Head of Aviation Security advises “close cooperation is the only way”

David Ryder, Head of Aviation Security at ACI EUROPE emphasises how there is no one particular threat in the aviation sector. If you let your guard slip in one aspect, then the whole system is vulnerable.

aviation security advice from aci europe

ACI EUROPE’s Head of Aviation Security, that’s a very broad title. How would you summarise your role?

The job itself is a mixture of various things. I am frequently looking at the EU Regulations and providing input: We’re often asked by the European Commission to make suggestions for any amendments.

The European Commission also asks us to provide expert advice on operational airport security, and I am contacted daily by airport members asking for information or advice on specific topics, normally to do with regulations and how they should be interpreted.

We run a number of working groups to improve security across a range of issues, involving not only airports, but regulators, police, manufacturers and airlines as appropriate. We have a lot of interaction with all segments across the aviation security sphere.

Would you say it’s a stressful job?

It depends on whether you get stressed easily or not. When something comes up that is new, I see it as a challenge. You don’t perform well if you stress, so I try not to. Then it is easier to resolve the situation.

Within ACI Europe, how big is your security team?

We are a team of three, including myself, so there is a lot to think about between us. We receive support from our aviation security committee of 141 aviation security experts. This includes airport members but also partners like security equipment manufacturers and consultants.

I regularly update my airport members on what is going on in the sector, whether that be new regulations or threats. On the other hand, I ask them for information on benchmarking and what they’re doing in certain subjects. I am in regular contact with approximately 60-70 airport security individuals and they represent around 300-350 airports.

In your opinion what are the current biggest threats to aviation security?

I don’t think there is one threat in particular. I have produced a slide which shows how, since the 1970s, the threats have evolved and the mitigation measures with them.

Coming to the forefront in the 1970s, hijacks appeared a serious threat to aviation, so we introduced mitigation measures, like walking through metal detectors that detect guns and knives. Threats then evolved further, for example following the Lockerbie when a bomb exploded  in the hold. In response to this we started introducing 100 per cent hold-baggage screening. You look at 911; reinforced cockpit doors were then introduced.

Many of the emergent threats have been present for a long time. What we try to do is get one step ahead rather than being one step behind. Until relatively recently, we were always reactive, but we are now putting a lot of effort into being proactive instead; looking ahead to see how we can use technologies or processes and train our people to be ahead of the game.

Security within aviation and airports will be discussed in depth at our Airport IT & Security conference in September 2019 – book your place now!

Is there specific protection that you suggest to combat those threats?

If you look at an airport environment, there are so many aspects to consider. You could look at perimeter security: The fence, is it big enough, is it good enough, are the cameras good quality? You can look at airport or in-flight supplies: Are those screened sufficiently, do they come from known suppliers with secure programmes?

For example, Charles de Gaulle has 600 trucks a day going to their airport. That’s just one airport, and they must have measures in place to have those goods protected from where they come from, or infrastructure available to screen them on arrival.

You also need to look at the passenger-screening checkpoints and hold-baggage screening. You need to look at landside security, and the element of protecting infrastructure, passengers and staff. Some of that responsibility falls to the airport operator, and some falls to law enforcement agencies.

Another aspect of security is within the airport ecosystem: ID card management. At a big airport there are sometimes hundreds of different entities working within it. The airport operator, in proportion, only has a small number of direct employees but they issue numerous ID badges. Therefore, a process is needed to initiate the background checks on individuals. This has to be managed to ensure individuals have the correct access and are segregated, whether they’re regular or irregular users.

Traditionally, aviation security is defined to protect against acts of unlawful interference on aircraft and passengers. That is what ICAO determines in Annex 17, the security annex in ICAO’s regulations. But it is not just about the passenger – it’s a whole plethora of things, and an airport security manager has to handle this. It is the whole system that needs to be protected. We call this total airport security.

To what extent has the development of technologies increased cyber-threats within the aviation industry?

Europe’s airports are introducing more advanced hold-baggage screening equipment – partly required by regulation – and trialling explosive-trace detection for cabin baggage equipment. There are at least 25 airports in Europe or who have trialled or implemented updated algorithms on current machines.

But of course, this intensifies the risks on cyber-systems. Quite often the newer technologies are networked, which means they are potentially vulnerable to cyber-attacks. We have seen a number of attacks across various parts of the world, not necessarily from a terrorist point of view, but often for financial gain.

From the perspective of terrorist threat, cyber can be classified as a low threat. But from a business perspective it could easily be high.

Cyber-risk is something that we in ACI EUROPE are taking very seriously. We set up our cyber-security task force almost two years ago now and I have just hired an individual to deal with cyber-security full time.               

There are a variety of potential threats and we have to try and deal with all those in a way that has a big deterrent effect but doesn’t impinge upon the facilitation of passengers.

Do you class drones as a serious threat to aviation security?

Drones are both an opportunity and a threat. When you look at what happened in Gatwick, they were a huge disruption, even though it wasn’t a terrorist attack. So it doesn’t need to have a bomb on it to cause an impact.

With this in mind, when looking at drones it doesn’t require much foresight to imagine someone with ill intent to believe flying a drone across the airfield repeatedly is a good disruptive idea.                   

With our Operations & Safety colleagues, we do have a joint task force on this issue, we actually started talking about it before the Gatwick incident last year. We’re trying to be proactive, trying to think ahead of the game. One thing that has been completed at the regulatory level is the introduction of regulations to get all drones registered, with the differing sizes and weights. This has been introduced by the European  Aviation Safety Agency, and means we will be able to trace where they come from.          

Also looking at regulations, some states have already introduced no-drone zones, including UK, France, Italy and Germany. What this means is that a lot of the sightings are unintentional drones, controlled by individuals who are not aware of where they are or the danger it poses to airports and aircraft. However, this enables the airport to prevent unintentional people with lack of knowledge causing disruption. You’ll never stop the intentional ones who deliberately fly there, but you can reduce the number of false alarms.             

Looking into to the future, how do you predict aviation security will be different in comparison to today?               

There are always new malicious ideas. We will plug one hole and they will find another one. But we are always trying to identify where those holes might be. For example, before the attacks in Brussels, we had already identified in our security committee that landside security needed to be intensified, alongside the potential of insider threats, before those things happened.

One of the key aspects in aviation security is cooperation between all entities: Airports, airlines and regulators; we are lucky in having excellent working relationships with the European Commission (DG MOVE, in particular), national regulators and industry stakeholders. Developing a very close cooperation is the only way to enhance security, because the states have the intelligence and receive the intelligence feed of what is happening. When they provide us with information, we are made aware of the threat and we can action it. We can come together and propose solutions to try and mitigate threats as much as possible.


David Trembaczowski-Ryder, Head of Aviation Security, Airports Council International – Europe has spent his whole career in aviation, defence and security. He is a retired Royal Air Force officer with significant experience in NATO and EU strategic policy development. Ryder’s last appointment was with the UK Permanent Representation to the EU in a diplomatic post and prior to that he was a seconded national expert in the EU Council General Secretariat. Before Brussels he was the Station Commander of RAF Gibraltar, where he was responsible for all aspects of the airfield operations. Ryder joined ACI EUROPE in February 2010 where he covers the whole range of aviation security issues affecting Europe’s airports, including preparing proposals to counter new and emerging threats. He is directly involved in the drafting of EU legislation.