Euro-View: Stacey Peel on airport security
The International Air Transport Association, or IATA, forecasts that by 2034, 7.3 billion people will fly commercially every year. Long before then, delivering aviation security via bolt-on, equipment-reliant and compliance-driven approach will no longer be feasible.
Airports, industry associations, thought leaders and innovators across the aviation industry are asking: how will we deliver security? How do we ensure that the $37 billion in capital expenditure now being spent every year takes account of both the evolving security threat and the challenges of creating infrastructure that must last for 30 years?
My answer is not profound or new in terms of products or technology. It is simply a commitment to a concept we have talked about for many years, but rarely put into practice: risk-based security.
This concept includes the early involvement of security concerns in all infrastructure projects, regardless of scope. Critical to risk-based security’s success is opening up conversations within the aviation security community and extending them to the design community, where the greatest influence can be felt, and the greatest change occur. We must ensure that security is both a primary and an early consideration in any airport infrastructure design.
In the past, airports have typically upgraded security after violent extremists have exposed and exploited a vulnerability, and governments have issued regulations to force its redress. The solutions are usually imposed in a ‘one-size-fits all’ approach that has little “appreciation of how these will impact the overall aviation system” – to borrow a phrase from Airports Council International (ACI). Such post-attack solutions can also include heavy capital and operating expenses.
Why, when we are capable of identifying the vulnerabilities ourselves, must we wait to close them out after bad actors have exploited them, and regulators instruct us to fix them? Even then, the vulnerability is often not fully closed because it is unique to the site and its operations.
So if we understand the threat’s intent and capability, why not exclude the vulnerability before it is exploited, improving the safety of our travellers, and the profitability of our business?
The response to these simple and oft asked-questions is often the phrase: ‘a lack of resources’. But taking a risk-based approach to closing vulnerabilities is good for business. It allows the use of other business solutions to achieve a security outcome along with the more appropriate deployment of limited security resources.
This idea is most apparent in the security-by-design space. Security-by-design means meeting both business and security objectives. By knowing the risks, we can design the infrastructure in a manner that reduces risks and allows for the most efficient and effective use of security measures.
For example, a standoff-distance at the front of a terminal reduces the need for terminal blast resilience. Another example: if a planned terminal will use CCTV cameras, let’s design the surrounding infrastructure in a way that minimises interference with the cameras’ field of view and reduces the number of cameras required.
Even now, it is not unusual for infrastructure projects to inadvertently introduce risks that overbearing security measures must belatedly address. Achieving the benefits of risk-based design requires early involvement in security in infrastructure projects, regardless of the scope. With the early involvement of security, the bolt-on approach to security can be avoided. It also allows for other benefits, including:
• avoiding design conflicts (how often have you seen beautiful construction made ugly by overlaying security measures?)
• improving the passenger experience; by minimise crowding, we reduce the attractiveness of targets and improve passenger comfort
• future-proofing infrastructure: by taking into account known and potential security needs in the initial design, we minimise future expenses.
A risk-based approach to security allows an airport to identify the vulnerabilities and measure the risks that are unique to its site and operation. It also helps an airport’s authorities determine which risks need to be reduced based on their own ‘risk appetite’, and allocate their limited resources accordingly.
To realise the full benefits of risk-based security and security-by-design, the design community must involve security concerns from the start. It is the aviation security community’s responsibility to drive this change and seek this early involvement.