Seventh public hearing of the National Commission on Terrorist Attacks Upon the United States

Statement of Cathal L. Flynn to the National Commission on Terrorist Attacks Upon The United States
January 27, 2004

The panel is asked to focus on two topics:

• The development of the civil aviation system that existed on September 11, 2001.
• Assessment of the performance of the civil aviation security system on September 11, 2001, and in the immediate aftermath.

Having been the Associate Administrator for Civil Aviation Security, Federal Aviation Administration, from 1993 to 2000, I can write knowledgeably about the first topic. My thoughts on the second topic, based on news coverage of the events and published commentary, are necessarily speculative.

Last September 9, I had a long interview with Commission staff members, in which we discussed these topics in detail. The Commission having a record of that interview, this statement can be briefer than it otherwise might need to be.

The statement of Ms. Jane Garvey, former Administrator of the FAA, to the Commission on May 22, 2003, summarized the development of the national aviation security program from its beginning. In his statement to the Commission on May 23, 2003, Major General O. K. Steele, my immediate predecessor as Assistant Administrator for Civil Aviation Security, described the events and accomplishments of his time in the job, 1990 to 1993, particularly the FAA’s implementation of the Aviation Security Improvement Act of 1990 and the recommendations of the President’s Commission on Aviation Security and Terrorism (the Pan Am 103 Commission) of that year. I will try to avoid repeating these excellent summaries. I will instead emphasize developments in the period from 1993 to 2000, and then give my assessment of the security system’s performance on and immediately following September 11, 2001.

To begin, I wish to say that I had the steady and effective support of the FAA Administrators, the Secretaries of Transportation, and the Directors of Transportation Intelligence and Security who held office during my time at the FAA. Also during that time, I was privileged to work with the members of the FAA security service, professionals who daily exhibited a high order of competence, dedication, and determination to do right.

United States aviation security was implemented in a regulatory framework. Federal Aviation Regulations (FAR) Parts 107,108,109, and 129, which are public documents, respectively applied to airports, air carriers, indirect air carriers (freight forwarders), and foreign air carriers. Detailed implementing requirements were imposed on the regulated entities by restricted program documents: Airport Security Programs, Air Carrier Standard Security Program, Indirect Air Carrier Standard Security Program, and Model Security Program (for foreign air carriers flying to the United States).

Any substantial permanent addition to the regulations had to be brought about by a cumbersome and time-consuming process of public rule making. Consequently, much reliance was placed on the Administrator’s emergency authority, which permitted the imposition of additional or more stringent measures by means of security directives and emergency program amendment documents, often effective immediately on receipt by the regulated entities.

From 1993 to 2000, aviation security was implemented in an environment shaped by several developments and events: memory of the Pan Am 103 catastrophe and national determination that nothing like it should happen again; the World Trade Center bombing of February 1993 and the discovery, in the post-bombing investigations, of previously un-noticed groups within the United States that at least seemed to be connected with Middle Eastern terrorist organizations; the “Manila Conspiracy”, also called the “Bojinka Plot”, that aimed in early 1995 to destroy as many as twelve U.S. airliners nearly simultaneously as they flew from airports in East Asia; growing awareness of the al Qaeda terrorist organization; and the crash of TWA flight 800 on July 17, 1996, which initially appeared to have been caused by an on-board bomb and thus raised national awareness of a possible terrorist threat to aviation within the United States.

The investigations stemming from the World Trade Center attack revealed terrorist interest in civil aviation within the United States. Because of that, and because Middle East-connected terrorists had a propensity to attack aviation, additional security measures were imposed by security directives and program amendments, at first only for a time around salient events such as the sentencing of World Trade Center terrorists. Later in 1995, the measures were re-implemented with some changes, and kept in effect.

The Manila Conspiracy dramatically demonstrated that the terrorist organization that later came to be known as al Qaeda had global reach, determination to commit mass murder and inflict enormous economic damage, willingness to plan and rehearse attacks patiently over a period of months, technical ingenuity in bomb making, and adequate financial backing. Its defeat also showed that U.S. government agencies directed by the National Security Council staff, agencies of many other governments, airport authorities, air carriers and indirect air carriers had learned how to cooperate effectively in circumstances of high threat and tension. The FAA’s role began by investigating the bombing of Philippine Airlines Flight 434 on December 11, 1994, which was Ramzi Yousef’s dress rehearsal for his intended bombing of U.S. airliners. That investigation revealed information vital to connecting the conspiracy’s dots and to devising measures to protect flights. In the critical period, from January to April, intelligence and law enforcement information was effectively passed to the FAA, thus enabling efficient management of focused emergency measures on an unprecedented, nearly global scale.

