Author: neilw

Security screening at airports is today an integrated and expected part of air travel that no-one really questions (unless the waiting times are too long). The components required to perform screening are – of course – screeners, screening technology equipment and passengers and staff. The security equipment used has evolved significantly and its performance has taken huge steps since the earliest times of screening. There are however two factors that remain unchanged: firstly, we, as human beings and our abilities and skills, and secondly, the fact that even the best screening equipment is limited to delivering information required for the screener to make a decision. All security critical decisions are ultimately made by the security officer. Screening performance relies as much today on the human factor as it did 50 years ago and on the ability and competency of the security officer to make the right decision. In this article Dan Larsson discusses what factors affect screener performance and how technology can have an effect on our ability to ensure that the tool remains sharp at all times.

A wise man or woman once said, “The human mind works in mysterious ways”. It is sometimes difficult to grasp just how complex these ways are. Because, deep down we are still humans that rely on instinct and natural reflexes to survive in the sometimes very challenging environments we live in. This is especially true in an unfamiliar environment, where we have the ability to instantly react to the unknown and, initiate the ‘flight’ or fight’ response. We also have an ability to diminish and disregard risks if the same ‘unknown’ were to appear in a familiar environment where we feel safe and comfortable. This is because the perception and assessment of risk always has been necessary for mankind to explore, learn, develop, and thrive. Those abilities and perceptions, still affect our decision-making abilities and choices in our everyday life. They also affect the way a screener regards the classification of an item in an X-ray image as potentially, dangerous, suspect or harmless. A screener who, for some reason, perceives the situation as dangerous, e. g. a high level of threat, is maybe more likely to find a dangerous object than the same screener who perceives the situation as calmer and more peaceful.

We will, for the foreseeable future, depend on the human mind as the final and ultimate tool in security screening. We therefore have to have a comprehensive understanding of the factors that influence the security screener and how they are influenced by their perception of risk, confidence in the security equipment, the working environment and, last but not least, the impact of management and leadership. Screener performance also depends on the environment he or she works in, with influencing variables including noise, lighting, temperature, working hours, etc. This article will however focus on factors that have an effect on the screeners’ understanding of risk in the assessment of screened objects and persons, and how the technology used can affect this.

The probability that a screener detects a certain dangerous object depends on four factors (apart from the object itself): ability, attitude, environment, and technical equipment. We shall refer to them as ‘Screener Performance Factors’. Ability, attitude, and environment change over time, whilst performance levels of technical equipment are more or less constant in the short term.

Screener Performance Factors
There is an interrelationship between screener performance factors. Understanding the technology used and its limitations is crucial to successful operational performance. The user/machine interface is further complicated by technology that, on one hand, can make the screener more alert and have confidence in that technology, but on the other hand ‘trust’ the technology too much.

Ability
This factor is dependent on recruitment, selection, and training. The task of being a security screener is the most demanding and difficult one you can find at an airport. Screening is an activity of industrial proportions. At our busiest airports, hundreds of thousands of passengers are screened every single day. There is a constant pressure to be effective, friendly, and not to take any risks. To find the right people to accomplish this task is a serious challenge. Testing and very thorough interviews together with a careful look at references are necessary. This can be difficult in an environment that sometimes has a high employee turnover rate, but in my experience, if you don’t get it right from the start, you will never get it right later.

Training is not just about obtaining the practical skills required. It also has to include the concept of risk in aviation and an understanding of how the human mind relates to risk. It has to promote a professional attitude to the risks involved.

Advances in technology, scalability, and improved mobile devices are now enabling use cases that were previously thought impossible. The airport environment is a particularly interesting market for biometrics as the use cases splits into two distinct threads – even though they are very much intertwined. On one hand we have over eight million people travelling world-wide, every day, for business or pleasure who are seeking an enhanced travel experience. On the other hand we have a dynamic, ever changing, universal border security environment which is demanding streamlined border control processes and enhanced border protection technologies to support international and domestic security efforts. Automated border control processes which accurately confirm the identity of travellers by the use of self-service biometric touch points which offer quick, reliable authentication of each passengers travel documents, and guarantees that the passenger holding it is the rightful owner, by matching the passport chip’s photo with a live photo, for example, are now becoming common place at many international airports.

