Airport Security Module 4 PDF

Summary

This document is a module on security issues management related to terrorism, including various types of CBRNE weapons and countermeasures. It discusses the tactics used by terrorist groups and the challenges faced in fighting terrorism.

Full Transcript

ACE

p l o y e e
C e r t i fi ed Em
Airpor t
C U R I T Y
O RT S E
AIRP
Modules 4
 Security

© 2005 (first edition)
© 2009 (second edition)
© 2011 (third edition)
© 2015 (fourth edition)
Copyright American Association of Airport Executives

2 of 36 / American Association of Airport Executives
 Module 4

Airport Certified Employee (ACE) – Security
Module 4: Security Issues Management

Authored by: Jeffrey C. Price, M.A., C.M.
Owner – Leading Edge Strategies
Professor – Metropolitan State University of Denver

ACE Security – Module 4 / 3 of 36
 Security

4 of 36 / American Association of Airport Executives
 Module 4

TABLE OF CONTENTS
Contents
Module 4 – Objectives.................................................................................................................................................................................. 6
Introduction to Module 4............................................................................................................................................................................... 7
Abbreviations.................................................................................................................................................................................................. 8
International Terrorist Groups..................................................................................................................................................................... 10
Domestic Terrorist Groups........................................................................................................................................................................... 11
Gangs........................................................................................................................................................................................................... 11
The Lone Wolf Terrorist............................................................................................................................................................................... 12
The Terrorist Cycle....................................................................................................................................................................................... 13
Random Anti-Terrorism Measures (RAM)................................................................................................................................................... 14
Spotting Suspicious Activity........................................................................................................................................................................ 14
Explosives and Weapons of Mass Destruction (WMD)........................................................................................................................... 16
Explosives.................................................................................................................................................................................................... 16
Improvised Explosive Devices (IED)........................................................................................................................................................ 16
Unattended Bag / Suspicious Bag.......................................................................................................................................................... 17
Chemical, Biological, Radiological and Nuclear (CBRN) Weapons............................................................................................................ 18
Notable Bio/Chem Attacks...................................................................................................................................................................... 19
Biological Weapons................................................................................................................................................................................ 19
Nuclear/Radiological............................................................................................................................................................................... 21
Countermeasures........................................................................................................................................................................................... 22
TSOC and HSOC........................................................................................................................................................................................... 22
Special Security Incident Considerations.................................................................................................................................................... 23
Hijackings............................................................................................................................................................................................... 24
Bombings and Bomb Threats.................................................................................................................................................................. 24
Suicide Bombers...................................................................................................................................................................................... 25
Hazardous Material Incidents................................................................................................................................................................. 29
Sabotage................................................................................................................................................................................................. 29
MANPAD Attacks.................................................................................................................................................................................... 29
Preventative Security Measures Summary Guidance................................................................................................................................. 30
Business Continuity Planning.................................................................................................................................................................. 30
Security Policy............................................................................................................................................................................................. 32
Security Risk Management........................................................................................................................................................................ 32
Summary.......................................................................................................................................................................................................... 34
Endnotes........................................................................................................................................................................................................... 34

ACE Security – Module 4 / 5 of 36
 Security

Module 4 – Objectives
Explain security incident management measures related to terrorism
Know the various types of CBRNE
Explain the principles of responding to security incidents and implementing countermeasures
Know the elements of the Security Management System

6 of 36 / American Association of Airport Executives
 Module 4

Introduction to Module 4
Individuals and groups use terrorism to fight against a numerically and technologically superior enemy. Tactics such as these pro-
vide a way for individuals and small organizations to cause damage to hurt large organizations and countries. Terrorism has been
effectively used against stronger enemies since the days of the Byzantine Empire where the term “assassin” was first coined.
Terrorism was also used during the French Revolution and numerous other times throughout history – too many times in fact to
recount here.

Terrorism works in some cases and not in others. It has succeeded enough times, however, that it is still considered an effective
tactic in many conflicts and, therefore, is not likely to go away anytime soon.

In 1983, when the Hizbollah terrorist organization bombed the U.S. Marine barracks in Lebanon, the U.S. withdrew their
troops.
For 30 years, the Irish Republican Army fought an insurgent war against the United Kingdom, with the IRA eventually
reaching enough concessions from the U.K., along with a vicious U.K., counterinsurgency that the fighting stopped, but
not before 3,000+ citizens had died.
In 1993, when the U.S. lost 18 servicemen in Mogadishu (the Blackhawk Down incident), the U.S. withdrew its troops.
In 2004, when Al-Qaeda operatives bombed several trains in Madrid, Spain, the government of Spain withdrew its
forces from Iraq.
As Al-Qaeda’s effectiveness waned post 9/11 in Afghanistan, it sprung up new roots in Yemen.
In the post Iraq conflict and under the shadow of destabilization in Syria, ISIL and ISIS continue to grow in numbers.
The US now faces a Homegrown terrorist threat such as the Boston Marathon bombings and several active shooter
incidents, from the Navy Yard to Ft. Hood.

Terrorists are often seen as insane; however, considerable study on terrorist organizations and groups finds that very few truly
insane people exist within the ranks of the terrorists. It does not serve the terrorists’ cause to have unstable individuals within
their operation. However, this is not to say that terrorists do not possess some deeply rooted motivations, in some cases enough
motivation to commit suicide for their cause.

A significant challenge to fighting terrorism is often that the terrorist enjoys the protections of the very laws that they are fighting
to destroy, such as in the case of the Oklahoma City bombing and the bombings of several busses and a subway station in the U.K.
in 2005.

Additionally, governments respond differently to acts of terror. When the subway and bus bombings occurred in London in 2005,
and the Madrid train bombings happened, neither the U.K. nor the Spanish government called off the 100% screening of all train
and bus passengers. Their response was to step up law enforcement and intelligence actions to interdict future events. In some
cases, a response to a terrorist action is expected, but citizens often disagree on the right response. Shortly after the bombing of
Pan Am Flight 103, the airline employed ICTS agents (U.K. based security firm) to conduct behavioral assessment on passengers
as an increased security measure. The program was terminated shortly after it began due to passenger complaints.

While the intent of terrorism may seem to be to kill and destroy, the real intent of terrorism is to intimidate an opponent and coerce
that entity into changing a particular policy, posture, or sometimes an entire governmental structure. The primary targets of terror-
ism are a nation’s economy and it’s way of life.

Today’s terrorist knows that “the main benefit of their attacks is the economic costs they can generate” [3, pp xvi], as the defend-
ing government spends more and more money to implement counterterrorism strategies and to deploy counterterrorism technol-
ogies, and restricts civil liberties in the process. Shortly after the Yemen air cargo bomb attempts, Inspire magazine, an Al-Qaeda
propaganda publication, ran an article flaunting the fact that the bombs only cost about $4,000 to construct; however, the world
response to increased screening of air cargo would run into the billions. That’s an incredible return on a small investment. Break-
ing a country’s economic backbone has worked in the past – most recently with the end of the Cold War, when the U.S. outspent
the Soviet Union to the point when the Soviet Union could no longer keep up with the arms race.

ACE Security – Module 4 / 7 of 36
 Security

Abbreviations
AIT Automated Imaging Technology EDS Explosives Detection System
Aircraft Communications Addressing and EOC Emergency Operations Center
ACARS
Reporting System
EOP Emergency Operations Plan
AC Advisory Circular
ETD Explosives Trace Detection
ASAC Aviation Security Advisory Committee
FAA Federal Aviation Administration
ADASP Aviation Direct Access Screening Program
FAM Federal Air Marshal
AFSD Assistant Federal Security Director
FIO Field Intelligence Officer
AOA Air Operations Area
FBI Federal Bureau of Investigation
AOPA Aircraft Owners and Pilots Association
FBO Fixed Base Operator
AOSC Aircraft Operator Security Coordinator
FFDO Federal Flight Deck Officer
ASC Airport Security Coordinator
FPS Federal Protective Service
ASIS American Society of Industrial Security
FSD Federal Security Director
ASP Airport Security Program
FSP Full Standard Security Program
ATR Automated Threat Recognition
GA General Aviation
ATSA Aviation and Transportation Security
GSC Ground Security Coordinator
2001 Act of 2001
HRT Hostage Rescue Team
ATSP Airport Tenant Security Program
IAC Indirect Air Carriers
AVSEC Aviation Security Contingency Plan
IAP Incident Action Plan
BAO Bomb Appraisal Officer
IATA International Air Transport Association
BATF Bureau of Alcohol, Tobacco and Firearms
ICE Immigration and Customs Enforcement
BCP Business Continuity Planning
ICAO International Civil Aviation Organization
BDO Behavior Detection Officer
IED Improvised Explosive Device
Computer Assisted Passenger Pre-Screen-
CAPPS
ing System IFSC In Flight Security Coordinator
CASFO Civil Aviation Security Field Office IMS Ion Mobility Spectrometry
Nuclear/Biological/Chemical/Explosive Indirect Air Carrier Standard Security
CBRNE IACSSP
Weapons Program
CBP Customs and Border Protection IPP Isolated Parking Position
CCSP Certified Cargo Screening Program JTTF Joint Terrorism Task Force
CERT Community Emergency Response Team LEO Law Enforcement Officer
CIRG Critical Incident Response Group LRBL Least Risk Bomb Location
CHRC Criminal History Records Check MANPAD Manned Portable Air Defense System
Crime Prevention Through Environmental National Explosives Detection Canine
CPTED NEDCP
Design Program
DAC Designated Aviation Channeler NIMS National Incident Management System
DEA Drug Enforcement Administration NTSB National Transportation Safety Board
DHS Department of Homeland Security PCSSP Private Charter Standard Security Program
EAA Exclusive Area Agreement PIC Pilot in Command

