Seventh public hearing of the National Commission on Terrorist Attacks
Upon the United States
Statement of Andrew P. Studdert to the National Commission
on Terrorist Attacks Upon The United States
January 27, 2004
Mr. Chairman, and distinguished panel members, I appreciate this opportunity. My name is Andy Studdert. On September 11, I was the Chief Operating Officer and Executive Vice President of United Airlines. I had been with United since 1995, and became its COO in 1999. I left United in September 2002. I am very proud to be joined here today by Captain Ed Soliday, who was United's Vice President of Safety and Security from 1991 to 2002. He was an invaluable resource for me, and I know that he will be a valuable resource for the Commission. In my opinion, he is one of the best aviation safety and security professionals in the country.
The September 11, 2001, terrorist attacks against the United States were first and foremost personal tragedies. My heart, as well as the hearts of everyone at United Airlines, goes out to the thousands of victims and their families -- the passengers and the United and American Airlines crews on the four hijacked flights; the people on the ground at the World Trade Center and the Pentagon; the heroic emergency personnel at those sites and at Shanksville; and all their loved ones.
This was a profoundly personal loss for us at United. Eighteen of those who died that day were our colleagues, friends and family members.
All of us who were affected applaud and support the work of this Commission. I know that United will do its part to help clarify the events of September 11 and to help improve our nation’s security system. United continues to be committed to cooperating and assisting the Commission in any way it can, as are Captain Soliday and I.
I would like to cover three main areas today: the role of the airline industry and the government in our security system, including United's commitment to security; a review of the events of September 11 as we experienced them at United; and some brief recommendations the Commission might consider.
Government and Airline Roles In Aviation Security
Both the United States government and the aviation industry play vital roles in aviation security. As this Commission knows, under the Aviation Security Improvement Act of 1990 and the law derived from that statute, the United States government has been and must be the central player in aviation security. Only the government has the resources and the legal authority to:
- Conduct intelligence-gathering and analysis;
- Perform risk and threat assessments;
- Communicate appropriate intelligence to the airlines, airports and law enforcement agencies;
- Design, review and approve the industry’s security plans, procedures and methods;
- Provide security directives to the industry; and
- Test the aviation security system for effectiveness
Airlines are also active participants in the system. We work hard to implement government directives as quickly as possible and to give the government our views on the practicalities and effectiveness of those measures. We strive to be a constructive, active and innovative participant in the system.
As we work with the government to provide security, all of us face a challenging reality. For example, there is constant change in the complex interplay between the efforts of those who seek to make air travel safer and those who seek to attack it. At the same time, our security efforts must respect those ideals of personal liberty that are so central to our way of life. Balancing these concerns in the face of a determined adversary is a challenging mission that demands a serious commitment to continuous improvement in security as its foundation.
United’s Corporate Commitment To Safety and Security
United’s commitment to security is an integral part of the company’s corporate culture. The foundation of our work is anchored in the safety of those who put their trust in us when they choose to fly United.
The central importance of safety and security is reflected in United’s corporate structure and organization. United has a high level executive position – Vice President for Safety and Security – with real independence from the operating units and with direct access to the chief executive officer, the head of operations and – importantly – to the board of directors. Since its inception, this position has always been filled by highly-experienced senior pilots.
Fundamentally, United’s approach is to be part of the security solution. We take pride in the fact that our safety and security staff have been asked to serve on a broad spectrum of advisory boards on this topic.
The Events Of September 11, 2001
With United’s commitment to security as backdrop, let me recount what happened at United on September 11, 2001.
It started as a normal day at United. We had more than 120 domestic planes in the air, 27 international planes in the air, and more than 40 planes waiting to take off. At 7:58 am Eastern time, United Flight 175 Boston to Los Angeles under the command of Captain Victor Saracini pushed back from the gate with 51 passengers and 9 United crew members on board. Three minutes later, United Flight 93 Newark to San Francisco under the command of Captain Jason Dahl pushed back from the gate with 34 passengers and 7 United crew members on board. Flight 175 was wheels up at 8:14 and Flight 93 was wheels up at 8:42.
Shortly before 9:00, I was having my usual morning meeting with Jim Goodwin, our CEO, when my secretary burst in and told us that a plane had hit the World Trade Center. I immediately leave Jim Goodwin’s office and run to the Operations Center at United. What follows is a timeline of the subsequent events that happened on that day at United. All times are given in Eastern time.
