So, How Does It All Work?

By John ‘Hondo’ Gratton.

“When I get on that aircraft, am I REALLY secure?

In this, the final article of this series, I am going to assume that dutiful readers have faithfully followed the earlier articles. You will therefore be aware that aviation security is conducted as a globally-coordinated effort controlled by a treaty, the Chicago Convention, which, together with agreed responsibilities at national level in the form of regulations and quality control, requires the aviation industry worldwide to undertake physical implementation of measures to provide a secure aviation operating environment.  Phew, what a mouthful.

Now let us look at the challenges that face nations and their aviation industry when they need to implement all this. One of the biggest challenges is managing continuous change. By its very nature, as a largely preventative mechanism, aviation security is both reactive to events and anticipatory to threats.

The effect of this, on a global scale, is that the Standards and Recommended Practices (SARPs) provided by the International Civil Aviation Organisation (ICAO), are continuously expanded and upgraded. These changes may be initiated by actual events, such as the requirement to secure cockpit doors after 9/11. However, it is just as likely that a new SARP will be put in place to
address a known or anticipated, general deficiency in the system.

A small example of the latter was initiated globally to take effect from 1 July 2013. For many years, there had been in place, in Annex 17, a recommendation which read, “Each Contracting State should ensure that trainers and training programmes meet standards defined by the appropriate authority.”

The Aviation Security Panel of ICAO, made up of a representative group of Avsec experts from around the world, obviously thought that this recommendation was not providing the desired result of well-trained and knowledgeable individuals. So, to strengthen it, the Recommendation was changed to a Standard which now reads, “3.1.7: From 1 July 2013, each Contracting State shall ensure the development and implementation of a trainer certification system and training programmes in accordance with the national civil aviation security programme.”

As a previous article described, the cascading effect of SARPs on national regulations and programs, will mean that states like Australia will now put in place regulations requiring the many facets of its aviation industry to meet this requirement. While this might not seem like a big or unreasonable impost, consider the implications of this next Standard: “4.2.6: Each Contracting State shall ensure that persons other than passengers, together with items carried, being granted access to security restricted areas, are screened.”

This means that all airline and airport staff going to most airside areas will have to be continuously security-screened on their way to and from their work tasks. The effect of this could virtually bring an airport or airline to a standstill. For instance, imagine having to screen the driver of the aircraft tug which is towing a Boeing 747 from the maintenance area to the departure gate for passengers to board.

So the Standard goes on to say, “However, if the principle of 100% screening cannot be accomplished, other security controls including, but not limited to, proportional screening, randomness and unpredictability, shall be applied in accordance with a risk assessment carried out by the relevant national authorities.”

This is not so much a get-out-of–jail- free card, as a requirement to fall back on an established, risk management technique. This use of risk management is a fundamental change in the global aviation security process.

Historically, aviation security standards have been devised and set largely by means of two techniques. These are, sometimes unkindly, called the ‘tombstone regulations’ and ‘threat-based’ regulations. The tombstone regulations use slightly morbid terminology to describe processes put in place following disasters, or as responses to previous failures of a system. The immediate reaction to harden cockpit doors and change crew training after 9/11, could be classified this way.

The threat-based setting of standards is an approach which tries to consider all of the potential threats that might affect the security of aviation, and to put in place appropriate preventative measures. By its very nature, this process can lead to massive resources being used to protect against possible, but unlikely, incidents.

Conversely, the more recent risk management system uses a process which includes not only the potential risk but also the likelihood of such an event; leading to an evaluation of the outcomes or consequences of the risk being realised. These three factors; risk, likelihood and consequence, form the basis of the risk management system which is now in place for aviation security globally.

The purpose of the risk management process is to define and institute effective and appropriate security defences — defences designed to overcome the security risk, or at least minimise its likelihood or consequences to a level deemed to be acceptable.