The term ‘biometrics’ is derived from the Greek words ‘bio’ meaning life and ‘metrics’ meaning to measure. Although automated biometric systems have only become available over the last few decades, due mainly to significant advances in the field of computer processing, there is no doubt that the technology is now here to stay. The International Standardisation Organisation (ISO) defines biometric recognition as “automated recognition of individuals based on their biological and behavioural characteristics”, and biometric characteristics as “biological and behavioural characteristics of an individual from which distinguishing, repeatable biometric features can be extracted for the purpose of biometric recognition”.

Many of these new automated techniques however, are based on ideas that were originally conceived hundreds, even thousands of years ago. The process stems from a social context of belonging to a group or family where associates rely on their memory to recognise peculiarities such as appearance, voice and shared knowledge. Recognition identifies children, friends and foe, and is inherent in all species. This simple task has become more challenging as populations increased and as more convenient methods of travel introduced many new individuals into once small communities. Most identification processes are associated with the collection of physical data. Our eyes, and to some extent our hands and ears, collect the data; the brain processes the data collected and attempts to make a match with stored information. When we look at another face our eyes scan the face for distinguishing characteristics. The more prominent the characteristics the easier it will be to remember that person. Traditionally, identification has been based on physical attributes such as eye colour, hair and skin colour, scars, birthmarks, tattoos, height, and weight for example. Thumb prints in wax, letters of introduction, signatures, references from known associates, and birth certificates are traditional forms of identification and are still used today. As identity moved from a social context towards being an economic requirement the process became more complex. Names and surname were used from 1066 and in 1538, during the reign of Henry VIII, parish priests started to keep registers of births, deaths and marriages. In 1870 Alphonse Bertillon, clerk at the Prefecture of Police in Paris, produced the first method of identifying individual criminals by fingerprints, and in 1892 Englishman Sir Francis Galton proposed biometric indices for facial profiles. Other methods such as social behaviour, code names, biodynamic chips, tags and monitoring anklets are also used for identification purposes.

As the human population, economic community and threat environment has developed and become more globalised so too has the complexity surrounding the issue of identity and its appropriate management. Birth certificates, naturalisation papers, passports, and other government issued documents prove citizenship, but are not enough with the sophistication of forgery in documentation and identity related crime. Positive and reliable identification of humans is now a much more important topic in most government and commercial organisations and one which is intensifying. With increased emphasis on security, there is a growing and urgent need to identify and authenticate people both locally and remotely on a routine basis in a more robust manner.
With the advent of computing power these methods are now traditionally characterised into three groups; knowledge based – secret information that only you know, such as a passwords and PINs; token based – something you have in your possession such as a key or token; and biometric information – an individual’s unique physiological or behavioural characteristics including face, fingerprint, palm print, voice, gait and signature. In knowledge based systems users tend to choose passwords and PINs which are guessable and I’m sure we’re all guilty of writing down our passwords, storing them in wallets or near our computer, using the same password or PIN for different systems and sharing passwords. With token based systems keys and cards may be lost, stolen, forgotten, duplicated and shared.

Airport terminals have long provided protestors with a safe and effective environment for spreading international awareness of an array of issues. More often than not, demonstrations are conducted peacefully, causing little to no interruption of services and procedures, but what are the risks associated with protests in an airport setting? Lucy Rawlings discusses these issues and considers whether our right to protest is impinging on the effectiveness of our security measures.

Airports have a long history of attracting protest groups who use them as a stage for a global audience to hear their concerns. Many airports, including London Heathrow, have stated that they ‘support the right to peaceful protest’ within their doors as long as they do not disrupt the safe and smooth running of the airport. In many respects this is admirable; they are supporting the right to freedom of speech and freedom to protest, without which we would not have many of the liberties we exercise today: equal opportunities, women’s right to vote, or the right to join a trade union. But, in the current climate, with a focus on security increasing, at what point do we view these protests as a potential threat and declare airports to be an inappropriate venue for public demonstration? At what point do ‘off-airport issues’ become an ‘on-airport challenge’ and a threat to the safety of those who enter the parameter?

