Key elements of the new National Strategy for Aviation Security
This week the Trump Administration released the new National Strategy for Aviation Security (NSAS) that replaces the previous strategy from 2007. While the 2007 document mainly focused on physical threats from terrorists, criminals and hostile countries, the new NSAS acknowledges the proliferation of “disruptive technologies” that have resulted in new risks for the Aviation Ecosystem and the plan aims to address both emerging and traditional threats.
The strategy outlines the following 6 threats to the US Aviation Ecosystem:
- Terrorists, who are constantly trying to find ways to find holes in customs and immigration security.
- Hostile nation-states that may pose threats by engaging in hostile acts; sponsoring terrorism; or in terms of their offensive cyber capabilities, which can be used for cyber espionage and other malicious purposes.
- Criminals, which include traditional criminal actors who constantly try to exploit flaws in the Aviation Ecosystem in order to transport illicit goods or people, as well as cybercriminals that are carrying out cyberattacks on airlines and other organizations in the aviation sector. These attacks can involve financial cybercrimes as well as cyber espionage efforts.
- Insiders, i.e. “personnel employed by governments, airports, airlines, and other aviation stakeholders.” Here, the document prioritizes the threat of radicalized insiders who can take advantage of their privileged access to elements of the Aviation Ecosystem, such as aircraft and control systems, in order to carry out attacks for terrorist organizations like ISIS and al-Qa’ida.
- Foreign intelligence agencies of “[h]ostile or suspect nation-states and other foreign intelligence entities”. These entities can engage in various nefarious activities, including the collection and documentation of vulnerabilities in the Aviation Ecosystem, and the theft of intellectual property.
- The spread of infectious disease via Air Travel, with recent examples being Zika and Ebola.
The NSAS then goes on to outline three categories of emerging disruptive technology/risk:
- Cyber connectivity within the Aviation Ecosystem, which refers to the development and proliferation of networking and other cyber technologies relating to things like wi-fi networks for customers, navigation communications, airport systems, airline business networks (such as online reservation systems) and unmanned aircraft systems (UAS) that could potentially be hacked.
- Increasing reliance on the radio frequency (RF) spectrum. This refers to the fact that the air navigation system (ANS) is increasingly making use of GPS and other “space-based technologies” as apposed to land-based technologies used for navigation.
- The proliferation of Unmanned Aircraft Systems, which poses various threats to the Aviation Ecosystem. Not only can they pose a direct danger to aircraft by flying too close to airports, but they can also be used to swarm targets, carry and deliver explosives as well as for illicit surveillance and the infiltration of computer networks.
The NSAS then outlines the following 4 strategic objectives
- Protect the US from threats related to the Aviation Ecosystem
- Anticipate threats and assess vulnerabilities to and from the Aviation Ecosystem
- Maximize security while balancing it with safety, efficiency and economic factors
- Cooperate and coordinate with international, domestic and private partners
Finally, the document mentions 5 strategic actions to achieve the strategic objectives:
- Maximize domain awareness, which will be done through “advanced information collection, analysis, and sharing of that information.”
- Anticipate threats and assess vulnerabilities. Here the government will address gaps in intelligence and develop “a unified response through a standardized process […] well in advance of a crisis.”
- Strengthen layered aviation security. This means that the US will “further integrate and align aviation security activities into a risk-based, cohesive national effort.” This will also involve advanced screening and threat detection techniques at airports and in other parts of the Aviation Ecosystem, including cyberspace.
- Ensure continuity and promote resilience of the aviation domain. This will be done by improving relevant contingency plans, such as strategies for operational continuity, incident response and disaster recovery following a disruptive incident or an attack.
- Enhance international cooperation. For this purpose, the US will “work with foreign partners to improve global aviation security equal with or exceeding United States standards,” while also promoting the development of relevant international standards and best practices.