Case Study: Security at Heathrow International Airport
Heathrow International Airport
From a single grass runway in 1930, Heathrow has grown to become one of the world´s busiest international airports. The private airport of 150-acre was requisitioned together with other land in and around the ancient agricultural village of Heath Row by the government during World War II. During the war the Royal Air Force (RAF) built a base for long-range trop-carrying aircrafts here. However, when the war ended the RAF no longer needed the airport and it was handed over to the Air Ministry as London´s new civil airport in January 1946. In the following years the airport has grown into five terminals and by its 60th anniversary in 2006, more than 1.4 billon passengers had travelled through the airport on more than 14 million flights (Heathrow Airport Limited, 2012b).
Today the airport covers 1,227 hectares; it has two runways, serves over 80 airlines that fly to over 180 different destinations. The airport is owned and operated by BAA Limited. The number of passengers who arrive and depart is estimated to an average of over 190,000 per day. In 2011 more than 69 million passengers arrived or departed Heathrow airport. In addition more than 1.48 million metric tonnes of cargo travelled through the airport in 2011. In addition to cargo and passengers, Heathrow receives over 12 million visitors and more than 20 million motor vehicles travel into the central terminal area per year. The number of people who work at Heathrow Airport has over the years risen to over 76,500 (Heathrow Airport Limited, 2012a). The airport is also regarded as one of UK´s key economic points (Metropolitan Police Service, 2012b).
Heathrow can be considered a terrorist target for several reasons. History has also shown that terrorists has a «tendency to target public transportation that offers terrorists concentrations of people — mostly strangers — in enclosed environments» (Jenkins, 1999a, p. 50). Terrorist organisations such as Al Qaeda, in example, has also shown a long interest in terrorism against the airline industry and view airports and airlines as high value targets because of the economic impact and symbolic value of such an attack (Tønnessen, 2008).
Current aviation security in place
The security system in place at Heathrow Airport is complex and comprise of technological, organisational and human barriers. There are a number of agencies, organisations and businesses with different tasks and responsibilities that are taking part in securing the airport and its passengers. The security measures can be divided into three categories; which are passenger and luggage screening, airport staff screening, and perimeter and access security. While the UK authorities has a major role in the latter, BAA and private security companies conducts the screening of personnel and baggage.
The UK Government has a major role in securing the airport (Button & George, 2001; HM Government, 2011; University of St. Andrews, 2012; Wilkinson, 2011). Examples of this are public warnings, intelligence, policing and armed forces. The security measures employed at the airport is also regulated by law and international agreements (International Civil Aviation Organization (ICAO), 2013; The European Parliament and the Council of the European Union, 2002; The National Archives, 1982, 1990; United Nations, 2012; Wallis, 1999).
UK Border Force is responsible for controlling imported and exported goods at Heathrow Airport to prevent among other things illegal activities such as drug, tobacco and alcohol trafficking. The UK Border Force is also responsible for passport control (UK Border Agency, 2013).
The Aviation Security Operational Command Unit at Metropolitan Police Service is responsible for the policing at Heathrow Airport (Metropolitan Police Service, 2012b). This is a police unit who deals with the threat from terrorism, organised crime and theft at the airport. The Metropolitan Police Service undertake Aviation Protection Patrols at various locations in and around Heathrow Airport to reduce the opportunity for crime and terrorist activity (Metropolitan Police Service, 2012a). They do this in cooperation with the general public who reports suspicious activity to the police. In addition the police can request support from the armed forces as part of a contingency plan authorised by the Government and the Scotland Yard (BBC News, 2003; Daily Mail, 2003; Tønnessen, 2008).
The BAA is responsible for passenger and staff screening in addition to general security around the airport. The BAA is also responsible for the fire service. The airlines are responsible for screening and handling baggage (Heathrow Airport Limited, 2012c). There are restrictions in what can be taken into restricted areas of the airport. In addition to weapons and explosives there are a number of restricted and prohibited item (GOV.UK, 2013; Heathrow Airport Limited, 2013; The Guides Network, 2013). In order to prevent crew, passengers and employees at the airport from bringing with them restricted articles they and their luggage is screened before entering the restricted area. This screening is conducted by a combination of metal detectors, x-ray machines and other explosive detection systems, in addition to manual procedures such as hand search.