8 of 36 / American Association of Airport Executives
 Module 4

PIV Personal Identity Verification
PNR Passenger Name Record
PPBM Positive Passenger Bag Match
RAM Random Anti-terrorism Measures
RT Registered Traveler
SAM Surface to Air Missile
SARP Standards and Recommended Practices
SeMS Security Management Systems
SD Security Directive
SIDA Security Identification Display Area
SOC Security Operations Center
Screening of Passengers by Observation
SPOT
Techniques
SPP Screening Partnership Program
SSI Sensitive Security Information
SSCP Security Screening Check Point
STA Security Threat Assessment
TDC Travel Document Check
TFSSP Twelve-Five Standard Security Program
TLO Terrorism Liaison Officers
TSC Terrorist Screening Center
TSA Transportation Security Administration
TSI Transportation Security Inspector
TSO Transportation Security Officer
TSOC Transportation Security Operations Center
TSR Transportation Security Regulations
Transportation Worker Identification
TWIC
Credential
USAR Urban Search and Rescue
VBIED Vehicle Born Improvised Explosive Device
WMD Weapon of Mass Destruction
WTMD Walk Through Metal Detector

ACE Security – Module 4 / 9 of 36
 Security

The Terrorist Threat to Aviation
Of importance to remember is that terrorist threats are not restricted to Al-Qaeda. Threats can come from ecological and animal
rights organizations, domestic terrorist organizations, or from individuals or small groups acting solely on their own and pursuing
either their own or an adopted ideology. Airport Security Coordinators must be open-minded in their response to these threats
and rather agnostic in their approach. It is not so important to focus on one particular type of terrorist group as it is to develop
and implement strategies to defend against a variety of threats.

Terrorism has changed over the past twenty years, with terrorist organizations now using highly educated and highly trained
individuals. The Internet has made the spreading of an ideology much easier, along with the ability to train and communicate with
confederates throughout the world. Terrorist attacks today are increasingly lethal and devastating.

While the focus since 9/11 seems to have been on international terrorist groups, such as Al-Qaeda, Al-Qaeda in the Arabian
Peninsula, and ISIS/ISIL, there has been a resurgence of domestic terrorist organizations, sovereign citizen, and “radicalized” so
called home grown terrorists – individuals from the U.S. that have been recruited or persuaded, most often through the Internet
along with other influences, to join a terrorist cause. The Boston Marathon bombers are suspected of fitting this profile.

When considering threats to aviation, terrorism is certainly at the top of almost any list, but the U.S. Department of State lists
four areas of major concern in transnational crimes: (a) narcotics trafficking, (b) human trafficking, (c) money laundering and
corruption[4, p 32]. In all four cases, aviation is involved. Drugs and humans are trafficked through airports extensively. According
to the State Department, there are now over 27 million men, women and children being held against their will in forced labor,
prostitution or for sale as sex slaves[4, p 35].

The era of modern terrorism has its roots in aviation, beginning in 1968 with the hijacking of an El Al flight en-route from Rome to
Tel Aviv, by the Popular Front for the Liberation of Palestine[4, p 55]. The goal of the PFLP was to establish the Palestinian state
and for five weeks, 21 passengers and 11 crew were held hostage in Algiers. The hostages were eventually released in exchange
for 16 Arab prisoners[4, p 55]. Terrorism is different from other crimes and does not lend itself to the same disincentives as other
crimes do [4, p 55]. Terrorism is an elaborate marketing campaign and publicity adds to the legitimacy of the group – it is also
much more effective against democracies that have more generally open societies[4, p 56].

Terrorist groups have different goals but history shows that religious groups, such as Al-Qaeda and Aum Shinryko1, have longer
staying power than others, such as those with political ideologies[4, p 58]. Most terrorist are also not insane[4, p 58] – in fact, they
are many times rational individuals who may otherwise go unnoticed in the general population.

International Terrorist Groups
Terrorist groups come and go but presently the big four are Al-Qaeda and its affiliates such as Al-Qaeda in the Arabian Peninsula,
and al Qaeda in Syria, Hezbollah, FARC and ISIS/ISIL.

Al-Qaeda: the organization responsible for the attacks on 9/11 is still in business, despite the death of its leader, Osama bin
Laden, at the hands of U.S. Navy SEALs in May 2011. Al-Qaeda, while displaced slightly from their base in Afghanistan, has
sprouted roots in Syria, Yemen, Iraq and other places throughout the world – even successfully radicalizing US citizens to the
cause. According to terrorism expert Bruce Hoffman, Al-Qaeda is increasingly focused exhausting the United States, stepping
up its attack on our economy through a “death by a thousand cuts” strategy and seeking non-Muslim recruits who can be easily
deployed to Western countries[4, p 73].

Hezbollah, which operates primarily in the formerly Syrian-controlled Bekaa Valley, Beirut and southern Lebanon. In 2014,
the shelling of Israel by Hezbollah militants caused the FAA to temporarily suspend flights to Israel for a short period of time.
Hezbollah however, has continued to expand its global operations around the world, receiving weapons and training from Iran
and Syria, and has established a stronghold in South America[4, p 80]. In 2010, there were arrests of Hezbollah activists in
Philadelphia, New York and Detroit – the group has also attempted to obtain Stinger surface-to-air missile, automatic weapons
and night vision equipment in the U.S[4, p 84].

1 In 1995 this group released Sarin gas into the Tokyo subway system, killing 11 and injuring nearly a thousand people.

10 of 36 / American Association of Airport Executives
 Module 4

FARC: the Revolutionary Armed Forces of Colombia (known as FARC), started out as small Communist insurgency group and now
controls 40% of Colombia through a negotiated agreement with the government[4, p 86]. Their illegal activities, mostly narcotics,
net over $600 million per year and have increased their cooperation with the Russian Mafia [4, p 86].

ISIS/ISIL: The self-described Islamic State known variously as ISIS or ISIL, (i.e. The Islamic State of Iraq and the Levant also
translated as the Islamic State of Iraq and Syria), is a Sunni, extremist, Jihadist, and self-proclaimed Caliphate. It emanated from
Al-Qaeda in Iraq and is responsible for the brutal executions of several Western journalists and aid workers. The total threat from
this group continues to grow and its threat to the U.S. continues to be evaluated, but in 2014, as part of a military campaign to
attack elements of ISIS/ISIL in Syria, U.S. aircraft also bombed the location of suspected militant who may have been plotting to
smuggle bombs in small electronic devices onto aircraft, for the purposes of blowing them up.

Domestic Terrorist Groups
Timothy McVeigh, convicted of destroying the Murrah Federal Building in Oklahoma City in 1995, called the 19 children he killed in
the attack “collateral damage.” McVeigh was associated with certain violent “militia” groups, many of which were incensed by
the FBI assault on Ruby Ridge, in Idaho and the ATF assault of a compound in Waco, Texas.

Domestic terrorism seemed to drop off considerably after the 9/11 attacks, but seems to have found new life in recent years.
Many of the same motivations of international terrorists are also found in domestic terrorist groups and individuals – extreme
religious or political ideology and the ability to find inspiration, encouragement, tactical training and techniques on the Internet,
all with relative anonymity[4, p 92].

The FBI reports over 345 domestic terrorism attacks between 1980-2001, and the Southern Poverty Law Center reported the
incredible rise in the number of Patriot groups, including armed militias, following the election of President Obama in 2008 – rising
813 percent, from 149 groups in 2008 to an all-time high of 1,360 in 2012. The number fell to 1,096 in 2013.

Violent extremism has been a part of the United States for over 100 years, going back to 1919 when 36 bombs were mailed to
high-ranking US officials. In 1920, the first “car bomb,” was detonated on Wall Street when a horse-drawn cart loaded with
explosives detonated, killing 38 people. More recent domestic terrorist groups have included The Weather Underground in the
1960s, the Ku Klux Klan, the Symbionese Liberation Army, and the Black Panthers.

Chemical, biological and radiological weapons are also options for domestic terrorist groups – in a study at Syracuse university,
114 cases of domestic terrorist acts and plots since 9/11 were examined – from neo-Nazism, to Christian fundamentalism to
anarchism and violent environmentalism[4, p 99]. The study identified five cases involving chemical, biological and radiological
agents, where if successful, would have killed thousands[4, p 99].

