Ladies and gentlemen, it’s a pleasure to be here with you today to address aviation security – a topic that is of critical importance for our industry.
In fact, we face an immense challenge.
People need and want to travel by air. Aviation is the business of freedom. It enables people and business to connect globally. Flying helps them to discover the planet, build new markets, stay in touch with friends or family, and create opportunities for better understanding. In doing this, we help to make the world a smaller place, to integrate economies and to grow prosperity.
The fundamental good that aviation as the business of freedom brings to the world, however, makes it a potential target for terrorists.
UN Security Council Resolution 2309 makes it clear that governments have the primary responsibility for aviation security. While governments must take the lead, the industry is fully committed to a partnership relationship that keeps our passengers, crew and cargo secure. And we can be proud of what we have achieved together.
Flying is secure. Keeping it that way is not an easy task. Threats are evolving. The geo-political landscape is complex. Technology is rapidly changing. And the volumes of both cargo and travelers keeps growing. But I am confident. Staying a step ahead of those with an agenda of evil has brought us together. Exchanging experiences, testing ideas among peers and building the relationships to support collaboration are the bedrock of our continued success.
What should we focus on? I see four areas:
1. 100% universal implementation of global security standards
2. Effective information-sharing among governments and with the industry
3. Sustainable risk-based security measures, and
4. Emerging risks
These are familiar themes. In fact, it is pretty much the same list that we have been discussing for the last several years. I’ll take this opportunity to highlight progress and remaining challenges in each, starting with global standards.
Global Standards
It’s been 45 years since Annex 17 was added to the Chicago Convention. This sets the standards and recommended practices for security that states have the responsibility to implement. But implementation of these standards is far from universal. To address this, the Global Aviation Security Plan (GASeP) was launched two years ago by the International Civil Aviation Organization (ICAO). It provides governments with a standard framework to align their national aviation security efforts.
Sill, far too many states are struggling to implement the Annex 17 baseline requirements. This is not acceptable. That is why we are supporting a resolution at this year’s ICAO Assembly that will underscore the fundamental responsibility of states to meet global standards in their national aviation security programs.
We must also pragmatically recognize that not all states have the same resources. In line with the ICAO theme of No Country Left Behind, the theme of this conference is No Vulnerability Left Behind. We are a global industry. A weakness anywhere in the system affects everyone. We all have an interest in building capacity. What airlines can do in this area is limited. There is an urgent need for developed countries to provide more comprehensive assistance to developing countries to ensure the baseline security measures are met. And innovation is key. IATA and ICAO are committed to facilitating this effort, jointly hosting an innovation workshop during this conference.
Information Sharing
Along with putting efforts into capacity building, the challenge of effective information-sharing persists. This is particularly true among governments where the tradition of secrecy on security matters has deep roots.
There is no room for silos when states are in possession of intelligence that may protect lives. That was demonstrated clearly when 298 people lost their lives in the MH17 tragedy. There has been some improvement. But many airlines still need to rely on commercially-sourced intelligence. Governments have resources and access to intelligence that the private sector can never hope to match.
Threats will continue to evolve and become ever more complex. Those wishing to do us harm have no state allegiance; they cross borders to share information and collaborate to refine their methods of causing chaos and destruction. The focus of governments must be on protecting people. And that cannot be done with insular thinking.
The information-sharing standard in Annex 17 is a step in the right direction. But it falls short of the true multi-lateral information provision of risk information that is needed.
We have an opportunity this year at the 40th ICAO Assembly to emphasize the vital importance of bringing government and industry together for the sharing of threats, vulnerabilities and risk information.
In parallel, IATA is working with ICAO and supporting states in developing an online security application that facilitates the exchange of critical security occurrence data. This is similar to the way that our safety colleagues work with data to do predictive risk analysis. This tool will provide early detection of changes to security environments in different parts of the world, so we can effectively deal with emerging threats and the impacts of changes to security procedures.
The plan is to make it available to all IATA members and IATA Operational Safety Audit (IOSA) registered carriers later this year. We are optimistic that the creation of this platform will enhance collaborative relationships with governments on threat and vulnerability information that will help all aviation stakeholders – public or private – to prevent, detect and respond to threats in a more timely and effective manner.
Lastly, I will emphasize the importance of developing strategic relationships. We all remember how we were all caught on the back foot in 2017 when the US and the UK introduced portable electronic device (PED) restrictions on some flights originating in the Middle East. Governments were neither talking to each other or to the industry. Passengers were confused and airlines struggled to comply.
