Chapter 11The Threat Matrix In this chapter,

Chapter 11
The Threat Matrix
In this chapter, we describe the evolution of terrorist activities
and various crimes perpetrated within the aviation system.
Aviation security practitioners must be able to detect and deter
future unconventional terrorist and criminal acts. The security
industry is responsible for designing resiliency into aviation
security systems such that responses are rapid and effective.
Therefore, here we discuss existing and emerging threats to the
aviation system and methods for mitigating, preparing,
responding, and recovering from terrorist and extreme criminal
attacks. This chapter examines practical strategies and tactics
for accomplishing these requirements against current and future
threats against aviation security.
*
Introduction
The United States has expended significant monetary resources
since 9-11 to "fix" the aviation security system; however, as a
nation the United States has much more work ahead in

developing security systems that can mitigate future threats.
Although part of our responsibility is to detect and deter
terrorist and criminal acts, it is also part of our responsibility to
build resiliency into the aviation security system such that
responses are rapid and effective when a terrorist or criminal
act occurs.
Terrorism is a way to inflict harm on a country or entity with
little risk to the infrastructure of the terrorist organization.
Whenever a citizen sees heightened security, he or she is
reminded of the attack that caused the new procedures and may
continue to fear another attack.
*
Threat Matrix Introduction
Modern terrorism uses the Internet and other highly advanced
technologies along with unconventional forms of implementing
an attack.
Therefore, threats can no longer be eliminated through military
power. Defeating current and future threats to our global
aviation system requires strategies that combine military force
where applicable and the construction of a resilient
infrastructure.
The most dangerous threat to aviation is perhaps the belief that
a threat is unstoppable.
*

Practical Aviation Security – Chapter 11
Threat Matrix
Threat is unstoppable
GA and the use of GA aircraft
"Isn't it easier to rent a truck and fill it with explosives than it
is to rent or steal an aircraft?"
Suicide bombers
"You cannot stop someone who is totally committed to attacking
you and killing themselves in the process."
The most dangerous threat to aviation is perhaps the belief that
a threat is unstoppable.
The first statement is in regard to GA and the use of a GA
aircraft to facilitate a terrorist attack. The statement goes
something like "Isn't it easier to rent a truck and fill it with
explosives than it is to rent or steal an aircraft?" The second
statement relates to suicide bombers. The statement goes
something like "You cannot stop someone who is totally
committed to attacking you and killing themselves in the
process."
Although commonly believed, neither of these statements helps
prevent the next attack on aviation. The first statement does not
negate our responsibility to prevent an aircraft from being used
in a terrorist attack, whether it is a commercial service or GA
aircraft. In the second case, whereas some terrorists will die for

their cause, they will not "donate their lives cheaply."
*
Threat Matrix
Terrorists – attack to cause significant harm, primarily
economic
Modern threats from terrorism:
Existing threats – frequently used
Emerging conventional threats – new yet probable
Emerging asymmetrical threats - WMD
Terrorists intend to conduct attacks that significantly harm their
target—primarily economically. Their objective is not just to
cause destruction or kill people but to effect massive change—
they want to do something that will stay in the news for months
if not years.
Modern threats from terrorism fall into three areas: existing
threats, emerging conventional threats, and emerging
asymmetrical threats.
Existing threats are those that have frequently been used.
Emerging conventional threats include new yet probable forms
of attack, such as the use surface-to-air missiles. Emerging
asymmetrical threats include weapons of mass destruction that
may cause indiscriminant destruction.
*

U.S. Patriot Act defined international and domestic terrorism
The U.S. Patriot Act defined international and domestic
terrorism. International terrorism means activities that
(A) involve violent acts or acts dangerous to human life that are
a violation of the criminal laws of the United States or of any
State, or that would be a criminal violation if committed within
the jurisdiction of the United States or of any State; and
(B) appear to be intended to (i) to intimidate or coerce a civilian
population; (ii) to influence the policy of a government by
intimidation or coercion; or (iii) to affect the conduct of a
government by mass destruction, assassination, or kidnapping;
and
(C) occur primarily outside the territorial jurisdiction of the
United States, or transcend national boundaries in terms of the
means by which they are accomplished, the persons they appear
intended to intimidate or coerce, or the locale in which their
perpetrators operate or seek asylum.
Domestic terrorism” means activities that involve acts
dangerous to human life that are a violation of the criminal laws
of the United States or of any State and
(B) appear to be intended (i) to intimidate or coerce a civilian
population; (ii) to influence the policy of a government by
intimidation or coercion; or (iii) to affect the conduct of a
government by mass destruction, assassination, or kidnapping;
and
(C) occur primarily within the territorial jurisdiction of the
United States.

