FORUM

By Sheldon Jacobson and Adrian J. Lee

AVSEC World is the premier aviation security conference. Sponsored by the International Air Transport Association (IATA), the three-day event features a comprehensive series of talks, presentations and panels on the state of aviation security worldwide. At the most recent conference, held in Frankfurt, Germany on Nov. 2-4, John S. Pistole, the U.S. Transportation Security Administration (TSA), was the featured keynote speaker. Pistole discussed the challenges faced by aviation security in the near future and the need to focus on the next generation of security operations, including devoting greater attention to intelligence information. The incident occurring Oct 29 involving the use of a printer cartridge as an improvised explosive device and shipped as cargo drew significant media attention to the conference.

A feature of the AVSEC World conference, the exhibits showcased the latest technologies and gadgets designed to thwart the next terrorist attack on the air system, providing airlines, airports, cargo carriers and security agencies the opportunity to meander amongst the future arsenal of threat detection devices and contemplate their role in strengthening aviation security operations.

Checkpoint of the Future

This year’s conference featured a panel session entitled, “Checkpoint of the Future.” Disappointingly, the ideas espoused by the participants focused on concepts that embellished and incrementally enhanced today’s aviation security systems. Many of the ideas put forward were interesting and useful, such as streamlined security checkpoints that allow travelers to select among different security lanes based on their experience or special needs (e.g., expert, normal, family), the need for risk-based security systems for assessing passenger risk and allocating security resources, and the need to coordinate security information more cohesively using data fusion.

Interestingly, many of these ideas have already been proposed and analyzed within the operations research and industrial engineering community. For example, Jacobson et al. (2001) show how a knapsack problem can be used to model the fusion of security data to simultaneously reduce both false alarm and false clear errors. Virta et al. (2003) report the results of a cost-benefit analysis of 100 percent checked-baggage screening. Candalino et al. (2004) show how simulated annealing can be used to design optimal aviation security checked baggage screening strategies. Lazar Babu et al. (2006) investigate the value of assigning passengers into different security groups, with each group designed with varying levels of security. Petersen et al. (2007) introduce a model to evaluate the impact of security measures on the aviation industry over a 25-year time horizon. Nikolaev et al. (2007) introduce the sequential stochastic security design problem to model passenger and carry-on baggage-screening operations in an aviation security system. Sahin and Feng (2009) show how passenger information can be incorporated into checked-baggage screening systems to determine the screening strategy for different subsets of passengers, and Cavusoglu et al. (2010) discuss how passenger profiling can enhance or detract from aviation security operations.

If aviation security checkpoint operations could be recreated from scratch, what would they look like? What technologies would they require? How effective would they be? What would the checkpoint of 2030 look like relative to what is in operation today? A bright spot at the conference is the growing discussion that finding objects (i.e., threat items) is less effective than finding people (i.e., terrorists). By design, aviation security can be broken down into the three “I” s of screening: Items (threats), Identity (passengers) and Intent (people).

In essence, finding threat items and matching passenger identity are surrogates for measuring nefarious intent. The rationale for this is quite apparent. People who attempt to carry weapons or explosives on board airplanes are likely to have malicious intent to inflict disruption to air transportation logistics. The same can be said for passengers who attempt to hide or misrepresent their identity. However, matching passenger identity and screening those perceived as high risk for threat items is sufficient, though not necessary, for thwarting terrorist incidents.

Shifting Focus

To date, the vast majority of security attention has focused on finding threat items. The reason for this is apparent: it is the easiest of the three “I”s to address. However, in recent years, there has been a growing shift towards addressing the other two “I”s. In particular, requiring passengers to verify their identity using government issued picture IDs, requiring passengers to provide their gender and date of birth upon ticket purchase and comparing such information to terrorist watch lists, are procedures designed to match a person with their identity. Given that people who are interested in inflicting harm on the air transportation system either attempt to hide or misrepresent their identity, the trend to improved methods for matching passengers with their identity will continue to evolve as an effective layer of security protection.

Technologies that incorporate biometrics, such as iris matching and face recognition, are likely to be enhanced so they can be implemented with increased accuracy and performed in real time.

New technologies may need to operate at the DNA level using advanced materials, and perhaps derive from nanotechnology devices to ensure that passenger “A” is who passenger “A” appears or claims to be. Identity matching alone is insufficient to protect against terrorist threats, since an individual with no record or history of terrorist activities can easily be passed over by this metric.

The third “I,” Intent, is what will distinguish the security checkpoint of today from the checkpoint of 2030. Efforts have already begun to address this issue. Behavioral profiling is designed to identify abnormal activities that are deemed consistent with passengers who may pose a threat to the air transportation system. The SPOT (Screening Passengers by Observation Techniques) program has been implemented by the TSA to achieve such an objective by utilizing a network of behavior detection officers [Hawley 2008].

