General Aviation: A Reminder of Vulnerability


On Feb. 18, 2010, Joseph Andrew Stack flew his single-engine airplane into a seven-story office building in northwest Austin, Texas. The building housed an office of the Internal Revenue Service (IRS), along with several other tenants.

According to a statement he posted to the Internet before taking off on his suicide flight, Stack intentionally targeted the IRS due to a long history of problems he had had with the agency. In the statement, Stack said he hoped that his action would cause “American zombies to wake up and revolt” against the government. Stack also expressed his hope that his message of violence would be one the government could not ignore.

Stack’s use of violence to attempt to foster an uprising against the government and to alter government policy means that his attack against the IRS building was an act of domestic terrorism. (Terrorism is defined by the intent of the actor, not the effectiveness of the attack, a topic we will discuss in more detail at another time.) While Stack’s terrorist attack ultimately will fail to attain either of his stated goals, he did succeed in killing himself and one victim and injuring some 13 other people. The fire resulting from the crash also caused extensive damage to the building.

We have received credible reports that Stack had removed some of the seats from his aircraft and loaded a drum of aviation fuel inside the passenger compartment of his plane. This extra fuel may account for the extensive fire damage at the scene. According to STRATFOR analysts present at the scene, it appears that Stack’s plane struck the concrete slab between floors. Had the aircraft not struck the slab head-on, it may have been able to penetrate the building more deeply, and this deeper penetration could have resulted in even more damage and a higher casualty count.

For many years now, STRATFOR has discussed the security vulnerability posed by general aviation and cargo aircraft. Stack’s attack against the IRS building using his private plane provides a vivid reminder of this vulnerability.

Framing the Threat

As we have previously noted, jihadists, including al Qaeda’s central core, have long had a fixation on attacks involving aircraft. This focus on aviation-related attacks includes not only attacks designed to take down passenger aircraft, like Operation Bojinka, the 2001 shoe bomb plot and the Heathrow liquid explosives plot, but also attacks that use aircraft as weapons, as evidenced by the 9/11 strikes and in the thwarted Library Tower plot, among others — aircraft as human-guided cruise missiles, if you will. These aviation-focused plots are not just something from the past, or something confined just to the al Qaeda core leadership. The Christmas Day attempt to destroy Northwest Airlines Flight 253 demonstrated that the threat is current, and that at least some al Qaeda franchise groups (al Qaeda in the Arabian Peninsula, or AQAP, in this case) are also interested in aviation-focused plots.

Jihadists are not the only ones interested. Over the past several decades, a number of other actors have also conducted attacks against aviation-related targets, including such diverse actors as Palestinian, Lebanese, Japanese and Sikh militant groups, Colombian cartels, and the Libyan and North Korean intelligence services. Stack and people like Theodore Kaczynski, the “Unabomber,” demonstrate that domestic terrorists can also view aviation as a target and a weapon. (UNABOM is an FBI acronym that stood for university and airline bomber, the targets Kaczynski initially focused on.)

The long history of airline hijackings and attacks has resulted in increased screening of airline passengers and an increase in the security measures afforded to the commercial aviation sector. These security measures have largely been reactive, and in spite of them, serious gaps in airline security persist.

Now, while some security vulnerabilities do exist, it is our belief that any future plans involving aircraft as weapons will be less likely to incorporate highly fueled commercial airliners, like those used on 9/11. In addition to newer federal security measures, such as expansion of the air marshal program, hardened cockpits and programs to allow pilots to carry firearms, there has also been a substantial psychological shift among airline crews and the traveling public.

As Flight 93 demonstrated on Sept. 11, 2001, the new “let’s roll” mentality of passengers and aircrews will make it more difficult for malefactors to gain control of a passenger aircraft without a fight. Before 9/11, crews (and even law enforcement officers traveling while armed) were taught to comply with hijackers’ demands and not to openly confront them. The expectation was that a hijacked aircraft and passengers would be held hostage, not used as a weapon killing all aboard. The do-not-resist paradigm is long gone, and most attacks involving aircraft since 9/11 have focused on destroying aircraft in flight rather than on commandeering aircraft for use as weapons.