Often, terrorists are using the protection provided by the laws
of the country they are trying to attack as a shield for their
activities.
*
Threat Matrix
Relative Superiority
Condition that exists when an attacking force, generally
smaller, gains a decisive advantage over a larger or well-
defended enemy.
Six principles affect relative superiority
Simplicity
Security
Repetition
Surprise
Speed
Purpose

McRaven posits that in order for a small force to be successful
they need to acquire what is known as relative superiority
(McRaven, 1996), which he describes as a condition that exists
when an attacking force, generally smaller, gains a decisive
advantage over a larger or well-defended enemy. Relative
superiority exists when it is achieved at the pivotal moment in
the engagement and once achieved, sustained in order to
guarantee victory.
McRaven explains how six principles, simplicity, security,
repetition, surprise, speed and purpose, affect relative
superiority. Each of these principles relate to the perspective of
aviation security practitioners in designing methods to deter or
effectively respond to a terrorist or criminal incident.
Simplicity relies on three elements – focusing on a limited
number of objectives, having good intelligence and using
innovation.
Security relates to operational security (OPSEC) while the
attack is being planned and pieces put into place (training,
acquisition of materials, funding).
Repetition is indispensable in achieving success and relates to
training to perform the operation.
Surprise is not the same as relative superiority. Surprise
provides for momentary advantage and while usually necessary
for success, is alone is not sufficient for success.
Speed, which also relies on proper security and constant
repetition (i.e. training) relates to the ability to take action
quickly.
Purpose means all personnel are focused on a single goal, which

reduces extraneous objectives, isolates and limits the
intelligence required, which, combined, makes operational
security that much tighter.
*
Threat Matrix
Difficulty in measuring deterrence
Terrorists have a planning stage, research and planning stage,
execution stage
(SARA) Select target, Analyze and assess, Research and attack
Adding to the frustration of counter terrorism operations is the
difficulty in measuring deterrence.
The TSA has been roundly criticized for not catching any
terrorists through their screening and behavior detection
processes, but there are two issues here. TSA is not
fundamentally a law enforcement agency or else it would likely

reside in the Department of Justice.
The FBI and other law enforcement agencies have caught
numerous terrorists and criminals since 9/11.
The Department of Defense, through the nation’s military
forces, the CIA and related agencies have eliminated an untold
number of terrorists, including most notably Osama bin Laden,
potential terrorists and terrorist support networks since 9/11.
Terrorists have a planning stage (target selection, analyzing and
assessing the mission), a research (reconnaissance) and
planning stage, and an execution stage (the attack), and that the
use of all the stages are inseparable and integrated
(Ronczkowski, 2012). Thus, the four stages within the terrorism
model are: Select target, Analyze and assess, Research and
Attack (SARA).
In the absence of the integration the mission will fail. Terrorists
do not randomly and spontaneously pick their targets – they are
selective in order to maximize the tragedy. This provides law
enforcement and security personnel the advantage of being able
to identify and deter a plot in advance of the attack.
*
Threat Matrix

Pre-incident indicators to terrorist or criminal activity
Nationwide SAR Initiative (NSI)
State and Local Anti-Terrorism Training (SLATT) Program
SAR Program (suspicious activity reporting)
To promote the training of state and local law enforcement
officers in identifying pre-incident indicators to terrorist or
criminal activity, there are a couple of programs: Nationwide
SAR Initiative, and the State and Local Anti-Terrorism Training
(SLATT) Program funded by the DOJ.
SLATT provides training and resources to law enforcement
personnel on the threats presented by terrorists and violent
criminal extremists. SLATT provides anti-terrorism detection,
investigation, and interdiction training. The program has been
in place since 1996, but received little attention prior to 2001.
NSI training directed at state, local, and tribal law enforcement
and public safety professionals in identifying, reporting,
evaluating, and sharing pre-incident terrorism indicators to
prevent acts of terrorism. NSIs programs include documented
and verified behaviors and indicators that, when viewed in the
totality of circumstances, may indicate terrorism-related
criminal activity.
While there is some debate how is was developed, the SAR
program (suspicious activity reporting) which is promoted

through the SLATT and NSI programs, has become an essential
resource in the counter terror and counter criminal efforts.
Today, it is the backbone of the Intelligence Reform and
Terrorism Prevention Act of 2004, which required the creation
of the Information Systems Council (ISC) – the Council was
charged with overseeing the development of an interoperable
terrorism information sharing system environment.
SAR is based on the behaviors and activities that have been
historically linked to preoperational planning of and preparation
for terrorist attacks, which include: acquiring illicit explosive
materials, abandoning suspicious packages or vehicles to
determine the response time of security or police, taking
measurements or photographs of areas not normally of interest
to the public, testing security measures and others.
The SAR program allows police to paint their own picture of
what is happening in their communities rather than relying on
their federal partners.
*
Threat Matrix
Domestic and international terrorist group activities include:
Recruitment

