Project Snafu: X-Ray Bug Shuts Down Airport

THE PROBLEM: On April 19, a baggage security screener at Hartsfield-Jackson Atlanta International Airport saw what looked like a bomb on her X-ray machine–leading to the evacuation of the nation’s busiest airport and grounding flights for two hours.

But it was a false alarm: The image was actually part of a training program developed by the Transportation Security Administration, which oversees passenger and baggage screening at U.S. airports.

Because of a "software malfunction," the system failed to indicate that the image of the explosive device was part of a test, TSA director Kip Hawley said, according to CNN.

The TSA’s Threat Image Protection (TIP) program displays fake images of weapons and other suspicious devices at random times to test the alertness of baggage screeners. However, after displaying an image, the TIP software is supposed to show a message that reads, "This is a test."

The TSA says it doesn’t yet know why the system in Atlanta malfunctioned. "TSA is looking into why the successful TIP resolution information did not appear," says spokeswoman Amy von Walter. "Given that, the security officer and the TSA staff at Hartsfield took appropriate action."

The baggage screener saw the test image at 1:15 p.m. She and her supervisor rechecked all the bags on the conveyor belt, but because the image of the explosive device was only a test, they didn’t find anything that looked like what she saw on the screen.

Authorities then shut down the airport’s main security checkpoint and temporarily grounded flights while they investigated. The checkpoint was reopened at about 4 p.m. after the problem was traced to the TIP software. The Federal Aviation Administration said at least 120 flights were affected.

Lockheed Martin is the TSA’s primary contractor for the X-ray training program. When Baseline asked about the cause of the Atlanta incident, a company spokeswoman referred questions to the TSA.

The agency uses X-ray equipment from three vendors: L-3 Communications, Rapiscan Systems and Smiths Heimann. But the TSA’s von Walter says those manufacturers "do not get involved with maintenance of the TIP [training software]."

Even before last month’s "malfunction," the TIP program had experienced glitches. Chicago’s Midway Airport was evacuated in November 2004 after a screener saw what looked like a hand grenade in a carry-on bag, but was actually a TIP test image. That followed at least two other false alarms that same month–one at Dulles International Airport near Washington, D.C., and the other at Miami International Airport–also involving test images of weapons, according to an article in the Chicago Tribune.

Von Walter says those incidents turned out to be "human error and not a problem with the TIP software." In those cases, she says, security personnel had not properly logged out of earlier training sessions; later, other screeners saw "archived images" that were still being displayed by the system.

Meanwhile, Atlanta-based Delta Air Lines claims the April 19 glitch lost it $1.3 million because of canceled or delayed flights that affected 7,000 customers.

Joe Kolshak, Delta’s chief of operations, sent a letter to the TSA’s Hawley complaining that the incident placed "an undue burden on passengers and on this airline, and could have been avoided." Delta has been operating under bankruptcy protection since September 2005. Kolshak also wrote in the letter: "These costs are not insignificant for an airline that is fighting for its survival."

KEY LESSON: Make sure a feedback loop allows software bugs to be reported, tracked and corrected.

In this case, "the bug is not really in the software," says Joel Spolsky, founder of New York-based software developer Fog Creek Software and a longtime observer of software design practices. All software, he points out, has bugs of some variety. For the TSA’s TIP program, Spolsky says, "The bug is in the organizational system that prevents bugs like this from getting reported and fixed."

Do you have a tip about an information-systems snafu? Send it to [email protected].