Category: Aviation

The air traffic control recording was chilling: “We’ve got the guy that tried to shut the engines down out of the cockpit…. I think he’s subdued,” radioed the pilot of Horizon Air flight 2059. The Embraer EMB-175 (see graphic 1) diverted to Portland, Oregon, instead of its intended destination of San Francisco. Once on the ground, law enforcement officials confirmed just how close a 44-year-old off-duty Alaska Airlines pilot — Joseph Emerson — came to bringing down a commercial aircraft with 83 souls on board this past October.

Emerson (see graphic 2) was commuting back home and was authorized to ride in the cockpit jump seat like any airline pilot — a common practice in the industry. He made casual conversation with the crew during the flight before suddenly throwing his headset across the cockpit, announcing “I am not OK,” and grabbing the two red T-shaped “fire handles” on the cockpit ceiling (see graphic 3) meant to shut down the engines in an emergency. To fully activate the system, the handle must be first pulled down, which cuts off fuel, electrical power, and hydraulics to the engine. Twisting the handle then releases halon gas inside the engine to smother a fire. One of the pilots quickly grabbed Emerson and reset the handles. The airline reported that residual fuel remained in the lines, and the quick reaction of the crew restored the fuel flow. The crew then subdued Emerson and got him out of the flight deck.

Just four days before this disturbing event, another pilot — Jonathan J. Dunn — was indicted and charged with interfering with a flight crew over an incident that occurred during a Delta Air Lines flight in August 2022. Dunn, who was the first officer, threatened to shoot the captain after a disagreement over diverting the flight to take care of a passenger with a medical issue. Dunn was authorized by the Transportation Security Administration (TSA) to carry a gun under a program created after the September 2001 terror attacks and designed to safeguard the cockpit from intruders. The Federal indictment stated that Dunn “did use a dangerous weapon in assaulting and intimidating the crewmember.” Dunn has since been fired, and his gun was taken away.

These incidents have renewed the debate about psychological screening of pilots, which initially began in 2015 when First Officer Andreas Lubitz (see graphic 4) locked the captain out of the cockpit of a Germanwings Airbus A320 before intentionally ramming it into the French Alps, killing all 150 people on board (see graphic 5). According to the final report, the copilot started to suffer from severe depression in 2008. In July 2009, and each year thereafter, his medical certificate continued to be renewed. About a month before the crash, a private physician recommended the copilot receive psychiatric hospital treatment due to a possible psychosis, but no aviation authority was informed.

The State of Play of Pilot Mental Health Assessments

The “insider threat” has always been a significant concern with regard to aviation security. The Federal Aviation Administration’s (FAA) regulations require airline pilots to undergo a medical exam by an Aviation Medical Examiner (AME) every six months. The AMEs are trained to determine the pilot’s mental health and fitness to fly. While this process provides a means to vet airline pilots, it relies largely on trusting pilots to volunteer information about their mental health.

Pilots are required to disclose during their medical exam any medications they take and whether they have depression, anxiety, drug, or alcohol dependence. They are also required to report any doctor visits during the previous three years and all medical history on their FAA medical application form. This form includes questions about mental health. Based on the answers on the form and the examination, an AME may ask further questions about mental health conditions or symptoms. The AME can request additional psychological testing, or defer the application to the FAA Office of Aerospace Medicine if he or she is concerned that further evaluation is necessary (see graphic 6).

In addition, commercial airlines often have their own mental health screenings and requirements, and they conduct background checks on prospective pilots. Many airlines – such as Alaska Airlines — have also established pilot peer programs to encourage pilots to talk to other pilots about their problems. Apparently, these efforts are not foolproof in preventing these types of incidents.

Previous Events and a Common Thread

Over the past decade, there have been at least seven airline events in which a flight crewmember was suspected of having intentionally crashed the aircraft, or attempted to do so (see graphic 7). Three of these events occurred in the U.S. or involved a U.S. air carrier. When looking further back three decades, these types of events were less frequent, but equally dramatic. Perhaps the most dramatic occurred in April 1994, when FedEx Flight 705 was hijacked by an off-duty jump seat rider. Facing possible dismissal for lying about his reported flight hours, FedEx pilot Auburn Calloway (see graphic 8) boarded a scheduled cargo flight as a deadheading pilot with a guitar case carrying hammers and a speargun. After a bloody battle with the flight crew, the airplane was able to land safely. Five years later, First Officer Gameel Al-Batouti (see graphic 9) intentionally crashed Egypt Air flight 990, a Boeing 767, into the Atlantic Ocean shortly after takeoff from New York’s John F. Kennedy Airport. All 217 people on board were killed.

Security expert Tom Anthony, a former FAA division manager for Civil Aviation Security who is now the director of the University of Southern California’s Aviation Safety and Security Program (see graphic 10), worked on the EgyptAir 990 case, and studied the FedEx flight 705 event. It was no surprise to him when he heard the testimony of family and friends about Joseph Emerson, the pilot involved in the recent Horizon Air flight 2059. The media reported that Emerson’s neighbors were “shocked” that he was involved in the incident, and that he is “a loving husband and father” to his two young sons. Emerson’s wife Sarah Stretch told reporters that her husband, “…never would’ve knowingly done any of that …That is not the man that I married.” She said she knew her husband was struggling with depression but was shocked over his arrest.

“The number one precondition is severe depression,” Anthony explained. He said that each one of us has three personas: (1) the “social self” that we share with the public, friends, and colleagues; (2) the “personal self” that we share only with our spouse or closest family and friends, and (3) our private “secret self,” which we share with no one. It’s that “secret self” that can be difficult to identify.

