Date: 4 October 2011
Remarks of Tony Tyler at AVSEC World, Amsterdam
Good morning. I am very pleased to be attending my first AVSEC World and I am honored to share the dais with so many esteemed colleagues. As someone who has spent over three decades in the airline industry I understand and admire the valuable job that all the people involved in aviation security do.
Ten years ago the world awoke to a new reality. Commercial airliners were transformed into weapons of mass destruction. Aviation security—actually national security—took on a whole new dimension within the industry and for governments.
A massive security apparatus was erected touching virtually every aspect of air transport operations. Since then airlines and governments have spent a cumulative total of more than $100 billion. And the annual cost for airlines is now some $7.4 billion.
Our efforts have been mostly successful. But there have been some tragic events. And some of our successes have been close calls. These remind us that security is a constant challenge and we must work hard to stay ahead of evolving threats.
Over the last decade, security has developed from incident to incident. Often governments responded with the knee-jerk introduction of measures impacting airline operations, and the convenience and privacy of our customers. Banned item lists were frequently added to….and less frequently reviewed. And layer upon layer of new measures were squeezed into an already intrusive process. For many, security evolved to become the point of greatest dissatisfaction in the air travel experience.
Some argue that the results of the past decade validate this approach. But that is a myopic view.
- A reactive approach does nothing to prepare us for the next threat. And the blanket approach—with no differentiation based on risk—is wasteful and unsustainable.
- We devote too many of our limited security resources on the 99.999% of passengers who are perfectly legitimate and want nothing more than to get to their destination.
- And finally, they may create a false sense of confidence in our ability to regulate threats away by banning an item, forcing travelers through yet another hoop.
With a decade of experience in the post-9.11 world, it is time to look at what we have created. And I am convinced that there is a better way. In fact, one of my top priorities as IATA’s Director General and CEO is to find ways to make the industry more secure for passengers and cargo. And I want to do this while enhancing the satisfaction of travelers and shippers. I know this is a mission that IATA’s over 230 member airlines are fully behind.
That does not mean starting from scratch. There is a lot that we do right. And there is a lot that could be improved. I have shared with you my thoughts on the current system and what I believe are its weaknesses. I trust that you will receive these comments in the spirit of an open dialogue. There is no malice intended to any of the stakeholders with the responsibility to keep aviation secure. We are in this together. Airlines, airports, national security and intelligence services, manufacturers of security products share a common responsibility. For the billions that we spend, our customers—travelers and shippers—expect top class security and first class customer service.
Checkpoint of the Future
Let me start by addressing how we treat our passengers at airports.
The current airport checkpoint was developed in the 1970s to prevent hijackers from bringing metal weapons onto aircraft. Processes have been enhanced and technology grafted onto this basic concept. But it is what it is—an ageing platform that is poorly suited to protect us from the evolving threats of the new century.
It is 40 years old, but it has not become any more intelligent because we are not using the passenger data that is being collected to assess risk. Passengers are processed through the checkpoint with a one-size-fits-all screening. And their experience is often unpleasant, intrusive, inefficient and time consuming. For the billions that we spend, we could do a lot better.
IATA has set out a vision for a Checkpoint of the Future. If you missed the conceptual mock-up at our Annual General Meeting in Singapore, it is displayed in front of this congress center.
What do we want to change? First, we want technology that will allow passengers to get from curb to their aircraft seat in a seamless hassle-free process. And second, we want to change the one-size-fits-all approach to one that is risk-based. And of course the net result of this has to be an industry that is more secure.
Here is how it works.
Step one is risk assessment. Passengers approaching the checkpoint will identify themselves with information scanned from their passport or air ticket. A risk assessment will already have been conducted.
Before we go any further, let me be clear that this is not profiling based on religion or ethnicity. And we are not advocating the violation of anybody’s privacy rights. By risk assessment we are talking about making an informed automated decision using information that is already collected on passengers in their passenger name record (PNR) or in the advance passenger information (API) process. This is data that is being used at the end of their journey by customs and immigration officials. All that we are saying is let’s use this same data before they step onto the plane.
Additionally…and on a voluntary basis, passengers could add to this data through registering with governments in a trusted travel program. Interpol is working with governments on some common standards for background checks.
Passengers would then be directed towards one of three security lanes based on the result of the risk assessment.
Step two is biometric identity verification. This would be based on the International Civil Aviation Organization (ICAO) agreed upon methodologies such as fingerprints, facial dimensions or iris scans.
Step three is the actual check.
‘Known travelers’, those who have registered with trusted travel programs, will normally go for expedited security checks. I say normally because there will need to be a random element in the assessment to ensure that nobody can cheat the system.
‘Normal’ passengers, about whom governments have sufficient data, will be sent through a standard security lane.
And those passengers about whom little information exists or who are on a government watch list will go for ‘Enhanced security’ for a more thorough check.
What is revolutionary about this process is that we want travelers to pass through the checkpoints without stopping, removing clothes, separating liquids, unpacking carry-on luggage, taking out their laptops etc.