Developments in aviation security
There has been a graduate development in aviation security leading up to 9/11 motivated by hijackings, sabotage bombings and other terrorist activities (BBC News, 1999; Patankar & Holscher, 2000; Tønnessen, 2008; Wikipedia – the free encyclopedia, 2013). However, even though some of these attacks were sabotage bombings the attack on 9/11 was a major turn of events within aviation security. Even though there were attempts and plans for suicide bombings before 9/11, this attack came as a surprise (Tønnessen, 2008).
From the days where traveling domestically by airplane within U.S. and other countries was more like traveling on the train with little or no security checks, much has changed the last twelve years. Today’s domestic and international air travels are heavily protected by a number of different security measures. The U.S. Transportation Security Administration (TSA) has «arrayed ´21 Layers of Security´ to strengthen security trough a layered approach» (Stewart & Mueller, 2011, p. 8). 15 of these layers are `pre-boarding´ security, while the remaining six are `in-flight security´ (Stewart & Mueller, 2011). I will in the following examine some of these security measures and the events that motivated their implementation.
Both before and after 9/11 security measures came as a response to successful and attempted attacks (NBC News, 2011). On December 22, 2001 Richard Reid attempts but fails in detonating a bomb hidden in his shoe while traveling from Paris to Miami (Tønnessen, 2008). Passengers and crew eventually overpowered Reid. The very next day a new random shoe screening policy was implemented (NBC News, 2011).
The 9/11 Commission, created some 18 months earlier, released its report on July 22, 2004. The report recommends several improvements in aviation security. Among the suggestions were enhancing passenger pre-screening policies, improving measures to detect explosives on passengers and intensifying efforts to identify and screen potential dangerous cargo (National Commission on Terrorist Attacks Upon the United States, 2004; NBC News, 2011).
Then on August 10, 2006, 21 people were arrested on terrorism charges after a successful operation by the British authorities. The plotters were preparing to detonate liquid explosives on some ten transatlantic flights from the UK to the United States and Canada (Casciani, 2009; NBC News, 2011; Tønnessen, 2008; Wikipedia – the free encyclopedia, 2012). As a countermeasure a new policy to ban all liquids and gels in carry-on luggage and a mandatory shoe screening policy was implemented(BBC News, 2006; Oliver & Batty, 2006; Wikipedia – the free encyclopedia, 2012). The ban on liquids and gels were revised on September 25, 2006. The new 3-1-1 rule allowed passengers to bring with them liquid, gels and aerosols that were no larger than three ounces or less and fits in a quart clear plastic zip-top bag. Beverages purchased in the secure area could also be brought on-board the aircraft (NBC News, 2011).
Then on December 25, 2009, Umar Farouk Abdulmutallab tries to blow up a U.S. airliner flying from Amsterdam to Detroit. After trying to detonate a bomb hidden in his underwear he is stopped and subdued by fellow passengers. This incident leads to an increased effort to swiftly implement enhanced security measures such as advanced imaging technology or full body scanners (NBC News, 2011). In the aftermath of this incident new enhanced aviation security measures are implemented for passengers traveling to the United States. The new policies include enhanced explosives trace detection, advanced imaging technology or pat down by screening personnel. These pat down procedures was further enhanced on October 28, 2010 (NBC News, 2011).
On November 1, 2010, TSA announces a new program to prevent passengers on the government ´no-fly´ lists from boarding an airplane. The program is called ´Secure Flight´ and fulfils key recommendations of the 9/11 Commission (National Commission on Terrorist Attacks Upon the United States, 2004; NBC News, 2011).
