Airport Infrastructure Security Towards Global Security. A Holistic Security Risk Management Approach.

Transcription

1 Airport Infrastructure Security Towards Global Security A Holistic Security Risk Management Approach

2

3 Airport Infrastructure Security Towards Global Security This white paper discusses current security issues in airport infrastructures (new, existing, expanding, commercial passenger, general aviation, major cargo or multi-modal) and suggests a holistic security risk management approach to manage security risks to an acceptable level whilst optimizing financial investment. Thales proposes to follow this approach during airport projects like planning, design, construction, renovation and assessment. Inclusion of airport security expertise early in the planning process will result in a better-coordinated and more costeffective approach to security. Threats Upon Commercial Aviation The security and economic prosperity of a country depend significantly upon the secure operation of its aviation system and use of the world s airspace by the country, its international partners, and legitimate commercial interests. But a weak security could pose a threat to the safety of the aircraft or those who board it. Terrorists, criminals, and hostile nation-states have long viewed aviation as a target for attack and exploitation. These types of attacks, which are increasing around the world, considerably have altered the views of the countries on how to secure and protect their population, borders, and critical assets; they have also considerably have highlighted the need to take immediate actions to reduce the likelihood and impact of future attacks. Successful attacks in an airport can inflict mass casualties and grave economic damage, and attract significant public attention because of the impact on the modern transportation system. As a result, threats on airports are becoming more probable, and their impacts are increasing. Airport security forces are now facing new unconventional opponents such as terrorists (international and national), activists, pressure groups, single-issue zealots, insurgents, disgruntled employees, or criminals, whether white collar, cyber hackers, organized or opportunists. These opponents are using different attack means including car suicide bombing, man-portable air-defense systems (MANPADS), improvised explosive devices (IED), ambushes, hijacking, kidnapping or hostage taking, attack with armed hands, hacking and information warfare. 3

4 > These attacks can be complex and coordinated and can exploit a combination of physical, logical (information technology), environmental, organizational and human weaknesses. Most probable threats on airports are: Panic creation technologies (noise, smoke, fire crackers, etc.). High-yield vehicle bomb near passenger terminal (VIED). Lower-yield explosive device in passenger terminal. Armed hijacking, hostage, or barricade situation in passenger terminal. Chemical or biological or radiological agents release in passenger terminal. CBRN agent release in, or going through, the cargo terminal. Dirty bomb or nuclear materials hidden in freight cargo. Theft of passenger properties. Incendiary materials. Ballistic attacks against aircraft landing or taking off. Cyber attacks. Insider sabotage. Equipment sabotage (Including airplanes). Infrastructure sabotage. Improvised explosives devices (IED) detonated in or near fuel facilities. Improvised explosives devices near or in Operations Control Center. Improvised explosives devices put on an aircraft. Sabotage of vehicles. Sabotage of utilities or maintenance facility. Sabotage of aircrafts. Illegal immigrations. Traffic of unauthorized materials (drugs, arms, ammunitions). Aircraft hijacking. Man Portable Air Defense systems. Taking hostages in airport terminal (raising the fear and tension of families and those watching through the media, and then ending in destruction, which is all filmed). While it is not possible to expect to eliminate all threats upon commercial aviation, there are some possible solutions that can be implemented to reduce aviation-related vulnerabilities and enhance the layers of defense directly exploited by criminals and terrorists. A baseline security doctrine is formalized in different regulations that are followed internationally. 4 National and International Regulations In Airport Infrastructures Airport infrastructures security is governed by local regulations, which are inspired by national and international standards: On the international level, the International Civil Aviation Organization (ICAO) has produced an international standard and recommended practices related to security i.e. Annex 17 Security - Safeguarding International Civil Aviation against Acts of Unlawful Interference and Annex 9 Facilitation. In addition the International Air Transport Association (IATA) defines rules for airlines to ensure that new and enhanced security measures are effective and internationally harmonized, and minimize disruption to passengers and shippers. On the European level, the European Civil Aviation Conference (ECAC) is in charge of refining international level rules into a more detailed standard and to organize the inspection of airports to check their conformance to the ECAC standards. At the US level, the Transportation Security Administration (TSA) has produced multiple security codes and procedures (Code of Federal Regulations, CFR) in collaboration with the Department of Homeland Security (DHS). On the national level, each country has to implement the international standards, taking into account national laws. In practice, it introduces another level of refinement, which makes the rules more precise and more constrained, and guides the design and processes of the airports. On the airport level, national and international regulations are put into practice, taking into account the specificities of each airport, which is formalized in the Airport Security Master Plan.

