Aviation Security Management - The AVSEC Guide
Aviation Security Jobs - To Protect and Fly
Aviation security jobs (AVSEC) are the most critical component of the aviation industry, ensuring the safety and security of passengers, crew and property. Property being Airports, Aircraft and Buildings. The International Civil Aviation Organization (ICAO) is the global body responsible for setting international standards and recommended practices for AVSEC. ICAO originates the rules and regulations we use WORLDWID, including the TSA.
The United States Transportation Security Administration (TSA) is responsible for implementing Avsec measures in the US. The TSA provides training and guidance on best practices to airlines, airports and everyone else in the supply chain. In Europe, the European Civil Aviation Conference (or ECAC) sets standards for civil aviation in Europe. The aviation authority in each EU state then implements and oversees Avsec activities.
Overview of Aviation Security Roles
Thanks to Annex 17, the approach and roles to Aviation security have been standardized somewhat in terms of responsibilities and objectives, even if the titles differ between the TSA and the rest of the world. But we will explain all of that. The bottom line is that Avsec seeks to protect EVERYTHING from existing and evolving threats.
And they are evolving.
Yes we must protect against the bomb and the gun, but now we have Drones, .exe files and staff members who have been coerced into action by others.
Terrorist Attacks & Threat Evolution
Boy was aviation security different back then. That picture might give some of you some chills, or regrets. It all started in the 1970s with the Dawson Field Hijackings which led to the creation of the checkpoint and metal detectors we know now. This also allowed the infamous DB Cooper to pull his stunt. In 1988 Pan Am 103 was destroyed over Lockerbie in Scotland leading to the introduction of hold baggage screening.
After the 9/11 attacks we introduced the prohibited articles list that stopped knives getting on board and we locked the flight deck doors. Since then we discovered a shoe-bombing plot that made us inspect your shoes, there was a a liquid bomb plot and so we needed to limit Liquid and Gas packages (LAGS) in the cabin to 100ml. More recently an underwear bombing plot forced the implementation of new tomography scanners that make you raise your hands.
What’s next?
Well, we don’t know. Bad guys target the weakest links. So we must constantly strive for better protection and vigilance. The emerging threats are most certainly Landside threats like we had in Brussels and Istanbul, Insider threats, Air Cargo Supply chain, Chemical attacks, Drone attacks and Cyber attacks.
Annex 17
ICAO Annex 17 is the parent regulations. 17 is an international agreement that sets out the standards and recommended practices for aviation security. The contents outline the minimum training requirements for personnel involved in aviation security operations, such as airport security staff, aircrew members, ground handling personnel, and other stakeholders. Additionally, it includes provisions on how to assess the effectiveness of training programs and how to ensure compliance with international standards.
Who complies with Aviation Security?
First and foremost every passenger, staff member and crew member must go through security. That’s the security most of you see. But there’s a whole regulatory system that covers all of the participants in the business we call aviation security. And there is roles and training that accompany each of these areas.
Airports (AIC, Screeners, Supplies, SIDA/BSAT)
Airlines (AIC, Search and Protection, Cargo, Supplies)
Regulated agents (Supplies, Cargo)
Consignors (Cargo)
Suppliers (Supplies)
ANSPs (Cybersecurity)
Police, Customs
National Civil Aviation Security Program (NCASP)
The National Civil Aviation Security Program (NCASP) is an international agreement that sets out the standards and recommended practices for aviation security. It was developed by the International Civil Aviation Organization (ICAO) in order to ensure the safety and security of passengers, crew, and aircraft. The NCASP applies to all participants in the aviation industry, including airports, airlines, regulated agents, consignors, suppliers, air navigation service providers (ANSPs), police forces, customs authorities and other stakeholders.
Each country adapts the NCASP for themselves, and this outlines a comprehensive framework for ensuring security through effective training. This includes minimum training requirements for personnel involved in aviation security operations such as airport security staff, aircrew members, ground handling personnel and other stakeholders.
NCASP Chapters
The NCASP (pronounced “Nasp”). Is made up of Chapters. It’s also a protected and secure document, so we are not going to discuss critical (or need to know) elements here. But we are going to describe how the NCASP dictates the roles and training element.
Security Training
Airport Security
- Basic awareness (SIDA/BSAT 11.2.6.2) – This is the course you do in order to get your Airport ID Badge.
- Aircraft Security Search
- Aircraft Protection
- Baggage reconciliation
- Security for Cargo & Mail
Inflight/Airport Supplies - Passenger & Cabin Baggage Screening
- Hold Baggage Screening
Transportation Security Administration (TSA)
First and foremost, please visit the TSA website. The TSA work with Programs and they (correctly) keep the details of these programs on a need to know basis. But in short they are;
Twelve-Five Standard Security Program for Aviation Programs (FAA Part 135 Certificated Carriers)
Private Charter Standard Security Program for operators with an FAA Part 121, 125, or 135 certificate holders.
Aircraft Operator Standard Security Program (Full Program) and Public Charters for operators with FAA Part 121 and 125 certificate holders.
Risk Assessment
Risk assessment in aviation security is the process of identifying, analyzing, and evaluating potential risks to an organization’s operations. It involves looking at the likelihood of a threat occurring and the potential impact it could have. Risk assessments are conducted to identify areas of vulnerability and develop strategies to mitigate those risks. We have a great article on how the FAA do it in terms of safety. One great infrastructure that has been created is called SEMS. It borrows heavily from Safety Management Systems.
Security Management Systems (SEMS)
Created by IATA in 2002 with the Global Aviation Security Action Group – GASAG). It has also been mandatory for IOSA registered Airlines since 2007. An entity is given a framework of operating principles and direction by a security management system (SeMS), enabling it to improve security performance by proactively managing risks, threats, and places where there are gaps and vulnerabilities that could have a negative impact on that performance.
SeMS is…
- Based on a framework driven by risk that aims to integrate security into your operations and culture
- Suited for any aviation-related organization, regardless of size or mode of operation.
- An aid in the development of a flexible, risk-based supervision system by ICAO or IOSA.
- A tool that helps organizations comply with the quality control requirements.
There are FOUR Stages to the creation of a SEMS
Initial Evaluation and Scope
A high-level exercise to establish the SEMSs general scope in accordance with the organization’s operations.
Analysis of Requirements
A thorough needs analysis (and Training Needs Analysis) and business case can be created based on the initial assessment.
Implementation
Planning and carrying out the SeMS Implementation once the business case it approved. The UK CAA is a leader in this field and have a tremendous amount of resources at their website.
Evolution
A self-sustaining improvement procedure based on Quality Control metrics that utilizes several SeMS components.