Air Cargo Standardisation

By Steve Lawson.

This article discusses air cargo security and screening standardisation across borders but, first, let me pose a hypothetical question…

I am the new government regulatory authority for the country of Woodnahappen. I have decided to take a risk-based approach to passenger security, the Regulated Passenger (RP) scheme. In this scheme, RP will not be subjected to passenger and checked baggage screening or security checks. To participate in the RP scheme, participants must: submit a Regulated Passenger Security Program (RPSP), describing the security measures for themselves, their carry-on and any checked baggage; the submitted program will be approved by the national regulator and subject to regular audit; RP must undergo training; and if they comply with these measures they will be registered with my department as a RP. It is not necessary for the RP to be subjected to any background checks beyond proving citizenship.

Other than most of you wanting to be a passenger flying from a Woodnahappen airport, does anyone see this as a viable passenger security process? I would hope not. Yet for much of the world this is not only the standard for air cargo security but in many cases it exceeds those standards.

But wait, the International Civil Aviation Organisation (ICAO) has established a comprehensive framework for air cargo security that sets standards for air cargo security across borders in Annex 17!

What Annex 17 says is that each contracting state is to:

  • ensure appropriate security controls, including screening where practicable;
  • establish a secure supply chain process which includes the approval of regulated agents/known consignors;
  • ensure that cargo carried on a commercial passenger aircraft is protected from unauthorised interference from the time that screening or other security protocols are applied;
  • ensure that operators do not accept cargo on a commercial passenger aircraft unless the application of screening or other security controls is confirmed by a regulated agent;
  • ensure that security controls applied to cargo on all-cargo aircraft are determined by a risk assessment conducted by the national authority.

To assist countries with the requirements, ICAO created a Security Manual (ICAO Doc 8973/8) that has a lot of information but it can all be captured in the first part of the air cargo measure, “Air cargo should be processed for transport by air in a unique operating environment, and within the parameters of four key principles as follows:

a)    aircraft carrying cargo and mail should operate from within a secure environment;

b)    all cargo and mail should be subjected to appropriate security controls, including screening whenever applicable, prior to their being loaded onto an aircraft engaged in passenger commercial air transport operations. Maximum emphasis should be placed on the screening of cargo whose security cannot be readily determined using x-ray equipment, explosive detection systems or other appropriate methods;

c)     security controls to be applied to cargo and mail for transportation on cargo-only aircraft should be determined on the basis of risk assessments carried out by the relevant national authorities; and

d)    cargo and mail that have been subjected to security controls and have been cleared for transport by air should be protected against unauthorised interference from the point security controls are applied until departure of the aircraft.”

To be fair, ICAO Annex 17 and Doc8973/8 really only provide guidance but, as with many ICAO documents, it sounds good despite being based on a vague premise. There is no agreement about what constitutes “screening or other security controls” – not just in air cargo but for most security processes. Similarly, there is no real agreement about what constitutes a “regulated agent”, ICAO leaves that to the contracting state to establish how a business becomes a regulated agent.

ICAO defines screening simply as: “ the application of technical or other means which are intended to identify and/or detect weapons, explosives or other dangerous devices, articles or substances which may be used to commit an act of unlawful interference with aviation”. A regulated agent is simply an agent, freight forwarder or other entity who conducts business with an operator and provides security control that is accepted or required by the appropriate authority in respect of cargo or mail.

If you think about it, it is logical for a government to establish a system of regulated agents who are assessed by the government as being able to apply security controls to air cargo. Think of them as airports for air cargo, and like airports the operators should be subjected to similar background checks and audits. The problem is that there is no consistent definition of what a regulated agent is, how they are approved or what security controls they implement.

For many countries, to become a regulated agent, the business simply needs to register with the government, there are no background checks of staff or the business, there are no audits or risk assessments. This lack of consistency is indicated in the number of so-called regulated agents in various countries, some countries have only a handful of regulated agents while others have thousands. Most of my concerns are with countries that have thousands of regulated agents.

Again, think of the airport analogy, would you think it reasonable for an airport to be established without the government approving the operator and subjecting them to an audit process.

Even worse, another common security control is that regulated agents are able to accept cargo from another business that is “known” to the regulated agent. At its simplest, this is simply someone that is known to the regulated agent, there are no checks with the government and yet cargo from the known consignor is accepted by the regulated agent and then onto an aircraft with no security check.

To clarify, here is a perfectly valid Regulated Agent process that would meet all of the ICAO measures:

  1. You as the regulated business have registered with your business with the national authority.
  2. The national authority has conducted a background check on your business but that check is limited to a check with another government body responsible for the conduct and regulation of companies.
  3. You have a process that recognises a consignor as “known” if they have undertaken three transactions with your company without issue and have a good credit rating.
  4. Cargo accepted by the Regulated Agent from that “known consignor” may be uplifted on a passenger aircraft with no further screening or security processes!

If you think that would only happen in a third world country you are wrong. I have been to a number of quite sophisticated countries where that is an acceptable process.

Hopefully I have explained why there needs to be more standardisation across borders for air cargo?

I am not suggesting that I have all of the answers but I think that if ICAO intends to follow a “risk based” approach to the movement of air cargo then they need to make more effort in defining what an acceptable risk management approach is.

I see two different levels of security of air cargo; air cargo carried on an all-cargo aircraft and then air cargo carried on a passenger aircraft. While not diminishing the loss of any aircraft, there is a difference between the loss of a freighter aircraft and a passenger aircraft. Where I think that there needs to be greater standardisation across borders is in the security applied to cargo carried on passenger aircraft.

I would contend that any checks that rely solely on the financial stability of a company is not an acceptable approach. I also contend that simply to say that air cargo should be subjected to “screening or other security controls” is also inadequate for passenger aircraft.

Some time ago I was asked to arrive at a policy for the carriage of freight on Qantas group aircraft. That policy has probably been replaced now but I think my concept has merit, in part because I have heard it repeated since by others including ICAO. I simply stated that the security of air cargo should be commensurate with that of passenger baggage on the same aircraft. While the concept is simple, it took me some time to formulate. It allows for some variation as commensurate does not mean “the same as”, it means having the same measure or is proportionate.

So if you were flying from my airport at Woodnahappen and I have introduced a RP scheme, then a similar Regulated Air Cargo scheme for cargo on the same aircraft would be consistent since the measures are commensurate.

But if you subject all checked baggage to inline baggage screening then I contend that a Regulated Air Cargo scheme that relies on a financial risk assessment is not commensurate with the security of checked baggage on the same aircraft.

My argument is that when presented with a security process for air cargo the test should be “would I find a commensurate measure acceptable for passengers, if not then it should not be an acceptable air cargo security control”. It is around that concept that there needs to be more discussion and advice by organisations like ICAO.

Steve Lawson has over 20 years’ experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007, he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, New Zealand, Middle East, Israel and Europe. Steve can be contacted on 0404 685 103 or slawson@avsecconsulting.com.