Time to Consider the ISIS Internal Security Threat
Do you know who is selling you that souvenir T-shirt in the airport? You might want to.
In the late 1970s, it became known to international security agencies that the Palestine Liberation Organization (PLO) owned a variety of duty-free shops in airports across Africa. They didn’t get too excited -- selling newspapers and snack food didn’t seem particularly dangerous, and the breech of security posed by terrorists with all-airport access passes doesn’t seem to have aroused any great level of concern.
But that was before we stripped to our skivvies and dumped our lattes in order to board a plane. After years of hijackings and the horrors of 9/11, surely we’re smarter now.
Or not. Following the ISIS-orchestrated bombing at the Brussels Zaventem airport, part of a two-pronged attack that killed 31 people and injured more than 300, Belgian police disclosed that more than 50 known ISIS supporters are working in the airport as baggage handlers, cleaners, and catering staff. They have unprecedented access to passenger areas, back hallways, runways, and onto the airplanes themselves. The situation was so dire before the March 22nd bombing that Israeli inspectors warned the Belgian authorities of the danger. Similar warnings may also have come from the United States. No matter -- nothing at all was done.
Some European countries, particularly the UK, have stepped up security around airports and other major facilities. But their focus is almost entirely on people passing through the system -- passengers and their families -- while the truth is the insider threat receives only perfunctory consideration in most Western venues.
Apart from airports, insider threats have been noted at nuclear power plants. In Belgium at least two atomic power stations have had jihadists working inside -- at least two of whom went off to Syria to fight for ISIS. A plot, uncovered in Belgian authorities in February, appears to have targeted a senior scientist in hopes of acquiring nuclear material. Time magazine reported that 12 nuclear plant workers were stripped of their access badges -- eight before the Zaventem bombing and four after.
The threat of an attack on a nuclear facility raises many horrific possibilities: a reactor meltdown, the theft of radioactive material for a dirty bomb, or holding a nuclear plant hostage threatening to destroy it unless specific conditions are met. But the most immediate and dire danger is a combination of an airplane hijacking and a 9/11 style hit on an atomic power plant.
This is not a threat directed only at Europe. The East Coast of the United States has a number of nuclear power plants that could be seen as targets. An international flight from Europe to the U.S. could be crashed into any one of these facilities. The reaction time once the hijacking was known -- if it became known at all -- would not be enough to head off disaster.
"External" security -- preventing hijackings or keeping bombers from sneaking into presumably secure facilities -- is not enough to head off a potential disaster. Internal security at airports and nuclear facilities urgently must be improved. Belgium did nothing, even in the light of clear warnings. There is little reason to think the United States is taking better -- and more proactive -- steps to protect American assets.
The first step would be to put proper and thorough background checks in place -- including recent activities, police records, and social connections. This clearly was not done in Brussels, where some of the 50 ISIS supporters working at Zaventem had police records. Yet they were hired and had full access throughout the airport.
Is the U.S. system any different? Are you sure?
Internal security measures, especially checking employees when they show up to work at airports and nuclear plants, are urgently in need of improvement. Periodic rechecking of all employees is also highly important; how many times have families said of radicalized members that they had recently become more religious? Recently begun attending religious services? Recently grown a beard or changed their style of dress? Behavior is a moving target; checking once is insufficient.
And much more compartmentalization is needed in terms of employee access, so that an airport or power plant badge is not an “all access” pass -- or passport to infamy. Explosives and weapons checks need consistent implementation at every sensitive location.
In addition, coordination between facilities managers and law enforcement and intelligence officials also must be stepped up and clearly focused on potential threats. Airport, subway, power plant and other officials who disregard security warnings should be held criminally liable -- a move that will stimulate management to shoulder the full responsibility of ensuring security. Labor unions need to be brought into the plan. Belgian Police Union has now revealed that they also warned about the danger at Zaventem, but no action was taken. Union workers elsewhere, including power plants, need to be engaged in the process.
Right now, the West faces a huge danger because we have focused too much on passengers and not at all on the insider threat. Leadership has been almost entirely absent. Continuing in this manner has already been a recipe for disaster in Belgium. The next target is out there.
Stephen D. Bryen is a former DOD official and author of the new book Technology Security and National Power: Winners and Losers. Shoshana Bryen is Senior Director of the Jewish Policy Center and Editor of inFOCUS Magazine.