The restricted zone
- This absolute requirement to screen everyone who enters the restricted zone in some respects was able to compensate for deficiencies elsewhere in the security arrangements. For example, the Director of Transec, Mr Ian Devlin, admitted that background criminal records checks on airport staff, will not 'take you terribly far' in identifying potential terrorists. Even counter-terrorist checks 'will check names against indices of known terrorists, but that probably is not going to get you very far because the majority of terrorists will be new faces or they will be using new names'. But, he said, 'that is why we screen people'. And again, there is currently no requirement for any particular form of identification for passengers on internal flights. Instead airlines are required to check that the person who checks in is also the person who boards the plane. When we questioned the reliability of those procedures, Mr Devlin responded
Again I would come back to the point that everyone is screened, everyone who is entering a restricted zone has been searched and security screened.
Since 11 September Transec has also required that all items, including items for sale, must be security checked before being brought into the restricted zone.
- Since so much reliance is being placed on these searches and security checks, it is clearly vital that they are effective and rigorously applied. The most repetitive and arguably the most important of these checks is the X-ray screening of carry-on baggage. The operators of the machines are limited to 20 minutes at a stretch. Operators of X-ray machines screening hold baggage work 40 minute turns. Mr Ian Hutcheson, Director of Security for BAA, told us that they deployed their security staff in teams and rotated them through various different jobs in order to prevent their effectiveness being reduced by the repetitive nature of particular tasks.
- The Director of Transec told us that they were introducing a major training programme at around 40 airport terminals in the UK using a system called Threat Image Projection. He explained how it worked
What that does is that security screeners sitting in front of an X-ray machine might go through their whole career and never see a bomb, never see a gun, apart from perhaps on training courses, so they can become complacent. They see all sorts of things which are not weapons, which are not threats and rationalise in their minds why they are not threats, but they very rarely will see the real thing. What threat image projection does is to present them with images of the real thing. It is done electronically and what it does is project on to bags that they are screening suspicious devices, so an improvised explosive device or a weapon, a knife or a gun will actually be projected into the bag, it will look, to all intents and purposes, as though it is inside the bag and the screeners are required obviously to detect that and to stop the bag and send it for hand searching.
- Mr Hutcheson told us that the programme had driven up performance remarkably. It had also 'really motivated staff because ... they are getting direct feedback from the machine in front of them'. The programme will also allow the introduction of certification for X-ray screeners, which is planned to be in place by April 2003.
- We welcome this initiative and the improved performance which it has contributed to. However, as the fact that there was room for such improvement illustrates, X-ray screening cannot be guaranteed to be 100 per cent effective. And that in turn reinforces the need to ensure that each of the different elements which contribute to the overall security of airports is as robust as possible.
- Thus, even though all passholders are security checked whenever they enter the restricted zones, controls on the issuing of passes need to be rigorously enforced. Mr Hutcheson told us that, before the two well-publicised robberies at Heathrow airport in February and March 2002, there were 100,000 passholders. Following the second robbery 22,000 passes were suspended on the grounds that they had not been used in the previous three months. Since then BAA has 'completely revamped the system so that it is much more stringent for people to get a pass.' These measures include, for example, higher standards for proof of identity and a new system for checking references.
- When he appeared before us in early May, Mr Hutcheson was constrained in what he could say about the robberies at Heathrow not least because police inquiries were still underway. However he did tell us that 'there is strong evidence to suggest that there was no breach of security'. He added
The aviation security programme has been drawn up purely to deal with the sabotage and hijacking of aircraft, it was not drawn up to deal with thefts within a workplace.
We understand that argument, but we also note what Assistant Commissioner Veness told us
I for one am relatively contemptuous of the distinction between ordinary crime and terrorist crime because I fear that where a thief goes so could a terrorist go.
Again we believe that the central point is that overall security is achieved by the robustness of each individual element.
CCTV at airports
- The deployment of CCTV systems at airports also reinforces the same point. As Mr Hutcheson told us
Customs have CCTV, Immigration has CCTV, Special Branch has CCTV, the Airport Authority has CCTV. There is a clear need to integrate the existing systems and also upgrade them where necessary.
