Aviation Security – A Decade of Change

Airport Security ScreeningIn this 10th anniversary of the 9/11 terror attacks, aviation continues to operate in an environment of evolving and adaptable security threats.

While significantly enhanced, and at times overly prescriptive to the detriment of customer facilitation, security measures have reduced the likelihood of another 9/11-style attack and hampered criminal activity.

Nevertheless, criminal threats persist with enterprising elements leveraging from aviation to expand networks, transport contraband, illegally procure assets and commit fraud. Consequently, airlines remain under increasing pressure to balance customer facilitation with regulator and law enforcement requirements.

Building on this platform and recognising that the history of aviation security has shown that piecemeal, incoherent and ad hoc responses only create new vulnerabilities, the industry’s strategic direction for aviation security requires a genuine paradigm shift.

A greater focus on dynamic passenger assessment and screening by the appropriate authorities is required, together with timely information sharing and mutual recognition of mature, aviation security systems.

This is needed more than the reliance on emerging, often untested and costly technology or more invasive and larger screening footprints at airports, currently relied on as the panacea for all aviation security incidents.

Security requirements should be based on mature and thoughtful threat assessments focused on addressing specific operational environments.

Such assessments enable the mounting of a world-class, operational response to threats through the protection of people, customers and assets. They promote secure and efficient operations and a more responsive global, regulatory environment.

Where The Industry Has Been – The Good, The Bad And The Ugly

Prior to the 2001 terrorist attacks, the aviation security system that defined global security operations at airports and for airlines had been in place since the early 1970s. The system was primarily driven by a response to increases in hijackings of commercial aircraft.

It was built around screening procedures that focused on detecting metallic objects on the person or in their carry-on baggage. Given that threat detection in this context had such a strong emphasis on passenger and baggage screening, aviation security was essentially defined and conducted by directly-engaged and contracted security personnel.

Their duties required them to examine x-ray images, resolve metal detector alarms, conduct body scans with metal detection wands, conduct physical searches of baggage and maintain order at screening checkpoints. After 9/11, the effectiveness of this system was called into question and led to numerous changes to all aspects of international aviation security. Some of these changes included reinforced cockpit doors and the implementation or expansion of air marshal or air security officer programs. They also resulted in restrictions that allowed only ticketed passengers to enter the departure areas of international airports and the screening of all checked baggage for explosives. Many of the changes have been characterised as being reactive, duplicative and emotionally driven rather than co-ordinated and analysis-based.

It has been argued that in addition to the growing cost burden, since 9/11 there has been a cost increase in excess of 150% as a result of new security measures implemented alongside existing controls. For example, liquids, aerosols and gels (LAGS) screening and body scanners have been new measures introduced without consideration for how they could or should be optimised for maximum performance or benefit (Bisignani, 2009). While this does not mean that individual measures do not make sense, security control as a whole has become more complex and inconvenient for passengers and operators in the industry. To combat this, many airlines and airport operators have invested in a management systems approach that makes security policy and responsibility an integral part of its business processes and culture. Combined with an efficient threat assessment and risk management process, the systems approach assists industry participants to develop proactive, efficient and cost-effective security measures.

The systems approach also encourages dependence on close co-operation between all stakeholders and regulators. As well as keeping costs down, this approach acknowledges that terrorists are not the only sources of threats to commercial aviation security. Threats can also come from the processes that support an airline and the passengers it serves. For example, these can include catering, maintenance and baggage handling services.  Equally, there are a variety of security threats that can be overlooked or downplayed while the focus remains on terrorism. Serious and organised crime, fraud, passenger violence and unruly behaviour can all have a tangible and significant impact on the brand, people (passengers and employees) and physical assets.

An Evolving Threat Environment

The security environment for the aviation industry will continue to be influenced by a combination of political and economic instability. Transnational terrorism will remain a feature of the security threat environment for commercial aviation.

Al-Qaeda and its affiliated networks are likely to persist in the development of adaptive tactics in order to target mass transit and especially commercial aviation.  Some of these cells may act infrequently but are unlikely to be deterred by the deployment of additional security measures such as airport body scanners.

Serious and organised crime is now accepted as a national security risk to countries like Australia. It is highly likely that organised and syndicated criminal groups will continue to target aviation’s commercial operations through instances of credit card and ticketing fraud, money laundering, people smuggling and drug trafficking. The threat of criminal actions by trusted insiders remains and is arguably one of our most significant and prevailing security threats.