An offshoot of the domestic terrorism discussion and an offshoot of the defunct Posse Comitatus, white-supremacist anti-Semitic
group of the 1980s (and its famous member Terry Nichols, McVeigh’s co-conspirator) are the Sovereign Citizens[4, p 103]. The
group essentially doesn’t believe in the authority of the U.S. government and often creates and sells fraudulent documents such
as driver’s licenses, police officer credentials, and concealed carry permits. Particularly dangerous is that any confrontation
between this group and law enforcement is likely to end in violence[4, p 103]. Some airport police officers have reported
encounters with Sovereign Citizens, particularly at the Travel Document Checkpoint. In 2011 and 2012, several police officers
were attacked by those identified as being connected to the Sovereign Citizen group.

Gangs
Although not considered or labeled as a terrorist group, gangs are a threat to society and to airport operations – gang members
work in the aviation system, at air carriers, airports, vendors, contractors and tenants. The Los Angeles International Airport
Police Department has a Gang Intelligence Unit that identifies and investigates persons engaged in gang or criminal activity
at LAX. Team members obtain information and intelligence regarding gang member relationships and how they may link to
terrorism or other criminal activity on the LAX Airfield Operations Area and other airport property2.

2 LAXPD’s patrol areas include several blocks surrounding airport property.

ACE Security – Module 4 / 11 of 36
 Security

The FBI estimates there are 33,000 or more street, prison and outlaw motorcycle gangs with over 1.4 million active members
and they are responsible for 48% of the violent crime in the country[4, p 122-123]. The former notorious drug lord Pablo Escobar
was well-known to use commercial and general aviation to transport narcotics, and on at least one occasion arranged for the
destruction of a commercial airliner in order to eliminate competition.

Gangs can be viewed through their generational growth: first generation gangs were traditional street gangs with a turf
orientation[4, p 123]3. Second generation gangs are entrepreneurial and drug centered, using violence to protect their markets[4,
p 123]4. Third generational gangs have evolved into having political goals and engage in mercenary type activities, using
technology to recruit, spread their ideology and communicate through chat rooms and websites, such as MS-13[4, p 123]5. Their
influence is now political and in some cases the gang controls significant areas of a country, such as in the case of the FARC in
Colombia.

Additionally, the National Gang Intelligence Center had identified at least 53 gangs whose members have served in or are
affiliated in some way with the US military[4, p 127], which may allow gang access to military installations, weapons, and bomb-
making related knowledge [4, p 127].

In one case the FBI’s most wanted list included an Al-Qaeda terrorist6 may have been in a meeting with the leader of the El
Salvador’s MS-13 organization7. Also known as “Jafer the Pilot,” the terrorist completed commercial flight school in the United
States and earned an Associates degree in community college in Broward County, Florida[4, p 125]. The individual also attempted
to obtain material in Canada to build a radiological “dirty” bomb and was complicit in assisting with a plot to bomb the fuel tanks
at JFK airport[4, p 125].

Drug smugglers have routinely smuggled narcotics in commercial aircraft for several years, thus it would not have been difficult
to place a bomb onboard the aircraft where it could not be detected. The lessons learned in this case are strict control of the
airfield, specifically monitoring who has access to aircraft, performing background checks, and the need to warn U.S. citizens
traveling abroad of airports that do not meet minimum ICAO security requirements. By regulation, these warnings are to be
posted at screening checkpoints.

The Lone Wolf Terrorist
There are a variety of terrorist organizations from state-sponsored, where the terrorists are supported by a nation, cults such
as the Aum Shinryko cult who carried out a Sarin gas attack on the Tokyo subway system, groups like Al-Qaeda and ISIS/ISIL
that have arisen on their own to support various beliefs or causes, and lone wolves. Lone wolves can be particularly difficult to
defend against as their planning pattern doesn’t always follow the aforementioned terrorist planning cycle. Lone wolves are best
handled with (a) workplace violence training8, (b) vigilant staff on the lookout for personnel exhibiting unusual behaviors, and
(c) rapid response once the incident begins, (d) panic alarms and (e) employee training on what to do during an incident and (f)
police, fire and EMS prepared to respond to an incident.

One of the unique characteristics that separates terrorism from other types of conflicts is the ability of a single incident,
and sometimes just a single person, to throw an entire nation, or the world, into crisis[6, p 97]. While nation-states, cults and
international terrorist cells will exercise certain levels of restraint9, author Jeffrey Simon posits that it is the “lone wolf” that is
most likely to use a weapon of mass destruction over other, more organized terrorist groups [7, p 81], and in a speech in 2011,
President Barack Obama said that the biggest concern we have right now is the lone wolf terrorist[7, p 85]. Simon suggests the
following strategies to try to prevent lone wolf terrorists (modified for airport use).

Improved detection devices such as bio detectors, radiation detectors, and checkpoint technologies.
Expanded use of CCTV, which are effective after the attack at identifying the attackers.
Biometrics to reduce the ability of an lone wolf stealing an aviation employee’s identification.
Monitor lone wolf use of the Internet[7, p 23]. While monitoring personal Internet usage is clearly beyond the ASC’s role,

3 Characterized in the 1979 movie The Warriors.
4 Characterized in the 1988 movie Colors.
5 Characterized in the 2012 movie End of Watch.
6 Adnan El Shukrijumah
7 US officials neither confirmed or denied the meeting.
8 Some lone wolves also work for the location they attack.
9 In larger terrorist organizations there are often voices of dissent or disagreement about how far the group should “push,” the country they are attacking. Nation-state sponsored groups are also careful
to keep the terrorist groups they are funding in-check, with the understanding the crossing the line, such as the use of a WMD, could result in the elimination or vaporization of a large percentage of their
own populace in a retaliatory attack.

12 of 36 / American Association of Airport Executives
 Module 4

there may be times when an ASC is notified by their information technology department that aviation employee is visiting
Internet sites that may promote violent extremist), or may be notified by the FBI that an individual working at the airport is
under investigation and has been viewing websites with content consistent with violent behavior.

W atch for early warning signs: troubled past, individuals that have broken away or been thrown out of a fringe-group,
exhibiting psychological or personality disorders, purchases of materials used in constructing bombs or lots of automatic
weapons, and travel to regions known for terrorist activity[7, p 23].
Any outright threats to an airport, airline or individual should be immediately reported and investigated.

While not a terrorist in the traditional sense, it is appropriate to note that Aldrich Ames, a 31-year Central Intelligence Agency
counterintelligence officer and analyst who committed treason against his country by spying for the Soviet Union and Russia,
lived way beyond his declared means, driving a Jaguar and buying a half-million dollar house with cash[8, p 26]. It seems after-
the-fact, the indicators that an individual was plotting or committing criminal or terrorist activities were noticeable to those who
were paying attention or knew what to look for.

The Terrorist Cycle
Terrorists have their choice of targets in the aviation community. Common tactics are Improvised Explosive Devices (IED) placed
on board aircraft or in airport facilities; Vehicle-Borne Improvised Explosive Devices (VBIED) like those used to attack the Murrah
building in Oklahoma City, the U.S. Air Force barracks in Saudi Arabia, and the car bomb intended for the LAX terminal in 1999.
VBIED’s are also widely used in Iraq and pose possibly a serious threat to Airport Operators.

A large VBIED could destroy an entire airport terminal building. In Iraq, insurgents are now also including chlorine in some of
their IED’s, which turns a deadly bomb into an even more deadly device with a chemical element.

In addition to the traditional forms of attack, bombings and hijackings, surface-to-air missile attacks, suicide bombers and active
shooters are also threats to aviation.

Fortunately, the terrorist attack cycle and their operational constraints favor the Airport Operator and the law enforcement
community. The planning cycle for a major attack can take place over the course of several weeks, months or even years.
While terrorists may be highly motivated, they are not stupid and even a suicide bomber will not throw their life away cheaply.
Therefore, extensive plans, dry runs and acquisition of arms and equipment, are conducted thoughtfully and carefully. While
some terrorist attacks have not gone as planned, such as the failed attempt by the “underwear bomber” and the failed Times
Square bombing, this should not simply be taken that the individuals who attempted the attacks were just unlucky. Author Mark
Bowden, who wrote Blackhawk Down and The Finish: The killing of Osama Bin Laden, argues that intelligence, interdictions,
drone strikes, military and law enforcement efforts post 9/11, have reduced the number of “smart” terrorists, and now
organizations are forced to select from a shallower gene pool[4, p 58].

Terrorists select their targets based on access to the target, the potential damage and the target’s “softness.” Softness is a
term used to indicate the level of protections that are in place. A military air base with armed MPs, high fencing, CCTV cameras
covering access areas, barricades and other defenses is a harder target than a publicly accessible shopping mall, with one or
two lightly armed police officers making rounds.

Initial surveillance is then conducted, which takes the majority of the operational cycle. During this phase, law enforcement
personnel and aviation security and operations personnel have the best opportunity to spot and deter a potential terrorist attack.
Terrorists will frequently try to make their next attack more spectacular than the last one. More spectacular, however, generally
means more complex, and the more “moving parts” in an operation the more likely the operation will be compromised. Terrorists
do not fear death or a lifetime prison sentence, but they do fear getting caught before they make it out of the safe house and
successfully execute their attack.

