The unauthorized pirating of an airplane in the evening hours of August 10th from Seattle Tacoma International Airport was certainly permitted by and was a direct cause of the lapses in security protocols at the airport, regardless of what the Port Commissioner Courtney Gregoire says or thinks.
In the threat definition matrix there are 4 classifications of adversaries:
3) Outsiders that collude with insiders and
4) Insiders that collude with outsiders.
If you are a vigilant and responsible business continuity professional you plan for the “aberrations” ahead of time, those are the contingencies that keep you up at night, or at least they should.
As a risk management/security professional you must be skilled to identify potential impacts that threaten an organization and to provide a systematic framework of effective resilience and an effective tactical response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
You envision and conduct pre-emptive training. In front of every group of corporate professionals that I train on our more popular topics such as: Active Shooter Risk Mitigation, De-escalation of Aggression or our current hot topic “Tactical Termination” (How to terminate an employee properly), I always train on the concept that the “best time to plan for an emergency is before one occurs, not during nor after”. That’s just common sense, right? You’d be surprised how many companies don’t do this.
As far back as 2009, The Department of Homeland Security (DHS) had been intensely studying an “aberration” like this, as Commissioner Gregoire termed it. DHS shared its comprehensive report with all of the stakeholders as they were working on developing its Comprehensive Risk Assessment of Perimeter and Access Control Security (Risk Assessment of Airport Security) in May 2013.
This was available information regarding the risk from the insider threat—the potential of rogue aviation workers exploiting their credentials, access, and knowledge of security procedures throughout the airport for personal gain or to inflict damage. The Commissioner who was elected in 2013 and reelected in 2015 to the post had access to this study.
What was the Port of Seattle Commissioner waiting for?
In front of the cameras, she continually works to spin and downplay the seriousness of this event --- the theft of a commercial aircraft from a major U.S. airport has exposed a tremendous gap in airport security.
She emphatically states that “even though an airport employee stole a plane and flew it for an hour before crashing --- at the airport there were no lapses in security protocol”. How matter of fact can a person be? Her comments are delusional, dismissive and dangerous. The buck should stop with her --- instead of deflecting any culpability and hoisting the responsibility onto the airline, as the man who took the airplane, Richard "Beebo" Russell, was an employee of Alaskan Airlines.
She is trying too hard to get to the “other side” of this crisis with HER reputation intact and preserved. She goes on to say that Sea-Tac Airport had “recently beefed up security screenings for employees. Every airport employee goes through a physical screening process before being allowed to work”.
This fact has nothing to do with what happened. It is an effort to deflect ownership of what is nothing short of a miracle that no one else was hurt other than Mr. Russell, who by his own extremely sad admission was not dealing well with the personal challenges he was facing in his life.
Richard Russell didn’t take the plane by force. He didn’t have a gun that would be “detected” by a metal detector. There was no “secondary inspection” of him. As “beefy” as the security upgrades were, they weren’t worth a hill of beans.
Courtney Gregoire’s personal “outreach strategy” (which is crucial at every stage of a crisis management event) has been to dismiss the facts. She has not taken ownership for the gap in the collective processes of the agency she “leads”. During a crisis, being distant, neutral and making flippant comments blaming others shows a lack of essential due care and poor leadership.
This is precisely why professional security practitioners have such a difficult time getting a seat at the table in the C-suite boardroom when the topic is Enterprise Security Risk Management (ESRM). It is clear that she cares more about her own “reputation management” than saying, “the buck ultimately stops with me”.
This action exposed a glaring series of present day post 9/11 era deficiencies in airport security that many people knew about but did nothing to prevent. That to me is nothing short of dereliction of duty.
If, truly, "all security protocols were handled appropriately" and the Port Commission “met all of those protocols”, the question must be were the security protocols adequate for the intended purpose?
As a High Risk Security Consultant who has practiced in this field for over 20 years, the answer is clearly NO. Let’s explain why by taking a closer look at the incident.
Richard Russell the grounds crewman was able to, without detection by anyone in a position to intervene:
1. “push back” the plane
2. board the plane
3. taxi onto the runway, and
4. take off
This was nothing short of an alarming chain of failures in security best practices. I’m curious as to how those glaring issues could be “in line” with “best practices” of security management. If the security protocols that are in place currently leave room for the unauthorized taking of an airplane, something is drastically wrong.
We aren’t talking about turning a key or pushing one button like many cars start today. In general (planes have various systems) to start an aircraft like this, one must do the following (as related by Jim Irvine, an American Airlines pilot, colleague and friend of mine):
“In general, APU bleed air is used to start the engines. When it is inop,(inoperable) a ground "huffer cart" supplies the air to start the engines, but then you need someone to run the cart and disconnect when the engines are started. Also to do a cross bleed start from one engine to others, but you need air from somewhere to get the first one going.
Starting the APU is normally done from ground power - normally the gate. If that is not available, there are power carts than can be used instead. Lacking that, the APU will start off the battery. Not preferred, but probably happens a few dozen times every morning at AA.
Other things that would need to be done are remove chocks, power hydraulic systems and electrical systems, but the electric probably switches automatically in an airbus. Also need to set takeoff flaps and know what speed it will fly and things like that.”
The ground crew shouldn’t have a basic understanding of how to start the aircraft. This is what the pilot is for. If we actually do live in a world where an unauthorized pilot can “play some video games” (as Russell told air traffic controllers he had done) and get a plane into the air, there are wide-ranging and clear gaps in the current protocols and preventative procedures.
Commissioner Gregoire correctly pointed out that Richard Russell had a security badge, and that all employees are subject to background checks. These facts seem to me to be missing the point by quite a distance.
If everything worked the way it was supposed to, why again did this happen? The Port needs to re-examine what its mission is.
It is clear that current standard operating procedures are not in place to prevent the unauthorized piloting of the planes on the ground.
Suppose this tragic incident had taken a slightly different turn. What would the authorities have done or been able to do if the “pilot” started to fly towards the Seattle- Tacoma– Bellevue metropolitan area -- the nation’s 15th-largest metro area, with 3.61 million residents? Shoot the plane down over such a densely populated area?
The stakes are too high for the “all protocols were followed” explanation to pass the smell test.
We need to ask some serious questions in light of this event, and for those who haven’t been asking them – a group which apparently includes Commissioner Gregoire – the time to do so is NOW.
Commissioner Gregoire was quick to reach for the “all protocols were followed” explanation, but she also said the airport will work on possible security improvements. Great idea!
Commissioner Gregoire described the incident as a "one-in-a-million experience."
What really is a "one-in-a-million experience" would be Commissioner Gregoire remaining employed in her position, from which she could comfortably offer excuses and deflect accountability if/when the next tragic lapse in security takes place.
Phillip Rizzo is an author, High Risk Security Consultant & serves as Chief Physical Security Officer with the E-data Law Group, LLC in Hinckley, Ohio. He has provided executive protection to an array of High Value Targets (HVTs) throughout his career & participated with hundreds of other law enforcement and security personnel to help secure the Republican National Convention in 2016 in Cleveland, Ohio. He currently serves as the Assistant Regional Vice President for Region 2F (Akron/Canton & Cleveland, Ohio) for ASIS – American Society for Industrial Security and is the immediate past Chairman of the Board (Akron/Canton Chapter #123, 2014 – 2017). He can be reached at firstname.lastname@example.org for further comment or arrangements can be made for phone interviews.
Visit my LinkedIn Page for full article.