airport access/ID media and the second case fits the definition of tampering with the security system. However, in neither case do the actions necessarily demonstrate intent to circumvent the security system for criminal purposes. There should be consequences to individuals committing these offenses, but Airport Operators should consider the totality of the circumstances when enforcing regulations, particularly, when determining whether there was intent to circumvent a system for criminal purposes. This section, however, does not prohibit airport or Aircraft Operators or foreign air carriers from conducting self-tests of their security systems. When conducting these tests, certain parameters must be followed: The training must be under the authority of the Airport Security Coordinator and should not include the general public or the media. Testing should not endanger any person, property or aircraft, including those not participating in the test. Only those individuals with unescorted access and escort authority may carry out security self-testing. Persons authorized to conduct a test must be trained or briefed by the ASC on the location, areas of focus and time frame that the testing will cover, so that the ASC is aware and can confirm the details of any on-going tests20. Testing methodologies should relate to the goals of the test. Any airport self-testing program must be part of the ASP and the ASP must clearly designate who is allowed to conduct tests of the security system and under what conditions. Many airports have established “challenge” programs whereby an individual who is authorized to conduct such tests will remove his or her airport access/ID media and walk through the SIDA to see if airline and other airport personnel challenge them. Some 18 From the TSA, the Airport Operator, or local police or the FBI – in some cases, all four. 19 Many possess the technical skills to override an access control system or alarm system. This reinforces the need for a tamper alarm mechanism or protocol so the Airport Security Operations Center is notified when a door or system goes out of service. 20 An armed police response to a situation that the police do not know is a test could have disastrous results. ACE Security – Module 2 / 21 of 82 Security airports offer a reward for individuals who do challenge the un-badged individual; some airports issue violation notices for those not challenging the un-badged individual, and some airports do both. Airport tenants and Aircraft Operators often donate rewards. It is important to remember that even after 9/11, many airport or Aircraft Operator employees either do not believe airport security is their responsibility, or are fearful of challenging individuals who are not displaying proper ID. For these reasons, security responsibilities should be stressed over and over again in training, and employees should be instructed on who to contact when they encounter an individual not displaying proper identification. While these efforts can help increase the employee challenge responsibility, airport security coordinators should still encourage frequent patrols by law enforcement officers, security guards and airport operations personnel to look for unauthorized individuals in restricted areas. Other testing programs in effect include routine testing of security guard response time, as well as law enforcement officer response time to door alarms and other security incidents. All testing should be pre-coordinated with the ASC and conducted by an individual who is authorized to conduct the testing. Submission to screening and inspection Sections 1540.107,.109 and.111 address issues related to the screening of personnel and materials entering the Sterile Area or being brought on board an aircraft. §1540.107 Submission to screening and inspection. (a) No individual may enter a sterile area or board an aircraft without submitting to the screening and inspection of his or her person and accessible property in accordance with the procedures being applied to control access to that area or aircraft under this subchapter. Individuals must provide their full name, date of birth and gender when making a reservation for a flight request for authorization to enter a sterile area. While the language request for authorization, is very formal, this is really just the process of the Travel Document Check which takes place when passengers into the screening checkpoint. When a person does not have a verifying identity document as defined in §1560.321, the individual may still be allowed access to the screening area on a case-by-case basis. This will typically trigger a secondary screening process whereby the individual undergoes additional scrutiny prior to being allowed access to the sterile area. Most travelers know that they are not supposed to joke at the checkpoint about aviation security; however, until 9/11 a specific prohibition not to interfering with screening personnel did not exist. §1540.109 Prohibition against interference with screening personnel makes it a violation to assault, threaten or intimidate screening personnel in the performance of their duties. Additionally, many Airport Operators have added interference with security personnel into their list of airport violations. This tends to cut down on harassment of airport operations and security officer personnel while enforcing the rules and regulations. The carriage of weapons, explosives, and incendiaries by individuals (§1540.111), into the Sterile Area or on an aircraft is restricted. This section prohibits individuals from carrying weapons, explosives, and incendiaries as soon as the individual submits his or her property or self for screening. Up until that time, they may not be guilty of violating this regulation; however, they may be guilty of violating other federal, state and local regulations concerning carrying weapons, explosives or incendiaries in a public facility. This section does not apply to law enforcement personnel who are required to carry a firearm while in the performance of their law enforcement duties at the airport, or certain other individuals authorized to carry a weapon, which can include Federal Flight Deck Officers, Federal Air Marshals and other federal agents, or individuals providing prisoner and escort duties. Specific exceptions are found in §1544.219 (law enforcement officers), 1544.221 (carriage of prisoners), 1544.223 (Federal Air Marshals), or 1546.211 (foreign air carrier law enforcement personnel). Federal Flight Deck Officers are allowed to carry their weapons onboard even if they are not a member of the flight crew. The specific procedures for an FFDO carrying his or her firearm are specifically outlined for those individuals and the Aircraft Operator, but are considered SSI and not addressed in this document. Unloaded firearms may be carried by passengers in checked baggage, provided the firearm is declared to the Aircraft Operator both orally and in writing prior to checking the firearm. Unloaded firearms must be carried in a hard-sided, locked container with only the passenger retaining the key or combination. Inspection of the container is usually conducted at the ticket counter at the 21 This is the Secure Flight program that requires matching the name of the passenger with the appropriate watch lists. 22 of 82 / American Association of Airport Executives Module 2 time the firearm is checked-in. There are often additional airline-specific procedures. Much has been said about State regulations in Alaska, which discusses carriage of firearms on board an aircraft as part of a pilot’s survival gear. Carriage of firearms on board a commercial Part 121 operation is still prohibited by federal law (above). Previous Alaska State law (AS 02.35.110) did require a pilot to carry a firearm (pistol, rifle or shotgun with ammunition for same); however that law has been revised to remove the requirement. Carriage of a firearm by an airman within the State is now at the operator’s discretion. Unauthorized explosives or incendiaries are not allowed in checked or carry-on baggage. Ammunition is not prohibited from being carried in checked baggage; however, Title 49 CFR 175 (hazardous material carriage on aircraft) does provide additional requirements for carrying ammunition on aircraft. This responsibility is primarily that of the aircraft operator. One question that commonly comes up with respect to law enforcement operations is the ability of a police officer to conduct a search of an individual who submits to the screening checkpoint. This issue has resurfaced with the actions of Behavior Detection Officers and TSOs who stop individuals before reaching the screening checkpoint as part of the SPOT program. Terry v. Ohio established that a police officer without a warrant may stop and briefly detain a person for investigative purposes if the officer has a reasonable suspicion, supported by articulable facts that criminal activity is occurring, even if the officer lacks probable cause. So, a cop can stop someone when they believe a crime is being committed or has been committed. That said, an officer can question anyone but that individual(s) is free to go whenever they want, unless the officer has reasonable suspicion or probable cause22. When an individual submits to the screening process, it is considered an administrative search and is an exception to the Fourth Amendment to the U.S. Constitution. Under Terry v. Ohio, if there is evidence of a crime or suspicion based on the results of the search, then a police officer, may conduct a search of the individual. In August 2007, this law was again tested when TSA personnel in Honolulu discovered narcotics during a secondary search of a passenger. The Ninth Circuit Court of Appeals upheld the lower court’s ruling, which concluded that checkpoint screening is not only constitutional but necessary to meet the government’s legitimate aviation security goal to protect its citizens against terrorist threats. When does screening begin? There have been several debates on this topic throughout the years. Previous to 2011, the “start” of the screening process was generally considered to be the x-ray machine and the walk through metal detector. As soon as an item went inside the x-ray machine or as soon as an individual stepped into the metal detector, breaking the invisible magnetic plane, then the screening process had begun. However, with the deployment of BDO’s throughout airports, the question of where the screening process begins has become unclear. Some believe that if a sign is in place warning the public that beyond the sign they may be subject to screening, that constitutes the screening process while others hold to different views, such as in the screening line or at the metal detector or body imaging device. Inspection of airman certificate This rule requires any individual who holds an airman certificate or license, or a medical certificate issued by the FAA, to present it for inspection upon request of a Transportation Security Inspector, Assistant Federal Security Director, Federal Security Director, or similarly authorized individual. Transportation Security Officers (i.e., screeners) are not authorized to demand this inspection (§1540.113). This rule closes a gap, particularly in the case of general aviation Aircraft Operators and air cargo operators, many of whom do not have airport access/ID media for a commercial service airport. Additionally, the requirement of pilots to carry some form of government issued photo ID has aided inspectors in this area (§1540.113). Considering that the hijackers in the 9/11 attacks were trained in the U.S. and held U.S. Federal Aviation Administration pilot certificates, the TSA has continued to expand regulations regarding flight training. This rule requires any U.S. pilot or pilot certificate or rating applicant to submit certain identifying information to the TSA, so that it may conduct a Security Threat Assessment (§1540.115). 22 There are some interesting writings on the difference between these two concepts that are beyond the purview of the ACE-Security modules, but readers involved in airport law enforcement who desire further clarification or information are encouraged to seek such writings or consult with your legal advisors. 28  APPS – computer assisted passenger pre-screening system. CAPPS was implemented in 1996 after the crash of TWA 800. It was a computer triggered process that flagged passengers booking with C certain indicators as being a potential higher risk. These passengers were subjected to higher levels of scrutiny at the checkpoint and the positive passenger bag match requirement applied to them. ACE Security – Module 1 / 23 of 82 Security If a pilot applicant is determined to be a threat to transportation or national security, civil aviation, airline or passenger security or suspected of committing air piracy or terrorism, then a lengthy investigation process ensues between the TSA and FAA. The process will determine if the individual will be issued, or allowed to retain, FAA pilot certification. The same process applies to aliens holding or applying for FAA certificates, ratings or authorizations (§1540.117). Security Threat Assessments Section 1540.115,.117 and Part 1540.201,.203,.205, and.209 address the requirements of Security Threat Assessments (STA), for various circumstances. Most predominantly, STAs are conducted for individuals applying for Access/ID to an airport’s Security Areas. STAs are also conducted on those individuals holding or applying for FAA pilot certificates, ratings or authorizations - (§1540.115 for U.S. citizens), and (§1540.117 for aliens). In this context, an individual poses a security threat when the individual is suspected of posing, or is known to pose: A threat to transportation or national security; A threat of air piracy or terrorism; A threat to airline or passenger security; or A threat to civil aviation security. STAs are required to be conducted on certain individuals23 including: Aircraft operator personnel operating under a full-program described in 49 CFR 1544.101(a) or (h). Foreign air carrier personnel under a program described in 49 CFR 1546.101(a), (b), or (e). Indirect air carrier personnel under a security program descri

Use Quizgecko on...
Browser
Browser