[I have recently published a series of posts on airline security at my own blog. One of the air marshals I quoted, Robert MacLean, mentioned the vulnerability of overnighting aircraft — aircraft parked overnight waiting for the next flight. He told me that the person to ask about this threat was David Mackett, the president of the Airline Pilots Security Alliance, an organization of pilots concerned with airline security. I wrote Mr. Mackett and asked him if he could discuss the issue of airline security generally, and overnighting planes specifically. In response, I received a lengthy and thoughtful e-mail touching on many aspects of airline security, of which the issue of overnighting planes forms only a small part.

Below I have reprinted Mr. Mackett’s e-mail in its entirety, with only the lightest possible editing. What you are about to read is a comprehensive, thoughtful, and sobering commentary on the state of airline security, and what can be done about it. — Patterico]

As background, no conversation about airline security should take place without at least trying to conceive of the almost incomprehensible size of the air transportation system. The size of the system is the reason everything the public and policymakers “think” should work in airline security doesn’t, and the reason our entire approach to airline security is almost completely ineffective against a threat like Al Qaeda — and the reason security almost always fails when tested by covert testers, innocent civilians and, occasionally, persons with intent.

At this moment, there are roughly 5000 commercial airliners in the skies above you. There will be 28,000 flights today, and 840,000 in the next month — every month. The U.S. fleet consists of some 6000 aircraft — almost all of which will be parked unattended tonight at a public airport. We will carry almost 7 billion passengers this year, the number increasing to 10 billion by 2010, barring an exogenous event like another 9/11.

There is simply no deployable technology that has a prayer of keeping a motivated, prepared terrorist out of the system every time — even most times. TSA misses more than 90% of detectable weapons at passenger checkpoints in their own tests, and it is not their fault, because of the limitations of technology and the number of inspections they must conduct. This doesn’t count several classes of completely undetectable weapons like composite knives and liquid explosives.

What is TSA’s fault is their abject failure to embrace more robust approaches than high visibility inspections, and their accommodations to the Air Transport Association’s revenue interests at the expense of true security, while largely ignoring the recommendations of the front-line airline crews and air marshals who have no direct revenue agenda and are much more familiar with airline operations than are the bureaucrats (remember government ignoring the front-line FBI agents who tried to warn them about 9/11?). Deplorable amounts of money have been wasted on incomprehensible security strategies, while KISS [Keep It Simple, Stupid] methods proven to work have been ignored.

Aircraft on the ramp are just one example of this.

Immediately after 9/11, the Administration deployed the National Guard to airport checkpoints to reassure the public, though the terrorists’ objective was not the checkpoint, but the aircraft. The Airline Pilots Security Alliance (APSA) called for putting National Guardsmen on airport ramps to monitor anyone around the aircraft, conduct random ID checks, and protect the aircraft from anyone putting suspicious cargo in the holds or cabin. We also called for 100% ground employee security screening, which, while flawed, provided some layer of prevention against minimum wage employees planting illicit weapons on commercial aircraft; we also called for behavioral profiling of passengers at security checkpoints.

None of this was done, and the aircraft on the ramp were “protected” only by vigilant employees who had other, more primary responsibilities. These aircraft were still freely accessible to many other employees who worked on the strength of a background check that said they hadn’t done anything yet.

Today, RON (remaining overnight) aircraft are invariably unattended and unlocked all night. Commercial aircraft typically do not have locks in their doors. They are protected by roving airport police patrols and closed circuit cameras. Neither methodology is very robust. A skeleton crew of employees is also on duty who may see something suspicious, but most have gone home. Jetway doors prevent access from the terminal but the exterior aircraft doors are unlocked to anyone who pushes a stairway up to them.

There have been numerous breaches of airport perimeters (see www.secure-skies.org, How Safe Are You?, Airport Perimeter Security), often by people who weren’t even trying. At least one Al Qaeda sympathizer employed as a catering truck driver was arrested after driving onto airports for months, gathering intelligence.

It is certainly possible for a terrorist to jump the airport fence and walk to the airplanes, particularly at smaller airports, some with low fences and no or few cameras. But the greatest threat to RON aircraft is that anyone with an airport swipe card can get on board unsupervised. This includes third-party catering trucks coming in from outside the perimeter (almost impossible to inspect in any meaningful way), subcontracted cleaning crews, and unskilled ramp employees.

There have been at least three “rings” of employees arrested since 9/11: one for large-scale theft from passengers’ bags, and two for putting illicit guns and drugs onboard aircraft. The only reason these events did not result in a successful terror attack is because the bad guys were thieves and smugglers, not terrorists. If those guns had been planted in the cabin of an aircraft, a terrorist team could have simply cleared security with their fellow passengers the next day, and armed themselves once they were onboard.