Preliminary organization and planning
Preparatory conduct
Terrorist act
Domestic and international terrorist group activities include
(Ronczkowski, 2012):
Recruitment: membership of a group, attendance at rallies and
meetings, exposure to Internet recruiting or informational sites,
personal recruitment and accessing extremist literature
Preliminary organization and planning: identify and clarify
roles, exposure to terrorist training materials or actual training,
discussion of potential targets, drawings, assignments
Even the lone-wolf operator, usually the hardest to interdict,
must begin with some type of target selection (planning),
acquisition of weapons or explosives (preparation) and the
attack (execution).
Preparatory conduct: theft and weapon acquisition,
counterfeiting, procuring identification, bomb-related activities
and weapon modifying
Terrorist act: bombings assassinations, hostage taking, hoaxes,
threats, hijackings
*
Threat Matrix

Key indicators of terrorist activity:
Surveillance
Elicitation
Testing security
Acquiring supplies
Suspicious persons
Trial runs
Deploying assets
The key indicators of terrorist activity have been defined as (1)
surveillance, (2) elicitation, (3) testing security, (4) acquiring
supplies, (5) suspicious persons, (6) trial runs, and (7)
deploying assets. In addition to what has already been listed,
these activities should also be regarded as suspicious (with
respect to context):
Counter surveillance and testing of security procedures
Elicitation of information from security and police personnel
Attempts to enter secure facilities, or attempts to smuggle
contraband onto the premises
Stockpiles currency (cash), weapons, ammunition, or in
possession of multiple forms of identification, passports,
driver’s licenses
Espouses extremists views in the workplace, social media or in
personal communications

Attempts to acquire or in possession of blueprints, layout plans
of sensitive or governmental infrastructure
Commits hoaxes or makes statements to determine the response
*
Existing Threats: Aircraft Bombings, Aircraft Hijackings, and
Airport Attacks
The traditional method of attack on aviation continues to be
bombings or hijackings.
The concept of using an aircraft as a weapon of mass
destruction, although not new, was certainly not within the
scope of thinking by the intelligence communities throughout
the world and before 9-11.
*
Aircraft Bombing: Passenger, Baggage, and Cargo
In 2006, the TSA stated that bombings were a greater threat to
aviation security than hijackings. Bombs continue to be one of
the most popular weapons of terror and remain an active current
threat.
The TSA has implemented an operational solution in the form of

restricting the amount of liquid that can be taken onboard and
conducting random use of explosive trace detection
technologies. These processes are inconvenient to travelers and
not as effective as they need to be to prevent a bombing.
*
Textbook Page No. 359
Airport Attacks
Security screening
checkpoint
Checked baggage
screening
The security screening checkpoint must be outfitted with
technology that will detect explosives and metal on a passenger,
and with technology that provides a better look inside carry-on
baggage—technology that can distinguish between dangerous
liquids and other substances from nonthreat items.
Checked baggage screening technologies are effective at
identifying many prohibited materials, and these systems should
continue to be implemented, inline to the automated baggage
systems, wherever possible.
Focus must shift to the other methods a bomb can be introduced
to an aircraft as terrorists and criminals will shift to the path of
least resistance, which right now is represented primarily by
cargo, mail, and placement of a device by an aviation employee.
There are programs that require random screening of airport

workers by TSA personnel to counteract this threat.
*
Airport Attacks
Bomb Threats
Bomb threats disrupt an operation
Must notify TSA of any bomb threat
Bomb threats to an airline, an industry that relies heavily on-
time performance, can be a major disruption as flights are
delayed or canceled across the national airspace system,
personnel and resources are diverted for hours to handle the
crisis, and other airport operations are interrupted.
Presently, handling the bomb threat from the air carrier
perspective depends on where the call comes in. A call to:
An airport authority - will result in the airport responding by
notifying air carriers and the TSA.
The airline - may not result in notification to the airport or
other agencies.
If the threat is clearly a hoax or so unspecific as to not warrant

further action, determined through a vetting process conducted
by the airline security personnel, the airline may elect to not
notify other agencies.
When an aircraft operator receives a bomb threat, the in-flight
security coordinator of the flight in question must be notified,
and any applicable threat measures that are part of the aircraft
operators’ security program must be implemented.
The aircraft operator must also notify the airport operator at its
intended point of landing when an aircraft has received a threat.
The aircraft operator must attempt to determine whether any
explosive or incendiary device is present by conducting a
security inspection on the ground before the aircraft’s next
flight, or if already in flight, as soon as possible after landing.
If an aircraft in flight receives a bomb threat or notification
from the ground that a bomb may be onboard, the flight crew
must be immediately notified so that in-flight security
precautions may be taken. This may involve the movement of a
suspicious package or item to an area of the aircraft known as
the least risk bomb location (LRBL), where the aircraft
manufacturer has determined that an explosion will result in the
least damage to the aircraft.
If a threat is received and related to the facilities used by an
aircraft operator, the airport operator must be immediately
notified, along with the other domestic and foreign aircraft
operators at that specific airport. The aircraft operator must
conduct a security inspection before continuing to use the
threatened facilities or areas.
The regulations require that aircraft operators notify the TSA of
any bomb threat against a flight or an airline facility. However,
the aircraft operator can exercise some discretion when
determining whether a particular threat is credible enough to

