Although apron heists in South America are low frequency events, their impact can be high and can expose serious deficiencies in local risk management for each airport. Luis Umbria briefly analyses the most recent apron heist in Brazil and considers the importance of a thorough and efficient Security Management System (SeMS) in order to address this threat.
Three years ago, a high value shipment of electronic devices was stolen from the cargo zone at Viracopos International Airport in Campinas, Brazil. Despite that incident, and several others like it at various other airports throughout South America, the security team at Viracopos reacted with surprise on the evening of Sunday 4 March 2018, when a criminal gang once again broke through the airside fence to steal US $5,000,000 (approx. GBP £3,578,700) in cash, which was destined to fly to Switzerland via Germany on board a Lufthansa cargo plane.
The criminal operation was so fast and efficient that the Brazilian media insists on qualifying it as ‘film like’. In less than six minutes, five men armed with assault rifles penetrated the airfield in a pickup truck disguised as a security patrol vehicle. They then held operations personnel inside their truck while they transferred the cash, and made off with the valuable cargo, leaving all those present stunned and perplexed.
Although neither the police nor the airline have published detailed reports, the media have collected and disseminated many details of how the heist on the apron at the second largest cargo airport in Brazil happened. For example, they have released images of a feeble-looking fence made of barbed wire that had been cut in order to create a 6-metre wide gap through which the perpetrators allegedly entered and later exited. If such images are accurate, it is difficult to understand why there was not at least a perimeter intrusion detection system in situ.
This leads us to reflect, with concern, upon the concept we have of what a vulnerability analysis is, and also how we are identifying the various threat scenarios that can affect the security of airports and aircraft on landing. Do we appreciate that every airport is part of our critical infrastructure and, as such, cannot be protected simply by complying with international regulations? Have we still not learned that the rules and recommendations provided in Annex 17 of the Chicago Convention are merely a baseline? After all, security threats are very changeable from one moment to another, and between one geographical point and another.
These considerations are the basis of an argument that requires aviation security authorities to abandon bureaucratic criteria, and to think like authentic aviation security professionals. They should not interpret international regulations as a ‘ceiling’ that limits compliance requirements, but as a ‘floor’ from which to build individualised risk management parameters correctly adjusted to the criminal and geopolitical contexts of each airport.
If we are to analyse this situation from the perspective of aircraft and airport operators, an inability to detect an intrusion in a timely manner and to deploy a response force effectively can only lead to an increased vulnerability of airport and aeronautical operations. A weak physical security system is incapable of detecting an intruder, delaying his progress, or stopping criminal action. The protection of critical infrastructure is complex because, in such facilities, multiple linked processes are managed so that the synergy between all those involved in their security ensures that their protection is successful; this should be complemented with – or reinforced by – the investment of financial resources for the acquisition and updating of technology, equipment, and systems in accordance with airfield threats.
The criticality lies in the fact that neglecting to identify vulnerable points – such as not being able to detect a criminal gang that violently enters the airside – affects other processes that involve security procedures specially designed to protect it. Failure in one part of the security system therefore causes high impact to, and the eventual failure of, other elements of the structure. But the fundamental problem goes beyond the simple implementation and operation of the physical security system to protect an airport; it is something much more serious and complex. It is the efficient management of people, equipment and operating procedures to achieve the security objectives in order to mitigate the risks that are faced.
All of the above leads us to think about the priorities of various sectors of the industry with respect to security risk management. For example, has the airport implemented an adequate management system? What is the effect of timely threat identification, and what are the results of the evaluation and mitigation of security risks? Where a quality management component exists, what is the result of the control and measurement of its performance? Are the changes of security operations being managed in a timely and effective manner? Is the continuous improvement of the aviation security system included in the corporate policies of airport management?
These questions, and many more, must be answered by confronting them with high impact events such as the robbery that occurred in Viracopos. But above all, aviation security authorities must also review their own role and performance, and revise the public policies implemented that grant them leadership among the operators of the industry in every country.
“…an individual is seamlessly ‘referred’ for additional screening, which is similar to a standard secondary search and includes a brief interview component…”
It is no longer possible to view airport security management as simply ticking boxes and passing audits. We need to implement Security Management Systems (SeMS) that allow us to detect threats in advance and to mitigate the risks associated with operating in adverse environments – especially in places such as South America. Airport security calls for systematic analysis and comprehensive management, which, in addition to fulfilling its own operational performance requirements (timely detection, deterrent delay, and effective response), interfaces with all the management systems corresponding to other areas, such as operational safety, quality, environmental protection, and many others.
Luis Umbria, CPP, MSc. is a lawyer and aviation security professional with experience in the civil aviation industry. He is a senior consultant for compliance of AVSEC international conventions and local regulations in Latin America. Luis is also a candidate for a PhD Degree in International Studies by Facultad Latinoamericana de Ciencias Sociales (FLACSO – Quito, Ecuador). Email: email@example.com