5 These international conventions and regional standards (ICAO, IATA, EU, US, etc.) define the security controls that should be implemented, including: Security organization. Aircraft safety (ICAO, EUROCONTROL, CANSO). Airport security standards, operational audit and compliance (ICAO, ECAC, EC). Technical standards and recommended practices (ITU, ISO, IEEE, IETF, EIA, CITT, NEBS). The regulations recommend securing the critical assets of the airport but they are not listed explicitly. Airport Critical Assets The potential threats are directed against the whole airport but will have more impact when they target their critical and strategic assets. Some assets are obvious targets to attackers: Passengers and visitors. Aircrafts (with or without passengers aboard). Passenger and VIP terminals. Cargo and mail terminals. Airport traffic control tower. Parking garages. Fuel Facilities. Airlines buildings. Airport information systems. Power supply facilities. Prepared and aware attackers could target building component assets that are critical to the continuous operations or to emergency operations: People like employees, contractors, vendors, nearby community members, and others who come into contact with the airport. Aircraft rescue and fire fighting facilities (fire station and sub-fire stations). Airfield support lighting. Runways. Fuel storage and fuel delivery systems for aircraft. Air traffic support facilities (tower, radar, weather station, communications). Airport Management Center. Security Management Center with command and control rooms. Airport Emergency Command Post or Crisis Management Center. Emergency generators, including fuel systems, day tank, fire sprinkler, and water supply. Water source and drainage systems. Critical distribution feeders for emergency power. Electrical substations including both external services and on-airport generation and distribution systems. UPS systems controlling critical functions. Heating, ventilation and cooling (HVAC) for passenger terminal and facilities. Main refrigeration systems that are critical to building operations. Elevator machinery and controls. Shafts for stairs, elevators, and utilities. Navigational and communications equipment. Main switchgear. Telephone distribution. Telecommunications (voice, video, data) including external wired and wireless services as well as on-airport networks and trunked radio systems used for public safety functions. Belly cargo facility. All-Cargo Area. Passenger s baggage. Landside parking garages. Catering. Airport personnel offices. Airlines offices. Emergency access and roads. Railway, roadway or vehicle access way and surrounding waterways or intermodal transportation facilities. Therefore, the security measures of these critical assets should be adapted to the threat level and so to the security risk level of the airport. 5

6 > Threat And Risk Assessments A threat is an action, which may cause harm in the form of death, injury, destruction, disclosure, interruption of operations, or denial of services. Threat assessment defines the level of the threats against critical assets by evaluating the types, means and possible tactics of those who may carry them out. In a threat assessment it is important to be aware of national threats and to identify the threats specific to the airport and to the airlines serving it. For in-depth analysis, it is also interesting to identify the history of criminal or disruptive incidents in the area surrounding the airport, but not primarily directed toward the airport operations. A risk is a combination between the probability of the threat and its potential impact on a critical asset. In order to define a defense strategy the security risks need to be assessed. Holistic Security Risk Management The objective is to define a security program based on a collective effort that seeks to reduce the likelihood that passengers, airport personnel, facilities and materials shall be subject to any kind of attack, and to be prepared to respond to the consequences of such attacks should they occur. This section describes the security management process to mitigate the risks and to develop a security program. Risk assessment starts with the identification in the airport of the threats, the critical assets and the vulnerabilities. Then security risks are prioritized. For each major security risk that needs to be managed security objectives are defined to support the security doctrine: to detect, to delay and to intercept. Security solutions are then implemented. This is a complex task and therefore a holistic security risk management methodology is required to enable all security risks levels to be identified, whilst also evaluating the existing technology (which should cover logical, physical and environmental issues), organization and human factors security solutions. The first step is to set up the internal organization to pilot the risk management process and to define the scope and objectives of the Security Committee and the Security Working Groups. The organization should be based on: Security Committee, the SC includes top management that develops security strategy, provides guidance, direction and cooperation. Security Working Groups, the SWG take actions, provide inputs and feedbacks. They develop and recommend policies, prepare planning documents, conduct risk assessments. One of the SWG is the Threat WG, which consists in Counterintelligence representative, Law Enforcement representative, Information Operations representative and the Chemical, Biological, Radiological, Nuclear and High Yield Explosive (CBRNE) representative. Larger installations may include additional personnel as assigned by the SC. The objective of the security organization is to make sure that the quality of the security management process is maintained using the PDCA model: Plan: Establish or update the Security Master Plan to improve security. Do: Implement and operate the actions defined in the SMP. Check: Monitor, review the actions and report the results to decision makers. Act: Maintain and improve the actions. 6

