OSC Guardian - Safety Advice


Wednesday, June 22, 2011

GAO Assesses Physical Security at General Aviation Airports

By Matthew Harwood

Lack of standardized physical security measures at general aviation airports across the country could allow intruders to commandeer planes, presenting a terrorism risk, according to a Government Accountability Office (GAO) report released yesterday (.pdf).
The GAO visited 13 general aviation airports--three of which also serviced commercial flights--and assessed how the airports' security measures prevent unauthorized access to the airport and its planes. Unlike commercial airports, general aviation airports are not required to implement a broad range of standardized physical security measures by the Transportation Security Administration (TSA). Rather TSA has provided general aviation airport operators voluntary security guidelines, but many operators have not bolstered physical security because of scarce resources.
During the GAO's assessment, its investigators did find that 12 of the 13 airports had perimeter protection. But half of those with some type of perimeter protection had fencing too close to impediments like greenery. "[A]t 6 of the airports fencing was partially bordered by bushes or trees or located next to a parking lot, which can obstruct surveillance or allow someone to scale or topple the fence," the GAO reports.
None of the ten exclusively general aviation airports had perimeter lighting, which the report says provides a real and psychological deterrent to intruders. Officials at some of those airports told the GAO that they didn't need perimeter lighting because street lights provided enough illumination. All 13 airports visited, however, did have lighting around hangars.
The ten general aviation airports also monitored for intrusions differently, generally preferring CCTV and on-site law enforcement or private security guards to integrated intrusion detection systems. (For a breakdown of the security measures at the airports, see the chart on the next page.)
"The results of our assessment are meant to illustrate the variation in physical security conditions at the selected airports," the GAO report explains. "Since TSA does not require the implementation of security measures for airports with only general aviation operations, our assessments are not meant to imply that any of the 13 airports we visited have failed to implement required security measures."
Three general aviation airports admitted that they have had instances of intruders gaining access to the airport. One airport reported that it had two planes removed or stolen from the airport without approval. The stolen airplane was recovered in Mexico.

The GAO letter to Congress accompanying the report notes that small airplanes taking off from general aviation airports do present a homeland security threat. The report points to Joseph Stack's February 2010 terrorist attack, in which he crashed a single-engine plane into an IRS building in Austin, Texas. Stack's suicide attack killed one IRS employee and injured many others.
Congress's watchdog also reminds members of Congress that larger airplanes taking off from general aviation airports present a 9-11-style threat as well. "Larger aircraft, such as midsized and larger business jets, could cause  catastrophic damage to structures and pose a greater risk if they are located near major metropolitan areas."
More than 200,000 aircraft--both large and small--operate at more than 19,000 general aviation facilities within the United States. General aviation is any aircraft that does not have a commercial, such as cargo and passenger planes, or military purpose. Most aircraft are owned by private individuals or businesses and operate "on demand," meaning their flights are rarely scheduled.
In response to the report, the Department of Homeland Security agreed with the GAO report but stressed that general aviation operators do not have the money to improve their security posture.
"TSA would also like to note that while most airports would readily implement the security measures recommended by TSA, they are unable to put additional security measures in place primarily because of a lack of funding," wrote DHS's Jim H. Crumpacker, director of the Departmental GAO/OIG Liaison Office.

Friday, June 3, 2011

NYC Hotel to Buy 'Panic Buttons' for Housekeepers

Associated Press (06/01/11)

New York City's Pierre Hotel is promising to purchase "panic buttons" for its staff and begin sexual harassment training for all employees following the alleged sexual assault of a housekeeper on May 29. According to authorities, Mahmoud Abdel Salam Omar, a businessman and the former chairman of a large Egyptian bank, locked the housekeeper in a room at the hotel and sexually assaulted her. Omar has denied the charges against him. As a result of the alleged attack, housekeepers at The Pierre Hotel will now be given wireless devices to alert hotel management if they are assaulted. New York City's Sofitel Hotel, which was the scene of last month's alleged sexual assault of a housekeeper by former International Monetary Fund leader Dominique Strauss-Kahn, has also promised to issue the devices to its housekeepers. In addition, the New York Hotel and Motel Trades Council has said that it will push for the devices in its contract negotiations with 150 hotels in 2012. However, hotel security expert Anthony Roman said that panic buttons are not a panacea and that they come with their own set of complications. Roman said the devices must be small and inconspicuous so the attacker cannot remove them easily. They must also have a locating feature that works indoors so that security can find an employee in distress.

Thursday, June 2, 2011

Cyber Attacks Deemed an Act of War

The Pentagon for the first time has declared that cyber attacks originating in other countries are an act of war, which clears the path for a military response, according to The Wall Street Journal.
In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.
Recent attacks on the Pentagon's own systems—as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.
The categorization will come as a part of the Pentagon's first formal cyber strategy. The Journal reports that the unclassified segments of this document will become available next month.
There are some questions that the article brings up, such as the difficulties of determining the origin of a cyber attack, and how it will be determined that an attack is extensive enough to warrant action.
According to the Journal, "The move to formalize the Pentagon's thinking was borne of the military's realization the U.S. has been slow to build up defenses against these kinds of attacks, even as civilian and military infrastructure has grown more dependent on the Internet."
The United States is not merely a victim of computer attacks; there is also speculation the the U.S. assisted in developing Stuxnet, which attacked some of Iran's nuclear facilities.