Airport protests are often staged by groups whose issues are not airport-related as they are seen as an effective method of reaching a broad and international audience. Airports are also considered a safe environment for protesters themselves since the police are unlikely to storm a terminal or turn water cannons on protestors – as they did on the student protestors on the streets of London in 2010, or use tear gas and pepper spray, as they did during July this year against civil rights protestors in Arizona – for fear of damaging the airport or causing harm to travellers and employees. In recent years many laws have been passed, which limit the number of places in which groups are allowed to protest, often requiring permits or limiting them to certain public spaces. Generally, a permit is required for a protest to be staged at an airport and they are often granted providing the protest is to be conducted in a contained and peaceful manner. However, many protests take place in a ‘hit-and-run’ style, whereby the protestors enter, cause a disruption, and either abruptly leave, are arrested, or escorted from the premises. This raises concerns around the ability of risk-imposing individuals to enter the airport undetected and cause a disturbance. Genuine protestors are, generally, harmless, but they are an example of how easy it could be to enter and cause greater harm, or to potentially use a protest as a front for an attack.

There have been many examples of these ‘hit-and-run’ protests occurring in airports all over the world, some causing damage and others merely a disturbance. On 25 June 2013, five men dumped human faeces at the entrance to Cape Town International Airport. Witnesses described how the men arrived in a black car, unloaded containers covered in blue plastic bags, put them onto a trolley and brought them to the airport’s entrance where the contents were dumped. Some was also spilt near the escalators leading to the airport’s restaurants. One of the men explained that, by staging their protest at the airport, they were hoping to send a message to the United Nations that, “The city does not care about the health of black people”. The men and those in their community, understood to be known as ‘Europe’, an informal settlement in the Guguletu township bordering Cape Town International Airport, had been living with unsanitary toilet facilities, which they explained had been filled up for three months. Airport operations were not affected by the incident, but the men were arrested.

It would be safe to say that this protest would have made an impact on those unfortunate enough to witness, and smell, it. However, aside from that, protests which occur in this way create a significant distraction for airport security, staff and travellers. While these men were being dealt with someone with greater negative intent could have seen this as an opportune moment to act and, with security staff distracted, go undetected and cause greater damage than may have occurred otherwise, if at all. In this case one must also question how these men managed to bring such questionably shaped and wrapped containers into the airport grounds unchallenged.

In August 2014, a similar style was taken by LilithS, a Belgian feminist activist group, when they poured hundreds of litres of fake blood in the main entrance to Liege Airport and over some of the check-in desks. The blood was to symbolise what they believe to be the ‘slaughter’ of Palestinians in Gaza by Israel, and they targeted the airport to protest its alleged facilitation of the transport of arms to Israel. The members wore T-shirts bearing the colours of the Palestinian flag and the slogans ‘Terrorism is real’, and ‘Free Palestine’. Behind the main site of their protest they hung a banner declaring, ‘How many tons of weapons for so many litres of blood?’. Aside from creating a potential distraction, these women caused criminal damage to the airport. Should this be tolerated? It is a key consideration for the future of protests held at airports.

by Philip Baum

For the first time in its history, the United Nations Security Council has adopted a resolution specifically focusing on civil aviation security; on 22 September 2016 UNSCR 2309 was passed, demonstrating global resolve to tackle the threat posed to the industry.

Admirable though it may be – and certainly a source of great pride for Britain’s new Prime Minister, Theresa May, and her new Foreign Secretary, Boris Johnson, who led the initiative – we must now ask ourselves the question how 2309 is actually going to have a positive impact on security at the coal face.

Branded a ‘landmark’ declaration of intent by many commentators, what does 2309 actually provide beyond the welcome sight of political heavyweights stating the obvious? After all, the international community already has conventions (Chicago, Tokyo et al) designed to mitigate the threat in force. What does a resolution that, in effect, asks member states to abide by their own rules achieve?

Reaffirming commitment to a cause does have value as we can all benefit from being reminded of the basic principles by which we are supposed to operate – in all areas of our lives. Furthermore, with ever-changing leadership and regimes around the world, it is reassuring to see our modern day politicians express their faith in the International Civil Aviation Organisation. Yet talking heads are one thing, concrete action another.