- At around 8:50 a call comes into our San Francisco maintenance desk from a flight attendant on Flight 175 saying that the flight had been hijacked. That information is quickly relayed to Chicago Operations Center;
- By the time I get to the Operations Center at approximately 9:00, a United dispatcher has reported that we have lost contact with United Flight 175;
- At 9:03, a second plane hits the World Trade Center. American reports that they believe it was another one of their aircraft. We later learn that it was United Flight 175 with 60 people on board;
- We contact the local FBI. They respond immediately with a team who have been trained in the use of United’s computer system and have practiced emergency response with United on several occasions. We set up facilities for Federal investigators from the FBI and other agencies in United World Headquarters outside Chicago and elsewhere, and begin gathering information and documents for those investigators. That effort continues for several weeks, and involves scores of United people and thousands of pages of United records.
- Throughout the morning we are in constant contact via hotlines with government agencies and other airlines;
- At 9:21 United dispatchers are told to advise their flights to secure cockpit doors;
- At 9:24 a United dispatcher sends a “Beware of cockpit intrusion . . . Two aircraft in NY hit Trade Center Builds” message to Flight 93. Flight 93 responds to this message at 9:26 , requesting that the dispatcher confirm the latest message;
- At approximately 9:30, a United dispatcher reports that we cannot reach Flight 93;
- At 9:31 and 9:32, messages from United Air Traffic Control coordinators are sent to Flight 93 stating “ATC looking for you on 133.37.” Flight 93 does not respond;
- At 9:33 United dispatch sends a message to Flight 93 stating “High Security Alert. Secure Cockpit.” Flight 93 does not respond;
- At 9:35 United San Francisco maintenance desk receives a call from a flight attendant on Flight 93 saying that the flight has been hijacked. This information is quickly relayed to United Chicago Operations Center;
- At 9:36 United dispatch sends a message to Flight 93 asking whether dispatch can be of any assistance. Flight 93 does not respond;
- At 9:41 United dispatch sends two messages to Flight 93 stating “High security alert. Secure cockpit door, admit no one in to cockpit.” Flight 93 does not respond;
- At approximately 9:45 I order the entire United fleet grounded, for the first time in United history. Even before this, some individual dispatchers were already grounding their flights. At about the same time, the FAA and American Airlines make the same decision;
- At about 9:45 we receive a report that an aircraft has crashed into the Pentagon. We later learn that was American Flight 77;
- At 9:47 a message from United San Francisco Maintenance is sent to Flight 93 stating “Heard of incident, is all normal?.” Flight 93 does not respond;
- At 9:50 a message is sent from United dispatch to Flight 93 advising it to land at the nearest airport. Flight 93 does not respond;
- At 9:51 two more messages are sent to Flight 93 advising it to land at the nearest airport. Flight 93 does not respond;
- We track Flight 93’s flight path on the large operations monitor in the Crisis Center;
- Around 10:00, as directed by United’s emergency response plan, the company begins assembling its “go teams” to assist victims’ families and authorities;
- At around 10:00 we lose contact with United Flights 641, 415 and 399. Persistent attempts to communicate with those “missing” flights eventually succeed;
- At approximately 10:06 United Flight 93 crashes in Pennsylvania, killing all 41 people on board;
- At 10:10 and 10:11 two messages are sent to Flight 93 stating “Do not divert to DC area”;
- From 10:55 to 11:15 United Flights 103, 634, 57, 2725, 1211, 1695, 2101, 2256 and 2102 are also reported missing but are eventually located at various airports;
- Throughout the morning there is a torrent of reported bomb threats, explosions are reported at two airports and there are reports of other threats and other hijackings. They fortunately turn out to be misunderstandings or hoaxes, but the presumed threats can not be dismissed in the high uncertainty of the moment;
- That afternoon, United’s “go teams” are deployed to the two United crash sites, as well as Boston, Newark and New York’s LaGuardia Airport to assist authorities and provide humanitarian response. On September 11, United had approximately 150 employees on its go teams, and more than 3,000 employees company-wide caring for the needs of the victims’ families and assisting investigators as requested.
The Crisis Center remained in operation 24 hours a day 7 days a week for the next three weeks, until we could return to more or less normal (though drastically reduced) operations. During those days, United people all around the country devoted their energies to assisting the victims’ families and working with the FBI and other government agencies to assist in their investigation. The Crisis Center provided these people with instant access to resource providers and key decision makers.
