Originally posted on the Seeing Clearly blog 15/06/17
(Written on a laptop on a flight from Paris to Denver.)
The US government has hinted at the expansion of a current laptop ban, which is currently applied to ten locations in the Middle East and Africa. Airline and government stakeholders gathered at the beginning of June in Cancun to discuss a possible way forward.
All of this feels very familiar.
In 2001, Richard Reid attempted to bring down a US aircraft traveling from Paris to Miami using an explosive in his shoe. Shortly thereafter, the US required passengers to remove footwear, a practice still followed in US airports and required in some last point of departure locations.
In 2006, a group of terrorists in the UK tried to carry liquid explosives disguised as soft drinks onto six separate aircraft bound for the US and Canada. Within days, passengers were prohibited from carrying liquids onboard flights to the US—with a broader international ban that followed.
In early 2016, a passenger attempted to bring down a flight over Somalia using a bomb in a laptop. He was unsuccessful because of the low altitude and perished as a result. Meanwhile, US and UK authorities have clearly uncovered intelligence showing that this threat persists, with an even greater level of sophistication and a stronger focus.
And, here we are. A full laptop ban lingers, and the finger-pointing begins.
If we were to look at the past, we could anticipate the unfolding of events: a full UK and US ban, followed by an international ban, with agreed-upon exceptions (e.g., 3-1-1 rule). Fortunately, however, decision-makers seem less keen on following this path, recognizing that it’s near impossible to remove a measure once implemented. Who will sign their name to removing a requirement when taking it away would add even a fraction more risk, especially when passengers have grown accustomed to the requirement?
Although I am in no position to endorse or condone an extended laptop ban—given I am not privy to the intel—I anticipate that it will come. To limit the damage, the US Department of Homeland Security’s (DHS) critical path is clear:
- Specify the Vulnerability
In the United States, DHS (or the Transportation Security Administration [TSA], more specifically) sets detection standards. If the technologies in airports today cannot counter the new threat, then the detection standards need to be adjusted. More importantly, information on the vulnerability needs to be shared with technology providers so they can prioritize development activities accordingly. Goodwill abounds on all sides, but communication is key—even if it’s in a closed room with appropriate safeguards.
- Develop Countermeasure Options
When determining how best to counter the threat, decision-makers must weigh all the options: deterrence, intent-focused detection, or object-focused detection. If you’re giving operators a menu of possibilities, which ones are relevant and how should they be configured? It’s incredibly hard to compare the effectiveness of one measure against another. So, the decision-making should center on detection/deterrence effectiveness, balanced against operational feasibility. Most importantly, it should incorporate robust input from airline and airport operators!
- Ensure the Approach Is Risk-Based
With passenger growth off the charts and airport capacity increasingly strained, one-size-fits-all security is no longer viable. By requiring new measures for laptops, TSA can either impose a new baseline screening regime across the board, or they can redefine protocols for passengers or laptops designated as high risk. If they opt for the latter, risk-based security wins, and the community takes a step forward in its evolution.
- Give a Reasonable Implementation Period
It would be careless for DHS to linger on an approach and then expect operators to implement the new requirement within days. The human element in an effective countermeasure strategy is critical. If you force speed, you lose effective training and solid implementation, thereby weakening your intended position.
- Delineate Your Exit Strategy
Irrespective of the countermeasure or chosen approach, DHS should be clear on how it intends to reduce the additional burden on passengers, airlines, and airports in the future. This should entail outlining clear and realistic milestones for the phased removal of the new measures in the months ahead. These milestones should not be 100 percent reliant on detection technologies meeting a new and higher standard. Just as important, DHS/TSA must prioritize technology R&D and development efforts to align with these milestones, opening the door wide to new ideas and industry proposals.
In the next few weeks, I’ll share additional thoughts on critical path for both operators and technology providers as they work through this, if of course I can carry my laptop onto my next international flight.