stop air carrier operations and contact the TSA.
*
Airport Attacks
Aircraft Hijacking
Still the potential for hijacking to occur
“Commonly known strategy”
Active resistance
Even though numerous procedures have been implemented to
prevent an aircraft from being hijacked and, if hijacked, to
prevent it from being used as a weapon of mass destruction,
there is still the potential for hijackings to occur. On average,
since 9-11, there have been approximately 5 to 10 hijackings or
hijacking attempts each year worldwide.
The antihijack strategy practiced today is essentially active
resistance—also not a secret. Security practitioners can no
longer assume that hijackers will not have knowledge of how an
aircraft works.
In 2005, the DHS rolled back some of the items on its
prohibited items list because of the effectiveness of active

resistance.
To continue to reduce the hijacking threat, consideration should
be given to requiring airline personnel to receive hands-on self-
defense training and to allow local and state law enforcement
officers to carry their weapons onboard.
*
Managing a Hijack Incident
Most strategies are confidential
Most strategies for managing hijack incidents are confidential
and should not be made public.
Conventional wisdom and lessons learned are not a secret; if the
incident occurs when the aircraft is still on the ground, the
strategy is to do everything possible to keep it there. Response
should include:
Moving the aircraft to an isolated parking position (IPP)
The flight crew should attempt to disable the aircraft.
Barricades should be placed around the aircraft to prevent it
from taking off
Inform TSA

Local law enforcement must manage the on-scene tactical issues
until the FBI can arrive, assemble, and deploy
This may take 30 - 45 minutes or more. Local police and
airport personnel must know how to handle the situation
Specific hijack management strategies should be discussed with
federal, state, and local security personnel, including the FBI
and TSA, and training conducted for first responders.
Once the aircraft is airborne, numerous variables come into
play, including the potential that the aircraft will be used as a
weapon or that it will be shot down by military aircraft.
*
Airport Attack: Armed Assault
Third most frequent kind of attack on aviation
The armed assault of an airport terminal building ranks as the
third most frequent kind of attack on aviation. The results can
be deadly, resulting in a massive loss of life and a major
disruption to operations.
A highly visible and heavily armed police presence can be an
effective deterrent to such attacks. An airport is particularly
vulnerable when there are long lines at the screening
checkpoints or when there are weather closures, resulting in
thousands of people crowded into the terminal building and in

security and ticketing lines. Airport operators should deploy
additional law enforcement during these times.
These types of assaults usually involve prior surveillance and
local coordination. Therefore, the activities of the terrorists may
be detected before the attack.
*
ReinforcementThe most dangerous threat to aviation is perhaps
the belief that a threat is unstoppable
Bombs continue to be one of the most popular weapons of terror
and remain an active current threat
Focus must shift to the other methods a bomb can be introduced
to an aircraft as terrorists and criminals will shift to the path of
least resistance
The regulations require that aircraft operators notify the TSA of
any bomb threat against a flight or an airline facility
There is still the potential for hijackings to occur
Most strategies for managing hijack incidents are confidential
and should not be made public
The armed assault of an airport terminal building ranks as the
third most frequent kind of attack on aviation

Emerging Conventional Threats
Most emerging conventional threats have already occurred
against nonaviation targets, such as attacks on military
facilities, embassies, hotels, and businesses.
It should be assumed that these forms of attack will eventually
be used against aviation.
*
Airport Attack: Improvised Explosive Device
Bombs continue to be most
common weapons
Most significant challenge is
properly identifying an object
as an IED

Bombs are among the weapons most used by terrorists and
extreme criminals.
In response to the bombing of the Murrah building in Oklahoma
City in 1995, U.S. airport operators began advising the public in
1996 that unattended bags will be removed and destroyed.
One of the most significant challenges with respect to IEDs is
properly identifying an object as an IED. This is particularly
difficult at an airport where, despite public announcements,
baggage and briefcases are routinely left unattended (even
shortly) every day.
When a bag has been left unattended:
Note the location
Carefully examine for travel date, identification information,
general condition
Security should make a public announcement asking for the
owner of the bag to identify him or herself or ask if anyone can
identify who may have left the bag or item
Notification should be done at least 50 feet from the item, radio
and cell phone transmissions may detonate an IED
The area surrounding the item should be evacuated until law
enforcement arrives
The quickest way to check for an IED in an airport is to use a
K-9 explosives detection team.
Personnel handling incoming mail should be trained on what to
look for to detect whether a parcel or letter contains an IED or a
chemical/biological/radiological agent.
Signs include:
Excessive string or tape on a parcel,

