Abstract: The mid-air bombing of a Somali passenger jet in February was a wake-up call for security agencies and those working in the field of explosive detection. It was also a reminder that terrorist groups from Yemen to Syria to East Africa continue to explore innovative ways to get bombs onto passenger jets by trying to beat detection systems or recruit insiders. The layered state-of-the-art detection systems that are now in place at most airports in the developed world make it very hard for terrorists to sneak bombs onto planes, but the international aviation sector remains vulnerable because many airports in the developing world either have not deployed these technologies or have not provided rigorous training for operators. Technologies and security measures will need to improve to stay one step ahead of innovative terrorists. Given the pattern of recent Islamic State attacks, there is a strong argument for extending state-of-the-art explosive detection systems beyond the aviation sector to locations such as sports arenas and music venues.
On February 2, 2016, two workers at Mogadishu’s international airport passed through security after placing a laptop[a] on the screening belt at an X-ray checkpoint. Their colleagues manning the X-ray machine had no idea the men had been recruited by the terrorist group al-Shabaab, and they failed to detect the explosive device hidden inside the laptop. Once safely through to the boarding gates at the terminal, the terrorist operatives handed the laptop to a Somali accomplice named Abdullahi Abdisalam Borleh who had been rerouted onto Daallo Airlines Flight 159 to Djibouti at the last minute after the Turkish airlines flight he was meant to take was canceled. Twenty minutes into the flight, the laptop exploded, blowing a large hole in the fuselage. Borleh was sucked out of the plane. Only the fact that the plane had yet to reach cruising altitude, and thus a high pressure differential between the air inside the cabin and outside, likely saved the lives of the more than 70 passengers on board. The pilots were able to make an emergency landing back at the airport.
But the attack on Daallo Airlines Flight 159 set off alarm bells within the U.S. aviation security community because it demonstrated terrorists’ continued determination to use complex methods to attack passenger jets. A source close to the investigation told CNN the laptop bomb was “sophisticated.” Security agencies have been particularly attuned to the threat of terrorists concealing explosives in laptops or other electronics ever since 2014 when intelligence indicated al-Qa`ida’s Khorasan outfit in Syria was developing these techniques,[b] so al-Shabaab’s success in sneaking a device onboard a passenger jet was especially alarming. Coming just months after an EgyptAir mechanic allegedly helped smuggle a bomb onboard Metrojet Flight 9268 at Sharm el-Sheikh airport killing 224, it also compounded concerns about the “insider threat” at airports. One line of inquiry for investigators in the Somali plane bomb attack should be whether the two Mogadishu airport workers received less scrutiny by the security staff operating the X-ray machines.
This article examines the high-stakes contest between terrorists developing new techniques to try to beat airport security and the security officials and technologists working to keep bombs off planes. Ever since the al-Qa`ida in the Arabian Peninsula (AQAP) operative Umar Farouk Abdulmutallab, the so-called “underwear bomber,” came close to blowing up Northwest Airlines Flight 253 over Detroit with a PETN explosive device built by the skillful Saudi bomb maker Ibrahim al-Asiri, there has been heightened concern about the terrorist threat to passenger jets as well as the development and proliferation of advanced bomb-making techniques. But despite a media narrative of terrorists developing “undetectable bombs,” this article will explain why from a technological point of view it is very difficult to beat the latest generation of machines and scanners, including explosive trace detection (ETD), especially when these are combined as part of a “layered” approach to security.
The largest vulnerability facing the global aviation sector today is not master bomb makers beating current detection systems, but rather it comes from two sources. The first is the many airports in the developing world that lag in deploying state-of-the-art machines, rigorous training, and best practices. The second is the opportunity for terrorist groups to recruit airport insiders in both the developed and developing worlds who either are likely to receive less scrutiny from fellow airport staff at security checkpoints than passengers or can evade screening altogether.
Lastly, this article will make the point that terrorists are not just targeting planes. For years, mass transit, arenas, and other large-capacity areas have also been targets. The uptick in plots and attacks in Europe by the Islamic State against targets of opportunity such as a soccer stadium and a music venue underline the need for a broader deployment of explosives detection systems.
Innovations in Terrorist Bomb-Making
From the first-known terrorist bombing of a civilian aircraft, terrorist groups have continued to innovate their methods in order to perpetrate attacks against civilian aircraft and the aviation sector to achieve their goals. The past six months alone have seen attacks on a Russian airliner, a Somali airliner, and the Brussels airport attack in March. A subsequent attempt to bomb an airliner one month after the Daallo Airlines attack was thwarted when a laptop device exploded at a security checkpoint at another Somali airport.
