Security standards in business aviation


Words by Rob Coppinger

Business aviation has to meet the same high security standards as commercial air transport but no comprehensive public picture of the sector’s performance exists.

FBOs providing business aviation services from airports are required to follow stringent rules and procedures, just like their commercial counterparts – to defeat the individuals intent on moving contraband across borders or harming others. However despite the appearance of a heavily regulated and regularly evaluated industry, the implementation of internationally agreed policies and the application of local security procedures is known by insiders to vary widely, while publicly available government data on compliance can be described as scant.

A fact that allays doubts about compliance is that no general aviation (GA) aircraft has ever been used for an act of terror anywhere in the world, according to the Aircraft Owners and Pilots Association (AOPA). However, Hany Bakr, security director for Europe, Middle East and Africa at international SOS company MedAire, points out that it does not help that there is little or, “no publicly available information to universally indicate the degree of vulnerability, between the two different business models,” of commercial and business aviation.

Secure perimeters and access control is one of the fundamental aspects of airport security

Bakr also cites another fact – that the absence of any notable aviation security incidents undermines the case for investment in security. While investment is not seen as an immediate need, the industry does come together, according to Bakr, to exchange ideas, “benchmark and work towards enhancing their aviation security protocols”.

Government reports about business aviation security are difficult to find. The UK’s Independent Chief Inspector of Borders and Immigration annual report for April 2018 to 31 March 2019 makes no references to business airports or security. Bakr points to a US Government Accountability Office report from 2011 that reports on an assessment of US airports and their security improvements, post-September 11th. The report found that while the airports have multiple security measures in place, “they varied,” and also revealed “specific measures in potential vulnerabilities is varied across all airports,” Bakr explains. The level of access control for GA facilities at airports was also a concern raised in the 2011 report. 

The last GA security report by the US Government was produced by the Aviation Security Advisory Committee (ASAC) in 2017. ASAC’s two recommendations specific to airports were the need for a strategy video to be made and a review of how identification badges are issued. Bakr also believes there is a potential issue at US airports, with business aviation operations not subjecting passengers, baggage, cargo or employees to any form of security screening before gaining access to airport’s secure areas. “This is a serious vulnerability and can lead to unpleasant and catastrophic consequences if exploited by bad individuals,” he warns. 

Industry recommendations

VIPs choose private aviation to reduce the time spent in airport security

The business aviation sector follows its own policies and guidelines in addition to those set out by regulators and government. The NBAA recommends best practices [See box] to its members. Bakr says, “Access control into airports and to general aviation facilities airports has been a concern but there haven’t really been any known studies conducted to categorically confirm or deny which…is more vulnerable than others.” AOPA encourages people to report vulnerabilities. It has an Airport Watch program which is about promoting a strong security culture and government and aviation community vigilance to protect GA aircraft (see box: AOPA’s Airport Watch Program).

The security apparatus used at airports or terminals is fundamentally the same for commercial and business aviation. In the UK, commercial and business passengers are being “processed still to exactly the same standards. But it’s done in a very fast and efficient manner,” says British Business and General Aviation Association (BBGA) FBO workgroup chair, Jason Hayward – also the general manager for Universal Aviation UK, a handling agent for corporate and executive aircraft that operates worldwide.

Trade association the Airport Operators Association (AOA), agrees. It states that all airports have to implement the UK government Department for Transport’s policies on security. However, the AOA also sees differences where business aviation is concerned. The AOA says, “To what extent among business airport security policies vary depends on a range of factors.” 

The organization cites aircraft with exemptions due to their use for private purposes as one factor altering the security obligations imposed on a business airport or FBO compared to a commercial airport. 

“Whether these policies need to be stronger is a matter for the government, dependent on the latest threat picture,” the AOA adds.

The International Air Transport Association (IATA) has an operational safety audit (IOSA) program that evaluates airline’s security management processes. Bakr believes such a program could have its advantages if introduced to business aviation. 

“With numerous commercial security alliance groups in place and the work of IATA Aviation Security, a modern, proactive, collaborative and unified approach already exists in order to serve the entire commercial aviation community,” Bakr says.


Security procedures can vary considerably at different executive airports

Hayward meets with the UK Civil Aviation Authority (CAA) and with the UK government’s Department for Transport to discuss screening regimes for FBOs on behalf of the BBGA. For the UK, aircraft that qualify for screening weigh 10 tonnes or more, while the EU sets the bar at 15 tonnes. “The UK has more stringent measures in place,” says Hayward. 

There is a European baseline for FBO security and the UK plans to continue following it whether the UK is in the European trading bloc or not. 

“I know from talks with the DfT [Department for Transport] and the CAA that they are very keen to keep the UK regime in alignment with the EU’s,” Hayward says. “They certainly will not be taking shortcuts and going below the current baseline. The CAA will make sure airports are being compliant with the rules.” 

All EU member states’ regulators can choose to add what they will call more stringent measures, but they can’t go below the EU regulation baseline. Dialogue with industry stakeholders, such as the BBGA, and regulators generate any extra security measures. 

“It really is a case of working with the regulatory authorities to ensure that we are putting efficient processes in place,” Hayward says. “The UK economy needs people to keep moving, but we must also ensure that our country is kept safe from people that may be up to no good.”

Cyber rules

Worldwide, it is the International Civil Aviation Organization (ICAO) Annex 17 which governs security. One of Annex 17’s standards recommends that a government should ensure the company conducting general and corporate aviation operations has a written security program that is implemented and maintained, where the aircraft have a maximum take-off weight of more than 5.7 tonnes. The recommendation is not mandatory. Bakr says, “If the member of state does not feel the urge to make it mandatory, this leaves aviation vulnerable to various security problems,” he says.

Another obstacle to security screening or identification verification can be the passengers. Business aviation clientele are often high-profile individuals, government dignitaries, aircraft owners and government representatives, who can be affronted by the screening process. Such individuals will guard their privacy and cyber security, another area that needs to be addressed by business aviation. Programs that identify critical information, systems and data are needed by airports and FBOs. They need to develop and implement protective measures to protect all their digital systems within the facility from malicious internet intrusion or sabotage.

Industry best practice, ICAO standards, EU and national regulations provide a picture of a comprehensive framework, yet there are few government examinations of business airport security or reports that mention it. Combined with evidence of the patchy application of good procedure, business aviation appears contradictory – flawed, but also, on the face of it, in good working order.

Share this story:

About Author

Comments are closed.