National Aviation Security Policy, Strategy, and Mode-Specific Plans: Background and Considerations for Congress

^Pr^ep^ar^{ed f}^o^r^M^e^m^b^ers^an^d^Com^mⁱ^t^t^ees^of^C^ong^r^e^ss

In the years leading up to the terrorist attacks of September 11, 2001, the United States lacked a
comprehensive national policy and strategy for aviation security. The approach to aviation
security was largely shaped by past events, such as the bombing of Pan Am flight 103 in
December 1988, rather than a comprehensive evaluation of the full range of security risks. The
9/11 Commission concluded that the terrorist attacks of September 11, 2001, revealed failures of
imagination, policy, capabilities, and management by both the FAA and the U.S. intelligence
community.
Following the September 11, 2001, attacks, U.S. aviation security policy and strategy was closely
linked to the changes called for in the Aviation and Transportation Security Act (ATSA, P.L. 107-
71), which emphasized sweeping changes to the security of passenger airline operations. While
the importance of strategic planning was recognized, it was not a priority. The 9/11 Commission
Report concluded that the TSA had failed to develop an integrated strategy for the transportation
sector and mode specific plans, prompting Congress to mandate the development of these
strategies and plans in the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-
458). While the TSA has developed these strategies and plans, the documents have been
considered security sensitive thus limiting public discourse on the DHS strategy for aviation
security. However, in June 2006 President Bush directed the DHS to establish and implement a
national strategy for aviation security and an accompanying set of supporting plans.
Under the framework for national aviation security policy established by the President, the DHS
has developed a publicly-available national strategy for aviation security that addresses threats to
aviation using a risk-based methodology to complement the overarching National Infrastructure
Protection Plan (NIPP) and seeks to deter and prevent terrorist attacks against aviation, mitigate
damage and expedite recovery and minimize the impact of an attack to the aviation system. The
strategy seeks to achieve these objectives by engaging domestic and international partners and
carrying out specific actions set forth in a series of supporting plans for operational security,
surveillance and intelligence, threat response, system recovery, and coordination.
Congress may have a specific interest in assessing whether these plans are comprehensive,
adaptable, sustainable, and adequately coordinated with budgetary decisions and resource
allocation. Specific issues for Congress may include the validity of the strategy’s underlying risk
assumptions; the extent to which 9/11 Commission recommendations and statutory requirements
are reflected in the strategy; consideration of sustainability of and advancement of security
technologies to meet future needs and system demands; whether the strategy is sufficiently
forward-looking and not reactive in its approach; the extent to which the strategy provides a
comprehensive framework for a robust aviation security system; and the degree to which strategic
objectives and approaches align with budget priorities and resource availability. This report will
not be updated.

Backgr ound ..................................................................................................................................... 1
National Aviation Security Policy...................................................................................................4
The National Strategy for Aviation Security...................................................................................5
Threats to Aviation....................................................................................................................6
Aircraft-related Threats.......................................................................................................7
Threats to Aviation Infrastructure.......................................................................................8
Threats Involving Exploitation of Air Cargo......................................................................9
Risk-Based Methodology..........................................................................................................9
Strategic Objectives.................................................................................................................10
Roles and Responsibilities.......................................................................................................11
Aviation Mode-Specific Plans.......................................................................................................13
Some Possible Issues for Congress...............................................................................................14
What is the validity of underlying risk assumptions?.............................................................14
To what extent do the contents of U.S. policy, national strategy, and mode-specific
plans for aviation security align with recommendations of the 9/11 Commission,
and statutory requirements related to the implementation of those
recomme ndations? ............................................................................................................... 15
Does the National Strategy for Aviation Security and its supporting plans sufficiently
consider the sustainability of the aviation security system and its various
components? ........................................................................................................................ 17
Is the national strategy for aviation security forward-looking, or does it perpetuate a
reactive approach to strategic security planning in the aviation domain?............................18
To what extent does the national strategy for aviation security provide a
comprehensive framework for conceptualizing and implementing initiatives to
develop and maintain a robust aviation security system?....................................................20
How do the objectives and approaches set forth in the aviation security strategy and
mode-specific plans align with budgetary decision-making and resource
availabi lity? .......................................................................................................................... 21
Figure 1. Aviation Security Threat Sources, Tactics, and Targets...................................................7
Author Contact Information..........................................................................................................22

In the years preceding the terrorist attacks of September 11, 2001, the United States lacked a
comprehensive national policy and strategy for aviation security. The United States approach to
aviation security had largely been shaped by past events such as the bombing of Pan Am flight
103 in December, 1988 and, at that time, was undergoing a reactive shift in strategy, placing
emphasis on addressing the threat of aircraft bombings aboard commercial airliners, albeit with
limited resources and a much slower time frame compared to actions taken following the terrorist
attacks of September 11, 2001.
In April 2001, the Federal Aviation Administration issued a strategic plan for civil aviation
security titled “A Commitment to Security.” The vision was for the FAA and the U.S. aviation
security system to be “[r]ecognized as the world leader in civil aviation security—identifying and ¹
countering aviation-related threats to U.S. citizens worldwide.” The strategic goal stated in the ²
plan was to let “[n]o successful attacks against U.S. civil aviation” occur. In comparison to the
breadth and depth of the post-9/11 focus on aviation security, the desired key results stated in this
document in retrospect seem quite modest and the goal tragically unattained. The pre-9/11
strategic plan sought to improve on checked baggage and checkpoint screening performance and
utilize a combination of explosives detection system (EDS) screening and positive passenger
baggage match (PPBM) techniques to vet 100% of checked baggage. In addition to improving
technical capabilities to detect explosives in checked baggage, strategies identified by the FAA
included
• establishing security screening operations and training standards which, at that
time, did not exist;
• ensuring Federal Air Marshals were available to protect selected high-risk flight, ³
although their numbers had dwindled to 33 at the time of the 9/11 hijackings;
• ensuring that certified explosives canine teams were available at major U.S.
airports; and
• ensuring preparedness and crisis management to respond to incidents that may
occur.
The FAA Civil Aviation Security Strategic Plan also sought to improve air cargo security,
primarily to reduce transport of dangerous goods, a likely response to the concerns over the
transport of dangerous goods highlighted by the May 11, 1996 crash of Valujet flight 592 in the
Florida Everglades. The strategic plan sought to achieve this objective largely through industry
training and education and targeted inspections of dangerous goods transportation areas. Despite
the emphasis on preventing aircraft bombs carried in passenger luggage, the potential threat of a
bomb placed in air cargo was not mentioned in the strategic plan. Also, while the strategic plan
addressed internal FAA security, the emphasis of this strategic element was on handling and
protection of sensitive information and maintaining up-to-date background checks and clearances

¹^Fe^de^r^a^{l A}^v^ia^{tion A}^d^mⁱ^nis^t^r^a^tion,^{A Commitme}ⁿ^t^to^Se^c^u^rity^{, Civ}ⁱ^l^Av^iatio^{n Str}^a^te^gⁱ^c^Plaⁿ²⁰^01-²⁰⁰⁴^,^A^p^rⁱ^l²⁰⁰¹^,^p^.
^3.
²^I^b^id^{., p. 11.}
³^N^a^tiona^{l C}^o^m^m^is^sⁱ^{on on T}^e^r^r^o^rⁱ^s^t^A^tta^ck^s^U^{pon t}^h^e^Uⁿ^ite^d^Sta^t^e^s^,^The^9/1¹^C^o^m^mⁱ^s^sⁱ^{on Re}^por^t^(Au^t^h^o^rized
^Editi^on),^N^e^w^Y^o^rk^{, N}^Y^:^W^.^W^.^N^o^rtoⁿ^&^Com^p^aⁿ^y^{, p. 8}⁵^.