The most innovative bomb maker to emerge in recent years is the Saudi AQAP operative Ibrahim al-Asiri, who last summer declared that hitting the United States remained a priority. In October 2010 he constructed a very difficult-to-detect IED using printer cartridges to conceal 400 grams of PETN that were timed to go off mid-flight on two U.S.-bound cargo aircraft. The devices were found as a result of an intelligence operation, not as a result of security screening, raising significant concerns about terrorists’ capabilities to evade sophisticated security countermeasures. Police initially had failed to find one of the devices at East Midlands Airport in the U.K. despite using sniffer dogs and passing the printer through an X-ray. Al-Asiri is also believed to have been behind another plot to bomb a U.S.-bound plane, which was thwarted in April 2012 because the suicide bomber selected for the operation was a double agent working for Saudi and British intelligence. The device recovered by the agent and taken to the United States for forensic examination featured several enhancements to the underwear device deployed above Detroit three years earlier.
In 2012 Western intelligence agencies developed information that AQAP was pioneering techniques to surgically implant devices inside potential bombers. TSA took this threat seriously, especially because in 2009 al-Asiri had implanted a bomb in the rectum of his brother in an attack against then-Saudi Arabian counterterrorism chief Prince Muhammad bin Nayef. It is thought that the Advanced Imaging Technology (AIT) machines would detect anomalies for parts of the device needed to detonate a bomb that is surgically implanted, and there are other indications such as obvious signs of recent incisions. This mode of attack poses a particular threat in sectors outside aviation in which AIT machines are not in use, particularly for high-profile individuals as the bin Nayef attack demonstrated. In 2014 intelligence emerged that al-Asiri and his team of bomb makers have continued to do research and development on explosive devices including shoe bombs.
For several years there has been concern that al-Asiri has shared his bomb-making prowess with a cadre of apprentices within AQAP. Western intelligence agencies also believe AQAP has transferred key technology to al-Qa`ida elements in Syria. A series of airstrikes weakened the capabilities of the so-called Khorasan group after intelligence emerged in 2014 that it was plotting attacks on Western aviation by hiding devices in electronics such as cell phones and laptops.
Terrorist groups have also attempted to share techniques with a broader jihadist audience. In late 2014 AQAP’s Inspire magazine published detailed instructions on how to manufacture and conceal “non-metallic” explosives to target passenger planes. Their logic was that if enough supporters built such devices, some would get through security. While the instructions on their own may not lead to the construction of a viable device, it does point to their intent to inspire actions that disrupt and terrorize.
Advances in Bomb Detection
Three decades after Pan Am Flight 103 was blown up over Lockerbie, Scotland, bomb detection technologies and systems have grown much more effective. Major airports in North America, Europe, and other parts of the developed world now have multi-layered screening processes for travelers and their checked and carry-on luggage. The most commonly deployed explosives detection systems are walk-through metal detectors, AIT (or body scanners), multi-view X-ray machines used in conjunction with explosives trace detection (ETD) systems, and canine teams.
When you enter security at a major airport in North America, Europe, and other parts of the developed world you now go through a multi-tiered screening process. When you put your bags on an X-ray belt you are putting them on what is called in the jargon an EDS (explosive detection system). State-of-the-art systems now involve advanced high-definition or multi-view X-ray machines. These are essentially CT scans that use computerized tomography (imaging by penetrating objects with electromagnetic waves) to measure the physical characteristics of items in bags. It sets off an alarm when it detects objects that exhibit the physical characteristics of explosives
Most air travelers in the developed world will be familiar with ETD systems. These highly sensitive systems can detect minute (nano-gram level) explosive trace and involve a security screener taking a swab of a surface of an object or your clothing and putting it inside the ETD machine, which analyzes trace materials through an ionization process.
While body scanners, canines, and X-rays have some level of intuitive understanding associated with them, ETD technologies are largely not well understood in the physical security community at large. This is primarily due to the fact that these systems operate by sampling invisible trace amounts of material (at unimaginably low levels described in terms like nanograms and picograms) and detecting them uniquely by their specific molecular properties. These molecular separation and detection mechanisms are far less intuitive than X-ray imaging systems or the concept of using the “trained nose” of a dog to search out concealed explosives.