These different systems have been installed for different purposes. Assistant Commissioner Veness believed 'the priority now is to stop mass murder so we must look at each and every camera deployment and ask "Does it achieve that objective?"' The Director of Transec also agreed that 'CCTV is a good example where, if we were better co-ordinated, the standard of the CCTV equipment which was installed would meet the requirements of all the agencies.'
- The level of security at airports could be improved by making existing measures even more rigorous, or by adding new measures, for example: introducing more searches and screening, or more rigorous background checks. It would, for example, be possible as Assistant Commissioner Veness has suggested to subdivide the restricted zone so that there would be additional security checks when people or baggage and other items, or even aircraft move from one subdivision to another. But, Mr Hutcheson told us, 'there is a fine balance to be struck between delivering effective security which reassures the public and the staff and actually inconveniencing people almost to the extent that you start to do the terrorists' work for them'.
- It should also be possible to improve the co-ordination of existing measures so that they reinforce each other. We have highlighted a number of areas where this could be taken forward. Transec themselves recognised that there is more to do
What we probably have not done is to take a strategic look at security at airports and to co-ordinate the work of the control authorities.
Pressed as to whether they regarded this work as a matter of urgency, Mr Elbourne, Strategy and Resource Manager, Transec, told us 'It is something which is being brought forward as quickly as we can.'
- Airport security involves the contributions of many different agencies. We welcome the Government's determination to improve co-ordination between them and to create a more strategic approach. We look to them to report progress on this matter in their reply to our report.
- One seaborne threat, which has particularly concerned the US authorities since 11 September, was the possible use by terrorists of shipping containers. In 2000, around five million containers were brought into the UK by ship. Only a very small percentage of those containers are searched at any stage during their journey.
- In a speech in January 2002, the US Customs Commissioner, Mr Robert C Bonner noted that over 200 million shipping containers travel between the world's major ports each year. He went on
... one of the most lethal terrorist scenarios being discussed these days is the use of ocean-going container traffic as a means to smuggle terrorists and weapons of mass destruction into the United States. And it is by no means far-fetched.
The Commissioner proposed a new Container Security Initiative. A number of measures to improve the physical security and electronic monitoring of containers are under consideration. In February 2002 the International Maritime Organisation and most of its member states supported US proposals for ship identification systems, security plans for ships, ports and offshore terminals, vulnerability assessments and improvements to security checks on containers.
- Commodore Dickson told us that the key elements of the work that was being done by the many departments of UK Government with a role in this area were better intelligence and improvements in response arrangements to specific intelligence. Work was also being done on improving the capability to detect CBRN devices, in particular at ports of entry. Commodore Dickson, however, also argued that
an increase in searching containers [has to be] to a level where it does not impact on our freedom of movement and freedom of trade because that runs completely counter and you can put in place all the damage and interference which the terrorists would be well satisfied with.
We understand that, but we also note Commissioner Bonner's description of what would happen if a container was used to smuggle and detonate such a device
Simply put, the shipping of sea containers would stop. The American people, for one, would not likely permit one more sea container to enter the United States until there was a significantly greater assurancesuch as 100% inspectionsthat no additional terrorist weapons would be smuggled into the country.
It is clear that the United States Government continues to take this threat seriously. On 1 July the International Herald Tribune reported that the United States had secured permission to station specially trained US customs officials in Rotterdam, Antwerp and Le Havre. Similar arrangements are already in place in Canada, and the US is in talks with Germany, Italy, Singapore and Spain about extending them to posts in those countries.
- We consider below the difficulties of applying traditional risk management calculations to threats of this sort and how those calculations feed into decisions on resources (paragraph 280). The catastrophic scale of the potential consequences of a terrorist attack by these means, however, requires us fundamentally to re-examine our security measures. And to do so promptly. We were concerned, for example, by the apparent lack of real urgency in the work on improving CBRN detection for containers. We were told in March
Depending on the results [of that work] which should be available some time in the summer, the Ministers will want to consider whether there is a case for devoting more resources to this sort of protection.
- As with air defence it is clear that we cannot exclusively rely on maritime defence measures, whether conducted by the Royal Navy or other agencies, to protect us against the threat from international terrorism. Since it is not practicable to screen every ship, still less every container, coming into the UK, we must use techniques to identify those which are most likely to present a risk. Those techniques will largely depend on intelligence for their effectiveness.
