Security, Just Like Safety, Is Everyone’s Responsibility: an indispensable lesson in security awareness

A soft target is an ideal target for a would-be terrorist. It has been said that the bad guys only have to get it right once while those responsible for preventing a terrorist attack have to get it right all of the time. Sometimes, assessing how effective, or ineffective, your internal security programme is requires someone to play the role of bad guy in a covert simulated terrorist attack. What follows is an account of an event in which Ivan Luciani, plus a resourceful and determined accomplice, had to play such a role. The results and benefits of these exercises, when carried out on an ongoing basis, can have a significant impact in raising and maintaining staff security awareness.

It took a major terrorist attack on the other side of the planet to make it painfully obvious that aviation security, as we knew it, would have to change – quickly and drastically. Until that shocking day our aviation security programme’s primary focus was, among other things, preventing or dealing with a hijacking or the discovery of an explosive device onboard an aircraft. The threat posed by terrorists changed when they found a new way to wreak havoc in a manner previously unseen: using airplanes as weapons of mass destruction.

As we tried to figure out how the daring and unprecedented 9/11 attacks could have been carried out, questions about the effectiveness, or shortcomings, of our own security programme emerged. At the time I was Chief Pilot of a two-business jet aircraft, fifteen-member, Air Operator’s Certificate (AOC) holder based out of the Macao International Airport. Being the Chief Pilot of a relatively small AOC operation I wore several hats. This included overseeing the drafting and implementation of aviation security policies, processes and procedures. In that capacity I relied primarily on regulatory requirements as well as the industry’s best practices. As I sat in my office the day after the attacks reviewing our Flight Operations Manual’s aviation security chapter it became evident that our procedures were reactive in nature. Emphasis was placed on how the aircrew should respond to a hijacking event during flight or while still on the ground, as well as on actions the aircrew should take in the event that an explosive device was discovered onboard the aircraft.

None of our procedures would have prevented a would-be terrorist from using one of our business jets as a weapon of mass destruction, albeit a significantly smaller one compared to a large airline passenger jet. It was obvious that our understanding and application of security measures would have to be revamped – promptly – in order to cope with the new threat. It was then that, in conjunction with my most senior captain, we came up with a plan to assess how soft a target our company was at the time. The objective was to test our staff’s security awareness via a CEO-approved, four-week long, three-prong covert operation.

The Test: Our Covert Operation
First, and in coordination with airport security personnel, we targeted our aircraft by placing two unsealed, suspicious looking packages on board. We had a window of several days during which time the aircraft were not scheduled to fly and would remain inside the hangar. One of the packages was hidden in plain sight in the first aircraft’s baggage compartment. The other one was placed in the immediate vicinity of the second aircraft. Inside these boxes were items that resembled what we thought looked like crude bombs. We even wrote ‘bomb’ on the packages.

Second, over the course of several days we placed a total of five phone calls to various staff members (dispatchers, administrative personnel, and aircrews). The caller spoke with foreign accents not common to Macao, and persuasively requested information of a confidential nature. This information ranged from a request for someone’s personal phone number or address to specific details (date, airport, passengers) of an upcoming trip.

Lastly, we placed four suspicious looking envelopes, addressed to several key managers, including our CEO, inside the company’s mailbox. The listed sender of these envelopes were individuals from various countries known for having ties to terrorism. Inside the envelopes we placed a fair amount of talcum powder – giving it added weight and volume – and a piece of paper that said, “This envelope could have contained anthrax. Please see the CEO or the Chief Pilot.”