Developing a framework for the determination of the attractiveness for the security assessment of airport cargo areas

Master Thesis Crisis- and Security management

2018

Developing a framework for the determination of the attractiveness

for the security assessment of airport cargo areas

Nick Klarenbeek

A thesis submitted to Leiden University in The Hague in partial fulfillment

of the requirements for the degree of Master of Science Crisis and Security

in the Faculty of Governance and Global Affairs (Crisis and security

management

The Hague, 13

of June 2018

S2092409

Supervisor: Dr. Gabriele Landucci

Second Reader: Mr. Wout Broekema

Index

Chapter I: Introduction ……… 3

The aim of this thesis………. 4

Relevance …..……….. 6

Chapter II: Theoretical framework ……… 8

Security risk assessments ……… 8

Attractiveness ……… 10

Airport security ……….. 18

Chapter III: Methodology ………... 20

Operationalisation ……….. 22

Gathering data to assess the attractiveness for Schiphol ………. 30

Pitfalls and validity .. ……… 34

Chapter IV: Analysis ………. 36

The score tables for Schiphol ……… 36

Evaluating the hazard based facility scores for Schiphol ………. 37

Evaluating the site specific attractiveness scores for Schiphol ………… 39

Assessing the final scores for Schiphol airport ………. 43

Chapter V: Discussion ……….. 45

Chapter VI: Conclusion ………. 47

References: ……… 51

Chapter I: Introduction

This chapter introduces the research topic and research question. The academic relevance and societal relevance will also be discussed.

Introduction

Schiphol is continuously putting effort in optimizing its airport security procedures. With the experiment of the Personal Security Pass in late November 2017 being the latest example of these efforts (NOS, 2017). The importance of optimizing security is, beside creating a more secure environment, also economical. In August 2017, a rapport explained that Schiphol has welcomed a record number of passengers to the airport in the first half of 2017 (Financieel Dagblad, 2017). Despite this record, the amount of profit did not comply with this trend. It became clear that rising security costs effectively limited the profit made on Schiphol. Due to the trend of ever more securitization across different sectors it becomes clear that security is a major topic (Trombetta, 2008). This marks a dilemma for airports such as Schiphol, on the one hand it must invest money in its security and on the other hand this spending negatively influences the airports’ potential profit. Airports therefore have to find a way to financially effectively organize its security and to ensure an acceptable level of security on the airport. Risk-based security assessments can prove to be a solution to increase efficiently of airport security. Such assessments are more specific and prove to be more cost-effective. In the US risk-based security assessments have been used more regularly in airports by the Transport Security Administration since 2011 (Simmons, 2015). The goal of these risk-based security assessments is to make airport security more efficient and to make airports safer. In the case of risk-based security approaches on airports these should deliver tailored security procedures according to local contextual conditions (Cunha, Macário, & Reis, 2017). This approach is however still seen as a more alternative security strategy for airport security.

The use of risk assessments is not limited to airports. The range of sectors in which risk assessments are being used is diverse. In water management for example one of the possible options for making use of risk assessments is for preventing that concentrations of hazardous chemicals exceeding the safety norm (Howd & Fan, 2008). Risk assessments are also used for predicting at which geographical location it is most likely a that natural disaster (such as a landslide) may occur. This is for example useful in the tourism industry since such an

the financial sector there is also use for risk assessments, for example with regard to risks of someone not being able to pay back their credit (Vovk, Knopov, & Pepeljaeva, 2010). These examples from the industrial, tourism and financial sector show the wide range of practices for risk assessments. The underlying principle of these risk assessment is about determining the likelihood and consequences of a specific scenario. Concerning risk assessments in the industrial and financial sector there seems to be a substantial amount of literature. On airports however the amount of literature surrounding the topic of security risk assessments seems to be less substantial. The literature that is concerned with this topic is often connected to the pricing and costing of security (Gillen & Morisson, 2015). In general security risk

assessments can help managers by evaluating which place in the organization is the most vulnerable (Cox, 2008). These calculations can therefore also determine which part of the security system of the organization needs the most resources. In the case of the ever growing costs of airports risk based security assessments can therefore be an outcome. Security risk-assessments are often made for critical installations. Due to its economic importance in the region and the amount of people involved with airports they can be seen as critical

installations and therefore the use of security risk assessments seems applicable to airports.

The aim of this thesis

As stated above the body of knowledge surrounding the practices of security risk assessments on airports is not as substantial. When it concerns airport cargo areas this gap in literature becomes even more apparent. There has been some research to security risk assessments for a terrorist attack that involves the cargo area of an airport(Cunha et al., 2017). The amount of literature concerning terrorist attacks to cargo areas is however not as extensive as literature surrounding a terrorist attack on the passenger area of airports.

This thesis aims to contribute to the strengthening of the body of knowledge surrounding security risk assessments to the cargo areas of airports. It will provide an outline for a framework that can be used to determine a concept connected to security risk-assessments. The concept in question is the proxy attractiveness, this concept is not systematically used in security risk assessments yet. However the concepts does seem to be a good extension to the overall quality of the security risk assessments that are developed. Attractiveness concerns determining how attractive a certain facility is for a potential terrorist attack. The use of attractiveness as an extension for security risk-assessments is becoming more standard practice in the American petroleum industry (API recommended practice 780 , 2012). Since

attractiveness as a proxy for security risk assessments can prove to be an interesting path to explore. This thesis aims to explore this aspect of airport security and to provide a framework that can be used to determine attractiveness of cargo areas on airports. To provide an example of how such an assessment can be made the cargo area of Schiphol airport will be assessed as a case. Due to its importance for the region and the amount of information surrounding this airport, Schiphol makes an interesting case to analyse for this thesis.

In line with the aim of the thesis the following research question will be central for this thesis:

To what extent can the concept attractiveness be adopted as a proxy for security risk assessments to the cargo areas of airports?

This question will form the basis of this research and the following chapters are aimed at providing an extensive answer to this question. The answer will ideally allow for more complete security risk assessments to cargo areas of airports in the future. Besides a new framework for determining the proxy attractiveness for air transport cargo areas, two products will emerge out of this thesis:

▪ A framework that provides an evaluation of the attractiveness for the Schiphol cargo area.

▪ A blank document that contains the formulas for defining attractiveness on other airports.

The goal of developing these two products is to improve further research to this topic. One can use the developed framework for Schiphol as an outline. The blank document can consequently be used to assess the cargo area of another airport.

