A thought experiment in illustrative risks to regional airports and their mitigation. Note: Glasgow Airport is only used as an example. Risks described below are illustrative only and for purely theoretical discussion only.
This paper evaluates (purely in theoretical terms and and as a thought experiment in risk management) aviation security measures in place at Glasgow Airport in Scotland. It sets out key facts about the airport and its criticality within the UK air transportation system. The intent and capability of terrorist organisations to strike the airport are considered, alongside extant security controls and equipment in place to thwart terrorist attack. The state of the art in aviation security is discussed, illustrating protective options that may be available to Glasgow airport to reinforce existing controls. Both passenger and freight transportation security are considered. The relative merits of industry aviation security solutions are examined at a high level in terms of advantages and disadvantages of key equipment and procedures. Using 9/11 and the terrorist attack of 2007 (Brocklehurst, 2017) as inflection points, changes to security measures and procedures at Glasgow are discussed, charting the evolution of aviation security to meet evolving threats. In this context, the suitability and robustness of the security system is evaluated, identifying potential loopholes and weak points that terrorists may exploit. Recommendations focused on strengthening the security system are then given along with rationale and key benefits.
Glasgow airport is Scotland’s second busiest airport carrying in the region of 7 million passengers per annum, representing approximately 3% of UK passenger volume (Ottewell and Ferguson, 2019). Edinburgh is the largest airport in Scotland carrying approximately 10 million passengers. Glasgow airport supports thousands of jobs in the Scottish economy through direct employment and commercial supply chains. Some estimates suggest this to be in the region of 5,000 jobs (in aggregate) and a £1bn+ economic contribution to the region (McKenzie, 2020). The airport opened in 1966. 30 carriers fly out of Glasgow Airport to a wide range of European destinations, Iceland, the east coast of the US, Central and South America, to North Africa and the Middle East and to domestic airports across the UK. Domestic routes in Scotland include flights to small airports in Inner and Outer Hebrides, Orkney and the Shetland Islands. The airport is owned by AGS Airports Limited (About Glasgow Airport, 2020). There is circa 13k tonnes of air cargo movements per annum (ibid.). The airport operates a single main runway, with two terminals (a main terminal and smaller T2 terminal). Train services run to approximately 1 mile of the main terminal. Bus, taxi and private cars are the main connecting transport services.
The airport is somewhat unique in terms of the domestic routes it services to outlying Scottish islands. The security of inbound flights from these islands to Glasgow airport is potentially interesting as regional security off mainland Scotland may be less sophisticated. There may be potential for terrorists to attempt to exploit weaknesses at small regional airports and attack Glasgow airport through those routes.
The airport has a range of measures and controls deployed within its security system. What follows is a generalised discussion.
Aviation terrorism threats include attacks on the terminal and physical buildings, attacks on transportation systems in and around the airport, passenger plane hijack, sabotage, drone and laser attacks, sophisticated and crude improvised explosive device (IED attacks), ramming attacks, and various insider threats to the supply chain (including fuel, cleaning, engineering and catering). The security system must therefore present robust postures against a wide range of threats. Broadly these may be categorised as: 1. measures to protect the security of the terminals, runaway and surrounding infrastructure; 2. measures to protect secure airside area access (including freight); 3. measures to protect supply chains; 4. measures to counter insider threats; 5. measures to protect airspace; 6. measures to protect passenger planes from terrorist attacks using IEDs, firearms or other improvised weapons. Each category is briefly explored presenting an outline thematic view of extant controls.
In category 1, physical security includes fences and barriers coupled with patrols, surveillance and CCTV systems along with reinforced barriers and street furniture to prevent vehicle ramming attacks against terminal buildings. Available industry solutions include smart barrier protection systems such as virtual fence systems with detectors using ground radar, seismic detectors or microwave. Perimeter fences can also support movement or vibration detection, or be electrified. CCTV coupled with Artificial Intelligence can be used to monitor large areas of perimeter fencing and can augment other physical and virtual fencing solutions (Price and Forest, 2016). There is a distinction between landside and terminal security (ibid., p. 218) and as demonstrated in the Glasgow attack of 2007, terrorists may attempt to breach terminal security from landside access points. Reconfiguration of vehicle access to airports, distancing pick-up and drop off zones from terminal buildings and adding additional physical barriers in front of terminals were lessons learned from the 2007 attack.
