Patrick J. Brosnan

On October, 31, 2015, 224 people died when Russian Metrojet Flight 9268 from Egypt to St. Petersburg, Russia crashed in the Sinai desert. The next day Russia concluded that a bomb was responsible for the crash and a new image surfaced online of the bomb, hidden in a soda can. The image, published in the Al Quaeda magazine, Inspire, showed a soda can and what explosives experts concluded were a blasting cap and an electric initiator. The magazine said the image showed “the IED [improvised explosive device] used to bring down the Russian airliner.”

Egyptian airliner Flight 804 carrying 66 people from Paris to Cairo crashed into the Mediterranean Sea early last Thursday morning. The cause of the crash is more likely terrorism than technical fault, Egyptian and U.S. officials believe. The evidence is building that the Airbus A320 was brought down by a sudden and catastrophic explosion, consistent with a bomb having been detonated on board. Flight tracking data showing its altitude, speed and direction, ends instantaneously while the plane was at its cruise height of 37,000 feet. This, combined with reports from NBC news that a military satellite using infrared technology detected a flash at the time and location where the airplane was last tracked, strongly supports the theory that a bomb was on the plane.

A bomb concealed in a soda can snuck onto a plane on Flight 9268 and a bomb likely concealed in the cargo area or the cabin of Flight 804?  The immediate question is how? How does a bomb get on a plane undetected by the vigilant human eyes of airport security and the sophisticated digital eyes of cutting- edge, bomb-detecting technology?  Very simple: Personnel assigned to the airport in some capacity-- janitors, electricians, stewardesses, flight crew, cleaners, mechanics, captains…. the list is long -- were likely compromised by either ideology or money, or both. 

This type of “insider threat” is not new and there has been a history of radicalization among airport workers at Charles de Gaulle airport. A French Interior Ministry document in 2004 said there were "illegal prayer sites at the airport used by several Muslim airport workers" who at the time "belonged to mosques preaching radical Islam." U.S. Rep. Michael McCaul, chairman of the House Committee on Homeland Security, said Thursday "that you can have the best technology to screen, but if you have an insider threat that's somebody corrupted or radicalized or bribed, that's scary” and he is right but there are ways to mitigate this threat, to minimize the probability of a bad guy having access: a comprehensive and complete “deep dive” pre-hire investigation.  

Unfortunately, the present practice is inverted and conducts the deep investigation, the necessary investigation, AFTER an incident not before. The deep investigation is needed both pre-hire and post- incident. U.S. officials have told CNN that there will be an immediate focus on the ground crew and anyone who had access to the plane in Paris- as well as the aircraft’s flight crew to try to identify possible ties to radical Islam. How about learning of those ties before giving them the keys to the plane. It is precisely this type of investigative practice- reactive rather than proactive- that allows radicalized airline personnel to get hired in the first place. Authorities grill everyone AFTER an incident to help identify behavior that suggests radicalization and, then, take action as Charles de Gaulle airport’s bosses did in November when they identified 70 workers with ties to radical Islam and removed their badges that allowed them access. This was AFTER the Paris attacks.  How about identifying those radical ties before hiring them? Frighteningly, this same deadly “insider” threat can be easily replicated in the United States.

The current screening practices for airline personnel in the United States are weak and seriously flawed.  The airlines and the TSA request and accept screening results that are minimal in scope and subpar in totality yet allow them to meet requirements- to be compliant, minimally.  The scope of these pre-hire investigations are similar to the vetting of a visiting nurse or a Mcdonalds manager- not nearly comprehensive enough to inform a decision to hire an individual in such a key role (a role that can be easily compromised by cash or ideology). A particularly glaring -- and terrifying -- weakness is the investigation of an individual’s criminal history. Due to budget constraints and, perhaps, institutionalized laziness by government decision-makers, subpar background screenings are conducted by companies whose methodology is often operationally flawed, resulting in an incomplete and inaccurate criminal history report of an individual and, worse, these reports are accepted by bureaucrats who should, who must, know better.  Often, these false and misleading reports are the result of laziness on the part of the screening vendor and a willingness to accept inexpensive and wholly inaccurate results by the client -- ever wary of cost.. Either way, criminals sneak into positions that are vital to public safety.  By the way, these reports are so prevalent in the industry that they have their own name- vapor reports. These are seriously troubling flaws in the institutionally-established (and accepted) processes and scope of background screening in America today. As the CEO of a NYC firm that conducts over 20,000 pre- employment screens annually, these flaws compelled me to write The Ten Commandments of Background Checks -- 
a guide to assist governments, Fortune 500 companies, schools and all others who have the need to conduct a pre-employment background screening.  

The First Commandment:
Thou shalt Not Rely Solely on Criminal Records Searches

A National Criminal Records Check does not exist in the USA and is a misnomer. A statewide repository check for Criminal Records does exist but has gaping holes. The completeness, accuracy and consistency of these records vary greatly from state to state. In many states, California and Illinois for instance, many of the counties do not even report criminal record data to the state. Ever. This disconnect between the county, where the arrest is actually made, and the state, where the records are deposited, is an ongoing problem with no solution in sight. The reasons are many and range from human error to arcane laws. Bottom line: Statewide checks are inherently flawed and dangerously incomplete. When performing a criminal records search, proper due diligence requires a tightly-focused county criminal court search in all of the counties the subject has resided as an adult. No Exceptions.

A $1.3 million advertising campaign launched this month between the ad council and the Transportation Security Administration is a perfect example of mixed priorities. The campaign aims to change behavior of passengers who no longer automatically accept post-911 airport security procedures. The TSA also just announced it will be spending additional millions on public relations, new uniforms and office furniture. This misguided and irresponsible spending must stop. Americans need properly-vetted airline personnel, not new couches or feel-good ad campaigns.

A billion dollars worth of technology at the security gate will not prevent authorized personnel from being compromised.  Don't hire them in the first place and they will never have the access needed to destroy us. All too often, our enemies are hiding in plain sight.

Get Started with Brosnan®

People, Equipment and Services for Your Organization’s Security Needs