From a removed distance, airport security can be viewed as a chess match between two players. One player is intent on protecting the aviation system; the other wants to cause harm to it. The game temporarily ends with a successful attack, immediately beginning again with a new target. The objective of the perpetrators is to play each game as quickly as possible, while the protectors work to ensure that the game never ends, or that the perpetrators choose to stop playing.
When passenger screening at airports the United States and Europe intensified almost 15 years ago following the Sept. 11 attacks, advanced imaging technologies and enhanced procedures made airports and planes more secure. However, as targets become more secure, terrorists generally shift their own strategy, identifying and exploiting more vulnerable targets. The devastating attacks in Brussels this week highlight the lethal efficacy of such shifts: terrorists seek out locations that have softer security and where they can cause a lot of damage.
The events in Brussels, although horrific, should not be a surprise. A similar type of event occurred at the Los Angelis International Airport in 2013. US prosecutors are seeking the death penalty in that attack, in which Paul Anthony Ciancia used a semiautomatic weapon to kill one security agent and wound three other people. While Ciancia’s carnage was controlled by his choice of weapon, his actions proved that even the most inexperienced individual can inflict serious damage on the numerous public “soft areas” that exist outside even the most stringent security checkpoints. City train stations and public transportation represent similarly soft areas.
So what to do now? In the immediate aftermath of the Brussels attack, governments across Europe announced heightened security protocols. This is only natural. But while short-term tactical responses are necessary, they are not sustainable, given the level of disruption they incur. By the same token, it is not smart to try to plan long-term strategic changes in the immediate aftermath of a crisis. Such hasty plans may even end up making potential targets more vulnerable over time.
Even with the most comprehensive strategic approach in place, no venue is entirely protected against the risk of attacks. The question officials must ask themselves is whether the strategy in place at the time of the attack effectively utilized intelligence and surveillance, and was designed to deter, detect, and respond. If the answer is yes, then continuing such an approach is appropriate, albeit with any necessary changes learned from the experience to attempt to shore up vulnerabilities. If the answer is no, then no amount of short-term tactical response will provide sufficient long-term security protection.
The ultimate problem is that the kinds of events that occurred in Brussels and Los Angeles cannot be totally prevented. It is difficult to predict how nefarious intent will manifest. Should the security perimeter be pushed further out at airports? How far is sufficiently far? There are no limits or ends to such questions. And as Jeff Price, a travel-security expert and associate professor at Metro State University in Denver, was quoted by USA Today recently: “The point of a suicide bombing is to detonate in an area where there are a lot of people, so relocating the place where people gather or wait … just relocates where the bomber will go.”
Alternatively, some may ask whether we should think about allocating resources differently—away from baggage screening and towards terminal entryways, for example. But here, too, we run up again logistics questions. In an economic environment with limited resources, decisions and choices need to be made. In the United States, Transportation Security Administration Precheck is a program designed to filter travelers so that security resources are directed towards passengers for which less information is known. This is a smart use of resources. Let me be clear: The air system is still the highest-priority target for terrorists and should be protected as such.
The signal of intelligence is often masked by the noise of subterfuge, or more simply, daily chatter. The best one can hope for is to classify and rank the risk associated with potential targets, and allocate resources commensurate with such risk. The key is to be able to deter such events, and if they occur, respond quickly and decisively to minimize damage. This is the foundation of risk-based security, and it is the most sensible strategy.
The number of soft targets in Europe and the US is far greater than the resources available to protect them. Addressing the motivations for such attacks is the most important prevention tactic any nation can utilize. Without such an approach, the events in Brussels will certainly be repeated at other cities around the world in the coming years.
Returning to our chess metaphor, the terrorist may assume the game tilts in their favor, since they need only win one game out of many to be effective. But in reality, there are no winners. The only hope for the future is to find a way to stop playing the game.
Sheldon H. Jacobson is a professor of computer science at the University of Illinois at Urbana-Champaign.