Mitigating and preventing the effects of a security breach with a simple bowtie

In December 2018, we attended International Airport Review‘s IT and Security event at Amsterdam Airport Schiphol. This event was all about aviation security and technology and how one can inform the other. We were there to represent CGE’s software products, which centre around risk management solutions through our BowTieXP virtual risk assessment model, which highlights possible issues. 

At CGE we do not call ourselves industry experts, but are the bowtie experts. That is one of the reasons we work with more than 200 partners globally. However, we are still aiming to see the application of bowties in the different industries. Barrier management is not very well known in the airport security industry, and as such we have created an overview of bowtie to highlight what can go wrong. 

An overview of bowtie

We created a bowtie to understand what airport security is and the possible threats faced by airport security personnel. The bowtie below is not a typical bowtie as we have previously discussed for International Airport Review, but as long as it helps us understand risks, it must be looked upon favourably. The aim of this bowtie is to have an overview of unwanted events and their potential causes. If we are aware of what the potential risks are, we are more prepared to deal with the consequences of the threat. 

The hazard for this bowtie (the top box of the middle section of the diagram) is ‘security operations at airport’. Although quite generic, it fits the purpose of this bowtie. The top event, or the loss of control moment, is a security breach (the centre of the diagram). “A security breach is any incident that results in unauthorised access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. […] A security breach is also known as a security violation^1″.

Now that we have set the scope of this bowtie, we would like to focus first on the consequences on the right side. At the conference, the issue of human trafficking was discussed, alongside with the responsibilities airports have to identify possible at-risk targets. At first, we thought airport security is all about preventing bombs blowing up, but it is much more than that. For example, human trafficking is an issue where airports play important roles. At the conference, someone shared their personal experiences with human trafficking and how airports can help identify signs of human trafficking. Also, international migration can be a security issue, and although it does not directly cause harm, it is an issue that needs to be managed.

There are probably many more issues to deal with in airport security, more specifically threats. The threats are the potential causes that can lead to any security breach. Be aware that not all threats can lead directly to all the consequences, but we did want to highlight issues on mental health. Multiple speakers mentioned mental issues as a large threat to security. In this bowtie, we separated the different issues on mental health, because they need different approaches. 

As you can see in the bowtie, there are no barriers. The industry knows exactly what can go wrong, but they do not speak the barrier language yet. Many speakers at the event emphasised that training is key in securing these events, but can we specify what those barriers are? We are sure most organisations can do that and we believe bowties help in this process of defining barriers.

To conclude, there is still a lot to learn about airport security and we think there are many more bowties to specify the security issues.