A roadmap to better security

ICAO’s approach to aviation security continues to involve the monitoring of Annex 17 compliance alongside AVSEC training, whilst assisting with the implementation of new technologies to improve security and efficiency.

In a most dramatic fashion, the terrorist attacks of 11 September 2001 instantly propelled aviation security to the top of ICAO’s list of priorities. In February 2002, the Organisation hosted a High-level, Ministerial Conference which endorsed a comprehensive, long-term Plan of Action for Strengthening Aviation Security. On 17 December 2004, the ICAO Council approved a revised set of Strategic Objectives, including one on security comprising of eight distinct elements:

• Identify and monitor existing types of security threats to civil aviation and develop and implement an effective global and relevant response to emerging threats.
• Ensure the timely implementation of ICAO provisions by continuously monitoring the progress toward compliance by states.
• Conduct aviation security audits to identify deficiencies and encourage their resolution by states.
• Develop, adopt and promote new or amended measures to improve aviation security for air travellers worldwide while promoting efficient border crossing procedures.
• Develop and maintain aviation security training packages and e-learning.
• Encourage the exchange of information between states to promote mutual confidence in the level of aviation security between states.
• Assist states in the training of all categories of personnel involved in implementing aviation security measures and strategies and, where appropriate, the certification of such personnel.
• Assist states in addressing security related deficiencies through the aviation security mechanism and technical cooperation programme.

Inherent to these elements are three key considerations which will direct the action of ICAO in further improving aviation security. The first is that the full implementation and enforcement by states of the Standards and Recommended Practices (SARPs) of Annex 17 – Security – to the Chicago Convention are essential to optimum security. Second, a significant number of states require assistance in fulfilling their responsibilities under Annex 17. Third, improved security measures must not impede the efficient flow of passengers at airports.

It also must be understood that aviation security is but one component, albeit a critical one, of a much larger, global and multi-disciplinary effort to prevent and neutralise acts of unlawful interference against civil aviation. Everything possible must be done to prevent potential perpetrators from ever reaching aviation facilities, be they on the ground, in the air, or in orbit around the planet as in the case of communications satellites. That is the role of national and international intelligence and policing agencies. However if would-be perpetrators succeed in getting through the primary security net, then measures must be effective enough to protect the global aviation system.

Is there a problem?

The first step in building an effective global aviation security system is an assessment of the existing level of security in states. This is the main goal of the ‘Universal Security Audit Programme’ (USAP), an integral part of ICAO’s Plan of Action of 2002. It consists of regular, mandatory, systematic and harmonised audits of all ICAO contracting states for monitoring compliance with Annex 17 standards and for developing recommendations for enhancing security measures.

A common deficiency identified by the USAP thus far is that many states are not providing effective oversight of aviation security activities at their national airports. The establishment of a comprehensive security oversight system is essential if a state is to ensure the effective implementation of its national aviation security requirements and of Annex 17 SARPs, a fundamental responsibility of all ICAO member states under the Chicago Convention.

The global trend to privatise airports and government services has reinforced the need for strong regulatory oversight. Outsourcing is often cost-effective and can provide high levels of security, inasmuch as appropriate performance standards have been set and strong oversight of the contracts assured. It is equally important that an independent oversight infrastructure provide close governmental control and supervision where security functions are performed directly by civil service staff or airport operators.

The effective implementation of a quality control programme is another fundamental component of a security oversight system. The requirement for each state to develop and implement such a programme was introduced as a new standard in the most recent amendment to Annex 17, which became applicable on 1 July 2002. Ideally, the concept of quality control should extend to all security stakeholders throughout a national air transport system. However USAP audits indicate that many states have not adopted national quality control measures or developed a written national security quality control programme. In a number of States, the aviation security programme itself is only in draft form or is not up to date on all the latest requirements.

As an integral part of quality control, each state is required under Annex 17 to arrange for the evaluation of security measures through the conduct of surveys, inspections and tests. The purpose of the survey is to enable each State to identify its security needs by evaluating the vulnerability of its airports and operators to acts of unlawful interference. The initial results of the ICAO audits have highlighted the need for states to perform increased levels of surveillance of their airports and airline operators.

Of course, the availability of appropriately trained and qualified personnel is essential to the effective implementation of a quality control programme. Such personnel should be empowered to perform security surveillance activities and should not be involved in the aviation security measures that are to be assessed. The audits conducted thus far under USAP have revealed that most states have very limited numbers of qualified inspectors available and some states have no aviation security inspectors at all.

States must have in place policies and procedures for fulfilling training and certification obligations. The most recent amendment to Annex 17 introduced more detailed requirements for states to establish selection, training and performance criteria for all persons carrying out security controls. In addition, persons conducting screening operations are now required to be certified according to specifications provided in the national civil aviation security programme. An award of certification means that the person possesses all the key competencies (knowledge, ability and skills) required to perform screening functions.