Another constraint on terrorists attempting to attack a U.S. target is the expertise of the U.S. law enforcement community in
tracking down assailants, and, of particular note, is our forensic expertise. Knowing they will likely die or be caught either during
or after the attack, a particular terrorist cell or individual will likely get just one attempt at a particular target. If it is unsuccessful,
the forensic abilities of the United States will be brought to bear in tracking down those behind the attack.

ACE Security – Module 4 / 13 of 36
 Security

Next in the attack planning phase is final target selection. Based on the feedback from the surveillance team, the final target is
selected (or changed and new surveillance is conducted), and planning for the attack begins. For the 9/11 attacks, the hijackers
had previously flown on the flights they would later hijack and had also flown general aviation aircraft down similar flight
corridors that they would use on 9/11.

Rehearsals may also be conducted during this time, as materials and personnel are recruited and organized for the attack. A
final surveillance phase may be included to ensure that the target has experienced no significant changes that would affect the
attack. This phase is when Playbook and the use of random security measures can still deter an attack. Once the final attack
begins, it is very difficult to stop.

Random Anti-Terrorism Measures (RAM)
An effective strategy to deter terrorist attacks is to implement Random Anti-terrorism Measures (RAM). RAM procedures focus
on conducting random, but planned and publicly visible, anti-terrorism measures. The random measures can create uncertainty
in the minds of criminal and terrorist organizers. To be effective, these measures must be visible to the public and must appear to
be random. These measures could include:

1. Increased vehicle searches at airfield access points.
2. Increased vehicle searches at public entry points.
3. Uniformed police or security officers conducting additional foot patrols throughout the terminal areas.
4. Searching waiting passengers and their baggage using K-9 teams at the ticket and bag drop areas.
5. Blocking off certain lanes of traffic or closing certain access points.

Even active police presence can be an effective deterrent. In 2009, an individual was attempting to commit an act of domestic
terrorism in Dallas. While assessing various target sites, the individual determined too high of a police presence at the Dallas/
Love Field Airport and DFW[7, p 181-189], and ultimately selected a fountain in downtown Dallas as his target. He was arrested
prior to bombing the fountain.

Spotting Suspicious Activity
Also in 1986, El Al airline security officials at London/Heathrow Airport discovered an attempt by an individual to place
explosives on board an aircraft. The security officials uncovered the plot during a routine security questioning of passengers
prior to the flight. Anne Marie Murphy, who was five months pregnant at the time, was carrying explosives in her suitcase,
unbeknownst to her.

Investigators later discovered that her boyfriend, who had placed the explosives in her bag, was a Syrian intelligence agent.
Shortly thereafter, U.S. airlines began the process of asking “security questions,” such as, have you packed your own bags, and
have your bags been out of your control since you packed them? While it is unlikely that these questions ever deterred a criminal
from taking an explosive or weapon on board, in the U.S., the questions were asked by ticket agents, not security personnel
trained in detecting deceptive responses and body language. The lesson learned here is, when adopting successful security
procedures, the procedures must retain the key elements that make the process successful, which in this case, would be the use
of trained security personnel.

Much has been made of the ability to spot suspicious activity and report such activity to the proper authorities, but what exactly
constitutes suspicious activity? The complete art or science of detecting suspicious and deceptive activity is far beyond the
scope of this text and there are several consulting companies that can train personnel on various levels of behavior assessment.
This section will however, introduce the fundamentals and provide information for Airport Security Coordinators to use in
assessing whether to implement behavior detection training into their security programs.

The fundamentals of detecting suspicious activity is to first understand that every activity has a baseline. If you were to observe
a ticket counter for any period of time, you would notice certain patterns; individuals generally behave in rather predictable
ways when undergoing the ticketing/bag check-in process. Within a period of time, you will notice the set of behaviors that most
people exhibit. You will be able to tell the difference between a nervous, first-time flyer and a seasoned road warrior. With more
time, you will be able to distinguish between an upset passenger and one that exhibits unusual behavior for that particular set of
circumstances.

14 of 36 / American Association of Airport Executives
 Module 4

Suspicious activity is a shift away from the baseline. Airport Operations, security and law enforcement personnel who spend
much of their time at the airport quickly learn the baseline for the various activities around the airport, and they can often spot
when someone deviates from the baseline. For example, individuals checking in for a flight to Orlando are likely families, traveling
with a lot of checked baggage and wearing vacation style clothing. In contrast, passengers checking in for a flight to Reagan
National Airport in Washington, D.C. are more likely to be wearing business attire, and most of their baggage will be carry-on.

Second, suspicious activities tend to come in clusters. While any one suspicious indicator could indicate any number of
activities, emotions, or intentions, one should pay particular attention when those activities come in clusters. In the case of
Richard Reid, the “show bomber,” he was acting nervous (not uncommon for most flyers), but also had a passport in a country
other than his birthplace, was not carrying cash, nor credit cards (i.e. no visible means of financial support on an international
flight), had little carry on luggage, not so much as a toothbrush and no checked baggage. For an international flight, combined,
this creates a lot of suspicion.

Outright suspicious indicators may be10:

Questions about the security systems at the airport
Note taking, videotaping or photographing screening checkpoints and airfield access points
Drawing diagrams or maps of airport facilities
People who avoid eye contact, or who depart quickly when approached by authority figures
Visitors to facilities arriving or leaving at unusual hours
Individuals seen in various locations with no apparent purpose
Individuals parking in area to observe security activities (Note: it is common for individual’s to park in areas to observe
flight operations)
Individuals who seem to be under the control of others
Unusual or soiled mail – letters, envelopes or packages
Unattended bags or vehicles
Unusual interest in attempting to obtain chemicals, large quantities of explosives, household cleaners, official vehicles,
uniforms, badges or official identification
Unusual questions or circumstances surrounding the possession or reported theft of passports, visas, and other
travel documents
Interest in or recent completion of “commando” training
Attempts to test or penetrate security or response procedures
Unusual money transfers or transactions involving overseas persons or business

When reporting suspicious activity, the reporting party should provide the location and the time of the activity, a description of
the individuals involved, including race, approximate height and weight, clothing and any unusual characteristics (bulky clothing
in warm weather, or any of the indicators presented above). Also report any distinguishing characteristics such as hair, sex,
visible scars or tattoos, disabilities, facial hair, wearing a hat or other clothing item that stands out.

When reporting a suspicious vehicle, report the make, model, color, any damage to the vehicle, any odors associated with the
vehicle, or signs of smoke, bumper stickers and the license plate. If the vehicle may contain a potential bomb, move away from
the vicinity and attempt to notify law enforcement via a land line, as opposed to a cell phone, which may trigger a detonation.

Have a way to remember the identifying information such as the journalists’ method of gathering information for an article: who,
what, when, where, why and how. Or, the website www.nationalterroralert.com provides this list of activities to do when you spot
suspicious activity – they call it SALUTE:

S – Size (Number of people, gender, ages, and physical descriptions)
A – Activity (Describe exactly what they are doing)
L – Location (Provide exact location)
U – Uniform (Describe what they are wearing, including shoes)
T – Time (Provide date, time, and duration of activity)
E – Equipment (Describe vehicle, make, color, etc., license plate, camera, guns, etc).

10 Note: some of these may be exhibited by passengers, or by those in the workplace. Ex: an airline employee may notice that a co-worker is suddenly buying expensive cars or other materials that is non
consistent with their salary, or they are making comments that indicate they are going overseas for some sort of unusual combat training.

ACE Security – Module 4 / 15 of 36
 Security

Anyone spotting suspicious activity should make the appropriate notifications as soon as possible. If you are not law
enforcement, do not approach the individual – try to keep them in sight and get to a phone or radio. If you are law enforcement,
consider immediately calling for back-up. The individual may be armed and very dangerous.

Explosives and Weapons of Mass Destruction (WMD)
Numerous types of weapons, explosives and incendiaries are available to criminals and terrorists alike, so this section will not
attempt to cover all of them. However, airport and aircraft operator personnel should be aware of the common types of weapons
and explosives, and should have a basic understanding of how explosive detection equipment operates.

About thirty different types of explosive materials are used today. Below is a list of a few of the types of explosives that an
airport or aircraft operator may encounter. Do not always go into a state of alarm when these explosive elements are detected at
screening checkpoints, as many times these elements are being carried legally, or there is a legitimate non-criminal reason why
individuals may have some of these elements on their person or property.

