Time to rethink airport security

The attacks on the Brussels airport and metro system are evidence that terrorist groups like ISIS are returning to tried-and-true methods – micro-attacks with macro-effect. And they highlight an immediate need to rethink U.S. airport security strategies by local law enforcement and the Department of Homeland Security.

Recall the 2008 terrorist attacks in Mumbai, a series of 12 shootings and bombings carried out by the Pakistani terrorist organization Lashkar-e-Taiba. The attacks left nearly 200 dead and injured more than 300.

A United States Customs and Border Protection officer checks checks two forms of identification for a traveler arriving from overseas into Newark International Airport.
Getty Images
A United States Customs and Border Protection officer checks checks two forms of identification for a traveler arriving from overseas into Newark International Airport.

ISIS seems to hold the latest patent on these types of multi-location micro attacks. And with each successful attack in the West, ISIS will be emboldened to try more — especially against U.S. targets in the homeland, using American recruits.

As a security strategist, I teach that real security begins at the perimeter of the target location. Ideally, security is a series of concentric rings, each more secure than the previous. In the days following the Sept. 11 attacks, the Los Angeles Police Department (LAPD) established perimeters and checkpoints at the outermost entrance to Los Angeles International Airport (LAX), where police stopped cars, inspected the occupants, looked in trunks, and on occasion interviewed the travelers.

The security concept they used is known in the military as defense in depth, and in the information technology world as the castle defense. Both defense models are meant to provide multiple layers of redundant defenses in order to delay and diffuse an attacker away from their intended target. It is manpower intensive, and over the long term tends to degrade as people forget about the last attack.

Unfortunately, too many people also view this type of police interaction as a form of profiling. But it is time that we let go of political correctness and recognize that sometimes early behavioral profiling is the appropriate first level of offense in a multi-level defense program.

Multiple potential targets require multiple intersecting concentric rings of protection. Current open, free-flowing airport design is an invitation to attack large gatherings of travelers and guests before they actually enter the secure area of the airport. The security line at most TSA checkpoints is a terrorist's dream target.

It's time for the Department of Homeland Security to focus and return to its primary mission: defending the homeland. Not from illegal immigrants, smugglers, or drug dealers. While all those are all important missions, DHS was established to defend the homeland … from terrorists, not from global warming. The future of the war on terror is not a cyber war, an intelligence war or a climate war. The attacks in Paris and Brussels prove that the war on terror is a good old fashioned shooting war with bad guys who simply want to kill us.

Once again, we are fighting last year's terrorist practice and not concentrating on the future evolution – or de-evolution of the terrorist threat. The attacks in Brussels were a throwback to the 1970s and 1980s when terrorism was simple, direct, and uncomplicated. Find a large group of unprotected victims and kill them using automatic weapons and explosives.

And while the TSA does a fine job protecting the airlines from potential bombers and little old ladies, strategically placed armed Special Agents from Homeland Security Investigations (HSI) in the lobbies and on the perimeters of airports will do more to prevent terrorism inside an airport lobby than confiscating a 4-ounce bottle of shampoo.

The problem today is that prevention is not a technology problem. It's a capability problem. The only way to prevent terrorism is with increased capabilities on the ground combined with actionable intelligence, not intelligence pornography. When the FBI can't penetrate a terror cell (and there will be many times they can't) there needs to be a capability to mitigate the attack as it happens.

Never forget that the first rule of terrorism is, "terrorist want to kill people." And the first rule of preventive counterterrorism should be "prevent the terrorist from reaching his target."

Commentary by David Gomez, a former FBI executive and current senior fellow at George Washington University's Center for Cyber and Homeland Security (GWCCHS). Follow him on Twitter @AllThingsHLS or @AllThingsCyber.

For more insight from CNBC contributors, follow @CNBCopinion on Twitter.