Takin' It To The Streets: Systemic Enhancement of General Aviation Security

[from the archives 9/1/2012] by Joseph F. Corrao

Recent U.S. government approaches to general aviation security have failed to acknowledge the unique characteristics of general aviation.  Federal policy makers must better understand, appreciate and think creatively about the defining characteristics of non-scheduled commercial and non-commercial flight operations to draft effective, sustainable general aviation security regulations that are acceptable to the public.

On October 30, 2008, the U.S. Transportation Security Administration (TSA) published a notice of proposed rulemaking (NPRM) called “Large Aircraft Security Program, Other Aircraft Operator Security Program, and Airport Operator Security Program,” the Federal government's first significant proposal to enhance the security of general aviation in the United States.  (73 Federal Register at page 64790)    The proposal provoked approximately 8000 comments to the regulatory docket from around the country, including members of congress in both the House and Senate, state governors, mayors, members of state and local legislatures, many business leaders and many, many pilots.  Almost all of the comments were highly critical.  

On December 7, 2009, the Department of Homeland Security (DHS) published the following notice: “After considering comments received on the NPRM and meeting with stakeholders, TSA decided to revise the original proposal to tailor security requirements to the general aviation industry.  TSA is considering alternatives to the following proposed provisions in the SNPRM: (1) the weight threshold for aircraft subject to TSA regulation; (2) compliance oversight; (3) watch list matching of passengers; (4) prohibited items; (5) scope of the background check requirements and the procedures used to implement the requirement; and (6) other issues.” (74 Federal Register at page 64235)  

TSA has not yet published the Supplemental NPRM (SNPRM).  No one outside of the Federal rulemaking team assigned to the task knows the content of the SNPRM, including the author of this article.  Almost three years after DHS informed the public that a general aviation security SNPRM would be forthcoming, the SNPRM may be reaching completion within the Federal bureaucracy.  Nevertheless, the coming Federal election (regardless of who wins) may open an opportunity within the government for further analysis and reflection on why the original NPRM failed and, more importantly, how to get it right next time.   

TSA's 2008 NPRM failed because it tried to apply airline-style security measures to general aviation operations. In the world of scheduled commercial (“airline”) passenger and cargo operations,? passengers, their bags, and cargo travel first from home or workplace to the airline terminal – a known point.  Because airline departures and arrivals are scheduled in advance and flights operate more or less on schedule, security planners can and do know generally when people, bags and cargo will arrive at the terminal.  Because airline terminals and other airport buildings and infrastructure, such as parking garages, buses, trams, sidewalks and moving walkways, are subject to the control of the airport authority, security planners can and do know in advance the paths arriving travelers, bags and cargo must traverse to move from entry onto airport property through the terminal to the aircraft.  Because all this information is known in advance, security planners have a comparatively easy time of it in the airline world, creating points of convergence in passenger, baggage and cargo pathways and setting up security screening processes and technologies at those points of convergence.  (“Points of convergence” are also known as “bottlenecks;” TSA calls them “security screening checkpoints.”)  

In non-scheduled civil aviation environments, it is not feasible to establish fixed security checkpoints in the stream of commerce because this stream is not known, not predictable, and not localized.  General aviation comes from where it wants and goes where it wants, when it wants.  Working with scheduled commercial passenger and cargo civil aviation, it is reasonable to pre-position screening personnel and technologies and let travelers and cargo come to them; in nonscheduled civil aviation arenas, this approach is not workable.

Similarly, in the scheduled commercial passenger and cargo worlds, flight crews are identified in advance, passengers must buy tickets and shippers must purchase carriage before passengers board or cargo is loaded aboard the aircraft.  The personnel management and purchasing processes collect information about flight crew, passengers and shippers, offering security planners opportunities to verify names and addresses, review databases and otherwise obtain knowledge of who and what will fly before boarding or loading occur.  In non-scheduled, non-commercial civil aviation (general aviation), no tickets are purchased, no space is reserved no one is required to tell anyone who the crew will be, so almost no opportunities exist to collect information before boarding, loading and departure.  

TSA's 2008 NPRM failed because implementing airline-like security in the general aviation environment would destroy general aviation, an outcome no one wants and the NPRM's drafters failed to recognize.  Any rule requiring pre-identification of passengers, delivery of bags to a screening station, removal of prohibited items or any other centrally located or centrally performed security procedure will fundamentally conflict with general aviation business models, as will any proposal that interferes with owners' and operators' ready access to their aircraft.  Any security proposal in fundamental conflict with prevailing private sector business models is doomed to controversy and, ultimately, to failure – the private sector can adjust and absorb a lot of mandated change, but leopards cannot change their spots; general aviation is not general aviation without the freedom of time, place and access that airline-style security practices and procedures would destroy.  

Moreover, in commercial aviation settings, a commercial cash flow exists to support the inescapable costs of security.  In noncommercial settings, no such cash flow exists; all costs of security – and all other costs of operation – are borne solely by the non-commercial operator.  Not only does Federal law require sound cost-benefit analysis to justify every Federal regulation, practical considerations demand that it be taken into account because compliance is difficult to achieve when the cost of the regulation exceeds the regulated party's ability to pay.   

So what to do?  