7 The management of security risks includes evaluating risks, developing solutions, making decisions, implementing solutions, supervising and improving the security level. These are essential follow-through actions of the risk management process. A careful review of the prevalent security risk environment and consideration of minimum applicable security measures prior to final decision will help to determine an airport s most appropriate security strategy and so the operational concept to put in place. If the decision is to mitigate the risk, security objectives are defined. Then the security solutions (based on technology, organization or human factors) should be provided (based on risk priority and objectives). detected. These measures aim at analyzing alerts, follow-up response procedures and form a crisis management cell as required by the severity of incidents. Recovery: All measures to be taken into consideration to restore the damaged system to its normal operating status (the system prior to the incident). The recovery is essential to ensure the business continuity of the operations. Based on interviews, site surveys and documentation, the following areas have to be addressed: Threat Assessment i.e. Define alert levels, identify the threats and evaluate probability. Criticality Assessment i.e. Identify critical assets and define asset criticality levels. Vulnerability Assessment i.e. Identify vulnerabilities and evaluate criticality. This includes manpower and security force protection assessments. Risk Assessment i.e. Identify and evaluate the risks based on previous assessments conclusions. Those solutions are categorized as prevention, detection, response and recovery. Prevention: All measures to be put in place by the organization to limit the probability that a security incident will take place. This should aim to define the risk context of the airport, the policy framework, the expected communication and operational loop, the level of control desired and the implementation plan. Detection: All measures to be put in place to detect an incident. The priority is the implementation of intrusion detection systems, the logging infringement on airport infrastructure and the daily monitoring of security activities. Response: All measures to be followed to minimize the impact once an incident is Appropriate security solutions should be implemented through a series of actions including: Prioritization of recommended security solutions. Planning implementation and funding of security solutions. A suitable airport security system should: Rely on multiple security measures. Guaranty effectiveness in all airport areas. Be deterrent to prevent any unauthorized activity. Be regularly checked and maintained. Be proactive to be unpredictable. Log activity. After identifying and implementing additional countermeasures or mitigation efforts, it is essential to recalculate the risks. A risk management scorecard is appreciated. A yearly complete risk assessment is recommended. Whenever a risk is identified, the management analyses and decides whether the risk should be controlled, ignored, insured or accepted. 7

8 > Airport Layout The general layout of an airport consists of three areas, generally referred to as airside, landside and terminal, which have their own special requirements. Though there are other important areas in the airport infrastructure (i.e. all-cargo area, general aviation, etc.) they are not detailed in this section. The airside of an airport is where the operations of the aircrafts take place. Typically, the airside is beyond the screening checkpoints and restricting perimeters (fencing, walls) and includes runways, taxiways, aprons, aircraft parking and most facilities which service and maintain aircraft. Airside security relies on physical barriers, identification and access control systems, surveillance or detection equipment, the implementation of security procedures, and efficient use of resources. These security measures prevent risks of unauthorized access to, attacks on, or the introduction of dangerous devices aboard, passenger aircraft. The landside of an airport is the area where there is no specific restriction of access. Typically, the landside facilities include public parking areas, public access roadways, rental car facilities, taxi and ground transportation staging areas, and any on-airport hotel facilities. Some critical assets, clear areas and communication requirements needs particular security measures implemented in the landside, such as an airside fence, aircraft approach glide slopes, communications and navigational equipment locations and noninterference areas, and heightened security in some buildings. Landside monitoring areas should include terminal curbside areas, parking garages, public transportation areas, loading docks and service tunnels. Life safety measures could include duress alarms, emergency phones and medical equipment. An airport terminal is designed to accommodate the enplaning and deplaning activities of passengers. The terminal is typically the area of the airport with the most security, safety and operational requirements. 8

