June 15th, 2008

Airport security part 3: Planes, trains, and automobiles

Posted by Nathan McFeters @ 5:03 pm

Categories: Airport Security, Governments, United States of America, ~Special Series~

Tags: Bottle, Security, Nathan McFeters

I took a trip home to Michigan this week via Amtrak, and I got to thinking about previous articles I’ve written about airline security and wondered why are the security concerns so much more lax for trains and cars than they are for planes? 

There’s certainly some obvious reasons, like you can’t just pull a train off of its tracks and point it to some other destination, like the pentagon or white house say, but certainly these trains carry lots of people to many big cities with large train stations.  To be frank, I was blown away when I DIDN’T have to take off my shoes, belt, watch, throw out my bottle of water, give up my five ounce stick of deodorant, and pull out each of my three laptops for separate entry to an X-ray machine.  In fact, nothing went through an X-ray machine.

Actually, I got to thinking about recent car trips I’ve taken.  I drove all the way from Houston into the heart of downtown Chicago with a full UHaul stuffed with computers, TVs, any number of things including at least 8 liters of water.  Certainly if a single bottle of water could build a bomb to create risk to a plane, then 8 liters could create risk on the scale of a nuclear payload.

Why the descrepency in terms of security?  Well, the obvious reason is that trains and autombiles are not quite as flexible for terrorist usage; however, they’ve been used before, and they could be used again.  How about a better reason… it’s ridiculous.  The security you see at the airport is just an illusion meant to make us FEEL safer more than it is about real security.

-Nate

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.