Molecular-based ETDs are the only systems of the aforementioned actually capable of uniquely detecting and identifying explosives. One of the greatest fallacies in explosives detection is that dogs and standard X-rays detect explosives when, in fact, they simply detect anomalies or objects that are out of place. X-rays basically identify objects inside a package or bag that have a particular density or mass compared to what is typically expected in a non-threat scenario. This is not specific detection nor is it chemical identification. The X-ray systems used for passenger baggage screening use X-rays that are capable of penetrating the surface of a bag and revealing an image of the contents inside. The energy of these X-rays are specified to create a balance between ability to penetrate and to provide contrast in the resulting image based on the densities of objects inside. Basic systems sometimes referred to as single view provide a “flat image” of the bag contents with contrast between objects based on their density. More sophisticated systems used multiple views to create pseudo-3D imagery, which assists the operator in recognition of potential threat objects. The ultimate 3D X-ray imaging systems use a computed tomography (CT) approach, where full 3D reconstructed images of the bag contents are produced and the performance is optimized by the system’s ability to measure the density within specific volume elements of a bag.
Perhaps the ultimate technology enhancement to any of these X-ray methods is to employ dual-energy X-rays to further enhance material specificity. The concept is that using a high-energy X-ray source reveals density and simultaneously a lower-energy source is used to provide an indication of whether the object is made from organic or inorganic materials. While this approach has good technical merit, it is not capable of providing material specificity to the level of other techniques such as X-ray diffraction. Ultimately, EDS systems using sophisticated CT technologies will improve by increasing the image resolution and maximizing the energy resolution by using multiple sources.
Body scanners, for their part in the security equation, only allow operators to detect anomalies under the clothing of those being scanned. Their advantage over metal detectors is they can detect nonmetallic objects. The principles of the underlying technology use a non-penetrating radiation that literally reflects off the body and the resulting reflected signal provides an image contrast of any objects concealed beneath the clothing. The image resolution is such that discrete-sized objects are readily made visible in their contrast, but the resolution is not sufficient to create privacy concerns. This technology offers a good balance between anomaly detection and privacy.
Similarly, canines are trained to identify explosives in their compound forms, not pure materials. Typically, the canines will train to the more volatile scents that emanate from the mixture such as solvents, binders, and plasticizers, which are used in the formulation mixture of an explosive but in and of themselves are not explosives. Most pure explosives materials do not emit vapor or scent in high enough concentrations to be detected by canines. They can be quite effective, however, at detecting a mixture of odors that are often related to the presence of an explosives threat, and typically this is the mechanism by which they are deemed effective. They are effectively presumptive rather than confirmatory tests.
Explosive Trace Detection
The most commonly deployed ETD systems today are based on a method of separation and detection known as ion mobility spectrometers (IMS). The detection science behind ETD invokes the use of fundamental chemistry and physics to separate and identify targeted threats at a molecular level. The molecular specificity is driven by the size and shape of the target molecules. Chemical explosives have a wide range of molecular properties that govern their size and shape at a molecular level and ETD technologies exploit these known differences.
When a sample is introduced into the ETD, it is immediately vaporized and ionized by the system. These resulting molecular ions are subsequently separated in chambers where specific voltages are used to cause the different molecular species to move and separate at different speeds according to their size and shape, resulting in characteristic spectra for each targeted substance. A critical aspect of successful deployment of ETD technology is in the training of the operators in the proper methods to acquire samples for passengers and baggage. Once proper training is in place and maintained, ETDs become a powerful workhorse technology on the frontlines of explosives detection.
Detection systems that are based on IMS have several distinct advantages. They operate in our ambient environment and are readily deployable in robust packages (both desktop and hand-held configurations) to suit the intended application. Most typically, these type of systems are seen in operation at airport checkpoints, which is where the technology was first widely deployed in the mid- to late 1990s following the Pan Am disaster over Lockerbie. In that incident, the plane was brought down by an electronic device containing a relatively small amount of plasticized explosive known as Semtex H. Since that time, the threats have become quite diverse in both their chemical and physical forms, and IMS-based ETDs have done extremely well in keeping pace with the ever-growing list of threats, including the new homemade explosives, or HMEs. One such explosive, TATP (tri-acetone-tri-peroxide) is extremely powerful and relatively simple (but dangerous) to transform into an IED. This particular explosives threat has been widely talked about in the media given its use in the recent bombings in France and Belgium. It has been used widely in the Middle East and in Israel since the mid-1990s.
Another misnomer propagated largely in the press is that these type of explosives threats are not detectable with currently deployed technologies. This is false. The latest generation ETDs, when used in combination with the latest X-ray technologies, are generally excellent at detecting TNT, plasticized explosives such as C-4, PETN (Detasheet), and Semtex. This powerful combination of technologies should catch these explosives threats, even if it were concealed in the electronics of a laptop, because ETD swabs can detect minute amounts of residue.
