Skip to main content

Test Home
You & IATA


You are here: Home » Publications » Airlines International » October 2013 » Risk-based security
  • Print this page
  • Share this page

Behind the Scenes

The mechanics of a risk-based security framework will allow the system to adjust to different threat levels and reduce the need for emergency amendments

During the summer months, the United States was on heightened alert against possible terror attacks. As is typical, the security regulator, in this case, the Transportation Security Administration (TSA), responded with an emergency order that added an additional layer to the already stringent checkpoint protocols at airports. The airports and airlines operating under these conditions coped quite well—in part because greater industry consultation has convinced the TSA not to over-egg the pudding. David Ryder, Head of Aviation Security at ACI Europe says the extra security measures only had a “small impact on some European airports.”

But while emergency orders have been useful tools for security regulators around the world, their use also highlights the need to implement a system that can cope with different threat levels without resorting to the potential—and oftentimes real—disruption caused by emergency amendments. The fact is that however well emergency orders perform, every additional check has the potential to create bottlenecks in the process that slow throughput and add cost. Extra contract employees could be required to implement these additional layers, for example, as normal staffing levels wouldn’t be enough.

“The TSA is committed to industry consultation and that’s great,” says Ken Dunlap, IATA’s Director, Security. “Both the TSA and the industry are focused on the outcome of the security process and it makes sense to align on the processes behind that goal too. “We need to work toward a point where emergency orders are rarely necessary,” he adds. “And if they do need to be issued they should be very specific and not broad strokes which have characterized too much of the post 9/11 security paradigm.”

Reducing ad hoc rulings

When it comes to issuing emergency orders, the main problem faced by TSA and other regulators is the same one that has blighted the industry for some time. A “one-size-fits-all” approach dominates. “If a major change, like liquids in 2006, were to occur again it would cause major disruption,” notes Ryder.

Moving away from this mentality to a risk-based approach should provide a framework that will handle extreme circumstances and reduce additional ad hoc rulings to a minimum.
The Checkpoint of the Future concept, which is based on the idea of risk-based security, offers great flexibility,” says Dunlap. “It can be scaled up or down according to need. And that means it will accommodate different levels of security alert without having to interrupt the normal procedures.” Andrew Goldsmith, Vice President Global Marketing at Rapiscan Systems concurs. “A risk-based approach implies that systems need to be flexible and integrated with other security systems so that a comprehensive assessment of risk can be made,” he says. “This is why Rapiscan, for example, is focused on developing data networking capabilities that allow regulators and inspectors to combine data from our inspection systems with other data that may be useful to security via a modular data architecture.”

Indeed, Dunlap stresses the game-changer in risk-based security is passenger data. Knowing the individual rather than searching everybody for objects provides a far more robust framework even during heightened security levels. Governments are collecting passenger data in a more ordered way these days thanks to industry consultation and that data is increasingly being shared.  “Think of how most border control agencies work right now,” says Dunlap. “They know who it is they are looking for. It is not as crude as, say, stopping everybody with a green suitcase. It is far more targeted.”

Integrating data into the security checkpoint makes the checkpoint infinitely more secure in an emergency situation, because so much of the fine-tuning is built into the process. Being very specific about the target renders additional emergency orders obsolete to a large extent. It means extra staff will rarely be required and in all circumstances, the majority of passengers will go about their journey without interruption. In other words, risk-based security will operate at an optimal level in all circumstances as resources are allocated to where they are needed most. If the threat level changes, then the process behind the checkpoint adapts automatically.

For passengers, however, the checkpoint will always be a predictable experience. It is only behind the scenes—where the security agencies have a number of elements on which to call—that the process will be randomized.

Old and young benefit

Many countries around the world have endorsed the new paradigm. The TSA has already begun moving down the risk-based security path. It has modified requirements for children aged 12 or under and for passengers aged 75 or over. The former can be screened multiple times before resorting to pat-downs to resolve issues while the latter can now keep shoes and belts on. The TSA claims this has made a difference at some 450 airports, increasing throughput without affecting security levels.

The TSA pre-check program takes this concept to another level. “In addition to shoes, belts and light jackets, TSA pre-check eligible passengers are screened in dedicated lanes and are not required to remove their laptops or their 3-1-1 compliant liquids from their carry-on bags,” noted John Pistole, TSA Administrator, in a recent speech. “Currently, TSA pre-check is available to passengers at 40 airports and with the recent addition of Hawaiian Airlines and Virgin America there are seven airlines offering the expedited screening benefits of TSA pre-check to their passengers. In terms of volume, as of 1 August, more than 13 million passengers have experienced TSA pre-check screening.”

This doesn’t mean that risk-based security is here, however, and as the recent emergency order shows, there is still some way to go before the “one-size-fits-all” approach is banished from the mindset of regulators. “We are all working toward the same goals of improved security, improved throughput, and an improved passenger experience,” concludes Dunlap. “That means we have to move away from the existing unwieldy model that just looks for bad objects and doesn’t differentiate between passengers at all to one that is based on risk and that allocates resources to where they are needed. That is what the checkpoint of the future will achieve.

“Any emergency order should then follow this lead and cut to the chase rather than be framed by the unwieldy model,” he adds. “That will not only enhance the robustness of the aviation security procedure but also put an end to long security queues caused by a heightened security status.”


Additional information

© International Air Transport Association (IATA) 2014. All rights reserved.