Avinor AS is a state-owned, limited company operating most of the civil airports in Norway. The airports within Avinor vary from very small local airports to larger airports. Oslo is among Europe’s 25 largest airports with 28 million passengers (2019), and Bergen Flesland, with 6.5 million passengers, is one of Europe’s 100 largest airports. The company also operates several medium-sized airports and many small airports. Avinor’s distributed airport structure has revealed the legacy challenges associated with using airport security systems from different vendors, and this structure has driven the cost of operating these systems.
Avinor has a clear strategy of exploiting technology possibilities and, in 2019, took the initiative alongside ACI Europe to create an industry open architecture for airport security systems. The first version of a document describing open architecture in airport security has since been released by ACI Europe after contribution from some of its key members. The document is now supported by all the major airports in Europe, some airports in Asia/Middle East, authorities from US, Canada, UK, New Zealand, Australia and Germany… and support is growing.
IATA has been briefed about developments so far and invited to participate in future discussions. Having common standards and common guidelines for open architecture within aviation would potentially benefit information sharing between airports and airlines, as well as between different airports.
For years airports around the world have met the increasing demand for security controls with new hardware that is locally installed, operated and maintained. The vendors within the airport security industry have traditionally not cooperated, rather they have competed for customers eager to satisfy regulatory requirements and looking locally for the best performance-price ratio within defined areas.
The focus has been more on fulfilling specific criteria than exploiting the possibilities of using systems from different vendors to create better security solutions. But what does ‘better security solutions’ imply? First of all, it suggests the use of systems that are ‘best in class’, which are easily integrated with systems from different vendors; secondly, the possibility for new innovative solutions to be implemented on/alongside legacy systems; thirdly, the possibility to share data between system and airports, and finally to have one system for monitoring and maintaining systems and users across all platforms.
Fundamentals: standards and open architecture
Traditional airport security systems have not been well-adapted to the connected world. It is not easy to share data, it is not easy to manage users, and it is not easy to monitor solutions across systems and vendors. The current situation impedes the implementation of new solutions and prevents the use of new technologies such as artificial intelligence, machine learning, or even simply sharing data between airports or other interested partners.
Having common standards is important for data exchange, interoperability and user-management, but the whole architecture needs to accompany modular thinking. That is why initiatives such as ACI’s ‘Open architecture for airport security systems’ are so important. The ‘Open architecture’ paper is an important foundation for moving forward, and a help for vendors that want to accommodate present and future airport requirements.
Open architecture can be viewed as a plug-and-play approach to airport security systems.
Avinor: challenges and possibilities
For many years, Avinor, similar to most other airports, procured equipment for individual airports or terminals without concern for how data could be easily exchanged between airports, how security personnel could spend their time more efficiently, or how new technology could improve the solutions. This resulted in Avinor using numerous different vendors of airport security equipment – X-ray systems, security scanners, and automatic tray-return systems.
There are a number of factors that cause airports within the Avinor group to differ from one another; for example, peak times may differ. Smaller airports may be more affected by events, such as when cruise ships arrive in ports serving towns in the far north of Norway; this can result in many flights around those times of the day. Scaling the workforce to address uneven passenger volumes throughout the day is challenging. In addition, the availability of the necessary workforce may vary between regions and may be impacted by factors such as the arrival of flu season. Avinor wants to use technology to better remotely support the smaller airports and be able to take advantage of available security resources between departures/arrivals at each airport.
In the future, all screening, both of carry-on and hold baggage, will be carried out using remote screening. This means the vendors in different locations must adhere to standard image formats and standard communication protocols. The user interfaces and the relevant business logic should ideally be the same, no matter where the input comes from, or who the vendor is. This would mean that the users would not have to learn several user interfaces. Additionally, the remote screening user interface and business logic must communicate back to relevant parts of the system; for example, for the re-checking of carry-on baggage.
Figure 1 (above) illustrates three different airports. If all the airports are able to share baggage data, it would be possible to develop a common screening solution that serves all the airports. A format that is proposed to facilitate the sharing of such data is DICOS. The screening centre could be located at one of the airports; one can also imagine virtual remote screening centres being independent of the actual physical location of the checkpoint. Compared to local screening, remote screening will enable the more effective use of the workforce and subtantially reduce operating costs.
Major European airports are hubs for passengers from within Europe and third-party countries. As a hub has a large demand for re-screening of hold baggage, this requires investment in screening equipment. If data can be shared, it means the hold baggage data, including images, could be collected once and then be made available to airports and other parties, such as the airlines, customs, and police worldwide.
Figure 2 (above) illustrates the security image data collaboration possible if a passenger’s journey involves a hub. It could be a passenger travelling from, say, Oslo to Sydney, using Heathrow as a hub. If the hub airport, Heathrow, could access the X-ray or CT image for the passenger’s hold baggage taken at Oslo, Heathrow could still perform screening using that image data. For the passenger, this would mean less hassle at the hub airport. It could also mean shorter transfer times.