When modern, multi-view X-ray systems are used alone there is a chance the clutter in the X-ray image caused by the laptop could lead operators to overlook flagged anomalies. Single-view X-rays, on the other hand, would be utterly reliant on a very vigilant screener at best. And TNT concealed in a laptop could be easily missed.
In terms of the latest and most widely talked about threat of TATP, current ETD technologies have been capable of detecting trace levels of this threat since the 1990s and is included in the detection standards requirements used by all certifying bodies around the world.[c]
Despite the continuous technology developments and enhancements to the current set of explosives detection technologies, terrorist organizations also raise the bar on detection through their own innovation processes. While it is generally true that new explosives formulations and IED construction is not carried out in pristine research laboratory environment, the efforts have been extremely fruitful nevertheless. The threats are rapidly changing in terms of explosive material advancements as well as concealment and IED packaging methods. These advancements have come about through fundamental understanding of both the strengths and weaknesses of current technologies, continuously raising the bar for those working in the field of explosive detection.
Several examples over the years have shown that terrorists will try to substitute explosives materials cast into powders or solids that mimic the average densities of the materials that they are replacing in an attempt to defeat X-ray detection. In the case of the printer cartridge bomb, the PETN explosive was in a powder form, taking on a similar effective X-ray cross-section as the normal toner material used. This would easily defeat an imaging device that simply measures density, even with multiple views. Similarly, on the trace detection side, more effective concealment methods to reduce and eliminate “detectable traces” of explosives are now more commonplace. While these individual technologies for detection continue to improve and meet the new threats that are emerging, it is a very asymmetric challenge, where propagation of new materials and methods outpaces detection technology evolution. One of the best ways to rebalance the threat evolution/detection technology challenge is to combine the powers of these individual technologies in such a way to exploit their maximum performance through integration in a layered system.
With a fundamental knowledge of how these various technologies work, the ultimate and most effective solution for explosives detection is to use each of these technologies in its appropriate station in a layered approach to security. As individual technology platforms, X-rays, canines, and ETD sensors work very well at detecting most of the known threats in the current environment. The hysteria over new “undetectable devices” is not warranted. Current systems are, in general, very effective. When used in concert as a layered security system, they represent an even more robust solution to the current and foreseeable future threats.
To fully capture the power of layered technology deployments, the data streaming from the various sensors themselves could be “integrated” and fused into multidimensional threat detection and an action-based security decision-making system. While this is possible to do today, the explosives detection technology community has only just begun to design and implement such concepts and technologies. This will be a rapidly advancing part of future product developments as the industry leaders begin to come together and offer solutions that operate on more open platforms. In the meantime, implementing the possible with best available technologies at hand in a manually integrated fashion is still the best opportunity for rapidly responding to new and emerging threats. While no detection system now or in the future will ever be perfect, technologies are available and being developed to meet current and future threats.
Uneven Deployment of State-of-the-Art Systems
One of the largest unmet challenges is that the best available technologies such as those deployed in civil aviation in North America and Europe are not widely deployed in the rest of the world or in the new threat scenarios such as mass transit and public venues. The recent examples of air disasters in Mogadishu with Daallo Airlines and the Metrojet Flight 9268 out of Sharm el-Sheikh International Airport, along with the broader implementation of terrorist acts across Europe, suggest a real need to migrate best available technologies from secure checkpoints in aviation further out to “the edge” of the security network and to areas of the world where these technologies are not yet widely deployed with properly trained security personnel. Such a technology migration would also further drive new innovations in these core platform technologies to ensure that they continue to meet current and future threat scenarios.
Training is Critical
There are multiple challenges that are continuously present in the aviation security sector but none more critical than consistent high performance of humans in the security chain. The human component as a vulnerability can be exploited either through incapable or poorly trained security staff or through corruption, direct intimidation (or extortion), or by placing an “agent” in the system that facilitates or directly attacks the system.
In congressional testimony in November, DHS Inspector General John Roth said the latest covert testing had identified human failure as a key vulnerability. While his testimony did not delve into the causes of human failure such as competency, poor hiring, lack of training, or corruption, it did highlight the high interdependency of humans, technology, and processes for the successful management of the aviation security system. Training and performance metrics are key to successful performance, particularly in a high-risk environment in which routines, boredom, and complacency are as big a threat as a terrorist exploiting the system.
Although TSA does not conduct passenger screening abroad, it requires airports that serve as the last point of departure to the United States meet stringent security standards. The bottom line is U.S. and European efforts to protect the traveling public are inextricably dependent on countries that have inadequate and inconsistent procedures due to lack of leadership, commitment, and/or technology. The TSA and ECAC have spent hundreds of millions of dollars (as has the private sector) to develop advanced and highly capable technologies to detect and prevent exactly these type of attacks.