for employees in security-sensitive positions. While the strategic plan did identify the completion
of facility security assessments and the protection of information systems among key results
sought, it did not convey any insight regarding the potential threats and vulnerabilities of air
traffic facilities to physical attack or FAA information systems to physical or cyber-attack.
The FAA’s pre-9/11 strategic plan also identified several key results regarding external
relationships including improved communications with Congress, the aviation industry, foreign
governments, the Office of Management and Budget (OMB), and the Department of
Transportation, Office of Inspector General (DOT OIG). The strategic plan, however did not
specifically address relationships with federal law enforcement agencies and the intelligence
community, factors that became a central focus of post-9/11 homeland security policy debate. The
strategic plan also did not address relationships and coordination with the military for incident
response, a major deficiency in the FAA’s response to the hijackings on September 11, 2001, and
an area of considerable focus during post-9/11 strategic planning.
While the FAA strategic plan for aviation security failed to adequately consider all security risks,
the 9/11 Commission concluded that the terrorist attacks of September 11, 2001, revealed failures
in imagination, policy, capabilities, and management both on the part of the FAA and the U.S.
intelligence community. Although the brunt of the criticism levied by the 9/11 Commission was
directed at the U.S. intelligence community, it faulted the FAA for focusing too heavily on the
threat of bombings and for not involving the FAA’s civil aviation security intelligence functions
in the FAA’s policymaking process. The 9/11 Commission pointed out that the suicide hijacking
threat was imaginable, and was, in fact, imagined by FAA Civil Aviation Security intelligence ⁴
analysts in 1999, but largely dismissed as being unlikely. The 9/11 Commission faulted Congress
as well for becoming entrenched in debate over airline passenger service issues while failing to
focus attention and resources on the terrorist threat to the aviation system. The FAA Civil
Aviation Security Strategic Plan released in April 2001 serves as evidence that the FAA did not
create a comprehensive strategy for protecting the aviation domain from the full spectrum of
terrorist threats, and did not effectively prioritize and allocate resources for reducing the
vulnerability of the aviation system to possible terrorist attacks.
Immediately following the terrorist attacks of September 11, 2001, aviation security policy and
strategy debate were closely linked to the legislative process leading to the swift passage of the
Aviation and Transportation Security Act (ATSA, P.L. 107-71). With regard to strategy and
policy, ATSA gave the newly created position of Undersecretary of Transportation for Security
(now known as the TSA Administrator) specific authority and responsibility for assessing threats
to transportation and developing policies, strategies, and plans for dealing with these threats to ⁵
transportation security. However, the primary emphasis of ATSA was on the security of
passenger airline operations, and the immediate focus of the TSA was to meet congressionally
established requirements and deadlines for the deployment of air marshals, the federalization of
airport security screeners, and 100% explosives detection system (EDS) screening of checked
baggage. While the importance of establishing comprehensive policy and strategy for aviation
security was recognized by many policymakers, a strategic plan for protecting the aviation
domain was slow to take shape.

⁴^I^b^id^{., p. 34}^5.
⁵^Se^e^T^itle^{49 U.S}^.^C.^{§ 1}¹⁴^.

In 2002, as these mandates for enhancing passenger airline security set forth in ATSA were being
carried out, and while Congress debated legislation to establish the Department of Homeland
Security (DHS), the Bush Administration began examining U.S. policies for protecting the
homeland against future terrorist attacks in a broader context, considering other infrastructure and
assets beyond the aviation domain that may be at risk. In July 2002, the President issued the
National Strategy for Homeland Security and in February 2003, the President issued the National
Strategy for the Physical Protection of Critical Infrastructures and Key Assets. However, neither
of these strategies offered specific details on aviation security strategy, nor did they specify how
aviation security plans and programs fit into these broader strategies for protecting the homeland
and its critical infrastructure and key resources (CI/KR) from terrorist attacks.
On July 22, 2004, the 9/11 Commission released its final report, concluding that the TSA had
failed to develop an integrated strategic plan for the overall transportation sector and specific
plans for each of the transportation modes. The 9/11 Commission recommended that the U.S.
strategy for transportation security should be predicated on a risk-based prioritization for
allocating limited resources to protect transportation infrastructure in a cost-effective manner,
assigning roles and responsibilities for federal, state, regional and local authorities as well as ⁶
private stakeholders. Following the release of the 9/11 Commission’s final report, Congress
made addressing the recommendations of the report a key legislative priority, reflecting many of
the Commission’s recommendations in the Intelligence Reform and Terrorism Prevention Act of
2004 (P.L. 108-458), which was enacted on December 17, 2004. The act specifically required the
DHS to develop, prepare, implement, and keep up-to-date a comprehensive national strategy for
transportation security and mode-specific security plans. Reflecting 9/11 Commission
recommendation language, the act required the strategy to assign risk-based priorities and
realistic deadlines for implementing practical and cost-effective defenses against security threats,
setting forth agreed upon roles and missions for federal, state, regional, and local authorities and
mechanisms for private sector cooperation and participation.
Under the requirements established in the act, the National Strategy for Transportation Security
was to be accompanied by mode-specific security plans, including an aviation mode-specific
plan. The modal security plan for aviation was required to include a threat matrix outlining each
threat to the United States civil aviation system and the corresponding layers of security in place
to address these threats and a plan for mitigation and reconstitution of the aviation system in the
event of a terrorist attack. While the act required that the first iteration of the strategy be ⁷
transmitted to the congressional homeland security authorizing committees by April 2005, the
strategy document was delivered in September 2005. As required by law, updates to the strategy
and the mode-specific plans must be transmitted to Congress every two years. These strategy
documents have been designated as security sensitive information as provided for in the act.
Consequently, they have had limited distribution beyond the DHS and the homeland security
authorizing committees in Congress. Therefore, there has not been extensive public discourse on
the DHS approach to developing a national strategy for transportation security and strategies and
plans specific to protecting the aviation mode from future terrorist attacks.

⁶^N^a^tiona^{l C}^o^m^m^is^sⁱ^{on on T}^e^r^r^o^rⁱ^s^t^A^tta^ck^s^U^{pon t}^h^e^Uⁿ^ite^d^Sta^t^e^s^,^The^9/1¹^C^o^m^mⁱ^s^sⁱ^{on Re}^por^t^{, p}^.³⁹^1.
⁷^A^t^pr^e^s^eⁿ^{t, the}^c^o^ng^r^e^s^sⁱ^ona^{l c}^o^m^m^itte^e^s^ha^vⁱ^ng^pr^im^a^r^y^jurⁱ^s^d^ic^tion^ov^e^r^the^D^e^pa^r^t^m^e^{nt of}^H^o^m^e^la^{nd Se}^c^u^rⁱ^ty^a^r^e
^the^H^ous^e^C^o^m^m^itte^e^{on H}^o^m^e^land^Se^c^u^r^ity^a^{nd the}^Se^na^te^C^o^m^m^itte^e^{on H}^o^m^e^la^{nd Se}^c^u^r^ity^a^{nd G}^o^v^e^rⁿ^m^e^nta^l
^Aff^a^irs.

However, in June 2006, President Bush issued policy guidance directing the DHS to establish and
implement a national strategy for aviation security and a series of supporting plans for ⁸
implementing this strategy. Unlike prior strategies and plans that had either been too broad in
scope to provide detailed information regarding aviation-specific security strategies or were
limited in distribution, the policy, strategy, and supporting plans developed under this Presidential
directive have been made available to the public, thus offering insight into the strategic direction
and approach to aviation security being pursued by the DHS in coordination with other federal
agencies. These documents are also much more comprehensive in their consideration of security
in the aviation domain compared to prior strategy documents and therefore provide a more
thorough picture of U.S. policy and strategy for mitigating threats involving aviation. This report
examines the current National Aviation Security Policy, the National Strategy for Aviation
Security, and formal mode-specific plans developed for implementing this strategic approach.
This report also identifies and discusses some overarching considerations for congressional
oversight and possible legislative action regarding the U.S. policy and strategy for securing the
aviation domain.

The National Aviation Security Policy represents the overarching aviation-specific components of
The National Strategy for Homeland Security. That strategy specifies that the Department of
Homeland Security (DHS) will serve as the focal entity for managing and coordinating border
and transportation security initiatives “... to prevent the entry of terrorists and the instruments of
terror, while facilitating the legal flow of people, goods, and services on which our economy ⁹
depends.” The policy, however, addresses a broader spectrum of threats to the air domain that
include not only specific threats to the homeland, but also threats to national security interests
both within the United States and abroad. Therefore, in addition to the overall responsibility for
homeland security and aviation security for which the DHS and the TSA are directly responsible,
the National Aviation Security Policy also involves matters concerning the Department of
Defense, the Department of State, the Department of Justice, and a variety of other federal, state,
and local agencies and private entities, and relies on close coordination with and continued
cooperation from other nations.
On June 20, 2006, President Bush issued Homeland Security Presidential Directive 16 (HSPD-

16/ National Security Presidential Directive 47 (NSPD-47)) establishing new U.S. policy,

guidelines, and implementation of actions to address threats to the air domain. The document
broadly defines the air domain as the global airspace and all aircraft operating within that airspace
including both manned and unmanned vehicles, as well as all people and goods being transported
by such aircraft, and all supporting aviation infrastructure.
The policy objectives set forth in HSPD-16 endeavor to prevent terrorist acts and other hostile
actions either directed at or exploiting elements of the aviation domain while also minimizing the
impact on air commerce and fostering the economic growth and stability of the aviation industry.
The statement of policy notes that:

⁸^P^r^esi^d^en^t^G^e^o^r^{ge W}^.^Bu^sh^,^Na^tⁱ^on^a^l^S^ecu^ri^t^y^P^r^esi^d^en^tⁱ^a^l^Di^rectⁱ^ve/^NS^P^D^-4^7,^Ho^mel^aⁿ^d^S^ecu^ri^t^y^P^r^esi^d^en^tⁱ^a^l
^Di^rectⁱ^ve/^HS^P^D^-1⁶^,^Su^bj^ect^{: A}^vⁱ^a^tⁱ^oⁿ^S^ecu^ri^t^y^P^o^lⁱ^cy^{, W}^a^s^h^ing^t^oⁿ^{, D}^C^{: T}^h^e^W^h^ite^H^o^us^e^,^J^une²⁰^{, 20}⁰⁶^.
⁹^W^h^ite^House^Of^fⁱ^c^e^of^Ho^m^e^laⁿ^d^Se^c^u^rity^,^Nati^on^{al S}^t^rate^gy^f^o^r^Av^iatioⁿ^Se^c^u^rity^{, J}^u^ly²⁰^02,^p.²²^.