Since attractiveness is a proxy of risk-based security assessments the outcome of this thesis does not imply that the security of Schiphol is sufficient or that Schiphol is at risk. It elaborates on whether the cargo area of Schiphol is attractive as a target or whether it is not likely to be attractive. The main goal of the thesis is to develop a framework that can be used to better analyse the security of cargo areas of airports. Attractiveness in combination with a security risk assessment makes it possible to draw conclusions about the security of Schiphol.

To successful develop the framework it is important to create a scenario to which this framework can be connected. In this thesis the scenario will be a bomb hidden in cargo that

a relatively simple tactic for terrorist to use in case they desire to attack an airport cargo area. In the paper of (Cunha et al., 2017) a hidden bomb is also taken as a starting point for a terrorist attack. Another reason to make a risk assessment of a bomb attack is that there is no pathway involved. This reduces the complexity of the analysis. If there is an attack that involves terrorist’ presence on the site a pathway has to developed which makes the risk assessment incredibly complex and is likely to be beyond the scope of the length of the thesis.

Relevance

Academic

Scientific literature shows that risk-based security approaches are widely used across sectors. While there is substantial literature surrounding airport security the amount of literature that combines the use of risk-assessments with airport security is lacking, especially when it concerns cargo areas of airports (Cunha et al., 2017). Despite the importance of this topic it became clear that literature concerning this topic needs to be strengthened. There does not seem to be another research that evaluates the attractiveness of airport cargo areas for terrorist attacks. This thesis aims to fill this gap of knowledge. This research seems to be a new

development in academic literature. The framework that is developed in this thesis can be used to compare the level of attractiveness of different airports. This can be an interesting starting point for future research into security of cargo areas.

Societal

Besides the scientific relevance of this research it also holds some societal relevance. The consequences of a successful attack on an airport cargo area can be serious for the airport and the people in the region. If traffic on the airport needs to be stopped as consequence of the attack this is likely to have financial consequences. This may in turn affect the people that work on the airport. It is therefore of importance to evaluate the security of airports in different ways. While this research does not directly address the level of security levels on airports it can be used as an extension to the topic. In this thesis the focus will be on Schiphol, however since an universal framework is developed other airports can also be assessed. Hopefully this contributes to the security on airport cargo areas and therefore this research holds a societal relevance as well.

Chapter II: Theoretical framework

This chapter discusses literature relevant for this thesis. It is categorized in three segments, security risk assessments in general, attractiveness and airport security. These topics will be clarified through the use of academic literature.

Security risk assessments

A risk based security assessment is a method of determining the vulnerability towards a certain threat of a facility. The facility in question is often a critical installation such as an chemical complex. If done correctly the risk assessment should enable the researchers to point out the weaker points of the installation on a map. A risk based security assessment can also be used to elaborate on the consequence of an attack on a facility. Security risk approaches for critical installations are mainly done through organizations or academics. One such an

organization that is involved in making these assessments is The American Petroleum Industry (API). This institution provides guidelines for making security risk assessments (SRA) which can be used as a guidelines. The API describes a security risk assessment as the following:

“A SRA is a systematic process that evaluates the likelihood that a given threat actor (ex: activist, criminal, disgruntled insider, terrorist) will be successful in committing an intentional act (ex: damage,

theft) against an asset resulting in a negative consequence (ex: loss of life, economic loss, or loss of continuity of operations). It can consider the potential severity of consequences and impacts to the facility or company itself, to the surrounding community and on the supply chain.” (API, 2007, P.6) Out of this definition it becomes clear that the goal of the security risk assessment is to determine the consequences and the impacts of a successful intentional attack from a threat actor. This threat actor does not have to be a terrorist but can also be an individual with criminal intentions or hostile feelings towards the organization. To determine the risk for a facility, a basic framework for risk assessments exists. In his paper concerning security risk assessments Cox (2008) argues that the classical framework for security risk assessments in the chemical industry if formed by the following formula:

Risk = Threat x Vulnerability x Consequences

This formula is the framework for priority setting against terrorist attacks to United States’ infrastructure. It shows that there are three main concepts which values have to be determined to calculate the risk: threat, vulnerability and consequences.

Threat

Cox (2008) describes the definition of the concept threat (T) is the following:

Any indication, circumstance, or event with the potential to cause the loss of, or damage to, an asset or population. In the analysis of risk, threat is based on the analysis of the intention and capability of an

adversary to undertake actions that would be detrimental to an asset or population. (Cox, 2008, P.1750) 


This means that threat is about situations which can cause harm to the organization or facility. Harm can mean damage to, or loss of human lives or assets of the organization. In the case of terrorism there is an intentional threat towards the organization since terrorism is aimed at damaging the system. The determination of thereat is based on the intention of an adversary and the capability to undertake actions that would harm the organization.

Vulnerability

Vulnerability (V) is defined as the following (Cox, 2008)

Any weakness in an asset’s or infrastructure’s design, implementation, or operation that can be exploited by an adversary. Such weaknesses can occur in building characteristics, equipment properties, personnel behaviour, locations of people, equipment and buildings, or operational and

personnel practices. (Cox, 2008, P.1750)

As one can extract out of this definition vulnerability can come forth of different elements. This concept is bounded to the characteristics of the organization or the building in question. To determine the vulnerability it is important to know what the potential weaknesses are. A potential domino effect can also prove to be a vulnerability since it triggers a series of harmful events. This will be further discussed in a later part of the theoretical framework.

Consequences

Cox (2008) defines the concept of consequences (C) as the following:

The outcome of an event occurrence, including immediate, short- and long-term, direct and indirect losses and effects. Loss may include human casualties, monetary and economic damages, and environmental impact, and may also include less tangible and therefore less quantifiable effects, including political ramifications, decreased morale, reductions in operational effectiveness, or other

impacts. (Cox, 2008, P.1750)

is also aimed at determining the effects on the long term. Besides quantifiable aspects one also has to take in account the unquantifiable aspect in determining consequences.

Despite the common use of this classic formula (Equation I), Cox points out several

limitations of this approach (Cox, 2008). One such limitation is the use of semi-quantitative approaches for rating consequences and vulnerabilities.It is pointed out that there are some illogical consequences in this system of determining the risks. The same accounts for determining conditional risks, the formulas used tend to sometimes give values that seem incorrect. According to Cox this leaves facility owners with the chance to manipulate the outcomes of risk assessments.