Inconsistent standards in some parts of the world have compelled some U.S. carriers to purchase ETD equipment to augment screening prior to passengers boarding aircraft after passing through local security checks. This is a recognized gap in some regions of the world where security requirements are either lacking or sub-standard and a passenger or cargo threat can be placed on board an aircraft and then propagated through the aviation system to a high-value target well inside the secure zone. At the present time, this last point of departure approach to using gate checking with existing technologies to ensure that security standards are maintained from point of origin to final destination is a temporary and not very efficient approach, and it is necessary to close the gap. Many security agencies around the world have recognized this challenge and are working diligently to harmonize explosives detection requirements into a global standards regime.
The lack of worldwide standards and implementation of best practices are compounded by the difficultly of detecting the “insider threat.” Insiders—people who have legitimate access to secure areas—can plant a bomb or assist a bomber in carrying out their mission. They include baggage handlers and service, security, and airline personnel, virtually anyone who has access to the airport. Insiders can be turned into terrorist recruits, pressured to cooperate through financial gain, extortion or threats, and they are difficult to detect. That is what is believed to have happened on the Russian airliner that took off from Sharm el-Sheikh last October and clearly that is what happened to enable the bomber to board the Daallo plane in February.
The United States is not immune to such threats. Inspector General Roth also testified about previous 2012 results from testing TSA’s Airport Access Control Systems and reported that they “identified significant access control vulnerabilities, meaning uncleared individuals could have unrestricted and unaccompanied access to the most vulnerable parts of the airport—the aircraft and checked baggage.” The OIG also reported last summer that tests of the screening system showed that 95 percent of attempts to smuggle weapons through U.S. checkpoints were successful. Though the failures were again related mostly to human performance factors rather than criminal collusion, if this is the state of performance in the most advanced country in the world, then it highlights significant gaps in the airline security network worldwide.
Even the best technology cannot overcome incompetence let alone outright complicity with terrorists’ intent on thwarting security. Personnel that have access to airside services to perform their functions have to undergo screening similar to passengers, though, as the Inspector General’s report revealed, compliance with regulations and policies does not necessarily guarantee security.
Security has always been a “people, process, and technology” business, and it appears more than ever that advanced technology needs to be applied uniformly across the entire global aviation sector, as well as other vulnerable sectors to detect evolving threats. While state-of-the-art technology is good at detecting explosives, the concern is that terrorist capabilities are challenging our technological capability to detect the latest threats.
U.S. government spending in the homeland security sector since September 2001 can be estimated easily at well over $1 trillion. However, as much as is spent to prevent incidents, terrorist groups continue to innovate and modify their methods to attack their targets of choice. The past several years has seen an increase in attacks against hardened and soft targets in western countries as well as the continued threat against airline-related targets. The pace of the attacks seems to be increasing but so does the level of sophistication of the attacks themselves. While capabilities are evolving and gaining in sophistication, the use of those capabilities has become more widespread and less centrally controlled, creating a “commoditized terrorism” model in which these new methods can be used by virtually any organized group or lone wolf actor. Terrorists have demonstrated their ability to adapt and innovate while we continue to take a methodical and studied approach to applying new technologies.
The reality of our current war on terrorism is that the costs are inversely correlated. Terrorists can use inexpensive but highly effective means to attack high-value and highly protected targets, forcing governments to take stricter and more costly measures to provide protection. Their model scales while ours becomes more difficult to sustain. Until we are successful in changing the paradigm in which cheap terrorism is effective terrorism, we need to be prepared to continue to invest in technologies and processes that make it more difficult for them to succeed.
Robert Liscouski has more than 30 years of experience as a senior government official, business leader, entrepreneur, special agent, and law enforcement officer. In 2003, he was appointed by President George W. Bush as the first Assistant Secretary for Infrastructure Protection at the U.S. Department of Homeland Security. He currently serves as president of Implant Sciences Corporation, an American company developing explosive detection equipment.
Dr. William McGann is the chief executive officer of Implant Sciences Corporation. He was one of the original developers of commercial ion mobility spectrometry technology for explosives trace detection (ETD), and he has authored over 70 research proposals to the U.S. government, 20-plus scientific publications, and over 25 patents in the areas of nuclear, chemical, and biological detection technologies.
Substantive Notes[a] U.S. government sources confirmed to the authors in April 2016 that the device was concealed in a laptop.
Share or comment on this article