If the destination airport, Sydney, has access to the X-ray or CT image data from Oslo, it could do much of the screening before the passenger lands in Sydney. Algorithms could be implemented to help identify prohibited items, restricted food or indicators of wildlife trafficking and could be performed when the passenger is hours away from landing in Sydney. For the passenger, this could mean a shorter time in the arrivals process and a better passenger experience.
Airports within such a distribution system could invest in IT equipment with necessary algorithms, rather than X-ray machines.
Monitoring and Maintenance
Today, monitoring and maintenance personnel have different user interfaces for each of the different systems. What they can actually monitor is therefore dependent upon the specific vendor. In the future, we envision a solution where the users have the same front-end and where they are monitoring all security systems from different vendors. The responsibility of the vendors will be to provide the maintenance and sensor data from the equipment. Relevant data, such as how many images have been taken, the temperature at different places in the system, the number of systems in use, and the health status of the whole configuration can be included. This will give opportunities to perform preventative maintenance. If certain temperature rises consistently relate to equipment failure, one could change the failing part before it actually fails; the consequence of a failure happening in peak hour is much more serious than at other times. A part that is expected to fail within a short time could be changed at a convenient time. Unscheduled downtime would be reduced significantly.
Regulations related to competence and the necessary training to operate security equipment is often gathered in different databases belonging to the different sub-contractors. Additionally, every vendor has their own user database, which does not necessarily take into consideration the demands of the regulations. This means that a user is often registered in several databases, and must log on to the various databases using different user IDs and different passwords.
If the vendors can integrate user information using Active Directory Federation Services (ADFS), or similar technology, this would save time, enhance security, reduce cost and ensure that only personnel with the right training can access the system.
Data, Security and Integrity
Having multiple user databases represents an IT security risk. Different password rules, expiry periods and a high turnover of personnel make it challenging to keep an updated database. Integrating the systems would reduce IT security risks.
When it comes to sharing data, there are some cyber security issues that must be addressed; for example, how do we prevent unwanted access? How do we protect data against unauthorised manipulation? In the open architecture document for security systems, ACI Europe provides guidelines containing recommendations on cyber security; a good starting point. Specification for distribution and cooperation has not yet been developed, but this is certainly an area that is expected to be addressed in later versions.
Potential in Risk-based Security Screening
Collecting information and the clever use of the combination of the data could lead to significantly better security screening at airports. DICOS is the standard format developed for the security domain and has the intention of being the common format for gathering data about one person from different sources. Today there are numerous examples of cases where implementation is not practical, due to a lack of systems supporting standards such as DICOS.
Pre-travel information could influence security screening. This could be data such as a passenger’s destination, because both hub and destination may affect the screening required. Airport-collected data could be behavioural analysis performed by artifical intelligence. People behaving unnaturally or being unusually stressed or nervous could be screened in greater detail; the behaviour could be an indicator of a passenger carrying dangerous items, drugs or endangered wildlife.
In light of COVID-19, security screening could possibly also benefit from having separate security screening lanes open to passengers that can provide documentation relating to immunisation against certain viruses or diseases. Additionally, airport-collected data could also include passenger health data, such as body temperature, which also could serve as a qualification criteria for security lane selection. If this data follows the passenger from the departure to the destination airport, it would also be possible to observe rising temperature in the hub or at some point en route.
Handling passenger health data, such as that relating to COVID-19 vaccination, will certainly benefit from standardisation, and it is expected that this will be discussed in future versions of DICOS, as well as the ‘Open Architecture for airport security systems’. However, national regulations about the digital handling of personal sensitive data may prove challenging for gaining agreement on global standards.
Handling the large amounts of personal passenger data will require special attention to ensure privacy regulations are met. It also raises certain questions: What data needs consent from passengers to be processed and stored? When should the data be deleted? These are big issues that need to be looked into.
There are many benefits of ensuring that vendors within the airport security industry follow standards and allow their customers to use data in a more valuable way. With the current ACI ‘Open architecture for airport security systems’, airports now have a great tool to use both in their dialogue with vendors, other airports and to use specifically in procurement processes. As open architecture gets more support from airports, it opens up the market to new, smaller vendors as well, and we will see a change in pace when it comes to innovation. Open architecture can be a game-changer for the whole airport security industry.
Ole Folkestad is a senior security advisor at Avinor AS. He was educated as a software engineer in the military but has more than two decades experience within aviation. Within Avinor, his main responsibilities are security equipment and security regulations, both at a strategic level.
John (Chr. Paulshus) Christian is an IT and business development professional with almost three decades of experience, of which approximately 15 years have been within aviation. He is now an IT architect in Avinor AS, having previously held the position of head of operational IT solutions at Norwegian Airlines. John Christian has a long track record within software development, process automation, digital transformation and cost-efficiency projects. He focuses on the importance of creating value through an IT architecture and IT policy that enables, supports, and facilitates the business strategy. John Christian has a M.Sc from NTNU, Trondheim, and an MBA from Edinburgh Business School.