Airports and the aviation system face a variety of threats globally. Ranging from terrorism, and insider threats, to criminal activities such as smuggling and theft. These threats are constantly evolving based on the capability of groups, advances in technology, and the vulnerability of infrastructure. One of the most difficult threats to mitigate is an Insider Threat.
The Insider Threat is difficult to mitigate due to its origins within a group of trusted employees who are vetted, constantly screened, and most importantly, have access to the security processes within the overall system. Airports and the aviation system have established formal security processes from the International Civil Aviation Organization, and their National Aviation Security Programs. These processes are standardized and include physical security measures such as fences, cameras, etc. Additionally, they also impose security processes such as vetting, badging, and credentials, screening with advanced hardware and software, and facial recognition systems that are constantly monitoring activities. As complete as the airport and aviation security systems are, there will always be vulnerabilities in the system and the insiders know how to exploit them.
Most, if not all the security systems currently deployed at commercial airports use a one-dimensional or ground zone security system. Meaning the security system is linear and is there to mitigate ground-level threats. On the other hand, military airports account for airborne threat vectors which range from incoming enemy aircraft to UASs and missiles. With the advent of a growing UAS threat we have seen in places like Saudi Arabia, Yemen, Ukraine, and Russia, commercial airports face this new threat/challenge by UAS or “drones.”
If you examine the threat from UAS at commercial airports in conjunction with Insider Threat, the commercial airport and aviation systems face a significant new challenge. The threat of a terrorist attack delivered by UAS is readily evident. Currently, there are few, if any, Counter UAS (C/UAS) systems deployed within civilian and commercial airports. In most airports, especially in the US, mitigation of these UAS threats is restricted. This leaves a major security issue for a terrorist-type attack using a UAS directly against an airport or aircraft. Additionally, a UAS could deliver an IED bypassing traditional security screening via placement on an aircraft, or within an airport by an insider which is another significant vulnerability.
It is important to now evaluate other threats posed by UAS to airports and aircraft. If you ask most airport security personnel they will tell you that beyond terrorism the biggest threat they face is criminal. Theft of property, drugs, guns, or other illegal material being smuggled on aircraft, and the introduction of prohibited items on or off an airport. Think of It this way, it’s very easy to fly items in and out of an airport using drones as the primary threat vector. Combined with Insider Threat, aviation is now facing a significant challenge. Airports and the Aviation sector must address multidimensional threats with a limited capability to mitigate them.
In recent news, the prevalence of UAS smuggling has been illustrated in the results of Operation Skyhawk. The operation focused on the mitigation of a multi-statewide drone smuggling operation in and out of Georgia’s prisons. Among the 150 suspects arrested were eight Georgia Department of Corrections employees. The contraband confiscated included 87 drones, 273 cellphones, 22 weapons, and a plethora of illegal narcotics. This illustrates a blaring example of UAS technology being utilized by insider threats to accomplish a malicious goal. Now imagine the implications of a criminal utilizing these same methods on a massive scale within airports.
Let’s examine a couple of potential scenarios. Insider threats among ground-handling companies have always posed a challenge. Though these personnel are vetted, it’s a transitory business with high turnover rates. The ability of an insider to remove contraband or stolen material from an aircraft/maintenance facility and fly it out of an airport using a drone is a real threat. Likewise, on-airport cargo and catering facilities which have a high rate of transitory personnel pose another challenge. An insider with access could use a drone/UAS to bring in prohibited items, or worse explosives and drugs which could then be loaded onto aircraft bypassing traditional security screening.
These are just two examples of new challenges for airport and aviation security personnel. The question becomes how to mitigate both the insider threat in conjunction with new UAS threats that can bypass a security system built for linear threats.
The solution is complex and must include a combination of linear and multidimensional security processes supplemented by the introduction of new technology to mitigate this threat. The airport security system must enhance its insider threat system and consider a threat that can easily reach the sterile area of an airport. Airport security programs must now assess areas of vulnerability that can be exploited by UAS systems such as areas accessible to insiders. Egress and ingress air routes, areas not currently considered vulnerable, and areas of potential high insider threat (cargo, catering, ground handling crew areas) should be reviewed and enhanced. This includes physical barriers, enhanced cameras and lighting, and other measures such as random security patrols. To address the UAS threat itself the solution is technology.
It is time that commercial airports consider and deploy C/UAS systems into their Airport Security Programs (ASPs). There are some international airports and a few US airports that are currently experimenting with C/UAS systems. Utilizing these systems provides a wide-ranging security net that encompasses not only aerial but ground-based threats through its use of 24hr EO camera and radar capabilities. We should look to the experience gained by these airports and C/UAS deployments as a guide. Additionally, CUAS systems provide the user with the ability to centralize decision making allowing the operator to navigate the complexities of the US’s current UAS legislation. The use of C/UAS testing pilots and data collection exercises using C/UAS would be a proactive initial step. Why wait until the regulators and lawmakers figure it out? Simple data collection to identify the threats posed by UAS, and planning accordingly, make mitigation easier to enact. Currently most airports are void of UAS threat data, now is the time to act. In the security business the more you know about the threat the less risk is posed.