|
Article Excerpt
1. Introduction
The events of September 11, 2001 led to sweeping nation-wide changes in aviation security policy and operations. The piecemeal and reactive nature of many of these changes has resulted in large increases in costs and inconvenience to travelers. The August 2006 arrest in London of several suspected terrorists plotting to blow up ten US-bound transatlantic flights, and the ensuing changes in airport security procedures, serve to further illustrate this point. These experiences suggest the need for new aviation security paradigms that bring together the key security system factors (namely, technology, intelligence and procedures) needed to achieve screening operations that are efficient, cost-effective and non-intrusive.
Aviation security policy and procedures have been abruptly altered several times since September 11, 2001. One policy change was the 100% baggage screening mandate, put forth by the Aviation and Transportation Security Act (ATSA), passed on November 19, 2001, with a deadline of December 31, 2002 (Mead, 2003). Under such a policy, all checked baggage must be screened by Explosive Detection Systems (EDSs) or Explosive Trace Detectors (ETDs), approved by the Transportation Security Administration (TSA). To comply with the ATSA, the TSA began acquiring and deploying EDSs and ETDs in airports throughout the nation, with more than 1400 EDSs and 6600 ETDs deployed since 2001 (US GAO, 2006). Another change included restrictions on carry-on items (such as liquids, as of August 2006).
A major policy change following September 11, 2001 was the development of program Secure Flight. Secure Flight performs a check on passenger information against consolidated Federal terrorist watch lists (US TSA, 2006). Passengers who are permitted to fly by Secure Flight are then prescreened by CAPPS, the Computer-Aided Passenger Prescreening System. CAPPS performs a risk assessment on each passenger and partitions passengers into two classes: non-selectees and selectees, where non-selectees are passengers who have been cleared of posing a risk, and selectees are passengers who have not been cleared, based on limited information known about them. A prescreening system such as CAPPS can be used to assign an assessed threat value to each passenger, a scalar value that quantifies the risk associated with the characteristics of the passenger. CAPPS distinguishes selectees and non-selectees by requiring additional screening (such as hand searches) for selectees and their baggage. The selectee and non-selectee classes are each defined by a preassigned subset of devices and a procedure through which passengers are processed prior to boarding an aircraft. CAPPS was refined after September 11, 2001, resulting in a new prescreening system called CAPPS II. However, CAPPS II was eventually dismantled over privacy concerns. At present, an updated version of CAPPS is being used to prescreen passengers at the nation's commercial airports.
Prescreening systems such as CAPPS are an important layer in aviation security. The use of a prescreening system has operational implications in the screening of passengers with security screening devices and procedures. There are several devices available for screening passengers, where each device is an aviation security technology or procedure used to identify threat items. Threat items are those items prohibited from being carried onto aircraft, as defined by the TSA (note that the TSA periodically redefines what they consider to be threat items; for example, liquids in bottles greater than 3 ounces have been prohibited in carry-on baggage since August 2006). A device screens passengers in one of three ways: (i) checked baggage; (ii) carry-on baggage; or (iii) passengers. At present, all checked baggage is screened for explosives either by an EDS or an ETD. All passengers are screened with a magnetometer and their carry-on baggage is screened with an X-ray machine. Each device has an associated capacity, the upper bound on the number of passengers or bags that a device can screen in a given amount of time. Selectees and their carry-on baggage are differentiated from non-selectees by undergo hand searches by airport screening personnel. In some airports, selectees are screened with hand wands or trace portals and their carry-on baggage is screened by an ETD.
A weakness of any prescreening system, including CAPPS, is that such systems can be gamed through extensive trial-and-error sampling by a variety of passengers passing through the system (Barnett, 2001; Chakrabarti and Strauss, 2002). Martonosi (2005) and Martonosi and Barnett (2006) report that the underlying screening process has a larger impact on reducing successful attacks than an effective prescreening system. Barnett (2004) suggests that CAPPS II may only improve aviation security under a particular set of circumstances and recommends that prescreening systems be transitioned from a security centerpiece to one of many components in future aviation security strategies. The TSA describes prescreening systems as critical components in a layered system for aviation security, including reinforced cockpit doors, bomb sniffing dogs and deploying Federal air marshals on numerous flights (US TSA, 2004).