After all, statements that terrorist attacks against civil aviation pose a serious threat to international peace and security, and cause damage to economies and trading relationships, are little more than fluff. So too are expressions of the need for states to put in place effective security arrangements to better safeguard aviation. Statement of the obvious! Of course, no resolution can go into the specifics of the security measures we need to adopt, but we must be honest with ourselves and challenge every new procedure, technology deployment, audit process and training programme, and ask whether aviation security is truly enhanced as a result.

Aviation is essential to our daily lives, so there is a natural tendency to overlook an aviation security regime’s shortcomings for fear of the economic impact of instigating sanctions against those who do not made the grade. It’s all too easy to recommend improvements whilst continuing operations, but we must resist the modern-day primary school approach where nobody is actually ever allowed to fail; governments need to show their teeth and the international community ought to be resolute in having minimal (ideally zero, but let’s be realistic!) tolerance for any state failing to meet minimum standards which are, by their very nature, already well below optimum standards.

Perhaps as it was borne out of the attacks against civil aviation in Egypt (Metrojet) and Somalia (Daallo Airlines), 2309 implies that our greatest challenge lies in helping certain states achieving those minimum standards through the provision of targeted capacity development, training and other technical assistance. Many of the foreign ministers who gathered in New York expressed the need for states to comply with Annex 17 requirements and strengthen their screening regimes. To my mind it is more sad than reassuring that, in 2016, Japan’s Ambassador to the UN, Yoshifumi Okamura, had to state to the Security Council that, “Under Japan’s leadership of the Group of Seven (G7), an action plan had been developed for aviation security that called on States to strictly abide by the Chicago Convention and its annexes.” That’s so 1970s – a period when, perhaps, there was a justifiable excuse for a state to be non-compliant. Are we really, despite the multitude of attacks that have succeeded, plots that have been detected and threats that we knowingly face, still having to get states to ‘abide’ by the Chicago Convention?

On 28 September 1966 an Aerolíneas Argentinas flight was taken over by 18 heavily armed Argentine nationalists and diverted to the Falkland Islands (Malvinas) with the aim of claiming Argentine sovereignty over the islands. Alejandra Gentil analyses ‘Operation Condor’ and its duality as both an act of purported heroism and an act of terror.

The Kelpers, as the Falkland (Malvinas) islanders are known, awoke to an unusual sound on the morning of 28 September 1966. The roar of DC-4 engines circling the islands’ capital of Port Stanley as they attempted to land in crossing winds and poor visibility sparked the curiosity of many in the sleepy capital of this South Atlantic archipelago. To the astonished gaze of bystanders, an Aerolíneas Argentinas aircraft swerved and landed on a racecourse, its tyres becoming deeply entrenched in mud. It was flight AR648, which had taken off from Buenos Aires bound for the southern city of Río Gallegos. It was diverted to the Falkland Islands (Malvinas) by a group of 18 young Argentine nationalists, members of the ‘Movimiento Nueva Argentina’ (MNA), a proscribed Peronist right-wing group.

‘Operation Condor’, as it was baptised, was masterminded by Dardo Cabo, a trade union leader and founder of MNA, and his girlfriend, Cristina Verrier, a journalist and playwright. Soon they were joined by other enthusiastic militants – mostly students or trade unionists, all Peronists and members of MNA – who sought to make the question of the sovereignty of the Falkland Islands (Malvinas) the top priority of the country’s military dictatorship, while at the same time pulling off a publicity stunt that would undermine the regime. Taking over the islands was the final objective; the reasoning behind it being that the ‘heroic’ feat would spur a nationalist wave in Argentina that would force the hand of the president, General Juan Carlos Onganía, into ordering an invasion. Establishing and reclaiming sovereignty over the archipelago was crucial and would play a major part in the operation.

The Falkland Islands (Malvinas) are at the centre of an ongoing sovereignty dispute between the United Kingdom and Argentina. While both hold seemingly legitimate claims to them, the reality is that the archipelago is currently a British overseas territory – a reality which doesn’t sit well with a significant percentage of the Argentine population. Back in the 1960s, however, and up to the 1982 Falklands war, the Kelpers kept a close relationship with Argentina, maintaining trade liaisons, travelling for shopping and tourism, and sending their children to schools in the Argentine region of Patagonia. The issue of their sovereignty only – arguably – became a hot topic in Argentina upon the UN’s ‘Declaration on Decolonisation’ of 1960 and the establishment of the ‘Special Committee on Decolonisation’, which included the question of the status of these islands in 1964.