The concepts threat, vulnerability and consequences can be ambiguous. Threat for example can be self-defeating if the attacker possess intelligence about the risk assessments made by the defender. This can help the attacker in deciding where to stage an attack. It is also hard to come up with a single value for vulnerability since obstacles do not have to be decisive but can also be dealt with during an attack. To monitor a potential attack it better to use a model since this can recreate a pathway of the attack. Consequence is not a certain number but can be subjective. Therefore it is hard to come up with a number that accurately represents this. Cox therefore argues that decision trees and models need to made when it concerns terrorist attacks. This way an attacker is no longer a dice rolling factor but an intelligent factor.

In the US the department of homeland security (DHS) and the American Society of

Mechanical Engineers Innovative Technologies have used risk based approaches to provide insight in the risks in case of a terrorist attack on a “critical asset” for example a chemical plant (Moore, Fuller, Hazzan, & Jones, 2007). The name of this project is RAMCAP, Risk Analysis and Management for Critical Asset Protection. The goal of this project is to see which resources need to be located to which place to keep the risk of a successful terrorist attack as low as possible. An important aspect of the RAMCAP is that the project determined universal values for the concepts of vulnerability and consequences. This makes it possible to better externally validate the results of the risk assessments.

The use of risk assessments

Owners of a facility may use the outcomes of risk assessments to determine their resource allocation (Cox, 2008). The areas of the facility that face the highest risks should receive the

out of risk assessments should be combined with the available budget. The highest risk should not automatically be the risk that consumes the limited resources. One should carefully

determine how these funds best can used to optimize the risk reduction.

Qualitative risk assessments

Despite security risk-assessments being often more quantitative of nature, there are examples of scholars using qualitative techniques to determine the risks status of a facility. Bajpai and Gupta (2005) for example took a different approach to determining the risk for a chemical processing plant. They make a distinction between inside threats and outside threats. Inside threats are disgruntled employees, former employees and contractors. These groups would be more focussed on creating financial damage for the company (Bajpai & Gupta, 2005).

Outside threats such as terrorists and cults would be more focused on the number of fatalities. The difference of this work in comparison to other risk-assessment literature is that the score points are qualitative. Normally the concepts are linked with a specific number based on the amount of casualties, damage etcetera. These concepts are therefore quantitative. Bajpai and Gupta (2015) however have developed a table in which the user should connect different factors to a specific degree. The total score that comes out of this table could be linked to the risk status of the facility.

Attractiveness

As discussed above the American Petroleum Industry is concerned with developing threat assessments for the industry. A factor in developing these assessments that is described is the attractiveness of the target (API recommended practice 780 , 2012). Something which is not specifically taken into account in the classical formulation of threat assessments. An

attractiveness assessment can represent an initial screening phase to support a security risk assessment. The API describes that attractiveness can range from five different levels from one being very low hence being very unattractive. The highest level, five, means a target is very attractive. Attractiveness assessments are also involved with other aspects of the SRA such as threat identification, vulnerability assessments, risk evaluations and risk management (Argenti, Landucci, Spadoni, & Cozzani, 2015). Literature does not systematically adopt attractiveness in the SRA methodologies. Despite this the concept can prove to be factor to come to a more thorough risk assessment. The API described attractiveness as the key parameter to determine the criticality of a target at the first level of screening. They also

assessment of attractiveness is based around the estimation of a value of a target or asset to a specific threat. This means that specific traits of the asset are important, for example the potential of casualties or property damage.

According to API SRA methodology, the security risk is defined as an expression of the likelihood (L) that a defined Threat (T) will find an asset Attractive (A) and successfully commit an act against it, taking advantage of Vulnerability (V) to cause a given set of security Consequences (C) (Argenti et al., 2015). This definition leads to the following expression of risk evaluation:

Risk = (Attractiveness x Threat) x Vulnerability x Consequences Or R = (A x T) x V x C (2)

Attractiveness multiplied by threat can also be expressed through L1. If done L1 represents the

likelihood of an attempted act against the asset. Vulnerability can be represented through L2 in

which case the concept is defined as the likelihood of success of the act. Renaming these factors results in the following risk evaluation formula:

R = L1 x L2 x C (3)

Calculating attractiveness

For determining the overall attractiveness index two concepts are essential: IH and  (Argenti

et al., 2015). The formula to determine the attractiveness, IA, is the following:

IA = IH x  (4)

IH represents the hazard-based attractiveness index. This index is an indicator of the

quantifiable value of a potential target installation. For example the potential financial losses and fatalities are represented in IH. This concept is connected to the perception of the

terrorist’s aim of the attack. Argenti et al. (2015) developed several tables that enable one to assign a score to the potential population in the impact area, the amount of hazardous

substances and the number of vulnerability centres. In their case IH is divided between IFH (the

process facility hazard index) and ITV (impact area vulnerability index). IFH is defined as

“associated to hazards connected to the target installation due to relevant inventories of hazardous materials”. This means that the score of IFH is influenced by the amount of

hazardous substances that a facility handles. ITV is a combination of the population (IP, the

centre is a site in which the population is much higher than in normal areas, a hospital for example.

 represents the induction index and is used to increase that value of IA according to area and

facility specific characteristics. The value of the induction is determined by the systematic identification and scoring of a set of threat triggers and deterrence factors. Argenti et al. (2015) also developed tables to determine the induction index. Ideally  is determined on information that is generic and non-specific with respect to the facility or to the location. The formula to determine  is:

 = 1 + F (5)

More specifically F is developed out FA and FT. FA is the attractiveness increase sub-index

and involves both socio-economical aspects and strategical aspects. FT is the threat worsening

sub-index and involve location specific conditions, symbolic value and public perception around the asset. The formula the to determine the  is:

 = 1 + (Fa + FT) (6)

The concepts FA and FT are further broken down into general aspects gA1, gA2, gT1 and gT2.