Explosives
A variety of materials used in explosives are also in use for non-threatening or dangerous reasons. Airport operators and security
personnel may encounter explosive elements in the normal course of their duties, so it is advantageous to understand the most
common elements and who and why those elements may be in the possession of an air traveler.
The explosives most likely to discover for legitimate use:

N G (nitroglycerin) used in mining and the demolition industry, as an Rx by heart patients, and may be carried by nurses,
pharmacists, cardiologists and other physicians
TNT (trinitrotoluene): used by miners, demolition experts, the military and farmers
DNT (dinitrotoluene): a smokeless gunpowder used by law enforcement officers and hunters that might be discovered on
hunters traveling to and from their hunting sites
Farmers and landscapers use nitrates, but when combined with fuel oil, as in the Oklahoma City bombing, thereby
creating an Ammonium Nitrate Fuel Oil mixture (ANFO), the results can be devastating

The explosives least likely to be discovered for legitimate use:

H MX (octogen) is a military grade high explosive and should only be in the possession of the military, which will have
appropriate orders and documentation – however, explosives are prohibited from being carried on board a commercial
aircraft.
RDX (cyclotrimethylene-trinitramine), also known as C4, is a military explosive and should only be carried by members of
the U.S. military.
SEMTEX is another high explosive more common to the European military and was the primary element used to bring
down Pan Am Flight 103 over Lockerbie, Scotland in 1988.
PETN (pentaerythritol tetranitrate), also known as “Det-cord”, is a military plastic explosive but does have some
medicinal uses for heart patients, so this may occasionally be found on passengers

Trace elements of HMX, RDX and PETN may be found on members of the U.S. military returning from deployment.

Ground Security Coordinators are also trained in the various types of explosive elements and would normally be authorized to be
in possession of such elements.

Improvised Explosive Devices (IED)

Improvised Explosive Devices (IED) proved to be among the most destructive devices of the wars in Iraq and in Afghanistan.
Analysts estimate that some 50-60% of all attacks in Iraq involve an IED. They are responsible for a significant number of the
casualties in both conflicts and have also been used against aviation targets for decades.

An IED is any “homemade” explosive device. It features an explosive element, such as dynamite or plastic explosive, an initiating
device, such as a fuse or electronic signal, a detonator such as a blasting cap along with a battery of some sort to trigger the
detonation and a container.

16 of 36 / American Association of Airport Executives
 Module 4

IEDs can be placed in nearly any type of container, including ground vehicles, airplanes, boats, suitcases, briefcases, pipes, and
backpacks, among others. Many IEDs are disguised as a legitimate item, or in some cases are booby-trapped with a bait item,
which entices an individual to trigger an IED. For example, leftover military hardware or deceased individuals are sometimes
booby trapped with an IED.

Contained within a vehicle, an IED is known as a Vehicle-borne Improvised Explosive Device (VBIED). VBIEDs were used in 1983
to attack the U.S. Marine barracks in Lebanon, then again in 1993 to attack the World Trade Center and in Oklahoma City in 1995
to attack the Murrah federal building. They have been used extensively in Iraq and Afghanistan.

IEDs are command-detonated, detonated by movement or a timer, or placed on an individual who is intent on being a suicide
bomber. At an airport, an unattended bag is a natural hiding place for an IED and should be treated with special consideration.
An excellent training program for ASCs and other involved in airport security, particularly IED response to attend are the course
offerings at New Mexico Tech. The college offers courses in Incident Response to Terrorist Bombings (IRTB), Prevention of
Suicide Bombing Incidents, and others.

Unattended Bag / Suspicious Bag

Unattended bags continually challenge airport police and security personnel. It could be lost, or misplaced, or could be
concealing an IED. An unattended bag or item is an object that does not have an obvious owner nearby. Although the bag may
simply be lost or misplaced, it may also contain an IED.

If an item is unattended, it is not usually possible to tell if it contains an IED simply by looking at it, so caution must be used in
resolving the problem. Whatever you do, DO NOT TOUCH THE ITEM!!!

Upon spotting an unattended bag, first ask people in the immediate area if it is theirs, or if they know where the owner is. If the
abandoned item is a vehicle, look for the driver and ask others if they have seen the driver. Also, know where the item is located
– is it in the Sterile Area or the Public Area? Does it have any identification or bag tag? Are there visible wires, or large stains on
the item?

Once you have established that this is an unattended bag and no owner is present to claim it, notify law enforcement11. However,
since some IEDs are detonated by cell phone or radio frequencies, try to find a landline or move to a position of cover before
calling.

If there are visible indicators, such as wires protruding or a noxious smell, you may wish to advance the incident from
“unattended” to suspicious. The item or vehicle may also qualify as being suspicious rather than unattended if an individual
exercising good judgment, combined with their experience and the facts, would come to a reasonable conclusion that an item is
suspicious. If you are uncertain whether the bag is unattended or suspicious, err on the side of caution.

If the item does not trigger an alarm, a police officer will likely make the decision as to whether to continue treating the item
as suspicious or to take it to lost and found. If the dog or the electronic device alerts on the item, then it may be elevated to a
possible IED.

Possible IED

Once the police respond and the bag alerts either with K-9 or some other method of explosive test, such as a portable ETD device
or portable x-ray, the item may be an IED. At this point, the area must be immediately evacuated and the proper response as
called for in the incident command section of the Airport Security Program should be initiated.

If it is a potential VBIED, then a much larger area needs to be evacuated. The Bureau of Alcohol, Tobacco and Firearms provides
an explosives standard chart to help determine appropriate standoff distances based on the size of the item or vehicle. The
following steps should be taken or procedures conducted:

E stablish a perimeter around the device. Do not forget to evacuate above and below the level the device is on. The FBI, ATFE
and other agencies have published blast stand-off distances. There is also an app available from First Responder Support Tools

11 Or if you are law enforcement initiate the appropriate protocols.

ACE Security – Module 4 / 17 of 36
 Security

(FiRST) that shows graphically the proper stand-off distances from various devices, including suggested sites of road blocks and
other features. The app also addresses Hazardous Materials release stand-off distances.

1. Notify Explosive Ordinance Disposal (EOD); locate bomb containment unit nearby and arrange for its transport to the
incident site.
2. Notify Airport Operations to initiate the incident management bomb threat plan and to activate the Incident Command
System.
3. Notify the affected tenants.
4. Notify the fire department and EMS (this may also be part of the incident management bomb threat plan).
5. Establish entrance and extrication routes to the device for responding EOD teams.

Depending on the circumstances, be prepared to widen the perimeter and establish new entrance and extrication routes.
AGAIN, DO NOT TOUCH THE ITEM. Understandably, this advice should be tempered based on your particular role. If you are
a Bomb Appraisal Officer or member of the bomb squad, Explosives Ordinance Disposal unit, K-9 unit or similarly organized
operation, then follow your own standards and protocols for handling a potential IED. Keep people away from the area. Look for
signs of other unattended bags, as there may be additional devices. Look for suspicious people who may have placed the device
and may even be waiting to detonate it.

Airport and airline tenants should provide for continuity of business during this time as best as possible. Keep in mind also that
IEDs can contain chemical, radiological and biological elements, which increases their lethality.

Post IED Blast

If an IED detonates, continue implementing the appropriate incident management section of the Airport Security Program and
continue to watch for secondary devices. Some devices are placed specifically to target first responders. Watch for unauthorized
personnel attempting to access the blast site. Some of these people may be friends and family of the victims, but others may be
attackers. In Iraq, IEDs are often used to start an attack, which is followed up with shooters or more explosives. \

If the blast was from a VBIED, there may be large structural collapse and potential structural instability. The Urban Search and
Rescue (USAR) team should be called immediately to render assistance in trying to recover victims from the rubble, which,
depending on the building type, could be thousands of pounds of cement and bricks, or glass and scaffolding. Hazmat teams
should also be called in to determine if the device contained any chemical, biological or radiological elements.

Chemical, Biological, Radiological and Nuclear (CBRN) Weapons
CBRNs are generally considered weapons of mass destruction. Included in these weapons of mass destruction are radiological
weapons or so called “dirty bombs.” Al-Qaeda and sympathetic terrorists groups continue to demonstrate their interest in mass-
casualty attacks using chemical, biological, radiological, and nuclear (CBRN) weapons. Although there is no specific information
indicating that Al-Qaeda or other groups are currently planning a CBRN attack in the United States, such an attack should not be
ruled out.

This section will familiarize airport security personnel with the fundamentals of CBRN attacks. The symptoms, effects, causes,
and treatment options are too extensive to be covered in this text and there are plenty of field guides available that will allow first
responders to quickly ascertain the type of CBRN attack and the appropriate response. For more information, go to the Centers
for Disease Control (CDC) website at http://www.cdc.gov/.

There are a few dangerous assumptions to make regarding the defense of CBRN weapons. The first is that there is no defense,
and that their use is so deadly that there is nothing first responders can effectively do to mitigate fatalities.

The second is that it cannot happen “here.” The events of 9/11 showed the United States that it can happen anywhere. Biological
and chemical attacks have already happened in the U.S. and abroad and, in all likelihood, it’s not a matter of “if” but “when.”
Terrorists have the means, the motive and plenty of opportunity. But there is a defense – airport security professionals can take
measures to mitigate, deter and even prevent the use of a CBRN weapon at their facility.

