Good morning ladies and gentlemen.
It is a pleasure to be in Dublin—a brilliant city in a country where a great aviation history has laid the foundations for air transport to play a critical role in its modern economy.
IATA feels at home here. A few years ago we held the World Passenger Symposium in this very conference center. And in just over eight months the top leaders of the airline industry will gather in Dublin for IATA’s Annual General Meeting and World Air Transport Summit.
It will be the conclusion to a year that marks IATA’s 70th Anniversary—a year in which we are focusing on the value that has been created through association. Indeed the tag line for our anniversary celebration is “Flying Better. Together”. While that was created with reference to our members, the reality of our industry is that flying itself is a team effort. Airlines are at the core—transporting passengers and cargo—but the team needs efficient airports, safe aircraft, solid IT providers, effective distribution partners and so on. And, of course, governments play a vital role as well.
Aviation security is no exception to the principle of partnerships. I am very pleased that this year AVSEC World is a combined effort with Airports Council International (ACI) and the International Civil Aviation Organization (ICAO).
We have long said that safety is our number one priority. And as an industry we can be proud that there is no safer form of long-distance transport. We perform to the highest standards while providing global mobility for people and goods on an enormous scale. This year airlines will move 3.5 billion passengers and over 50 million tonnes of cargo. Doing that safely means not only getting from A to B without technical incident, it also means keeping the network secure from those who would do it harm.
We live in an increasingly complex world where the threat of terrorism is a fact. No part of the globe is immune. And no industry is immune. That includes aviation. It is why we are here today.
In line with our technical achievements on safety, air transport has a solid record on keeping its passengers and cargo secure since the tragedy of 9.11. But it is a record that we must maintain each and every day through vigilance and forward thinking to keep aviation at least a step ahead of those who would do us and our passengers harm.
There is one other imperative. The systems that keep flying secure must also facilitate the timely and efficient movement of cargo that fuels the economy and of people for whom global mobility is essential. On this point—particularly with respect to people—our track record is less enviable. We have come a long way since the dark days that followed 9.11. There is no denying that. But still, our customers—the billions of people who fly with no ill intention—continue to tell us that security is the biggest pain point in their journey.
The good news is that we are all here to make the system better. And over the next days we will have the opportunity to sit as partners to share successes, understand better the threats and strengthen the cradle of security in which our industry operates. As we move forward we need to align our work so that we make tangible the progress that our customers expect.
In our efforts and work programs we must recognize that security is vital for our industry but is ultimately a government responsibility. Much of what we do to keep our passengers, crew and operations secure is guided by governments through regulation and information that cannot be obtained from other sources. Governments have infinitely more resources than airlines do. We rely on governments as partners to provide the guidance and information to help manage risks and keep our passengers, crew and cargo secure. The industry is eager to engage with governments to share the operational requirements that are critical to the successful implementation of security measures.
Our agenda here is ambitious, reflecting the important work that the people in this room are doing. There’s strong representation from IATA and our member airlines. I will use this opportunity to highlight four areas where progress is urgently needed:
- Conflict Zones
- API/PNR
- Airport Security
- And cyber security
Allow me to address these in order.
Conflict Zones
Just over 15 months ago the world was shocked at the downing of a commercial airliner over Ukraine. Earlier this month the Dutch Safety Board investigating the tragedy confirmed in great detail that the aircraft was brought down by a ground-to-air missile. They also confirmed that this happened while MH17 was operating in airspace that was open to commercial aviation. In the months preceding the tragedy no state explicitly warned of any risks to civil aviation. And no states prohibited their airlines from using the airspace or imposed other restrictions.
There is global outrage that innocent lives have been lost in this way. Nobody should be targeting civil aircraft.
The Dutch Safety Board made many recommendations. Their aim is to avoid a repeat tragedy. It is our duty to work through the recommendations as an industry. With our government counterparts we will vet them against our expertise; and assess them for relevance for purpose and implementation feasibility. As with the learning process after any accident report, some recommendations will be accepted, others modified and some may be rejected or superseded by more effective measures.
But there is nothing in the report that would cause the airline industry to adjust its two essential demands.
The first is that governments must provide authoritative, accurate, consistent and unequivocal information about security threats in order for airlines to manage the risks of flight operations effectively. This is a government responsibility.
Already ICAO has made progress by establishing the Conflict Zone Information Repository. It’s a good start. But its success will rely on states populating it with useful information.
Second, the MH17 tragedy brought into sharp focus some serious gaps in the legal obligations of states—principally as set forth in the Chicago Convention. We asked that a diplomatic conference be convened to remedy these acknowledged deficiencies. The Dutch Safety Board’s report included a similar recommendation. We know it will take time. That’s why the international community, ideally led by ICAO, needs to act now and be persistent in its efforts.