^[^t^]^h^e^Uⁿⁱ^t^e^d^S^t^a^t^e^s^m^u^s^t^c^oⁿ^tⁱⁿ^u^e^t^o^u^s^e^t^h^e^f^u^l^l^r^aⁿ^g^e^o^fⁱ^t^s^a^s^s^e^t^s^aⁿ^d^c^a^p^a^bⁱ^lities^to^p^r^ev^en^t
^th^e^Aⁱ^r^Do^m^aⁱⁿ^f^r^o^m^b^eⁱⁿ^g^u^s^ed^b^y^ter^r^o^r^{ists, cr}ⁱ^mⁱⁿ^al^{s, a}ⁿ^d^o^t^h^e^r^h^o^s^tile^states^to^co^m^mⁱ^t
^{acts o}^f^ter^r^o^rⁱ^s^m^aⁿ^d^o^t^h^e^r^uⁿ^la^w^f^u^l^o^r^h^o^s^{tile act}^{s ag}^aⁱⁿ^s^t^th^{e U}ⁿ^ited^Sta^t^{es, it}^{s p}^e^o^p^l^e,
^property^,^territory^,^an^{d all}ⁱ^es^aⁿ^{d f}^r^ieⁿ^d^s^,^all^w^h^ile^mⁱⁿⁱ^mⁱ^ziⁿ^g^th^eⁱ^m^pact^on^t^h^e^Av^iatⁱ^on
^T^r^an^sp^o^r^tatioⁿ^Sy^ste^m^aⁿ^d^coⁿ^tⁱⁿ^uⁱⁿ^g^to^f^acilita^{te th}^e^f^r^{ee f}^l^o^w^an^d^g^r^o^w^t^h^o^f^tr^ad^{e an}^d
^co^m^m^e^r^{ce i}ⁿ^th^e^Aⁱ^r^Do^m^aⁱⁿ^.^T^h^{ese ef}^f^o^r^t^{s ar}^{e cr}^{itical to}^th^e^g^l^o^b^a^{l stab}^ilit^y^aⁿ^d^ecoⁿ^o^mⁱ^c¹⁰
^g^r^o^w^t^h^aⁿ^d^ar^{e v}^{ital to}^th^{e i}ⁿ^te^r^e^{sts o}^f^t^h^{e Un}^ited^States.
The stated policy specifies that the United States, in cooperation with international partners, will
take all necessary and appropriate actions, consistent with applicable laws, statutes, and
international agreements, to enhance the security and protect the United States and U.S. interests
in the air domain. The implementation of this policy is to be consistent with a risk-based
prioritization of aviation security strategies and tactics. Activities to support this policy objective
specifically cited in this directive include
• protecting critical transportation networks and infrastructure from terrorist
attacks and other hostile, criminal, and unlawful acts and reducing the
vulnerability of the air domain to these types of possible attacks or exploitation;
• improving situational awareness of security issues affecting the air domain and
facilitating and enhancing information sharing to improve detection of threats
and appropriate responsive actions;
• ensuring seamless, coordinated efforts relating to aviation security among
federal, state, tribal, and local agencies and authorities;
• enhancing the resilience of the air transportation system to a terrorist attack,
including the capability to rapidly recover from such an attack and minimize
impacts on economic, transportation, social, and governmental systems;
• countering the proliferation of standoff weapons, such as shoulder-fired missiles,
that pose significant risks to both civilian and military users of the air domain by
terrorists, criminals, and other hostile groups and individuals; and
• enhancing international relationships and promoting the integration of other
nations and private sector partners in an improved global aviation security
framework.
Implementation of this policy is to be coordinated through the President’s Homeland Security
Council (HSC) Border and Transportation Security Policy Coordination Committee (BTS PCC).
The policy established a requirement for the Secretary of Homeland Security to develop an
overarching national strategy for aviation security and supporting plans to carry out this strategy.

HSPD-16 directed the Department of Homeland Security to implement this policy through the
creation of an overarching national strategy for aviation security. The directive explicitly called
for the development of a national strategy for aviation security that is adaptive to changing threat

¹⁰^P^r^esi^d^en^t^G^e^o^r^{ge W}^.^Bu^sh^,^Na^tⁱ^on^a^l^S^ecu^ri^t^y^P^r^esi^d^en^tⁱ^a^l^Di^rectⁱ^ve/^NS^P^D^-4^7,^Ho^mel^aⁿ^d^S^ecu^ri^t^y^P^r^esi^d^en^tⁱ^a^l
^Di^rectⁱ^ve/^HS^P^D^-1⁶^,^Su^bj^ect^{: A}^vⁱ^a^tⁱ^oⁿ^S^ecu^ri^t^y^P^o^lⁱ^cy^{, W}^a^s^h^ing^t^oⁿ^{, D}^C^{: T}^h^e^W^h^ite^H^o^us^e^,^J^une²⁰^{, 20}⁰⁶^{, p}^.³^.

levels and types of threats, and it is rooted in a risk-based, multi-disciplinary, and global approach
to aviation security. The directive required that the national strategy, along with its supporting
plans, include, at a minimum, risk-based approaches to address the following threats:
• attacks using aircraft against ground-based targets, including possible attacks
using aircraft to deliver or transport chemical, biological, radiological, nuclear, or
explosive (CBRNE) weapons;
• attacks using stand-off weapons, such as shoulder-fired missiles or other man-
portable air defense systems (MANPADS);
• attacks using on-board explosive devices and other conventional and non-
conventional weapons to directly target aircraft;
• hijackings and air piracy; and
• physical attacks or cyber-attacks on aviation critical infrastructure and facilities,
such as air traffic control facilities and networks and navigation systems.
The directive also identifies several specific action items to be addressed in supporting mode-
specific plans to implement the national strategy for aviation security. The required plans include
• the Aviation Transportation System Security Plan;
• the Aviation Operational Threat Response Plan;
• the Aviation Transportation System Recovery Plan;
• the Air Domain Surveillance and Intelligence Integration Plan;
• the International Aviation Threat Reduction Plan;
• the Domestic Outreach Plan; and
• the International Outreach Plan.
The National Strategy for Aviation Security, along with several of these supporting plans (except
for the Aviation Transportation System Recovery Plan which is still undergoing internal review
within DHS and the International Aviation Threat Reduction Plan), was publically released on
March 26, 2007.
The National Strategy for Aviation Security identifies three origins or sources of threats to the air
domain: terrorist groups, hostile nation-states, and criminals. The strategy document points out
that while physical attacks from terrorist groups pose the most prominent threat, terrorists may
also use criminal tactics to move operatives, weapons, explosives or possibly weapons of mass
destruction (WMDs) through the aviation system. The strategy notes that “[s]uch threats are
particularly worrisome in areas of the world where governments are weak or provide safe haven ¹¹
to terrorists.” Further, hostile-nation states may directly sponsor international terrorism directed
against aviation by providing funding, training, weapons, explosives, supplies, and other material
support to carry out attacks against the air domain. Also, the presence of criminal elements with

¹¹^U^.^{S. D}^e^pa^r^t^m^e^{nt of}^H^o^m^e^la^{nd Se}^c^u^r^ity^,^The^Natio^nal^Str^a^te^gy^f^o^{r Av}^iati^on^Se^c^u^rity^,^M^a^r^c^{h 26}^,²⁰⁰⁷^,^p.^9.

extensive knowledge of the aviation sector, both within the United States and in foreign countries,
pose a persistent threat to aviation and could provide potentially violent domestic groups or
international terrorists with specific capabilities to exploit weaknesses in aviation security.
Therefore, these three threat origins or sources cannot be viewed as being mutually exclusive, as
they may combine in various forms to carry out attacks either directly against aviation assets or
by exploiting elements of the air domain to prepare for or carry out attacks against the homeland
or U.S. interests abroad.
The strategy document defines three primary categories of threats against the aviation domain
based on the target of the threat. These consist of: threats involving aircraft; threats to aviation
infrastructure; and threats involving hostile exploitation of air cargo. A variety of tactics may be
used to attack these targets, including hijackings, bombings, shootings, and criminal tactics such
as smuggling of persons and weapons. A synopsis of the relationships between threat origins or
sources, aviation targets, and tactics for attacking these aviation targets is presented in Figure 1.
Figure 1. Aviation Security Threat Sources, Tactics, and Targets
^T^h^{reat S}^ources^T^a^rgets^Tactics
^Aⁱ^rcra^f^t
^Lar^{ge Pas}^s^enger^Air^c^r^a^ft^H^o^s^t^ile
^Hijackings^Natⁱ^on^-
^S^t^ates^{Large A}^l^l^-^C^a^rg^o^Aⁱ^rcra^f^t
^Bom^b^ings^{Small Air}^c^r^a^ft
^Noⁿ^-^T^r^{aditional Air}^c^r^a^ft
^Te^rroris^t^s^S^hooti^ngs
^Aviatⁱ^{on T}^r^anspor^t^a^tⁱ^on
^S^{ystem Infrastructure}
^Smuggling/
^Conveyance
^Crimin^a^l^E^x^{ploitation of A}ⁱ^{r C}^a^rgo
^E^l^ement^s^{Cargo Crimes}
^(Contraband,
^Th^e^{ft, E}^t^c.)
^Source:^{CRS analysis of}^{The National Strategy for Avi}^{ation Securit}^y,^Department^{of Homeland Securit}^{y, March}^26,
²⁰⁰^7.
Aircraft threats may be directed at aircraft or may involve the use of aircraft to attack other
targets, as was the case in the terrorist attacks of September 11, 2001. The strategy document
notes that large passenger aircraft have historically been at the greatest risk from terrorist attacks,
including both hijackings and bombings, because terrorists have perceived that attacks against
such aircraft have significant potential to cause catastrophic damage and mass casualties and
disrupt the aviation system. The document, however, notes that terrorists may also seek to attack
all-cargo aircraft, especially large all-cargo aircraft which are considered attractive as weapons to
attack ground-based targets in 9/11-style attacks. All-cargo aircraft, and the air cargo system in
general, may also be attractive to terrorists or criminals as a means of conveyance for weapons,
explosives, or other supplies. The strategy considers large transport aircraft, both passenger
airliners and to a lesser extent all-cargo aircraft, to be at risk from possible attacks using shoulder-
fired guided missiles or other standoff weapons.

