for human, technological, or other shortcomings, and, correspondingly, enhancements to one element can boost the performance of the system as a whole. Such systems, long used to secure communications and information systems, cannot be breached by defeating a single layer. Because the terrorist can find it difficult to calculate the odds of defeating multiple layers, some randomly interleaved, such a system can deter as well as impede terrorist acts.7
The dangers of not taking a coherent systems approach to security were manifest in the aviation sector on September 11. Commercial aviation has been the subject of hostile attacks for more than 30 years. Each new attack has prompted the advent of more technologies, procedures, and rules—each superimposed on the last, designed mainly to prevent a recurrence of similar attacks. Aviation security was provided not through truly systematic means, but rather through a collection of mostly unrelated measures that hinged on a very high and sustained level of performance from each, with little or no backup and redundancy. By overcoming a single perimeter defense, such as a metal detector, an attacker could, in effect, overcome the entire security regime.
The design of the security systems themselves must relate closely to the characteristics and functions of the transportation systems they are intended to defend. Technologies and methods developed for one transportation environment that are modified and applied in an incidental manner to another may yield little more than a patchwork regime.
The prevention of future airline attacks, for instance, may be made possible by systematically identifying and defending against all or most vulnerabilities; for instance, access to airfields and aircraft can be closely guarded, passengers and their luggage can be screened with great care, and airline and airport workers can be monitored. By comparison, the much more open and decentralized maritime and land transportation systems are far less amenable to such a defensive, or protective, approach. The intensive inspection and screening methods used for air transportation security, for instance, are likely to be impractical for transportation modes that require more convenient user access and have myriad points of entry. Means of deterrence in those systems are therefore critical, as are means to contain and respond to attacks that do occur. Indeed, it is possible that good mitigation, response, and recovery preparations will themselves dissuade terrorists from attacking these targets since ensuing damage and disruption may be limited.
The importance of understanding the characteristics of each type of transportation system in designing layered security systems is illustrated by the security-system concept for shipping containers presented in Box 7.1.
A few large seaport hubs, or megaports, around the world—such as Los