API/PNR
Along with keeping our aircraft secure in flight, we must keep terrorists from getting on board. To this end, the role that governments play in analyzing information collected through Advance Passenger Information (API) and Passenger Name Records (PNR) is critical. And the situation with the movement of foreign terrorist fighters from the Syrian conflict gives this issue particular urgency and relevance.
While no airline will argue against the role that API/PNR data could play in keeping flying secure, many have doubts that the system as currently practiced is delivering the best possible intelligence. And for all of the information that we are providing governments, there has not been a commensurate improvement in the passenger experience.
There is a global standard for API agreed by states through ICAO and the World Customs Organization. It consists of a specific set of data elements together with a standardized method for their transfer from airlines to governments. There are also ICAO guidelines on PNR data. The problem is that states regularly ignore global standards and recommended practices for both API and PNR—despite having developed and agreed them.
With respect to API, airlines face a major challenge when states demand extra data elements which are not supported by the standard messages. Some governments even require specific delivery methods which cannot be supported by airlines’ IT protocols.
For PNR, similar problems are further complicated by the need to comply with data privacy regulations which are not standardized among states. There are occasions when airlines are put in the untenable position of having to violate one set of laws in order to comply with another.
Let me provide a real time illustration of how impossibly complicated this can get. An EU directive on PNR is imminent. But, instead of a single coordinated European approach with information shared across the EU member states, we face up to 28 unique regimes. Each European state is deciding the scope of data to be collected and the method for transfer.
One is left with a plethora of questions.
- Where is the EU-wide common approach?
- Why don’t governments share the information?
- Why should airlines bear the costs of designing delivery methods for individual states when it is a European initiative?
- Why are there no equivalent measures for train, bus or sea transport? This is a particular concern as air transport accounts for only 8% of intra-EU travel which is also being considered for inclusion. And,
- How could such masses of non-standardized data possibly be analyzed with any degree of efficacy?
I don’t question the authority of states to require such information. But this uncoordinated approach is leading to what looks like an expensive, onerous and likely wasteful effort.
What should the approach be? If we take the “Smarter Regulation” principles that IATA has been promoting it would start with a dialogue that lays out what the government wants to achieve, fully respecting global standards where they exist. And then we would work backwards in partnership to identify the most efficient way to accomplish the stated objective.
This view is aligned with the EU’s Better Regulation initiative which aims to design “EU policies and laws so that they achieve their objectives at minimum cost. It ensures that policy is prepared, implemented and reviewed in an open, transparent manner, informed by the best available evidence and backed up by involving stakeholders.” In this case the industry has been thoroughly consulted at the EU level, but its member states are determined to work independently—at all costs.
And some further thoughts on this topic—actually a few more questions.
- Whether providing API or PNR data to states, are we certain that this critical information is being used as effectively as possible to streamline processes for legitimate travelers and to identify those persons of interest who may pose a security threat?
- Are states making the best use of global intelligence information, such as that provided by INTERPOL, as part of their vetting processes?
- Do those vetting processes deliver the level of security assurances that we should all expect? And, finally,
- Are airlines and the passengers they carry receiving value in exchange for providing API data to various governments in the form of faster clearance processes and shorter arrival hall queues—that better passenger experience I referred to earlier?
To move forward, these questions must be addressed. And the only way to do that is in a working partnership of governments and industry. Together we must identify common goals and objectives that strengthen our security environment and that also provide better and more efficient border clearance services to the travelling public.
It’s a big goal, but the message is simple. We all want the same outcome. Let’s work together!
Smart Security
That message carries through to how we should arrive at much-needed improvements in the airport screening process. When I joined IATA in 2011 we had a grand vision—the Checkpoint of the Future. Airport checks would be as easy as walking through a doorway—no stopping, disrobing or unpacking. It was a utopian vision that was meant to challenge how we do things. After careful consideration including a review of available technology, the focus became much more pragmatic. In the re-named Smart Security initiative we are working in partnership with ACI with a common and clear vision to improve effectiveness and convenience—but with a more immediately actionable agenda and concrete programs ready for adoption.
I would be not telling the truth if I said that I am satisfied with the pace of uptake among governments. I am among the majority of travelers for whom the security process at most airports is drudgery. Too often I see wasteful processes, encounter so-called “service” with anything but a customer focus and have to maneuver physical layouts for security that take little consideration of the situation of the travelers it is meant to protect. And it is not harmonized---how can you explain to a traveler why, for their own protection, in the US it is shoes-off and iPads-in, while in Europe it is the opposite?
I cannot help but be disappointed every time I see energy and resources wasted to separate a water bottle from an obviously harmless passenger. Of course prohibited items should not be allowed on board aircraft. And there is good reason why we limit the amount of liquids and gels. But can we take long-term comfort from a system that expertly detects half-empty rogue-sized toothpaste tubes? Are they really the threat?
