Traditionally, safety and security have been considered two distinct domains. Risk assessments based on identified hazards and threats were conducted in isolation and often not shared between the relevant practitioners. Recent events have caused a paradigm shift towards integrated risk management, that considers both safety and security elements in a cohesive manner. ICAO began promoting this concept in recognizing the need for providing further guidance and assistance to States.
The definitions of safety and security are complex, given that they can be debated from many disciplines and a variety of angles. As standard practice, ICAO defines terms in the Annexes to the Chicago Convention when the terms used are not self-explanatory or they do not have accepted dictionary meanings. Annex 17 defines security as “safeguarding civil aviation against acts of unlawful interferences”, whereas safety is defined in Annex 19 as “the state in which risks associated with aviation activities, related to, or in direct support of the operation of aircraft are reduced and controlled to an acceptable level”.
According to these definitions, safety is limited to the consequences of safety risk, whereas integrated risk is the combination of security and safety factors. To provide accurate foundations for developing integrated risk management principles, both approaches should be considered.
In the security domain the correlation to hazards are threats. Whereas hazards are somewhat quantifiable, threats tend to be less so since they are a function of capability and intent. Threats have a strong sociological component to them and are often better defined in qualitative ways. Furthermore, based on the qualitative assumptions of their components, a threat may be defined as confirmed, credible or non-credible. The frequently confidential nature of threats makes a wider sharing of information related to security concerns tougher, and duty of care must be applied when analyzing their data. The aggregation and de-identification of security data is a necessary prerequisite for any wider and more public analysis.
The inherent difference between hazard and threats is the element of intent. What they have in common is that both can result in consequences that present potential risks. This risk is defined as the predicted likelihood and impact of the consequences of hazards or threats, taking into account mitigation measures and vulnerabilities. Based on these commonalities, it can be argued that it is better to combine the sectorial risks in order to evaluate an overall operational risk. This thinking allows for a better analysis of cross-interference between safety and security measures that could result from competing mitigation measures.
A recent scenario that would have benefited from an integrated approach to the management of risk involved the implementation of reinforced cockpit doors to address security concerns – which eventually led to a safety discussion.
The intent of integrated risk management is to look at the overall risk of an activity, and to determine if this risk is acceptable to the user. In simple terms this means that it doesn’t matter if an unintentional (safety) or intentional (security) component is compromising the integrity of the air transport system.
Communication is an important factor in integrated risk management given that it needs to be presented in an easily understandable format and must be readily accessible. Furthermore, the integrity and confidentiality of the communicated information is paramount to the building of trust and credibility. One technical solution to meet these requirements involves the application of Blockchain technology.
One tool that would include all these requirements and support integrated risk management mechanisms, would involve the development of a comprehensive Hazard and Threat Register. Such a register could initially display real-time information on hazards contained in the global NOTAM database, meteorological hazards reported through METARS, as well as threats from an early warning cybersecurity system. Each of these types of information could be further analysed and tagged according to a set of specific taxonomies to provide a more granular first level analysis.
In addition to this real-time data, the Hazard and Threat Register could also include information that may not be real-time but is still considered valuable (i.e. reported security incidents and safety oversight results). Since all the data would be associated with a specific airport, it could be aggregated to develop a risk profile for each airport. Furthermore, the airport risk profile could be used to develop a risk index and provide a simple, but meaningful way of to make risk comparisons with other airports and facilitate benchmarking at the national, regional and global levels. This system, with the intention to eventually develop an integrated risk information solutions, is currently being prototyped by ICAO.
About the authors