18 of 36 / American Association of Airport Executives
 Module 4

Notable Bio/Chem Attacks

Probably the most surprising news is that chemical and biological attacks have already occurred several times in the United
States.

1. In 1972, a United States-based fascist group called the “Order of the Rising” attempted to contaminate the Chicago and
St. Louis water supplies with 30 to 40 kg of Typhoid. The group was betrayed by recruits within the organization and the
attack never manifested
2. In 1984, followers of the Indian guru Bhagwan Shree Rajneesh spiked salad bars at 10 restaurants in Sheninico, Oregon
with salmonella and sickened about 750 people. The cult members had hoped to incapacitate so many voters that their
own candidates in the county elections would win.
3. In 1985, federal law enforcement authorities discovered that a small survivalist group in the Ozark Mountains of Arkansas,
known as The Covenant, the Sword, and the Arm of the Lord (CSA), had acquired a drum containing 30 gallons of
potassium cyanide, with the apparent intent to poison water supplies in New York, Chicago, and Washington, D.C.
4. In 1995 the FBI thwarted a possible Sarin attack at Disneyland.
5. In May 1995, a member of the Aryan Nation was arrested for ordering plague bacteria.
6. Also in 1995, an Arkansas man was arrested possessing 130 grams of Ricin.

Outside the U.S., four significant incidents have occurred (with the exception of war time actions such as Iraq’s use of chemical
weapons on their own citizens and during the war with Iran).

In 1984, the West German “Red Army Faction” was discovered trying to make botulism in a laboratory for use in a potential
attack.

In 1992, German police thwarted the release of cyanide in a synagogue by neo-Nazis.

O
 n March 20, 1995, members of Aum Shinrikyo, a quasi-Buddhist cult in Japan, released the chemical nerve agent
Sarin on the Tokyo subway, killing 12 people and injuring more than 1,000. The cult had earlier manufactured the Sarin
in a laboratory at its main compound in the foothills of Mount Fuji. From April through June of 1995, there were several
copycat attacks in Japan of the Aum Shinrikyo attack, using cyanide, phosgene and pepper spray. While a thousand
individuals were treated for symptoms, over a thousand more reported to local hospitals believing they had been
exposed.

I n 1997, two chlorine bombs were activated in a crowded shopping mall in Australia, injuring 14 and causing the
evacuation of 500 shoppers.

C
 hemical/biological terrorism has become more popular due to its heightened fear factor. The Ebola spread in 2014
demonstrates how effective a biological agent is in causing fear and even adjusting travel habits.

Biologics are difficult to detect, most often easily, effectively and often anonymously spread by air, and requires extensive
decontamination, thus rendering facilities unusable for long periods of time. Some agencies believe that chemical/biological
devices are easier to manufacture; however, there is debate on this point. While Nation-States often have the facilities and
resources to produce weapons of mass destruction in larger quantities, the Anthrax attacks via the mail shortly after 9/11
demonstrate a lower cost approach to chemical/biological attacks.

Terrorists do not need large quantities of chemicals or biological agents, particularly if their target is in an enclosed space such
as a shopping mall, convention hall or airport. In fact airports are ideal targets for chemical and biological agents, as they are a
high profile enclosed space where there are large transient crowds.

Biological Weapons

The primary route of entry for a biological weapon is through inhalation, causing disease that overcomes the body’s immune
system. Self-contained breathing apparatus and structural firefighting clothing provides adequate protection for first responders,
but biological weapons should be treated with the utmost care. Several biological agents, such as the plague, skin anthrax or
salmonella (ingestion), are transmitted by skin contact, so first responder equipment should be decontaminated as soon as
possible.

ACE Security – Module 4 / 19 of 36
 Security

A biological weapon uses a bacteria or virus, or in some cases toxins that come directly from bacteria, to kill people. Dumping
a load of manure or human waste into a town’s water supply would be a simple form of biological warfare – human and animal
manure contain bacteria that are deadly in a variety of ways. However, today’s modern filtration systems should require that a
significantly large amount of toxins would need to be used to overwhelm the filters. In the 19th century, some American Indians
were infected with smallpox through contaminated blankets.

A modern biological weapon could use a strain of bacteria or a virus to kill thousands of people. Tom Clancy has explored the
idea of biological terrorism in two books: Executive Orders and Rainbow Six. In both books, the source of infection was the Ebola
virus. In these plot lines, the infection is spread through small aerosol cans (like those used by insecticide products to create
“bug bombs”) released at conventions, through misting systems used to cool sports venues, or by an agricultural aircraft.
With hundreds of thousands of passengers coming from all over the world, airports are excellent locations for spreading a
biological virus. In 2003, after the outbreak of the SARS virus in China, some countries and airports refused to accept passengers
from the host country. A similar scare was brought back again in 2009 with the bird flu pandemic. Even as a hoax, a biological
weapon can have a significant negative economic impact. Unfortunately, the elements of biological weapons are available
through the pharmaceutical community. The most common types of biological weapons are Anthrax, Smallpox, Botulin Toxin,
Ebola, Ricin and Bacillus Anthracis.

Chemical Weapons

Terrorists have considered a wide range of toxic chemicals for attacks. Typical plots focus on poisoning foods or spreading the
agent on surfaces to poison via skin contact, or spreading chemical weapons by using agricultural aircraft. A chemical weapon
is any weapon that uses a manufactured chemical to kill people. Chemical weapons are broken down into four categories:

1. Nerve agents disrupt the communications between the body’s nerves and brain, causing continual nerve
over-stimulation.

2. Blistering agents cause waste-filled blisters on the skin or internal organs (like the lungs).

3. Blood agents prevent the transfer of oxygen from the bloodstream to body tissue.

4. Choking agents cause the victim to choke, and often create internal blisters and water-filled lungs.

Of these four different types of agents, nerve agents are considered to be the most deadly. It would take 40 times more blood
agent to equal the same effect of a shot glass full of a nerve agent.

Another chemical agent, called an irritant agent, is not considered a weapon of mass destruction, but could cause panic if used
in a public area. Tear gas, mace and pepper spray are most often used for riot control, and in small doses, have non-lethal effects
unless the victim suffers from other ailments such as heart or respiratory problems.

Many modern airports use mass transit systems or trains of one form or another to move passengers from the terminal buildings
to the concourses, or from concourse to concourse. These confined spaces, unfortunately, make excellent delivery points for
a chemical weapon. A benefit to chemical weapons from a first responder perspective is that they generally dissipate quickly
in the open air. Therefore, chemical weapons are most deadly in a confined environment. The most common types of chemical
weapons are Sarin, VX (nerve agent), Mustard Gas and Lewisite.

There are essentially three ways to distribute a biological or chemical weapon:

1. Through the air (most effective)
2. Through a municipal water supply
3. Through the food supply

Airborne delivery is generally considered to be the most deadly, and can be delivered in a variety of ways including:

1. A bomb or a missile explodes, spreading the chemical or biological agent over a wide area
2. A crop-duster or other aircraft sprays the agent over a city
3. A car or truck drives through the city, spraying a fine mist along city streets in crowded areas
4. Small bombs or aerosol canisters are released in crowded areas like subways, sports arenas or convention centers

20 of 36 / American Association of Airport Executives
 Module 4

Nuclear/Radiological

Most security experts agree that the most devastating terrorist attack would be a nuclear explosion. The world lived with the
threat of nuclear weapons throughout the Cold War. However, when the Cold War ended, many people falsely believed it also
meant the end of the threat of nuclear attack. Unfortunately, this could not be farther from the truth. In fact, the end of the Cold
War brought about new concerns with regards to the security of the nuclear weapons, and nuclear weapon material already
existing in the world. One threat is the delivery of a nuclear weapon aboard a general aviation aircraft.

Most nuclear weapons are large devices and would not easily be carried in checked baggage or cargo areas of commercial
aircraft. Due to the size of most nuclear devices, there is a higher probability of a terrorist attempting to deliver a large nuclear
weapon on board a ship (to detonate in one of the many port cities in the United States), or on a train. There is, however,
considerable evidence of the loss of “backpack nukes,” by the former Soviet Union. Backpack nukes are small 1-10 kiloton nuclear
devices that were developed during the Cold War.

The Defense Nuclear Detection Office (DNDO), a division of the Department of Homeland Security, is charged with the detection
of attempts to import, possess, store, develop, or transport nuclear or radiological material for use against the United States. Both
the FBI and the DNDO have assessed the possibility and likelihood of a risk of a terrorist group using a general aviation aircraft
to deliver a nuclear device over a target population. During the Cold War, a nuclear airburst was designed to cause the widest
amount of destruction. While a ground burst detonated at ground level would certainly create a massive amount of destruction,
an air burst has the capacity to spread radiation much further and extends the electromagnetic pulse, which would knock out
virtually anything electrical for miles around. Cell phones and radios would be completely inoperable, as would most vehicles and
anything requiring electrical power.