The strategy also indicates that small aircraft face both the threat of direct attack as well as the
threat that they may be used as weapons to attack ground-targets. While the strategy notes that
small aircraft appear to be relatively unattractive targets for attacks by themselves because they
carry few passengers, it cautions that terrorists may use a wide variety of small aircraft, such as
business jets and helicopters, to destroy ground-targets, especially critical assets and
infrastructure. The most formidable threat comes from the potential use of small aircraft to either
transport or deliver a WMD payload. The strategy also notes that small aircraft are also used by
transnational criminal elements to carry out illegal activities, such as drugs and weapons
smuggling, and pose a considerable challenge for border protection.
Finally, the strategy recognizes that non-traditional aircraft, such as unmanned aircraft, ultra-
lights, and aerial-application aircraft (i.e., crop dusters), may be used as either weapons or means
of conveyance for WMDs. The strategy states that terrorists may employ such aircraft for
missions that are limited in range, require limited accuracy, and have a specific and small target.
For example, crop dusting aircraft have been regarded as a potential threat for dispersing a
chemical or biological agent. The strategy notes that such tactics deserve very close monitoring.
The strategy also briefly notes the potential threat to the air domain posed by hostile nation-states
from military aircraft and missiles. However, these threats are mainly a concern for national
defense and the Department of Defense (DoD), rather than a focus for homeland security, and
thus have not been a major focus of the aviation security strategy and its supporting plans. This
threat is, therefore, not further considered in this discussion.
The strategy maintains that reported threats to aviation infrastructure, including airports and air
navigation facilities are relatively few. The strategy notes that air navigation facilities, in
particular, have a low public profile and are resilient to attack due to a robust multilayered design
that can be quickly reconstituted thus limiting psychological and economic impacts stemming
from an attack. The strategy, however, notes that there is a wide variety of potential threats to
aviation infrastructure. The strategy notes in particular the potential threat to concentrations of
individuals at major airport passenger terminals. Terrorists may attack passenger terminal
buildings with explosives, as was attempted at Glasgow International Airport, Scotland in June ¹²

2007 and in several other historical incidents.

The strategy concludes that attacks against other facets of aviation infrastructure, such as general
aviation airports and air cargo handling areas, are less likely to materialize, largely because
attacks against these facilities would generally not offer the opportunity to target large numbers of
people and would therefore have a more limited psychological impact. The strategy, however,
was released a few months before U.S. law enforcement authorities arrested members of a
suspected homegrown terrorist cell who were plotting to bomb jet fuel storage tanks at New
York’s John F. Kennedy International Airport (JFK) and the network of jet fuel distribution
pipelines in the New York City area. While the actual vulnerability of this infrastructure to such
an attack remains debatable, the plot highlighted the possibility that aviation jet fuel storage
facilities and distribution systems at major U.S. airports may be at risk. While the sophistication

¹²^Se^e^A^r^ie^{l Me}^ra^{ri, “}^A^tta^c^k^{s on Ci}^v^{il Av}^ia^{tion: T}^r^e^{nds a}ⁿ^{d L}^e^s^s^ons^,”ⁱⁿ^P^a^u^l^W^ilk^ins^oⁿ^a^{nd B}^r^ia^{n M}^.^J^e^nk^ins⁽^E^ds^.)^,
^Avia^tion^T^e^rro^rism^aⁿ^d^S^ecu^rity^,^P^o^r^t^l^a^nd^,^OR^{: F}^r^an^{k C}^a^ss,¹⁹⁹⁹^,^f^o^r^an^o^v^er^vi^e^w^o^f^hⁱ^st^o^rⁱ^calⁱⁿ^ci^den^t^s.

of this particular plot has been questioned,¹³ in general, the potential threat to fuel farms and
pipelines and other critical aviation infrastructure—where an attack could have a dramatic effect
capturing public attention and potentially disrupting the aviation system on a large scale—may
deserve further attention from policy makers and aviation security strategists.
The strategy recognizes that the large scale, diversity, and complexity of the air cargo industry
makes it potentially vulnerable to exploitation by terrorists. The strategy, however, concludes that
post-9/11 actions to enhance air cargo security have been effective in reducing the threat of
stowaways aboard air freighters that could carry out a 9/11-style suicide hijacking and the threat
of explosives. Nonetheless, the strategy recognizes that the enhanced regulatory framework for ¹⁴
air cargo security is not immune to exploitation, and the air cargo system, in general, has been
exploited for years by criminal elements. In addition to possible threats to all-cargo aircraft noted
above, the threat of terrorist infiltration of air cargo handling operations and facilities remains a
threat that could lead to exploitation of the air cargo system as a means of conveyance for
terrorist operatives, and conventional weapons, WMDs, explosives, weapon components, and
other terrorist items. While not discussed specifically by the strategy, it should be noted that all
sorts of criminal activities, possibly including cargo-related crimes in the aviation domain, could
provide revenue sources to support terrorist organizations.
The U.S. National Strategy for Aviation Security is predicated on a risk-based, multi-disciplinary,
and global approach to ensure that resources allocated at the federal, state, and local levels and by
private sector aviation interests provide the greatest potential to detect, deter, and prevent attacks
against aviation and mitigate the consequences if an attack does occur. This risk-based approach
or methodology is described in detail in the National Infrastructure Protection Plan (NIPP) and
the NIPP Transportation Sector Specific Plan (TSSP) which were made available to the public in ¹⁵
May 2007. In general, the NIPP serves to define the unifying structure through a common
framework for identifying critical assets, conducting risk assessments, and developing and ¹⁶
implementing risk reduction and mitigation initiatives based on the results of these assessments.
The TSSP applies this risk-based framework across the entire transportation sector, including the
aviation domain.
The system-based risk-management framework outlined in the TSSP describes risk as a function
of threat, vulnerability, and potential consequences, and it analyses security risk by taking into
account all three of these factors. The transportation sector approach to risk management adheres
to an underlying vision for risk-based decision making that seeks to establish a balance between
security and freedom. The goals outlined in the TSSP include

¹³^S^{ee esp}^eci^al^l^y^,^Bru^{ce S}^c^hⁿ^eⁱ^e^r,^“^P^o^r^t^r^ai^t^o^f^t^h^{e M}^o^d^e^rn^T^e^rro^ri^st^a^s^an^Idⁱ^o^t^,^”^Wi^red^{, J}^une^14,²⁰⁰⁷^.
¹⁴^Se^e⁷¹^FR³⁰⁵¹⁰^e^t^s^e^q.,^Ma^y^{26, 20}⁰⁶^.
¹⁵^D^e^pa^r^t^m^e^{nt of}^H^o^m^e^la^{nd Se}^c^u^rⁱ^t^y^,^Transporta^tio^{n Sy}^ste^m^{s: Cr}^itic^{al In}^frastruc^t^u^re^an^{d Ke}^y^Re^sour^c^e^s^Se^c^t^or-
^Spe^c^ific^Pl^an^{As In}^put^to^the^N^a^ti^ona^{l In}^frastruc^t^u^re^Prote^c^tio^{n Pl}^an^,^Ma^y^2007:^A^r^ling^t^on,^VA^.
¹⁶^For^f^u^r^t^he^r^dis^c^us^sⁱ^oⁿ^of^the^N^I^{PP a}^{nd g}^e^ne^r^a^{l r}ⁱ^s^k^m^a^na^g^e^m^e^{nt s}^t^r^a^te^gⁱ^e^s^f^o^r^c^r^itic^a^l^inf^r^a^s^tr^uc^tur^e^pr^ote^c^tio^{n, s}^e^e
^C^R^S^R^e^por^t^R^L³²⁵^61,^Risk^M^aⁿ^age^me^nt^an^{d Critic}^a^l^Infr^astruc^tu^re^Pr^ote^c^tion:^Asse^{ssing, I}ⁿ^te^gra^t^ing,^a^{nd M}^a^na^gi^ng
^Thre^{ats, V}^u^lⁿ^e^r^abil^itie^{s a}^{nd C}^ons^e^que^nc^e^s^{, by}^J^{ohn D}^.^M^o^te^f^f^.

