The Security Series: Probability and impact assessment
Exclusive interview with Ken Thomas, Head of the Network Operations Coordination Unit at EUROCONTROL as we discuss what they are doing to mitigate the impact of threats to security…
Welcome to ‘The Security Series’ from International Airport Review, featuring an extensive insight into matters of aviation and airport security with interviews and opinion pieces from key industry leaders and experts…
Our latest instalment features an exclusive interview with Ken Thomas, Head of the Network Operations Coordination Unit at EUROCONTROL’s Network Manager Directorate as we discuss the cyber threat, the importance of collaboration and what EUROCONTROL are currently doing to mitigate the potential impact of threats to aviation security…
So Ken, at EUROCONTROL, what are your primary responsibilities?
At EUROCONTROL, we strive to support aviation risk assessment and the risk management processes to try and measure the impact and probability of threats occurring in the aviation sector – from landside threats to cyber security.
Moving onto cyber security… Do you see it as the biggest threat we are currently facing?
I wouldn’t say it’s the biggest threat we face but it’s certainly very important that we ensure we remain at the forefront on the issue.
It’s undeniably a different genre of risk, perhaps represents the next form of threat and unfortunately we’re behind it and not ahead of it. We are still yet to truly gain any scope the issue.
At EUROCONTROL we essentially estimate the probability and impact of something happening if I am to simplify our role.
The cyber threat is far more difficult to assess however – both its probability and impact. As much of the digital infrastructure and system is shared, each part of the aviation security process is not autonomous in this respect. AFTN for example is shared network-wide and so it is very problematic when assessing the impact of a cyber attack and arguably impossible to assess its probability.
On another level, with the supporting structures such as communications and electrical power added in, it becomes incredibly difficult to assess as service providers in the end share the same digital cables and infrastructure.
“When the Malaysian 17 flight happened – why did some airlines choose to avoid the region, while others did not…?”
Admittedly, it is a little unsettling at the moment – purely the lack of scope we have in the field. Once we have more of a scope, we can approach the issue with one or more mitigation strategies.
I will conclude by saying that while cyber is not the biggest issue, it is probably the one we have the least control over.
How important is a collaboration between airports, airlines, regulators – all parties – in order to come up with solutions to issues such as the cyber threat?
It is absolutely essential when talking about terrorism that collaboration is the keyword. When information is not shared we find ourselves in the situation we are currently in.
When the Malaysian 17 flight happened – why did some airlines choose to avoid the region, while others did not? Was it that some information was kept and not shared by certain airlines?
“Cyber is not the biggest issue, it is probably the one we have the least control over…”
Everyone, be them a regulator, airline… whoever, must collaborate both on different levels and in different sectors so that we can collectively approach any threats with as much information as possible.
Does this culture of information and data sharing come itself with a risk?
For me, collaboration is the main thing. After this we need to work out with whom and how we precisely share information – consumer protection must nevertheless be upheld.
So how we create a healthy balance between the increasing desire for a seamless passenger experience and the need for increased security?
Emerging technologies will certainly help and an overall safety culture and understanding of the passenger is important.
Living in Brussels myself and seeing the effect of the attacks at the airport, it became clear that people generally have a reasonably strong understanding of what must be done from the security perspective – which itself is of the utmost importance.
And finally what are EUROCONTROL currently doing to aid the effort to strengthen aviation security?
EUROCONTROL, as you may know, is a vast company. I myself, am the Network Manager and therefore look after the European network.
Personally we’re looking at better preparing ourselves for the coordination of the mitigation of any potential crises.
For example, two weeks ago we exercised the eruption of Bardarbunga in Iceland. We all saw the effect the ash cloud had on aviation in 2010 and 2011 and it has to be said we’ve come a long way since then.
That said, a volcanic eruption very much has the possibility of having a significant impact in future so it’s about understanding and mitigating the impact.
In order to do so, our exercise hosted 40 aircraft operators from 20 different countries to decide how to best coordinate and manage a situation involving an eruption.
We also organise a yearly crisis coordination meeting and in February of this year, we exercised attacks on European airports, just months before Brussels.
“It is all about minimising the impact of any threats…”
And in future?
We are constantly looking at impact of space debris and uncontrolled entry of satellites and we are currently looking at how best to mitigate power outage.
At the end of the day, it’s all about preparation for different events and how best to minimise overall disruption.