Tony Tyler addresses AVSEC World in Washington D.C

Tyler said: "Ladies and gentlemen, good morning. It is significant that we are meeting in Washington to focus on aviation security. The tragic events of 9.11 create an indelible link between this city and the constant challenge to keep flying secure from those who would do it harm. And Washington is also a focal point for much of the thinking, innovation and policies that have risen to the 9.11 challenge and which help keep our world connected.

Before I begin my formal remarks, I would like to thank John Pistole, who has announced his retirement from the Transportation Security Administration (TSA) at the end of this year. In his four-and-a-half years at the TSA, Administrator Pistole demonstrated strong leadership and an enthusiasm for partnering with industry, which is a very effective combination when problems need solving. I have been fortunate to have had the opportunity to work with him and I know I speak for all in this room when I say he will be missed.

We are meeting as we celebrate the 100th year of commercial aviation. Our industry was born on 1 January, 1914, when Tony Jannus piloted a Benoist flying boat carrying a single fare paying passenger between St. Petersburg and Tampa, Florida. Percival Fansler, a local businessman, conceived the idea for the airline and Thomas Benoist built the aircraft. From their vision, commercial aviation has evolved into the global air transport system that will safely connect some 3.3 billion travelers with nearly 100,000 flights per day across 50,000 routes this year. This activity drives economic growth, creates jobs and facilitates business opportunities. Aviation’s annual economic impact is estimated at $2.4 trillion and it supports 3.4% of global GDP.

Yet our centennial also has been tragic, with the loss of Malaysia Airlines Flight 370 and the shooting down of MH17 in July. It is a bitter irony that aviation’s 100th anniversary—an industry whose success rests on a safety record for which we can be justifiably proud—is also one of the saddest years we have experienced in a long time. Our thoughts, prayers, and deepest condolences go to the families of those lost in these events, including both passengers and crew members, and of course to our colleagues at Malaysia Airlines. The best tribute that we as an industry can pay is to use our understanding of what happened to make flying ever safer.

The reason that we are meeting here today is very closely related to that goal—ensuring that aviation remains secure and robust against the threats of those who would do us harm. When we came together a year ago in Istanbul, I proposed that aviation was at a crossroads. We needed to decide whether to be content with a “business as usual” security model for air travel or whether boldly to embrace change so as to cope with new and emerging threats as well as the rising demand for connectivity of people and commerce.

Ladies and gentlemen, I believe that the choice has been made for us. Aviation is safe and secure, but the tragic events of this year have revealed gaps in the system. These gaps cannot be closed with a business-as-usual attitude. Silos that prevent sharing of information between governments and other aviation stakeholders must be torn down. Inflexible one-size-fits-all regulations cannot adapt to evolving threats. They must be replaced with a more flexible outcome-focused approach.

Above all we must embrace new ways of working together on security issues. Commercial aviation was built on collaboration, going all the way back to Fansler, Benoist and Jannus. Every flight is the result of a choreography of cooperation among many different entities, including airlines, airports and air navigation service providers—to name but a few.

They work together based on global standards. As a global business we could not function if we needed to develop bespoke systems for each airport or destination. The nearly 100,000 flights that will operate today can do so only because the rules are basically the same across their networks.

Unfortunately, we have not achieved that level of cooperation, or global standards, in security. But as the number and severity of aviation security issues increases, the need for consultation, coordination and cooperation – among governments as well as between governments and industry – grows even faster. We should take as a template our cooperation on safety, which transcends national borders. There are no walls between government and industry when it comes to safety. There should be none when it comes to sharing critical information to keep our passengers and crews secure.

In particular we must work together to address:

Information sharing about conflict regions

More effective border controls
Better ways of passenger and cargo screening and facilitation
Threats to cybersecurity
 

Conflict Zones

We certainly must embrace a new approach to sharing information about conflict zones. Last July, the world was shocked and angered by the shooting down of a commercial transport aircraft operating in civilian airspace. There is no question that the aircraft had every clearance to be where it was.

In the aftermath of this horrific incident, industry and government quickly came together to do all possible to prevent a recurrence. Under the leadership of the International Civil Aviation Organization (ICAO), the Task Force on Risks to Civil Aviation Arising from Conflict Zones was established, which I will refer to simply as the Task Force.

We have made it a top priority to support ICAO as a member of the Task Force. We are adding our expertise into this complex—and political—issue by helping ICAO and governments understand airline requirements.

The Task Force has made 12 proposals which ICAO Council is reviewing. Fine tuning of the proposals is expected before year end.