The Changing Regulatory Landscape

The international and domestic regulatory environment is often driven by incidents which highlight both realised and potential vulnerabilities.  An example of this is the 25 December 2009 incident involving a Nigerian national who attempted to ignite an explosive device mid-flight aboard Delta [Northwest] Airlines Flight NW253.

Following the incident, there was a move by many states across the globe to introduce a range of new security measures both at airports and in-flight that will have significant, long-term impacts on the industry from a cost and facilitation perspective.

These include:

  • New technologies – regulators (and suppliers) have pushed for the introduction of body scanner technology even though, to date, there has been no global consensus on its viability as a response to the threat posed by the Delta 253 incident.
  • Passenger assessment – the global response has also reinforced the need for improved passenger assessment (behavioural analysis) which is already undertaken by some border and law enforcement agencies but not by aviation security.
  • Supply chain security – the security enhancements identified for the cargo supply chain and the introduction of new cargo screening equipment.
  • Domestic regional screening – in February 2010, the Federal Government announced a number of domestic and international aviation security measures amounting to $200 million over four years. A number of these initiatives, including the acceleration of screening requirements at regional airports, impact airlines directly.

Internal Imperatives For The Sviation Industry

The internal environment of many airlines, particularly in the pan-Asian region, has its own evolving strategy that helps shape the focus of the security strategy. Key considerations in this space include:

  • Business growth – for example, Asian growth strategies where airlines will increase their exposure to an increasingly complex operating environment.

A key element will be the diverse threat profile confronted by business, especially the challenges to security from terrorism and civil unrest and operational continuity from social and environmental instability.

Given the volatility of the global financial crisis, the issue of long-term macro-economic stability, corporate governance and corruption and institutional capacity are considered to be critical, planning factors.

This is particularly the case as airlines expand their commercial interests into new markets such as eastern and southern Europe and throughout the Asia-Pacific region.

  • Increased automation of passenger processes – airlines like Qantas have introduced several new automated customer-facing processes such as self-bag-tagging, self-bag-dropping, permanent boarding pass and permanent baggage tags.

These provide enhanced passenger facilitation, simplify the passenger experience and mitigate a number of front-of-house security risks.

While they have put pressure on the regulatory relationship, these developments have provided airlines with the opportunity to lead and influence the regulator in realigning its policy position and subsequent amendment of regulations.

In conclusion, aviation security is unique. Airlines operate with different risk profiles and these make genuine, quantitative comparison difficult in the aviation security context.

Lessons from the past decade compel aviation security practitioners to focus on enhancing security systems with an emphasis on building quality processes, growing positive and proactive security cultures and targeting the real threats to the business.

Outcomes sought by an airline’s board include the delivery of balanced, prioritised and proportionate security benefits for all stakeholders. A commitment to optimising the cost of security measures by proactively influencing regulatory authorities and helping to shape the policy agenda, while maintaining quality security outcomes, is vital.

By any assessment, the events of 9/11 changed forever the face of aviation security. Overnight, an aircraft became a potential weapon of mass destruction.

As a former director of the US Federal Air Marshall Service put it, the new game plan of the terrorist organisation in targeting aviation was the “decapitation of governments”. One thing for certain is that our foe is adaptable, agile and enduring. Next time, it will be different.

Steve Jackson
Steve Jackson was appointed to the role of Head of Group Security (later Group Security & Facilitation) for the Qantas Group of companies on 1 December 2008 and has overall responsibility for all operational and strategic security functions throughout the Qantas Group, in Australia and overseas. Prior to joining Qantas, Steve enjoyed a career with the Australian Federal Police, spanning some 22 years, during which he played key command roles. Steve was the AFP’s Operational Commander for the Sydney 2000 Olympic Games and the Field Commander during the joint AFP/Indonesian National Police investigation following the Bali bombings in 2002. He was awarded the Medal of the Order of Australia for his work in Indonesia. Steve is a graduate of the Australian Institute of Police Management Police Executive Leadership Program; a member of the NSW Security Industry Council; a Board Member of the Security Professionals’ Registry; and one of the founding members and current Chair of the Australian Security Medals Foundation Inc.