The value of the general aspects are further determined by specification elements. These are questions that can be answered either positively or negatively and consequently result in a specific score. Argenti et al. (2015) have developed two tables which contain the description of the specification elements and the applicable score. The value of FA can be determined by

adding up the values for gA,1 and gA,2. The description of the specification elements for these

general aspects are represented in Table 1:

Table 1: gA,1 and gA,2 scores with complementary specification elements as in Argenti et

al. (2015) General aspect Specification elements Qualitative estimate description Score 

gA,1 sA,1 PRESENCE Public ownership/State participation in company

management. Company may be seen as a symbol of state authority

ABSENCE Private ownership 0

gA,2 sA,2 PRESENCE Presence of military targets, Institution buildings, embassies,

monuments of high symbolic value, critical infrastructure in the

site proximity

0.1

ABSENCE Absence of military targets, Institution buildings, embassies,

monuments of high symbolic value, critical infrastructure in the

site proximity

0

sA,3 PRESENCE Chemicals that can be used as Weapons of Mass Destruction are stored/handled/processed/produced

in significant quantities in the site

0.1

ABSENCE Chemicals that can be used as Weapons of Mass Destruction are

NOT

stored/handled/processed/produced in significant quantities in the site

0

The presence or absence of the factors described in the table allow the user to determine the FA of a facility. This “attractiveness increase” sub-index FA considers both socio-economic

and strategic aspects. Socio-economic factors are represented by gA,1 and the strategic factors

are represented by gA,2.

The table developed by Argenti et al. (2015) that describes the specification elements and the connected scores for the assessment of FT are represented by table 2 and table 3. To optimize

the practicality of this table it has been divided in two tables for this thesis. Originally in the paper of Argenti et al. (2015) this was just one table containing both gT,1 and gT,2. In this

Table 2: The gT,1 scores and complementary specification elements as in Argenti et al. (2015) General aspect Specification elements Qualitative level Description Score  gT,1 sT,1 Low Threat history provides no records of

attacks to similar facilities. The presence of terrorist cells or activist groups tin the

area can be excluded/has never been documented

0

Medium Threat history provides no records of attacks to similar facilities. Suspect of terrorist cells’ or activists’ group presence

exists

0.05

High Threat history evidences attacks to similar facilities. The activity of terrorist cells or

activist groups in the area is confirmed

0.1

sT,2 Low A context of political stability and democracy exists. Governing authorities are legitimated and supported by populace

0

Medium Few opposition groups willing to mine government authority exist and may be blamed for violent actions. Existence of

political factions

0.05

High Political instability and internal conflicts exist. Social order control and maintenance is periodically disrupted

0.1

sT,3 Low Strict legislation concerning, the transport, selling and detention of weapons of any

nature. Effective and diffuse implementation of controls by police

forces

0

Medium Legislation concerning, the transport, selling and detention of weapons is

present but control is not a priority

High The transport, selling and detention of weapons is poorly ruled an uncontrolled. Third-party interest in favouring weapons

market

0.1

This table enables the user to determine the value of gT,1. This concept represents

location-specific conditions that may enhance the capability of threat agents. It considers factors which result from the nation in which the facility is located such as presence of terrorist groups, political instability and legislative attention. This table ranks scores according to the level to which a specification element is applicable resulting a low, medium or high scoring system.

Table 3: The gT,2 scores and complementary specification elements as in Argenti et al. (2015) General aspect Specification elements Qualitative level Description Score  gT,2 sT,4 Low Company reputation and image are

extremely positive. Local community judge company activities beneficial

-0.05

Medium Company activities are accepted by local community. Few aversion motives of

minor importance

0

High Company reputation and image are extremely negative. Existence of

organized aversion groups

0.05

sT,5 Low High level of engagement of local stakeholders. Transparency and continuous information sharing to enhance

community awareness of company activities

-0.1

Medium Medium level of engagement of local stakeholders. Company activities are accepted by local community. Few aversion motives of minor importance.

High No engagement of local stakeholders. Creation of a climate of suspicion and

mistrust

0.1

sT,6 Low No interactions with cultural/historical, archaeological, religious heritage. Absence of activist groups on the area/ No

evidence of aversion by activist groups.

0

Medium No significant interactions with cultural/historical, archaeological,

religious heritage. Sporadic demonstrations of aversion by local

activist groups

0.025

High Negative interactions with cultural/historical, archaeological,

religious heritage. Frequent demonstrations of aversion by activist groups attracting regional/international

media attention

0.5

Table 3 involves the determination of gT,2. This concept is about symbolic value and the

public perception of the facility. Same as in table II the scores are divided between low, medium and high. Some specification elements can potentially also result in a minus score, when a facility faces a high level of stakeholder engagement for example (sT,5).

The gT,1 and gT,2 are the two general aspects that form the “threat worsening” sub-index FT.

To calculate FA and FT the following formulas apply:

FA = gA1 + gA2 (7)

FT = gT1 x (1+gT2) (8)

As can be derived from formula six, F equals FA and FT added together. To further determine

the , one needs to simply add 1 (as seen in formula 5 and 6).

The way the formula is constructed means that  only has a positive effect on IH. If an asset is

community and is at the same time an extremely symbolic and strategic target  adds up to a score of 1,6.

According to Argenti et al. (2015) the scale to determine attractiveness is the following. A score between two and five means that a site has a low attractiveness for a terrorist attack. A score between five and eight means that a site has a medium attractiveness. If the score is eight or higher the asset has a high attractiveness for a terrorist attack on the facility. In the paper it is argued that literature methods surrounding risk assessments do not

systematically the address the attractiveness of facilities. An integration of social, economic and political interests would be beneficial for a more structured evaluation of process facilities attractiveness it is argued.

For better understanding Argenti et al. (2015) developed a graphical representation for their concepts as represented in figure 1:

Figure 1: Graphic representation for determining IA as in Argenti et al. (2015)

This representation provides a simple overview of the formulas that are being used and their basic meaning. It also provides a ranking of IA to determine which attractiveness level is

represented by which score.