• preventing and deterring terrorist acts against transportation systems;
• enhancing the resilience (i.e., the ability to absorb damage without catastrophic
failure) of the U.S. transportation system; and
• improving the cost-effective use of resources allocated to transportation security.
The risk-based methodology seeks to achieve these three overarching goals by prioritizing
resources based on risk. This approach seeks to involve extensive participation from global, state
and local, and private sector entities with specific domain expertise. It also is intended to rely on
inputs from the intelligence community, expert judgment, and futures analysis related to the
impact or consequences of various threat scenarios.
A wide variety of risk-based transportation sector security assessment tools have been developed
to assist security strategists and planners. These consist of self-assessment tools and government
site evaluations, reviews, and analytic tools examining either risk as a whole, or specific risk
subcomponents including threat, vulnerability, and consequence. Some specific tools being
implemented to assess risk in the aviation domain include government facilitated site assistance
visits and comprehensive reviews, web-based Vulnerability Identification Self Assessment Tool
(VISAT) modules for airports that are currently under development, and the FAA’s Information
Systems Security Program (ISSP) for air traffic control systems and related functions.
Communication and dissemination of this information to sector stakeholders is seen as a critical
component of the risk-based strategy.
Relying on the risk-based approach, the National Strategy for Aviation Security identifies five
strategic objectives to guide aviation security activities. These include
• deterring and preventing terrorist attacks and criminal or hostile acts in the air
domain;
• protecting the homeland and United States interests in the air domain;
• mitigating damage and expediting recovery if an attack against aviation occurs;
• minimizing the impact of an attack on the aviation system and the broader U.S.
economy; and
• actively engaging domestic and international partners.
According to the strategy for aviation security, terrorist attacks will be deterred and prevented by
maximizing shared awareness of domestic and international airspace, aviation infrastructure, and
individuals having access to the aviation system. Therefore, the strategy seeks to establish a
system of protection that considers not only individual elements of the aviation system, but also
their connections and interdependencies.
While the principal goals of the strategy are to deter and prevent attacks, the strategy also seeks to
prepare for, and have in place, contingencies for mitigating damage and expediting recovery. The
strategy identifies a need for diverse and flexible response options, for example, allowing for the
selective restriction or suspension of air traffic on local or regional levels as necessary and
providing decision makers with tools and resources to effectively close and reconstitute the
aviation system and take other appropriate steps to prevent further attack. In general, the strategy

seeks an overall approach to implementing security measures whose normal operations will
minimize impacts on the flow of goods and people through the air transportation system while at
the same time providing a high level of protection tailored to the unique needs of the aviation
sector.
The complexity and scope of the global aviation transportation systems requires cooperation
among federal, state, and local government entities, international agreements and cooperation,
and the participation of various industry and other private sector stakeholders to prevent, respond
to, and recover from possible attacks involving aviation assets. The leading and supporting roles
and responsibilities of these various entities are guided by existing laws and regulations
particularly those regarding the authority to act, desired outcomes or objectives, and the
availability of assets and capabilities to address aviation security needs or requirements.
At the highest levels of federal government (i.e., among cabinet-level leadership), the Secretary
of Homeland Security has responsibility for coordinating national aviation security programs. In
general, responsibilities of the Department of Homeland Security (DHS) include risk analysis and
reviews of aviation security programs; coordination of aviation security law enforcement
operations; border protection including monitoring of cross-border aviation operations and
inspections and controls at all ports of entry including airports; coordinating efforts to assess and
prioritize security measures for critical infrastructure and key resources (CI/KR); developing
security technologies to protect against threats to aviation security such as explosives, carry-on
weapons, and shoulder-fired missiles; coordination of aviation security measures and incident
response; and information sharing to support and improve the global aviation security network.
Within the DHS, the TSA has the statutory responsibility for security across all modes of
transportation, including aviation where it has extensive operational responsibility for passenger
airline security as well as strategic planning and regulatory responsibilities for all other aspects of
security. The TSA collaborates with Department of Transportation (DOT) entities, and in
particular the Federal Aviation Administration (FAA), on transportation and aviation
infrastructure protection and security issues. The TSA administers a variety of programs to
support aviation security, including the National Explosives Detection Canine Team program,
which trains and deploys canine teams for explosives detection in aviation and other
transportation modes; the Federal Flight Deck Officers Program which trains and deputizes armed
pilots to defend commercial airliner flight decks from hostile actions; checkpoint and baggage
screening carried out by TSA-employed Transportation Security Officers (TSOs); the use of
aviation security inspectors to ensure regulatory compliance among aviation operators and related
industries; Federal Air Marshals (FAMS), and the explosives operations division to respond to
potential explosives threats. Additionally, the TSA maintains an intelligence function to
coordinate and provide notice regarding threats to transportation, vetting passengers and aircrews,
foreign students seeking flight training in the United States, airport workers, and other
populations that may pose a threat to aviation or transportation security. During a national
emergency, the TSA has the responsibility of coordinating transportation security-related
responsibilities and activities of other departments and agencies in all modes, including aviation.
The TSA Office of Intelligence (OI) plays a central role in the transportation threat assessment
process. It is the only federal entity focused solely on transportation and aviation security threat
assessment. As such, it has developed a wide range of threat assessment products, based on
analysis of intelligence information provided by the National Counterterrorism Center (NCTC)

and other components of the intelligence community. These include a transportation intelligence
gazette; comprehensive transportation-related threat assessments; annual modal threat
assessments for all transportation modes including aviation; special threat assessments of specific
events; weekly intelligence reports; suspicious incident reports; intelligence notes on
transportation-related terrorist trends, incidents, and tactics; and transportation situational
awareness notes on notable transportation-related terrorist information.
While the TSA has broad authority and responsibility for both domestic and international aviation
and other transportation modes, Customs and Border Protection (CBP) has a specific primary
mission of preventing terrorists and terrorist weapons from entering the United States. CBP also
provides radar tracking and monitoring to support the FAA and the Department of Defense in
protecting airspace around Washington, DC and throughout the continental United States. The
United States Coast Guard (USCG) conducts aviation operations for national defense, law
enforcement, and national security, including the specific mission of providing aerial patrols and
aircraft interdiction in the National Capital Region around Washington, DC. The Department of
Defense (DoD) is, however, ultimately responsible for deterring, defending against, and if
necessary, defeating aviation threats within the United States and to U.S. interests globally. To
meet this mission, the DoD operates as part of the North American Aerospace Defense Command
(NORAD) to monitor, deter, and detect potentially hostile actions. The DoD also maintains a
capability to respond to aerial threats by keeping significant numbers of fighter aircraft on alert,
carrying out airborne fighter patrols over the homeland, and deploying ground-based missile
defense systems around Washington, DC and other areas as warranted.
Whereas the DoD has responsibility for airborne threats, potential criminal and terror threats to
aviation by individuals or groups of individuals is primarily the responsibility of the law
enforcement arm of the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI).
The FBI’s Civil Aviation Security Program (CASP) and counterterrorism units have been
involved extensively in efforts to uncover and prevent terrorist operations to attack or exploit civil
aviation in the United States. The FBI has deployed over 500 airport liaison agents (ALAs) to
about 450 airports with commercial passenger service to respond to aviation-related incidents and
threats and participate in vulnerability assessments and planning at the airport level of analysis.
There are a myriad of other agencies and organizations that play important roles in operational
aviation security. The DHS Science and Technology (S&T) Directorate maintains research and
development programs to enhance aviation security, especially to address explosives threats and
threats to aircraft from shoulder-fired missiles. Additionally, the multi-agency Joint Planning and
Development Office (JPDO) has responsibility for designing and overseeing the implementation
of the future air transportation system, including its security components. However, the degree to
which the JPDO plans for future aviation security systems are integrated with DHS aviation
security technology initiatives has not been fully assessed at this point.
In addition to these efforts, the Department of State has overall responsibility for outreach and
coordination with foreign governments to enhance cooperation in improving aviation security.
Ongoing State Department efforts includes initiatives to improve data sharing for advance
passenger prescreening, and programs to reduce stockpiles of standoff weapons, including
shoulder-fired missiles, which pose a threat to civil aircraft. Also, the Department of Commerce
plays a role in international trade negotiations and by developing U.S. policy and regulation
regarding aviation trade an security issues, while the DOT, in coordination with the Department
of State, negotiates international agreements regarding airline and other commercial aviation
activities. Additionally, the intelligence community, coordinated through the Office of the

Director of National Intelligence (ODNI) plays an important role in assimilating and assessing
intelligence—collected through signals interception (SIGINT), imagery (IMGINT), and human
collection (HUMINT)—on threats exploiting aviation security measures. Additionally, other DHS
components, including the Federal Emergency Management Agency (FEMA), the Domestic
Nuclear Detection Office (DNDO), and the Office of Infrastructure Protection (OIP) have various
responsibilities related to infrastructure protection and critical incident response in the aviation
domain. Also, the Department of Energy provides scientific and technical expertise regarding
nuclear weapons, radiation detection capabilities at airports to detect possible nuclear weapons or
radiological materials, and coordinating response to any radiological contamination resulting
from a possible nuclear or radiological attack.
In addition to the federal role, a variety of industry advisory groups have been established to
provide insight and recommendations for guiding transportation security policy and practice.
Most notably, the Aviation Security Advisory Committee (ASAC) exists to support the TSA by
providing advice and developing recommendations for improving aviation security methods,
equipment, and procedures. The ASAC has been in existence since before September 11, 2001,
and advised the FAA on aviation security matters; it has continued in this role, now supporting
the TSA in its role as the lead federal agency for aviation security issues. Also, the National
Research Council (NRC) and the Transportation Research Board (TRB), components of the
National Academies, provide venues for information sharing and analysis of transportation
security policies and practices among researchers, practitioners, and other subject matter experts.
Additionally, airports, airlines, and other aviation industry stakeholders as well as state and local
security and law enforcement entities play an important role in shaping and carrying out the
national aviation security policy and strategy, largely by working in cooperation and coordination
with the TSA to design and execute aviation mode-specific security plans.

