A multiplicity of policy, technical and operational issues are being deployed to meet the ever-increasing variety of security threats faced by airlines. Risks include terrorist attacks, cybersecurity threats, criminal activity, and geopolitical conflicts. The latest addition to the list is missile launches by rogue states.
“The many strands that comprise the response to the security challenge must be tied together by industry and governments,” says IATA Director General and CEO Alexandre de Juniac. “Only through cooperation and information sharing can we effectively tackle future security threats.”
Kaarlo Karvonen, Chair of the IATA Security Group and Head of Security, Finnair adds: “There’s always a new threat coming around the corner. All our resources go to crises.”
A thwarted plot to detonate a bomb on an airliner flying from Sydney in July 2017 demonstrated the benefits of meaningful information-sharing. By sharing information, international and national government and policing partners were able to save lives and property.
As affirmed in UN Security Council Resolution 2309, “states have the responsibility to protect the security of citizens and nationals of all nations against terrorist attacks on air services operating within their territory.” But industry has an important role to play in working with governments to keep passengers and crew secure, particularly in terms of contributing operational know-how.
“Security is everyone’s responsibility” – Andrew Nicholson, CEO, Osprey Flight Solutions
Despite this natural partnership that exists among governments and with the industry, one key element remains a challenge. While information-sharing among governments helped to thwart the Sydney bomb plot, it is still not consistently occurring at the level it needs to be, nor is government sharing information with industry. An effective platform for such exchanges has not even been developed.
“Information-sharing is not in the DNA of most government security organizations; we understand that,” says de Juniac. “But this reluctance must be overcome.”
The tragic shoot down of MH 17 exposed this gap as it pertained to overflying conflict zones. Early hopes for the success of a web-based Conflict Zone Repository set up by ICAO were a step in the right direction, but it did not deliver the results needed and was discontinued. Nearly four years later, little progress has been made towards creating an effective platform for the exchange of threat/risk information. This is critical “during times of crisis when there are urgent threats and in the regular exercise of contingency planning,” said de Juniac.
“Aviation continues to be one of the key targets for terrorism” – Per Haugaard, Director, Policy Coordination, Directorate-General for Mobility and Transport
At the moment, the lack of such a platform handicaps the industry’s ability to be aware of threats and take steps to mitigate them. In contrast, many of those targeting the aviation industry have proven themselves to be highly adept at sharing information among themselves through social media channels and encrypted messaging. “Governments are never going to be the complete answer to the information sharing issue,” says Andrew Nicholson, CEO, Osprey Flight Solutions. “They will always have diplomatic pressures, always have classification constraints that will limit their ability to share information. So there have to be industry-led solutions to information-sharing, and we have to leverage technology to do this.”
The breadth of information-sharing necessary for airlines is “part of the challenge,” acknowledges Randy Harrison, a member of IATA’s Security Group and Vice President Corporate Security, Delta Air Lines. “We have to adapt information-sharing to keep up with the threat environment… There remains no platform. We can’t share on a broad scale, in real time,” Harrison continues. “If we don’t close the gap, it will continue to grow. And we will be in a brawl with our hands tied behind our backs.”
“We operate in a fog of waiting for the next incident” – Andrew Herdman, Director General, Association of Asia Pacific Airlines
Delta’s Harrison suggests that possible models for an information-sharing platform for aviation security use are STEADES, IATA’s aviation safety incident data management and analysis program, and one deployed by the maritime industry’s Maritime and Port Security Information Sharing and Analysis Organization (MPS-ISAO).
The latter’s features include a secure public-private collaborative infrastructure, and its threat information reports and advisories are available to “vetted” Maritime and Port critical infrastructure stakeholders. A Traffic Light Protocol, a set of designations of four colors (white, green, amber and red), ensures that sensitive information is shared only with the appropriate audience.
Each color represents an expected sharing boundary to be applied by the recipient, with information labeled white available to the broadest audience of the four and red the most tightly restricted.
In tandem with constructing a platform on which to share information, building relationships is essential. A few countries are already starting to see success in this area. In the Netherlands, a government-led group of information-sharing experts, including representatives from KLM, meets every three months. “At first, everyone was a little reluctant,” says Ronald H. Augustin, Security Director and Deputy Vice President, KLM Security Services. “Now it’s working perfectly.”
“It’s about identifying high-risk passengers” – Matthew Vaughan, Director, Aviation Security Airport Passenger Cargo & Security, IATA
Culture of security
Also critical is creating security-focused cultures within aviation organizations including their extended communities that provide services to airlines, their passengers and staff. For instance, at airports, taxi drivers can be significant sources of information, based on their understanding and observations of what is normal and what may be abnormal activity in landside areas. “The more ears and eyes you have on the ground” is beneficial, recommends Hans Merten, Security Director, Budapest Airport.
Speaking also to information-sharing, Merten outlines processes at Budapest in which proposed landside development measures must be submitted to the airport’s CEO and its security advisors and air police for review. This is to ensure that additions such as parking garages and road amendments will not create potential security gaps, which can pose dangers to not only landside facilities but also aircraft on the ground or in the air, cargo facilities, and passengers.
Finnair’s Karvonen says, looking ahead to future action, “In aviation, we tend to be pragmatic, and in the IATA safety group, I will be urging we need to get things done.”
Words: Deedee Doke