Hazard-based facility attractiveness

Quantitative assessment

Process Facility Hazard Index (IFH)

Quantity of hazardous substances handled, normalization against Seveso Directive thresholds

Impact Area Vulnerability Index (ITV)

Inhabitants

Number of vulnerability centres

HAZARD-BASED ATTRACTIVENESS INDEX

IH = IFH + ITV

Site-specific attractiveness index

Qualitative estimate

Strategic ideological triggers increasing attractiveness (FA)

Local specific conditions: Public perception related aversion, threat history, socio-political context (FT)

INDUCTION INDEX

f = 1 + F = 1 + (FA + FT)

Overall Attractiveness Assessment & Ranking

IA = IH x

f

Index value 2 < IA < 5 5 <IA < 8 IA > 8

Airport security

Risk based approaches in airport security

Airport security is complex and layered, this makes staging an attack increasingly difficult (Jackson & Latourrette, 2015). Currently the risk of a terrorist attack on an airport or airplane is incredibly low (Steward & Mueler, 2015). This led to scholars questioning the

cost-effectiveness of airport security measures. (Gillen & Morisson, 2015) argue that airport security is growing to be incredibly expensive. Some of the measures used to guarantee security seem to cost a lot of money and are not in line with the additional security provided (Steward & Mueler, 2015). At this stage risk-based assessments can play a role. Since these assessments point out what parts of an airport are most vulnerable managers can determine which section deserves the available resources. Cunha et al. (2017) conducted a study to check if cargo security costs could be optimized by the use of such assessments. They made a case study out of six different small and medium airports located in Portugal and Turkey. After the September 11 attacks there has been a lot of research done concerning the passenger side of security. Cargo however did not receive the same amount of attention in research. In their paper they argue that there are risks, mainly the inside threat, involved with the shipping of cargo. Although the main problem in the shipping business is theft it cannot be excluded that perpetrators use the weaknesses to stage an attack. In their paper Cunha et al. (2015) use the classical formula (equation I) for determining risk.

Threats for airports

Airports face a wide range of different security threats. Examples are technical failures that endanger passengers or a terrorist bomb attack. An important difference however is that while technical failures are unintentional, damage done by terrorism is intentional. As history shows terrorist can attack airports in different ways. In the case of air cargo transport several threats are mentioned in literature including hijacking an all-cargo plane and introducing an

explosive to a passenger-carrying aircraft via the air cargo supply chain (Price & Forrest, 2013).

In this thesis the consequences of a bomb attack on the cargo area will be examined. There are different kind of explosive attacks. Risk assessments surrounding facilities are influenced by the sort of explosive attacks they expect to deal with. There is a difference between an industrial explosion and a voluntary explosion (Salzano, Antonioni, Landucci, & Cozzani, 2013). In case of a terrorist attack a home-made bomb can be a likely tactic. In this case there

TATP (Triacetone Tiperoxide Peroxyacetone) (Salzano, Landucci, Genserik, & Cozzani, 2014, 36,). An important environmental factor for a voluntary bomb attack is the possibility of a domino effect. Such an effect can occur when the first bomb explosion triggers further explosions or fires in the facility. This is why when it concerns chemical factories a ring of protection is established to limit a domino effect (Landucci, Reniers, Cozzani, & Salzano, 2015).

The financing of airport security

Who finances airport security is different from country to country (Prentice, 2015). There are nations in which airport security is financed by the state (Mexico). In Canada security is financed entirely by the airlines that use the airport. This poses a problem since it drives up the ticket prices in Canada and therefore affects its competitiveness. The security of Schiphol is financed by the different airline companies that use the airport. Schiphol therefore seems to face a similar problem as in Canada resulting in negative effects on its competitiveness.

Security responsibilities on Schiphol

The final responsibility of the security of Schiphol lies with the ministry of justice and security (Rijksoverheid, 2018). When it concerns policy and rules among airport security the “directie bewaken, beveiligen burgerluchtvaart” (DB3) is involved. The DB3 is part of the national coordinator terrorism prevention and security (NCTV). The exploiter of the airport (in the case of Schiphol Royal Schiphol Group) is responsible for the implementation of these rules and policy. Royal Schiphol Group is a private enterprise that consists out of four main shareholders. To oversee that security measures are correctly implemented the “Koninklijke Marechaussee” oversees the airport and also contributes by armed patrols on the airport. The only private main actor involved in the security policy of Schiphol is Royal Schiphol Group, the other three main actors are connected to the Dutch government.

Chapter III: Methodology

This chapter elaborates on the nature of this research. Furthermore the framework that is used to determine the attractiveness for airport cargo areas is developed. New concepts will be introduced and discussed. There will be also a description of what information is needed to assess the case of Schiphol and how this data can be gathered.

Nature of this research

As this research starts out with a specific research question the nature of this research is deductive. It is aimed at testing the applicability of certain concepts of security risk

assessments on airport cargo areas. This theory to data approach contributes to the deductive nature of this research (Soiferman, 2010). Deductive elements such as operationalisation of concepts, structured approach and the fact that the researcher is not connected to the unit of analysis are also deductive elements applicable to this thesis (Brymann, 2012).

Besides the deductive nature of this research this research also has an explorative nature. As becomes apparent in chapter one the amount of literature surrounding the use of security risk assessments in airport cargo areas is marginal. This results in the need to further explore this domain and to connect it with security risk assessments from other sectors. This explorative nature can be found in the research question since it aims at finding a possible structure to connect the use of attractiveness to airport cargo areas. Explorative research concerns the clarification of the nature of the problem (Doyle, 2011). This is also the case for this research since it aims to clarify and elaborate on the use of attractiveness for security risk assessment to airport cargo areas. It seems like there has been no previous research to this specific topic. As will become more clear in a later stage of this chapter the data for this thesis is gathered in qualitative ways. Data about Schiphol is received from staff connected to the Schiphol cargo area and documents released by Schiphol group or news sources. To a certain extent this is in line with the qualitative methods interviews and document analysis (Franco, 2016). Hopefully the results of this thesis will enable for further more quantitative research into the domain of security for airport cargo areas. As emerged from the theoretical framework security risk assessments are mainly developed by quantitative means. There are however some examples of researches using qualitative methods for security risk assessments (Bajpai & Gupta, 2005). As in Argenti et al. (2015) the framework developed in this thesis aims to connect qualitative estimates to quantitative scores. This results in qualitative methods used for gathering data

used for the case (Schiphol) and a more quantitative nature of the results that emerge out of this thesis.

The goal of conducting a case study about Schiphol airport is to show how the framework developed later in this chapter has to be used. Since Schiphol is the only case in this thesis the design is a holistic single case study design. Since it would be too time-consuming to conduct multiple case studies this is the resulted design.