Networks and Systems
- The attacks of 11 September demonstrated some of the physical vulnerabilities of western society, but they also highlighted less tangible vulnerabilities in the way in which the shock at the attacks was transmitted rapidly throughout a globalised, interconnected system, costing billions of dollars in economic damage through direct losses, lost growth, instability to certain industries (airline, insurance). The attack also had major knock-on effects in political and social terms, as well as psychological. The psychological knock-on effects of the relatively small scale anthrax attacks at the same time, for example, were alarming. Some of the effects may pass in the short to medium term (for example, the numbers of people travelling by air has picked up in the last few months); others however, may prove longer-lasting.
- The fact that we live in an interdependent, highly connected and technology dependent, but socially and politically open, society means that we live in a more vulnerable society. This is a society in which economic, technological and political changes have left us more vulnerable to massive disruption. Throughout much of the last century, massive disruption to the economy and the infrastructures upon which we relied could only be caused by a large-scale campaign of aerial bombardment, blockade and/or special forces operations. In the 21st Century, the threat may be from small groups using technology to carry out asymmetric attacks. Countering such threats is a task that requires action not only by the MoD, the police and security services, but also by the regulators of critical industries. In addition our industries themselves as well as our citizens are in the frontline of this struggle. We are not persuaded that the Government has understood this development or has incorporated it into its policy and planning.
- The vulnerabilities of modern society are beginning to be addressed by leading international organisations since there is an emerging consensus that these risks cannot be dealt with on a purely national basis. The EU, NATO and the OECD all have working groups examining this issue. The OECD characterises the problem thus
Globalisation, climate change, the transition to a more technology-intensive economy, demographic and societal change, growing interdependencies, to name but a few significant trends, look set to increase the vulnerabilities of major systems during the 21st century. The provision of health services, transport, energy, food and water supplies, information and telecommunications, safety and security are all examples of vital systems which can be severely damaged by a single catastrophic event, a chain of events, or the disastrous interaction of complex systems.
There is growing concern that extensive disruption to, or collapse of, these systems could significantly impair future economic and social development.
- In the United States the threat of al Qaeda seeking to exploit these vulnerabilities is being taken ever more seriously. The Director of the FBI's National Infrastructure Protection Center is reported to have said recently, 'The event I most fear is a physical attack in conjunction with a successful cyber-attack on the responders' 911 system or the power grid'. It is reported that the CIA issued a revised Directorate of Intelligence Memorandum in February which stated that al Qaeda had far more interest in cyber terrorism than previously believed.
- Measures designed to protect these vulnerabilities in the UK were in place before 11 September. In 1999 the Government established the National Infrastructure Security Co-ordination Centre (NISCC). The NISCC provides a single public point of access to the Government's arrangements for the protection of the Critical National Infrastructure (CNI) from electronic attack. In defining the CNI the Government aims to identify the core services that need to be secured for continuity of government, public safety and economic well-being. To do this it seeks to work with organisations responsible for these systems so that these services are protected in a way that is proportional to the threat. Those core services are defined as 'those parts of the United Kingdom's infrastructure for which continuity is so important to national life that loss, significant interruption, or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or any substantial portion of the community, or would otherwise be of immediate concern to the Government.' The Government has identified the following sectors as priorities: telecommunications, finance, water and sewerage, energy, transport, health services, central government and emergency services.
- The CCS explained how difficult it could be to establish exactly where the vulnerabilities in particular systems were
When one asks questions ... "Do you have independent systems, do you have resilience in your structure," they will say yes, but when they are asked about their service providers, they will say "Yes we sub-contract it" and you will find it will be two sub-contractors using the same piece of fibre-optic cable on the same side of the road.
They recognised that there was an awful lot of work to be done in this area. We agree and we expect to be kept abreast of progress.
- During the run-up to the millennium, the Government and industry worked well together to develop an extensive and in-depth understanding of the vulnerabilities and dependencies of their interconnected systems. This was supported by a programme of information exchange, education and public communication. Unfortunately, the structures and knowledge developed for this exercise were not built upon. Whilst NISCC have been active in promoting the assurance of selected companies seen as critical to the CNI, the Government has not yet undertaken a rigorous and up to date analysis of society's vulnerabilities to attacks on its interdependent infrastructures. Whilst individual companies are becoming more effective at managing their own risks, only the Government has the breadth of responsibility to undertake sector and society-wide assessments and to educate owners and operators of systems about the additional protections that may be required to make our infrastructures robust and resilient.
