Air security may require IT re-examination

The U.S. Department of Transportation is considering recommendations that could impact performance of the industry`s aging mainframe systems and require a costly overhaul.

Some of the DOT`s recommendations call for the airlines` IT systems to perform event-based functions, like red-flagging a suspected terrorist`s name in a reservation system. While functions like that are relatively simple procedures in a relational database, the databases used by existing airline reservation systems can`t perform them. And adding the capability to screen passenger names could cause bottlenecks that would bring the airlines` networks almost to a halt, according to industry experts.

American Airlines Inc., Delta Air Lines Inc., United Air Lines Inc., Southwest Airlines Co. and Northwest Airlines Inc. all declined to comment for this story, saying only that they wouldn`t publicly discuss anything related to security.

Secretary of Transportation Norman Mineta`s Rapid Response Team on Airport Security issued a report Oct. 1 that recommended, among other measures, a nationwide program of voluntary prescreening of passengers.

The problem is that mainframe-based reservation systems were “never designed to respond to high-speed automated relational queries driven by hundreds of millions of users,” said Richard Eastman, president of The Eastman Group Inc. in Newport Beach, Calif., in a soon-to-be published report.


Forty years ago, IBM developed the transactional reservation databases that most airlines still use. This mainframe system is based on Transaction Processing Facility, which constitutes the technology underlying all in-house reservation systems as well as the global distribution systems (GDS), like Sabre Holdings Corp. in Fort Worth, Texas.

The GDSes give travel agents and Internet sites a single point of contact to search for airfares. Many airlines also outsource their reservation systems to GDSes.

Sabre has begun a process to move its reservation system off TPF and onto Himalaya NonStop servers from Compaq Computer Corp. But that process is expected to take four years. Even implementing these security measures as an intermediate step toward a complete overhaul would be a long and costly undertaking.

“Whenever you make even the smallest changes in Sabre or any TPF environment, it takes an unbelievably long time to do it - time and resources,” said Tom Cook, former president of Sabre Technology Solutions. That company became Sabre Holdings in 1999, when Fort Worth-based AMR Corp., the parent company of American Airlines, divested itself of its interest in Sabre. Cook now heads Replane Inc. in Chicago.

“The code is old and structured,” Cook said. “Making changes in the TPF environment is orders of magnitude more difficult than it is in a modern environment.”

Even the company that developed the reservation systems in the late 1950s and early 1960s acknowledges that security queries are going to cause performance problems.

Michael Hulley, vice president of the Global Travel and Transportation Industry unit at IBM, agreed that this could be true; “The reservation system is meant for doing mostly one thing: acting at a very secure high speed with high availability. It is not looking for triggers, like a terrorist`s name in the passenger list for a flight”.

Hulley noted that “to screen passenger names, the airlines could add another processing unit to run checks without sending the name through TPF. The reservation system could send passenger names to the old system, as well as to the new unit, working around the old TPF`s inability to do queries. Programs that scan passenger profiles, not just names, could run in the second processor”.
He suggested other types of security could also be run in tandem with TPF. “I would think that adding biometric capacity to that database, that would be done externally,” 


No Recognition

According to Eastman, (president of The Eastman Group), the technology problem faced by the airlines has to do with the nature of IBM`s TPF operating system. Eastman believes that the government and the airline industry don`t recognize the differences in each other`s systems. They just think they can write some code and make it work, he said. “They don`t know what they`re doing yet,” 

However, Hulley noted, before the technological problems can be solved, the airlines and various local, state, federal and even international government agencies must first resolve the privacy and ownership issues associated with uniform information sharing.

The Federal Aviation Administration (FAA), which is under the DOT`s authority, declined to comment on when or even whether the new security guidelines will be imposed.

“We want to get this stuff going as soon as possible,” said FAA spokesman Paul Takemoto. When asked if the government would help fund the implementation of computer-based screening, he said, “That all has to be worked out.”