Evaluation of the transferability of the model of Argenti et al. (2015) on airport cargo area

As discussed in the first chapter there is plenty literature surrounding security risk

assessments (Cox, 2008) (Bajpai & Gupta, 2005) (Cunha et al., 2017). When it concerns the concept of attractiveness the amount of literature is less extensive. The API and Argenti et al. (2015) provide a systematic description of a framework for assessing the attractiveness of (chemical) installations. Since this thesis aims to develop a framework which can be used to determine the attractiveness of airport cargo installations these two works will be used as a guideline. To achieve this goal the current framework to determine the attractiveness for a facility of Argenti et al. (2015) has to be made fitting for airport cargo areas. As it is currently written for chemical installations (see Equation 4) it cannot be completely be transferred to airport cargo areas. Since this formula is aimed at determining the attractiveness of chemical facilities some moderation is required to make it fitting for the cargo areas of airport. In the literature of Argenti et al. (2015) IH represents the technical assessment of the particular asset.

It was constructed out of the process facility index (IFH) and the impact area vulnerability

index (ITV). Since IFH is specifically connected to the hazardous materials a facility handles it

is strongly connected to chemical installations. This leads to issues with the transferability of the concept to cargo areas of airports since these are not or little connected to chemical facilities. Also the ITV is not completely transferable to the cargo areas of airports. Since it is

unlikely that there will be a domino effect after a bomb explosion in the cargo area the population that is potentially affected is significantly smaller. Using the tables to determine IFH and ITV developed by Argenti et al. (2015) for chemical installations to airport cargo areas

will result in unjustifiable scores. Therefore the current IH needs to be adapted to successfully

use to determine the attractiveness for cargo areas.

industrial facilities. The general aspects and complementary specification elements support this, they are mainly connected to the environment and reputation of a certain asset. The site-specific attractiveness index is therefore transferable so this is not altered in the framework.

Operationalisation

Constructing the Hazard-based attractiveness index

To develop a new framework for the IH one has to determine the characteristics that make a

cargo area of an airport potentially attractive for a terrorist attack. To achieve this it is

important to gather information surrounding cargo areas of airports. Also it is important to see whether there have been similar attacks in the past on other cargo areas. If this has happened it is interesting to see which the motives were for this attack and whether these motives can be developed into the framework.

According to this information variables to determine IH can be developed. Since Argenti et al.

(2015) already developed a system for calculation IH this thesis will not develop a new

method. In practice this means that variables will have a similar scoring system as in Argenti et al. (2015). So a certain amount of damage will be represented by a certain value. The values of all the variables together will form the IH of the airport in question. To keep the

framework accessible and easy to work with it is important that information gathering is not a too difficult, time-consuming process. Especially since attractiveness is a mere proxy of the security risk assessment and not the core.

To develop a new IH it is essential to address the starting points of the original IH of Argenti et

al (2015). Essentially this seems to exist out of two principles. The first principle is the danger and potential damage done to and by the facility, the original IFH. The second principle

addresses the potential impact on the population surrounding the facility, the original ITV. As

stated above these two concept are not directly transferable to the case of cargo areas on airports. However in developing a new IH these underlying principles should not be lost out of

sight. This means that the new IH should embrace the same principles. It is important to

address both the damage done to the asset and the damage done to the population. To address these aspects the following concepts have been developed and will be introduced in the next section:

▪ The direct financial damage index (IM)

▪ The indirect financial damage index (IB)

In the following parts of the analysis there will be an elaboration on what these concepts encompass and how they relate to IH. According to API methodology the scores of the

concepts will be represented by a five point scale. This enables the user to choose the option that is fitting for the facility and to connect this option to a specific score. The total amount of the three indexes IM, IL and IB together construct the new IH. this is expressed through the

following formula:

IH = IM + IL + IB (9)

Together with the  from Argenti et al. (2015) the overall attractiveness of the facility can be determined.

Evaluation of the direct financial damage index (IM)

As the name states this concept represents the direct financial damage done by the attack. This concepts addresses the direct damage of a bomb attack on the cargo area and is represented by IM. In case of an explosion there will be damage to the facility. This damage can be done to

facility itself: structure damage, damage to machines, damage to inventory etcetera. It is however also likely that there will be damage to other cargo items. Since airports handle all kind of precious cargo it is important to determine how much damage there can potentially be done to cargo. Since it is likely that there is a variety between the value of cargo at a certain area across time, it is best to look at the average value. A key element is to examine whether there are hazardous substances that can cause a domino effect. This may lead to a potentially larger amount of damage so has to be taken into consideration. Dangerous goods include explosives, flammables, oxidizing substances, toxins, radioactive materials and corrosive materials (Zhao, Zhang, & Guan, 2018).

These dangerous goods do however not have to be represented by a large monetary value. Transport such as physical money, art and other goods can be of financial higher value.

The effect of hazardous materials on IM

As stated above hazardous materials have a cataclysmic effect on the amount of direct damage done. If hazardous materials are present at the site one has to take into account the potential domino effect. If these materials are present the damage done to installations will be a lot higher than in cases where they are absent.

Evaluation of the population index (IL)

This concepts relates to the humanitarian losses in case of an attack and is represented by IL.

Since the humanitarian consequences of a bomb attack on a cargo area seems to have less impact than a bomb attack on a chemical facility, the original concept of Argenti et al. (2015) needs to be adapted. Although terrorism is about theatre consequences of an attack on a cargo area might potentially affect the financial state of the region. Since there will be less people present on a cargo area than in a subway for example the amount of casualties will probably not be the main goal of the attack. Despite this it remains a factor that needs to be taken into account to determine the new IH.

Fatalities after an attack are always impactful for the area or facility. Since there are a lot of different terrorist groups which automatically results in a lot of different objectives it is too simple to say that killing people is the only aim of the terrorist group. For some groups this a fundamental objective (Keeney & Winterfeldt, 2009). Al-Qaeda for example stated the intention to simply kill as many westerners and non-believers as possible. Such an organization would inherently welcome many fatalities. Therefore this has to remain an aspect of IH that needs to be taken into account.

The effect of automation on IL

The more automation of handling cargo is in place, the less likely it seems that there will be casualties in case a bomb goes off. This is simply due to the fact that there will be less people close to the package that explodes. So the risk of a human casualty becomes smaller. This might however result in more direct financial damage since these installations will be expensive. Therefore automation can result in a lower IL but in an increased IM.

The effect of hazardous materials on IL

As in the case of IM hazardous materials can have an increased effect on the IL. Due to a

potential domino effect the amount of casualties after the bomb can increase. Therefore it is important to determine whether this is materials are present and if this will result in increased casualties.