Lopsided or uneven parcels,
Rigid or bulky parcels with the package clearly too small for the
contents,
Oily stains or discoloration,
Wrong name and address or wrong title,
Strange odors
Letters with restrictive markings such as “personal” or “only to
be opened by” written or printed on them,
Badly typed or written addresses,
Excessive postage,
Packages that have been mailed from a foreign country,
Misspelled words,
Absence of a return address
Some airports may consider installing small X-ray devices in
their mailrooms to scan all incoming mail.
*
Vehicle-Borne Improvised Explosive Device
300 foot rule
The basic concept behind a vehicle-borne improvised explosive
device (VBIED), is to fill a car or truck with large quantity of
an explosive, drive it to the target area, then detonate it, either
from inside the vehicle, by a remote command or timing device.
The “300-foot rule” took effect in 1995, in response to the
bombing of the Murrah building in Oklahoma City, and prevents

unattended vehicles from being parked within 300 feet of an
airport terminal building.
Vehicle checkpoints on roads accessing the airport can be a
deterrent and airport design can help mitigate an attack by a
VPIED.
*
Airport Attack: Suicide or Homicide Bomber
Common belief suicide bomber
cannot be stopped
Unlike command-detonated improvised explosive devices
(IEDs), suicide bombers adjust to the environment, identify law
enforcement and security measures, flee and return another day,
or relocate into a crowd or key infrastructure to increase
destruction. A suicide bomber can also quickly move into
position and detonate.
Another advantage is a common belief that a suicide bomber
cannot be stopped. This is not true. Suicide bombers are
committed to dying in the attack. However, they do not want the
attack to be a wasted effort and thus will spend considerable
time planning for the attack, often receiving help from others.
Once a suicide bomber is loaded up and walking to the target
area, stopping the attack is very difficult—but not impossible.
In Israel, police and citizens are trained in tactics to defeat

suicide bombers. These have been shown to be about 80%
effective when employed by someone trained in the proper
techniques.
Suicide bombers typically carry 2 to 30 pounds of plastic
explosives attached to a firing trigger kept in their hand, pocket,
or chest area. Pushing a button or toggling a switch completes
the circuit and detonates the bomb. Sometimes, the bomber
pushes the button to arm the device. When the button is
released, the bomb explodes. This technology makes it difficult
for law enforcement to stop a detonation.
Occasionally, nails and bits of metal are wrapped with the IED
to increase the damage caused by the blast. There have even
been rumors of suicide bombers injecting themselves with the
AIDS virus in an attempt to spread the disease during the blast.
Chemical and biological elements may also be mixed in to an
explosive. However, one challenge to this concept is that the
temperatures created by the explosion may vaporize these
elements.
*
Airport Attack:
Perimeter Breach and Standoff Weapons

The perimeter of an airport will include fencing, gates and
access control systems, and other barriers. Perimeters have
received low priority as few attacks on airports of aircrafts
occur through or over a perimeter fence.
An airport perimeter can be exploited in many ways including:
An armed assault by aggressors can drive through a perimeter
gate,
Individuals posing as airport security guards could access the
airport perimeter without creating notice.
Natural barriers, such as water or densely wooded or populated
areas, impact the ability of an airport to keep that section of the
airport perimeter secure.
Some foreign airports are switching to stronger fencing and
including detection monitoring capabilities such as seismic
sensors triggered when an individual touches the fence. Due to
cost of seismic sensors, many larger airports combine CCTV
with smart software to keep track of a perimeter.
Equally important are threats that occur just outside of an
airport’s perimeter fence, such as rocket-propelled grenade
(RPG) attack, an aerial IED, or an automatic weapon attack on
an aircraft that is taking off or landing.
One other potential standoff attack has been brought up in the
media, but its actual use remains in question. In Iraq, some
observers have discussed the use of so-called aerial IEDs. An
aerial IED is a shaped-charge explosive that is placed along the
known flight paths of a helicopter. When the helicopter flies
over the IED, it is detonated, sending a cloud of shrapnel into
the flight path. The helicopter quickly ingests the shrapnel,
causing the engine to flame out at a high speed and low altitude.
The helicopter crashes before the crew has time to react. With

the known flight paths around an airport, this type of device
could be very effective.
*
Aircraft Attack: MANPAD
Launched by one person to strike an aerial target
Manned Portable Air Defense systems, which distinguish them
from vehicle, vessel, or land-based air defense systems,
MANPADs can be launched by one person to strike an aerial
target. MANPADs can reach speeds of Mach 2 and altitudes up
to 18,000 feet.
Another challenge to the MANPAD threat is that it does not
have to be fired on an airport or even near an airport to ensure a
hit. A RAND study concluded that the envelope for firing a
MANPAD was 870 square miles around Los Angeles
International Airport.
Other factors to consider in relation to MANPADs are whether
an attacker can actually hit the target and whether the missile
with a small warhead (less than five pounds) can cause enough
damage to take down a large commercial airliner.
A missile can be deterred by providing its tracking sensors