Let me be very clear about what is required:

Airlines need clear and accurate information on which to base operational decisions on where and when it is safe to fly. If clear and consistent guidance is provided regarding threats, airlines will be able to make informed decisions whether or not to operate in a particular area.
Such information can only come from governments and must be accessible in an authoritative, accurate, consistent, and unequivocal way. There can be no excuses. Even sensitive information can be sanitized in a way that ensures airlines get essential and actionable information without compromising methods or sources. And, although I will repeat that this is a state responsibility, I can also commit that the industry is ready to assist in any way possible to help governments to make this happen.

As all of us work to enhance, and in some cases establish, information sharing systems between industry and government, I want to acknowledge the leadership of Director Clapper and the TSA in establishing the Air Domain Intelligence and Analysis Center (ADIAC) pilot. This first of its kind initiative is a strong step forward in sharing knowledge and expertise to make the industry safer.

There is a second gap that also must be filled. There is no international law or convention that imposes on states a duty to manage the design, manufacture and deployment of anti-aircraft weapons. We have conventions that address many other types of weaponry and trade in weapons generally. MH17 has demonstrated that powerful and sophisticated anti-aircraft weapons are in the hands of non-state entities. Under ICAO’s leadership, I am confident that we can find ways within the UN system, to augment the international law framework to ensure that states fully understand and discharge their responsibilities in this regard.

More Effective Border Controls

UN Security Council Resolution 2178 reminded us of the need for clear guiding principles in the fight against terrorism. As with all other government imposed security requirements, States implementing this Resolution to control the movement of would-be terrorists across borders should ensure that any systems they develop are consistent with global standards and best practices.

This is not the case today. The disappearance of MH370 exposed gaps in border control, as two passengers were able to board the aircraft with passports that had been reported as stolen. While nobody believes that the incident was related to the subsequent events, the fact that passengers could board an aircraft with fraudulent passports in 2014 rings alarm bells and tells us we cannot return to business as usual.

Airlines are not law enforcement agencies; and border control functions are the responsibility of States. The industry goes to great effort and expense to ensure that governments requiring Advance Passenger Information (API) for flights to or from their territory receive reliable data. It is vital that States make effective use of the information that airlines are required to provide. The vetting of passports against the INTERPOL Stolen and Lost Travel Documents database is a responsibility of States and should be considered in all cases. The results of such vetting processes should be made known to carriers -- particularly when providing a response to API transmitted as part of interactive passenger-by-passenger check-in activities.

There is another issue that is linked to this collection of data, which is that we must be prudent in how we collect and spend money to support data collection. It is preposterous that airlines or passengers should be forced to pay governments to offset the costs associated with processing the passenger data that those governments require the airlines to provide. This needs to stop. Airlines bear the costs associated with collecting, storing, formatting and then transmitting required passenger data to governments. It is not unreasonable to expect that governments would fund their own internal processes needed to make use of that information as part of a broader national security program.

We also need to consider carefully what data is required for flights simply passing through a State’s airspace while enroute from one country to another. Does detailed biographic data about persons passing overhead at 35,000 feet actually enhance security? If it does, what level of data is needed to make the determination? We do not believe it should be the same as the data States require for flights landing at one of its airports. Let’s use some common sense – data for data’s sake doesn’t make anybody safer.

So in the name of the effective use of passenger data, we call on governments:

To follow ICAO’s standard elements of required passenger information transmitted in advance of departure and eliminate all other requirements
To ensure that systems and processes employed to support electronic transmission of that data are aligned with best practices and standards jointly developed by the World Customs Organization, ICAO and IATA. To eliminate the collection of passenger and cargo data on paper forms
To create a single harmonized window through which airlines can submit electronic data to governments instead of having to provide different bits of data separately to each department within the same government. To use this data to improve both the efficiency and effectiveness of border controls.
 

Smart Security

A new approach to facilitation and border control goes hand-in-hand with changing how we manage passenger screening at airports. The existing process works—but at great cost. Collectively airlines, passengers and governments have spent over $100 billion on security since 9.11. Airlines are spending over $8 billion a year by themselves. The system is secure but it is neither efficient nor user-friendly. Our passengers repeatedly tell us that the security checkpoint is a universal pain point. Nearly 60% of those surveyed in our 2014 Global Passenger Survey said that a bad security experience at a transfer airport will affect their future connecting choices.

By 2034 airlines will carry approximately 7.3 billion passengers, more than double the number today, according to our 2014 Air Passenger Forecast Global Report. Given this growth—and continuously evolving security threats—today’s model is not sustainable for the long term. We have no choice but to change. If we do not, airport checkpoints will be overwhelmed. Wait times continue to be the biggest checkpoint gripe according to our survey. They will rise exponentially with more passengers. Efficiency will decline and costs will rise.

To address this, IATA and Airports Council International (ACI) are working together on Smart Security. Smart Security aims to improve security, and remove the hassle through a combination of process changes and technology, so that passengers proceed smoothly and swiftly through security checkpoints with a minimum of queuing and disrobing.