Finally, USAP has shown that the authority responsible for aviation security is not always appropriately empowered to take action to resolve identified security concerns. The ability to follow up and resolve security concerns identified through the surveillance process is critical to an effective security oversight system. This includes the authority to compel compliance and require corrective action in a timely manner by imposing sanctions or operating restrictions. This authority should be clearly granted through empowering legislation, with supporting technical guidance and procedures for the control and supervision of security providers.

Help is on the way!

In a relatively short period of time, the USAP has become a valuable instrument for identifying weaknesses in the aviation security system of states and for recommending appropriate course of action for correcting deficiencies. Providing assistance to states in striving for an ever more secure global air transport system is the role of ICAO’s Aviation Security (AVSEC) Section, with products and specialised training geared to the professionalisation of the aviation security discipline.

The AVSEC mechanism provides direct assistance to states in achieving full compliance with Annex 17 SARPs, through advice on security matters, surveys and technical evaluations, training courses, seminars and quality control programmes.

The ICAO Security Manual, designed for those engaged in national, airline and airport AVSEC programmes as well as consultants or other private companies that specialise in the provision of AVSEC services and expertise, provides detailed information and guidance to enable compliance with Annex 17 provisions. Areas covered include AVSEC operations and personnel training, detection devices and other AVSEC technologies; general equipment selection, procurement and maintenance procedures and the development of an effective AVSEC legal framework.

ICAO Aviation Security Training Packages (ASTPs) and courses bring this information to life in the form of knowledge-focussed courses to assist security professionals, managers and staff in developing a more comprehensive understanding of ICAO SARPs as well as specialised practical expertise in the implementation and monitoring of measures and provisions in accordance with local programmes. Subjects range from hostage negotiation to more practical implementations of AVSEC programmes and activities.

A recent initiative, long-distance e-learning, utilises an innovative online classroom approach developed jointly by ICAO and the John Molson School of Business of Concordia University, Montreal. It fosters a common understanding of Annex 17 and the Security Manual and promotes the use of management principles, best practices, and intra-regional cooperation. The use of the e-leaning platforms will be expanded to most ICAO AVSEC packages to reinforce the effectiveness of these training tools. The same distance-learning platform is used in developing new AVSEC-focussed training on a case-by-case basis.

From e-learning to e-passports

Together, the USAP and the integrated ICAO AVSEC products and services represent a comprehensive approach to identifying and solving security-related challenges. Ensuring that tighter security measures do not negatively impact on airport operations is the primary task of ICAO’s Facilitation Section, which strives to contribute to optimum security and efficiency in passenger clearing procedures through Machine-Readable Travel Documents (MRTDs) and biometric identification. Over the years, ICAO has become a driving force in the development of e-passport standards and specifications for the deployment of biometric identification in MRTDs. This is part of its wide-ranging commitment to implement effective border control systems, with both increased security and quicker inspection formalities.

The initiative for developing specifications for machine readable passports goes back to 1980, as the world of civil aviation first needed standardisation of such documents in order to deal effectively and efficiently with the pressures of ever-growing traffic volumes and the resulting congestion at customs and immigration checkpoints.

Shortly thereafter came specifications for machine readable visas and travel cards. These were developed by the Technical Advisory Group on Machine Readable Travel Documents (TAG/MRTD), a group of experts comprised of government officials knowledgeable in travel document production and immigration procedures. It is actively supported by private-sector professionals through a liaison working group set up by the International Organization for Standardisation (ISO). This latter group advises the TAG/MRTD on the application of relevant ISO standards and facilitates ISO endorsement of the ICAO specifications.

In 1998 the ICAO Assembly brought passport security to the top of its agenda when it passed a resolution urging contracting states to intensify their efforts to safeguard the security and integrity of their passports, to protect their passports against fraud and to assist one another in these matters. This resolution was updated in 2001 and continued in 2004, at which time the Assembly also decided that the work on MRTDs, biometrics and document security should be continued as high-priority items. Also in 2004 the Twelfth Session of the Facilitation Division recommended some significant enhancements to Annex 9 Standards. These included new travel document security provisions, a recommended practice concerning the use of biometrics in travel documents and a new standard that requires states to begin issuing machine readable passports by April 2010. These and many other amendments are now before the ICAO Council for adoption.

Most recently, the TAG/MRTD at its fifteenth meeting in May 2004 updated its technical reports on biometrics deployment (including the specification for the contactless integrated cirucuit), the Logical Data Structure and the Public Key Infrastructure. The e-passport ‘blueprint’ is now frozen for the time being, to allow States to proceed with their programmes to implement it. In the meantime, ICAO Doc 9303, Part 1, Machine Readable Passports, is being updated to integrate the biometrics blueprint as formal specifications. A two-volume 6th Edition is planned for publication in the latter half of 2005.

It’s all about people

Whether auditing security systems, helping States comply with security requirements or developing new technologies for MRTDs, ICAO always has passengers and crew in mind. The objective is to ensure that the infinitesimal number of persons that can potentially cause harm to the aviation system do not prevent the overwhelming majority of passengers to proceed as quickly, as efficiently and securely as possible with their travel plans. In short, as its mandate clearly explains, it is to ensure the safe and orderly development of international civil aviation.