In the days that followed September 11, United addressed the enormous task of getting its passengers, crew and airplanes home. We established a new reduced flight schedule, and got the airline back in the air. At the same time, we created a task force including all United stakeholders and appropriate consultants. That task force proposed to the FAA that United act as a test bed for new security measures. United and other industry participants began implementing the new security procedures mandated by the FAA, as we got United flying again.
In the wake of these attacks and all that has transpired since, the question rightly is: "What changes should be made to enhance aviation security?" To address this issue fairly, we must remember and closely consider the aviation system as it existed on September 11, 2001. The security system at that point was by necessity hugely complex, since it required coordination among many different Federal, state and local government agencies and private parties involved. That system had evolved in a series of steps taken over decades, largely as responses to new kinds of threats. It evolved from an approach that provided a “toolbox” of threat responses to a strategy of baseline levels of security that applied to multiple threat scenarios and could be supplemented by additional threat-specific procedures.
Regardless of the approach used, limitations of human factors and technology meant that no individual aspect of the system could be 100% perfect. The realities under which we operate, including the variety and number of possible threats, the finite resources that could be brought to bear, and our democratic values, all placed limits on what could be done. And yet, with each player in the system working hard and all working together, the system seemed to be working—until September 11.
Much progress has been made since September 11, 2001, and I commend the FAA, the TSA and other agencies for all their efforts. However, our national aviation security system needs to evolve further. We believe it is time to develop an overall, totally integrated strategic and dynamic security plan – and not simply to try to add another layer of priorities on top of the current system. The strategic aspect of that plan would include layered security systems that integrate new technology, training and procedures. These elements should be designed with better understanding of human factors. The dynamic aspect would be a commitment to continuous review, ongoing and creative testing, continuous improvement, and unpredictability. Key to the success of any security system is the active participation of and communication among all participants in the system, both government and industry.
The work of the post-September 11 National Academy of Sciences panel that Captain Soliday and many others served on provides a good guide to begin down that path. That panel acknowledged that the enemy that we are now facing cannot be defeated by any security system that relies too heavily on one element. The panel also recommended to President Bush that the United States use a layered security system in which multiple security features are connected and provide backup to one another. The combination of those various interrelated elements can help compensate for the realities of human or technological shortcomings.
As terrorists find it increasingly difficult to assess the odds of defeating multiple layers, they are deterred from attacking the system and the system is better equipped to prevent attacks and to defeat them when they are made.
We look forward to helping the Commission achieve a more effective and reliable security system for the aviation industry and the nation. We will answer any questions you have for us, and offer specific and concrete suggestions, wherever possible. We are acutely aware of the limits that Federal law and, frankly, common sense, place on public disclosure of sensitive security information. We are also sensitive to the need to balance the United States public’s right to know and the obvious dangers posed by public discussion of specific aspects of the old and the new aviation security systems.
In closing, I return to where I began, to the victims and their families. Let us work together to learn as much as possible about the events of September 11. We must then apply those lessons to make our nation’s aviation security system continually better and stronger, so that our enemies do not ever again attack our country and its people through our aviation system. I again thank the Commission for all it is doing to advance that cause, and Captain Soliday and I welcome any questions you may have.
Andrew P. Studdert was chief operating officer and executive vice president of United Airlines prior to leaving the company in September, 2002. His position was based at the company’s headquarters in suburban Chicago.
Named to the position in July 1999, Studdert was responsible for all operational groups pertaining to United's fleet, including: Flight Operations; Fleet Operations; Operations Services; Systems Operations Control; and Safety, Security and Quality Assurance. Late in 2001, Airport Operations and Onboard Services were added to Studdert’s portfolio of responsibilities.
Prior to assuming the role of COO and executive vice president, Studdert served as senior vice president - Fleet Operations from 1997, overseeing all aspects of United's fleet operations, including: engine, line and airframe maintenance; engineering; system operations control; corporate safety and security; and United's corporate quality assurance.
Before that, Studdert served as senior vice president of the Information Services Division and chief information officer, managing United’s worldwide technology and information services.
Studdert came to United in 1995 from First Interstate Bancorp in Los Angeles, where he served in a number of executive positions. These included: running a $300 million technology company, First Interstate Services Company; heading consumer marketing and operations for First Interstate Bancorp; and serving as chairman and chief executive officer of First Interstate Mortgage Company. In addition, he was Chairman of CIRRUS, the worldwide ATM network.
He holds a bachelor’s degree from San Francisco State University in San Francisco. He and his wife reside in Wilmette, Ill., with their three children.