A key element of Smart Security is applying a risk-based model that will enable resources to more rapidly address emerging threats. Differentiation may be based on such things as ticket purchasing characteristics, trip itinerary and behavioral analysis at the airport.

Additionally, the success of voluntary known traveler programs for immigration and customs—of which there are over 25 worldwide—tells us that passengers are willing to share information about themselves in order to smooth out the process.

TSA’s Pre-check is a big success in the US but the model needs to be exported to other countries. I also urge governments that are looking into introducing such programs to think from the very outset in terms that would allow them to link and mutually recognize one another’s programs across borders. To some extent this is happening with automated border control, such as between the US and Canada. Why not do it with security? As that happens, it will fuel a virtuous cycle of increasing incentives for more people to join the programs, resulting in more knowledge about who is traveling and even better security.

This year we will conduct airport trials with Smart Security components and assess the impact on operational efficiency, the passenger experience, and security effectiveness. Smart Security is intended to be implemented in stages in line with advances in technology and systems. We also are working with ACI on the Security Access and Egress project. This sets out to improve the passenger flow at security checkpoints with existing technology and infrastructure in order to support passenger growth and reduce delays caused by security.

Cargo Screening and Facilitation

The cargo community is similarly eager to adopt a risk-based approach to security. Data is vital to implementing it, but today this is difficult because air cargo largely still relies on paper processes. Industry and governments are working hard to implement e-freight around the world. Although it is taking longer than originally thought, the program is gaining momentum and the entire supply chain is uniting behind the effort. We are determined to have 100% electronic air waybills by 2017—a key element of the program.

We are also united behind Secure Freight—which can help manage the risk across the supply chain. Since the 2010 printer cartridge plot, governments, especially in the US and EU, have imposed a number of security directives tailored to managing risk. We are eager to engage with governments to implement practical and harmonized measures that both facilitate global trade and keep our industry secure.

The EU’s ACC3 regulation indicates the eagerness of regulators to secure the supply chain. Under this regulation, which took effect in July 2014, an air carrier's designation only continues to be valid upon successful completion of an EU Aviation Security Validation performed by an Independent Validator accredited by an EU member state. Only validated carriers are authorized to fly cargo or mail into Europe. We have put in place a pioneer Center of Excellence for Independent Validators (CEIV) to train, advise and support industry stakeholders.

While nobody can argue with the general principles, we would prefer a multi-lateral risk-based approach. Let me be clear on cargo security in relation to ACC3. Security across the globe is not going to be enhanced through more validation programs. Mutual recognition of sovereign states’ own cargo security programs such as US/Canada, EU/US, US/Israel, and the US National Cargo Security Program are the cornerstones of the future. My message to regulators is: please do not proliferate, or duplicate, extra-territorial auditing and validation regimes.

A more effective approach is the World Customs Organization (WCO) SAFE Framework global data standards, in use with approximately 100 WCO Member States. The US, EU and Canada have implemented pilot trials in cooperation with airlines to implement an additional advance data layer. Work is underway to adopt these procedures into the WCO SAFE Framework by June 2015 and global rollout will then follow.

Cybersecurity

We have not had the cyber equivalent of a printer cartridge plot but we are not waiting for one to occur before moving forward. Aviation relies on computer systems extensively in ground and flight operations and air traffic management, and we know we are a target. IATA has put in place a three-pillar strategy that encompasses:

Working to understand, define and assess the threats and risk of cyber-attack, Advocating for appropriate regulation and Mechanisms for increased cooperation throughout the industry and with governments.

As part of this strategy, IATA has joined with ICAO and other stakeholders through the Industry High Level Group (IHLG) to coordinate cybersecurity activities and provide a common framework for the industry. IATA has also developed an Aviation Cyber Security Toolkit to help airlines implement their own cybersecurity programs. It contains tools to help airlines identify and assess cyber risks as well as practical guidance materials and videos.

It is vital that government and industry embrace collaboration to understand and identify any threats and devise strategies to combat them. We cannot afford information silos. Regulations should be outcome-focused, not prescriptive. This is a fast-evolving threat that simply cannot be addressed with static, one-size-fits all solutions.

Conclusion

At the top of my remarks, I noted that aviation was built on collaboration, but that we have not achieved a satisfactory level of collaboration when it comes to security. I do not see this as a reason to be discouraged, however. I view it as a tremendous opportunity. We have made extraordinary progress over the past 13 years since 9.11. Imagine how much more we can accomplish by exercising a mindset of partnership and collaboration rather than working separately toward the same goals. By adapting this model to managing security, we will ensure that commercial aviation’s second century is even more successful and secure than the first."