These are some of the major developments in security after 9/11. Numerous efforts are made to enhance security by improving policies and technology (Evans, 2005). Because some of the new policies and technology are both cumbersome and invasive, efforts are made to allow liquids through the passenger screening when technology is good enough and new no-invasive body scanners are made and implemented. However, there are those who believe the future will include more use of advanced technology and enhanced security policies (Briggs, 2011).
There are a number of challenges to aviation security at Heathrow and other airports. Some of these are technological challenges, while others are human and organisational issues. The aviation security system at Heathrow is huge and complex (Heathrow Airport Limited, 2012a; International Labour Office, 2013). A challenge with tight coupled and complex systems such as Heathrow is that it is impossible to predict all the ways such a system may fail. Nonetheless, some argue that the norm is that complex systems eventually fail (Patankar & Holscher, 2000; Perrow, 1999). Because of this complexity not all weaknesses will be addressed in this text. However, I will examine a few before making some suggestions on how to address them.
Weaknesses in current security arrangements
One weakness which may lead to a failure is that airport security may have become too predictable and static (Milmo, 2010). The same passenger and baggage screening policies all over the world makes it easier for terrorists to predict. Today all passengers are put through the same screening procedures. Some argue that this is unsustainable and that changes has to be made (Milmo, 2010).
Another weakness is that much, if not all, of the security policies and procedures that has been implemented over the years has been implemented after an event or a terrorist attack. Merari (1999, p. 24) write that «a look at the history of attacks on commercial aviation reveals that new terrorist methods of attack have virtually never been foreseen by security authorities.» Events after 9/11 support this statement. Terrorist has show repeatedly that they are adaptable and continues to try to identify weaknesses that can be exploited (Tønnessen, 2008). This means that terrorist may try similar attacks as before, but perhaps more likely they will try to circumvent any security measures they have identified. Static security procedures make it easier to test and circumvent these measures.
The third weakness that will be addressed in this text is humans. Humans are arguably responsible for all types of failure in our modern world. This is also the case for Heathrow airport security (Fisher, 1989; Schneier, 2007). However, humans fail in a number of ways (Reason, 1990). Basically, these failures may be divided into to groups; active and latent failures. While field personnel such as screening personnel usually commit active failures, management or policy makers usually commit latent failures. Active failures are the result of events within a short time frame, while latent errors may take much longer time before they result into a failure (Patankar & Holscher, 2000).
An improvement in aviation security at Heathrow could be achieved if the security policies and procedures of today are made more dynamic. Dynamic security measures could reduce the overall security risk by reducing complacency among screening personnel due to monotone work and reduce the cost of implementing and operating expensive screening technology (Patankar & Holscher, 2000).
There are those who believe profiling through scrutiny of passengers body language and facial reactions is the way to go forward (Kenny, 2009; Milmo, 2010; Shannon, 2009). BAA has already tried this method on six UK airports, where selected staff at BAA was trained by government agencies to detect suspicious or abnormal behaviour among passengers. Even though the trial led to the arrest and criminal conviction of some people singled out by the behaviour detection specialists, BAA declines to state whether this was related to terrorism.
Nevertheless, the political acceptance of profiling has changed from before 9/11 where the general thought was, at least in the United States, that «any form of selection for additional scrutiny is contentious in a society as ethnically diverse as America’s, where civil liberties are constitutionally guaranteed and citizens are exquisitely sensitive to any form of discrimination. Americans would prefer their security to be democratic and passive; that is, equally applied to everyone, and reactive only to behavior indicating criminal intent — such as attempting to smuggle a gun on board — rather than attempting to identify in advance the most likely smuggler. Criteria based on ethnic identity, national origin, gender, and religion are all out of bounds to civil libertarians. Nor should profiling provide airlines with access to personal information about travelers, including their criminal record if they have one.» (Jenkins, 1999b, pp. 105-106). Events before and after 9/11 has shown that while this may be the ideal to strive for more pragmatic and realistic methods needs to be implemented. Therefore in the United States and other countries the government and the courts balance the right to privacy with the need of the state to ensure the security of airline passengers and crew (Patankar & Holscher, 2000). As a consequence computerised profiling of passengers started before 9/11 (Patankar & Holscher, 2000). However it has been further developed after 9/11. It can be argued that screening is here to stay for the foreseeable future, the question, however, is how to make it more cost effective and reliable (McLay, Jacobson, Lee, & Kobza, 2008; McLay, Lee, & Jacobson, 2010).
