INFOCUS Safety & Security Aviation industry insights - Airspace protection Cyber resilience Baggage screening - Inflight
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
INFOCUS 2021 Safety & Security Aviation industry insights Airspace protection • Cyber resilience • Baggage screening Pilot training • Video surveillance • Cabin air quality Flight data monitoring • Passenger wellbeing An HMG Aerospace publication
Welcome to INFOCUS Safety & Security 2021 I t is hard to imagine how the world could have thrown more at physical distancing measures have all been rolled out at speed in the aviation industry over the past year. Aviation has been hit response to the COVID-19 crisis. hard by the global pandemic with safety and security having to It’s important to remind ourselves, however, that while the global adapt and evolve at pace in order to meet new challenges that pandemic has thrown up a whole new set of safety and security challenges threaten to disrupt the industry. Photos of grounded aircraft might for aviation, terrorist strikes, geopolitical posturing, cyberattacks, remain etched in our memory, but behind the scenes, airports, mechanical faults, disruptive passengers, data breaches and airspace airlines and the rotorcraft community have remained open and protection remain at large and continue to threaten to disrupt the operational with staff and passenger safety and wellbeing at the industry. However, if the last year or couple of years has taught us forefront as stakeholders have worked hard to cater for passenger anything, it is that aviation has proven itself to be a resilient, flexible and and cargo traffic and to keep critical supply chains functioning. vigilant industry. Across the aviation sector, stakeholders have had to adapt their The appetite for air travel certainly hasn’t waned. There is huge pent-up services and products to mitigate the risk of disease transmission, demand signalling that air travel will return to 2019 levels in the coming while meeting the constantly evolving security needs of air travel. years. And as we find out in this issue, aviation’s safety and security sector Antimicrobial technology, contactless kiosks and payment systems, continues to adapt at pace to ensure that passenger confidence is restored cleaning robots, sanitising booths, COVID testing facilities and and that aviation’s recovery is as strong, safe and secure as possible. Contents 20 Air Partner 4 In brief Building safer skies through investments in training Short stories and insights on safety and security 22 Teledyne Controls across the airport, rotorcraft and airline sectors Addressing potential issues with cabin air quality 10 Argus 24 Spidertracks Securing airborne modems from cyberattacks Making flight data monitoring accessible to all 12 Rapiscan Systems 26 Avion Group Future proofing baggage screening requirements The post-pandemic role of quality upset training 14 Rapiscan Systems 30 Galgus Dr Richard Piggin reports on airport cyber resilience How MAC randomisation disrupts Wi-Fi connectivity 17 carbonbased aviation 32 Dallmeier Understanding human-centred flying expertise Improving airport security through camera technology EDITORIAL MANAGEMENT Editor / Chloë Greenbank Publisher / Mark Howells chloe@hmgaerospace.com Director / Becky Howells publishing@hmgaerospace.com HMG Aerospace Ltd, Cody Technology Park, First Floor Building A8, Articles and information contained in this Suite 1038, Ively Road, Farnborough, Hampshire, GU14 0LX, ADVERTISING SALES United Kingdom Tel: +44 1252 545993 publication are the copyright of HMG Aerospace Sales Manager / Toby Walton Ltd and may not be reproduced in any form www.hmgaerospace.com toby@hmgaerospace.com without the written permission of the publisher. © HMG Aerospace Ltd, 2021
INFOCUS SAFETY & SECURITY In brief A round up of short stories and insights covering safety & security across the fixed wing, rotorcraft and airport sectors Lithium batteries algorithm enhances Increased demand cargo and baggage screening for security screening solutions As the primary power With airports starting to scale up source for personal and operations following the global portable electronic devices, pandemic, Redline has noted an consumer demand for increased demand for its security lithium batteries is growing solutions, including its X-ray threat exponentially. However, image recognition training (TIRT) these batteries are system, as well as its digital Security classified as dangerous Management System (SeMS). Phil goods posing a significant Forster Managing Director at Teesside safety threat during flight International Airport, which has because of their potential partnered with Redline to deploy its to ignite. Since January SeMS, commented: “Digital SeMS is a 2006, a total of 310 welcome enhancement that will help us incidents of smoke, heat, to manage and improve our security fire or explosion involving performance.” And with safety and lithium batteries in air cargo or hold security standards at the top of baggage have been recorded. In response to “Harnessing the power of deep learning is aviation’s agenda, Air partner, which this concern, Smiths Detection has launched crucial in further developing object owns Redline, has also launched its a lithium batteries algorithm for its dual- recognition algorithms. This new technology newly branded National Safety & view air cargo and checked-baggage has been developed by working with our Security Academy (NSSA) in Doncaster. screening system – the HI-SCAN 10080 customers to capture thousands of X-ray NSSA’s new name reflects the fact that EDX-2is. The algorithm provides automatic images to then be analysed by the new the academy now also provides Baines detection of lithium batteries in all freight algorithm so it can learn to detect lithium Simmons safety training in addition to and baggage screened for explosives by the batteries based on shape,” said Richard Redline’s security courses. HI-SCAN EDX-2is, thus reducing the burden Thompson, Smiths Detection’s Global To find out more, turn to page 20. on image analysts with low false alarm rates. Director Aviation. Strengthening commitment to FBO safety Cementing its position as a leader in offered free to all Paragon Aviation’s FBOs advancing safety within the fixed-base throughout 2021. Describing safety as “far operator (FBO) industry, the Paragon more than a buzzword for a Paragon Aviation Group has committed to funding member FBO,” Megan Barnes, President of a safety programme for all 100 FBOs in its Paragon Aviation Group, added that the global network. The Online Safety Officer “Paragon Network’s emphasis on safety is (OSO) Programme provides industry- an investment in our members’ success, and leading safety communication, training the consistent, safe handling of customers and regulatory compliance through their and their assets when visiting a Paragon monthly safety meetings and is being FBO location.” 4