Anthony says that a probable factor in the rise of these events is the lack of social support. “The internet has had a huge impact … it has led to a lot more time in isolation.” In addition, he says “the internet allows people to indulge in their private side … kind of a “mal-private self.”

He explained that Callaway from the FedEx, Lubitz with Germanwings, and Al-Batouti all had previous incidents “that were ignored or not captured.” All displayed symptoms of depression such as insomnia, unwillingness to engage in normal conversations, and other common indicators.

“We have to acknowledge that mental conditions can be hazards … just another hazard that needs to be identified and mitigated,” he said. “We need to find better ways to “identify behaviors that point to hazards.”

Anthony also believes that the current shortage of airline pilots is another factor that is exacerbating the problem. Pilots that are being hired do not have as long resume with former companies in which background checks can be performed. Also, there has been a marked decrease in the number of pilots that have military backgrounds. There is “less opportunity to know them,” explained Anthony.

Mitigating the Risk of Suicide by Aircraft

The Germanwings tragedy highlighted the importance of monitoring airline pilot psychological health. As a result, the FAA chartered a Pilot Fitness Aviation Rulemaking Committee in 2015 to assess methods used to evaluate and monitor pilot mental health and to identify possible barriers to reporting concerns. The final report concluded that “the best strategy for minimizing the risks related to pilot mental fitness is to create an environment that encourages and is supportive of pilot voluntary self-disclosure.”

The report also noted, “Early identification of mental fitness issues leads to better results.” The committee offered recommendations including the use of pilot assistance programs and stated that when a culture of mutual trust is created, pilots are less likely to conceal conditions and more likely to seek help for mental health issues. This is similar to the work that the airline industry successfully performed in the 1990s to remove the stigma around alcoholism.

To its credit, the FAA responded to the committee’s recommendation on a number of fronts. During the last several years, the FAA has invested in more resources to eliminate the stigma around mental health in the aviation community so that pilots seek treatment. This includes: increased mental health training for medical examiners; support of industry-wide research and clinical studies on pilot mental health; hiring additional mental health professionals to expand in-house expertise and to decrease wait times for return-to-fly decisions; completed clinical research and amended policy to decrease the frequency of cognitive testing in pilots using antidepressant medications, and; increased outreach to pilot groups to educate them on the resources available

The FAA asserts that it is a misconception that if you report a mental health issue, you will never fly again. In fact, the FAA states that only about 0.1% of applicants for a medical certificate who disclose health issues are ultimately denied a medical, and then only after an exhaustive attempt to “get to yes.”

A New Push for Answers

In response to this issue, the National Transportation Safety Board (NTSB) hosted a “Summit on Pilot Mental Health” this past November. The agency’s chair, Jennifer Homendy, has been a vocal critic about the issue. “There’s a culture right now, which is not surprising to me, that you either lie or you seek help,” said Homendy during the forum. “We can’t have that. That’s not safety.”

Homendy called for some form of an amnesty period from the FAA where pilots who have experienced issues can discuss their situation openly without fear of repercussions. “We are all human,” Homendy said. “Who hasn’t among us faced some sort of crisis in our lives? We expect pilots will be some superheroes and continue on as if nothing’s happened in our lives … Everyone is in need of help at some point.”

The day before the NTSB Summit, the FAA announced that it was appointing another Rulemaking Committee to examine pilot mental health “to provide recommendations on breaking down the barriers that prevent pilots from reporting mental health issues to the agency.” The committee will include medical experts and aviation and labor representatives, and will build on previous work the FAA has done to prioritize pilot mental health. In addition, the FAA will work with the committee to address open recommendations from a July 2023 audit report from the Department of Transportation Office of Inspector General (OIG) regarding pilot mental health challenges.

The DOT OIG report confirmed that the FAA’s ability to mitigate safety risks is limited by pilots’ reluctance to disclose mental health conditions. Primary factors that discourage pilots from reporting are the stigma associated with mental health, potential impact on their careers, and fear of financial hardship.

The DOT OIG report also asserted that it is imperative that the FAA continue to address barriers that may discourage pilots from disclosing and seeking treatment for mental health issues. Also, a continued focus on this issue from the FAA and industry stakeholders could improve mental health outcomes for airline pilots and enhance the FAA’s ability to mitigate safety risks.

As drones become increasingly popular with the public, their intrusion on airport airspace is becoming an increasingly serious problem. To find out what can and is being done to counter the airport drone threat, Transportation Security International (TSI) sat down with two experts in a virtual roundtable. Jeffrey Starr is chief marketing officer with D-Fend Solutions, a global provider of counter drone solutions for sensitive and challenging environments. Leo McCloskey is vice president of marketing with Echodyne, whose radar equipment can be used to detect and track drones.

TSI: Just how serious is the threat of drones impinging on airport airspace?

Jeffrey Starr: First, the physical safety risk is significant. Studies have shown that common commercial drones with heavy payload capacity can cause severe damage to aircraft, including shattered windshields, penetration and inhalation hazards, and lost optics. Ultimately such collisions could require emergency landings.

Even at slow speeds, such collisions could cause plastic damage and extensive deformation to aircraft skin, as well as additional damage to internal structures. At high speeds, collisions could cause severe deformations of slat curvature, damage to the leading edges, and even possible penetration of drone debris into the fractured area.

The implications and economic impact are enormous, as reflected in grounded flights, missed connections, angry passengers, and lost revenues. Indeed, the after-effects of a drone incident can lead to serious consequences and substantial financial costs. Therefore, rogue drones operated by the criminal, careless or clueless create many challenging situations for airports.