If a nuclear explosion occurred at an airport of a magnitude of at least 10 kilotons, the airport, and everything else within a 1/3
mile radius, would be vaporized or completely destroyed. Buildings out to 3/4 of a mile would resemble the Murrah building in
Oklahoma City, with fatal doses of radiation to everyone in the area. Out to a mile away from the ground zero blast point, there
would be massive fires and radiation (Source: www.nuclearterror.org). The only recovery would be rebuilding the airport in a
different location so as to avoid the lingering radiation in the soil. There is little an Airport Operator can do to prevent such an
attack. Radiation detectors can be installed on incoming access roads, but the response to such an alarm would have to be
immediate.

One recovery option for restoring commercial service operations may be to enlist the aid of the general aviation airports or other
nearby commercial service airports. In a 1981 article published in the Air University Review, the authors suggested that part of
the recovery of commercial air operations after a nuclear attack on the U.S. would be to employ the general aviation fleet and its
pilots, to first fly essential missions, and then eventually, commercial operations until normal commercial ops could be restored.

Airport Operators must also consider that a nuclear attack may be directed at a city or metropolitan area, not necessarily at the
airport itself. In fact, depending on the location of the attack, the airport may be spared any significant damage. In that case,
Airport Operators must be ready to shift their airport’s operation to assisting with rescue, recovery and restoration efforts. When
Hurricane Ivan hit Pensacola, Florida in 2004 and eliminated the capability of the U.S. Navy to use their numerous bases in the area
for rescue and recovery operations, Pensacola Regional Airport fulfilled the role. When Hurricane Katrina struck New Orleans in
2005, Louis B. Armstrong International Airport fulfilled a similar role, as did numerous other airports in the region.

A dirty bomb or Radiological Dispersal Device (RDD) combines a conventional explosive, such as dynamite, with radioactive
material. In most instances, the conventional explosive itself would have more immediate lethality than the radioactive material.
According to the Nuclear Regulatory Commission, with the levels created by most probable sources, there would not be enough
radiation present in a dirty bomb to kill people or to cause severe illness. For example, most radioactive material employed in
hospitals for diagnosis or treatment of cancer is sufficiently benign that about 100,000 patients a day are released with this
material in their bodies.

However, certain other radioactive materials, dispersed in the air, could contaminate up to several city blocks, creating fear
and possibly panic and costly cleanup. Prompt, accurate, non-emotional public information might prevent the panic sought by
terrorists.

A second type of RDD might involve a powerful radioactive source hidden in a public place, such as a trash receptacle in a busy
train or subway station, where people passing close to the source might get a significant dose of radiation. A dirty bomb is in no
way similar to a nuclear weapon. The presumed purpose of its use would be, therefore, not as a Weapon of Mass Destruction but
rather as a Weapon of Mass Disruption.

ACE Security – Module 4 / 21 of 36
 Security

Countermeasures
Airport Security Coordinators should desire to make their particular facility so unattractive to terrorist acts that the terrorist
selects another target. If that other target is also an airport, hopefully the airport security professional at that facility has done his/
her job well enough to make that facility unattractive to attack. Ideally, this trickle-down effect would lead the terrorist to a non-
aviation target, whereby other transportation security professionals would be responsible for making their facilities unattractive to
attack. This concept is known as: Not on My Watch. This slogan acknowledges that while you personally cannot stop all terrorist
attacks, even at your own facility, you should focus on those areas of the system, which you can control.

One of the most effective countermeasures is communication. To ensure airport tenants and aircraft operators have the correct
emergency contact information, the airport can create plastic credit-card sized phone number cards. These can be attached near
a phone or issued to personnel to attach to their airport ID badge lanyard (or similar fastener).

The card can include the phone numbers for the police, fire/rescue dispatch (since not all 911 calls will go to an airport’s dispatch
center), airport administration, operations and maintenance, Customs and Border Protection Office and Air Traffic Control Center.
Another highly effective countermeasure is the cooperation of agencies with aviation security responsibilities. Each agency, the
TSA, the FBI, the airport, the aircraft operator, etc., has a role to play within the system. Working with, instead of against, each
other provides a unified front against the terrorist threat.

ASC’s should become very involved and have an understanding of the intelligence agencies, resources and organizations that are
available. The TSA, FBI and industry trade associations all provide intelligence and information through a variety of channels. From
the AAAE’s daily SmartBrief on aviation security issues and their Transportation Security Policy committee, to the local airport
security consortium, ASC’s cannot effectively operate in a vacuum of information.

Knowing your resources, both informational and specialized units, will help the mission of the ASC to not allow the attack to
happen on their watch, and if it does, to rapidly mitigate the effects of an attack.

TSOC and HSOC
The Homeland Security Operations Center is the central command center for the Department of Homeland Security. HSOC
is charged with the collection and assessment of intelligence information related to preventing terrorist attacks and with,
sharing such information with other federal, state and local law enforcement agencies. Much of the intelligence traffic that
is disseminated to airports comes through the HSOC, and when a major security incident happens, HSOC can activate their
Interagency Incident Management Group (IIMG) to provide support to that event.

The IIMG provides strategic situational awareness, synthesizes key intelligence and operational information, frames operational
courses of action and policy recommendations, anticipates evolving requirements, and provides decision support to the Secretary
of Homeland Security and other national authorities during periods of elevated alert and national domestic incidents (Source
Department of Homeland Security).

Additionally, the HSOC provides event information to the White House Situation Room, constantly compares threats with existing
vulnerabilities and can thus raise the threat condition accordingly. Using satellite imaging and other technologies, the HSOC can
develop a real-time operational picture on 16 flat-panel, 50-inch display screens.

TSOC stands for the Transportation Security Operations Center, which serves as an operations watch center for transportation
security issues.

When a security incident occurs at an airport or on an aircraft, the TSOC should take an active incident management role in those
events. The TSOC also monitors the status of passengers traveling on commercial flights, such as those on the No Fly or Selectee
lists. TSOC maintains a 24-hour watch. For the current phone number check with the Federal Security Director, as the numbers
may change from time to time. At some airports, only the TSA makes contact with the TSOC; however, other airports allow their
ASC or even airport operations or communications center personnel – under the direction of the ASC – to contact TSOC.

22 of 36 / American Association of Airport Executives
 Module 4

Special Security Incident Considerations
The TSA requires airports to address each of the following in their emergency plans:

1. Hijacking
2. Bombings and Bomb Threats
3. Shooting
4. Sabotage
5. HazMat Incident
6. Airport Attack
7. MANPAD Attack (not specifically in ASP, but TSA is required to have a plan).
8. Airplane crash (cause unknown)

By no means is this section meant to be a comprehensive guide for specific actions that should be taken for each of these
incidents, but only provides general guidance. Airport security professionals should consult with local law enforcement, the FBI,
the TSA, FEMA and other agencies when developing specific incident response plans.

Despite numerous Hollywood portrayals of the good guys taking down the bad guys during a hijacking or similar event, in the real
world of incident response, not everyone follows the script – equipment that is supposed to work doesn’t, communications break
down at the worst times, people aren’t where they are supposed to be when they are supposed to be there, the bad guys don’t just
voluntarily line up to get shot, and generally, if anything can go wrong it will. Case in point, the 1994 hijacking of Air France 8969–
the takedown of which can be see on YouTube and should be part of any ASC film library.

During the incident, the hijackers were dressed as customs agents, they ordered the aircraft to park next to the tower so that
if they blew up the plane, they would take the tower with it – they shot several hostages and generally didn’t cooperate at all.
When the French special forces troops began their takedown, the airstairs were misaligned with the aircraft door which jammed
the door shut, hijackers fired out through the fuselage of the jet, the First Officer blocked the sniper’s shot of the hijacker in the
cockpit, and when passengers began evacuating, they came from multiple doors and scattered everywhere, with French police
trying to corral everyone on the ramp.

Contingency plans, as well as incident management responses and plans, should be routinely evaluated, and every plan should be
exercised as frequently as possible. Numerous scenarios should be explored.

Arrival of FBI may be several hours away, which means that local airport law enforcement will be the first responders to a
hijacking or similar event and must understand how to handle the situation until federal authorities arrive.

In cases involving the unlawful interference with aircraft, ICAO recommends the following:

The safest place for an aircraft under an unlawful act is on the ground.
The aircraft should be parked in an isolated area to minimize disruption to normal airport operations.
The overriding objective is the safe release of passengers and crew.
Confront the perpetrators with an organized and effective response to minimize damage or injury.
Negotiations should prevail over force until all other options are exhausted.
Trained negotiators should only conduct negotiations.
Decision-makers who can make decisions regarding the perpetrator’s demands should not be negotiators.
Secure communications equipment available for negotiators and perpetrators should be readily available.

In the attempted bombing of the Northwest Airline flight into Detroit in 2009, due to communications breakdowns, the aircraft was
not taxied to the isolated parking position but instead to the gate.
All agencies and personnel who are part of any contingency plan should clearly understand their duties and responsibilities within
the plan. Others are relying on each agency or individual to fulfill a particular role or function and not understanding your role or
function, lets someone else down and may even have catastrophic consequences. Further, any entity that must be notified during
the activation of a contingency plan should ensure that its contact information is up to date and on file with the appropriate entity
(airport or aircraft operator security personnel).

