Security in-depth focus: Securing aviation by sensibly managing risk

Posted: 10 March 2017 | | No comments yet

Andy Blackwell, former Head of Security with Virgin Atlantic and now a Registered Independent Security Consultant specialising in transport security, looks at the current trends and emerging security threats to civil aviation based on analysis of events over the past year.

While 2016 proved to be another challenging year for those responsible for maintaining the integrity of aviation security, this shouldn’t overshadow the significant progress that has been made in other areas. This includes not only protecting the travelling public and our staff, but capability building areas where security improvements were – and in some cases are still – much needed. The increased focus on Security Management Systems (SeMS) and development of in-house intelligence operations demonstrates that the industry is committed to maintaining the integrity of aviation security and sensibly managing risk.

Whilst it’s important to be mindful of new terrorist tactics, including cyber, which could be exploited to target civil aviation, analysing the experience of previous attacks is vital too. We know that terrorist groups, whilst innovative in their approach, will often re-visit previous attack methods and refine them to improve the likelihood of success. The need for high quality industry specific intelligence has never been greater.

Attacks and plots

In February 2016 the Islamist terror group al-Shabaab claimed responsibility for a bomb attack that damaged Daallo flight 159, which was in-flight in Mogadishu, Somalia. One fatality was reported and this was believed to be an individual implicated in the attack. According to open source reports, the suicide bomber and 69 of the 73 other passengers on boardwere meant to board a Turkish Airlines flight, which was cancelled on the morning of 2 February 2016 due to poor weather conditions. This resulted in Daallo Airlines rerouting the passengers to Djibouti, where they would be transferred to a Turkish Airlines flight. Somalia’s Transport Minister confirmed that the explosion was caused by a bomb that was “intended to kill all on board”.

Had the aircraft been at cruising altitude the attack would almost certainly have been catastrophic. Al-Shabaab said that it targeted Turkish Airlines because Turkey is a NATO state supporting Western operations in Somalia and that they were targeting Western intelligence officials and Turkish NATO soldiers who were said to be on board. Reports suggest that the improvised explosive device was concealed in a laptop carried onto the plane by a passenger in a wheelchair. CCTV recording from the airport shows two men (believed to be airport workers) giving a laptop to the wheelchair passenger. Investigators believe the bomber had some type of connection to airline or airport personnel.

A Somali Military Court subsequently found two men guilty of planning the plot and being members of al-Shabaab. They were sentenced to life imprisonment. One of the two men was a former security official at the airport and the other, who financed the attack, had eluded arrest was tried in absentia. Eight other airport workers were convicted of aiding the plot but were not convicted of being members of al-Shabaab. They were given prison sentences ranging from six months to four years. Those convicted worked in a range of jobs at the airport, including security screening staff, a police officer, immigration officers and a porter. This case highlights the very real risk posed by ‘insiders’; ‘the enemy within’ and is an area where continued focus is necessary.

In March 2016 two coordinated person-borne suicide attacks in the check-in area at Zaventem Airport Brussels resulted in 17 deaths and 81 injuries. The bombs were in large suitcases. A third suicide bomber was prevented from detonating his bomb by the force of a previous explosion. His bomb was found during the course of a search of the airport and was later destroyed by a controlled explosion. Daesh claimed responsibility for the attacks. The attack highlighted the vulnerability of landside crowded places at airports.

In May 2016 Egyptair flight 804 from Paris to Cairo crashed into the Mediterranean Sea. The cause of the crash remains under active investigation, but in December 2016 Egyptian investigators announced that traces of explosives had been found on the victims. Earlier reports suggested that TNT traces were found on parts of the recovered debris from the aircraft. A criminal investigation remains ongoing.

In June, at Ataturk Airport in Turkey, terrorists killed 45 people and injured over 230 in a Marauding Terrorist Firearms Attack (MTFA), which concluded with the terrorists blowing themselves up. The attacks took place in landside areas of the airport. Turkey’s Prime Minister was quoted as saying “the findings of our security forces point at the Daesh organisation as the perpetrators of this terror attack”, however no claims of responsibility have been made.

In October, at Nice Airport, France, a male threatened to conduct a bomb attack and cut passengers’ throats. He was arrested without harm being caused. The perpetrator was reported to be attracted to Daesh’s hard-core ideology and suffering from mental health issues.

In the same month, media reports appeared regarding attack plans targeting Schiphol Airport in Amsterdam that had links to two suspects under criminal investigation in relation to the Paris and Brussels attacks earlier in the year.

Reports were also received advising that German police had foiled a Daesh plot to attack Berlin Tegel Airport, with one male being arrested. Less than a month later, on 4 November 2016, further reports surfaced about another plot – this time regarding a male who had been arrested in connection with a bomb plot targeting an undisclosed city airport in Berlin.