Looking at use cases or scenarios; it’s not only routine airport operations that are affected by drone intrusions, but also special situations such as a special event or VIPs traveling, whereby the airport might have to take special precautions against hostile drones, beyond the normal threat to operations.

Drone threats to airports are not just a routine safety issue. The threat is very dynamic, and airports must prepare for different scenarios depending on its unique traffic flows and day-to-day operational life.

Leo McCloskey: Given the heavy use of aircraft to move people about, anything that jeopardizes the safety of the national airspace system (NAS) is unwelcome. Luckily we’ve had few actual collisions but we are just a bit of bad luck away from a serious incident.

It’s not just the threat from unwanted or intruding drones, though. It’s also about how drones are integrated into the NAS. Without knowing what good drone behavior looks like, determining bad intent is practically impossible. This state of alertness without actual information about drones causes anxiety, which only elevates the risk to the NAS..

TSI: What examples of such incidents can you tell us about?

Jeffrey Starr: Drone sightings and incidents around airports have increased significantly in recent years. Since the beginning of 2023 alone, there have been serious drone incidents at many airports including Edinburgh, Madrid, Palm Beach, Warsaw, Pittsburgh, Frankfurt, and famously, multiple incidents in Dublin, just to point to a few.

At Edinburgh, flight departures were disrupted and delayed due to an unauthorized drone near the runway. A drone also caused delays at Madrid-Barajas Airport when it was spotted by an incoming flight from Paris.

In Palm Beach, a pilot reported a drone right off the side of an aircraft. Flights have also been suspended at least six times since January at Dublin Airport, causing the diversion of flights to other airports.

In Warsaw, an airplane pilot reported seeing a 3-meter-long UAV flying within 30 meters of an LOT Embraer aircraft as it was landing at Chopin Airport.

Operations at Pittsburgh International Airport were suspended for approximately 30 minutes due to reports of an unauthorized drone sighting on the northern section of the airfield.

A drone sighting at Frankfurt Airport caused flight cancellations and delays, including a 40-minute complete shutdown and 20 canceled flights.

These are just some selected recent representative examples of many that have occurred this year alone.

TSI: Why is this happening with drones? What are the range of motives for people flying drones into protected airspace?

Leo McCloskey: There are roughly three types of drone operators.
What we’d want to be the largest type is the licensed and well-behaved drone operator that follows regulatory guidelines for things like RemoteID.

The second type are those that fly with abandon, without really thinking about rules and regulations. Whether a daredevil or simply confused, drone flight outside the norm is always a risk. Not because of malicious intent, just because of risk and probabilities over time.

The final type of drone operator is the bad actor using the drone with intent, whether delivering contraband to prisons or small explosives to jet fueling areas. We need to protect about types two and three and focus our worry and concern on type three..

Jeffrey Starr: As drones proliferate with increased popularity, greater ease of use, and cheaper prices, the likelihood of incidents near airports rises and the risk they pose to airports grows increasingly higher.

There are diverse types of threats. A careless user causing a collision is the most discussed. But more malicious kinds of threats could include an actual attack by a bad actor, or surveillance or espionage, where malicious actors may attempt to observe an airport for potential future violations.

TSI: What options exist for detecting and intercepting drones?

Leo McCloskey: Detecting is different from tracking, which is very different from identifying and then intercepting.

There are many options to accomplish the task. The minimum requirement is at least two sensors that combine to provide detection through identification, typically radar and optical. The most important component of any system, though, is the command-and-control software layer that harnesses the best of all sensors to deliver comprehensive situational awareness.

Jeffrey Starr: There are multiple technologies that can be deployed to help, but what we must consider with airports is that they are an extremely different sensitive environment compared with the surroundings where traditional legacy counter-drone technologies emerged from, namely the military battlefield.

To understand this problem better, it’s important to examine the multiple functions of detection, identification and mitigation.

The risks associated with a drone at airports have caused many airports to start evaluating options for effective and specialized counter-drone technologies that are suitable for the unique and sensitive environments of an airport. However, reaching the desired levels of airspace safety in the context of increasing rogue drone activity has proven to be particularly challenging, since legacy military technology countermeasures have serious issues in a civilian airport environment.

Counter-drone technologies originating from the military realm have performed well in the environment for which they were originally designed. However, when they enter the sensitive airspace of a civilian airport, many glaring shortcomings become apparent.

For drone detection, radar has played a role for a long time, but in an airport environment radar may generate false positives from not always being able to clearly distinguish between a drone and other flying objects such as birds.

Optical camera-based systems for identification require a clear line of sight, which can be difficult in urban environments or hilly terrain. Acoustic methods are challenged by noisy airport environments and increasingly quiet drones.

Traditional radio frequency (RF) based methods such as directional finders may not be able to locate and track the drone to the highest degree of precision.

More importantly, the challenges are even more steep when considering mitigation, especially when again looking at countermeasures that came from the military sector.

Jamming could be prohibitively problematic to a sensitive airport environment, given the possibility for disruption to communications and operations. It’s also temporary by nature, and the rogue drone pilot could regain control when jamming ceases.

Any type of kinetic/physical mitigation method involving shooting some sort of projectile at the drone, carries with it the serious risk of collateral damage, either from the projectile itself or the downed drone and resulting debris.

TSI: What role does your company’s product play in countering the drone threat, and who is using them today?

Leo McCloskey: Radar is the foundation sensor for nearly every counter-unmanned aircraft system (C-UAS), and we make a very high performing radar at commercial prices without military export controls (ITAR). Our radars are used by dozens of C-UAS systems, DOD/MODs, and policing agencies.

