Last updated: 13 Nov 12 @ 03:24  |  

A risk-based approach to security could focus security efforts in the right areas

Adam Ogilvie-Smith, Chairman of the Aviation Security National Technical Committee, tells Robert de la Poer how the UK is fast-tracking academic innovations into world-leading transport security solution

RP: What are the main goals of the recently formed UK Aviation Security National Technical Committee (AvSecNTC)?

AOS: If you look at the attacks against aviation over the past 20 years or more – from Lockerbie to 9/11 and shoe bombing – international terrorists keep returning to aviation. I would say that, far from disappearing, the threat has continued to evolve and is now different every time. In the 1960s and 1970s, with Palestinian terrorism, it was the same every time: a man with a gun and grenade trying to get aboard an aircraft with the aim of hijacking it. Today the terrorist is far more innovative, which means we have to be as well.

The Knowledge Transfer Networks (KTNs) have existed for some years, with the aim of linking together the ideas created in universities with the knowledge held in small-to-medium enterprises. The goal is to accelerate the innovation chain and create solutions faster, and therefore create growth in the UK economy.

Within the very broad church of the Aerospace, Aviation and Defence KTN is a wide range of national technical committees, one of which is the AvSecNTC. This got going in 2011, with an official launch in February this year. Given that innovation feeds growth, and that aviation security is an important field in which a lot of money is invested each year, UK leadership in the field can lead to greater UK exports.

RP: How does the Committee work to transform academic innovation into commercial products?

AOS: The world of technology and innovation uses technology readiness levels (TRLs) to measure how ready a piece of technology is for the open market: for example TRL 1 is a basic principle, reported and observed, up to TRL 9, which is an actual system proven in successful mission operations. As you move up the levels you prove more: so if the idea is a handheld detector, at TRL 4 you might have a working six-foot by one-foot prototype in the laboratory, and by TRL 7 you have something to demonstrate in an operational environment.

Typically universities take technologies from TRL 1, 2 or 3 up to 5 or 6, but will rarely be spending money creating a finished product. That is what private companies do best. One of the great questions is therefore how do you move the concept that has been developed in universities – and especially through blue-skies research – into production. Academics are rarely interested in taking it to that final stage, so getting it from TRL 4 to TRL 7, and from academia to the private sector, is often known as “the valley of death” for products: it’s not easy. One of the Committee’s roles is therefore to provide the lubrication to move these concepts from the lab into companies where they will receive the appropriate investment and marketing to become a successful product. We reach out in all directions so that the right people are meeting, networking, bouncing ideas off each other, and thus generating innovation. I was delighted that the launch meeting of the AvSecNTC saw people from academia, SMEs, system integrators, international regulators and trade bodies: that’s the interaction we need to see.

RP: Do you think the focus at present in the aviation security industry is on finding solutions to particular threats or is it on just turning concepts into products?

AOS: It’s interesting you should ask that, as the situations may have moved on by the time of Counter Terror Expo in April. A green paper called “Better Regulation for Aviation Security” was published in July 2011 which noted that, at present, we have process-based aviation security in the UK, often called “Direct and Inspect”. This means that security personnel carry out the same tasks to ensure a uniform level of security at every UK airport, whether it’s at London Heathrow or Inverness. The green paper proposed a new, Outcome-Focused Risk-Based (OFRB) approach to security, where the desired outcome is safe and happy travel for passengers and risk-based means the approach to security is based on the perceived risk at that location. The risk profile is very different for an airport in, for example, the Shetland Isles, compared to that at Heathrow, so they don’t necessarily need an identical approach to security.

The green paper also argued that responsibility for airport security, which is currently regulated by the Department for Transport, should be given to the Civil Aviation Authority (CAA), which would also be a very significant change. Primary legislation will be needed to make these changes, but it does mean this is a fascinating time for aviation security because we likely to see some huge changes in the UK at the same time we are seeing changes in the US as well.

RP: Is the change to a risk-based approach to aviation security likely to cause a lowering of security levels at smaller airports then?
AOS: I would phrase it differently. The intention of the policy is that the same level of security will be achieved, but that we can be smarter and more flexible in how we achieve it. Security policy at present demands that you treat all passengers equally. However, if you have a business traveller who you know inside out – who has travelled every week for a year, and has shared all his details – regardless of his skin colour, ethnic background, etc – I would consider him less of a risk than another passenger who has no travel history, paid with cash and hasn’t existed in the data sphere until now. This is very different from “profiling”, which the government does not engage in, because making a security decision simply on someone’s ethnic background is both useless and unethical.

RP: What would be the practical implications of this new policy for aviation security?

AOS: The core of my presentation at Counter Terror Expo will be that, instead of making a metal detector or body scanner a little more accurate than a previous one, we should be focusing on joining things together. The way I see it, there are three separate domains into which all aviation security falls. These are: detection, with all the chemistry and physics to detect whether someone has a metal object, an explosive or a component liquid, for example; behavioural analysis which might include video analytics, to detect if passengers are acting in unusual or suspicious ways; and information, which includes intelligence and identity.

Because these three domains are largely separate today, someone could arrive at an airport, buy a ticket with cash and appear to have no travel history. If there is nothing to stop them from flying they would then pass to the security queue and will be dealt with in exactly the same way as everyone else, including the businessman who has travelled every week for a year. Where therefore do you put your security screening efforts? I would suggest that a smarter way approaching this is to focus your attention on those passengers who warrant a second look, and look less closely at others. This means many passengers can have an easier experience; in the US, for example, serving military personnel and children under 12 no longer have to take their shoes off, as they are assessed as posing a lower risk.

Professor Adam Ogilvie-Smith has worked for GCHQ, the Cabinet Office, KPMG, Racal, Thales, the Home Office (OSCT) and UKTI. He is chair of the Aviation Security National Technical Committee, an honorary professor at the Aberdeen Business School, and a member of the European Commission’s FP7 Security Advisory Group. He will be speaking at Counter Terror Expo 2012. This article was first published in the Issue 4 of the Counter Terror Expo Newsletter