Paradigm Shift

This change in the security paradigm has altered the ability of jihadists and other militants to plan certain types of terrorist attacks, but that is just one half of the repetitive cycle. As security measures change, those planning attacks come up with new and innovative ways to counter the changes, whether they involve physical security measures or security procedures. Then when the new attack methods are revealed, security adjusts accordingly. For example, the shoe bomb attempt resulted in the screening of footwear. AQAP shifted the attack paradigm by concealing explosives in an operative’s underwear. In the case of planners wanting to use aircraft as human-guided cruise missiles, one way the attack paradigm can be shifted is by turning their efforts away from passenger aircraft toward general aviation and cargo aircraft.

Most security upgrades in the aviation security realm have been focused on commercial air travel. While some general aviation terminals (referred to as FBOs, short for fixed base operators) have increased security in the post 9/11 world, like the Signature FBO at Boston’s Logan Airport, which has walk-through metal detectors for crews and passengers and uses X-ray machines to screen luggage, many FBOs have very little security. Some smaller airports like the one used by Stack have little or no staffing at all, and pilots and visitors can come and go as they please. There are no security checks and the pilot only has to make a radio call before taking off.

This difference in FBO security stems from the fact that FBOs are owned by a wide variety of operators. Some are owned by private for-profit companies, while others are run by a city or county authority and some are even operated by the state government. The bottom line is that it is very easy for someone who is a pilot to show up at an airport and rent an aircraft. All he or she has to do is fill out a few forms, present a license and logbook and go for a check ride.

Mohamed Atta, the commander of the 9/11 operation, was a pilot, and one of the great mysteries after his death was the reason behind some of his general aviation activity. It is known that he rented small aircraft in cities like Miami and Atlanta, but it is not known what he did while aloft in them. It is possible that he was just honing his skills as a pilot, but there are concerns that he may also have been conducting aerial surveillance of potential targets.

But general aviation doesn’t just encompass small, single-engine airplanes like the ones owned by Stack and rented by Atta. Anyone with the money can charter a private passenger aircraft from a company such as NetJets or Flexjet, or even a private cargo aircraft. The size of these aircraft can vary from small Learjets to large Boeing Business Jets (a modified 737) and 747 cargo aircraft. In many places it is even possible for passengers to board a charter flight with no security checks of themselves or their baggage. In such a scenario, it would not be difficult for individuals such as Atta and his colleagues to take control of an aircraft from the crew — especially if the crew is unarmed.

As seen on 9/11, or even in the Stack case, there is very little that can be done to stop an airplane flown by a suicidal pilot. The North American Aerospace Defense Command launched two F-16 fighters in response to the Stack incident, but they were not dispatched until after the incident was over. Only in the case where there is restricted airspace that is constantly patrolled is there much hope of military aircraft responding in time to stop such an attack.

The 1994 incident in which an unemployed Maryland truck driver crashed a stolen Cessna into the South Lawn of the White House highlighted how there is very little that can be done to protect a building from this type of threat — and the level of security at the White House in 1994 was far greater than the security afforded to almost any other building today. The difficulty of protecting buildings from aerial attack demonstrates the need to secure aircraft so they cannot be used in such a manner.

The bottom line, however, is that it would be prohibitively expensive to totally lock down all airports and aircraft nationwide in an effort to prevent them from being used in attacks like the one conducted by Stack. In the face of this reality, the best that can be hoped for is to keep the largest (and therefore most destructive) aircraft safe from this sort of misuse.

There is currently no one authority, like the Transportation Safety Commission, that controls security at all the small airports and FBOs. In the absence of any policy or regulations tightening the security at these facilities and requiring the screening of charter aircraft passengers, the best defense against the threat posed by this vulnerability will be to educate those in the FBO and charter aircraft business and encourage them to exercise a heightened state of situational awareness.
“This report is republished with permission of STRATFOR”