In category 2, airside access control passes, staff vetting, and access control solutions are coupled with alarms, patrols and CCTV to prevent infiltration of secure sterile areas. Terrorists may use coercion, radicalisation, social engineering, physical force or other fraudulent techniques to access secure areas. Managing airside passes and ensuring applications are appropriately vetted by security staff and the wider intelligence community is vital to ensure the integrity of access controls. Issuance of temporary passes or failure to deactivate passes or appropriately manage the granularity of access controls can lead to overall security weaknesses.
In category 3, the management of airside security is vital, along with appropriate levels of staff vetting. There may be opportunities for terrorists to attack the catering supply chain and introduce toxins into passenger meals. Supply chain security and assessments of security procedures and standards used by suppliers should also therefore be evaluated as part of holistic security management.
In category 4, the primary security methods include staff vetting and using measures outlined in PREVENT (HMG, 2018) to identify potential radicalisation threats. Terrorists may attempt to radicalise, or groom airport employees and measures should be in place for reporting suspicious activity or advances.
In category 5, geofencing and jamming technologies may be deployed to defend against drones. It would be extremely difficult to protect all airspace and there is a multiplicity of threats from malicious and accidental drone incursion, through to laser attack (attempting to blind pilots) and even rocket attack. The use of MANPADS (man portable air-defence system) against a commercial passenger plane is not inconceivable although deploying protective security is difficult due to the operational range of these rocket systems. The Provisional IRA attacks against Heathrow airport using mortars illustrates the capability and intent of terrorists, as well as the economic cost and significant publicity associated with these events (Connett, McKittrick and Boggan, 1994).
In category 6, scanning equipment including body scanners and explosives detectors are used as part of passenger screening as well as x-ray equipment to examine cabin baggage. Luggage and freight screening will also be subject to rigorous checks. Plastic explosives, peroxide based liquid explosives, 3D printed firearms and ceramic weapons are among contemporary threats as well as screening for traditional firearms, detonators, and conventional IEDs. Canines will additionally be used as part of drugs and explosives searches. Since the Lockerbie bombing, there have been significant advances in the ability to detect plastic explosives such as Semtex using detector equipment. Full body scanners are useful for in-depth selective screening, both random and based on behavioural profiling.
Systems introduced after 9/11 including collection and watchlist checking of advanced passenger information and flight manifest data provides additional opportunity to interdict terrorists and criminals as they enter or leave the UK. No fly lists, watchlists and warning indexes are also used as part of the national security response alongside European and international partners and will be used by Glasgow Airport and its carriers.
It is next helpful to evaluate the security system to identify potential security loopholes that might be exploited by terrorists. Loopholes are identified in thematic terms by considering the types of controls in place, whether these controls are technologically capable against extant and emerging threats, whether controls are sufficient in number, whether the security system itself is well integrated, and the numbers and capabilities of security staff deployed to ensure secure operations (Tamasia and Demichelab, 2011). Where loopholes are identified, measures are proposed to strengthen the security system. The readiness of the airport to adopt new security measures is also considered.
Although perimeter security around aprons, runways and terminal buildings looks proportionate there are arguments that the infrastructure could be made more ‘self-aware’. As urban planners embrace ‘smart city thinking’ there appears to be potential benefit in adopting similar concepts into the secure design of airports. Deploying sensors across the physical estate may provide richer insight into both passenger movement and behaviour and provide opportunity to detect and neutralise evolving threats (Davis and Chang, 2012). Improving the ability to detect perimeter tampering or incursion would be beneficial and could draw on increased automation using advances in smart CCTV. To yield maximum benefit from this design philosophy however, systemic thinking is needed in the design of airport security. Arguably the system at Glasgow (and other airports) is siloed and lacks the integration capabilities needed to provide an end-to-end view of security and threats in real-time. Command and control structures and the ability to respond to a developing terrorist situation may therefore be somewhat hampered by a lack of integrated end-to-end security postures.
Airport managers have a complex task of balancing security personnel numbers, the depth of security screening of passengers and cabin baggage and the flow of passengers through the airport (McLay, Jacobson and Kobza). Airports present complex Operations Research problems and passenger convenience must be balanced with safety and security (Barros and Tomber, 2007). Increasing flow rate through security screening without degrading security checks is therefore a critical challenge. Using state-of-the-art scanning equipment that can detect multiple threats, using AI and automation can help with detection rates and processing speed (Hättenschwiler et al., 2018). Fatigued security personnel and bottlenecks in security screening could present loopholes.