December 2016 saw the hijack of an Air Afriqiyah aircraft from Tamenhint to Tripoli which was diverted to Malta. Successful negotiations led to the release of all the passengers and crew. Two hijackers said to be in possession of replica weapons claimed they wanted publicity for a new political party but the men’s exact demands remain unclear. At a recent court hearing the captain of the hijacked aircraft said that the hijackers only seemed interested in leaving Libya and wanting to go to Rome.

In the same month, five female airport security officers and their driver were killed by an unknown gunman on their way to work at Kandahar Airport, South Afghanistan. The incident highlights the risk to employees, particularly females, in some States.

In January 2017 a ‘lone wolf’ said to be suffering from mental health issues, shot and killed five people and injured six near the baggage reclaim area at Fort Lauderdale Hollywood International Airport. The male had travelled as a passenger from Anchorage and checked in a handgun he had lawful possession of. On arrival he recovered the weapon and used it in the attack. The suspect is reported to have told police officers he was having “terroristic thoughts and believed he was being influenced by ISIS”. Daesh (ISIS) has not claimed responsibility for the attack but at a bond hearing an FBI agent reported that the gunman had carried out the attack on behalf of ISIS.


Analysis of the plots and attacks against civil aviation over the past 12 months indicates the following:

  • Attacks against civil aviation by Daesh directly, or by those inspired or acting in their name, have increased. Daesh’s previous interest in the sector was limited
  • Lone wolves featured in a number of the incidents
  • AQ and their affiliates continue to target civil aviation
  • Insiders have played a key role in facilitating some aviation attack plots
  • Public ‘landside’ areas are clearly regarded as viable terrorist targets
  • Weaknesses in security defences enabled some of the attacks to take place
  • A number of the attacks and potential attacks were linked to individuals with reported mental health issues.


Despite the challenges, much progress has been made and continues to be made to further enhance the integrity of aviation security.

On 22 September 2016 the UN Security Council adopted its first civil aviation resolution UN Resolution 2309 (2016) to counter terrorism threats and declared that all States must strengthen, both individually and collectively, aviation security measures, in order to secure a stable and peaceful global environment. The Council called on States to work within ICAO to ensure that its international security standards are reviewed and adapted to effectively address the threat posed by terrorists targeting of civil aviation. The resolution specifically required the strengthening of security screening procedures and maximising the promotion, utilisation and sharing of new technologies and innovative techniques that increase the capability to detect explosives and other threats. The resolution also called upon countries to share information about possible threats and enhance international and regional co-operation to counter extremist threats. The need for collaborative approaches is clear. Joint working and partnership between key aviation stakeholders, industry, regulators and relevant external agencies is vital.

The industry take-up of Security Management Systems (SeMS), designed to encourage a risk-based approach to assurance, will help industry stay one step ahead of those seeking to cause unlawful interference.

Aviation Security capability building by governments and industry is helping to raise standards; one notable example being the EU-funded and ECAC-implemented CASE Project launched in early 2016. This project supports the efforts of Partner States in Africa and the Arabian Peninsula by helping to mitigate threats against civil aviation and improve compliance with international requirements. The project has a strong focus on quality control measures and aligns with SeMS principals.
Several airport authorities have established, or are considering establishing, their own in-house intelligence gathering teams. Los Angeles World Airports is pioneering in this regard and the Anti-Terrorism Intelligence Unit they established in 2014 now represents a model for others to follow. In-house intelligence gathering enables airports to obtain a rich ‘threat’ picture and supports the efforts of external agencies. The richer the threat picture the greater the chance of being able to sensibly manage the emerging risks.


Events over the past 12 months have once again highlighted the unhealthy fascination that terrorists have with civil aviation. We’ve seen them exploit aviation security weaknesses, use ‘insiders’ and attack both ‘hard’ and ‘soft’ targets. Their persistence is unlikely to desist for the foreseeable future. SeMS-based approaches, enhancing industry-specific intelligence gathering, focusing on capability building and developing collaborative approaches will all help to maintain the integrity of aviation security.


Andy Blackwell is former Head of Security at Virgin Atlantic and during his time at the company managed many dynamic and high-profile security events. Prior to joining Virgin Atlantic he was UK Security Manager and Lead Threat Assessor with DHL. Andy has an extensive law enforcement and intelligence background with previous service with UK Customs, British Transport Police, the National Criminal Intelligence Service and the National Drugs Intelligence Service of the Czech Republic. He is now Director of Blackwell Security Consulting, which specialises in threat and risk management, resilience, transport and travel security, and SeMS development. He has been commended by the Metropolitan Police for demonstrating a high degree of professionalism and providing an exceptional level of service during a period of heightened threat against civil aviation.

Send this to a friend