SHORT STORIES AND INSIGHTS Changi Airport Group upgrades security Time out with... system project Thomas Romig, ACI World Vice President Safety, Security & Operations, on how safety and security remains a top priority for airports despite the pandemic. How has the global pandemic impacted increased number of global cyberattacks safety and security operations for the that we have seen throughout the global airport community? pandemic, has more recently pushed the Throughout the pandemic, the safety and topic up on airports risk registers. security of the aviation system has remained Due to this, airports have taken numerous Genetec, a leading technology provider of a top priority for airport operators. Due to actions to ensure cyber resilience of their IT unified security, public safety, operations the lower levels of aircraft and passenger systems and infrastructure and avoid the and business intelligence solutions has been traffic, as well as the restrictions potential disruptions that would occur from tasked with enhancing and upgrading implemented by health authorities, airports a cyberattack. Singapore’s Changi Airport Group’s security have had to continuously adapt their system. The three-year project, which was operational practices and training processes How does ACI’s Airport Health announced in early 2021 is expected to be to ensure that new requirements are Accreditation demonstrate that an complete by the end of 2023. It will see reflected in operations and airport staff are airport is prioritising health and safety Genetec Security Center, a unified security adequately trained and demonstrate in a measurable manner? platform that blends IP security systems competence in the applicable procedures. The ACI Airport Health Accreditation within a single intuitive interface, Even with the lower levels of operations, provides a recognition of the application of underpinning the airport’s security and in some cases staff furloughs or recommended health measures by airport operations, with a specific focus on the video adapted shift plans, airports have operators. It is based on the International surveillance system across its terminals. implemented measures to manage human Civil Aviation Organization (ICAO) Health performance risks while returning to recommendations, that have been operations. These include measures such developed by the World Health as increased training, communication Organization (WHO), State Regulators and campaigns, shift start briefings and industry, and integrates the European adapted rostering. Union Aviation Safety Agency (EASA)/ European Centre for Disease Prevention With demand for contactless services on and Control (ECDC) Aviation Health Safety the rise, how have cyber risks evolved to protocols. threaten the security of airports? The programme helps airports to verify The digitalisation of airport systems, that they have applied these initiated before the pandemic, had already recommendations appropriately and is moved cyber security up on the priority list therefore providing a safe environment for for airports. In conjunction with this, the the traveling public and airport staff. 5
INFOCUS SAFETY & SECURITY The risk of bird strike Reliable ATC communications integral While the risk of bird strike is not new to to airspace safety either fixed-wing aircraft or rotorcraft, the While the chaos of COVID has turned the (Aerocivil) has selected CERTIUM VCX from reduction in flying activity in some areas industry on its head and led to an increased Rohde & Schwarz to be installed at 36 has led to an increase in the number of birds focus on hygiene and wellbeing within the airports. All systems are expected to be in certain locations where helicopters airport and the aircraft, it’s all too easy to delivered by the end of 2021 and consist of regularly operate. Both the European forget the effect the global pandemic has had compact IP-based voice communications Aviation Safety Agency (EASA) and the on air traffic control and the technology that system (VCS) equipment and certified Federal Aviation Administration (FAA) have supports this sector. To help improve air training, management and maintenance observed an increased reporting of bird traffic management (ATM) in Colombia, the software. “We have a long-lasting, successful strike occurrences on helicopters, elevating Civil Aviation Authority of Colombia relationship with our Colombian the risk of serious or fatal injuries to administration,” said Mauricio Samudio, occupants as well as substantial damage to General Manager, Rohde & Schwarz rotorcraft. To address this concern, EASA Colombia S.A.S, commenting on the has published an updated safety partnership. “This allows us to support information bulletin to address bird strike Aerocivil’s digitalisation roadmap with risk mitigation in rotorcraft operations. The solutions that allow them to continue safe bulletin recommends: a robust Safety operations and reliably meet future Management System whereby bird species challenges. Covering the area from the living on or near an airfield are identified Colombian Caribbean all the way to the and their behavioural habits monitored; Amazon rainforest, this contract is a rotorcraft flight manual’s should also be milestone for air traffic control in the revised to include a section dedicated to region,” he added “Operations in areas with high bird concentration”; pre-flight planning should take into account regional or seasonal migratory patterns, as well as feeding and Marking a milestone for helicopter fuelling roosting habits and aircrew should plan June 2021 marked a milestone for the used cooking oil. Commenting on how flights at the highest level practicable and at helicopter community when an Airbus ADAC Luftrettung wants to be a pioneer in a minimum of 2,500 feet; transits over areas H145 rescue helicopter, operated by reducing CO2 in emergency medical of wetlands and inland water areas such as ADAC Luftrettung, flew with sustainable services with cleaner, greener fuel, Frédéric lakes and ponds should be avoided and aviation fuel (SAF) for the first time. Bruder, Managing Director, said, coastlines should not be crossed at 90 Supplied by TotalEnergies, the fuel used “Importantly, SAF is an officially approved degrees. However, where helicopters are for the first rescue helicopter flight (which fuel, which means that flight and patient obliged to operate in areas of bird was refuelled in Munich) was made from safety remain at the highest level.” concentration, crew are advised to use taxi and/ or landing lights in a continuous mode during sunny conditions and at night. They should also utilise personal protective equipment consisting of a helmet and visor and if operating at low level, pilots should reduce airspeed when practical. 6