Yet, there are also those who argue that this is not the way to go due to unacceptable trade-off between civil liberties and security and because of inherent weaknesses in the method (Mayerowitz, 2010; Schneier, 2012).
It is also important to identify security risks through risk analysis. Such an approach would be important to identify new treats and vulnerabilities by using foresight. That means identify possible modus operandi before the attack is successful. Another factor that is closely related to risk analysis is cost-effectiveness. Any new policy or procedure should ultimately be assessed through a cost-benefit analysis.
However, the problem with risk analysis and cost-effectiveness is that this is heavily influenced by differences in culture and individual differences (Adams, 1995, 2004). What might be acceptable risk in one country, or part of the world, may be unacceptable in other parts. This is an argument for upholding the current system where everybody is treated the same and abides by the same rules.
When it comes to human failure there need to be a continued focus on both active and latent failures. Motivation and applying the scientific method to improve knowledge is important to address the human factor. The scientific method should both be applied to acquiring knowledge about what the challenges are, in addition to identifying sustainable solutions. Motivational programs such as the one provided by the Centre for the Protection of National Infrastructure (CPNI) may also help (Centre for the Protection of National Infrastructure (CPNI), Not dated).
9/11 was also a change in paradigm among passengers. Even though the focus for this text has been pre-boarding security there are also in-flight security measures. While the conventional wisdom of the time was to sit tight and wait for the hijackers to land the airplane so the negotiations could begin, the crew and passengers today will no longer be passive but fight back. The shoe bomber of 2001 and underwear bomber of 2009 are examples of this. Even if terrorist were able to board an airplane with explosives or other weapons it would nevertheless be more difficult to succeed. Two important reasons for this is that passengers most likely will fight back and airplanes are resilient enough to withstand some structural damage to the fuselage (Stewart & Mueller, 2011; Tønnessen, 2008). This should all be taken into consideration when analysing risk and cost of new security measures.
Nevertheless, a strategy of layered approach is probably the best approach to all of the previous mentioned weaknesses. It can be argued that the «key to improving security well into the future is to define, implement, change, and continually update the available layers of security appropriately» (Jacobson, 2012, p. 37).
Adams, J. (1995). Risk. London: UCL Press.
Adams, J. (2004). Risk Management: it’s not rocket science. It’s more complicated. Retrieved from http://18.104.22.168/evidence/content/RiskManagement.pdf
BBC News. (1999). Standard procedure: UK airport security Retrieved April 16, 2013, from http://news.bbc.co.uk/2/hi/uk_news/454637.stm
BBC News. (2003, February 11). In pictures: Army patrols Heathrow Retrieved April 16, 2013, from http://news.bbc.co.uk/2/hi/uk_news/2749659.stm
BBC News. (2006, August 10). ‘Airlines terror plot’ disrupted Retrieved May 21, 2012, from http://news.bbc.co.uk/2/hi/4778575.stm
Briggs, B. (2011, August 18). Airport security: You ain’t seen nothing yet Retrieved April 30, 2013, from http://www.msnbc.msn.com/id/44149385/ – .T58CTO1AB3s
Button, M., & George, B. (2001). Government Regulation in the United Kingdom Private Security Industry: The Myth of Non-Regulation. Security Journal, 14(1), 55-66.
Casciani, D. (2009, September 7). Liquid bomb plot: What happened Retrieved April 18, 2013, from http://news.bbc.co.uk/2/hi/uk_news/8242479.stm
Centre for the Protection of National Infrastructure (CPNI). (Not dated). Motivation within the security industry. London: The Security Service.