9 Airport Security Objectives Airport security should be based on applicable national and international regulations and policies to ensure the protection of the general public, airport and airlines personnel, and assets (including physical and information systems and data). This baseline security should be completed by a holistic security risk analysis to adapt the security level to the local threat environment. As stated by ICAO, high priority should be placed on protection of the aircraft from the unlawful introduction of weapons, explosives, or other threatening articles. From a business airport manager point of view, all the critical assets of the airport need increased security should an attack occurs. As a consequence, the airport security objectives derive from the results of the risk analysis and the regulations. This section describes common airport security objectives but should not be limited as all airports have different missions and layout. Examples of security objectives include: An airport security organization shall be defined and organizational procedures shall be formalized. Site layout shall be based on operational and security requirements. Airport location shall be chosen so that surrounding airport areas shall not be a potential danger due to cascading effect. Location of all critical assets of the airport shall be analyzed. All critical assets shall ensure physical resistance to blast effects (blast mitigation, standoff distance, placement of screening checkpoint). All terminals shall have CBRNE detection and HVAC protection. Areas for quarantine, detox, chem-bio screening of people and vehicles shall be defined. A security boundary shall be implemented between public and secured areas (physical barriers, patrols, surveillance / CCTV, sensors) The access to airside and secure areas shall be controlled (people, vehicle, deliveries, etc.) and unauthorized access detected. The perimeters of airside and other secured areas shall use common security technologies based on physical protection (to delay), intrusion detection system (IDS), video surveillance (CCTV), tracking of people, vehicles for interception, and patrol roads. Moreover, it shall include gate monitoring (controlling people and goods) with CBRNE detection, analysis and recovery disposal, and should be reinforced with unmanned vehicles; all these measures supervised from a command and control room with tactical situation display. Airside roads shall have restricted access to authorized vehicles. The airside perimeter roads shall provide unobstructed views of the fence and maintain fencing clear area, positioning of roads shall consider patrols, maintenance access, emergency access and routes. The aircraft shall be protected against sabotage, intrusion of explosive or any unauthorized material. Landside roads shall include preterminal screening capability, CCTV monitoring for security and safety, and minimize proximity to airside. Natural barriers may provide time and distance protection like bodies of water, expanses of trees, swampland, dense foliage, cliffs, and other areas difficult to traverse. Contingency plans shall be evaluated from an infrastructure interdependencies perspective and enhance coordination with other infrastructure providers (e.g. electric power, telecommunications, water, transportation). According to their roles and responsibilities airport and airlines personnel shall be aware of security risks, be trained to respond to incidents (i.e. trained to detect weapons, explosives and CBRN products) and educated to analyze complex situations (i.e. Psychological profiling through cameras and covert observation at different areas of the airport). A security awareness program shall be developed for airport employees. Background investigations shall be conducted for new hires and periodic updates for current employees (specially for those with access to planes and secure areas.). A hiring policy shall be defined. Structured security requirements for critical suppliers and partners shall be implemented. Security policies and procedures shall be formalized and communicated to airport and airlines personnel. Gate-Keepers shall have fast online updates on current threats. Fast response teams shall have the right equipment, be stationed in critical areas and provide both visual and covert security protection. In the event of a terrorist act of any kind, emergency evacuation and protection system shall be in place together with trained personnel to assist the innocent crowd. ID management for all airport and airlines personnel shall be implemented to efficiently manage both the issuance and cancellation of ID access cards. This includes the access right management (level of security-zoning-person authorized) and its connection to the HR database (new or leaving employees, employees changing jobs that require a different access to security zones, etc.). As such, access control needs to provide different levels of security for staff, authorized personnel and visitors. An efficient security screening of baggage, passengers, cargo, mail and catering shall be provided. The screening of personnel and supplies entering secure areas and airside shall be conducted. Facilitation shall be improved and queuing time for the screening process shall be minimized. A real time communication system shall be provided to all the security personnel. The information systems and network architecture shall be secured against unauthorized use or access. Critical information shall be secured according to the needs of confidentiality, integrity and availability. 9

