Airport security entranceSo far, we have covered the global aviation security system including the role of the United Nations’ specialist agency, ICAO (the International Civil Aviation Organisation) and the relationship between ICAO and the 190-member States of the Organisation.  We know that Australia, as a signatory State to the Chicago Convention, has both privileges and responsibilities; and that one of those responsibilities is to put in place binding legislation to manage and oversee effective aviation security

This doesn’t tell us, however, who actually does aviation security.  We need to address who, or what, organisations undertake the actions required by the regulations that make sure that our aircraft terminals are appropriately secure, and that all aircraft travelling from and within Australia do so in a secure manner.

In this country, making regulations and policy directions for aviation security is largely all that government does.  Government agencies and officers do not patrol the airport perimeter fence or screen the carry-on bags of passengers.  Government will oversee the effectiveness of these procedures, using audit and quality control techniques, but the actual work and the greater majority of the cost of processes is incurred by the aviation industry.  These costs are mainly passed back to the travelling public who benefit from a secure operation.

The term, aviation industry; is a collective phrase which is ill-defined and of differing significance to many.  From the aviation security perspective, it includes international and domestic airlines, charter carriers, airport operators, cargo handlers, freight forwarders, ground-handling agents, security companies, air traffic control providers and many other types of specialist companies and organisations a long with their staff.

You will notice that each of these is a commercial entity of some form and each, therefore, has a major interest in maintaining a viable business.  Government-directed aviation security regulations and requirements are one of the many areas of governance that aviation businesses must comply with.  Think also of the safety, occupational health and environmental issues involved.

The roles of any one part of the industry are various.  For example, most people would realise that airlines are responsible for ensuring that only passengers who have been security-screened can board their aircraft.  In a single-user terminal such as the Melbourne, Qantas domestic terminal, these screening tasks are undertaken by a Qantas contractor.  Quality control (surveillance, supervision and testing) of this contractor is undertaken separately by both Qantas and the Federal Department of Infrastructure and Transport.

However, many would fail to consider the situation in a terminal such as at Melbourne International (or Brisbane, Sydney) where a multitude of airlines, regardless of what nationality they are, are required to meet the same Australian government regulations for the security of their aircraft departures.  Another consideration is that the security screening of passengers and their carry-on bags is only one facet of securing the flight.  Such things as the access control systems that prevent unscreened persons from joining the flight or unscreened goods and cargo from being placed on board, also need consideration.

For this reason, in large, multi-user terminals, it is normally the entity that has ownership or management of the access control systems that also lets a suitable contract for a security-screening organisation to provide services for all aircraft operators on a cost recovery basis.  In many cases, this is the airport operator who is also the terminal operator. However, in some cases around the world, it may be that the large national airline and flag carrier has an owned and operated terminal, and contracts out this security role on behalf of all airlines.

Variations on this theme abound, with some States believing that passenger screening is an appropriate government, rather than civil contractor role.  For example, post 9/11, the US federal government decided that existing standards were too low and so they federalised various commercial screening staffs around the country to bring them under direct government control. They also instituted new directives, personnel standards and equipment to provide more effective screening outcomes.

New Zealand has long had a very effective screening regime for international departures using the Aviation Security Service as a government business enterprise, run along corporate lines.  India considers itself as a high security risk and uses a national government body, the Central Industry Security Force, to provide virtually all security services at airports, security screening, access control, perimeter patrolling and rapid, armed response.

It is interesting to consider these various methods of addressing this required outcome, given our previous comments on the ICAO Standards and Recommended Practices (SARPs) and the responsibilities of signatory States to meet these.

The various SARPs which cover access control and passenger and carry-on baggage screening are non-specific and outcome-based, as has previously been discussed.  Examples of these, shown below, indicate just how outcome-based they really are.

“4.2.1 Each Contracting State shall ensure that the access to airside areas at airports serving civil aviation is controlled in order to prevent unauthorized entry.”

“4.4.1 Each Contracting State shall establish measures to ensure that originating passengers of commercial air transport operations and their cabin baggage are screened prior to boarding an aircraft departing from a security restricted area.”

“4.4.3 Each Contracting State shall ensure that passengers and their cabin baggage which have been screened are protected from unauthorized interference from the point of screening until they board their aircraft.”

These give absolutely no direction or guidance on how these outcomes are to be achieved.  So, to allow aviation security to be done, governments have put in place a comprehensive suite of regulations and policies which direct and require various facets of the aviation industry to undertake certain tasks.

As a further wrinkle to this cascading sequence of Treaty to SARPs, to national regulations, we have the conflicting requirements of telling involved parties what they must do without telling potential perpetrators how this will be achieved.  In some cases, governments will want and need to define how things will be done, down to very specific detail.

This is difficult when all legislation is publicly available and scrutinised to the smallest detail.  Aviation security-related systems and legislation are very much different in their approach than other aviation fields, such as safety.  With safety, there is no need to know basis, and every effort is made to spread detailed information as far as possible, often by prescriptive levels of legislation.

Globally in the aviation security field, however, use is made of a tiered system of security programs, which are required at various entity levels.  The first entity is the State, in this context.

ICAO SARPs require each State to have in place a National Civil Aviation Security Program (NCASP).  In most States, depending on the style of government, the NCASP is a requirement of, and is given power by, some form of national, enabling legislation such as an Act or a Decree

At the national level, the NCASP is complemented by others, such as the National Civil Aviation Training Program and an equivalent National Quality Control Program.  These programs are not legislative in nature, but do carry a national security classification and are, therefore, not subject to the level of public access which applies to regulations.

This control allows the national programs to include specific targets and detailed requirements for meeting those targets.  One set of requirements under the NCASP is for other entities such as airlines, airports and cargo organisations to have their own company–specific, aviation security programs.

These company-specific programs, such as XYZ Airlines Aviation Security Program, cover how the company and its agents will actually undertake the processes and systems required to meet their legislated responsibilities for a secure aviation operation.  Because the company program is a restricted, internal document, it is able to go into the very specific, detailed requirements for company processes and procedures, and this can form the basis for further direct-task instructions down to the working level.

The program for each entity will include coverage, not only of preventative measures, but will also include a system of ongoing risk assessment and measures relating to responses against acts of unlawful interference against civil aviation.

The format and content of the completed company program will be reviewed and, when suitable, approved by the national regulatory authority.  This program, however, is not intended to be a static document; just to meet a regulatory requirement.  Rather, it is a living document which will change as required, driven either by new or modified regulatory requirements, or by company changes such as new routes and destinations.

So, the answer to our initial question of who does aviation security, is that it is largely done by the aviation industry and its agents or contractors.  This system is defined and regulated via a series of cascading standards and regulations leading to detailed national and lower-level programs, all of which combine to allow the travelling public to just get on a secure flight.

John Gratton
John ‘Hondo’ Gratton is managing director of a small consultancy company, Gratton Aviation Services (GAS), based in Melbourne. He has extensive safety and security experience including military EOD/IED Disposal, operations, logistics and international relations. GAS provides consultancy and advisory services to foreign governments in aviation safety and security regulatory systems, oversight mechanisms and operational processes. Recent contracts have included Indonesia, India and DPRK.