Measuring Malignant Intent

The challenge for the security technology industry over the next decade is creating technologies that can accurately assess and measure malignant intent of terrorists, with limited false alarm errors and negligible false clear errors. Once such a capability is achieved, the shift of focus from finding threat items to identifying bad intent can proliferate. Intent-oriented measurement technologies will bring numerous changes to airport security operations.

In such a security environment, it will be unnecessary to screen pilots and other flight crew personnel for threat items. In fact, once security checkpoint screening policies reach the point in which pilots are exempt from all threat item screening, this will be the first tangible evidence that a paradigm shift has begun in aviation security operations. In time, as identity-matching and intent measurement technologies improve, a wider group of passengers will be permitted to fly without any threat item screening at all.

Such an advance has multiple benefits. First, it provides less inconvenience to the majority of passengers who pose no threat to the system. Second, it reduces the pool of passengers for whom less identity information is available or intent metrics raise cautionary red flags, and subjects such passengers to the most intense scrutiny and threat item screening. Third, it makes the system safer for all, by allocating security resources more efficiently and allows them to be used more effectively.

The key issue is the creation of intent measurement technologies and devices that can neither be fooled, gamed nor defeated. Once this obstacle is overcome, videos shown in 2030 of passengers being screened at airports will elicit the same humorous response as films of children scrambling beneath school desks during nuclear bombing drills in the 1950s.

Clearly, existing technologies and procedures do not meet the necessary standards to accomplish the stated objectives for measuring malignant intent. Moreover, privacy issues as we know them today move such a paradigm into the Orwellian domain. The challenge is to retain acceptable levels of privacy while ensuring accurate identity of passengers, and to correlate appropriate measurements of intent with the risk of a passenger inflicting harm to the air transportation system.

Unfortunately, methods do not exist today to meet such lofty objectives. As a result, explosive detection systems, trace detection devices and advanced imaging technologies (also known as full-body scanners) will be with us for several more years, including all the growing controversy over enhanced pat-downs. Nonetheless, opportunities exist to transform the existing aviation security checkpoint into a new paradigm of thinking.

Operations research is well-positioned to help advance this mission.

Sheldon H. Jacobson is professor and director of the Simulation and Optimization Laboratory in the Department of Computer Science at the University of Illinois. He has researched the application of operations research and industrial engineering to aviation security problems since 1996.

Adrian J. Lee is president of Central Illinois Technology and Education Research Institute and serves on the Transportation Research Board Committee on Aviation Security and Emergency Management. He has and continues to research passenger and baggage screening operations within risk uncertain environments.

Acknowledgments

The authors wish to thank Janet A. Jokela, University of Illinois, for her feedback on earlier drafts of this article. The first author also wishes to thank Philip Baum, editor of Aviation Security International and founder of Green Light Ltd., and IATA for the opportunity to attend the AVSEC World 2010 conference and participate as a panelist in the program.

References

1. Candalino Jr., T.J., Kobza, J.E., Jacobson, S.H., 2004, “Designing optimal aviation baggage screening strategies using simulated annealing,” Computers and Operations Research, Vol. 31, No.10, pp. 1,753-1,767.
2. Cavusoglu, H., Koh, B., Raghunathan, S., 2010, “An analysis of the impact of passenger profiling for transportation security,” Operations Research, Vol. 58, No. 5, pp. 1,287-1,302.
3. Hawley, K., testimony before the United States House of Representatives Committee on Transportation and Infrastructure Subcommittee on Aviation. July 24, 2008 (www.tsa.gov/press/speeches/072408hawley_aviation_security.shtm).
4. Jacobson, S.H., Kobza, J.E., Easterling, A.S., 2001, “A detection theoretic approach to modeling aviation security problems using the knapsack problem,” IIE Transactions, Vol. 33, No. 9, pp. 747-759.
5. Lazar Babu, V.L., Batta, R., Lin, L., 2006, “Passenger grouping under constant threat probability in an airport security system,” European Journal of Operational Research, Vol. 168, No. 2 (Special Issue), pp.633-644.
6. Nikolaev, A.G., Jacobson, S.H., Mclay, L.A., 2007, “A sequential stochastic security system design problem for aviation security,” Transportation Science, Vol. 41, No. 2, pp. 182-194.
7. Peterson, R.M., Bittel, R.H., Forgie, C.A., Lee, W.H., Nestor, J.J., 2007, “Using USCAP’s analytical models, the transportation security administration balances the impacts of aviation security policies on passengers and airlines,” Interfaces, Vol. 37, No. 1, pp. 52-67.
8. Sahin, H., Feng, Q. M., 2009, “A mathematical framework for sequential passenger and baggage screening to enhance aviation security,” Computers and Industrial Engineering, Vol. 57, No. 1, pp. 148-155.
9. Virta, J.L., Jacobson, S.H., Kobza, J.E., 2003, “Analyzing the cost of screening selectee and nonselectee baggage,” Risk Analysis, Vol. 23, No. 5, pp. 897-908.