At the height of the frenzy that this caused in Argentina, a lone aviator, Miguel Fitzgerald, decided to fly a Cessna to Port Stanley, where he landed on the same race track that AR648 would later wallow in, went on to pin an Argentine flag on its fence and hand over a proclamation on the sovereignty of Argentina over the archipelago to a curious observer, after which he took off and flew back to the Argentine city of Río Gallegos. Without a doubt this outlandish incident influenced the young nationalists and helped forge ‘Operation Condor’.

by Prof. Michael Breadmore

This year, 2016, has seen two of the most devastating attacks on airports in history. Landside incidents in Brussels and Istanbul inflicted damage and incited terror through the exploitation of deficiencies in airport security that, while well known by those in the industry, have infrequently been targeted with such skill and devastation.

There are multiple layers of security at airports after (and in some places before) check-in that provide travellers with confidence that they are safe. But performing security prior to traditional security checkpoints, is more challenging. Simply moving screening to airport approaches and entrances prior to check-in is likely to simply create another location in which people collectively aggregate thereby providing an equally attractive target to what we currently experience. It seems apparent that security screening as it is currently done is unlikely to be a solution to this problem – but does a solution exist and is there a way that our significant development of detection technology can be exploited towards this end?

It is beyond a doubt that intelligence is the greatest weapon in the prevention of terrorist incidents, both at airports, and throughout the community in general. If performed correctly, there will be no public awareness that anything untoward may have occurred. Failure on the other hand, can have catastrophic consequences, and is often followed by criticism and blame. Of course, the capability to inflict damage goes hand-in-hand with intent, and identification through the source of capability is a very effective strategy. One possible approach is to detect unauthorised access to difficult-to-source ingredients (such as TNT), and this is one form of chemical intelligence that can, and is used to identify suspects. However this does not address terrorists obtaining chemicals to make homemade bombs that can be sourced from grocery, hardware and drug stores. Tracing the purchase and use of acetone, fertiliser and chlorine is not currently done, so we rely only on intelligence based on intent, and failing that, security at airports, to prevent an incident. The recent attacks have shown that when the perpetrator reaches the airport with both intent and capability, then it is likely to be too late to avoid disaster. We need to think about how to perform ‘security screening’ further away from the airport and the choke points that we currently have.

And that brings me to EMPHASIS – Explosive Material Production (Hidden) Agile Search and Intelligence System – a recently completed project funded through the European Community’s Seventh Framework Programme. This project brought together a consortium of research organisations, companies and government agencies to examine the potential of a broad scale urban monitoring system to chemically detect the ingredients used to make improvised explosive devices. The project aimed to detect explosives and precursors in the vapour phase, in sewage and on surfaces, such as door handles.

Underpinning EMPHASIS is the critical selection of suitable technology to provide complete coverage of materials that can be most easily used to make explosives at home, such as acetone. Inorganic explosive components such as ammonium, nitrate, chlorates and perchlorates, which were used in Bali, are not volatile, and are unlikely to be detected in air. However, such materials can potentially contaminate and be spread by contact with clothing and may end up in the sewage and storm-water systems. In the EMPHASIS project, particulates on surfaces were detected through stand-off laser spectroscopy detecting infrared or Raman backscattering; Vapour sensing of volatile explosives and precursors was performed using resonant Raman scattering and infra-red absorbance spectroscopy and sewage sensing was performed through a suite of individual ion selective electrodes. Each of these sensor nodes is connected in a network, and the data collected and analysed to determine whether further investigation is warranted.

In the aviation community, we often talk about a layered approach to security; measures ranging from intelligence and information sharing, through to staff background checks, perimeter fences and reinforced flight deck doors. Perhaps the most emblematic layer of security is the checkpoint; much emphasis is placed on screening of passengers and baggage, staff and crew. However, with a new breed of threat from terrorists looking to attack softer targets, and the spread of radicalised individuals throughout society, perhaps a new approach to security is needed.