Jeffrey Starr: We are pioneers in a new-generation category of C-UAS, namely RF Cyber. RF (radio frequency) cyber technology can help combat the dangers posed by the growing number of rogue drones flying close to or over airports.

All the challenges associated with legacy C-UAS technologies are the reason why we advocate for an approach based on what we call “cyber detection and takeover mitigation,” where the technology can detect communications between the pilot’s remote control and the drone and ultimately, if desired and necessary, and if allowed and performed by authorized personnel, to take over the rogue drone.

With this approach, not only can such technology perform detection in ways that traditional technologies cannot, but, more importantly, major advantages can come into play during mitigation, especially versus the legacy technologies of jamming and kinetic.

Jamming disrupts the communication between the remote control and the drone but brings challenges because it can also disrupt communications of nearby technologies, and its temporary nature is limiting. Kinetic means of shooting down the drone are obviously not optimal in an airport environment because of the huge potential for collateral damages.

RF Cyber takeover represents a safer and more optimal technology because it allows for continuity, potentially preventing a potential incident from becoming an actual incident while allowing airport operations to continue.

TSI: What are the hurdles confronting airports and their suppliers in the use of counter drone technology?

Jeffrey Starr: The technology challenge is to constantly develop and enhance with innovations that can stay ahead of drone technology and develop and update countermeasures as new drone technologies advance, in a never-ending game which combines cat and mouse with leapfrog.

Market and user education is also critical as brand-new UAS and C-UAS technologies emerge since operators come from using traditional technologies. While there is an education process, the good news is that innovative technology such as D-Fend’s EnforceAir is quite easy to operate for qualified security professionals, who become fluent in it quite quickly.

Another challenge is dealing with the unique parameters of each individual airport. C-UAS implementations must conform to each local environment, as there may be legal and regulatory issues in terms of which security agencies can do detection and mitigation. Solutions must adapt to each environment, according to their local requirements and regulations.

Leo McCloskey: The primary obstacle is that interfering with any aircraft operation is illegal. A drone is an aircraft and, therefore, any mitigation activity is illegal. The legal and regulatory framework for detecting bad actors in the airspace is unprecedented territory for regulatory agencies. It will take time.

TSI: What new, more aggressive options are being developed to counter drone intrusions, and how close are they to becoming reality?

Leo McCloskey: There are novel methods, such as high-powered energy weapons, for interdicting rogue drones. The challenge is less technical and far more legal and regulatory.

Jeffrey Starr: Policymakers, regulators, security agencies, and airport operators around the world have been taking steps to deliver strong messages that operating unauthorized drones near airports is illegal, and could lead to financial penalties, criminal charges, and even imprisonment.

An understanding is emerging that during what may be transitory periods for airports, an ideal solution could encompass both passive detection to raise the airport’s situational awareness, with a migration path to eventually extend to also include full, seamless, simple, and safe mitigation capabilities, as policies and regulations permit.

The new-generation counter-drone technology, RF Cyber, is showing promising results for airports for both detection and mitigation. RF cyber-detection solution is showing agility, providing airport security personnel with the ability to quickly adapt.

Unlike various legacy anti-drone technologies, new generation RF cyber-detection detects and tracks both authorized drones and rogue drone threats, providing situational awareness along with a rich set of capabilities, including accurately tracking drone location, home location, and drone operator location.

The system understands the unique identifiers of each drone. Once a drone is classified as ‘authorized’, it would be labelled as such and be allowed to fly undisturbed in defined areas. The ability to distinguish between authorized and unauthorized drones would ensure continuity for drones performing essential functions at the airport. Airport security staff can choose how to utilize the information to contend with the risk and achieve optimal operational continuity.

When permitted by local regulations and policies, and performed by authorized security agency staff, RF-cyber takeover mitigation capabilities can be activated.

Detecting and, when permitted, mitigating the rogue drone threat quickly and efficiently can help maintain safe airport operations. Such a system could assert control over rogue drones and land them safely in a designated zone, as allowed by regulations and performed by the authorized personnel.

Airports could be empowered to detect threats without excessive burden on human resources, disrupting communications systems, or damaging existing infrastructure.

These cyber counter-drone systems must include stationary configurations specially designed for the unique requirements of airports, with enough long-range coverage for airport deployments to protect the airports’ airspace. The sensors must protect the approaching and takeoff air corridors. The hardware should be designed to withstand any extreme environmental conditions of the airports’ location.

Airport security, safety and continuity would be further facilitated by preventing the drone pilot from regaining control over the hostile or rogue drone, thereby smoothly mitigating the threat. Airport authorities could receive preventative alerts while providing crucial data — such as drone takeoff and pilot remote control locations, so authorities can deal with specific flights and dispatch appropriate personnel.

TSI: Finally, is the drone intrusion problem likely to become more serious in the future? If yes, then should airport authorities plan to become more proactive in addressing it? Will they need their own counter-drone force to knock these drones down?

Leo McCloskey: As soon as a tragic accident involving a drone occurs, this will become a very serious issue. Let’s recall what happened after September 11, 2001, — the entire airline industry was grounded for days in one of the largest markets in the world. What do you think will happen if a drone causes a tragic incident?

Jeffrey Starr: Certainly, as airport traffic and capacity grow alongside a proliferation of drones, the problem will grow more severe and dangerous. This combination increases the potential for risk and the potential demand for this kind of technology to be able to take over in those situations.

Having said that, new-generation technology such as RF Cyber is not anti-drone, on the contrary. These enable the new drone economy, so it’s especially important that more sophisticated technologies emerge, which for example can distinguish and identify between a friendly authorized drone and a hostile unauthorized one.