10 > Recommended Security Solutions The security solutions should conform to the security objectives. Key security concerns focus on the protection of the critical assets. Security solutions are based on organization, human factors and technology. The Airport Security Working Groups should include the affected aircraft operators and tenants, local emergency response agencies, aviation security and any other regulatory officials. The organization of a security program should include cooperation between: Airport Law Enforcement (Customs, Police, Intelligence, Military). Emergency Response Agencies. Safety authorization agencies (fire, building). Operations and Maintenance Personnel. Freight and mail operators. Catering suppliers. Other End-Users. The application of physical security equipment and structures (barriers, access control, screening, and detection equipment) is fully effective only if supported by similarly effective human procedures. These include access and identification (ID) media systems, personnel security training and procedures, maintenance training and procedures, as well as constant supervision and vigilance. The local police (or the military) departments may collect and compile information about criminal activity on or against property under the control of the airport, provide crime prevention information programs and intelligence, and conduct crime prevention assessments in cooperation with appropriate law enforcement agencies. Security measures are supported by employees motivation and skills. As a result awareness, training and education are airport security concerns. These programs could be used not only to improve levels of security but could assist employees to progress in their careers and be recognized in the aviation industry. The purpose of awareness presentations is simply to focus attention on security. Security awareness training should be provided to all people working on the airport. Awareness is a key ingredient in the management of security risks. The security awareness program objectives are: To give employees who are relatively new to the field of aviation security a general overview of the current trends and issues in security and best practices for managing these issues. To ensure a strong understanding of the current security landscape. To inform managers who are not directly concerned with security issues (those who are in legal or finance departments for instance). Security training should be provided to the security professional employees. The objective is to produce relevant and needed security skills and competency by practitioners of functional specialties. The training program should make sure that: Each professional employee has the appropriate and up-to-date security knowledge, technical skills, and abilities specific to the individual s roles and responsibilities. They have the foundation of key security terms and concepts. Employees know how to mitigate common security risks i.e. to have the correct response in case of an unusual event. They follow the Airport Security Master Plan rules and procedures and attend specific training courses. Security education should be provided to the security expert employees (for example for some supervisors and all security managers). The Education level integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multi-disciplinary study of concepts, issues, and principles (technological and social), and strives to produce security specialists and professionals capable of vision and proactive response. The education program should make sure that: Each professional expert is focused on developing the ability and vision to perform complex multi-disciplinary activities and the skills needed to further the security profession and to keep pace with threat and technology changes. They understand complex threat situations. Each expert is able to response to any type of unusual and complex events (known as Holistic risks) with efficient and effective measures. Each expert understands international and national regulations. Each expert attends specialists courses on security issues (political, legal, social, technology). 10

11 At last, technology is one of the key factors of security solutions. Based on a good organization and trained people, technology can ease risk mitigation. Technology choice factors include: Security risk mitigation factor. Equipment cost. Installation cost. Maintenance cost. Effectiveness. Functionality. Space requirements. Technology security solutions could include: CBRNE detection in landside and HVAC terminal. Equipment for biological and chemical attacks. Explosive and trace detection. Biometric and contactless smart badges access controls. Airside vehicle localization and tracking. Airside surface conflict alert. Physical perimeter sensors like optical fiber, microphonic, seismic, electromagnetic and pressure sensors and taut wire to detect vibrations and sound, infrared and microwave barriers (i.e. a smart fence system). Baggage Screening. Passengers screening. X-ray and microwave screening. Boarding control. Duress alarms. Radar and long-range IR camera. Scanning sonar and hydrophones. Day/night CCTV cameras for motion detection and target tracking. Intelligent CCTV systems that automatically raise alerts regarding unusual or suspicious behavior. Vehicle licence plate recognition in parking. IT LAN security with firewalls and anti-virus. Secured WLAN network. Secured public Web sites. Data encryption. ID management information system. Secured communications for portable mobile radio (TETRA). UAV. Non-lethal weapons. 11

12 > Typical Thales Scope Of Work Thales can assist airport organizations to start a risk management process and to formalize or to update the Airport Security Master Plan. To do so, Thales has defined a Scope Of Work based on the security risk management process. This SOW is scheduled in five steps, as described in the figure below: The original step is to define the perimeter of the SOW. Thales considers the following actions: Meet senior management. Understand the business objectives. Set up a Security Working Group to review and validate the intermediate results during this SOW. Define the scope of the System that will be concerned by the SOW i.e. one section of the airport or the complete airport environment. Outputs: Definition of the Security Working Group. Formalization of the scope of the System. Formalization of the planning of the SOW. The original step is to define the perimeter of the SOW. Thales considers the following actions: Meet senior management. Understand the business objectives. Set up a Security Working Group to review and validate the intermediate results during this SOW. Define the scope of the System that will be concerned by the SOW i.e. one section of the airport or the complete airport environment. Outputs: Definition of the Security Working Group. Formalization of the scope of the System. Formalization of the planning of the SOW. The next step is to analyze the security risks existing in the System. Thales considers the following actions: Visit the System. Undertake the threat assessment, the criticality assessment and the vulnerability assessments. Do the risk assessment. Select risks to accept, to ignore, to control or to insure. Propose security objectives. Recommend mitigation security measures. Outputs: Security risk analysis results report. 12