The DHS had developed a suite of aviation mode-specific plans that serve as a general framework
for implementing the national strategy for aviation security under normal operating conditions, in
response to an eminent threat or ongoing terrorist attack involving the aviation domain, and
during recovery and reconstitution of aviation system functions and services following a potential ¹⁷
attack. Specifically, the Aviation Transportation System Security Plan most directly addresses
the day-to-day security measures and programs to reduce the vulnerability of the air
transportation system to terrorist actions or other criminal acts. This plan is augmented by the Air
Domain Surveillance and Intelligence Integration Plan which coordinates intelligence gathering,
analysis, and dissemination within the air domain. In addition, the International Aviation Threat
Reduction Plan and the International Outreach Plan provide a framework for working with other
nations to improve the global aviation security network with an emphasis on outreach to promote
the implementation of effective security practices worldwide.
Upon recognition that a terrorist or criminal attack targeting or exploiting aviation assets was
taking place, the Aviation Operational Threat Response Plan would be activated. This plan
considers specific actions and concepts of operations for mitigating the consequences of a broad
array of attack scenarios. This plan is augmented by the Domestic Outreach Plan which considers

¹⁷^T^h^e^supp^orti^ng^plaⁿ^{s, a}^l^ong^w^ith^the^Na^tio^na^{l Stra}^te^g^y^f^o^{r Av}^ia^{tion Se}^c^u^rity^{, c}^aⁿ^be^vⁱ^e^w^e^d^a^t^http:/^/www^.dhs.g^ov^/
^x^p^r^e^v^p^r^o^t/^law^s^/^g^c^_117³¹¹³⁴⁹⁷⁶^03.s^h^tm^.

the involvement and coordination of state, local, and tribal government resources and private
sector entities in responding to such an event, focusing most specifically on strategies for incident
communications as well as the dissemination of threat information during routine operations. An
Aviation Transportation System Recovery Plan is also being developed by the DHS to facilitate
rapid recovery following a possible terrorist attack or similar disruption to the air transportation
system. The goal of the recovery plan is to mitigate the operational and economic impacts of such
events on the aviation system.

While the above discussed national policy and strategy for aviation security and the supporting
mode specific plans provide an important framework for structuring aviation security measures in
the United States, these documents themselves can appropriately be viewed with a critical eye to
identify any potential shortcomings in underlying assumptions and approaches. In the process of
congressional oversight and legislative debate, specific questions regarding aviation security
policy and strategic approaches may arise. Some possible issues that may arise as the result of
oversight or legislative debate may include
• the validity of underlying risk assumptions made in developing the aviation
security policy, national strategy, and mode-specific plans;
• the adequacy of considerations regarding the sustainability of the aviation
security system and its various components;
• whether the policy and strategy are forward-looking, or rather, do they perpetuate
a reactive approach to security planning in the aviation domain;
• the extent to which the policy and strategy provide a comprehensive framework
for developing and maintaining a robust aviation security system; and
• the extent to which objectives and approaches outlined in the national strategy
align with budgetary processes and resource availability to ensure that strategic
objectives can be adequately met.
These possible issues are discussed in further depth below.
Determining the validity of the various risk models and assumptions that have been used to set
aviation security policy and strategy is a difficult task. These risk determinations have largely
arisen from restricted access intelligence information and other limited distribution sources, thus
constraining the ability to engage in open public discourse on the validity of their underlying
evidence and assumptions. Nonetheless, some critics have argued that these risk assumptions and
resulting policy and strategic decisions may be based on inaccurate and incomplete analysis. For
example, some have noted that federal intelligence and security agencies are “inexperienced with ¹⁸
and uninterested in statistics.” This has led some to argue that the use of statistical techniques to
study terrorism data is sorely needed, although it has been questioned whether the federal

¹⁸^Za^c^k^P^h^illi^{ps, “}^A^Fe^e^l^f^o^{r Num}^b^e^r^s,”^Go^vern^m^en^t^E^xecu^tⁱ^ve,^O^c^tobe^r^1,²⁰⁰⁷^{, p}^.⁵²^.

government has necessary capability and expertise to assess the reliability of available data, and ¹⁹
use reliable methods to perform statistical analyses. Instead, some have argued that “security
agencies seem to advance policies without any empirical basis”, relying instead on anecdotal ²⁰
evidence, political pressures, or “gut feelings.” Such a basis for setting policy and establishing
strategies for homeland security and aviation security can result in inappropriate estimates of
risk—overstating the risk of certain scenarios while underestimating the risk of others. While it
appears that efforts are being made to better document global terrorism incidents and perform
statistical analyses to identify risk trends, more comprehensive efforts to look specifically at risks
to the aviation domain may be needed to provide better guidance for developing and refining
aviation security policies and strategies. Congress may specifically examine DHS efforts to
employ reliable statistical tools and techniques to validate underlying risk assumptions cited as
the justification for pursuing certain courses of action to implement aviation security policies and
strategies.
Congress has relied heavily on the findings and recommendations of the 9/11 Commission in
setting legislative priorities. The 9/11 Commission recommendations provided a framework for ^th
consideration of legislation enacted in both in the 108 Congress when the Commission’s final ^th
report was first released in 2004 (see P.L. 108-458), and during the first session of the 110
Congress in 2007 (P.L. 110-53).
With regard to aviation security, both the 9/11 Commission and subsequent legislation have
emphasized policies and strategies to aggressively pursue capabilities to detect explosives on
passengers, and pursue technologies to better screen passengers and carry-on items for a broad ²¹
array of threat objects. The Intelligence Reform and Terrorism Prevention Act of 2004 (P.L.
108-458) specified that the DHS should give a high priority to checkpoint screening technologies
for detecting nonmetallic, chemical, biological, radiological, and explosives and directed the DHS
to develop a strategic plan for the deployment of explosives detection technologies at
checkpoints, such as walk-through explosive detection portals, document scanners, shoe scanners,
and backscatter x-ray scanners. The act authorized funding for the development and testing of
these various checkpoint screening technologies. However, while the TSA has also recognized the
importance of enhancing passenger screening capabilities, progress has been slow in developing
the required checkpoint screening strategy and results of using these technologies in airport
settings has been mixed, prompting Congress to include language in the Implementing the 9/11
Commission Recommendations Act of 2007 P.L. 110-53) requiring the DHS to finalize its
checkpoint screening strategic plan and begin implementing it by the summer of 2008.

¹⁹^I^b^id^{., p. 54.}
²⁰^I^b^id^{., p. 54.}
²¹^For^t^h^is^aⁿ^d^othe^r^f^o^r^m^a^l^r^e^c^o^m^m^e^nda^tions^of^the^9/¹¹^C^o^m^mⁱ^s^sⁱ^{on, s}^e^e^N^a^tio^na^{l C}^o^m^mⁱ^s^sⁱ^{on on}^T^e^r^r^o^rⁱ^s^t^A^ttac^k^s
^Up^oⁿ^t^h^{e U}ⁿⁱ^t^e^d^S^t^at^es,^The^9/^{11 C}^o^m^mⁱ^s^sⁱ^{on Re}^por^t.

