It is a pleasure to be in Kuala Lumpur to address security, a topic of critical importance—not just to our industry, but to the world.
As ICAO Secretary General Liu has highlighted, Aviation Security was the subject of a UN Security Council resolution last month. The airline industry was reassured that governments agree that “all states have a responsibility to protect the security of citizens and nationals of all nations against terrorist attacks on air services operating within their territory”. Sadly, that responsibility needed renewed emphasis in light of the fact that “terrorist groups are actively seeking ways to defeat or circumvent aviation security”.
This year two airports suffered terrorist attacks with many innocent lives lost. In February a plane escaped disaster when a bomb carried by a passenger exploded at low altitude. Traffic statistics show that a spate of terrorist attacks have rattled the confidence of travelers over the last months. Being here in Kuala Lumpur, we cannot forget the tragic loss of MH 17 which was caught in the crossfire of a conflict.
Still, flying is safe. And flying is secure. We know that. If we felt otherwise, we would not fly ourselves, or invite travelers into airports and embark them onto planes. Making flying ever safer and more secure is engrained in the DNA of all air transport stakeholders. That’s why we are gathered here to strengthen our defenses with integrated solutions in the face of evolving security threats.
Staying at least a step ahead of those with an agenda of evil is a challenge, the scale of which is massive. On average, each day, an air transport workforce of 8 million people supports 100,000 commercial flights that collectively carry over 10 million passengers.
The UN Security Council resolution is clear—security is a government responsibility. The industry depends on governments with their security and intelligence resources. But we are in this together. And we will be successful if we are guided by some common principles:
- First, a risk-based approach is needed to ensure that limited resources are applied where the risk is greatest. We fully support known traveler programs. In fact, we encourage governments to augment their impact by linking them.
- Second, security information must be shared effectively among governments and with industry. There may be sensitivities. But the potential to save innocent citizens must be the motivating factor.
- Third, global standards must be implemented in security systems globally. They are the means by which governments, airlines and airports work together. To be effective, they must be implemented—and that is not always the case.
- And finally, we have the principle of mutual recognition of standards along with capacity building to support it. The efficiency of one-stop security within Europe and with a few other locations is clear. And we would like to see the benefit spread more broadly.
While I am new to IATA, security was, of course, at the top of my priorities when I was at Air France-KLM. Instead of principles, however, our focus was on working with governments to address specific challenges, many of which are on the agenda of this conference.
The first is conflict zones. Civil aircraft should never be targets in a conflict. But we face a world where powerful weapons are in the hands of many non-state entities. Airlines rely on timely and accurate information from government intelligence sources to make the risk assessments that keep flying secure.
The ICAO conflict zone information repository was an initial step. But it is not the solution. We need to evolve to a system that can function on a continuing basis with free and fast flow of useful information.
And I should emphasize that information sharing is not just about conflict zones. If a government has any information about a risk to an airline’s operation, sharing it with the airline could save lives. There is a responsibility to get that information to the airline quickly and by effective means.
The second is landside security in airports. As we saw in Brussels and Istanbul, our passengers, staff, and meeters-and-greeters are exposed. We need a coordinated solution where local authorities use intelligence to keep terrorists far away from airports and secure the area from threats. And we, as industry, can help by moving people through landside processes more efficiently.
Of course, it would be naïve to think that the airside is risk-free. With eight million people employed in air transport, insider threat is a real challenge. The perfect vetting system has yet to be invented. So intelligence analysis—from governments—is our most potent tool to identify threats, especially from radicalization.
And then there is the wildcard of cyber security. No single company has the capability to beat the subculture of hackers, especially those who may be well-funded and backed by those with political agendas. Airline systems are secure, but they are not without risk. Even IATA gets about 500,000 suspicious web flows a year. And if one of those penetrates our systems there is potential for enormous damage. The challenge for airlines is far greater.
Nimble layers of protection—security culture—and advanced detection capabilities are needed. All of these must be powered by intelligence and information sharing. Cooperation with government and across the industry is essential.
For airlines there is a lot on the linen with cyber security. At the most serious level, lives could be at risk. But even a small success for the hackers could risk revenues and reputation for the airline—not to mention the challenge of mounting the resilience plan.
Airlines contribute to intelligence gathering through the collection and provision of API and PNR information. I include this activity as a challenge because of the complexity involved. Global standards exist for the collection and provision of this information. These are maintained by IATA and the World Customs Organization, and ICAO.
Despite the global standards for API and PNR, there are still far too many exceptions on what data is collected and how it is transmitted to governments. The complexity does not make us more secure. In fact, it could lead to risk. The situation is already difficult enough. And it could get much worse. There is already an impasse on PNR and European data privacy requirements which puts airlines in a difficult situation. Moreover, there is no overall international agreement spelling out obligations for handling the exchange of such information.
And, on behalf of our passengers, I ask, where is their benefit for the information that is provided in advance? If governments know who is coming to their border hours before they arrive, why haven’t facilitation times decreased?
Finally, as an airline CEO, you also share customer frustrations over airport security checkpoints. Processes have improved, but can still be inconvenient and even intrusive. As Angela Gittens, Director General of ACI has said, our partnership on Smart Security is helping. But we need to see much faster progress.
Speed is the last thought that I will leave you with. It is of the essence. For a business, speed is linked to success and ultimately survival. Security is the same. We are in “competition” with those that would do our industry harm. Speed matters. Threats emerge quickly. And they evolve fast. The four principles will help us to address the threats and challenges we face, but only if we move quickly enough.
Aviation is the “business of freedom”. We make people’s lives better. We are a catalyst for social and economic development. And that is turning our world into a global community. But the good we do makes us a target for terror.
Nobody has all the answers to protect our special industry. We are moving forward, but there is much more to do. Partnerships—witnessed by this conference—are essential. And we must keep focused on our common principles:
- Risk-based measures that make the best use of technology and intelligence
- Information sharing that is timely, comprehensive and coordinated
- Global standards that are truly implemented globally
- Capacity building that supports the mutual recognition of standards, and….
- Speed. We must move much faster than we do today.
On that note, I wish you a productive conference.