Security checks will be differentiated based on risk level. But let me be very clear that everybody will be screened to a base level. And nobody will get a free pass or inferior screening.
Where are we now?
I am strongly committed to turning the Checkpoint of the Future into reality.
There are two issues…government support for the concept and the availability of the technology. Both are showing promise.
Among governments, we all recognize that the US has driven much of the security agenda in the post-9.11 period and I am very pleased with the approach taken by the Department of Homeland Security under Secretary Janet Napolitano, with its emphasis on engaging with the industry and working on solutions with the international community. She and Transportation Security Administrator John Pistole have indicated alignment with the principles of the Checkpoint of the Future, with calls for a risk-based system. In fact, the Transportation Security Administration (TSA) is now trialing trusted traveler programs at selected US airports.
Internationally, the concept is also resonating with the security community. The Checkpoint of the Future is on the radar screen of the ICAO Security Working Group. And IATA has put together a statement of principles that has been endorsed by Interpol and a growing number of states—including Costa Rica, El Salvador, Nigeria, Guyana and Sri Lanka.
One of our biggest opportunities is in Canada. Transport Canada and the Canadian Air Transport Security Agency (CATSA) are developing a strategy for differentiating passengers based on data-driven risk assessments and working to further mutual recognition of border security programs. CATSA also is expanding the use of the Trusted Traveler Screening Line for pre-approved travelers who hold a valid NEXUS card.
On this side of the Atlantic, the European Commission is emerging as a leader with a strategic objective to develop future checkpoint concepts that builds on their long-held advocacy of new screening technologies.
The vision to get from curb to the aircraft seat in a seamless process has two elements—passenger processing and security. On the passenger processing side, we are pretty much there with the IATA Fast Travel program that has introduced self-service elements for processes including check-in, baggage tagging and boarding.
On the security side, fully achieving the “Tunnels of Technology” that would allow passengers to walk uninterrupted through checkpoints could take up to seven years.
In the interim there is no need to sit back and wait—either for the technology to mature or for the world to achieve consensus. We have a plan for an intermediate stage leveraging today’s technology and investment in our existing checkpoints.
And finally, we must all keep in mind that we are a growing industry. In 2001, 1.8 billion people traveled. This year we expect 2.8 billion. In 2015 the challenge will be to accommodate 3.5 billion passengers. If we are still using the same processes by then, passenger dissatisfaction could start with security queues outside the airport doors.
But I am optimistic. We have a plan. And key governments are showing openness to looking for solutions together with industry. Today we have the presence of TSA Administrator Pistole and EC Director for Air Transport Matthew Baldwin here as great examples of this. We must seize the opportunity to build an airport Checkpoint of the Future that will keep our passengers both secure and smiling.
Unfortunately, there is no Checkpoint of the Future for air cargo…and we should not be looking for one. The experts tell us that the airport is not the proper place to screen all cargo—there is neither the physical space nor the time. A better answer is to secure the entire supply chain rather than concentrating our effort at the midpoint.
But that is not to say that cargo security does not face a considerable challenge. The printer cartridge bomb plot that was unfolding as this conference met last year was a watershed event for air cargo. Regulators around the world see it as having parallel significance to 9.11’s impact on passenger security. As such, it has and will continue to lead to vast changes in how air cargo is transported.
- We are already facing ad hoc bans on what can be carried in aircraft bellies and main decks, mirroring what happened on the passenger side.
- We are seeing a breakdown in harmonization.
- Some states are bypassing the ICAO initiative to develop definitions of high risk cargo in favor of creating their own.
- Others are requiring every airline to certify every station they serve, which means that multiple airlines are certifying the same locations.
We have two major challenges: (1) fending off calls for 100% screening at the airport and (2) avoiding the isolation of some states with so-called “Red Lists.”
On the first, our response must go beyond our knowledge that 100% screening at the airports will not work. We must engage governments proactively to show that “We understand the concern and we have solutions.”
The future of air cargo security is a multi-layered approach involving the whole supply chain and including both advanced electronic information and physical screening. ICAO is aligned with this vision and we are working closely together. An example of progress is the e-cargo security declaration which offers states data on who is shipping what and where so that they can conduct a risk assessment. Importantly, it is in a harmonized format that will make for an efficient process.
In parallel, we disagree with the development of Red Lists. Requiring these countries to overcome extreme hurdles to participate in global commerce is the wrong approach. Why? Because it will further isolate those states most in need of our support, and for which air cargo offers a path towards economic prosperity.
The solution is to get the infrastructure and processes in place that can facilitate supply chain security upstream. IATA Secure Freight is one initiative underway to help countries incorporate industry know-how and best practices so that they don’t have to start with a blank sheet of paper.
We must make our case convincingly in both of these areas. If not, we risk a repeat of what happened on the passenger side following 9.11, when the airline industry was saddled with a slew of unfunded mandates and security directives having little in common with how our businesses actually operate.