Progress, however, has been slowed by technology hurdles including reliability issues with
walkthrough explosives trace detection portals deployed for field testing and the failure of shoe
explosives scanners tested on Registered Traveler program participants in Orlando, Florida to
meet minimum standards set by the TSA. The TSA has also been faced with shifting technology
strategies prompting them to pursue liquids explosives screening technologies as well. The TSA
has reported good results in evaluations of highly sensitive handheld explosives trace detection
sensors that are now being field tested for screening carry-on liquids at passenger checkpoints.
While technology testing is progressing, a clear strategic picture of how these emerging
technologies will be deployed to upgrade and enhance screening checkpoints is still needed. The
recent mandate in P.L. 110-53 to develop and implement such a strategy appears to address this
need. However, further congressional oversight of the TSA’s progress in implementing the
strategic plan for emerging checkpoint screening technologies may be scheduled to ensure that
appropriate and effective program and budgetary decisions are made to achieve strategic goals.
The 9/11 Commission emphasized the need for the federal government to take over the role of
checking passenger names to allow for thorough vetting of passengers against the comprehensive,
consolidated terrorist watchlist maintained by the federal government. While this objective has
largely been accomplished by Customs and Border Protection (CBP) for all inbound international
flights, efforts to deploy a system for federal prescreening of passengers on all domestic flights
has been repeatedly delayed amid continued controversy over privacy rights, protection of
personal data, and adequate procedures for redress when individuals are falsely denied boarding
or singled out for additional screening. While Congress has generally concurred with the 9/11
Commission’s view that comprehensive passenger prescreening against the consolidated watchlist
is needed, Congress has also been sensitive to these privacy rights, data protection, and redress
concerns, and through legislation has placed specific contingencies related to these issues on
system implementation, and has repeatedly directed the GAO to carefully scrutinize the TSA’s
progress in addressing specific requirements for full-scale system deployment. Further
congressional oversight of TSA’s progress toward implementing federally-run passenger
prescreening on domestic flights may be called for, as the strategic plan indicates that
implementation of this initiative is expected in 2008.
The 9/11 Commission also recommended that ongoing initiatives to integrate checked baggage
explosives detection systems (EDS) with airport baggage handling systems should be expedited.
Congress has placed an emphasis on funding airport projects to integrate EDS in-line with
baggage handling conveyors, establishing the Aviation Security Capital Fund for this purpose as
part of the Vision 100 – Century of Aviation Reauthorization Act (P.L. 108-176) in 2003.
Nonetheless, the GAO estimates that making the needed changes at all airports in the United
States to integrate EDS equipment will not be completed until 2024 if future funding remains ²²
consistent with historic funding levels for thee activities. In recognition of this continuing
funding need, Congress took the unusual step of including a 20-year reauthorization of funding
for in-line baggage system deployment, extending authority for the Aviation Security Capital
Fund and other funding mechanisms for in-line EDS integration through 2028, and directed the
TSA to take further steps to prioritize airport EDS integration projects as part of the
Implementing the 9/11 Commission Recommendations Act of 2007 (P.L. 110-53). Oversight of

²²^U^.^{S. G}^o^v^e^rnm^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^T^S^{A Ha}^{s S}^t^reng^t^h^en^ed^E^f^fo^{rts to Plan}^f^o^{r t}^h^{e Op}^{timal Dep}^l^o^y^men^t^o^f
^Ch^ecked^B^a^gg^ag^{e S}^c^reenⁱⁿ^g^S^y^st^{ems b}^u^t^F^u^ndⁱⁿ^g^Un^cert^aⁱⁿ^tⁱ^e^{s R}^e^maⁱⁿ^,^S^t^at^em^en^t^o^f^Cat^h^l^een^A^.^Berri^ck,^Di^rect^o^r
^Hom^e^la^{nd Se}^c^u^rity^a^{nd Justic}^e^Issue^s^{, Be}^f^o^re^the^Subc^om^m^itte^e^{on A}^v^ia^{tion, Com}^m^itte^e^{on T}^r^aⁿ^sp^orta^tio^{n a}ⁿ^d
^Iⁿ^f^r^a^s^tr^uc^tur^e^{, H}^ous^e^of^R^e^pr^e^s^eⁿ^ta^tiv^e^s^{, J}^une²⁹^{, 2}⁰⁰⁶^{, G}^A^O^-^06-^875T^.

TSA strategies and plans for funding airport projects related to EDS integration may be of long-
lasting interest for Congress given the size, scope, complexity, and cost of this initiative.
In addition, the 9/11 Commission recommended that the TSA intensify efforts to identify
suspicious cargo, and appropriately screen and track potentially dangerous cargo in aviation as
well as in maritime operations. Toward this objective, the TSA has issued regulations to increase
the security of air cargo operations and has been pursuing risk-based targeting capabilities to
identify shipments requiring additional scrutiny to direct physical screening resources toward
elevated risk cargo with some amount of random screening. Congress, however, has been pushing
the TSA toward increasing the amount of cargo destined for passenger aircraft that is screened,
and in 2007 passed legislation (see P.L. 110-53, Sec. 1602) that requires the TSA to establish a
system to screen 100% of cargo transported on passenger aircraft by the summer of 2010. Unlike
the requirement for 100% checked baggage screening which was tied to a specific technology,
namely EDS, the mandate for 100% screening of cargo placed on passenger aircraft can be met
using a variety of approaches, including x-ray systems, EDS, trace detection technologies, canine
teams, and possibly other methods for physical examination as approved by the TSA. To address
this mandate and achieve 100% screening of cargo placed on passenger airlines within the three-
year time frame set forth in the legislation, the TSA will need to move relatively swiftly in
developing and implementing a strategy for cargo screening. Given the continued congressional
interest on the issue of air cargo security, it is likely that extensive oversight of the TSA’s progress
toward meeting this mandate and effectively conducting air cargo screening operations will occur
over the next few years.
While the national strategy and mode-specific plans acknowledge and emphasize passenger
prescreening, checkpoint screening, in-line EDS integration, and cargo screening issues, the
extent to which DHS efforts on these matters align with congressional views and legislative
mandates remains a specific topic for ongoing analysis and debate.
One seemingly unavoidable reality for aviation security strategists is that continued growth in
demand for air travel and for shipping goods by air is anticipated. The FAA estimates that the
number of airline passengers will increase at an annual rate of about 3.4% domestically and about ²³
4.7% for international flights over the next twelve years. This anticipated growth could strain
passenger and baggage screening operations in the future if it is not adequately planned for.
Similarly, growth in air cargo volume is expected to increase at an average annual rate of 3.5%
domestically and by 6.7% on international routes through 2020. Strategies and initiatives to
enhance the security of air cargo operations and screen air cargo shipments must, therefore, also
consider these growth projections in carrying out policies, strategies, and plans for enhancing air
cargo security. Air traffic is also expected to increase about 3.8% with a growth of about 3.7% in
general aviation operations expected. Airspace security strategies and approaches may need to
consider this growth in flight operations in devising effective security programs and procedures
for protecting airspace over areas considered critical for national security.

²³^FA^A^g^r^o^w^{th e}^s^tim^a^t^e^s^a^r^e^ba^s^e^{d on}^da^ta^pr^ov^ide^dⁱⁿ^Fe^de^r^a^{l A}^v^ia^tⁱ^{on A}^d^mⁱ^nis^t^r^a^tion,^A^v^ia^tion^P^o^lⁱ^c^y^a^nd^P^l^aⁿ^s^,
^{FAA Ae}^rosp^ac^e^Fore^c^a^sts,^Fisc^al^Ye^{ars 2}⁰⁰⁷^-2⁰²⁰^.

It remains unclear, however, whether this anticipated growth in aviation operations is being
adequately planned for in the context of national strategies and mode-specific plans for aviation
security. The strategies indicate that they will evolve with shifting threat and vulnerability
characteristics on the basis of ongoing risk assessments. However, the degree to which the
changing nature, size, and scope of aviation and air travel is being considered in these risk
assessments remains a signficant issue for policymakers and aviation security strategists.
With regard to the sustainability of aviation security technologies, specific strategies for
maintaining deployed technologies and phasing-in next generation screening technologies have
not yet been clearly defined. While plans for enhancing aviation security under the
comprehensive Next Generation Air Transportation System (NGATS) initiative envision
extensive improvements to aviation security by 2025, the roadmap to achieving these capabilities
has not yet been fully defined. According to the future concept of operations for aviation and
airport security, significant security transformations will include
• integrated dynamic risk management solutions;
• biometric technologies for airport access controls;
• smaller footprint, multi-threat detection capabilities for screening passengers and
baggage;
• network-enabled environmental sensors to detect and warn of chemical,
biological, radiological, nuclear, and explosives (CBRNE) threats at airports;
• rapidly deployable, reconfigurable screening systems to meet temporary and
intermittent screening requirements;
• on-board aircraft safety modifications and ground-based systems and procedures
to protect flights from shoulder-fired missiles;
• network-centric information sharing capabilities for data mining and decision
support to aid security operations personnel and security analysts; and
• capabilities to allow for CBRNE screening of all air cargo items not packed in ²⁴
secured areas or securely conveyed to aircraft.
• While all of these objectives are reflected to some degree in the National Strategy
for Aviation Security and the supporting plans, Congress may have a particular
interest in how the strategic plan aligns with NGATS plans for enhancing
aviation and airport security over the next 18 to 20 years.
As previously noted, some experts have expressed concern that the DHS may be relying too
heavily on “gut feelings” and anecdotal evidence in pursuing certain courses of action reflected in
aviation policies, strategies, and plans. Similarly, some have questioned whether the DHS and the

²⁴^J^o^int^P^l^aⁿ^ning^aⁿ^{d D}^e^v^e^lopm^eⁿ^{t O}^f^fⁱ^ce^,^S^ecu^ri^t^y^Aⁿⁿ^ex,^Con^cep^t^o^f^Op^era^tⁱ^oⁿ^s^f^o^r^t^h^{e Next}^Gen^e^ra^tⁱ^oⁿ^Aⁱ^r
^Tr^ans^p^o^r^t^a^tio^{n Sy}^s^t^e^m⁽^V^e^r^sⁱ^{on 2}^.⁰⁾^{, J}^une^13,²⁰⁰⁷^.

