A new approach to aviation security
- Creating a Secure Organisation
- Resolving Critical Issues and Crises
A new approach to aviation security
The aviation industry is facing unprecedented challenges, from geopolitical risks, inspired ‘lone-wolf’ terror attacks and increasingly complex methods of smuggling and people trafficking, to political flux in key markets resulting in poor compliance with international standards, regulatory changes and the stricter enforcement of existing measures.
These risks have affected passenger perceptions of airport and aircraft safety and security and have influenced the way in which boards and senior management teams across the aviation industry make significant investment decisions, including the expansion of new routes into emerging markets, the re-development of existing airports or the development of new-build airports. Furthermore, they may also have an impact on the investment in innovation and the implementation of new digital technologies.
These challenges also offer significant potential for growth driven by the ability to identify and manage emerging threats, improve the efficiency of airport services through the adoption of new technologies, and ensure compliance and maintenance of high safety and security standards across global aviation operations.
The aviation threat environment is constantly evolving through the use of sophisticated and complex physical attacks against aircraft and the aviation infrastructure, the use of coercion and insiders to facilitate criminal activities and attacks, threats to civil aviation airspace, and cyber-attacks to disrupt critical processes such as air traffic control systems, navigational aids, and passenger booking and management systems. Identifying and understanding the threats facing any business sector can be a challenge; in the aviation sector in particular the impact of successfully targeting aircraft and the supply chain can be catastrophic with wide reaching, long-term reputational and financial implications.
Airlines and airport operators are often reliant on the state authorities to provide early warning and advice should information or intelligence be received of an impending plot to conduct acts of unlawful interference. However with more demand being placed on the finite resources of state intelligence services and law enforcement agencies the requirement for airlines and airport operators to be proactive in their analysis of the security environment in which they are operating is ever more important.
Mechanisms should be established to collate and corroborate threat information, whether open-source or through local networks and third-party providers as part of a defined risk management process. This process must have the required framework to assess the vulnerabilities of operations based on the capability and intent of identified threat actors and subsequently identify the risks facing operations. Analysis and evaluation of each risk must be conducted to understand the impact to the business and aviation operations, and where a risk is not acceptable, commensurate measures and controls must be implemented to reduce the risk to an acceptable residual level.
Threat and risk management must be a continual process and not a one-time activity. Effective risk management should be conducted at a strategic and operational level to review existing operations and support decision making with regards to the establishment of new routes or stations. Airlines and airport operators should also be encouraged to collaborate and share threat and risk information in a controlled and coordinated manner, ensuring safer and more secure operations for all.
Demand for infrastructure and innovation
The world’s airports are struggling to meet the demands of an increase in global air travel, with many airports operating infrastructure built in the late 1970s and 1980s which is not designed to manage the number of aircraft, passengers, baggage and cargo moving by air annually.
Efforts to cope with the additional demand in flights include new terminal buildings, transport links, runways, aircraft movement areas, and the enhancement of ground service facilities. These are often constructed within the boundaries of existing airport perimeters, resulting in more complex layouts and numerous additional airside and landside boundaries; this complexity adds to the challenge of securing what are already some of the busiest facilities in the world.
4.1 billion passengers travelled by air in 2017
Airports are required to accommodate the expected growth in the sector and drive efficiency through the use of innovation and technology such as the IATA SMART security initiative and biometric identification to increase throughput whilst maintaining the same level of security screening in a less obtrusive manner. This can be a real challenge to manage and requires significant planning and design.
Security planning must be conducted early in the design process to ensure security supports and enables secure airport operations rather than hindering efficiency or becoming a costly retrospective activity.
Security design requires an understanding of the threats and risks facing operations and the legislative and regulatory environment in which the airport is operating. This should include all airport security stakeholders including the state aviation authority, airport operating authority, border and customs officials, law enforcement agencies, emergency services and first responders, and major airline operators. Using this collaborative approach will ensure that the operational requirements and specifications for physical, technical and operational measures are robust, fit for purpose, and that buy-in is achieved.
Security design should follow ICAO Annex 17 Standards and Recommended Practices (SARPS) and guidance in the Security Manual in consideration of the security risks that require mitigation, the availability of physical and technological solutions in a particular jurisdiction, and the capability and capacity of the airport management and security teams to efficiently conduct security operations.
The effectiveness of aviation security management can differ at state, regional and local level, with significant variations in the understanding, interpretation and implementation of aviation security planning. This causes challenges for airlines in particular who often encounter differing approaches to security across the many routes they service. This can include areas such as passenger and cargo screening, the control and access from landside to airside zones, security restricted areas, and aircraft and crew security during a turnaround.
ICAO works with the Chicago Convention’s 192 member states to ensure a common level of security management through the implementation of the SARPS: however, many states, and airport authorities and operators within those states, still require support with the development and implementation of effective aviation security plans. There are many factors for this including the geo-political environment, the economy, legal and regulatory constraints and cultural sensitivities around security.
ICAO’s Global Aviation Security Plan (GASeP) seeks to help ICAO states and stakeholders enhance the effectiveness of global aviation security and to achieve this by focusing on five key priorities illustrated below.
Once a state has defined and developed its national aviation security plan it is essential that the airport operators and airlines develop effective airport security and airline security plans. Plans must take a threat and risk based approach, supported with appropriate organisational structures, processes, procedures and protocols to ensure that they are effectively implemented by suitably qualified and trained personnel, and that robust internal and external quality control and assurance programmes are in place to monitor performance.
Planning must support day-to-day aviation operations and include contingency and crisis management planning in the event that a security incident or event occurs. Contingency and crisis planning should link into business continuity management and law enforcement and emergency service response activities.