ACE Security – Module 4 / 23 of 36
 Security

Hijackings

Hijackings have taken on a new meaning since 9/11. No longer can ASC’s make the assumption that hijackers are merely
interested in having some government or organization meet their demands, like the release of prisoners. With the demonstrated
willingness of the Al-Qaeda terrorist organization to conduct suicide attacks with commercial airliners, it is critical in any hijack
situation to keep the aircraft on the ground.

Hijack training and exercises for airport security personnel should focus on how to keep an aircraft from taking off, and what
other actions to take while waiting for the appropriate law enforcement authorities to arrive. An additional consideration is that, in
most cases, airport police or sheriff’s deputies are the first to arrive on scene and will often set up a security perimeter around a
hijacked aircraft. Upon arrival of the FBI and potentially the FBI’s Hostage Rescue Team, provisions must be made by the airport to
changeover local law enforcement coverage to the FBI, set up a staging area for FBI personnel, and establish an area for the FBI
hostage negotiation team.

Airports should also work with local law enforcement, FBI and TSA personnel to designate an area where hijacked aircraft should
be parked. This location should include vehicle access roads and ideally some protected staging areas, such as a firehouse.
On November 26, 1985, an EgyptAir Boeing 727 was hijacked on a flight from Greece to Cairo, Egypt. Three terrorists hijacked
the flight 22 minutes after takeoff. Egyptian sky marshals engaged in a shootout with the hijackers. The flight landed in Malta.
Ten hours later, Egyptian troops stormed the aircraft, killing 56 out of 88 remaining passengers and one terrorist. One lesson that
seems clear from this incident is that only specially trained troops should be used to storm a hijacked aircraft. Some criticized the
troops for storming the aircraft, but others pointed out that terrorists already were killing hostages; so storming the aircraft was an
acceptable risk.

In the United States in April of 1999, law enforcement agencies were criticized for not immediately rushing inside Columbine high
school during student shootings that left 15 dead and over 30 wounded. The question for incident commanders remains: is it better
to use ill-prepared and ill-trained personnel when lives are threatened, or will their use cause more damage? Fortunately, the
Columbine shootings allowed law enforcement agencies to develop tactical response strategies to rapidly developing incidents.
Airport security personnel should ensure their law enforcement officers are trained in these tactics and conduct exercises to be
able to rapidly respond to a hijacking or shooting in the airport.

Despite the traditional TV method of “trading hostages”, airport security personnel should absolutely avoid the role of hostage
negotiator, and definitely should never “trade” themselves or allow other personnel to trade themselves for other hostages.
Law enforcement and FBI personnel can respond rapidly to virtually any location in the United States, and even the FBI Hostage
Rescue Team can respond just about anywhere within the U.S. in a few hours.

Bombings and Bomb Threats

One of the most interesting statistics regarding bomb threats is that, to date there are few recorded incidents in the United States
of a bomb threat being made prior to an actual device exploding at a US airport. More often than not, a bomb threat caller desires
to create anxiety and panic and to disrupt normal operations. It is important to pay attention to such threats, as this disruption may
be to cover other nefarious activity. Additionally, simply because the statistics say that most bomb threats do not turn out to be
actual bombs does not mean that this will be the case in the future. Sometimes, individuals call in bomb threats and have actually
planted a bomb, but they desire to minimize personal injuries.

Bomb threats called into airports should evaluated, responded to and then immediately reported to the TSA and the FBI. Airports
should also develop contingency plans to evacuate critical facilities. Most bomb threats at airports are made directly to the
airlines, who are also obligated to immediately contact the TSA, the FBI, and the airport operator. Part of bomb threat management
is searching the facility, and, ironically enough, the individuals most qualified to search a facility are the individuals who work in
the building, as they are the first to notice something that is out of place.

Airport operators may want to consider implementing into their bomb threat contingency plan a request for employees to
immediately search their workspace and leave a note on their desk or office door noting that they found nothing out of place (or
that they did find something out of place) prior to evacuating their location. Additionally, employees with office windows should
leave those windows open whenever possible to mitigate pressure blast effects. Employees must, of course, never touch anything
they suspect to be an explosive device.

24 of 36 / American Association of Airport Executives
 Module 4

Essentially there are three types of bomb threats: telephone, written threats (including e-mail, text, Twitter, Facebook or other
social media posting), and mail or package bombs. Personnel at the airport postal facility should be trained in the identification of
suspicious packages. This is often the responsibility of the U.S. Post Office, but extra training for airline personnel handling U.S.
mail is an additional countermeasure.

All personnel in a public contact capacity, including communications center and paging center personnel, should be provided
with training and materials on how to handle a bomb threat. The FBI provides a Checklist Bomb Threat Card, which is placed near
a telephone and provides questions to ask and places to write information about the caller (male or female voice, rapid or slow
talker, nasally or raspy voice, background noises, spoken language, etc).

Employees should also be trained not to use airport radios, cell phones or two-way pagers near a suspicious explosive device, as
the radio frequencies used by those devices may trigger a bomb.

Bomb threats most often come in two forms at an airport, either a potential bomb in checked baggage and already on board
an aircraft, or in an unattended bag somewhere in the airport. In the case of an unattended bag, the immediate area should be
evacuated and the bag not touched by anyone other than trained law enforcement personnel.

Bomb and unattended bag quick reference procedures include:

1. Take all threats and calls seriously.
2. If an unattended bag, repeatedly page the owner (if known).
3. Regard any unidentified or abandoned bag as a potential explosive.
4. Evacuate and cordon off the surrounding areas.
5. Contact the police and do not use cellular phones or radios near the bag.

Bomb threats onboard an aircraft while on the ground include:

Disembark all passengers (avoid using the emergency slides unless in an extreme emergency).
Move the aircraft to a remote location.
Re-screen all baggage and passengers.
Re-screen all cargo.
Check catering supplies.
Search the aircraft (usually can be done quickly and effectively with a K-9 team).

Vehicle-Born Improvised Explosive Device attacks have been used throughout history, but two incidents affected aviation, the
bombing of the Murrah Federal Building in Oklahoma City in 1995 and the bombing of the World Trade Centers in 1993. The attacks
pushed forward the “300-foot” rule, which required vehicles to park at least 300 feet away from an airport terminal building.

The rule was used sporadically throughout the 1990s – blast assessments and building blast mitigation designs has eliminated the
use of the rule in many cases but it is still occasionally used and is a good “rule of thumb” for estimating the stand-off distance of
a VBIED. Note that 300 feet is the stand-off for a vehicle loaded with an estimated 3000-4000 pounds of ammonium nitrate and fuel
oil but should NOT be used as a “safe” distance for the purposes of evacuation. The FBI and ATF publishes an evacuation card
that is open-source and easily available on the Internet for such purposes

While it is difficult to deter a VBIED attack, particularly a suicide bomber attack driving a truckload full of explosives, from hitting
the terminal building, there are some basic strategies. The Glasgow Airport successfully mitigated just such an attack in 2007
by installing bollards in front of their terminal building. Other technologies, include smart CCTV systems that can watch for
unattended vehicles, undercarriage CCTV systems to search underneath vehicles approaching the landside areas, and weight
detecting systems installed on terminal inbound approach lanes to determine if a vehicle is carrying more weight than should be
expected.

Suicide Bombers

Although it may seem that suicide bombers are fairly new phenomena, they have been around in aviation since 1961, when Julian
Frank took out an insurance policy on himself, then stepped onto an airliner with a suitcase loaded with dynamite. Afterwards,

ACE Security – Module 4 / 25 of 36
 Security

there were several other instances including in 1973 and 1976, when suicide bombers detonated bombs made with dynamite in the
lavatory of a commercial service aircraft (oddly, enough, the same plane twice – it was not destroyed either time).

The main difference with Frank is that his apparent purpose was to kill himself in a way that would leave insurance proceeds to
others. His motive was not terrorism in the traditional sense.

According to Robert A. Pape and James K. Feldman, authors of Cutting the Fuse: The Explosion of Global Suicide Terrorism
and How to Stop It (The University of Chicago Press, Chicago, IL, 2010), foreign occupation (perceived or real) of a land ignites
suicide terrorism. Their research indicates that for the last 30 years, the reason for the vast majority of suicide attacks has been
foreign occupation. The 9/11 attacks were also part of this theory, with Al-Qaeda’s perception that the U.S. has occupied several
countries in the Middle East throughout history.

According to Pape/Feldman, suicide terrorist attacks propelled anxiety and fear to levels few Americans had experienced in their
lifetimes. Terrorists have learned that suicide terrorism can work. Combine suicide terrorism with an active shooter attack and the
results can be devastating.

In August 2004, two suicide bombers boarded two Russian airliners and downed both of the aircraft. In Iraq and Afghanistan,
suicide bombings have been carried out against civilian and military targets numerous times. In 2007, an individual attempted a
suicide bombing at the Islamabad Airport in Pakistan, but he was shot by police before he could detonate the