The recent arrest of an American Airlines mechanic has highlighted again the danger posed by insider threat to airlines and the difficulty of detecting individuals who have access to aircraft and secure areas at airports who may pose a threat. Abdul-Majeed Marouf Ahmed Alani was charged earlier this month with willfully damaging an aircraft by gluing a piece of Styrofoam inside the nose of the aircraft, which effectively disabled a component pilots depend on to gauge such things as airspeed, the pitch of the plane, and so forth. Initially, the case was described as being related to a labor grievance. Recent information suggests there may be a much darker angle.
Prosecutors said at a detention hearing that Alani has ties to Islamic extremism. According to prosecutors, Alani has a brother in Iraq who may be a member of ISIS, has a history of making extremist statements and was found to possess videos on his cell phone depicting mass murders by ISIS. Alani traveled to Iraq in March of this year and shortly before his arrest sent a wire transfer to someone in Iraq.
Based these allegations, U.S. Magistrate Judge Chris McAliley ordered pretrial detention for Alani. “You may be very sympathetic to terrorists,” Judge McAliley told Alani at the hearing. “That’s very disconcerting.”
The possibility of an open “back door” to airport and airline security has been established for some time. We have, since 9/11, done a great deal to prevent individual passengers from making it on board a commercial aircraft with a weapon or dangerous substance of any kind. It is not at all clear that we have spent nearly as much time effectively addressing the possibility that individuals employed at the nation’s airports may do harm. In fact, the closer you look at the problem the more evident it is that we have not.
Insider threat security measures in place at airports rest on two main pillars: access controls and background checks. Access control systems, if employed correctly, are an effective means of controlling who can go where and do what. The issuance of a badge to someone who then has to run it through a badge scanner or reader of some kind, however, does not address the fundamental question: How do you decide who receives what badge?
Which brings us to background checks.
Background checks as generally employed at the nation’s airports today are flawed in at least two respects. First, they are, as the name suggests, checks on what a person has already done. They are a snapshot in time. They tell you, to the extent the information checked allows, what a person has done prior to their employment. They tell you nothing about what happens to or with that individual after their employment begins.
More fundamentally, however, background investigations are ineffectual for the purposes of detecting individuals involved in terrorist activity, because they look for the wrong things. They are superficial checks of criminal records and employment history and the like, and they do not begin to delve into the kind of ideological and psychological considerations that are crucial in detecting what is, in effect, a spy within an organization.
The security background check systems used across the country were built by individuals and organizations based on experience in preventing shoplifting, embezzlement, smuggling and other criminal activity by employees. Finding individuals involved in such activities within airlines and at airports is no doubt important. It does not follow, however, that the same approaches that help you uncover the guy stealing from the stockroom will help you catch the individual getting ready to put a bomb into the food cart being loaded onto an international flight carrying hundreds of passengers. To do that, you are going to have to start by appreciating the sophistication of your adversary.
Kim Philby is one of the most famous spies in history. He was recruited by the Russians as a young man based on his involvement in Communist Party activities in Britain and contacts with other known Communists. The first thing his Soviet handlers told him after he was recruited was to stop going to Communist Party meetings, stay away from other Communists and stop mouthing off about workers and their rights. They wanted him to be trusted and to work his way up in the British government.
Philby listened. He was accepted into the British Secret Service. Before he was uncovered, decades later, he was on the short list to become the head of that service, and he had compromised countless operations.
The Philby case is an old one, but its principles hold today. Recently, the FBI arrested a Hezbollah operative on U.S. soil, Alexei Saab, a 42-year-old native of Lebanon. Saab is accused of scouting targets for attacks in New York, Boston and Washington, D.C., over a period of years.
Saab is not a lost soul with Islamist leanings. He was recruited by Hezbollah before he ever came to the United States. Everything he has done since then, including becoming a U.S. citizen, has been at the direction of his Hezbollah masters and designed to provide cover for his activities. He was highly trained, and the reports officials say he prepared for Hezbollah were extremely thorough and detailed.
Every terrorist organization on Earth is going to follow the same basic methodology to the extent they can. Whether they recruit an individual prior to his employment at an airport or with an airline or afterward, they are going to focus on keeping that individual from attracting attention or inviting scrutiny. In short, they are going to coach him and guide him in how to avoid detection in the same way an intelligence service coaches and guides a spy within another intelligence service.
Detecting that kind of operation by focusing on superficial background information is unlikely. Hoping that the individual directed to take a job with an airline here in the United States has somehow ended up on a terrorist watch list is just as unlikely. Any group with any savvy will choose someone who is known in the trade as a “clean skin,” i.e. someone who has not been compromised and has no operational history.
To detect and defeat such a threat means employing measures of the kind routinely used by intelligence services and government agencies. Delineation of a such a program in detail is beyond the scope of this article, but it would include:
Background – Who is the individual? Where are they from? What are their ideological leanings? With whom are they in contact? What does their social media say about them? If the individual is here as a refugee from Syria, is he a Christian fleeing persecution or a Sunni Muslim from an area known to be a hotbed of support for ISIS? This is not intended to suggest that religious affiliation alone should become some sort of litmus test. A great many Syrian Sunni Muslims detest ISIS and everything it stands for. It is meant to suggest that when we are concerned with countering threats in what amounts to an ongoing war with Muslim extremists, it is relevant to know where the job candidate for a sensitive position stands ideologically.
Monitoring – Once the individual is on board, they must be monitored in the same fashion that government agencies with access to sensitive data monitor their employees. This does not just mean a look at alcohol use and interpersonal behavior on the job, although those are likely important for other reasons. It means monitoring travel outside the country, monitoring contacts with foreign nationals and keeping tabs on who is paying the employee’s bills.
It also means monitoring the employee’s actions in the workplace and training other workers in what to look for. Is the employee affording access to controlled spaces to individuals who should not have access? Is the employee himself accessing areas he should not? Is the employee asking for information on sensitive matters unrelated to his direct job responsibilities? Is the employee working unusual hours particularly if he is alone or unsupervised?
Designing an effective system to counter insider threat at airports across the United States will not be easy. We should bear in mind, however, that the stakes are high and the threat real. In 2015, a Russian airliner flying from Egypt to Russia was blown out of the sky and everyone on board killed. The subsequent investigation determined a bomb, placed on board by a mechanic at the direction of ISIS, was the cause.