Daily Mail. (2003). 400 soldiers patrol Heathrow amid terror fears Retrieved May 21, 2012, from http://www.dailymail.co.uk/news/article-160010/400-soldiers-patrol-Heathrow-amid-terror-fears.html
Evans, P. (2005). Three-dimensional X-ray Imaging for Security Screening. Security Journal, 18(1), 19-28.
Fisher, D. (1989, January 14). Airport Security Lapses Exposed by British Reporters : Changes Ordered at London’s Heathrow After Journalist ‘Cleaners’ Gain Access to Jets Retrieved April 16, 2013, from http://articles.latimes.com/1989-01-14/news/mn-92_1_heathrow-airport
GOV.UK. (2013, April 4). Hand luggage restrictions at UK airports, a guide from GOV.UK Retrieved April 16, 2013, from https://http://www.gov.uk/hand-luggage-restrictions/print
Heathrow Airport Limited. (2012a). Heathrow facts and figures Retrieved May 21, 2012, from http://www.heathrowairport.com/about-us/facts-and-figures
Heathrow Airport Limited. (2012b). Heathrow’s history Retrieved May 21, 2012, from http://www.heathrowairport.com/about-us/facts-and-figures/heathrow’s-history
Heathrow Airport Limited. (2012c). Who does what at Heathrow Airport Retrieved May 21, 2012, from http://www.heathrowairport.com/about-us/facts-and-figures/who-does-what
Heathrow Airport Limited. (2013). Heathrow security screening FAQs Retrieved April 16, 2013, from http://www.heathrowairport.com/heathrow-airport-guide/heathrow-security/faqs
HM Government. (2011). CONTEST: The United Kingdom´s Strategy for Countering Terrorism. London.
International Civil Aviation Organization (ICAO). (2013). Aviation Security and Facilitation Policy Section Retrieved April 16, 2013, from http://www2.icao.int/en/AVSEC/SFP/Pages/default.aspx
International Labour Office. (2013). Civil aviation and its changing world of work Issues paper for discussion at the Global Dialogue Forumon the Effects of the Global Economic Crisis on the Civil Aviation Industry. Geneva: Sectoral Activities Department.
Jacobson, S. H. (2012). Watching through the “I”s of aviation security. J Transp Secur (5), 35-38.
Jenkins, B. M. (1999a). Aircraft Sabotage. In P. Wilkinson & B. M. Jenkins (Eds.), Aviation Terrorism and Security (pp. 50-53). London: Frank Cass Publishers.
Jenkins, B. M. (1999b). Aviation Security in the United States. In P. Wilkinson & B. M. Jenkins (Eds.), Aviation Terrorism and Security (pp. 101-111). London: Frank Cass Publishers.
Kenny, M. (2009, October). Profiling: in tandem with technology. Aviation Security International, 30-34.
Mayerowitz, S. (2010, January 5). Airport Security Solution: Profiling Travelers? Retrieved April 21, 2013, from http://abcnews.go.com/Travel/airport-security-solution-tsa-profile-travelers-prevent-terrorist/story?id=9476997 – .UXRMw7-uZ2k
McLay, L. A., Jacobson, S. H., Lee, A. J., & Kobza, J. E. (2008). A Sequential Stochastic Multilevel Passenger Screening Problem for Aviation Security: Virginia Commonwealth University.
McLay, L. A., Lee, A. J., & Jacobson, S. H. (2010). Risk-Based Policies for Airport Security Checkpoint Screening. Transportation Science(44), 333-349.
Merari, A. (1999). Attacks On Civil Aviation: Trends and Lessons. In P. Wilkinson & B. M. Jenkins (Eds.), Aviation Terrorism and Security (pp. 9-26). London: Frank Cass Publishers.
Metropolitan Police Service. (2012a). Aircraft Protection Patrols Retrieved May 21, 2012, from http://www.met.police.uk/heathrow/aircraft_protection_patrols_.htm
Metropolitan Police Service. (2012b). Aviation Security. About us Retrieved May 21, 2012, from http://www.met.police.uk/heathrow/
Milmo, D. (2010, November 28). Airport security rules ‘give terrorists an advantage’ Retrieved May 21, 2012, from http://www.guardian.co.uk/world/2010/nov/28/global-airport-security-terrorists-advantage
National Commission on Terrorist Attacks Upon the United States. (2004). The 9/11 Commission Report.