In the public areas of airports, where we have little insight into who is in the terminal building, screening is impractical and we rely heavily on surveillance and patrols. In the secure area of airports, there is greater control, since we know that people are either passengers or are authorised to be present.

However, many different people and organisations have access to the airside, including maintenance organisations, ground handlers, retail staff, airport and airline staff, caterers, cleaners, building maintenance and baggage handlers. Many of these people need to carry tools of the trade or goods for the airport or aircraft as they pass though checkpoints. Do we really know who every single one of these people are, and their intent?

Screening is of course very useful as a method of detection and deterrent for both people and vehicles, but it cannot hope to address all possible scenarios and threats. An additional challenge is constantly keeping background checks up-to-date, and having a reliable source of information. Even then, there is little to say that a person has not become radicalised or is being influenced by an outside factor.

A comprehensive approach to security therefore, relies heavily on people.

What is Security Culture?
One of the most valuable assets that an airport can have in terms of its security is a tight-knit community. Engendering a security culture within this community can effectively deliver hundreds of additional security resources with no additional cost.

Implementing a security culture is often seen as either something theoretical or complicated, but there are straightforward steps that any airport, airline or organisation in the aviation supply chain can undertake.

Fundamental to the foundation of such a culture is a genuine concern for security, and a desire to improve. This has to come from top-level management, and permeate down through the entire organisation. A one-day security awareness training course will have no effect if staff see it simply as an additional task, or something that makes their job more difficult. Security, like safety, has to be at the forefront of everyone’s minds.

Secondly, there has to be a clear definition of everyone’s role in security, from the security manager, through screeners, to airport operational staff, retail staff and cleaners. Security roles should be included in every job description, targets included in every set of annual objectives and part of every contract with external suppliers.

Thirdly, staff must be empowered to act. One of the key barriers to implementing security culture is either an attitude of “not my job” or “nothing I can do about it.” Staff must believe that they can make a difference, and that management will listen to them if they have something of concern to report or a suggestion for improvement.

Red teaming has lately been demonstrated to be an effective method for testing the efficacy of security screening processes. But as with any testing method, questions are raised when vulnerabilities in operations are revealed. Amir Neeman and Dr. Erin Gallagher discuss the benefits and challenges of developing effective red teaming programmes, as well as the potential risks of making public the results of such exercises.

On 1st June 2015, ABC news reported that TSA airport screeners failed to find simulated explosives and weapons in 67 out of 70 red team tests conducted by undercover Department of Homeland Security Inspector General (IG) auditors. The IG auditors (as well as internal TSA red team units) periodically test airport screening in an effort to expose security gaps and allow TSA to address such gaps. However, the stunning failure rate of over 95% led to immediate leadership changes at TSA, sharp focus by Congress on TSA’s vulnerabilities, quick revisions to TSA’s Standard Operating Procedures (SOP) for screening, as well as an extensive screener retraining programme.

In response to the news, many voices were eager to publicly opine on this matter; including Senator John Thune and Bill Nelson from the Senate Commerce, Science and Transportation Committee. They said, “Terrorist groups like ISIS take notice when TSA fails to intercept 67 out of 70 attempts by undercover investigators to penetrate airport checkpoints with simulated weapons and explosives.”

The IG inspectors linked the lapses they discovered to a combination of inattentive TSA screeners and poorly designed or malfunctioning equipment; however, they did not disclose the specific weaknesses they found since this information was classified.

Red team inspectors (external and internal to TSA and similar organisations worldwide) conduct thousands of tests at airport checkpoints, access control systems, checked baggage screening, cargo screening, and other sites to repeatedly expose shortcomings of the security system. This work is considered by aviation security professionals as a type of quality assurance. The results help identify systematic lapses and assist security personnel and their management learn from the mistakes.

But there are important questions related to red teaming – for example, if a red team publicly exposes (intentionally or unintentionally) vulnerabilities within the aviation security system, does it not increase the appetite for adversaries to attack a system that they now perceive as more vulnerable? How does public knowledge of red teaming failures affect screeners’ morale and motivation? How does it affect the risk awareness and potential stress level of passengers and other airport and airline employees? How effective is red teaming since security personnel are often aware that they are being tested?