- In March 2002, the Government appointed a Central Sponsor for Information Assurance and Resilience, who will be responsible for developing and implementing a national strategy to ensure the security and resilience of information systems in the public and private sectors. We welcome this appointment and the new focus within the Cabinet Office for intelligence and security issues under Sir David Omand (see paragraph 183) and look forward to a stronger government lead in this increasingly important area.
- Many of these networks and systems are privately owned. Similarly many of the targets of a physical attackwhether buildings or other sitesare likely to be in the private sector. We have noted some of the concerns raised with us by private sector witnesses. These are understandable since many private companies now feel that they are in the front-line. On the other hand, a recent survey of 5,000 companies of all sizes and types found that only 45 per cent had business continuity plans in place. It will clearly be essential to involve the private sector in both the preventive and consequence management work which is being taken forward.
- Although we have received some evidence on the risks and potential consequences of a terrorist attack on a nuclear installation, we have not been able to examine this issue in any detail in this inquiry. Nonetheless we understand and are concerned by the potentially catastrophic consequences of such an attack. The evidence which we received from Mr Gordon Thompson of the Institute for Resource and Security Studies (IRSS) in Massachusetts, USA and from Dr Frank Barnaby of the Oxford Research Group both concentrated on the perceived vulnerability of Sellafield.
- An attack on a nuclear installation could first of all have a devastating effect on the site itself and the people who work there. It could create conditions of such severe radioactive contamination that efforts to control the damage and to assist the people affected would be almost impossible. Even more seriously, such an attack could lead to a major release of radioactive material into the surrounding area.
- The consequences of a major release of radioactive material are difficult to predict with any certainty. Depending on the circumstances radioactive material could be released either as a liquid or as small particles and gases into the atmosphere. The consequences of an atmospheric release would be heavily influenced by prevailing weather conditions, in respect of both the geographical area of radioactive contamination and the severity of that contamination. Furthermore the effects of radioactivity on human healthparticularly the incidence of fatal cancerswould only become apparent over decades. Although the increased risk to any single individual may not be all that great, because the contamination could extend over a very wide area, the total number of additional fatal cancers over a period of decades could be in the tens of thousands or more. The number of fatal cancers produced by the Chernobyl accident has been estimated to be around 45,000.
- The amount of radioactive material released as a result of a terrorist attack would, of course, depend on the characteristics of the attack itself, but it would also depend on the strength and resilience of the installation. Nuclear power stations, for example, were not designed with the possibility of terrorists using passenger aeroplanes as missiles in mind.
- We believe that these issues would benefit from an independent expert analysis. We have noted the proposal from IRSS that we should invite the Parliamentary Office of Science and Technology (POST) to conduct such an investigation. We have a high opinion of POST's work as a source of independent and authoritative scientific advice. We invite the Board of POST to consider the proposal for an investigation into the possible consequences of a terrorist attack on a nuclear installation. We understand that POST already has a considerable programme of work. If such an investigation would require additional resources, we hope that the House authorities would look sympathetically at providing them. We believe that this investigation should examine the physical robustness of installations against such attacks as well as the potential consequences of an attack in terms of the amounts of radioactive material liable to be released and its effects.
150 Q 855 Back
151 ibid Back
152 Q 883 Back
153 Q 887 Back
154 Q 854 Back
155 Q 1353 Back
156 ibid Back
157 Q 838 Back
158 Q 1353 Back
159 ibid Back
160 Q 1288 Back
161 Q 1290 Back
162 Q 1369 Back
163 Q 1375 Back
164 ibid Back
165 Q 1214 Back
166 Q 1378 Back
167 Q 1214 Back
168 Q 900 Back
169 Q 1214 Back
170 Q 1281 Back
171 Q 900 Back
172 Q 904 Back
173 Q 533 Back
174 Speech before the Center for Strategic and International Studies, Washington D.C., 17 January 2002 Back
175 Q 534 Back
176 Q 534 Back
177 Q 535 Back
178 Q 538 Back
179 OECD Futures Group Back
180 Washington Post, 27 June 2002 Back
181 ibid Back
182 www.niscc.gov.uk Back
183 Q 25 Back
184 Q 722 Back
185 See Ev 292 Back
186 Ev 300 Back