SHORT STORIES AND INSIGHTS Time out with... Peter Möller, Chairman of the European Helicopter Association (EHA), shares the views of EHA members, offshore operators and OEMs on how the global pandemic has affected safety and security for the rotorcraft sector. oil prices there has been a reduction in the How will the rise of electric vertical take- amount of flying hours by the energy off and landing vehicles (eVTOLs) and companies and therefore a correction across unmanned aerial vehicles (UAVs) impact the offshore fleet in the amount of assets safety and security for the rotorcraft flying. There has also been consolidation of market going forward? some of the larger helicopter operators Working together with the European Union resulting in fewer flights. Aviation Safety Agency (EASA) on numerous As we come out of the pandemic, there activities as well as working groups, we are Do you think it’s fair to say the appears to be a slight rebound in flying hours confident that future regulations and rotorcraft industry has continued to for oil and gas, but not uniformly across the technology will allow the safe and secure grow despite the pandemic? global sector. Therefore, the oil and gas simultaneous operation of eVTOLs and While we wouldn’t say the rotorcraft segment of the industry has not seen growth, manned and unmanned aerial vehicles in sector has grown during the pandemic, it and anecdotally will more than likely see a the same airspace. As well as technological has on average held its position compared return to pre-pandemic flying rates by 2024. means this will also be achieved through to the pre-pandemic situation and is very However, the renewable energy sector, i.e. the development of new regulatory much diversified. Some sectors like the windfarms, is anticipating relatively robust requirements, including Unmanned airspace Helicopter Emergency Management growth over the next five years. or U-space. Services (HEMS) sector have remained quite stable regarding mission numbers As a result of COVID-19, how are How is EHA committed to creating a safe and in some cases have even seen an helicopter manufacturers looking to and efficient operating environment that increase in numbers. adapt their aircraft to ensure safe is economically viable for the rotorcraft Other sectors, like training operations for a post-pandemic community? organisations, have had to close their landscape? EHA fully supports the Green Deal initiative activities for some months but are now During the pandemic manufacturers of the EU. Recently our members Airbus slowly starting to pick up again. provided support and information to their Helicopters and SAFRAN presented the first Meanwhile, in some areas, such as the operators and authorities on how to better HEMS helicopter flying with a blend of construction industry, aerial work and more safely conduct operations in a sustainable aviation fuel (SAF). We operators might have experienced an pandemic scenario. Generally speaking, appreciate these exciting developments and increase in business but may be afraid of a however, they design, build, improve their look forward to further new technologies. future decline due to a reduction of products (they have developed different However, similar to other industry sectors, budgets for new infrastructure. means of protection between the cockpit we need to make sure that the transition to From an offshore perspective the and the cabin) and support their customers a green sky will be supported with industry has continued to support vital and operators with the aim to ensure safe measures and within an acceptable timeline offshore work during the pandemic, both operations regardless of the pandemic or to allow the VTOL industry to go through with renewable energy and oil and gas. post-pandemic scenario. This is a continuous this transition in a way that’s economically Due to the pandemic and heavily reduced and normal process for them. viable, as well as safely and securely. 7
INFOCUS SAFETY & SECURITY Airspace protection Seating designed Unmanned aerial systems (UAS) were to protect the future of drones and to perform and already booming long before the pandemic. However, COVID-19 has autonomous flying vehicles. The system will protect communications from protect certainly spurred on the evolution of potentially devastating cyberattacks drone delivery services. According to while increasing overall confidence in ANGOKA, a Belfast cybersecurity start-up, drone technology. Dr. Saba Al-Rubaye, drones are poised to become ubiquitous Senior Lecturer in Autonomous and devices, with companies such as Wing and Connected Systems and Project Lead at Amazon already exploring this market. Cranfield University, explains: “We’re However, for drones to truly take-off there very pleased to be working on this needs to be a way of ensuring that the exciting project to protect communication communication crucial to controlling and systems for controlling drones in flight flying drones is protected. Securing drone and ensure they are able to safely communication ensures that national complete their missions, while also infrastructure, such as airports and protecting the environments around While there are many contactless mobile towers, are also protected. them. There is huge scope for drones and solutions rolling out to make the ANGOKA has partnered with Cranfield unmanned aerial vehicles to transform air passenger journey as touch-free and university and Connected Places Catapult transport activities and services – this hygienic as possible, there is one area to develop the Unmanned Aircraft project will help to harness that potential of flying where contact cannot be Systems Authentication System (UASAS) in a safe and secure way.” avoided – aircraft seating. MGR Foamtex is one of several new partners using antimicrobial technology in its materials for aircraft seats, upholstery and interiors to make the cabin as safe as possible. The upholstery manufacturer, which specialises in premium cabin seating, has partnered with Addmaster Holdings (a subsidiary of Polygiene) for the use of its antimicrobial Flight safety support service technology. Laboratory testing using MGR SafeWall and real aircraft cabin revolutionises flight data monitoring products has demonstrated efficacy of 96.8% against SARS-CoV-2. “The Having launched its Flight Safety Support statistical models and machine learning. aircraft and airline industries are Service in June 2021 as a new offering to its All data is aligned and tailored to each actively working to adapt to the new advanced web-based flight data monitoring customer’s defined safety operating normal when flying will be frequent platform, L3Harris Technologies’ Flight Data procedures. As the launch customer for again. MGR Foamtex is one of several Connect will provide expert analysis and L3Harris’ new service, Norwegian start-up new partners supplying antimicrobial investigation capability enabling airlines to airline, Flyr AS, is excited to be working with materials for aircraft seats, upholstery focus on safe operations. Rob Holliday, L3Harris. Noting how it “can now safely and and interiors to make the cabin as safe former Head of Operational Safety at the effectively coordinate the Flight Data as possible. This is an area where we International Air Transport Association Monitoring for its fleet,” Tom-Arild Bogstad, anticipate an increased demand for (IATA), will lead the analysis provided to Director Safety & Compliance at Flyr AS, this kind of functionality going airlines. The data the new service will added that “L3Harris’ expert analysis and forward,” says Ulrika Björk, CEO of analyse will provide fast, accurate mapping investigation capability will enable Flyr to Polygiene. of flights in graphical and 3D formats, with release pilots from the office and drive our specific actionable insights generated by safety operations.” 8