Other events of note in 1995 included the brief implementation of Contingency Plan measures to counter a threat from the Unabomber to flights from Californian airports, and a serious shooting incident at Minneapolis-St. Paul International, which was effectively resolved by airport police.

By 1995, the FAA had become convinced that the baseline of aviation security, the aggregate of the permanent carrier and airport programs, had to be raised. Adequate security could not be effectively maintained by means of temporary security directives and program amendments depending on the Administrator’s emergency powers. We also believed that a more effective national intelligence program, aimed at identifying and neutralizing terrorists before they attacked, was essential. And we believed that a broad national consensus was needed to bring about permanent improvements, many of which would be expensive and burdensome to implement. With the support of the Secretary of Transportation and the National Security Council staff, the FAA determined that its Aviation Security Advisory Committee (ASAC) was the forum in which to achieve the consensus for a new baseline. The ASAC met and formed the Baseline Working Group on July 17, 1996. Deputy Secretary of Transportation Mortimer Downey and Congressman James Oberstar addressed the ASAC and strongly endorsed raising aviation security in this manner. The destruction of TWA flight 800, which followed the Baseline Working Group’s creation by only a few hours, accelerated a process already underway.

President Clinton formed the White House Commission on Aviation Safety and Security on July 25. Its members included the Directors of Central Intelligence and the FBI.

Working long and hard, the ASAC Baseline Working Group provided the Commission with a preliminary report on August 30 and a final report on December 12. The White House Commission published an initial report on September 9 and a final report on February 12, 1997.

The White House Commission’s final report was disappointing in some respects. It did not stress the central importance of intelligence and law enforcement in detecting and countering terrorist activities aimed at aviation. It gave equal emphasis to the Oklahoma City and World Trade Center bombings as indicators of the terrorist threat to civil aviation, thereby obscuring the very different motivations, objectives, capabilities, and attributes of the two attacks’ perpetrators. By recommending a budget of only $100 million annually for capital expenditures to improve aviation security, the Commission implied that the threat within the United States was not imminent. It was known that well over 1000 explosives detection systems (EDS) were needed to screen all checked baggage at our airports. Given the need to buy other equipment, a $100 million capital budget would permit purchase and installation of about 50 EDS per year, and it thus would take twenty years at best to achieve a complete checked baggage screening program. That did not indicate urgency.

On the other hand, the Commission did achieve consensus that protecting civil aviation was an essential part of national security, and that the security baseline would be raised. Its recommendations gave important direction, authority, and resources for FAA’s work in the subsequent years.

By 2000, the FAA, other federal agencies, and the regulated entities had made substantial progress in implementing the Commission’s recommendations and raising the security baseline.

The airlines had implemented Computer Assisted Passenger Pre-Screening (CAPPS) as the basis for the checked baggage security program. The checked bags of passengers selected by CAPPS were either bag-matched (not carried unless the passenger was on board) or screened by EDS (the preferred measure but applied to a small fraction of all bags, because only 101 EDS were in use, at 37 airports, by mid-2000). We had high confidence in CAPPS, and it is still in use in today’s security programs, but our eventual goal was to achieve screening of all bags and then stop using it. In 2000, CAPPS was used only in the checked baggage program, where selection of a fraction of passengers was needed. It was not used at the checkpoints, where passengers and persons accompanying them to and from the gates, workers at concessions within the sterile areas, aircrew and other airline and airport employees, and their belongings, were all screened.

To improve the checkpoints’ detection of weapons and -- particularly, because they were seen as the principal danger -- improvised explosive devices (IED’s, bombs), 420 new X-ray units, equipped with Threat Image Projection (TIP) were installed. Over 450 explosives trace detection units were also in use at checkpoints. To improve the proficiency of screeners, Computer-Based Training (CBT) systems were installed in training rooms at major airports. At the same time, FAA recognized that screener performance could not be improved merely by deploying better equipment, and that direct, performance-based regulation of screening companies was needed. FAA expected to publish the final screening company certification rule in 2001. FAA also conducted an intensive program of inspections and tests to maintain performance.

Checkpoint screening was the primary measure to prevent hijackings of aircraft. The Federal Air Marshal program was a supplemental measure. Because the threat of hijackings was greater there, most FAM missions were on international routes.

The FAM program became controversial within the US government in late 1993 and early 1994. The Department of Defense and the FBI sought to have it terminated because in their view there was unacceptable risk, in the event of a hijacking, of their hostage rescue efforts being dangerously complicated by the presence of armed FAM’s in the aircraft. “Blue-on-Blue” friendly fire incidents were central to their concerns. The FAA did not agree that there was an appreciable risk, and insisted on continuing the program for deterrence. The National Security Council staff resolved the matter in the FAA’s favor. Thereafter, the FAA’s efforts to maintain a small, high-quality FAM corps continued, notably by relocating its base to the Technical Center at Atlantic City, where it had ready access to greatly improved training facilities.