Two things emerged from that which are positive. First, we deepened our partnership on security with both the US Department of Homeland Security (DHS) and US Transportation Security Administration (TSA). And second, doing so helped us move towards alternative measures that have improved security globally.
Yesterday we were honored that David Pekoske, the Administrator of TSA, used this platform to call for even greater cooperation among governments and the industry. We fully support his message and stand ready to support it.
Sustainable risk-based solutions
What we learn and share needs to be actioned. In the years since 9.11 investment in aviation security has grown exponentially. There is no doubt that this has made our industry more secure. But the efficiency of the system needs to be constantly challenged. For example:
- Does it make sense that our most trusted employees and people with high-level security clearances are screened in the same way as our least known passengers?
- Will airports have sufficient space to accommodate the growing security footprint?
- Can “registered traveler” information be shared so that travelers are recognized both at home and when traveling abroad?
- Why are passengers, in large numbers, still seeing security as a pain point in their journey?
- And how are we going to cope with the growing numbers of travelers—actually doubling in the next 20 years?
Each of these questions could justify a whole speech in itself. But the common theme that would emerge is the need to pursue risk-based security concepts that focus resources where the need is greatest.
One area where we are making progress is the implementation of the ICAO model of One Stop Security. Europe has agreements in place for One Stop Security enabling travelers originating in the US or Canada to avoid a redundant check when making a transfer at European airports that have elected to take advantage of this.
Technology is making the case for One Stop Security even more compelling. Gloria Guevara, CEO of the World Travel and Tourism Council, will elaborate on work that we are doing together using advancements in decentralized digital identity platforms via biometrics and blockchain technologies. We have a great opportunity to make security more efficient and travel more convenient.
Taking a risk-based approach can also help us solve two other issues:
- It could unlock the solution for securely vetting the millions of airport and airline staff who have access to aircraft. The perfect vetting system has yet to be invented. So intelligence analysis—from governments—is our most potent tool to identify threats especially from radicalization.
- Risk-based measures can also help us avoid the extra-territorial imposition of security measures. All too often in the absence of a risk-based approach airlines are left to shoulder the lion’s share of the responsibility. And we continue to fill some gaps in intergovernmental-coordination. For example, some airlines are still screening for items consisting of powder in place of governments. This is not sustainable in the long-term.
Adapting to new security threats
Lastly, the security challenges that we face are constantly evolving.
That includes areas like explosive detection where the threat has long been identified but the means of concealment are changing rapidly. The most recent alerts are as diverse as tablets and meat grinders. So we need to keep a constant watch for what is next.
We had a “wake-up call” of sorts with the Gatwick drone incident in December that disrupted holiday travel for thousands. We look forward to accelerating the cooperation between the industry, drone manufacturers and governments to reduce the risks of rogue drone operations, or worse, terrorism-related occurrences.
Today I would like to focus on the emerging threat of cybersecurity. The digital transformation of the airline industry holds immense promise. It is on everybody’s business plan. In moving forward with digital transformation, however, we must ensure that our aviation systems remain safe, secure and resilient to cyber-attack. We cannot afford to learn through failure if we are to maintain the hard-won trust in our industry.
Much like our physical risk, we can only reduce our cybersecurity risk if we understand our threats, actively look for our vulnerabilities and then work together to fix them. Constructive dialogue and timely information-sharing among industry, technology providers and governments will be critical if we are to achieve this. And that needs to be followed up with appropriate action.
IATA--working with airlines, industry stakeholders and other sectors—will deliver a strategy early next year that will be a step-change in how we as a sector address the cybersecurity challenge. The amount of work to be done is immense. For example, of the 12,000 ICAO standards and recommended practices, only one deals directly with cybersecurity.
Recent changes in IATA’s governance structure will support us in taking up this challenge. As of June, we have specific advisory councils focused on security and digital transformation. These will help us to deliver a coordinated, proactive global approach to reduce aviation cybersecurity risk and to further improve our work on security. Both are crucial to the continued success of our industry.
Conclusion
Aviation has come a long way since the first AVSEC World was held in 1991. At that time airlines transported 1.13 billion people annually. This year 4.6 billion people will travel by air.
Aviation has fueled globalization—which has lifted over a billion lives from poverty over this same period. There is no doubt that the growing accessibility of air travel has made our world more prosperous—both materially and in terms of the human spirit.
Expectations continue to grow. With the number of travelers expected to reach 8.2 billion in 2037, aviation will become even more critical. As leaders responsible for the security of our industry we have an important role to play in making that happen. Global standards, information-sharing, risk-based analysis and a careful watch on emerging threats are the tools that will help us deliver—keeping aviation the business of freedom secure for decades to come.
Thank you