It’s becoming increasingly clear that sensitive airport environments will benefit from advanced and innovative defenses against rogue drones that are also themselves focused on safety and control. Technology should also conform and evolve with current regulations and be future-ready as regulations rapidly evolve to confront the recognized threat.

Airports rely on uninterrupted operations. A new generation of RF cyber detection and mitigation technology could help assure that airport operations continue to run as usual. Continuity prevails as flights, communications, security, and everyday life in the protected airport area proceed smoothly.

Preparedness facilitates greater alertness of threats to security through continuous assessment of evolving risk, robust and repetitive training and routine practice, as well as clear escalation and response procedures, and ongoing quality assurance.

As new, and often unpredictable terrorist tactics emerge, it is imperative that the security industry evolves with the changing security landscape where high-volume public spaces and transport networks have become a prime target for terrorist attacks designed to achieve maximum notoriety. Industry should support working collaboratively towards setting standards for the effective application of security measures and processes in large public spaces and transport infrastructure, underpinned by rigorous and certified training standards, practices and outcomes.

Leading the way is aviation security, reinforced by a mandated syllabus and quality assurance framework that is overseen by the Civil Aviation Authority (CAA), with performance and quality-based metrics. The robustness of aviation security training processes enables better preparedness across a broad range of threats and vulnerabilities with a capability that is standardized and reliable in its delivery of threat mitigations which are repeatedly assessed to be assured of their effectiveness.

Aviation security trainers are certified by City & Guilds or are required to have a Certification Instructor Number (CIN) validated by the CAA, but this level of certification is not yet pan-sector wide. Outside of aviation security training, quality assurance is not framed in legislation and in many cases by any form of directive. Without a requirement for academic or vocational qualification, many organizations employ trainers without certification of theoretical study and practical experience of an accredited syllabus. Alarmingly, some security trainers are wooed by available courses that allow them to breeze through within a short timeframe, leaving them ill-equipped to provide effective protection.

The public should have the assurance that security personnel have been trained to the highest standard to deliver the outcomes of accredited knowledge transfer confidently and effectively. Furthermore, after initial training, periodicity of assessment and refresh are crucial to maintain readiness for action and the required level of protection.

Behavior Detection Awareness

Industry has a duty to analyze training needs more effectively to enable more robust delivery and better preparedness.

Behavior detection awareness skills play a significant role in achieving preparedness of security personnel in high footfall spaces and infrastructure. The ability to detect unusual behavior, such as individuals working later or starting earlier than normal, someone carrying a bulging rucksack or someone who looks nervous, jumpy in a public area, is crucial to prevention activity.

All personnel who encounter people, are located close to vehicles, or sit behind a CCTV camera, should undergo behavior detection awareness training (as a minimum) to help mitigate risk. The training hones observation skills to identify potential hostile reconnaissance, preparatory assessments, dry runs or approaches to an attack, and sharpens an individual’s instincts to share suspicions with their superiors. Behavior detection awareness training can be provided at low cost and implemented at pace, yielding high impact results to reduce risk and to better protect the public.

A higher level of behavior detection training can be provided for security staff to become behaviour detection officers with the necessary tools and skills to respond swiftly. By shifting the security sector mindset to be pre-emptive and prepared, threats can be identified and intercepted to prevent activity escalating to catastrophic effect.

Working with Technology

As technology advances, increasingly sophisticated security equipment is being deployed in airports but across critical national infrastructure and spaces that attract high volumes of people security equipment is largely limited to expensive CCTV systems.

No matter how advanced the CCTV system is, the user must be fully trained in the use and aims of equipment and its capabilities. CCTV cameras can act as a deterrent, and images can be used as evidence post-event, but it is unfeasible for the user to have eyes on ten CCTV screens all at once, to notice suspicious behavior that is caught on just the one camera, and then act to intercept.

An advanced CCTV camera system can be programmed to spot irregularities to the pattern of life, such as a large crowd of people moving at one mile per hour on the concourse of a city train station. If a camera spots a static item or someone running, the camera will bring these to the user’s attention, but it cannot make the decision to respond or act. Therefore, users need to have the knowledge, skills and behavior to respond to whatever has triggered the technology, because if it is left unmanaged, the consequences could be lethal.

Without investing in knowledge transfer and response skills through proper training, a high-tech system can provide a false sense of security. In a trained environment, the user behind the camera will report the trigger to a behavior detection officer, who is trained to escalate an interceptive response.

To better protect people in large public spaces, pan-sector, the security industry needs to take control of the standard of training input to control the standard of output. The more inadequate the training, the more serious the consequences and therefore it is critical that training input does not merely skim the surface and tick a box.

Quality Assurance

Quality assurance of security through covert and overt testing aims to obtain a clear picture of security effectiveness and to quickly identify any failing mitigation.

Embedded within an organization’s established systems and processes, covert testing serves to identify gaps in measures and procedures, and to provide recommendations for improved preparedness.

If businesses and organizations are paying millions of pounds for security equipment, resources and complex operations, they must be confident of the return on investment and that the security provision will mitigate the risks it is designed to identify.

Deployed in the aviation industry, Security Management Systems (SeMS) provide airports with the means to identify and address security threats, gaps and weaknesses in a consistent and proactive way, such that people can be confident that security practices are effective and quality assured.

In 2021, the UK Civil Aviation Authority (CAA) published a whitepaper outlining the importance of incorporating SeMs into the daily operations and culture of an airport. With mandatory SeMs on the horizon, airports should be looking at holistic, digital SeMs that can provide an error-free and clear picture of all security activities, from tasks, audits, training, employee background and more, to improve risk management and quality assurance.