The program’s objective was deterrence. The FAM’s were highly trained and disciplined, and well prepared to use lethal force, but the probability of a team being in position to defeat a hijacking was very low. It was unlikely even that any of the scores of armed federal, state, and local law enforcement officers that flew on airliners within the United States on any day, and were authorized to use their firearms to prevent in-flight crime, would be aboard a targeted flight.

I have gone into detail about CAPPS, pre-board screening, and the FAM program, because they seem of particular interest in the context of the September 11 attacks. Considerable attention and effort were also given to the security of air cargo, to control of access to airport ramps, to implementing fingerprint-based criminal history checks for screeners and all who had unescorted access to the secure areas of airports. The FAA’s Security R&D Service had notable success in the areas of detection equipment development, human factors, and system testing; it also collaborated productively with other U.S. and foreign R&D programs. The FAA explosives detection canine program doubled, from 87 to 174, the number of effective airport canine teams.

Starting well before 1996, but reinforced and accelerated with the additional resources recommended by the White House Commission, the FAA conducted an increasingly well-focused and intensive program of tests, assessments, and audits to measure the performance of all elements of the security program, to ensure compliance, and support enforcement actions. The results were consolidated, analyzed, and presented to regulated entities. They were also presented, in closed sessions, to the oversight and appropriations committees of the House and Senate.

The FAA security service had a heavy workload. In fiscal year 2000, for example, it included 12,382 inspections of U.S. and foreign air carrier stations, airports, and checkpoints in the United States, 14,000 compliance tests, 516 inspections of U.S. carriers’ foreign stations, 178 inspections of foreign air carriers at their last points of departure to the United States, and assessments of 122 foreign airports. In addition it accomplished evaluations of canine teams, vulnerability assessments, 6,583 dangerous goods and cargo security assessments, and assessments of the operation of EDS and ETD equipment.

By 2000, the national security baseline had been raised as intended. Its baseline effectiveness was adequate for the conditions of low threat that prevailed. It could be made more stringent when heightened threats required it. There was an active, continuing program to identify specific weaknesses and fix them, and to improve the entire program over time. It was adequate to fill its role in national anti-terrorism strategy. In order to defeat the defenses at airports and around airliners, terrorists would need to organize, plan, prepare, and rehearse their attacks in ways that would come to the attention of the national intelligence community.

If, as has been reported, some of the terrorists used the names by which intelligence agencies knew them, the attacks could have been disrupted, perhaps completely defeated, simply by requiring all airlines to deny them boarding and report their reservations to law enforcement agencies.

The terrorists, by most accounts, did not have firearms on the aircraft. If that is so, it is a reasonable surmise that they thought there was excessive risk of firearms being detected at checkpoints. They might have preferred to have firearms on the aircraft, but instead, by most accounts, they used box cutters as their weapons. On September 11, and for decades before, some knives and blades were not prohibited because innocent reasons for carrying them far exceeded any menace they seemed to convey.

The FAA acted speedily and effectively on September 11, grounding all aircraft to prevent additional attacks. Then the FAA devised, and the regulated entities implemented, modifications to the security programs to cope with the new form of threat and to permit resumption of flights. The changes included permitting only ticketed passengers, and not escorts, to enter the sterile areas, with benefits that included giving additional time per passenger for the much more intensive screening then needed, and using CAPPS to select passengers for secondary screening at the boarding gates. Other, less visible changes were implemented, such as for air cargo security. General aviation became subject to unprecedented restrictions. Overall, the FAA and the regulated entities responded well and comprehensively, serving to restore public confidence in safety of flight.

From 1993 to 2000, RADM Flynn was the Associate Administrator for Civil Aviation Security in the Federal Aviation Administration.

In 1960, he began 30 years active service in the U.S. Navy, predominantly in naval special warfare, joint special operations, measures to combat terrorism, and international security affairs.

Promoted to Rear Admiral in 1985, he served successively as Commander, Naval Security and Investigative Command (and concurrently as Assistant Director of Naval Intelligence for Counterintelligence and Anti-terrorism), Director of Plans and Policy, US Special Operations Command, and Deputy Assistant Secretary of Defense for Special Operations.

Following his retirement from the Navy in 1990, RADM Flynn joined Science Applications International Corporation. He concurrently served on committees of the National Research Council and the Defense Science Board.

He has MA and BAI (Civil Engineering) degrees from the University of Dublin, Trinity College, and an MS (East Asian Studies) from the American University, Washington, DC.