13 Based on the decisions of the SWG, a strategy is decided and a Security Master Plan is formalized to define the security doctrine and the operational concept. Thales considers the following actions: Define a security doctrine and an operational concept. Formalize the Security Master Plan. Plan implementation of security solutions. Calculate the return on security investment (ROSI). Outputs: Security Risk Management Methodology document (adapted to the organization). Security Master Plan document. Security doctrine and operational concept document. Implementation plan report. Return on security investment report. The last step is the design and the implementation of the actions described in the Security Master Plan. Thales considers the following actions: Define a new security organization including the Security Committee and one or more Security Working Groups. Develop operational security procedures including crisis management, incident and antiterrorism responses. Design security control rooms. Define a training policy and develop a training program i.e. operational and technical. Implement physical security i.e. barriers, video surveillance, intrusion detection systems, access controls, etc. Implement information technology security i.e. LAN and WAN network, Information system architecture, server hardening, etc. Implement communications security i.e. confidentiality, antijamming, resilience, etc. Implement individual protective measures including personal protection measures for personnel and family members. Develop specific software to produce daily scorecard of the risk situation (with geographic information system support). Develop resilience solutions based on technology and organization Maintain the solutions participating in the Do-Check-Act process. Outputs: Implementation and maintenance of the security solutions. To support this SOW, Thales has developed a specific software CASRIM i.e. Critical Asset Security RIsk Management. CASRIM helps Thales engineers to analyze the situation and produces graphical outputs of the risk analysis. 13

14 > Benefits Determining the risk is essential since the management must understand the threats, what assets are most important to protect, and which of these assets are most vulnerable. Assessing security risk provides the criticality of an asset in relation to the threats and the vulnerabilities associated with it. This helps the management balance threats to vulnerabilities and the degree of risk that the management is willing to accept by not correcting, or perhaps being unable to correct, a vulnerability. For any threat, the management shall manage risk by developing a strategy to prevent incidents, employ countermeasures, detect suspicious activity, response to alerts, mitigate the effects of an incident, and recover from an incident. The result of using a holistic methodology of this type ensures that minimum appropriate investments are directed into security solutions to reduce identified risks. In addition, as the security technology, the organizations objectives and the processes are all linked, efficiencies can be gained whilst still remaining secure. Security features that have been factored into initial airport facility design are more likely to be cost-effective, better integrated and more operationally useful than those superimposed on existing structures through add-ons or change orders. Likewise, security features which have been coordinated early in the planning and design process with the airport architects and other concerned regulatory bodies, as well as with airport organizations (airport tenants and aircraft and airport operators) and end-users (law enforcement, public safety and regulatory agencies, and airport operations and maintenance personnel) are more likely to be well received and accepted, and thus more widely used and successful. 14

15 Airport Infrastructure Security Towards Global Security Conclusion By implementing a holistic security risk management methodology, security solutions can be adapted to the changes in threats and security risks, and the levels of investment can be adjusted in accordance to the protection required. The airport infrastructure is highly complex, with countless potential weak links that are subject to security breakdowns. Airport security should reflect the risk status and financial resources of an airport. Smaller airports have limited funding and have to plan their security projects with an eye toward simplicity and manageable cost. The methodology developed in this white paper is scalable and can cover from one single area to the entire airport infrastructure starting with the passenger terminal, the cargo and mail terminals, the facilities then on to the complete airside and landside. Philippe Bouvier Security Consulting Thales - Security Solutions & Services Division Organizations from around the world are already benefiting from the use of this methodology including national airport authorities, energy and water companies, military organizations, financial institutions and transportation companies. Thales brings together decades of experience in the aviation industry and significant depth of knowledge of security systems from its core competencies in defense and civil businesses. Thales is an unrivalled security risk analyst for the airport industry. If your organization would also like to reduce overall security costs, improve the efficiency of security investment and measurably reduce security risks then please contact your local THALES representative for more information. 15

16 Thales Security Solutions & Services Division Security Systems rue Grange Dame Rose CS Vélizy Cedex - France Tel: +33 (0) January Photos: Thales, GettyImages