To add another layer of quality assurance, Redline Assured Security is pioneering a synthetic testing service to enable frequent assessment of airport security screeners in high numbers. Qualitative testing of entire cohorts of screeners in a simulated environment means training programs on emerging threats can be rolled out at speed. Whilst effective for smaller operations, covert testing allows for a comparatively reduced number of screeners to be trained on-site at once, providing only a sample insight into screener performance and their confidence in identifying and acting upon threats.

Working Collaboratively

It should be without question that security trainers or training organizations can be relied upon to deliver effective programs that are aligned with outcomes to prevent or mitigate risk and threats. Sub-standard training results in less than acceptable detection, deterrence and response procedures, which can result in criminal activity escalating into the lethal space.

As an industry, we have a duty to enforce better management of quality assurance frameworks across the entire security eco-system so that the buyer is assured of continuous improvement of meaningful inputs, aligned to analyzed objectives, to ensure the right outcomes first time.

About Paul Mason

Paul Mason is managing director for Redline Assured Security, part of Air Partner Group, a Wheels Up company. With over 25 years of aviation experience, Paul was at the helm of Redline from inception in 2006 to acquisition by Air Partner in 2019, guiding Redline from a concept through to the internationally acclaimed security training, consultancy, and quality assurance company that it is today. The division offers an unmatched range of products and services spanning all aspects of safety and security, training, consultancy, quality assurance and innovative software products to cater for the needs of tomorrow’s threats and risks as well as big data handling, live data analytics and real-time threat and risk management.

www.airpartnergroup.com

www.trustredline.co.uk

In the modern era of technology, convenience and efficiency have become paramount, especially when it comes to travel arrangements. With the ease of online booking, sharing airline booking numbers and last names has become common practice, but what may seem like an innocuous act unfortunately can actually lead to a severe security vulnerability that still needs addressing.

Airline booking numbers, often referred to as Passenger Name Records (PNR), are unique identifiers assigned to each flight reservation. These alphanumeric codes, along with the traveler’s last name, are routinely shared through various means, such as email invitations, shared calendars, and messages with friends or colleagues.

Most people are unaware of the potential risks associated with sharing this sensitive information, but in this blog, we’ll explore this unsettling security issue surrounding airline booking numbers and the lack of authentication that allows unauthorized individuals to make changes to your flights — something that could lead to potential disruptions of your life and even financial losses.

How Airline Booking Numbers Can Be a Gateway To Unauthorized Flight Modifications

These consequences are not hypothetical — I’ve personally witnessed them within my own family.

It was a beautiful summer day in Seattle when I found myself visiting my sister’s cozy home for a much-awaited family reunion. Though we were all excited to spend time together, as I stepped into her living room, my sister greeted me with a slightly troubled expression on her face.

“You won’t believe what I just did,” she exclaimed, looking a bit flustered. When I asked what had happened, she began to narrate the incident with a sigh.

Earlier that day, she’d decided to make a minor modification to her upcoming flight with British Airways, and like many others, she turned to the internet for the airline’s contact details. She landed on what she thought was British Airways’ official website and quickly found a toll-free 800 number — without pausing to double-check the website’s authenticity, she dialed it and was greeted by a pleasant voice claiming to be a representative from British Airways.

Oblivious to the potential danger that lurked ahead, she proceeded with her intention to modify. The “representative” asked for her booking number, her last name, and then the shocking request for her credit card information.

“That’s when I started feeling something was off,” she confessed. “I mean, why would they need my credit card details to make a simple flight change?”

Listening to her story, I immediately sensed the gravity of the situation. It was evident that she had stumbled upon an imposter posing as British Airways’ customer service, though she’d been lucky — having realized that she might be caught in a potential scam, she wisely hung up the phone before any further damage could be done.

However, the story didn’t end there. The scammer on the other end, displeased with her decision to terminate the call, took spiteful action. Without a second thought, they maliciously canceled her non-refundable ticket to Europe, leaving her distressed and baffled. She promptly contacted British Airways’ official customer service, and to her surprise, they informed her that the cancellation had been done online, and she had initiated it herself.

“That’s impossible,” she argued. “I didn’t cancel it!”

As no one else in her household had access to her personal information, it became clear that someone else had manipulated her booking and caused the cancellation. As we delved deeper into the situation, it dawned on us that her personal information must have been compromised during that seemingly innocent phone call to the fake customer service number — the imposter had cleverly gathered the necessary details to access her account on the official website and make the sinister alteration.

The Potential Consequences of Security Flaws in the Airline Industry

My sister’s unfortunate experience not only served as a cautionary tale but also got me thinking about the larger security issue that travelers face due to the lack of proper authentication methods employed by airlines.

While my sister was lucky to escape worse consequences, that lack of robust authentication in the airline industry allowed someone with malicious intentions to easily exploit what they did manage to gather from her, leading to unauthorized access and unauthorized changes to her flight.

It’s a significant security flaw that, by obtaining your booking number and last name, malicious actors can gain the power to manipulate your travel plans without your knowledge or consent — what’s worse is that this also opens the door to a range of other unsettling possibilities:

• Flight Changes: Unscrupulous individuals can modify your flight details, altering the date, time, or destination without your knowledge — imagine arriving at the airport only to find out your flight has been rescheduled, causing undue stress and inconvenience.

• Flight Cancellations: In a worse scenario, hackers can cancel your flight altogether. This could lead to missed events, important meetings, or once-in-a-lifetime opportunities.

