Quantifying Vulnerabilities in an Airport Checkpoint
A study on the role of employee behavior in the emergence of vulnerabilities
More Info
expand_more
Abstract
Ever since the attacks on the World Trade Center, airport security has been a topic of interest. The United States was caught by surprise and the attacks triggered a renewed interest in aviation security. It was well recognized that airport security was one step behind on intelligent attackers and this created the need to developed better risk assessment methods.
Unfortunately, none of the risk assessment methods developed has the possibility to quantify the vulnerabilities in an airport checkpoint. One of the main challenges in developing a method which can do this, is to find a technique that can account for the complexity of the airport environment from which the vulnerabilities emerge. Furthermore empirical research has shown that security operators do not necessarily follow protocol, but behave as autonomous agents which regularly bend or break the rules.
A method which can potentially identify vulnerabilities in such a complex environment is agent based modeling. This modeling technique has proven to be very powerful in modeling complex systems that emerge from the behaviour of autonomous agents. Some work has been done in this area, but until now this technique has not been used to quantify vulnerabilities in an airport checkpoint. Therefore, the aim of this project is to develop an agent based model of an airport checkpoint, quantify the vulnerabilities emerging from this checkpoint and analyze the effect of employee behaviour on these vulnerabilities. To do this, the behaviour of the security operators is modeled using models that are rooted in behavioural psychology and have strong empirical backing. The employees decision making is modeled using Decision Field Theory and the employee performance is modeled using the Functional State Model.
With the model developed, a set of experiments is performed to calibrate the model and analyze the vulnerabilities. These experiments result in the quantification of vulnerabilities for a predefined set of threat scenarios.
The analysis of these threat scenarios shows that employee behaviour mainly impact threats scenarios in which a weapon is hidden in the carry-on baggage. The reason that security operators have a large influence on the outcome of this screening process is that it is the process in which employees have to perform multiple activities and make multiple decisions. It is found that the vulnerabilities in this screening process are mainly dependent on the speed/accuracy trade-off as made by the employees. The perceived risk of the detected prohibited items plays a limited role, since most prohibited items are only seen as a small risk. The performance of the employees played a less important role on the outcome of the screening process and differences in performance are mainly caused by the personality type of the agents. The personality type that put more effort into a task, outperformed the other agents. The skill level of the operators however, did not significantly effect the outcome the simulation. This suggests that the effort an operator puts in is more important than the skill level of the operator.
Finally it is found that it is beneficial to minimize the number of steps in the screening process. This benefits overall performance, since adding steps to the screening process means adding opportunities to make mistakes.