(seeker head) with something else to chase or by confusing its
sensors. With the seeker head not knowing which direction to
go, the missile “goes stupid” and either self-destructs or falls to
the ground. Antimissile technologies used to protect aircraft
include flares, laser jammers and high-energy lasers.
*
ReinforcementMost emerging conventional threats have already
occurred against non aviation targets
Bombs are among the weapons most used by terrorists and
extreme criminals
The “300-foot rule” took effect in 1995
A common belief that a suicide bomber cannot be stopped
An airport perimeter can be exploited in many ways
Natural barriers, such as water or densely wooded or populated
areas, impact the ability of an airport to keep that section of the
airport perimeter secure.
Emerging Asymmetrical Threats
Asymmetrical threats include threats that either have not
occurred against aviation or have occurred against aviation and
are highly irregular, such as attacks using chemical weapons,
cyber attacks, and attacks using general aviation aircraft.

Chemical/biological/radiological/nuclear forms of attacks, and
all four are generally considered weapons of mass destruction.
Chemical/biological terrorism has become more popular because
of its heightened fear factor. It is difficult to detect, most often
easily and anonymously spread by air, and requires extensive
decontamination rendering facilities unusable for long periods.
*
Chemical Weapons
Categories
Four Nerve
Blistering
Blood
Choking
Common Types
Sari
VX
Mustard Gas
Lewisite
Any weapon that uses a manufactured chemical to kill people.
Chemical weapons are broken down into five categories:

Nerve agents
Blistering agents
Blood agents
Choking agents
Irritants
The most effective method of dispersal of chemical agents is
through the air. First responders arriving at the scene of a
potential chemical attack may note patients in respiratory
distress or patients with severe eye irritations, skin redness, or
other symptoms. Blistering, skin legions, tightening of the
chest, and accumulations of fluid in the chest or larynx may
indicate a chemical attack.
*
Biological
Common types:
Anthrax
Smallpox
Botulin toxin
Ebola
Ricin
Bacillus anthracis
The aviation system makes possible the rapid and widespread

spread of a biological agent once an infection has begun. It may
take several days before symptoms of an infection manifest,
during which time thousands may have been exposed.
Biological weapons are difficult to manufacture, more so than
chemical weapons.
There are several types of biotoxins including: botulinum
toxins, Ricin, saxitoxin, anthrax, cholera, Ebola virus, and the
plague.
Biotoxins, whether the result of a terrorist attack or not, can
result in quarantines and loss of business for several weeks until
the disease runs its course. Examples of this were the recent
SARS and bird flu outbreaks in Asia.
*
“Dirty bomb” or Radiological Dispersal Device (RDD)
Radiological
A radiological dispersal device (RDD) commonly called a “dirty
bomb,” combines a conventional explosive, such as dynamite,
with radioactive material.
Some have called this type of device a weapon of mass
disruption, not destruction. At an airport, such a weapon could

shut down large areas of a terminal building for months, or
years, and possibly even require the destruction of the
contaminated portion of the facility.
A variety of radioactive materials, including Cesium-137,
Strontium-90, and Cobalt-60, are commonly available and could
be used in a RDD attack. According to the Nuclear Regulatory
Commission, the levels or radiation possible in a dirty bomb
from these sources would not be sufficient to kill anyone or
even cause severe illness.
Certain other radioactive materials dispersed in the air could
contaminate up to several city blocks, creating fear and possibly
panic and costly cleanup. Prompt, accurate, nonemotional public
information might prevent the panic sought by terrorists
First responders must be aware that radiation is invisibl e; may
exist in a liquid, solid, or gaseous state; and that someone does
not have to come into direct contact with a radioactive
substance to be exposed to the effects of radiation.
The first priority when responding to an incident where an RDD
has been deployed is to establish a large perimeter and
administer to the medical needs of those affected.
Individuals who have been exposed to radiation do not pose a
threat to responders, but individuals who have been
contaminated will represent a health threat to responders
*

Nuclear
Delivered by a variety of methods
Many threats from nuclear devices
There is a higher risk of a nuclear device entering the Uni ted
States by sea than the threat of nuclear weapons being employed
in the United States against a major city.
A nuclear device could be delivered by a variety of methods
(e.g., truck, rail, maritime), but the risk of a nuclear device
being placed on an aircraft is significant.
An aircraft can access areas that ground-based vehicles cannot
and can carry a nuclear device to an optimum detonation
position that could ensure the widest dispersion of radiation,
electromagnetic pulse, and blast wave pressure.
During a nuclear attack on a city, the airport will represent one
of the primary locations for evacuation and for acceptance of
outside supplies. The airport may also become a location for
city officials to regroup and coordinate disaster relief efforts.
Airport security managers will be faced with trying to maintain
a secure operating environment.
*

