The arrest of an airline mechanic suspected of being sympathetic with terrorists and charged with sabotaging a jetliner has renewed fear about the "insider threat" to aviation security.
Despite security upgrades since the hijacking terror attacks of 2001, breaches including a gun-running operation at the nation's biggest airport illustrate the possibility that a well-placed airline or airport employee could bring down a plane.
"Should people be worried? Hell, yeah," says Doron Pely, a former aviation security consultant in Israel. "This doesn't require a suicide bomber. It requires access to an airframe, an aircraft and motivation."
Several experts interviewed for this story said it would be difficult if not impossible to stop every determined criminal or terrorist. They said steps that might beef up defenses against an insider attack — such as requiring aviation workers to go through security checkpoints just like passengers — could add costs and slow down work that goes on at airports.
U.S. & World
The day's top national and international news.
While there have been several cases in recent years of insiders using their special access to board planes without going through security — in one case, even steal a plane — they haven't harmed passengers, and there hasn't been clamoring for tougher security.
Under federal law, people applying to work in secure areas of an airport must pass a three-part vetting process run by the Transportation Security Administration — a criminal-records check, a "security threat assessment" that includes checking their names against a terrorism watch list, and proof that they are eligible to work in the United States.
Abdul Alani, who was born in Iraq and became a U.S. citizen in 1992, passed that test and got a job repairing planes for American Airlines. There were setbacks in his career — Alaska Airlines fired him in 2008 for shoddy work, something that American apparently didn't know — but there was no criminal history, no other outward signs of problems.
On Sept. 5, Alani was arrested in Miami and charged with trying to disable or damage an aircraft. According to an air marshal's affidavit, Alani admitted that in July he used his access to the back side of the Miami airport terminal to drive up to a Boeing 737, open a compartment below the cockpit, and glue a piece of foam inside navigation equipment in such a way that pilots wouldn't be able to tell how fast or high they were flying. The blockage triggered an alert when pilots powered up the plane, and they canceled the takeoff.
Incidents of insiders sabotaging planes are considered extremely rare, although the Federal Aviation Administration does not track them and has no numbers, a spokeswoman said.
In 2013, a technician with access to the tarmac was arrested as he tried to plant what he thought was a bomb at the airport in Wichita, Kansas. He had told an FBI undercover agent that he wanted to carry out a jihad for Al Qaeda.
In 2014, a Delta Air Lines baggage handler was arrested and later convicted for using his security badge to avoid checkpoints and help smuggle guns on flights. In 2018, a Horizon Air employee stole a plane from the Seattle airport and crashed it 25 miles away. Neither of those incidents was believed related to terrorism, but both underscored the threat posed by insiders.
Investigators have found that TSA reviews sometimes fall short of the mark.
In 2015, the inspector general of the Homeland Security Department, TSA's parent, found that TSA failed to identify 73 aviation workers with security badges who should have triggered terrorism-related red flags. The reason: TSA wasn't authorized to get all terror-related information from other federal agencies. After an outcry, TSA got more access.
The watchdog office found that TSA's checking of applicants' crime history and legal status to work in the United States was even worse. "Thousands of records" were unreliable because they were missing Social Security numbers or contained merely an initial instead of a first name. TSA did not check records to see if aviation employees committed crimes after getting their security badges — it counted on the workers reporting that themselves — the inspector general said.
The same watchdog has raised concerns, most recently in 2016, about airport security IDs called SIDA badges that are lost or stolen. TSA currently requires all aviation workers to tell their airport if their badge is lost or stolen, and airports are required to deactivate those badges.
Nearly 1 million people work at the roughly 450 airports under federal control, and many of them avoid the kind of screening that passengers are subject to. Requiring them to go through security checkpoints would mean more spending on TSA and interfere with workers' ability to go where they are needed.
"Just like (with) police officers, there is a certain amount of trust you have to extend to certain people if you want the system to work," said Jeffrey Price, an aviation professor at Metropolitan State University of Denver and author of books on security. Still, he thinks we don't pay enough attention to the insider threat. "It's not easy to prevent, it's not easy to detect."
Alani, the airline mechanic arrested in Miami, was not on a terrorism or no-fly list, according to an air marshal who testified in federal court this week. He had no criminal record. When FBI agents examined his phone, according to prosecutors, they found video of mass murders carried out by Islamic State fighters and other evidence of possible terrorism sympathies.
Alani hasn't been charged with terrorism-related crimes, but he does face a charge of disabling an aircraft. If convicted, he could spend 20 years in prison.
The question for aviation and security officials is whether he could have been stopped with more careful screening or supervision.
"Hopefully this will serve as a reminder to all those that work in aviation that they need to take the existing security procedures more seriously," said Price, the security expert in Denver, "because the threat is still out there."
Associated Press Writers Bernard Condon and Curt Anderson contributed to this report.