Evaluation of the indirect financial damage index (IB)

The final concept of the new IH is concerned with the economic backlash after an attack. In

case of an attack there will be two sorts of financial damage, the direct financial damage (IM)

and the indirect financial damage (IB). Indirect financial damage can be caused by delayed

cargo transports due to repairs. It is also likely that new installations to improve security need to be implemented after an attack. Another possibility is that organizations will avoid the airport in the coming years since they fear for their goods. These examples are factors that can cause indirect financial damage to an airport.

An important aspect is the amount of other cargo areas in the region. For example in a highly urbanised environment with several airports, cargo transport organizations will have other airports to turn to. After an attack this may affect the competitiveness of the targeted airport. However if there are no such options it is unlikely that the competitiveness will be seriously affected and therefore the indirect financial damage will be less severe.

Causing damage to the economy of a country can be an objective of a terrorist organization. Al-Qaeda also sees it as a fundamental objective to damage the economies of western nations (Keeney & Winterfeldt, 2009). Disrupting the organization of the airports may be a way to seriously target the economy. Often airports play a major role in the financial system of the region. They provide work and can be crucial for transporting goods to other areas. If the competitiveness of an airport is affected this may result in a negative consequences for the financial stability of the region. Therefore this is an important aspect that needs to be taken into account for the new IH. Especially since a high amount of indirect financial damage may

affect the surrounding population. This relates back to the principle of affected population of the IH from Argenti et al. (2015).

The effect of hazardous substances on IB

Hazardous substances also play a role in the determination of IB. If there is damage to barrels

of polluting material this may have negatives long-term effects on the environment in the area. Despite this not being a direct financial consequences it has an indirect financial effect. Due to cost of cleaning and restoring the environment the indirect financial consequences of the attack will also be higher. So like the IM and the IL the IB will also be higher in case there

Evaluation of scales for the constructed indexes

In line with API methodology the scales of attractiveness will be represented by a five point scale, with a score of one being very low/very unattractive and five being very high/very attractive (API recommended practice 780 , 2012). In line with this principle the indexes represented by IM, IL and IB will also be constructed out of a five point scale. The scale for the

direct financial damage index is represented by table 4, the scale for the population index is represented by table 5 and the indirect financial damage index scale is represented by table 6.

Table 4: The scores for the direct financial damage index (IM)

I

Amount of direct damage

Score

Very low

1

Low

2

Average

3

High

4

Very high

5

Table 5: The scores for the population index (IL)

I

Casualties

Score

Slight health effect/ no expected damage

1

Minor health effect/ injury

2

Major health effect/ permanent damage

3

One fatality

4

Multiple fatalities

5

Table 6: The scores for the indirect financial damage index (IB)

Very low

1

Low

2

Average

3

High

4

Very high

5

In practice this means that the value of IH has a minimum of three since the lowest score for

the three indexes is one. The maximum in this framework is a score of 15 since the three ‘very high’ scores add up to a total of 15.

Evaluation of assigning scores to the direct financial damage index (IM)

The definition of assigning scores to the IM is the following. A very low IM score means that

there is basically no damage of meaning. A machine might be a little damaged and some invaluable goods may be damaged but the organization will have no trouble compensating the financial damage. A low score means that there is still no damage of meaning. However there is some destruction that needs to be repaired. The goods that are damaged or destroyed do not hold a lot of financial value. An average score means that there is destruction that needs to be repaired. There is also damage or destruction among cargo that holds some financial value. In case of high score installations are severely damaged and goods that hold a high financial value are damaged or destroyed. A very high score means that there is a very high degree of destruction. Also valuable goods are destroyed.

In case there is severe destruction to installation but the goods that are being damaged do not hold a lot of financial value one should choose a ‘high’ score for IM. The same principle

accounts for destruction of valuable goods but low damage to installations. Although the latter option seems to be less likely to happen. It is advised to choose the option that holds the most consequences. The goal of this is to avoid scenarios where the actual score is higher than the score that results from the framework.

Evaluation of assigning scores to the population index

This scale (table 5) was developed this way since it is not naturally that there will be

casualties in case of an attack. That is the reason for three of the five scales being about health effects and only the two most serious cases being about one or multiple fatalities.

Since the number of people close to the cargo changes during the day it can be difficult to exactly determine how many casualties can be expected in case of an attack. It can happen that the bomb goes off just as there are many people standing in close proximity of the package. In that case there will be fatalities while perhaps ten minutes later there would not have been any. On this scale this makes quite a difference. Since this remains an approach it is best to ask a person on the work floor about the size of the storage room and how many employees are present on an average weekday. The larger the storage room the less likely it is there will be on fatalities. Simply due to the fact that the change of personnel close to the bomb will be smaller. However if this also means when that there are more people working in the facility this effect is the opposite.

Evaluation of assigning scores to the indirect financial damage index

For the IB a similar scale to IM has been developed. Since both concepts embrace the financial

aspect the scales are also based on the same principle. Due to the incredible complexity and the many actors involved, exactly determining the financial damage after an attack is too time consuming for a proxy such as attractiveness.

Therefore it is better to make an approach of the likely indirect financial damage. In this case there are certain factors that need to be taken into account:

▪ The amount of flights of the airport ▪ The importance of cargo for the airport ▪ The importance of the airport for the region

These three factors may help in determining the indirect financial damage for the airport and its population. The amount of flights of the airport is important since this is a good indicator for the size of the airport. If there are many flights processed on the airport it is likely that the effect of a potential stop of flights due to the attack will be higher. If cargo is an important factor for the profit on the airport the financial impact of an attack will also be higher. Finally the importance of the airport for the region is also a key factor. When the airport provides a lot of work in the region and is crucial to its economy the indirect financial impact will be

The determination of attractiveness levels

If the scores for IM, IL and IB are all very high the final score would be 5 + 5 + 5 = 15. This

makes 15 the highest score possible for the IH of an airport. This will be possible for the asset

if an explosion destroys a large amount of precious cargo, there will likely be multiple casualties and the indirect financial damage is very high.

The highest score possible for  is 1.6. This results in a maximum IA of 1,6 x 15 = 24. The

minimal IA will be three since the lowest scores for IM, IL and IB is one.

In the score graph shown in figure 2 the minimum and maximum values for IA have been

represented.