In this article we will address these questions and others and help explain the role, methodology, benefits and challenges related to red teaming.

What is Red Teaming?
Red teaming is the practice of analysing a security system from the standpoint of an external attacker or an adversary. A red team typically is a group of third-party penetration testers (often experts in the security systems that they are testing) that plan and execute scenarios that would mimic the attack of an adversary. As important as execution, if not more so, is the development of best practices, corrective action plans, and continuous improvement. The ultimate purpose of red teaming is to harden security systems against real-world attacks. Some common examples of red teaming include: white hat attackers penetrating IT networks with a cyber security mechanism; and, military systems with a red team unit simulating military adversaries (sometimes referred to as war gaming or simulations of war). Finally, such systems in our context are aviation security systems (a combination of technology, security personnel and their security procedures) with red team personnel mimicking adversaries attempting to penetrate the system. There should always be a firewall between red teams and the security apparatus they are testing. True red teams test based on information gleaned from open source intelligence gathering or from the direction given by the intermediaries. They do not plan scenarios based on insider information. The group that acts as the intermediary, the white cell, should communicate with the leadership of the organisation being tested and the red team prior to the assessment for scenario development.

With respect to aviation security, a red team is typically a group of Subject Matter Experts (SMEs), with appropriate security, operational, technological and other relevant backgrounds, that provide an independent peer review of technologies and processes, develop relevant scenarios, acts as a devil’s advocate, and knowledgeably role-play the adversary using an iterative, interactive process. These events are used to test the systems and develop corrective action plans, determine best practices, and continuously improve the security apparatus. Red teaming provides security managers with an independent capability to explore alternatives in plans, operations, concepts, organisations and capabilities in the true operational environment of an airport and from the perspectives of aviation stakeholders, adversaries and others.

The increasing abilities and availability of technology are rapidly transforming the ways in which airports evaluate passengers and their baggage. Centralised Image Processing (CIP) has the potential to dramatically improve airport operations in terms of security, efficiency and passenger experience. However, the planning and implementation processes are critical to the success of any new operational procedures. Tom Hardiman and Andrew McClumpha impart their expertise and share the lessons they have learned.

Airports face ever demanding challenges to mitigate the continual threat to the civil aviation security system, whether this is landside, airside, or on-board the aircraft. Within this multifaceted challenge, airports must also deliver operational efficiencies, security effectiveness of the highest standards, a passenger experience that meets expectations, a financial return on investment, and all of this achieved within airport infrastructure limitations. For example, most airports do not have the luxury of being able to increase the size of their passenger search areas to meet increasing passenger numbers and ideally would like to make them smaller to increase retail space and revenue.

Furthermore, changing regulations and the uncertainty over future regulatory changes can make investment in checkpoint technology risky as it is difficult to predict its potential compliance and hence the return on investment. The demand on airports is unquestionably significant and there is clearly a persistent challenge to achieve an effective balance of these requirements within an ever-changing and evolving threat landscape. Oftentimes, the cry for security enhancements to support the proportionate mitigation of the threat will include the use of the term ‘revolutionary change’. However, all of the evidence would suggest that ‘evolutionary change’ is the approach of choice and has been the mark of demonstrable security enhancements within the civil aviation security environment.

Airports face very real challenges on what technologies to adopt and how to achieve their full operational benefits. When rolling-out new technology there is a real danger of miscalculating the benefits and not meeting the business case expectations. Getting the benefits case wrong is easy to do because benefits can be double counted, the true costs (capital and operating) can be misunderstood, and the airport is often reliant on the technology provider to articulate the potential opportunities. Delivering the expected operational benefits can also be tricky because they require the right combination of changes in technology, infrastructure, process, and people to be implemented at the same time; an evolutionary approach for effective integration that evidentially provides sustainable and beneficial operational solutions is required.

This article will discuss our recent work in exploring a more recently adopted security innovation to support checkpoint security screening – Centralised Image Processing (CIP) or Remote Image Screening (RIS). Over the previous couple of years we have been working with early adopter airports to assist in the implementation of new checkpoint technologies such as CIP and in this article we capture some important lessons learned from the experience of these projects.