If airline-style security can't work in the general aviation environment – and it can't – then we need a style of security that will work.  General aviation-style security must not conflict with general aviation's “go anywhere, anytime” business model, and it must not be expensive; costs should be low and value must exceed cost.  

To envision how to do this, we need to think a bit about how a terrorist might use general aviation.  A general aviation aircraft, of any size, may be used for three purposes by terrorists: (a) to transport people and things; (b) to release a substance or an item into the air; and (c) as a guided projectile, with or without something on board to enhance its destructive potential, such as a large fuel load or other material.  To use an aircraft in these ways, a terrorist requires operational access to the aircraft and, for all but the most innocuous uses, an opportunity to load the aircraft without being too closely observed.  (And of course, innocuous uses need not concern us much.)

This suggests the outlines of general aviation-style security: It should prevent unauthorized operational access to the aircraft yet not restrict owners, operators and their passengers from accessing and operating their aircraft; and it should prevent surreptitious loading of destructive substances and devices into the aircraft.  

“Operational access” is the ability to get to and operate the aircraft.  Unauthorized operational access can be prevented in two ways: by preventing unauthorized access, and by preventing unauthorized operation.  A terrorist who cannot touch an airplane cannot use the airplane, but neither can a terrorist who can touch the airplane but can't start it or can't get it airborne.  

A multi-faceted general aviation security proposal emerges from these considerations; it includes the following three elements:

• (1) Securing the aircraft.  To prevent unauthorized access without impeding authorized access, aircraft should be secured in hangars whenever possible.  

Many aircraft cannot be secured in hangars because hangars can be expensive and hangar space may be unavailable.  It is tempting to consider securing ramp and parking areas, but this is expensive and not very effective; while securing a hangar requires only a lockable door, securing a ramp area requires not only a security barrier such as a fence (usually expensive), but additional items and processes (also usually expensive) as well: A method of distinguished authorized persons from unauthorized persons, such as identity verification and badging; a method to permit authorized persons to enter while unauthorized persons are turned away, such as a secure credential reader or a trained and forceful guard; and a method to assure that the barrier is not breached, such as fence-line patrols or closed-circuit television.  In general, the cost of securing general aviation ramp areas is very high compared to the cost of preventing unauthorized operation and not nearly as effective, since fences can almost always be cut and barriers circumvented when the guard's back is turned.  Although securing ramp areas may deter some theft, the cost-benefit ratio is likely to be prohibitive for the non-commercial civil aviation community.  

Thankfully, the cost of preventing unauthorized operation is low.  

• (2) Preventing unauthorized operation.  Unauthorized operation can be prevented by the use of prop locks, wheel locks, cabin locks, hardened tie-downs, ignition locks, and other methods that prevent unauthorized persons from starting an aircraft or getting it airborne.

Compliance with requirements to hangar and lock an aircraft or use a prop lock or other barrier(s) to unauthorized operation may be Federally coerced or Federally encouraged.  Because these actions directly benefit aircraft owners and operators by protecting against weathering and vandalism and deterring theft, it should not be necessary to coerce compliance; mere encouragement can be expected to achieve positive results.  One way the Federal government may encourage these actions is by encouraging aircraft insurers to highlight the resulting savings in policy premiums.  For example, the aircraft owner who moves his aircraft from ramp parking to a lockable hanger significantly reduces the probabilities of weather damage, vandalism and theft, as well as terrorist misuse.  Hull insurers may be encouraged to emphasize this reduced probability of harm in documents and premiums, thereby materially encouraging all owners to take these steps wherever feasible.  

Finally, an effective, sustainable, acceptable general aviation security regime can and must materially increase the probability of discovering a terrorist's attempt to load bad things into an aircraft in time to prevent the bad act.  In the general aviation environment, where it is not practical to introduce checkpoints or fixed screening sites, a new way must be found to introduce detection capability into the aviation environment.  

• (3) Trustworthy Agents.  Currently, state and local law enforcement officials (LEOs), FAA safety inspectors, and state-certified non-LEO first responders pass by general aviation facilities regularly, and occasionally enter.  It would not be difficult for Federal security planners to reach out to these and other “trustworthy agents,” directly and in partnership with their national organizations and associations, for assistance in applying detection capability to general aviation.

Federal effort in this regard is very scalable – which is Fed-speak for “can cost a little or a lot.”  On the cheap side, Federal officials might simply ask state and local trustworthy agents to include in their patrols drives through general aviation airports in place of drive-bys.  Increasing the Federal investment, Feds might work with aviation associations and educational institutions to provide training for trustworthy agents on what to look for in the general aviation environment and how to respond to indications of suspicious activity.  At the far end of the spending continuum, the Federal government should consider providing grant funds or grants-in-kind to equip state and local trustworthy agents with specialized detection equipment and reach-back capability, with the understanding that the equipment will be used to enhance civil aviation security even as it enhances the overall level of safety and security in the local jurisdiction.  

Will TSA's long-awaited general aviation security SNPRM reflect understanding, appreciation and creative thinking about the defining characteristics of general aviation?  Only time will tell.  Hopefully Federal security planners and policy makers will see that the unique characteristics of non-scheduled and non-commercial civil aviation matter, and that to be effective, sustainable, and acceptable to the public, general aviation security regulations must take those characteristics into account.