The safety side of the global aviation, regulatory system, where physical and mechanical discrepancies and human failures are the major issues, is much more responsive to the requirements of risk management. However, security is catching up. Risk management is a particularly useful tool for security-related issues because they are effectively motivated attacks, rather than events of happenstance  which safety management is designed to overcome.

So, now we know how the global system works, including standards, regulations, implementation and the risk management tools. What then, other than perpetrators, could cause all this effective aviation security to come unstuck or cause major issues?

In one word, the answer to this is ‘facilitation’. In this series of articles, we have concentrated on Annex 17 of the Chicago Convention — ‘Security’. Among the total of 18 Annexes there is also Annex 9 — ‘Facilitation’, which is equally binding on member states

Annex 9 addresses issues covered in the Convention to ‘adopt SARPs and procedures dealing with…customs and immigration procedures…and such other matters concerned with the safety, regularity and efficiency of air navigation (air travel)’. The key here is ‘regularity and efficiency’ which, in this context, means the ability of an airport/airline to run to a schedule and dispatch aircraft on time, etc.

So, as with many other security disciplines, aviation security has a need to properly fulfil its mandate, while not constraining the business which it supports.

A great example of this dichotomy relating to security is Annex 9, Recommendation 3.36, which states, in part, “Contracting States, in cooperation with aircraft operators and airport management, shall establish as a goal a total time period of 60 minutes in aggregate (total) for the completion of required departure formalities for all passengers ….” This relates to all processes for the normal passenger from the time they first approach the system, say at initial check-in, through security, customs, immigration, quarantine and departure taxes. It doesn’t, however, include the time taken to pick up our duty-free treasures!

For this recommendation to be met, there is a need for security checks not only to be quick and efficient, but also seamless and not disruptive to passenger flows. This critical aspect of aviation security impacts, in many ways, on how the travelling public perceives the effectiveness and appropriateness of the system.

Aircraft departure delays, long queues at screening points, or even the need to remove the bags of a no-show traveller, are perceived by the customer (the travelling public) as evidence of unnecessary or bureaucratic responses to the acknowledged threat to security. Travellers are willing to accept the need for security measures, but are unlikely to condone processes which interrupt their travel experience beyond what they deem to be acceptable.

Recently, Australia commenced initiatives to extend certain security processes into new areas of aviation operations. This continues a process of change and adjustment which has, over time, extended or changed screening operations, increased the restricted areas at airports, instituted a world-class cargo security regime and introduced specific constraints on the carriage of liquids, aerosols and gels.

The Government decision to institute these changes would, I assume, have been based on a need driven by ICAO SARPs and a risk management process and, as with any change in security provisions, there would have been some for and against.

By means of this series of articles, you will have seen that global actions to provide a secure aviation system are based on a continually-changing formula. The changes may be driven by new or envisaged risks, by increased or better technology, or by policy change at global or national level. These policy realignments may demand an increased standard, or even a spreading of existing standards to additional areas of the aviation industry.

There is an ongoing need for balance between appropriate security and commercial requirements, and it is a measure of the effectiveness of the global, national and local management system that this balance is consistently achieved. However, not all signatory states of the Chicago Convention always get it right and, occasionally, some weaknesses may result in delays.

In answer to this article’s leading question of how secure an airline traveller should feel, we can say that the global system of SARPs, supported by national regulations implemented by the aviation industry and audited for effectiveness, provides a secure mode of transport. In fact, amazingly secure, when the number of airline travellers are considered. However, it is also obvious that the system is only as good as the constant reassessment of those SARPs, regulations and processes using a world–class, risk management methodology.

John ‘Hondo’ Gratton is managing director of a small consultancy company, Gratton Aviation Services (GAS), based in Melbourne. He has extensive safety and security experience including military EOD/IED Disposal, operations, logistics and international relations.  GAS provides consultancy and advisory services to foreign governments in aviation safety and security regulatory systems, oversight mechanisms and operational processes.  Recent contracts have included Indonesia, India and DPRK.