Glasgow Airport links to small outlying airports across the Scottish Islands. It could be argued that these provide interesting attack points as ‘weak nodes’ through which either to gain access to or launch attack against Glasgow. This may seem somewhat fanciful, but a sophisticated actor might see the potential of a hijack attack against Glasgow using an in-bound aircraft from a small island with potentially lower security. This raises the question as to where the boundary of the security system begins and ends. There is an argument for juxtaposing some controls into the weakest nodes in the domestic context.
The management of airside access passes is a perennial challenge across UK airports. Although there are well-established solutions, there appear to be continuing loopholes in the management of temporary passes, clearing down access rights when staff leave or move post. There is also a challenge at the national level in terms of having a ‘single view of the truth’ in terms of who has airside access and the hygiene of vetting procedures and criminal records checks. Although this threat is perhaps somewhat notional, sophisticated actors may attempt to use loopholes in airside pass management to access restricted and sterile areas. Rigorous controls, training and processes therefore need to be in place in both Glasgow and across the national network.
Illustrative measures to strengthen security (note: this is purely theoretic and for illustrative purposes only)
Five proposals are given which could lead to gains in the security system at Glasgow Airport. These major on technological innovation, an area in which there appears to be significant scope for expansion:
1. Deployment of integrated perimeter security with CCTV (Adey, 2004), intelligent automation and smart sensors: here the fencing, apron and runway protection could arguably be increased using increased sensor deployment, emerging 5G networks, internet of things and machine automation. There is potential to automate surveillance operations, use machine learning to identify and prioritise threats at the perimeter and deploy either a fully automated response, or flag the potential threat to human security operatives. Lessons could be drawn from military sectors, particularly perimeter protection of forward deployed military bases in hostile theatres. Deploying networks of smart sensors alongside extant physical security barriers would provide significant scope for innovation. In terms of operational readiness this may be quite disruptive. Sensors need to be protected from interference and cyber-attack. Using sensor data to construct a real-time operational picture of emerging threats is not simple and would require significant trialling, training and fine tuning.
2. Increased use of sophisticated detectors to detect non-metallic IEDs, ceramic weapons and 3D printed weapons: the technological capability, numbers of deployed resources and trained operatives could always be upgraded. Ensuring the security system is modularised, interoperable and well-integrated would ensure that new developments in aviation security technologies could be quickly deployed or upgraded. Over-reliance on legacy systems or inability to rapidly adopt cutting edge technology weakens the security system over time and can present needless loopholes to the hostile actor.
3. Layered anti-drone security including geofencing, warning systems, jamming and surveillance: the threat from drones was made evident by the incursions into airspace around Gatwick in December 2018 (Corfield, 2019). Geofencing and restricted airspace management applications help hobbyists from straying into sensitive airspace. Drone attack either singular or using swarms could however be mounted by co-ordinated actors. A faster detect and respond approach is needed, not just at Glasgow. Lessons may be drawn from military theatres and protection of high-profile events such as the G7 or protective security deployed at Davos. Rehearsing for hostile drone attack and having capabilities to neutralise drone threats safely (without risk to commercial aircraft) would be beneficial. Key challenges include the rapid detection of fast-moving light drones and safe interception / neutralisation of the drone without injurious effect on surrounding air traffic (Sturdivant and Chong, 2017).
4. Increased use of Artificial Intelligence (AI) and automation in baggage screening: with the volume of material to screen, and the potential for human operators to tire and miss potential threats, it is vital to have strong computer vision technologies and AI to assess images for potential threats. Algorithms rely on training data and a key challenge is ensuring the AI can detect sophisticated and well-concealed threats. As technologies develop, there is a risk of over-reliance on automated algorithmic screening.
5. Juxtaposing security checks and collaborating with security personnel at small regional airports across the Scottish islands: a novel approach to improving security could be through increased collaboration and juxtaposition of security controls with other airports (particularly small feeder airports). This takes an expansive view of the security system and considers threats that may be launched towards Glasgow Airport from a weak node. Airports across the UK operate to common baseline standards, but there are perhaps opportunities to strengthen security across the Scottish Islands and thereby reduce potential risks to Glasgow either by inbound hijack attack or other subversion of systemic security.