Aviation security experts suggest that more intense scrutiny of passengers perceived as greater security risks is a more effective approach to aviation security than increasing the screening intensity for all passengers. Barnett (2001) suggests a security policy that increases the level of screening for selectee passengers rather than diminishing the difference between selectee and non-selectee passengers. Butler and Poole (2002) and Poole and Passantino (2003) argue that 100% checked baggage screening is not cost-effective, and suggest that creating multiple levels of security for screening passengers may be more effective than treating all passengers the same.
Integer programming and discrete optimization models have been used to formulate several aviation security problems when a system such as CAPPS is used to prescreen passengers. Jacobson et al. (2001) provide a framework for measuring the effectiveness of baggage screening security device deployments for screening selectee baggage at a particular airport station. Jacobson et al. (2003) introduce three performance measures for baggage screening security systems and introduce models to assess the security effect for single or multiple airport stations. Jacobson et al. (2005a) formulate problems that model multiple sets of flights originating from multiple airport stations subject to a finite amount of security resources; these problems consider the three performance measures introduced in Jacobson et al. (2003). Examples are presented to illustrate strategies that may provide more robust device allocations across all these performance measures. Jacobson et al. (2005b) construct integer programming models for problems that consider multiple sets of flights originating from multiple airports. Virta et al. (2002) consider the impact of originating and transferring passengers on the effectiveness of baggage screening security systems. Both these papers consider classifying selectees into two types: (i) those at their point of origin; and (ii) those connecting through a hub airport. This is noteworthy since at least two of the hijackers on September 11, 2001 were connecting passengers. Lazar Babu et al. (2006) use linear programming models to investigate the benefit acquired from using multiple risk groups for screening passengers. They conclude that using multiple risk groups is beneficial for security, even when a prescreening system is not used to differentiate passenger risk. Nie et al. (2006) extend this model to consider passenger risk levels, as determined by a passenger prescreening system, and formulate the resulting model as a mixed-integer program. They find that using passenger risk levels results in a more efficient security system.
Other research has focused on the experimental and statistical analysis of risk and security procedures on aircraft. Barnett et al. (2001) report the results of a large-scale, two-week experiment at several airports to identify costs and disruptions that would arise from using positive passenger baggage matching, an aviation security procedure where passengers' checked baggage is removed from a flight if the passengers do not board the aircraft. They conclude that using positive passenger baggage matching results in an average delay of one minute per flight, and its implementation costs an additional 40 cents per passenger. Barnett et al. (1979) and Barnett and Higgins (1989) study mortality rates on passenger aircraft and perform a statistical analysis on this data. Czerwinski and Barnett (2006) analyze differences in airlines protecting passengers from death and recovering from emergencies that have occurred. They find no evidence that established airlines are safer than new-entrant airlines.
Optimal risk-based passenger screening must operate in real-time and be dynamic, responding to changes in passenger arrival rates and device utilization. This paper introduces the Sequential Stochastic Passenger Screening Problem (SSPSP) that models passenger screening strategies using Markov decision processes and discrete optimization models. SSPSP assumes that passengers are classified as selectees or non-selectees based on the output of a prescreening system. SSPSP is motivated by McLay et al. (2006, 2007), who introduce the Multilevel Allocation Problem (MAP) and the Multilevel Passenger Screening Problem (MPSP). In these problems, multiple security classes are available for screening passengers, which generalizes the binary paradigm of Secure Flight. Moreover, the set of passengers to be screened at a particular station in an airport in a given period of time is assumed to be known, and hence, the assessed threat values are assumed to be known a priori. This assumption is relaxed by SSPSP, in which passengers check in sequentially, and each passenger's assessed threat value becomes known only upon check-in. This necessitates a change in the solution methodology since all passenger screening decisions are made simultaneously in MAP and MPSP, whereas passenger screening decisions are made sequentially for SSPSP. MPSP is a static model that does not account for passenger check-in order, whereas SSPSP incorporates the effect of passenger check-in order. Since passengers are classified as selectees or non-selectees upon check-in, it is critical to understand the impact of passenger order on the ability of a screening system to systematically identify high-risk passengers in real-time to focus more effective screening technologies on these passengers. Note that this research assumes that a prescreening system such as CAPPS has been implemented and is effective in identifying passenger risk (i.e., the assessed threat values accurately quantify passenger risk) (Kahn, 2006).
The primary contribution of this paper is to identify a real-time methodology for screening passengers under a binary screening paradigm and to show how this methodology can be used to provide insights into the operation and performance of such real-time systems. This paper focuses on the theoretical issues surrounding this methodology in order to understand its fundamental properties, and the results provide an optimal policy for screening passengers in real-time. Providing strategies to screen passengers is critical in the design and development of...
|