• Identity Theft: Airline booking numbers, when combined with personal information, can be exploited to commit identity theft, leading to more severe consequences beyond flight modifications.

• Financial Loss: Unauthorized modifications can result in extra fees, penalties, or the loss of non-refundable tickets, leaving travelers with a financial burden they did not anticipate.

How to Improve Cybersecurity in the Airline Industry

To protect their customers’ sensitive information and provide peace of mind to travelers, the airline industry must acknowledge and address this glaring security issue — here are some baseline (yet essential) steps that airlines and booking platforms should implement to get started:

• Two-Factor Authentication: Implementing two-factor authentication (2FA) would add an additional layer of security, requiring users to verify their identity through a second method such as a one-time code sent to their mobile device.

• Encryption and Tokenization: Robust encryption and tokenization techniques can help safeguard sensitive data like booking numbers and personal details from unauthorized access.

• User Education: Airlines should boost awareness among travelers regarding the potential risks associated with sharing booking numbers and last names — and thereby promote responsible sharing practices.

• Regular Security Audits: Conducting routine security audits and vulnerability assessments will help identify and rectify potential weaknesses in the booking systems.

Security Standards Suitable for the Airline Industry

Regarding the final point about audits, there are a few standards that can help airlines and booking services shore up this security flaw, as well as other vulnerabilities that may be lurking in industry cyber defenses:

• NIST Cybersecurity Framework (CSF): A set of guidelines and best practices designed to measure and track maturity as an organization grows and its threat landscape evolves; implementing and being assessed against the NIST CSF can improve your critical infrastructure so that you can better manage and reduce cybersecurity risk.

• PCI DSS: Whereas the NIST CSF takes a broader scope of your cybersecurity, PCI DSS concerns itself particularly with the controls you have in place to protect payment card data and its environment from unauthorized access or use, of which multi-factor authentication and encryption are requirements.

The airline industry is not unique in facing cyber threats, and these standards — and the third-party assessments that independently validate the efforts they require would be worth the investment as threats continue to grow more sophisticated across all sectors.

Moving Toward More Secure Air Travel

The ease with which airline booking numbers and last names are shared presents a serious security concern that must not be overlooked. As passengers, we must be vigilant and mindful of where and with whom we share our booking details, but airlines must also prioritize the implementation of robust security mechanisms to safeguard their customers and preserve the integrity of the travel experience.

Through the implementation of adequate authentication measures validated thoroughly by regular security audits, travelers will become less vulnerable to unauthorized flight modifications, cancellations, and potential identity theft, just as the airlines themselves will become less likely to suffer the negative consequences associated with customer dissatisfaction.

By raising awareness and taking necessary precautions, we can collectively ensure safer and more secure travels in the digital age.

About the Author

Avani Desai is a chief executive officer at Schellman, the largest niche cybersecurity assessment firm in the world that focuses on technology assessments. Ms. Desai is an accomplished executive with domestic and international experience in information security, operations, P&L, oversight, and marketing involving both start-up and growth organizations. She is a sought-after speaker as a voice on topics such as security, privacy, information security, future technology trends, and the expansion of young women involved in technology.

The aviation industry had a tough dig out of the Covid-19 pandemic hole, but now, airports and airlines appear to be back booming with full passenger loads and enough construction to last a lifetime. Much of the focus over the 2021-2022 rebuilding period was on staffing level. Aviation employers could not seem to get qualified personnel through the doors, trained up, and out into operations quick enough. There was a real lack of operational grasp and disengagement in security culture. Thankfully, as an industry, we all got “back to basics” to re-energize the culture and refine the fundamentals to an accepted level of compliance.

Aircraft Search: Daily Challenges and Best Practice Review

The topic of aircraft cabin search remains relevant and ever evolving. In October 2020, I had the privilege to write a piece (for what was then ASI Magazine) examining aircraft cabin search and the daily challenges and best practice to reduce inconsistency and make the operation as effective as possible. Fast forward three-plus years, it is important as security practitioners that we revisit the foundational concepts that build out our security programs with the intent of continuous improvement. Plus, with today’s threat landscape across the globe, aviation (and all critical infrastructure and security sectors for that matter) will continue to be a high target for attack.

As a little bit of back story, my previously published article from 2020 outlined several of the daily challenges security organizations and stakeholders faced with aircraft cabin search operations. These included delivery of effective training (specific training for various aircraft cabin configurations plus adapting to your demographic and audience), the stress of a highly regulated environment, poor utilization of equipment, lack of management and operational pressure. To tackle many of these challenges, there are basic steps an organization can apply for oversight measures. Or possibly look at a larger strategy adjustment to achieve a more consistent operation and higher level of performance.

Unfortunately, our world continues to be faced with emerging threats and ongoing conflict. And the trouble is not siloed to physical incidents. Multiple industries are now seeing a large uptick in cyber crime as well; so, protecting and checking for data accuracy also needs to become top of mind.

This article is broken down into multiple sections. Each section briefly discusses a stakeholder’s perspective and approach to achieve optimal compliance in aircraft cabin search.

The Airline’s Perspective

There has been a drastic change on the airline side and their view of security. In past years, security was a pesky cost added and required on a station’s P&Ls, but now it is prioritized and planned into the daily operations. The concept of CPTED (crime prevention through environmental design) has become more prevalent these days when approaching integration of security.

As an airline that’s placed security as a top priority for a very long time, Virgin Atlantic has taken some further steps to ensure compliance. In a recent conversation with Gareth Cross, AVSEC manager: regulations and compliance for Virgin Atlantic’s Corporate Security Department, he stated that the organization shifted to a risk resiliency and SeMS approach to security. Now, as part of a proactive measure, the Corporate Security is seen as a consultant and partners with the engineering group during the design phase of aircraft and collaborates in the decision-making process to ensure compliance with the company’s security program, as well as the multitude of civil aviation regulations and Transportation Security Administration (TSA) programs.