Harmonizing Security Regimes
One principle that encompasses both passenger and cargo security is harmonization among governments. ICAO and the World Customs Organization have recognized standards for advance data. But individual countries ignore these…and create their own requirements for data and the way in which they require it to be delivered.
The problem is growing. A decade ago only a handful of countries required API. Today the list is over 50 and growing. These are not all harmonized with their neighboring countries. And often they are not harmonized even among agencies within the same government. Mexico and China are two examples. Different agencies within these governments require airlines to provide data. And they require that data to be delivered in unique formats that is a costly nightmare for airlines to manage. We must find a better way.
There are other anomalies as well. To further illustrate the point, Fiji and Turks & Caicos require paper copies of passenger manifests. And the EU court decision could unravel the US EU agreement on PNR data reached four years ago.
The impact of governments failing to think in terms of a global system can also be felt directly by the passenger. Earlier this year, the EU was planning to lift the ban on liquids and gels at checkpoints on an airport-by-airport basis. Not all states agreed and at the last minute the decision was made to postpone the step. Had that not occurred, passenger confusion would surely have led to chaos.
I am not here to complain, but to encourage a constructive dialogue. In this case my message to regulators is to understand that air transport is a global system. Security for air transport must be conceived and implemented in the same global framework. Governments have achieved this with safety, aircraft certification standards, air traffic management and maintenance. The future for effective security must also be based on mutual recognition and reciprocity.
Complacency is a temptation
My last message concerns complacency. I mentioned earlier that we must not make the mistake of believing that technology can be a substitute for vigilance as we strive to keep air travel secure against terrorism.
Technology solutions have a vital role to play as do regulations developed in consultation with industry. But there is a danger of over-reliance on both. This can breed complacency. And complacency is the enemy of safety and security—in the air and on the ground.
Let me illustrate my concerns.
Shortly after 9.11 we reinforced cockpit doors to prevent unlawful entry. And procedures were developed for their secure operation in flight. Now some are calling for secondary barriers—another door—to be added. Why? Because there is a risk that flight crews may leave reinforced cockpit doors open too long.
We cannot legislate, regulate or build away our responsibilities to remain alert and on guard. In my view, if crew are not following the rules or established procedures, the solution should be to insist that they do....not adding another costly layer of hardware or technology. And if we are to have an industry debate on the need for secondary barriers it must be based on sound scientific research, not emotion or knee-jerk reactions to concerns over lapses in vigilance.
Vigilance also applies to cyber-security. We know, for example, that ensuring the integrity of the Global Positioning System is fundamental to transitioning to the NextGen and SESAR air traffic management systems. It is vital that system providers in the US and EU do not lose sight of this requirement as they continue to build the supporting infrastructure for things like Automatic Dependent Surveillance – Broadcast (ADS-B).
We have to assume that bad people will also be poking and prodding and looking for vulnerabilities to exploit. Likewise, we must pay attention to cyber-security in highly automated cockpit systems and things such as Electronic Flight Bags. This does not mean that there are any weaknesses. But it would be foolish to assume that the bad guys will give up trying or that we will face the same kind of threats in the next 10 years that we have faced in the past decade.
Lastly, I do need to comment on cost. Along with working together with governments in partnership to improve security for cargo and passengers, to harmonize measures across borders and to fend off future threats, we need to find a better way forward on the $7.4 billion annual security cost to airlines. The threats that we face concern national security. And, as with any other national security issue, the cost should be borne by national governments. And we will continue to take that up with governments around the world.
But I recognize that the focus for today is more on getting the job done, than discussing who will pay for it.
So in conclusion, I would like to refer to the beginning of my remarks when I noted that our successes have been far more numerous than our failures. I need hardly remind any of you how different and grim the aviation world looked 10 years ago. In the immediate aftermath of 9.11, we knew that we had to find solutions to prevent the repeat of such a horrible tragedy. The decade that followed was not perfect. But we have managed to avoid a tragedy of similar scale with hard work, perseverance and yes, even some good fortune.
The security challenge is not going away any time soon. Threats are constantly evolving, so finding a perfect system or a risk-free solution is not a realistic possibility. Protecting and constantly improving security has two dimensions.
The first is taking appropriate action on what we know we must do as a result of our past experiences:
•Modernizing the airport experience with the Checkpoint of the Future
•Implementing a multi-layered approach to cargo security that includes the supply chain and physical screening
•And harmonizing across borders so that a global system functions efficiently
The second is constant vigilance to protect against dynamic threats.
And of course we must work as a team—governments and industry—with an open and transparent dialogue focused on constant improvement and keeping in mind the experience that we are creating for the users of the system—2.8 billion passengers and those who ship 46 million tonnes of cargo.
Air transport is a wonderful thing. This industry is an instrument of peace that brings people together, creates greater understanding among cultures, facilitates commerce and creates wealth—both material and of the human spirit. We are collectively responsible to see that it continues to do so securely.