“We’re in a world where safety and security become one,” said George Rhodes, Assistant Director Safety and Flight Operations, IATA, at the recent AVSEC World conference.
For instance, added Matthew Vaughan, Director of Aviation Security, IATA, “is cyber security safety or security?” Defining where it sits is one of the biggest challenges for the industry at the moment, with a circumstance “almost impossible to define before an incident happens,” he said.
At the moment, the industry agrees, the lack of clarity is “an extremely complex and serious issue to deal with,” said Vaughan.
Today the line between ‘safety’ and ‘security,’ Rhodes said, is “a perceived boundary that sometimes hampers a proactive approach, but in reality there is no set boundary between safety and security as actions, responses, planning, and coordinating will affect all aspects of aviation.
“To formally define a set boundary,” he said, “could hamper the flow of information exchange.”
“Conventionally, ‘security’ approaches require controls and a response to a deliberate harmful act,” explained Vaughan. “Therefore, the degree to which an operator is able to effectively measure probably remains elusive. The events of 9/11 and the associated international response of aviation security measures in the time since have underscored the need for a balanced and combined approach of intelligence, technology, and behavioral detection.”
For a combined safety/security approach to commercial aviation that can work effectively, the two disciplines of safety and security “need to have a set of processes in place that provide an honest, trusted and valuable information exchange between the two,” urged Rhodes. “Such an exchange would allow for a more proactive approach to be taken when managing any unprecedented safety or security event or change.”
Vaughan added, “Moreover, aviation security as a stand-alone discipline is evolving, and is naturally linked with the national counter terrorism programs of ICAO States – thus, arguably, several more stakeholders are involved in the delivery of shared protective security outcomes in civil aviation.”
“Our industry must find ways to recognize suspicious activities, and keep up with evolving concealment techniques” – Peter Baumgartner, CEO, Etihad Airways
An example of a working information-sharing approach is a published Air Traffic Management (ATM) process of communication exchange used in the Middle East region. Called the Contingency Coordination Team (CCT), it responds to active ATM events within that region. Depending on the event, the CCT will include additional stakeholders including airlines, airport operators, international organizations, and security teams at both state and local levels.
This approach requires a 24-hour per day commitment to a “communication chain of value,” Rhodes said. While the CCT approach would have to be “matured” to apply it to security as well, he added, using the same information chain would avoid over complication.
Vaughan points out that at the strategic level, IATA’s IOSA [IATA Operational Safety Audit] integrates a safety and security risk-based framework for an ‘all-hazards’ approach to airline operations. Both Safety Management System (SMS) and Security Management System (SeMS) approaches complement each other’s focus on risk identification and effective oversight on controls. However, he says, “the root cause of the disconnect that IOSA aims to close the gap on is that SMS is an international standard, while SeMS remains a recommended practice only.”
Raising SeMS as an international standard would be the first step in achieving what Rhodes described as IATA’s ultimate goal of “a harmonized approach and trust building that would open an honest information exchange with all stakeholders.”
Following that first step, Vaughan said that continuing to lobby for a risk-based approach by regulators to security would ensure safety/security disciplines are “integrated to the best advantages of industry.”
Between now and the next IATA AVSEC conference, IATA will focus on the ICAO Global Aviation Security Plan (GASeP), which has identified five key priority areas for ICAO, States and industry to deliver on: enhancing risk awareness and response, developing security culture and human capability, improving technological resources and innovation, improving oversight and quality assurance, and increasing cooperation and support.
The central intent of GASeP is the adoption of an information sharing, collaborative approach to identifying and controlling risks to civil aviation. “In this connection,” Vaughan said, “our focus in 2018 is to support the industry’s role in initiating and delivering as many tasks and activities as possible” associated with one or more of GASeP’s five priorities.
Vaughan went on to say that both of the next IATA Safety and Security annual conferences will, for the first time, include dedicated cross-discipline briefs with their event programs “to continue the fundamentals of an integrated approach to addressing all-hazards risk management” in civil aviation.
“Airlines have operational know-how. Governments have the financial and intelligence resources. We must simply work together” – Alexandre de Juniac, Director General and CEO, IATA