SHORT STORIES AND INSIGHTS Time out with... Martin Maurino, Technical Officer, Global Aviation Safety, ICAO, on the primary challenges in safety planning for the aviation community. safety risks through the assistance of regional should use the roadmap to develop specific aviation safety groups as well as regional SEIs to support the strategy presented in coordination. Consistent with the United their national and regional aviation safety Nations’ 2030 Agenda for Sustainable plans respectively. The use of the global Development, the vision of the GASP is to aviation safety roadmap as the basis for achieve and maintain the aspirational safety regional and national safety planning goal of zero fatalities in commercial enhances coordination, thus reducing operations by 2030 and beyond. The GASP inconsistencies and duplication of effort. What is the purpose of ICAO’s Global includes the global aviation safety roadmap, Aviation Safety Plan? which serves as an action plan to assist the What are the primary challenges and The Global Aviation Safety Plan (GASP, aviation community in achieving its goals priorities in safety planning for the Doc 10004) sets forth ICAO’s safety through a structured, common frame of aviation community following the global strategy, which supports the prioritisation reference for all relevant stakeholders. pandemic? and continuous improvement of aviation The COVID-19 pandemic has highlighted safety. Its purpose is to continuously What are the key principles of the global the need for safety plans to consider the reduce fatalities, and the risk of fatalities, aviation safety roadmap? different impacts of disruption events on by guiding the development of a Two key elements need to be included in aviation. A disruption event is a rare yet harmonised safety strategy and the aviation safety planning: very significant event at a global, regional implementation of regional and national 1. A strategy – What is to be achieved by a or national level, which adversely impacts aviation safety plans. plan. This includes the analysis of aviation. Disruption events affect operators, challenges, the definition of goals and aerodromes, air navigation service How does the 2020-2022 edition differ targets, and how to measure the providers, safety and security agencies and to the previous edition? achievement of these goals and targets other industries dependent on aviation. The 2020-2022 edition of the GASP 2. An action plan – How the goals and targets Disruption events, such as the COVID-19 maintains some key elements from its defined in the strategy will be achieved. pandemic, are not typically aviation-centric previous edition, such as goals for States to The GASP document contains the global but have significant impacts to aviation improve their effective safety oversight safety strategy. The global aviation safety operations. During these past 18 months, capabilities and to progress in the roadmap serves as an action plan to assist the we have seen the need for States to develop implementation of State safety aviation community in developing aviation resiliency measures to respond effectively to programmes (SSPs). Main changes in the safety plans, in line with the GASP goals, disruption events. These include plan include new goals and targets for through a structured, common frame of communication and coordination plans States, regions and industry, as well as reference for all relevant stakeholders. The with various stakeholders at the national, tools to measure States’ safety oversight global aviation safety roadmap outlines regional and international levels. To the capabilities. This edition also recognises specific safety enhancement initiatives (SEIs) extent practicable, States should share and the importance of safety risk analyses at associated with the GASP goals and targets. communicate hazards that may develop national and regional levels. It incorporates Each SEI includes a set of actions that into disruption events. guidelines and a structure by which States, stakeholders may use to develop and The GASP will be updated to provide groups of States, or entities within a region implement specific action plans. States and high-level guidance to assist States with identify hazards and mitigate operational regions, in collaboration with industry, responding to these events. 9
BRITISH AIRWAYS INFOCUS SAFETY & SECURITY One step ahead: Securing airborne modems from cyber attacks Constant connectivity while in the air has become the norm for entertained, or take advantage of other passengers, however airborne modems as a standard component internet functionality. • Having compromised the modem, attackers of IFC present a new threat for airlines and their passengers. Argus can gain access to other onboard experts report on this easy entry point for attackers and how to components, such as Crew Terminals or the mitigate this risk. Cabinet Management System. This can invite disruption of key cabin functionality: For airline passengers, the ability to misappropriating passenger information. lighting, the PA system, cooling and browse the internet, stream content, and text For example: heating, and so on. while in the sky just as you would on the • Compromised modems can provide These are just a few ways in which a ground is no longer just possible; it is attackers with access to a passenger's compromised airborne modem can expected. And for airlines, as for other private information, exposing the significantly diminish the customer industries, an excellent customer experience passenger to a myriad of problems in the experience, as well as the reputation of both is key to customer retention and ongoing future. Simultaneously, the airline is liable airlines and manufacturers. customer value. to GDPR fines and legal action. However, by making airborne modems a • A Denial-of-Service attack can disrupt EASY ENTRY POINT FOR ATTACKERS standard component of In-Flight Connectivity internet connectivity, disappointing Aircraft modems are an easy entry point for (IFC) systems, airlines have also introduced a passengers who expect to utilise in-flight attackers, with significant weaknesses that new avenue for disrupting operations and internet service to conduct business, be leave modems largely unprotected. [1][2] 10