Glasgow Airport has been operational for over 50 years and is a significant employer, transport hub and contributor to the Scottish and UK economies. With its 30 carriers and multiple routes to Europe, Middle East, North Africa and the USA, it is an important node in the UK and European aviation system. Glasgow Airport has direct experience of a terrorist attack. The airport was attacked in 2007 by Jihadi inspired terrorists who mounted a vehicle ramming and incendiary attack. This was largely unsuccessful as the terrorists failed to enter the main terminal building or cause mass damage or injury. Following the attack, security was reviewed across the UK and vehicular access to terminals was greatly restricted. Protective bollards and barriers were deployed across UK airports to prevent similar incidents. Having briefly assessed the security system at Glasgow Airport using public domain material (as a theoretical exercise), there appears to be a compelling argument that technological advances could be adopted to help bolster security in some key areas. These include (but are not limited to), smart perimeter protection, baggage screening using computer vision and AI, and a layered response to hostile drone attack. Ensuring the regional security of small feeder airports across the Scottish Islands would be beneficial as these could present a ‘soft underbelly’ through which to launch attacks into Glasgow Airport.
About Glasgow Airport. (2020) [online] Available at: https://www.glasgowairport.com/about-us/ [Accessed: 16.03.2020]
Adey, P. (2004) Surveillance at the Airport: Surveilling Mobility/Mobilising Surveillance. Environment and Planning A: Economy and Space, 36 (8), 1365-1380.
Barros, A.G.d. and Tomber, D.D. (2007) Quantitative analysis of passenger and baggage security screening at airports. Journal of Advanced Transportation, 41 (2), 171-193.
Brocklehurst, S. (2017) The day terror came to Glasgow Airport [online] Available at: https://www.bbc.co.uk/news/uk-scotland-40416026 [Accessed: 16.03.2020]
Connett, D., McKittrick, D. and Boggan, S. (1994) IRA bombs on runway as jets land: Mortar attack at Heathrow – New campaign fear – Terrorism Act renewed in Commons. Independent [online], 10.03.1994 Available at: https://www.independent.co.uk/news/ira-bombs-on-runway-as-jets-land-mortar-attack-at-heathrow-new-campaign-fear-terrorism-act-renewed-1428076.html [Accessed: 10.03.2020]
Corfield, G. (2019) Sussex Police gives up on £790k Gatwick drone shutdown probe [online] Available at: https://www.theregister.co.uk/2019/09/27/gatwick_drone_probe_closed_sussex_police/ [Accessed: 18.03.2020]
Davis, A. and Chang, H. (2012) Airport protection using wireless sensor networks. IEEE Conference on Technologies for Homeland Security (HST), Waltham, MA.
Hättenschwiler, N., Sterchi, Y., Mendes, M. and Schwaninger, A. (2018) Automation in airport security X-ray screening of cabin baggage: Examining benefits and possible implementations of automated explosives detection. Applied Ergonomics, 72, 58-68.
HMG (2018) CONTEST – The United Kingdom’s Strategy for Countering Terrorism [online] Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/716907/140618_CCS207_CCS0218929798-1_CONTEST_3.0_WEB.pdf [Accessed: 15.03.2020]
McKenzie, K. (2020) 12 amazing facts about Glasgow Airport you never knew [online] Available at: https://www.glasgowlive.co.uk/news/glasgow-news/12-amazing-facts-glasgow-airport-17525968 [Accessed: 16.03.2020]
McLay, L.A., Jacobson, S.H. and Kobza, J.E. (2006) A multilevel passenger screening problem for aviation security. Naval Research Logistics, 53 (3), 183-197.
Ottewell, D. and Ferguson, L. (2019) Glasgow Airport’s passenger numbers continue to fall, new figures reveal [online] Available at: https://www.glasgowlive.co.uk/news/glasgow-news/glasgow-airports-passenger-numbers-continue-17162781 [Accessed: 16.03.2020]
Price, J.C. and Forest, J.S. (2016) Practical Aviation Security – Predicting and Preventing Future Threats. 3rd ed. Butterworth Heinemann.
Sturdivant, R.L. and Chong, E.K.P. (2017) Systems Engineering Baseline Concept of a Multispectral Drone Detection Solution for Airports. IEEE Access, 5, 7123-7138.
Tamasia, G. and Demichelab, M. (2011) Risk assessment techniques for civil aviation security. Reliability Engineering & System Safety, 96 (8), 892-899.