Preparation is the Best Defence

By Steve Lawson

To state the obvious: by far the best response to an atrocity is to make sure that a proper defence is in place before the atrocity.

After a security incident has happened, there is pressure to ‘do something’, especially from the media and government. The media tend to look at the spectacular and government looks at the politics. Security professionals should be prepared to weather pressure from both of those quarters.

A common reaction to a security incident is to install new or additional security equipment. However, equipment is not cheap, it is not usually sitting on the shelf waiting for deployment and the equipment that is available will be snapped up quickly. It can, for example, take six months for X-ray equipment to be manufactured and deployed. There can be an issue with fitting large security equipment into existing infrastructure and the consequent impact on operations. So, the best thing to do before deploying equipment is some research.

Which leads to: What can you expect from an equipment supplier? The first and probably most important thing is the supplier should be a source of advice. Giving advice sounds trite, but advice given freely and honestly is vital in responding to any tragedy. There have been many examples, especially after major incidents, where equipment was rushed into service that was not fit for the purpose, was improperly deployed or was operated by untrained or inadequately trained staff. People assume that terrorists are stupid; they are not. They research, conduct reconnaissance and attack where a target is most vulnerable. Poorly deployed equipment may not be a strength, but a vulnerability.

What would be the first piece of advice security professionals should expect? They need to think very clearly about what they are trying to defend against. There is not much use deploying equipment that can detect explosives when knives are being looked for.

I have always relied on suppliers that provide me with honest advice and there have been times when it has saved millions of dollars. As an example, I was in Los Angles and there was a call to screen all freight from the airport. We were doing that using explosive trace detection (ETD), but were asked to look at our ability to screen freight for other operations. It was such an attractive proposition that would mean making a large amount of money. The first issue was how. I knew that there was an L-3 truck-mounted X-ray in Boston that was available and we spoke with them about redeploying it to Los Angeles.

There were a number of meetings with L-3 and, in the end, on the honest and balanced advice provided, we decided it was not fit for purpose. To be blunt, conventional X-rays, especially ones that are designed to X-ray built-up freight, are problematic finding explosives.

As stated earlier, there can be an urge to ‘just do something’ and throw equipment at a problem. That can be a mistake – the immediate and then long-term response needs to be considered. So, divide the response into three phases:

• short-term

• medium-term

• long-term.

The short-term response may include redeploying the existing equipment or even changing the way things are done. Invariably, it is to look at the resources, see where they are effective and whether they can be deployed or managed better. Believe it or not, an effective change may just mean changing the ‘look’ of the space to make it seem more focused.

I recall a meeting about our first introduction of real air cargo security at Qantas Freight and that we wanted people to ‘feel’ like they had been screened, so we changed security’s uniform from a nice corporate one to something that looked more like police. Nothing else had changed, but that simple change made people comment that security had increased and the security staff now felt that their primary function was about security and not customer service.

If an emergency happens, consider what can be done with the current equipment, how it can be best deployed and if there are upgrades that can quickly be applied.

We wanted to screen air cargo, but we did not know what the government was going to certify as suitable equipment nor what legislation they would introduce. Nor did we have much space to deploy equipment and we wanted to introduce measures quickly. We did know that we wanted to find explosives in air cargo – or rather, that there were no explosives in air cargo! So, our short/medium response was to deploy ETD. Not because it was intended as our long-term solution, but rather it was one of only two screening methods certified by the US to find explosives. The other was computed tomography (CT) X-ray, which in those days had a huge footprint, was inordinately expensive and took well over six months to deploy.

Once ETD and some other changes were in place, I then went around the world to look at a longer term solution and looked at some quite amazing pieces of equipment. Deciding on a longer term solution relies on advice, but some suppliers still try the hard sell, so security professionals need to equip themselves with base criteria – the ‘what am I trying to achieve’ statement.

For air cargo it was simple – I wanted to find explosives or incendiary devices. My issue was that everyone told me how easy it was for their equipment to find explosives, but they were looking for truck-sized improvised explosive devices (IEDs) and I wanted to find IEDs the size of a coke can. I came to the conclusion that I needed a simple statement to measure equipment and quickly came up with this: “If it is stupid for passengers or their checked baggage, it is stupid for air cargo on the same aircraft.” Later, I made that into a more succinct and palatable policy, but that was my base rule and applying it cut out the more extreme ends of the spectrum.

Have things changed in the supplier space in the last 15 or so years? Absolutely. Not so much with the advice (the people who have been there for a long time are still dedicated, honest and professional), but definitely in pricing and computing power. For example, it is probable that the screening of people will change dramatically in the next few years. Conventional X-ray machines will give way more to CT machines, which have changed in price, footprint and speed. As they get faster, body scanners will displace walkthrough metal detectors and the networking of systems will introduce new capabilities. Systems will be networked so that both the CCTV systems and the airline’s passenger record can profile a person.

So how does this help with security professionals once the security incident has happened? Recall the first line in this article: by far the best response to an atrocity is to make sure that a proper defence is in place before the atrocity. That also means that the current equipment list should be continually reviewed, equipment maintained properly and people appropriately trained in its use. Consider the likely life of the equipment. It is not much use buying something that will be in place for 10 years if it cannot be upgraded. If an emergency happens, consider what can be done with the current equipment, how it can be best deployed and if there are upgrades that can quickly be applied. Keep abreast of current developments in security equipment. Talk to suppliers (not just current suppliers), maintain a network of suppliers and keep on good terms with all of them.

Always make sure there are short-term, medium-term and long-term plans in place. Create a checklist for various scenarios – a really good checklist should answer the question: If xyz happens now, what can I do? Short – medium – long-term.

Steve Lawson has over 20 years’ experience in aviation security.  As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations.  He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe.

Steve can be contacted on 0404685103 or slawson@avsecconsulting.com.


SIGN UP TO OUR NEWSLETTER