ARGUS The ARGUS IFEC advantage MULTIPLE INDEPENDENT CUSTOMIZED TO TESTED AND IN PRODUCTION PROTECTION LAYERS YOUR NEEDS IN THE AUTOMOTIVE INDUSTRY THREAT AGNOSTIC EASY TO DEPLOY over-the-air software updates. So even if the ground Security Operations Center (SOC) as problem of patch management is resolved, soon as possible, so that SOC personnel can the ability to rapidly deliver the patch to the act quickly to address security incidents. end-device remains problematic. Filtering events to include only cyber-related incidents can also save bandwidth and money. A MULTI-FACETED APPROACH TO Analyse for cyber anomalies. Once PROTECTING AIRBORNE MODEMS security logs are tunneled to the ground SOC, New regulations require the aviation industry they can be analysed to find cyber anomalies, Aircraft modems to address these issues: “manufacturers and like any other IT system. Smart rules engines operators seeking certification of new can detect anomalies and suspicious events, are an easy entry aircraft systems and networks, or facilitating effective mitigation by the point for attackers, modifications to existing ones, will be manufacturer or operator. required to address threats that can lead with significant to unauthorised access and disruption of END-TO-END AIRBORNE MODEM weaknesses that electronic aircraft system interfaces or PROTECTION information. The European Aviation Safety For the aviation industry, IFC systems are a leave modems Agency (EASA) is proposing the new key component of the customer experience. largely unprotected amendments to address the growing And the customer experience drives market presence of connectivity within modern share and competitive advantage. aircraft network designs.” [3][4] But airborne modems provide a viable Argus has determined that this can be entry point to aircraft, exposing airlines to accomplished most effectively with a multi- significant risk. In the Argus lab, we have faceted approach: identified a wide range of modem Some of these weaknesses can be attributed Extend the secure boot. The ability to vulnerabilities and developed powerful to the use of Commercial Off-the-Shelf detect and prevent unauthorised code from solutions for mitigating these risks. Our (COTS) hardware and software components, running on the modem is critical. Some modem on-board modem hardening suite and secure especially with regard to patch management manufacturers implement a secure boot, which log collector agent, plus our off-board fleet and the aviation industry's long production detects tampering with boot loaders, key protection system, provide end-to-end and update cycles. operating system files, and unauthorised option modem protection to effectively minimise the For example, when vulnerabilities are ROMs by validating their digital signatures. But vulnerabilities that cyber attackers can discovered in a COTS component, the a more effective solution is to extend the secure exploit. At Argus, we are committed to component manufacturer must issue a patch boot to the entire runtime system and to equipping aviation with the tools needed to and propagate it up the supply chain. The validate each executed file and script, allowing maximize technology, while minimising risk. modem manufacturer is therefore dependent only vetted code to be executed during the on the component manufacturer for the patch modem operation. Links to sources quoted in article and is unable to issue a patch on its own. Limit user access. Restrict access to [1] https://ioactive.com/a-wake-up-call-for-satcom-security/ Additionally, given lengthy production cycles sensitive system resources by managing the [2] https://ioactive.com/wp-content/uploads/2018/08/us-18- and evolving threats, design choices that Mandatory Access Control (MAC) in a Santamarta-Last-Call-For-Satcom-Security-wp.pdf were originally considered secure may supervised manner, allowing only privileged [3] https://www.aviationtoday.com/2019/03/01/easa- proposes-new-aircraft-cyber-security-certification- become security risks by the time a product is users to access them. amendments/ released. And unlike the IT industry, aviation Collect and continuously analyse system [4] https://www.easa.europa.eu/sites/default/files/dfu/ does not commonly utilise rapid, remote security logs. It is vital to tunnel logs to a NPA%202019-01.pdf 11
BRITISH AIRWAYS INFOCUS SAFETY & SECURITY The 920CT scanner allows passengers to leave liquids and technology, such as laptops, in their carry-on luggage during the baggage screening process. It’s all in the bag Baggage screening solutions are integral to aviation safety and Inspection and Resolution (OSIR) for the operator, reducing the need to open and security. Rapiscan Systems reveals how it has worked with Avalon manually search bags for contraband. The Airport in Australia and Oslo Airport in Norway, to adapt its technology complex software is fully upgradeable, and future-proof both airports’ baggage screening requirements. effectively future-proofing the 920CT for evolving requirements. R ising to meet a challenge is what during the baggage screening process. The EFFICIENT BAGGAGE SCREENING business is all about. Complex 920CT has been installed at Avalon Airport, In addition, it has been engineered to challenges are beneficial to any Melbourne, where CEO Justin Giddings said integrate seamlessly with Rapiscan’s Tray company, providing learning opportunities of the system, “This means that going Return System (TRS) solution to create a and a means to demonstrate expertise through security is a smoother exercise with more efficient checkpoint experience for and innovation. less contact.” passengers and staff. The employment of Rapiscan Systems is in the business of The 920CT is equipped with advanced Rapiscan’s 920CT with the integrated TRS, meeting such challenges, particularly in software and detection algorithms. It can Metor 6S High Sensitivity Metal Detector and regards to security and efficiency. The register threats quickly and make decisions Itemiser 4DX Explosive Trace Detection 920CT scanner is no exception, allowing based on what it sees. The 3D volumetric systems has boosted Avalon Airport’s passengers to leave liquids and technology, imaging is superior to 2D systems as it capabilities, enabling it to operate as a truly such as laptops, in their carry-on luggage allows for a higher degree of On-Screen international airport. 12
RAPISCAN SYSTEMS RTT110 EDS System was adopted by the forward-thinking team at Oslo Airport. Rapiscan designed a unique water-cooling solution that would allow the RTT to align with the airport’s eco-approach to operations. “Achievement of this detection standard sizeable undertaking at an early stage of demonstrates our commitment to pursuing experience installing the RTT in the field. the highest regulatory approval standards to Steve Revell, Senior Director of Aviation CT meet the needs of our customers,” says Mal at Rapiscan, reflected that the project was a Maginnis, President of Rapiscan Systems. key step for the RTT. “The first major airport “We look forward to bringing this innovative in Western Europe to take on the RTT was screening solution to more customers around Oslo Airport. It’s a prestigious and forward- the world.” thinking airport, and the operators were not afraid to take pioneering risks.” SUSTAINABLE SECURITY SCREENING In response to Oslo Airport’s commitment Rapiscan Systems applied a similar approach to environmentally responsible construction, to navigating unique challenges when Rapiscan designed a unique water-cooling installing the RTT110 EDS System in solution that would allow the RTT to align Oslo Airport not only required a bespoke partnership with Oslo Airport. The first with Oslo’s eco-approach to operations. approach in terms of product design but also challenge was the creation of a propriety process implementation – recurrent Level 4 water-cooling system that worked in BESPOKE SOLUTION image analysis. conjunction with the airport’s green Rapiscan worked with its suppliers to develop As baggage travels through an airport, it is initiatives, and the second, to provide an a solution that met the airport’s requirement subjected to multiple levels of security additional level of security screening that to use reclaimed snow, which is melted down screening, both by human operators and operated in parallel to the existing baggage and pumped around the airport. A redesign computer algorithms. Oslo Airport required screening process. to integrate this unique water-cooling an extra level added to the normal ‘flow’ of The Oslo Airport project commenced concept into the RTT system created a final screening. “If a Level 3 operator rejects a bag, during a formative time in the RTT’s history. product that is considerably more robust than it goes into a Level 4 area within the BHS “We had a machine that was very much in its earlier iterations. Rapiscan is currently the (Baggage Handling System) of the airport,” infancy, that still had its fair share of teething only company that can provide the RTT as an explains Craig Chitty. “It shows up on a problems,” explains Craig Chitty, Head of externally water-cooled or internally cooled screen. It is a concept of operations that we International Aviation Programmes. It was a air-conditioned system. don’t employ in any other airport even now. It is still very unique to Oslo.” The aviation industry thrives on partnerships, on service providers working to To this day, we are the only company that meet challenging requirements through can provide the RTT as an externally innovation and cooperation. Taking a technology that was, at the time, still in its water-cooled system, or an internally infancy and working to adapt this technology cooled air-conditioned system. to a stringent set of requirements is a clear example of Rapiscan’s dedication to working Steve Revell Senior Director with its partners – a commitment the of Aviation CT at Rapiscan company makes to every project. More from Rapiscan Systems overleaf. 13
INFOCUS SAFETY & SECURITY Protecting against a cyberattack Rapiscan Systems’ Cybersecurity Lead, Dr Richard Piggin, that one hour of disruption in a large airport reports on airport cyber resilience and managing supply could cost more than €1 million at peak operating times (ACI, 2019). In the UK, 75% chain risk for the airport sector. of large organisations identified and reported a cybersecurity incident in the last 12 months (DCMS, 2020). The ACI 2020 A COVID-19 pandemic report indicated that irport safety and security have Operational Technology (OT) operates 61.5% of airports had experienced targeted converged, with cybersecurity critical airport functions. attacks. becoming an increasing and enduring Cybersecurity is the responsibility of the The airports’ trade association Airports focus. The introduction of the European entire organisation, and effective Council International (ACI), highlighted Network and Information Systems (NIS) cybersecurity relies upon the leadership and potential impacts to airports from a Directive underlines the necessity for airports support of the airport’s management team. cybersecurity incident in the Cybersecurity for to actively manage cybersecurity risk. Airport Executives guidance (ACI, 2019): Cyber resilience involves more than THREATS TO AIRPORTS AND IMPACT security, according to the World Economic ON OPERATIONS • Operational disruption – This may include Forum. It requires focus on protecting critical Cyberattacks or compromises can disrupt passenger-facing systems such as flight functions, not just assets (WEF, 2020). airport operations and interfere with information displays; airline check-in What’s more, it is not merely an IT issue; systems (ACI-RASC, 2019). It is estimated facilities; departure-control systems; and 14
RAPISCAN SYSTEMS The US National Security Agency (NSA) and The Directive creates four high-level the Cybersecurity & Infrastructure Security objectives: Agency (CISA) recently published an alert • Appropriate organisational structures, recommending critical infrastructure policies, and processes to understand, organisations take immediate actions to assess and manage risks. secure their operational technology assets • Proportionate security measures to protect (NSA and CISA, 2020). essential services and systems. The NSA and CISA alert provided details of • Capabilities to ensure defences remain recently observed cyber threat activities and effective and detect cybersecurity events. their impact upon operational technology: • Capabilities to minimise the impacts of a cybersecurity incident on the delivery of RECENTLY OBSERVED TACTICS, essential services, including the restoration TECHNIQUES, AND PROCEDURES of services. It is estimated that • A highly targeted bespoke email (spear The UK National Cyber Security Centre phishing) to launch malware on a victim’s (NCSC) has produced comprehensive one hour of computer and obtain initial access to the guidance for NIS Directive implementation disruption in a large organisation’s information technology and self-assessment (NCSC, 2020). network, before transitioning to OT airport could cost systems. MANAGING CYBERSECURITY RISK more than ¤1 million • Deployment of commodity ransomware Cybersecurity needs to be addressed from to encrypt data for impact on both IT and inception, progressing through every stage of at peak operating OT networks. system design, development and operation times (ACI, 2019). • Connecting to remotely accessible systems until the system is retired. Airports should without user account or password consider suppliers that have a similar authentication. commitment to cybersecurity. • Using common network protocols to According to ACI (ACI, 2019), supply chain communicate with devices and download risk assessment practices should include the modified programs. following activities: • Use vendor engineering software • Supply chain risk management processes. security systems, and baggage systems or and program downloads. • Suppliers and third-party partners operational control systems. • Modifying device/system programs and identification and risk assessment. • Economic impact – Financial information configurations. • Ensure procurement measures meet theft or fraudulent transactions are cybersecurity programme objectives. common cybersecurity crimes. FedEx’s IMPACTS • Suppliers and third parties are routinely European TNT operations were disrupted • A loss of availability of the system. assessed and evaluated. by NotPetya, estimated losses and recovery • Partial loss of view for human equipment expenditure were expected to exceed $500 operators who are unable to view million (Piggin, 2018). performance displays or interact with a • Reputational damage – Loss of proprietary system. information can often have an impact on an • Loss of productivity and revenue. airport’s business reputation and stakeholder • Adversary manipulation of control and trust. The loss of a USB memory stick, disruption. containing over 1,000 unencrypted sensitive files, by a Heathrow airport employee in CRITICAL INFRASTRUCTURE & EU 2017 was widely reported in the press. NETWORK AND INFORMATION SYSTEMS • Legal consequences – Data protection and (NIS) DIRECTIVE This article was contributed by Dr Richard privacy laws require management of the The NIS Directive has concentrated airport Piggin EngD CEng MIET MBCS, Rapiscan’s security of all personal data and the executives’ attention on cybersecurity and Cybersecurity Lead. Rapiscan Systems is a leading provider of security inspection retention of security information. resilience, with a potential maximum solutions, with more than 100,000 products Compromising this data can have legal €20 million penalty for operators of installed in more than 170 countries. consequences. essential services. 15
human-centered flying expertise™ Airmanship - Six Airmanship Traits™ Flight Discipline Decision Making Pilot Monitoring Commander Safety-II Human Factors Resilience Engineering carbonbased aviation provides holistic, customizable, scalable and effective solutions to its clients via programs consisting of fully interactive workshops and presentations as well as integrative processes consultancy, where operations, training and safety departments can be streamlined to benefit from the latest tools and methods. We enhance the human performance and its interface with highly complex systems in the aviation industry www.carbonbasedaviation.com
CARBONBASED AVIATION Human-centered flying expertise Complexity in socio-technical systems, such as aviation, has Although there is a resurgence of classic CFIT accidents, there is a noticeable rise of increased in the last few decades. Have the human factors, WEIRD events (Prof. Patrick Hudson’s training and safety processes kept pace with the changes? acronym for Wildly Erratic Incident Resulting C in Disaster). They do not follow a linear lassic causation models such as linear. Other accidents and serious events progression and have a non-deterministic Reason’s “Swiss Cheese” can be indicate that adding complex technology to a nature. As the industry continues to improve, inadequate in portraying the heavy population of pilots that has been suffering a these events will constitute the bulk of interaction and complexity of today’s air continuous deterioration of skills and accident causation. transport system. airmanship, is a bad mix. Until future To meet these challenges, pilots may need The accident report of a Boeing 737 loss of autonomous flying machines become an to adapt or invent procedures when needed, control in-flight event in Amsterdam (2009) accepted reality, the human element in the by an ad hoc trial and error to solve new and suggests a tight coupling between technology cockpit remains the safety cushion, because of unforeseen circumstances such as the Sioux and the human element. Socio-technical its huge potential to solve complex situations City DC-10 (1989) and the A300 in Baghdad systems are inherently complex and non- that have never been experienced before. (2003), or the A330 fuel contamination event 17
BRITISH AIRWAYS INFOCUS SAFETY & SECURITY The three ages of safety Accident causation has evolved concurrently with the events that shaped the industry and their corresponding literature. From simple linear (Heinrich’s Dominoes) to complex linear (Reason’s Swiss Cheese) and Perrow’s (Normal Accidents Theory) to today’s Functional Resonance (Hollnagel) in tightly coupled systems. in Hong Kong (2010). A robust set of KSA (knowledge, skills and attitudes) needs to be There is no sound Airmanship developed and transferred to the current and the next generations of airline pilots. without strong Flight Discipline foundations. BRIDGING THE EXPERTISE GAP The high reliability of technical systems in the Leonardo Herman, carbonbased aviation, aviation industry has groomed a generation of Founder and Advisor pilots that may have never experienced a serious event throughout their flying careers or, most importantly, had the chance to learn from their own experiences or from others. We have CAN AIRMANSHIP BE TAUGHT? culture based on uncompromised flight become victims of our own success and today, “There is no sound Airmanship without discipline towards sound airmanship and high when a master warning is activated, surprise strong Flight Discipline foundations,” says resilience capabilities. and a pronounced startle effect takes place. Leonardo Herman, carbonbased aviation’s Since “fate was the hunter” (see Ernest K. Founder and Advisor. Flight Discipline is the LOOKING INSIDE AND AHEAD Gann for more), the seasoning of a novice foundation that supports the success of a Another cornerstone of a pilot’s skill set is crew member took place under the auspices Training for Airmanship program. Decision Making. Normative models have of an experienced Captain. Together, this By incorporating specific academic been widely implemented in the last 25 years, robust crew composition walked through the instruction, the Six Airmanship Traits™ entail but naturalistic researchers (Orasanu, Klein) failures and situations that led to a natural specific behavioral markers designed to enable showed that aviation is one of the safe-critical and safe transfer of expertise and the operators, trainers and pilots to develop domains that utilizes naturalistic methods development of airmanship. important skills that support a professional with high degrees of success. 18
CARBONBASED AVIATION *(after Hale, Hovden 1998 and Hollnagel 2014.) Naturalistic Decision Making capitalizes on subconscious processes and rely heavily on pattern recognition and mental simulation. A common saying is to go “back When there is a match, a naturalistic decision to basics”, but are today’s “basics” is usually the output. In a complex world, information is usually partial and incomplete comparable to the past? There is and normative decision-making should be a need to train for higher levels of used to support a naturalistic process. Models and methods should reflect this, by catering airmanship that goes beyond the for a wide range of experiences and expertise, absolute minimum compliance leading to safer and more efficient decisions. required by the regulators. EXTENDED, TAILORED TRAINING Walter Schwyzer, carbonbased aviation, PROGRAMS Founder and Director Traditionally, training regulations reflected the most common and critical maneuvers that technology presented, such as the classic V1 cut. Despite the opportunities that more monitoring end up as part of “crew resource basics”, but are today’s “basics” comparable to flexible training programs such as AQP and, management” training. the past? There is a need to train for higher more recently, EBT present, regulatory Minimum regulatory training is usually levels of airmanship that goes beyond the training remains an absolute minimum an insufficient to meet the higher levels of absolute minimum compliance required by operator needs to do, and the soft skills adaptability required for complex systems the regulators.” describes Walter Schwyzer, required in decision making and effective failures. “A common saying is to go “back to carbonbased aviation’s Founder and Director. 19
The National Safety & Security Building safer skies Academy is endorsed by ICAO as an Aviation Security Through its recently formed safety and security division, find out Training Centre. how Air Partner is investing in the future of aviation safety and security training to make our skies safer. A s operations begin to restart in the consultancy and software solutions, in Safety & Security Academy is endorsed by aviation industry, businesses with addition to training. ICAO as an Aviation Security Training Centre critical training needs are (ASTC). considering how they can address skill fade INTRODUCING THE NATIONAL SAFETY & and ensure ongoing compliance. SECURITY ACADEMY AVIATION SAFETY TRAINING – WHERE IS Throughout the pandemic, Baines The disruption arising from the COVID-19 THE DEMAND? Simmons, experts in aviation safety, and pandemic has led to a new safety and security With a full portfolio of virtual training Redline Assured Security, an internationally landscape, presenting new risks and being offered during the pandemic, over the acclaimed consultancy, have been challenges from all sectors of the industry. To past year, Baines Simmons has seen interest supporting the industry, with a range of respond to the ever-changing needs of the for courses including European Aviation training (offered in-person, online and industry, and in recognition of the combined Safety Agency (EASA) Part-145 – delivered onsite for clients), in addition capability as a division, Air Partner is proud Understanding Requirements for to a comprehensive portfolio of security to have launched the National Safety & Maintenance, remaining consistently e-learning. Security Academy, in Doncaster, South popular, attended by engineers, technicians, The two companies work closely together Yorkshire. It offers an extensive portfolio of management and compliance staff alike. to make up Air Partner’s Safety & Security training courses, across all aspects of safety Practical Skills for Investigators has also division, offering an extensive range of and security. Formally known as the National been in demand, along with EASA Part-21 products and services, spanning quality Security Training Centre (NSTC), run by courses. These courses will all be available assurance, compliance management, Redline Assured Security, The National at the National Safety & Security Academy. 20
AIR PARTNER Vital signs: The Recognition of Firearms and Explosives (RFX) Instructors course has been extremely popular. virtual, in person in the National Safety & Security Academy, at London-based hubs or delivered exclusively within a client’s company. The Air Partner Safety & Security division have worked with the world’s largest aviation organisations to develop and power up their management systems utilising a suite of diagnostic, advisory and training services AVIATION SECURITY TRAINING – facilities for a range of courses from X-ray that are recognised as world leading. As a SUPPORTING THE INDUSTRY’S screener training to quality assurance training. division, they remain on hand to support REQUIREMENTS Each learning area provides access to the most clients as operations begin to resume. Over the last year Redline has seen consistent advanced equipment, encompassing all demand for security training. The most aspects of an airport’s security function from Find out more popular courses are frequently requested to be check-in through to departure. For aviation safety courses delivered in person and include: Aviation hello@bainessimons.com Security Manager – Initial and Recurrent; OFFERING FLEXIBILITY AND CHOICE www.bainessimmons.com Recognition of Firearms and Explosives As lockdown restrictions are eased, Baines Instructors; and Cargo Security. To support the Simmons and Redline are committed to For aviation security courses learning experience, the National Safety & delivering training courses offered to suit a sales@trustredline.com Security Academy provides state-of-the-art customer’s requirements – whether that is www.trustredline.com 21
A breath of fresh air If cabin air quality is Interestingly though, there is no automatic MONITORING CABIN AIR QUALITY compromised, it can have equipment installed on board most aircraft Teledyne ACES™ (Aircraft Cabin Environment today to accurately monitor and measure the Sensor) is the first FAA-certified solution to serious repercussions for air quality in both the cabin and the flight address this problem. The project started after operators and their passengers. deck. When an air quality incident occurs, hearing from multiple airlines about Teledyne Controls reveals how understanding what really happened is challenges related to cabin air quality and the ACES has evolved to monitor largely based on human perceptions. For lack of means to comprehensively monitor it. example, the incidents reported are classified The solution, which was specifically designed and address potential air quality by odour type, such as oil smell, electric for the aviation market, leverages extensive air issues and ensure a better, smell, burned smell, etc. which leaves room quality expertise within Teledyne safer flying experience. for subjectivity and often results in the Technologies Incorporated, combined with A inability for the operator to identify the root Teledyne Controls’ core expertise in data lthough cabin air quality on cause for the event. Moreover, events that did acquisition, wireless transfer, and analysis. commercial aircraft is normally very not exceed an established health standard to ACES evolved quickly from concept to good, smoke, odour and fume events be considered harmful, but had strong smell certification in just over two years and is now do happen. When they do, the cost for the or smoke associated with them, may be FAA certified on the 737 with A320 operator can be high, including medical reported, whereas events involving certification expected by the end of Q2 2021. expenses, potential legal fees, cancelled hazardous, but invisible or odorless The system has been installed on a major US flights, maintenance time, insurance contaminants, such as carbon monoxide or Airline and is performing extremely well in a premiums and brand damage. ozone, may occur and remain undetected. variety of on-aircraft and off-aircraft tests. 22
You can also read