The Future is Here: Insider Threat and Directed-Energy
Weapons
Use of lasers pointed at aircraft cockpits
Remotely operated weapons
“Radicalized” citizens
A disturbing trend has occurred in the past ten years that affects
both aviation safety and security issues – the use of lasers
pointed at aircraft cockpits.
The result is a light show within the cockpit, which distracts the
pilots at best, and when the pilot(s) are hit directly with the
laser, temporary blindness and permanent eye damage can
occur.
An FBI memo stated that al Qaeda had explored lasers as a
weapon, including a possibility of lasing aircraft cockpits to
interfere with pilots’ ability to operate their aircraft safely.
The threat to aviation from directed energy weapons is clearly
the danger of blinding the pilots, which itself is hazardous
enough, but when combined with a follow up rocket-propelled
grenade or surface to air missile attack, puts the pilots in a
highly disadvantageous position to take evasive action.
Another new form of attack is the use of remotely operated
weapons, which are used by the U.S. military in static, ground
robot, or unmanned aerial vehicles. The cellular communication
networks and even wifi networks allows communication with
the bomb or weapon, which can be detonated or fired remotely,
giving terrorists a stand-off capability.

One of the most difficult types of attack to stop and respond to
is a “contextual attack,” where attacks and attackers mimic their
surroundings.
These types of attacks have the lowest probability of being
viewed as an anomaly or threat as the individual is w ithin the
context of their surroundings in terms of dress, ethnic profile
and mannerisms and behaviors, cover stories and actions.
*
Within the Aviation Community
A potential threat from within the aviation system lies in the
GA community
Attacks from within the aviation community are the most
difficult to deter as “insiders” have access throughout much of
the aviation system.
Many of the security layers in place to prevent outsiders from
successfully attacking aviation can be bypassed through the
normal course of business for an aviation employee.
A potential threat from within the aviation system lies in the
GA community, as GA aircraft are more accessible than a
commercial service aircraft, yet the majority of GA aircraft

serve as inferior tools for destruction.
The most damaging threat from use of GA aircraft would
probably result from the use of a large corporate aircraft or
light GA aircraft filled with explosive material or a CBRN
agent and flown into a ground target.
In a study conducted by the U.S. Office of Technology
Assessment, the agency estimated that a small private plane, on
a windless night, loaded with 220 pounds of anthrax spores and
flying over Washington, D.C., could kill between 1 million and
3 million people and render the city uninhabitable for several
years
If a GA plane were used to create mass destruction, the
resulting flight restrictions and congressional lawmaking would
probably cause the economic demise of GA.
*
Infrastructure
Aviation and airports are considered critical infrastructure
DOD now includes “information warfare” as the fourth
battlefield, joining land, sea, and air

Attacks on the critical infrastructure of the country relate to the
aviation community in a variety of ways. Aviation and airports
are considered critical infrastructure, along with the
communication channels needed to interact with aircraft in
flight.
An attack on a power plant could leave an airport without the
power necessary for air traffic control, runway lighting access
control, and CCTVs systems. Many airports have backup
generators for the air traffic control tower and other essentials;
however they are normally not capable of running all of the
remaining areas needed for an airport to function.
A cyber attack could affect air traffic control, emergency first
responders, financial sectors and airport security systems as
they all rely on computers.
Police fire and emergency medical service agencies are notified
and dispatched through the telecommunications systems and
through computer-aided dispatch computers with satellite
information systems.
The U.S. Department of Defense now includes “information
warfare” as the fourth battlefield, joining land, sea, and air.
Ultimately, protecting the aviation system from asymmetrical
attacks will take foresight and action before an attack occurs.
*
Counterterrorism: Terrorism Defense Planning

This section discusses the methods and options for aviation
security practitioners to use before, during, and after a security
emergency.
It is largely based on published emergency management models
and the National Incident Management System (NIMS).
Airport security personnel along with law enforcement and
other emergency workers are expected to be trained in the NIMS
functions. To benefit fully from this section, it is recommended
that you complete the NIMS training modules available at
www.fema.gov.
*
Emergency Management Cycle
The Emergency Management Cycle
There are three elements to the emergency management cycle:
mitigation/preparedness,
response, and recovery.
*

The mitigation phase encompasses the actions taken to either
prevent an attack or mitigate the effects of an attack.
Mitigation strategies as they relate to the aviation security
function can include the following:
Conducting threat and vulnerability analyses of facilities and
infrastructure
Reinforcing structures such as the terminal building, installing
safety glass, and locating parking away from the terminal
building or airline administrative offices
Monitoring new hazards and intelligence information
Keeping abreast of security activity through industry
publications, security newsletters, and communication with the
federal security director
Following codes and ordinances (building and zoning, fire,
hazmat)
Imposing financial penalties or offering incentives to airport
tenants, aircraft operators, vendors, contractors, and employees
who do not adhere to security rules
Consistently enforcing rules, inspections, patrols, and violation
notices
Providing security awareness training for airport and aircraft
operator personnel
Building partnerships and relationships with other airport
tenants and emergency responders
Ensuring sprinkler and alarm systems are fully functional and
have backups