TSA approach to aviation security has taken on too much of a reactive stance, failing to
strategically plan resource allocation based on robust and thoughtful risk analysis, instead
allowing high profile events and media reaction to potentially influence decision making.
For example, using the TSA’s response to the foiled liquid explosives plot in August 2006 by
restricting carry-on liquids, some critics have argued that the Administration is allowing single ²⁵
events and the media coverage and public attention they generate to shape policy decisions. The
TSA has defended its actions in response to the liquid explosives threat, making available to the
public documentation and demonstrations of the formidable threat posed by improvised liquid
explosive devices. However, liquid explosives have long been known by security experts to pose
a formidable threat to aircraft, yet U.S. aviation policy and strategy before this plot was
uncovered had not included any specific near-term measures to screen passengers for liquid
explosives.
Critics argue that reacting to single events is near-sighted and goes against the very purpose of
developing strategies and plans in the first place, which is to be proactive in assessing threats and
directing resources to mitigate associated risks. However, on the contrary, if strategies and
underlying plans are to be adaptive, they should be able to shift rapidly in response to changing
threat characteristics and changing threat levels. Reviewing the TSA response to the liquid
explosives plot may provide more specific insights into whether this response was a reasonable
adaptive approach to mitigate unforseen risks or a case of taking immediate, and arguably
questionable, actions in an effort to restore and maintain public confidence in aviation security. If
it is determined that the TSA’s actions in response to the liquid explosives plot represented a well
thought out example of an evolving strategy that can respond quickly and effectively to emerging
threats, then perhaps additional questions need to be asked regarding why the emerging threat of
liquid explosives was not foreseen prior to widespread public disclosure of information regarding
the failed liquid explosives plot in the United Kingdom. A more detailed examination of the
deliberations and decision-making regarding liquid explosives, both before and after receiving
knowledge of the foiled plot can perhaps provide unique insights and “lessons learned” to aid
security analysts and senior policy makers in developing strategic and tactical decision making
tools to improve upon the U.S. response to future emerging threat situations.
Critics argue that the government must replace its practices of responding to single threats with
more systematic approaches for improving homeland security. A lingering concern is that if
aviation security policies and practices, and more broadly homeland security policies and
practices, remain too reactionary, terrorists may be able to exploit this approach. Terrorist may be
able to trigger reactionary responses by providing misinformation about intended targets or attack
methods. This may lead to haphazard allocation or reallocation of resources that could be
wasteful and inefficient, and could even result in resources being moved in a manner that could
make the system more vulnerable to attack. In other words, terrorists may be able to more easily
exploit a reactionary approach to aviation security by using diversionary tactics that may increase
vulnerabilities in other areas or aspects of the air domain.

²⁵^Za^c^k^P^h^illi^{ps, “}^O^ne^{Hit W}^oⁿ^d^e^r^s,”^Go^vern^m^en^t^E^xecu^tⁱ^v^e^{, O}^c^tobe^{r 30}^{, 2}⁰⁰⁶^.

In 2004, the GAO issued recommendations regarding the desired characteristics of national ²⁶
strategies to combat terrorism. The desired elements of such strategies identified by the GAO
included
• a purpose, scope, and methodology;
• a definition of the problem and an assessment of the associated risk;
• an identification of the goals and supporting or subordinate objectives and
activities to meet these goals, and performance measure to evaluate progress
toward achieving these goals;
• an identification of resources, costs, and a risk management analysis to determine
where resources and investments should be targeted;
• a clear definition of organizational roles, responsibilities, and coordination; and
• a discussion of how a particular strategy relates to other strategies and how plans,
activities, and objectives will be integrated to meet the stated goals of the various
related strategies.
While the GAO used these criteria to evaluate various national security, homeland security,
counterterrorism, and infrastructure protection strategies that had been developed prior to 2004,
the National Strategy for Aviation Security had not been developed at that time and has not
subsequently been evaluated against these desired elements. At first glance, the aviation security
strategy appears to contain or address many of these desirable characteristics. Where the strategy
and supporting plans may be lacking, however, is in
• fully defining the methodology for evaluating risk and carrying out the strategy;
• fully documenting associated cost estimates and resource requirements;
• providing sufficient detail regarding roles, responsibility, and coordination,
particularly among non-federal entities that are expected to participate in carrying
out the various mode-specific plans; and
• clearly indicating how the various components fit into the hierarchy of national
security, homeland security, and counterterrorism strategies and plans and how
the elements of these various plans may be integrated both within and beyond the
aviation domain.

²⁶^U^.^{S. G}^o^v^e^rnm^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^C^o^m^batin^{g Te}^r^r^o^rⁱ^s^m^:^E^v^alua^tio^{n o}^f^Se^le^c^t^e^d^C^har^ac^te^rⁱ^s^tic^s^{in N}^a^tio^nal
^S^t^ra^tegⁱ^es^Rel^a^ted^to^T^e^rro^rism^,^S^t^at^emen^t^o^f^Ran^d^a^l^l^A^.^Yi^m^,^Di^rect^o^r^,^Ho^m^e^l^aⁿ^d^S^ecu^ri^t^y^an^d^Ju^s^tⁱ^{ce Issu}^{es b}^e^f^o^re
^the^Su^bc^om^m^itte^e^{on N}^a^tio^na^{l Se}^c^u^r^ity^{, E}^m^e^r^gⁱ^ng^T^h^r^e^a^t^s^,^a^{nd I}ⁿ^t^e^rⁿ^a^tiona^{l R}^e^la^ti^ons^,^C^o^m^m^itte^e^{on G}^o^v^e^rⁿ^m^e^nt
^R^e^f^o^r^m^{, U}^.^{S. H}^ous^e^of^R^e^pr^e^s^eⁿ^t^a^tiv^e^s^{, Fe}^br^ua^r^y^{3, 20}^04,^G^A^O^-^04-⁴^08T^.

Congress may seek to carry out a more detailed review of the National Strategy for Aviation
Security to specifically identify potential needs for more detail and specificity with regard to
addressing these, and perhaps other, key elements of the strategy and supporting plans.
Additionally, one of the key required features of the national strategy for aviation security is that
it must be adaptive. Consequently, the national strategy and its supporting plans and documents
are likely to evolve over time to address changes in threats, intelligence, terrorist tactics and
capabilities, as well as new security technologies and capabilities. It is also likely that the strategy
and its supporting plans will sometimes need to change quickly in the face of imminent threats.
Therefore, Congress may also have a particular interest in assessing the robustness of the national
strategy for aviation security and the capability of the underlying aviation security system to
adapt based on shifting risk dynamics.
As a final consideration, Congress and the Administration may have a particular interest in
assessing how the national strategy and supporting plans align with budgetary decisions and
resource availability, particularly in the context of the annual budget and appropriations process.
This could be a key consideration as elements of the current strategy call for some considerable
expansion of the TSA’s roles and responsibilities. For example, DHS objectives for the TSA to
assume passenger identification functions and carry out behavioral observation both at and
beyond airport screening checkpoints is likely to be human resource intensive and, therefore, may
need further scrutiny in the context of budget and resource prioritization. Also, technology
advancements for checkpoint, baggage, and cargo screening are also being sought by both
Congress and the Administration. Additionally, new and proposed statutory requirements may
also expand the functions of the TSA and other federal agencies. For example, provisions in the
Implementing the 9/11 Commission Recommendations Act of 2007 (P.L. 110-53) require the
swift phase-in of air cargo inspections to achieve 100% inspections of all cargo carried on
passenger air carrier aircraft within three years. This mandate is likely to have significant cost and
resource implications not only for the federal government, but also for the airline industry.
Aligning this initiative with ongoing strategic plans for risk-based profiling and targeting of cargo
shipments and investment in cargo screening technologies is likely to be a topic of considerable
interest in the context of the federal budget process over the next few years.
As part of the budget process, the TSA has prepared a Strategic Context component of its
Congressional Justification documents since the FY2007 budget cycle. While these documents
provide a general framework of key strategic issues for the TSA, they adhere to a program level
justification and analysis and do not provide in-depth discussion of how specific programs and
initiatives address specific strategic issues and risk management practices. While these documents
provide a general framework for understanding TSA programs in the strategic context, they may
not provide sufficient detail regarding the methods used to set priorities and how the various
aviation security programs and initiatives being pursued align with risk-based priorities.
As Congress proceeds with initiatives to oversee and possibly modify U.S. approaches to aviation
security, substantive issues relating to the contents of aviation security policy, national strategy,
and planning documents may be a considerable focus of discussion and debate. While these
documents will likely play an important role as a general blueprint for guiding aviation security

policy and strategy, it is also likely that the U.S. approach to aviation security will need to
continually evolve and adapt to shifting threats and vulnerabilities. Addressing funding and
resources to address shifts in risk and security strategy may be an issue of considerable interest in
the context of future year budget planning and debate.
^B^a^r^t^Elias
^Sp^{ecialist i}ⁿ^A^v^iatioⁿ^P^o^lic^y
^belⁱ^a^s^@^crs^.^l^o^c.g^o^v^,^7-⁷⁷⁷¹