Regulators and airport operators from across Europe, North America, Asia Pacific and the Middle East have joined forces to promote the introduction of open architecture in airport security systems.
In a paper prepared by Heathrow Airport Limited (U.K.) and Avinor AS (Norway) and endorsed by a wide range of regulators and airport stakeholders including the Transportation Security Administration (TSA), the authors and collaborators state that a safe and secure aviation system is the foundation of the global economy. The security threat to this system is real and continues to evolve, with technology changing the way the world and those with malicious intent operate.
Open architecture generally refers to physical and software architecture where interfaces, communication and protocols are publicly available, well documented and free to use. This greatly facilitates sharing data and adding, replacing and updating modules without difficulties such as commercial barriers and proprietary protocols.
But what does it mean in terms of airport security? The document does not include standards for physical devices or computer hardware architecture or physical architecture related to the actual airport security equipment. Instead, the open architecture being proposed offers the airport industry the following advantages:
- Improve standardization and interoperability.
- Opportunity for increased innovation and providing operators with the ability to select from a far broader range of systems from a broader range of suppliers to meet operational requirements.
- Faster, more efficient and more flexible means of adapting and responding to emerging threats and technological advances.
- Improve operational, business and procurement efficiencies, resulting from the step change in flexibility offered by open architecture allowing rapid changes to screening equipment, aligning with the threat landscape and demands on resources.
- Improve security and cooperation between airport operators and regulators, this will be enabled by standardized and interoperable interfaces across security systems and business management tools assuring data quality and common testing methodologies by authorities and organizations.
- Reduce through-life costs associated with complex system integrations due to existing bespoke solutions.
- Implement the necessary foundations for data and outputs to become more easily accessible and supply data analytics and machine learning/artificial intelligence applications. These methods are expected to improve the utilization and optimization of corporate resources to assist airport operators and regulators, customers and improve passenger experience.
The areas of open architecture in the aviation security context include readily sharing data, monitoring of security screening equipment, end-user administration and cybersecurity.
The document sets out broad guidelines for how airport security systems can share data and how airports can work with partners to provide a path forward for new innovative software developers to help defeat terrorism. Examples include the ability to dynamically switch from one detection algorithm to another to enable the detection of different threats and items of interest to other agencies, e.g. for the detection of drugs, currency and wildlife.
In terms of cybersecurity, airports currently have their own standards that if implemented properly would meet many of the security standards suggested in the joint TSA and Airports Council International Cyber Requirements, however they do not operate single systems to govern these. Each of these systems consequently provides IT security with a view of environment security from different perspectives and does not necessarily provide overarching coverage.
The new open architecture paper also sets out 18 requirements for vendors, to be seen as a minimum baseline to ensure safeguards are in place to protect data and reduce the risk of compromise when developing new innovations and when proposing technology for screening purposes. These requirements include audit and accountability, access and password control, and data at rest encryption.
The paper proposes a number of features of open architecture for airport security systems, including common hardware and software components to the maximum extent possible. It adds that non-common components or non-standard interfaces shall require a waiver from the working group/responsible authority – Airports Council International (Europe) will chair this body and act as the custodian.
In addition, standard interfaces should be the norm, allowing user definable interfaces where no standards exist or are not applicable. And interoperability should be assured by providing standard interfaces between multiple systems, avoiding a single manufacturer environment.
Launching the paper, David Pekoske, TSA Administrator, John Holland-Kaye CEO, Heathrow Airport, and Olivier Jankovec, Director General of ACI EUROPE issued a joint statement: “The key to our success is the shared ability to collaborate across the public, private and academic sectors. It is through these partnerships that we bring the best technologies and brightest minds together and rise to the collective challenge of outmatching a dynamic threat”.