The objective of Smart Security is to modernize the process to produce better operational efficiency and a better customer experience. It’s not rocket science. It can be achieved if airlines, airports and governments work together. The initial process innovations of Smart Security are tried, tested and ready for sharing and implementation. And with the newly developed Smart Security Opportunity Assessment there is no excuse for holding back.
There are some success stories. Amsterdam and Melbourne are among the first airports to redesign security processes with the Smart Security goals in mind. And as we are in Dublin, I should say that we are proud of our partnership with Dublin Airport and looking forward to accelerated Smart Security progress here.
Known-traveler programs are proliferating for border control. These can also be used for airport screening and are a key component of Smart Security. They allow for a concentration of security resources where risk is greater while low-risk passengers experience streamlined processing and shorter queues. The US is the pioneer. Unfortunately its success has not been copied by many others. With a three-year history and now accounting for one in five travelers at US airports, I encourage other governments to move in the same direction.
I should also take this opportunity to recognize the leadership of the US Transportation Security Administration (TSA). We are honored with the presence of Administrator Peter Neffenger. The industry looks forward to him building on the tradition of partnership that has been developed with the TSA over the years.
There is no time to lose in moving ahead on Smart Security and known traveler programs. Not because of my impatience, but because the challenge grows with every new traveler. This year we expect to transport 3.5 billion passengers. In much less than two decades that number will more than double. Business as usual is not an option.
Cybersecurity
I will conclude with a few comments on the emerging threat of cybersecurity.
Earlier I mentioned that aviation is a complex industry with many partners. When it comes to cybersecurity, complexity breeds vulnerability. We use IT solutions to design aircraft, sell tickets, process passengers, roster our crew, fuel our aircraft, manage flight operations, assign gates, guide air traffic, and even to entertain and connect our passengers in flight. And even this long list is only a very partial view.
Additionally, we have to keep sensitive personal data secure—on our passengers, crew, employees and business partners. Equally sensitive are our financial transactions in a world that is increasingly paperless. Then there are issues of theft—including intellectual property, personal identity or simple fraud scams.
The challenge of maintaining the security of systems grows relentlessly. Airlines individually are investing to stay ahead of those who would make them a target. At IATA, along with securing our own systems, we are developing an industry strategy with three major areas of activity:
- Working continuously to understand, define and assess the threats and risk of cyber-attack;
- Advocating for appropriate regulation, and
- Developing mechanisms for increased cooperation throughout the industry and with governments.
You will be familiar with the IATA Aviation Cybersecurity Toolkit which was updated in July this year. It is an invaluable resource for any business planning its cybersecurity countermeasures. But a toolkit or the efforts of any single entity will not be sufficient defense. Recognizing that, last December IATA, ICAO, ACI, the Civil Air Navigation Services Organization (CANSO) and the International Coordinating Committee of Aerospace Industries Associations (ICCAIA) agreed to cooperate on this issue. Our first task is the development of a Civil Aviation Cybersecurity Action Plan.
It’s a start, but the threat is evolving every day. And we will only stay ahead by combining forces. There is much more still to come on the cybersecurity issue. IT has tremendous potential to add even more value to our business. But every process that we automate, integrate or assist with technology invites a new vulnerability. So we must work together to ensure that progress is secure.
Part of the defense system has to be developing new ways of responding. New threats evolve in real time. Static, prescriptive regulation will not be effective. The priority must be on finding a way to work with governments in the same real time frame that cyber criminals operate in.
Our Board of Governors has asked IATA to do some blue sky thinking on cybersecurity. The findings of this conference and the hard work of the Security Group will help guide us in evolving a comprehensive strategy.
Conclusion
This conference has some heavy work ahead. I will follow the outcomes closely.
I am also aware that an opening speech on security threats can paint a gloomy picture that needs some balance. There is no denying that we face risks and must respond to them. But in doing so we can take inspiration from the undeniable truth that aviation is a force for good in our world.
Aviation generates prosperity. We create jobs. Some 58 million livelihoods worldwide are supported by our industry. Hundreds of millions more jobs depend on businesses for whom connectivity is essential to build products; and to access global markets, talent and ideas. At least $2.2 trillion in economic activity can be traced to aviation and it is the method of delivery for over a third of world trade.
Economic well-being is an important element in keeping peace and avoiding radicalization. Aviation spreads prosperity—economic and that of the human spirit. We help our planet to know and understand itself. This is done by connecting people and cultures in far flung places for study, exploration, business and simply continuing human relationships.
The security challenge is big. But the purpose of our industry is even bigger. There can be no greater motivation to keep flying secure than the people you see in any airport arrival hall. Bearing that in mind, I urge you to use the AVSEC World opportunity to collaborate, coordinate and communicate with a unique gathering of industry and government experts. And looking around at the people and organizations represented in this this room, I have every confidence in our success!