NBC News. (2011, August 8). The evolution of airport security Retrieved April 18, 2013, from http://www.nbcnews.com/id/44148324/ns/travel-news/t/evolution-airport-security/ – .UXBGkb-uZ2k
Oliver, M., & Batty, D. (2006, August 10). ‘Mass murder terror plot’ uncovered Retrieved May 21, 2012, from http://www.guardian.co.uk/world/2006/aug/10/terrorism.politics
Patankar, M. S., & Holscher, L. (2000). Accessibility vs Security: The Challenge to Airport Security Systems. Security Journal, 13(2), 7-19.
Perrow, C. (1999). Normal Accidents. Living with High-Risk Technologies. Princeton: Princeton University Press.
Reason, J. (1990). Human Error. Cambridge: Cambridge University Press.
Schneier, B. (2007, December 14). Defeating the Shoe Scanning Machine at Heathrow Airport Retrieved April 16, 2013, from http://www.schneier.com/blog/archives/2007/12/defeating_the_s.html
Schneier, B. (2012, September 5). The Trouble with Airport Profiling Retrieved April 21, 2013, from http://www.forbes.com/sites/bruceschneier/2012/05/09/the-trouble-with-airport-profiling/
Shannon, S. A. (2009, April). Behavioural Analysis Solutions: Spotting the Enemy. Aviation Security International, 10-14.
Stewart, M. G., & Mueller, J. (2011). Cost-Benefit Analysis of Advanced Imaging Technology Full Body Scanners for Airline Passenger Security Screening. Journal of Homeland Security and Emergency Management, 8(1). doi: 10.2202/1547-7355.1837
The European Parliament and the Council of the European Union. (2002). REGULATION (EC) No 2320/2002 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 December 2002 establishing common rules in the field of civil aviation security Retrieved April 16, 2013, from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:355:0001:0021:EN:PDF
The Guides Network. (2013). Heathrow Airport Security Information Retrieved April 16, 2013, from http://www.heathrow-airport-guide.co.uk/security.html
The National Archives. (1982, July 23). Aviation Security Act 1982 Retrieved April 16, 2013, from http://www.legislation.gov.uk/ukpga/1982/36 – contentSearch
The National Archives. (1990). Aviation and Maritime Security Act 1990 Retrieved April 16, 2013, from http://www.legislation.gov.uk/ukpga/1990/31/contents
Tønnessen, T. H. (2008). Luftfarten som terrormål (translated: Aviation as a terrorist target). Kjeller: Norwegian Defence Research Establishment.
UK Border Agency. (2013). About us Retrieved April 16, 2013, from http://www.ukba.homeoffice.gov.uk/aboutus/
United Nations. (2012). International Legal Instruments to Counter Terrorism – UN Action to Counter Terrorism Retrieved April 30, 2012, from http://www.un.org/terrorism/instruments.shtml
University of St. Andrews. (2012). Aviation Security: Background Certificate in Terrorism Studies, Module: Introduction to Aviation Terrorism and Security, Lesson1: Need for Effective Aviation Security System.
Wallis, R. (1999). The Role of the International Aviation Organisations in Enhancing Security. In P. Wilkinson & B. M. Jenkins (Eds.), Aviation Terrorism and Security (pp. 83-100). London: Frank Cass Publishers.
Wikipedia – the free encyclopedia. (2012, April 30). 2006 transatlantic aircraft plot Retrieved April 18, 2013, from http://en.wikipedia.org/wiki/2006_transatlantic_aircraft_plot
Wikipedia – the free encyclopedia. (2013, April 14). Airport Security Retrieved April 16, 2013, from http://en.wikipedia.org/wiki/Airport_security
Wilkinson, P. (2011). Terrorism versus democracy: the liberal state response (3 ed.). London: Routledge.