Air Transport Publications
Login   |   Register
jobs Jobs
events Events
My bookmarks

Risk and reward

A risk-based approach to security is effective, flexible, and enables air commerce to flow freely, argues Doug Brittin, secretary general of TIACA

We have been hearing (and talking) about risk-based security for air cargo for quite some time, yet we still have a long way to go to attain it. To do so will require an ongoing effort and commitment, both from the industry and regulators. If we can sustain that effort, then we can become more efficient and reduce – or ‘buy down’ – risk at the same time, moving toward our goal of achieving the best possible security while also enabling air commerce to flow freely.


Risk-based security remains an important objective for our industry, as it will enable us to move away from the necessity to comply with overly technical, prescriptive security measures. With a risk-based (and outcome-driven) approach, regulators would establish ‘security objectives’, which would then allow industry members or groups to design measures by which they may be accomplished in a more cost-effective, operational and security-effective way. Airports are a perfect example, as no two are exactly alike. The objective is to secure access, in this case to cargo operations, through physical methods such as fencing, or procedures like badging and ID. Various technologies currently exist, and continue to emerge, which can help tie all of these together.


A regulatory document for these would be an ongoing process, and would thus never be current. Identifying the goal – and allowing the regulated party to establish, manage and ensure it is in compliance – would better suit the situation. Similar cases can be made for forwarders and carriers. The ideal is to identify the risks fully, and then allow the industry to provide an outcome-based approach to properly manage and mitigate that risk. By doing so, regulated parties would be able to design the ideal shoe that fits, rather than be forced into one that doesn’t.


How do we get there? First, we must recognise that in a large part, prescriptive security is driven by policymakers who are responding to mandates and pressures from legislators. In a speech before the US Homeland Security Policy Institute’s Strategy & Leadership Forum in December last year, outgoing Transportation Security Administration’s administrator, John Pistole, noted this challenge. He observed that, “our missions are mandated by legislation, our operating budget is appropriated by Congress, our operational focus is driven by the Department of Homeland Security and, ultimately, the President.”


We must lead legislators away from creating mandates which do not include risk analysis, enabling regulatory agencies (with collaboration from industry) to tailor policy to different situations or evolving threats. Furthermore, there needs to be an effort to engage in discussions to agree on what acceptable risk may be, establishing a common understanding and language in which to discuss it.


Once we get that far, how do we effectively, on a collaborative basis, identify risk levels? At its most fundamental level, it is fairly easy to apply a formulaic approach, wherein Risk equals Threat x Vulnerability x Consequence (R = T x V x C). This can produce a monetary value for almost any scenario. However, there are those who argue that probability needs to be part of that equation.


Irrespective of which formula or other metric is used, it is important to properly identify, understand and determine how to respond to an issue. Consequently, the risk must be analysed and a determination made to accept, control or avoid it while understanding the benefits and costs of the path taken.


Taking these concepts forward, we can readily imagine the benefits of not requiring every airport, airline, regulated agent or cargo handler to apply the exact same measures. This is tantamount to building a great wall for all, when only some are affected, and even then only by certain elements of risk. For example, we could take the approach that, in a certain segment of the air cargo supply chain, only elements A, B and C are relevant, as opposed to the full alphabet. We could then allow participants in that segment to provide a solution which may well already be incorporated into their existing security measures, without having to implement additional, and perhaps duplicative, measures dictated by regulators. This would provide the same result while enabling the participant to operate more efficiently and effectively.


We must recognise that security in our industry will continue to evolve along with the threats that it faces, as those who wish to target us will continue to change their approach. There is unfortunately no light at the end of the tunnel, so we too must remain flexible. We can attain the best result by working closely and collaboratively with regulators, who must communicate to us the threats so that we can participate in the process. Security, including that which incorporates a risk-based approach, should not be mutually exclusive with efficiency.

To download the PDF file for this article, you have to pay the amount by pressing the PayPal button below!

Filename: Risk and reward.pdf
Price: £10

Contact our team for more information!

The Cargo channel

Industry blog
Autonomous freight drones: a revolution in air cargo?


You must be logged in to post a comment.

Please login or sign up for a free account.

Disclaimer text: The views expressed in the above comments do not necessarily express the views of Air Transport Publications Ltd. or any of its publications.