Let’s examine the life vests on an aircraft. Here in the United States, the TSA requires foreign carriers to either seal their life vest compartments, which then requires the security provider to inspect the seals for any evidence of tampering. Otherwise, each individual life vest must be removed from the pouch or compartment and thoroughly inspected for prohibited items. Some of the newer life vest technology that is being utilized by many airlines does not quite meet some standards. Although sealed, the design still allows for the concealment of small, prohibited items. In addition, the way some life vest compartments are affixed underneath the seat allows for more potential concealment space, and the location is difficult to spot for the security team. Doing the proper research and selecting the appropriate life vest compartment design will reduce the vulnerability and have a direct impact on compliance.

The Security Provider Perspective

Security companies continue to be faced with ongoing challenges, so it is critical that an organization places heavy emphasis on a strong security culture to mitigate risk. Within the framework of security culture, we can typically break it down into three functional areas: people, processes, and technology. If the fundamentals of aircraft search have been established, then further assessment of the functional areas will allow a security provider to put focus on continuous improvement. First, let’s cover refining processes within quality control, then discuss where technology fits into the equation.

For quality control processes, routine testing is a solid best practice. If you are looking to achieve the highest level of effectiveness from the company’s covert testing program, it’s essential to think about the approach and methodology towards covert testing, otherwise you may end up with a false sense of security. In other words, just conducting covert tests is not sufficient; the planning, execution, and follow up is critical.

There are a few considerations that should be applied towards the covert testing methodology:

• Types of test pieces being utilized.

• Placement of the test piece and accountability.

• Who was involved during the test.

• Documentation and reporting.

Starting with test pieces, the approach here needs to be a holistic one. More often than not, security officers have fallen into a complacent pattern of searching for a specific test item. If a company is constantly testing the team using this one specific item, the daily routine has now become search an aircraft for the “orange ball.” The search mindset needs to change to item recognition. It is not about looking for the “orange ball”; the mission must shift towards what item does not belong on the aircraft. As we all know, threat items can be disguised as anything!

Selecting the test pieces for a covert testing program is a very sensitive area that requires careful consideration and collaboration for multiple stakeholders. One popular opinion is to utilize lifelike test pieces that will require a heightened level of vigilance from security officers. The upside to this strategy provides more of a real-world simulation, raising the performance bar for compliance, but the risk level for potential lack of accountability becomes severe. If a test piece goes missing and is potentially found while in-flight, a disruption to operations will come at a very high cost to an air carrier. It’s recommended that any sensitive test pieces be approved by the specific air carrier, and loop in your regulatory partners.

The execution of a covert test requires planning. It is important the security providers are familiar with the aircraft configuration and conduct tests in multiple areas. Repetitive test piece placements will ultimately result in a false sense of security and lead to complacency among the security team.

The last component here for covert testing is the emphasis on documentation and effective reporting. Putting the mechanisms in place to gather a wide range of data will prove invaluable when the shift to proactive mitigation is put into place. If an organization has the capability to track the trends of who located or missed a test piece, where it was placed, the type of aircraft, what type of item was used, now more effective decisions can be made going forward on operational procedures. Could failures be due to a gap in the training program? Does the current SOP not require a specific area to be searched? Is a change needed in the staffing plan? These factors can now all be data-driven decisions.

Aside from the covert testing, another key layer of quality control involves paperwork review, and verifying people versus time. And what this boils down to is the accuracy of data. This is the area where technology can play a pivotal role.

An effective aircraft cabin search is going to average a certain amount of time, with a designated amount of security officers assigned to the task. Conducting frequent reviews of the flight turnaround data will help to ensure a level of consistent service is maintained. If there are any anomalies, those instances will need to be investigated. For example, if on a given day two security officers search an entire widebody aircraft in 30 minutes which usually takes a staff of eight officers, that needs to be marked as a red flag and investigated. Currently, there is proven technology out in the market that can be utilized to track and trace airport personnel movements. Having a platform such as this in place provides that layer of transparency for auditing operations in real time.

The Regulatory Perspective

Aviation security regulators remain focused and vigilant on keeping the traveling public safe. And the same core mission applies to all transport sectors — including maritime, railroad, bridges and roadways. Here in the U.S., the TSA will continue to utilize their intelligence to prepare for emerging threats.

It is important to remember that security regulators and inspectors are on our team. The purpose of any government and/or civil aviation authority audits are to ensure all stakeholders are maintaining an acceptable level of compliance based on a determined threat level. They are not out for the “we got you” mentality. The goal is to establish the assurance that aviation is operating at an optimal level of public safety (this includes the aviation workers as well).

The best way to develop a solid working relationship with the regulatory entities is through communication. Set up a regular meeting cadence. Topics on the table for discussion can include local and foreign concerns, joint-testing and audits, best practices, and clarifying any unclear regulatory guidelines. Having this type of relationship and open dialogue in place between stakeholders will have a direct positive impact on compliance and culture within the security scope.

About the Author

Douglas O’Mara is based in New York and works for Global Elite Group, the U.S. aviation security division of Securitas Transport Aviation Security. He is senior vice president of performance and regulatory compliance, with focused oversight of company AVSEC training, quality control, safety, and regulatory. Doug is an ICAO AVSEC PM and Airport Certified Employee – Security (American Association of Airport Executives). He can be contacted at domara@globaleliteinc.com.