Security Establishing a risk-based, outcome-focused approach

Security is a government responsibility. But it is the partnering of government and the industry that ensures that air transport is not only the safest and most secure but also an accessible and convenient form of long-distance travel. Even greater collaboration is needed, however, if the “business of freedom” is to thrive. This will enable risk-mitigation measures that maximize the protection of passengers and crew while minimizing disruption to passengers and economies. Aviation security policy cannot rely on a one-size-fits-all approach. The industry must learn from evolving threats and anticipate the impact of the fast-growing levels of passenger and cargo traffic. IATA supports global standards, but an outcome-based approach is essential, as every location has a unique mix of challenges.

The investment in aviation security since 9/11 has without doubt made aviation more secure

Developments in 2018

In 2018, aviation security continued to stay ahead of evolving threats. As UN Security Council Resolution 2309 makes clear, governments have the primary responsibility for aviation security. But a secure industry can best be achieved when governments and the industry work together as equal partners. Governments have access to information that drives security measures. Airlines and airports have the operational know-how to ensure that these measures can be implemented to achieve the twin goals of increased security and minimal disruption.

This was the lesson that was relearned in 2017 when, with little advance notice or input from industry, the United States and the United Kingdom banned the carriage of large portable electronic devices (PEDs) in aircraft cabins on some flights originating in the Middle East. Passengers were confused, and airlines struggled to comply. A subsequent threat from weaponized powders witnessed a far smoother introduction of measures. Dialogue and collaboration among all stakeholders ensured that these measures aligned with the Global Aviation Security Plan (GASeP).

Global Aviation and Security Plan

Global aviation security efforts took an enormous step forward in November 2017 when a majority of national governments agreed to GASeP under the auspices of ICAO. GASeP identifies five priorities:

Enhance risk awareness and response
Develop security culture and human capability
Improve technological resources and foster innovation
Improve oversight and quality assurance
Increase cooperation and support

Owing to GASeP, nations have—for the first time—a framework for aligning national aviation security efforts to address and mitigate threats. In a short period, GASeP has been the catalyst for a wave of improvements in aviation security.

Many nations, however, have not fully implemented the ICAO Annex 17 baseline requirements that underlie GASeP. IATA will support a resolution at the 40th ICAO Assembly in 2019 that underscores the responsibility of countries to meet global standards in their national aviation security programs.

There is, moreover, an urgent need for developed countries to provide more comprehensive assistance to their developing counterparts to ensure that the baseline security measures are applied. Provided the principles of GASeP continue to resonate with stakeholders, the industry will move ahead of the threat trajectory.

Information sharing

Information sharing among governments and particularly between governments and the air transport industry remains a challenge. There has been some improvement since the shooting down of MH 17 exposed gaps in the sharing of threat information. But many airlines still are forced to rely on commercially sourced intelligence. The information-sharing standard in Annex 17 is a step in the right direction. Yet it falls short of the degree of multilateral risk information sharing required for genuinely secure air travel.

The 40th ICAO Assembly in 2019 provides an opportunity to emphasize the importance of bringing governments and the industry together on the sharing of information regarding threats, vulnerabilities, and risks. In parallel, IATA is working with ICAO and countries in a further attempt at developing an online security application that facilitates the exchange of critical security occurrence data. This sophisticated, highly secure tool will provide the early detection of changes to security environments in different parts of the world. That, in turn, will enable the industry to deal with emerging threats and the impact of changes on security procedures.

The plan is to make this online security application available to all IATA members and registered IATA Operational Safety Audit (IOSA) carriers by late 2019. So doing will enhance their collaborative relationships with governments on threat and vulnerability information, and that will help all aviation stakeholders—public and private—prevent, detect, and respond to threats in a timely and effective manner.

Sustainable risk-based solutions

The investment in aviation security since 9/11 has without doubt made aviation more secure. Efficiency, though, has suffered. In IATA’s Global Passenger Survey, passengers consistently point to airport security and border control as the worst part of traveling. Their biggest frustrations are having to remove personal items, such as laptops and PEDs, from cabin bags and the lack of consistency in screening procedures at airports.

Progress in security is welcome. Happily, 2018 saw the increased implementation of One-Stop Security. An agreement between Singapore and the European Union, for instance, helps passengers avoid a redundant check when they transfer flights at European airports that have elected to take advantage of the One-Stop Security program. Technology makes the case for One-Stop Security especially compelling. IATA is working with the World Travel and Tourism Council on decentralized digital identity platforms using biometric and blockchain technologies. These technologies will make identity verification possible at all touch points along a passenger’s journey. The partners believe that this will make security more efficient and travel more convenient (see One ID).

Cybersecurity

The aviation industry demands the highest safety standards and precautions for aircraft systems. Modern aircraft are interconnected. Discrepancies; errors; or, worse, nefarious threats, such as a computer virus or malware, can travel from system to system by way of basic electronic communication. As the computerization and digital footprint of aircraft increase, there is an even-greater need to protect communication, data, and other critical information against intentional manipulations.

IATA is working alongside airlines, industry stakeholders, and other sectors to do just that. On behalf of these partners, IATA will deliver a strategy in early 2020 that will provide guidelines for a comprehensive approach to cybersecurity for the air transport industry.