Figure 2: A ranking for the IA scores for airport cargo areas

According to this figure the score of IA can be linked to a level of attractiveness. The scores

have been separated over five different categories. Since the potential range of IA is larger

than the IA of Argenti et al. (2015) there is more room for different gradations in

attractiveness level. This five point scale is due to its construct also in line with the API methodology.

The final graphical representation of determining the attractiveness of cargo areas can be developed taking the new IH, the  from Argenti et al. (2015) and the new ranking. This

version is represented in figure 3:

Overall Attractiveness Assessment & Ranking

I

= I

x

f

Index value 3 < IA < 8 8 < IA < 12 12 < IA < 16 16 < IA < 20 IA > 20

Attractiveness

Figure 3: Graphic representation of IA for cargo areas

Gathering data to assess the attractiveness for Schiphol

Data used for evaluating attractiveness of Schiphol

With the site-specific attractiveness index from Argenti et al. (2015) together with the

developed IH for airport cargo areas one can determine which information is needed to assess

the framework in the case of Schiphol. To stimulate a user-friendly framework it is important that information is not too difficult to retrieve. This means that data should ideally not have to be obtained from sensitive or classified company documents. Also gathering data to assess the attractiveness of an airport should not be too-time consuming so gathering data from one or two individuals connected to the airport should be sufficient. Easy usage of the framework is important to stimulate further future research.

Site-specific attractiveness index

Qualitative estimate

Strategic ideological triggers increasing attractiveness (FA)

Local specific conditions: Public perception related aversion, threat history, socio-political context (FT)

INDUCTION INDEX

f

Technical assessment

Direct financial damage index (IM)

Amount of direct damage caused by the attack

Humanitarian impact index (IL)

Physical damage done to the population

Indirect financial damage index (IB)

Indirect financial damage caused by the attack

HAZARD-BASED ATTRACTIVENESS INDEX

IH = IM + IL + IB

Overall Attractiveness Assessment & Ranking

I

= I

x

f

Index value 3 < IA < 8 8 < IA < 12 12 < IA < 16 16 < IA < 20 IA > 20

Attractiveness

Data used for the hazard-based facility index

For the direct financial damage index information about the value of stored goods and the presence of hazardous materials is required. Also the positioning of potential hazardous materials is important since this may cause a domino effect. As discussed the population index is about the potential loss of lives. This results in the need to know how many people are on average working on the site. Resulting from the construction of the indirect financial damage index information is required about the amount of flights of Schiphol, the importance of cargo for the airport and the importance of Schiphol for the region.

As this information is often specific it is difficult to find literature and consequently data about these topics. This results in the need to retrieve information from individuals that are connected to the cargo area. For the assessment of the concepts IM and IL for Schiphol this is

vital. There are numbers available concerning the amount of people working on the Schiphol cargo area. These numbers are however not specific enough to make an assessment about the potential consequences for the people harmed by a bomb attack in the cargo storage area. The same principle accounts for the value of cargo that is stored. Rough data is available, this is however too broad to use for this thesis. For the internal validity of this research it is important retrieve data that is specific enough for this thesis.

Indirect damage can be assessed by using data released from Schiphol. Schiphol Group often releases reports about the airport and its activities. These reports will contain data about flights and the importance of cargo for the airport.

Data used for the site-specific attractiveness index

The data that is needed to evaluate the  can be retrieved from the tables of Argenti et al. (2015) as discussed in the theory. Data required to answer the specification elements is mainly about:

▪ Characteristics of the asset ▪ Public attitudes towards the asset

▪ Presence of hazardous substances on the site ▪ Threat history

▪ The national context

Information about these topics is available by consulting several different sources, ranging from academic literature to information on websites.

To determine public attitudes towards Schiphol one can turn to reliable Dutch news sources such as the NOS. These will contain information about scandals and protests on or against Schiphol. Threat history can also be assessed through these sources since threats or attacks on an airport will be covered in the newspapers.

Schiphol group regularly publishes reports about their activities and their relationship with its stakeholders. As a primary source these reports are useful. However one should take in

account that these reports are from Schiphol and can therefore paint a more positive picture of its public image. In combination with data from newspapers one should be able to get some perception into the relation of Schiphol with its stakeholders.

The national coordinator for terrorism and security in the Netherlands (the NCTV) produces one report every three months discussing the current threats to the Netherlands. This report also contains data about what kind of terrorism groups are currently thought to be present in the Netherlands. Due to the professionalism of this organization these reports are ought to be highly reliable.

Information concerning the presence of hazardous materials proved to be more difficult to find. To gather this data anyway a person connected to the Schiphol cargo area will be approached. There were also some hints that suggested this presence on websites from air cargo transporters. The rules for companies on Schiphol also provided clues about the presence of hazardous materials.

In the end several sources have been used to determine whether the specification elements were applicable to Schiphol. These sources are summarized in the table 7:

Table 7: A summary of the sources used to determine the FA and FT for Schiphol

General aspect Description Sources used

gA,1 Socio-economic

factors for Schiphol

- Governmental report from the Rekenkamer (Algemene Rekenkamer, 2015)

- Online information from Schiphol Group (Schiphol Telematics, 2018)

gA,2 Strategic factors for

Schiphol

- Information on Governmental website (Rijksoverheid & Rijkswaterstaat, 2018)

- Employee connected to cargo on Schiphol

- Online information containing company sources (Milestone logistics, 2018)

- The company rules of Schiphol airport (Amsterdam Airport Schiphol, 2017)

gT,1 Location specific

threat increasing factors for Schiphol

- NCTV threat assessment (Ministerie van Justitie en Veiligheid, 2018)

- Information on governmental website (Rijksoverheid, 2018) - Academic literature (Andeweg,

2004) (Bovens, 't Hart, & van Twist, 2012)

- News sources (Alberts & Derix (NRC), 2014) (Hofs (NOS), 2015) (NOS, 2017)

gT,2 Symbolic value &

public perception on Schiphol

- Government report (Ministerie van Verkeer en Waterstaat, 2008) - Report from Schiphol

(Omgevingsraad Schiphol, 2016) - News sources (Mebius (de

Volkskrant, 2018) (NOS, 2017)

These are the nature of the sources that were used to determine the specification elements for Schiphol. The exact references can be found by consulting the analysis and comparing it to the references on the end of this thesis. These different sources were mainly picked for their reliability. Basic information concerning regulation and the location of Schiphol was retrieved from information stated on the website of the Dutch government (Rijksoverheid.nl). As the