What is Remote Image Screening/Centralised Image Processing?

Centralised Image Processing (CIP), also referred to Remote Image Screening (RIS) or Matrix Screening, is the networking of checkpoint X-ray screening systems to allow for the real-time management and transmission of X-ray images to location/s that are not necessarily co-located with the X-ray machine itself. The X-ray image processing and interpretation can occur in a remote location to the checkpoint screening area, where a security officer can review X-ray images from multiple checkpoint screening lanes; in a purpose built environment (remote operations facility), or co-located within the checkpoint screening area itself. A combination of these options is also possible.

What are the Potential Benefits of Remote Image Screening?

The cyber threat has, until recently, been solely an IT concern, but with the introduction of increasingly interconnected surveillance and access controls, the threat of a cyberattack should now be treated as an organisation-wide issue that is assessed and protected against in line with physical systems and policy. Shalom Dolev examines the impact of the cyber threat on operations and the measures that can be taken against it.

The cyber threat has evolved from a data security risk to an existential risk to the organisation that is increasingly difficult to defend against. Its impact has severe consequences that have transformed from annoying space invaders through denial of service to complete denial of computing and data lockup, which has ushered in an era where your business may be one mouse-click away from permanently closing its doors.

External and internal threat vectors range from organised crime and ‘hacktivists’ to frustrated or greedy insiders. The intensive use of mobile communication and mobile computing devices for business and private application stretch and blur the boundaries of the organisation’s Information and Communication Technology (ICT) system more than ever. Sophisticated social engineering attacks necessitate more than protective technologies; they require a proactive organisational awareness culture.

Over the last few decades, airports and airlines have become tremendously dependent on ICT. Reservation systems, informational and commercial airline and airport websites, online check-in, unmanned border controls, automated checked baggage systems, networked hyper-connectivity, Wi-Fi networks, air traffic control, e-Enabled aircraft and so much more. However, aside from great operational and commercial benefits, as technology rapidly evolves, cyber-threats are doing so too.

For the commercial aviation industry, airports and airlines, the cyber threat has an additional critical dimension that affects not only the so-called ‘virtual cyberspace’ but to a wide extent the real world. The cyber-attack can be an effective and efficient tool for sabotage, espionage and psychological warfare.

Nonetheless, the perception that a clever teenager on a keyboard can launch and maintain effective and anonymous cyber warfare is a myth. Effective IT security and forensic tools are continuously being developed and distributed worldwide, making the cyber-attack more difficult and more exposed to detection and tracking of the attacker. Hence, the cyber attackers must be skilled in the use of high-end tools and techniques and capable both of avoiding detection by national and international law enforcement and of succumbing to national level retaliatory action (when the attack has been perpetrated by a state).

And yet, despite the tremendous possible impact of cyber security threats, we have to be careful of becoming alarmist in our approach. If a distinguished expert quotes the USA attorney general as saying, “I want you to know there are two types of American companies: those that have been hacked and know it and those that have been hacked and don’t know it,” it would have a paralysing impact rather than a stimulating one – akin to some of the anti-smoking campaigns which, rather than prevent people from smoking, actually stimulate them to seek relaxation, in the form of another cigarette, in response to the scaremongering. Put bluntly, if my company has already been hacked by such sophisticated tools, what is the point of spending money and effort fighting a losing battle? Furthermore, if there are indeed millions of successful cyber-attacks a day, where is the associated proportional damage? Perhaps the devil is not as black as he is painted?

So we want to propose a balanced and practical approach.

When we go back to the basics we should remember the AIC (availability, integrity and confidentiality) triad model designed to guide policies for information security within an organisation. The external hacker is not the only cyber threat and probably not even the most dangerous one. According to 9 Steps to Cybersecurity by Dejan Kosutic, there are four major types of cyber threats: Natural Disaster, External Source Malicious Attack, Internal Malicious Attack, Malfunction and Unintentional Human Error.

As the External Source Malicious Attack is widely discussed and often even exaggerated, I prefer to focus on two topics, the insider threat and the cascading vulnerability of the second tier systems of airports and airlines.