jump to navigation

Airline Security Failure A Black Mark for IT Management December 30, 2009

Posted by Peter Varhol in Strategy.

I’ve been following with interest as the details emerge from the attack on Northwest Flight 253 from Amsterdam to Detroit on Christmas Day.  I am a Northwest (now Delta) frequent flyer, and I’ve actually been on that particular flight before, so I’m curious as to what went wrong.  In particular, I’ve flown through Amsterdam on several occasions, and find its security procedures to be among the most organized and effective I’ve seen.

The fallout is predictable.  Security experts bemoan the lack of stricter screening procedures, politicians find yet another opportunity to engage in partisan finger-pointing, and law-abiding travelers are bemused to find that many of the time-consuming screening procedures are more appearance than reality.

Once again, I draw different conclusions.  Unknown to many of us, there are in fact multiple lists that designate terrorists, persons of suspicion, those denied the privilege of flying, and so on.  Further, many countries maintain their own lists.  Some trading goes on between selected lists, but each has its own criteria on adding names.

According to published news sources, the presumed terrorist was on the British list that denied him admittance to the country, as a result of a visa request to enroll as a student in a possibly nonexistent school.  This database doesn’t seem to have been shared with the U.S.  However, the U.S Embassy in Nigeria was told by the suspect’s father of possible tendencies, and a report was filed with the State Department in Washington DC.  That report ultimately went to the National Counterterrorism Center for entry in its terrorism database.

That, apparently, is separate from the no-fly list maintained by the Department of Homeland Security.  Further, because this person had not been on the list before, there was no check to see if he had ever visited the U.S. in the past, or had a current visa  (it turned out that he had).

This is a business and IT management problem; one that most with some experience in the private sector have come across many times, and have even occasionally overcome.  It consists of poorly defined or incomplete business processes, coupled with business and IT system silos, and political disagreements on authority, prerogatives, and span of control.

These problems are actually very similar to what is faced in the private sector.  Databases are separate, and there are executive directives to join them to streamline business, but there are process, technical, and political obstacles to doing so.  When there is success in resolving these challenges and bringing together disparate systems, the enterprise as a whole invariably benefits.

Now, I like maintaining a certain amount of privacy, and subscribe at least in part to the concept that my privacy is better protected by confusion and silos of government information.  However, I also acknowledge that government will work better if its databases shared information more readily.  Whether you consider that a breach of trust or good management is open to debate.  I’m not sure what I’m willing to give up, if anything, for greater personal security, but I don’t think efficient IT systems should be a part of that tradeoff.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: