Aviation Security: Moving From Strategy to Measurable State

Training analyses are strengthening airport operations through metrics-based performance indicators.

circle_%EF%80%A3-124889-edited

By the Burns & McDonnell Team

The safety and security of an airport can generally be measured by the methods and techniques utilized by a government entity or private agency to protect passengers, personnel, aircraft, and physical and cyberproperty. The emergency response and airport recovery actions are captured in an Airport Emergency Plan (AEP).

Because airports are susceptible to a variety of disruptions — including those that affect operations, cause loss of sensitive data, and create costly recoveries — having an adaptable AEP in place is essential to protecting assets. Effective operational recovery as outlined in an AEP can be gained through continuous training exercises, designed to introduce challenges for each tier of airport operations and public safety management.

Fortunately, there are successful aviation industry training initiatives capable of strengthening the response, recovery and stance of various airport management and security groups by providing metrics-based performance indicators.

 

Read The Article

The safety and security of an airport can generally be measured by the methods and techniques utilized by a government entity or private agency to protect passengers, personnel, aircraft, and physical and cyberproperty. The emergency response and airport recovery actions are captured in an Airport Emergency Plan (AEP).

Because airports are susceptible to a variety of disruptions — including those that affect operations, cause loss of sensitive data, and create costly recoveries — having an adaptable AEP in place is essential to protecting assets. Effective operational recovery as outlined in an AEP can be gained through continuous training exercises, designed to introduce challenges for each tier of airport operations and public safety management.

Fortunately, there are successful aviation industry training initiatives capable of strengthening the response, recovery and stance of various airport management and security groups by providing metrics-based performance indicators.

INTEGRATING TECHNOLOGY

The training methods used today for performance analysis vary across the aviation industry, and some are providing effective feedback during the remedial action process by leveraging artificial intelligence (AI). Ongoing feedback remains a critical part of effective training programs, and intelligent cognitive systems are assisting in providing real-time, AI-driven training assessments. Effective drills producing relative feedback may uncover challenges that are difficult and/or costly to resolve, but the case of knowing where the problems reside is the first step in prioritizing and budgeting for a proactive measure.

Another tool, remedial action processes, helps an agency’s emergency drill planning team to identify and correct problems with the AEP. This process captures information from exercises, post-disaster critiques, self-assessments, audits, administrative reviews and/or lessons learned that may indicate deficiencies within the airport’s ecosystems. Remedial actions may involve the revision of planning assumptions and operational concepts, changing organizational tasks, or modifying organizational instructions with changes to standard operating procedures (SOP). These actions may also include additional training curriculum for an organization’s personnel as well as mandated refresher courses.

CREATING PURPOSE-DRIVEN TRAINING

As part of an organization’s internal cybersecurity training, for instance, managers educate staff about phishing scams, ransomware and appropriate reporting of cybersecurity incidents. Proactive organizations will extend cybersecurity drills to include external agencies, business partners and third-party evaluation services. The goal for cybersecurity training and awareness is to see that these drills become as commonplace as other airport emergency response drills.

The airport emergency drill planning team must conduct training events, exercises and real-world threat assessments to determine whether the goals, objectives, decisions, actions and timing outlined in the plan lead to a successful response. In presenting key metrics produced from the AEP training exercises, Homeland Security and other airport emergency preparedness programs remain invested in the exercise process and can provide justification for budgetary support.

PLANNING AND PREPARING

Participating in airport emergency drills provides critical insight into the level of data being preserved and disseminated during an airport’s emergency response. When it comes to a data integrity emergency, most aviation organizations rely solely on the information technology department to manage data breach responses and outreach to internal and external partners.

Unfortunately, many organizations lack an internal response plan to deal with even minor breaches. For organizations that do create a response plan, the next clear step is resiliency testing. Airport agencies can accomplish this by integrating cyberdrills within their airport emergency training exercise framework. Through drill repetition and AI-driven remedial action analysis, department managers and executive leadership can quickly obtain a measurable state of situational response, allowing the response and recovery efforts to be evaluated for efficiency.

The core of the AI-driven performance analysis will have the following framework:

  • What new alternate courses of action have been identified?
  • What aspects of the action, process, decision or operational timing justify them within the airport emergency response and recovery plan?
  • What aspects of the action, process, decision or operational timing support removal from the AEP?
  • What specific changes to plans and procedures, personnel, organizational structures, management processes, facilities, and/or physical and digital equipment can improve operational performance?

It remains vital that an airport’s emergency drill planning team identify a set of security capabilities, develop objectives around those capabilities and then select exercise scenarios that integrate with the objectives. Identifying the capabilities can benefit all scenarios, both predicted and unpredicted, not just the event being drilled.