This threat is mitigated by the fact that pilots, flight attendants, and ramp agents now routinely inspect the aircraft before flight each day, and this provides a measure of security. But it is not foolproof. Since there is little time to do a thorough inspection prior to passenger boarding, well-concealed weapons can be missed. A Maryland college student successfully planted hidden weapons in the lavatories of four or five Southwest Airlines jets several years ago. He carried them right through the security checkpoint. He was successful every time he tried. And in some cases, the weapons were not discovered for weeks. There is also a strong suspicion that weapons were “pre-planted” on some of the aircraft targeted on 9/11.

From a terrorist’s point of view, the downside of pre-planting weapons is that if they are found, the attack is thwarted literally before the plane gets off the ground, and warning is given to the entire air transport system. But remember: the terrorists are also warned of the find, and do not have to risk compromise — they just stay home. Conversely, if CNN isn’t broadcasting found weapons on airliners, the terrorists would know the operation has a good chance of succeeding, even before they arrive at the airport.

By the way, we constantly have to walk the line between sharing enough information to get fixes implemented, while not sharing so much it compromises our safety even more. Everything I’m writing is easily available to a motivated intelligence-gathering cell. There are other problems I won’t discuss, because the information is not publicly available. That doesn’t mean it’s not real.

What needs to happen across all segments of airline security is a philosophical change from trying to prevent an attack (which doesn’t work in a system this size) to defending against one (which does — a la Flight 93).

Almost six years after 9/11, it is inexcusable that — in an environment where TSA misses more than 90% of weapons, RON aircraft are not secured, and ground employees are not screened — fewer than 2% of our airliners have a team of armed pilots aboard, fewer than 5% have air marshals, and the flight attendants have no mandatory tactical or behavioral assessment training. $24 billion dollars later, we are not materially safer, except in the areas of intelligence that prevent an attack from getting to an airport. Once at the airport, there is little reason to believe the attack won’t succeed.

If these airplanes were appropriately defended, it would matter less who got onboard and with what weapon. We could then redeploy TSA assets to protecting RON aircraft, securing the ramps against suspicious persons, and randomly checking employee ID’s, as well as implement 100% cargo/baggage inspection and government funding for explosive-proof cargo compartments and missile defense.

It has taken six years, but TSA is now finally flirting with behavioral assessment training for screeners and random (but not mandatory) ground employee inspections. The airlines complain screening all ground employees would significantly hinder airline operations. They’re right — it would.

As usual, though, it has taken far too long for even these fixes, and there’s no action on the most meaningful improvements: dramatic expansion of the Federal Flight Deck Officer program, redeployment of air marshals on more specific, instead of random flights, and treating crews as critical assets, instead of as members of the general public, in terms of training and information sharing.

There is no question that we will get airline security right someday. My only question is whether, at this point, we will get it right before the next attack. After 9/11, we were given the gift of time and of awareness. I am very concerned we have squandered the gift of time — and there is little left before we are hit again — and we are losing the gift of awareness, as we truly forget what that morning was like. There is no question in my mind, based on everything I hear in my position, that Al Qaeda is actively, aggressively preparing to target the United States again, and that commandeering an airliner is still the easiest, quickest method of possessing a weapon of mass destruction. I am even more concerned that the next attack could be far worse than 9/11, which, while devastating, would pale in comparison to other available targets.

Recalling World War II, the Japanese didn’t surrender after Hiroshima because they believed there was only one atom bomb. It was only after another bomb hit Nagasaki — after we proved we could do it again — that their country collapsed. Similarly, another successful 9/11 would devastate our country in ways we can’t even imagine — probably much more than the first attack, as we realize they can do it again despite our “best” efforts.

Government and airline management are taking an awful chance in promoting the appearance of security, instead of using, as President Bush promised, “every resource available” in this new world war.

I know I’ve gotten pretty far afield of your topic, but I want to give you the sense that RON aircraft are just one small piece of a multilayered security system wherein every layer leaks like a sieve. The problem is much, much bigger than any single element.

In the end, we should be starting with defending the smallest spaces — the cockpits and cargo compartments, and working outward to the limits of our resources; instead of starting with the airport perimeter and working inward, ignoring the actual defense of those spaces that are actually the terrorist targets. And we should be using the resources already in place to the greatest extent possible, instead of trying to bring new, untried methods into play, then waiting to find out they don’t work nearly as well in reality as they do on paper.

Dave Mackett

President, Airline Pilots Security Alliance

www.secure-skies.org