A critical mitigation function is the threat and vulnerability
assessment.
Preparedness consists of:
Leadership
Training
Readiness
Exercise support
Technical and financial assistance
to strengthen emergency workers and the community as they
prepare for disasters.
Federal regulations require that EOP exercises are conducted at
least once a year and that a full-scale exercise is conducted
every third year.
*
The mitigation phase encompasses the actions taken to either
prevent an attack or mitigate the effects of an attack.
Mitigation strategies as they relate to the aviation security
function can include the following:
Conducting threat and vulnerability analyses of facilities and
infrastructure
Reinforcing structures such as the terminal building, installing
safety glass, and locating parking away from the terminal
building or airline administrative offices

Monitoring new hazards and intelligence information
Keeping abreast of security activity through industry
publications, security newsletters, and communication with the
federal security director
Following codes and ordinances (building and zoning, fire,
hazmat)
Imposing financial penalties or offering incentives to airport
tenants, aircraft operators, vendors, contractors, and employees
who do not adhere to security rules
Consistently enforcing rules, inspections, patrols, and violation
notices
Providing security awareness training for airport and aircraft
operator personnel
Building partnerships and relationships with other airport
tenants and emergency responders
Ensuring sprinkler and alarm systems are fully functional and
have backups
A critical mitigation function is the threat and vulnerability
assessment.
Preparedness consists of:
Leadership
Training
Readiness
Exercise support
Technical and financial assistance
to strengthen emergency workers and the community as they
prepare for disasters.
Federal regulations require that EOP exercises are conducted at
least once a year and that a full-scale exercise is conducted
every third year.
*

Response covers four stages:
Alert and notify other emergency response agencies
Warn the public
Protect citizens and property
Provide for the public welfare
Restore normal services
Response
Response encompasses those actions taken during an
emergency.
Response covers four stages:
Alerting and notifying other emergency response agencies,
Warning the public,
Protecting citizens and property, and
Providing for the public welfare,
followed by beginning the restoration of normal services.
*
Recovery
Short-term
Long-term

Recovery involves those activities that are necessary to restore
normal operations. Recovery is divided into two phases:
Short term - often overlaps with the response phase as agencies
begin to restore interrupted public services and reestablish
transportation routes, such as resuming flights
Long term -may continue for months or years while facilities
are reconstructed and the impact of the event is analyzed.
Processes to mitigate future occurrences need to be developed.
It is imperative that a careful accounting is made of monies
spent, resources used, and personnel from outside agencies that
provided assistance, so that insurance companies and the
Federal Emergency Management Agency (FEMA) can provide
adequate funds to cover losses.
*
NRP applies to natural disasters and terrorist acts
NIMS lays out basic concept of incident management
The National Response Plan &
National Incident Management System
The National Response Plan (NRP) applies to natural disasters
and terrorist attacks as defined in the Robert T. Stafford
Disaster Relief Assistance Act.14 It can also be invoked when

the U.S. president determines that federal assistance is needed
to respond to a local event.
The plan applies to numerous federal agencies and the American
Red Cross.
FEMA has the responsibility for managing the response plan
and for conducting federal preparedness, planning and
management, and disaster assistance.
National Incident Management System (NIMS)
National Incident Management System (NIMS) - provides a
consistent nationwide template to enable all governmental,
private-sector, and nongovernmental organizations to work
together during domestic incidents.
NIMS lays out the basic concepts of incident management and
includes comprehensive sections on preparedness, resource
management, communications, supporting technologies, and the
ICS structure: operations, planning, logistics, administration,
and command.
*
Conclusion
As threats from terrorist and criminals continue to evolve, so
must our responses to those
threats. Our prime goal in aviation security is to employ
security professionals that strive for maximum effectiveness in
their areas of responsibilities.

As a result, aviation security is now a highly dynamic and
complex system of layers containing policies, strategies, tools,
and processes. We must now look to the future and use these
resources to anticipate emerging threats.
Above all, it is essential that aviation security professionals
work toward the continuous development of sustainable
methods and technologies that can detect, deter, and respond to
existing and new threats.
*

Chapter 11The Threat Matrix In this chapter,

Recommended

Recommended

More Related Content

Similar to Chapter 11The Threat Matrix In this chapter,

Similar to Chapter 11The Threat Matrix In this chapter, (18)

More from MargaritoWhitt221

More from MargaritoWhitt221 (20)

Recently uploaded

Recently uploaded (20)

Chapter 11The Threat Matrix In this chapter,