Dr Christer Wilkinson from AECOM, twice chairman of the RTCA airport security standards commission, reports on staff access control issues at US airports.
When travellers think of security at airports, most focus on the passenger screening and baggage control measures, as they are visible and impact them directly.
Indeed, many people think that this is all there is of consequence at airports. But past incidents on both sides of the Atlantic have drawn attention to another major aspect of airport security, namely staff access control systems. These systems, which use airport issued credentials such as security badges, control access to secure areas on the airport and control perimeter access.
Staff access control at airports in America is a local airport responsibility. Unlike other states, such as Canada, the United States places the responsibility for implementing
staff access control systems, and the credential issuance, on the airport operator. This is typically a local municipal authority, though some large airports are independent airport authorities.
This does not mean that the implementation of these systems is entirely at the discretion of the operator. On the contrary, there are a series of regulatory instruments by which the federal government controls this implementation.
These regulations specify the performance requirements, the staff background check and credential issuing
requirements, and the specific areas that have to be secured. These requirements, most of which are mandatory, are spread across a series of federal regulations, acts of congress, and security directives. Only the first two are available to the public.
But what these regulations do not specify is how to implement them. One reason for this is the great variety of airports that are regulated in the United States. There are currently 475 of these, ranging from Atlanta, with over 75,000,000 passengers a year, to many airports with only 100,000 passengers a year. Thus implementation techniques appropriate to one would not apply at another.
It was 20 years ago, after the costly and delayed introduction of the first comprehensive access control systems at airports, that the ACC (Airports Consultants Council) and the RTCA (see sidebar) recognized this “challenge”. These implementations were a consequence of the first Federal regulation for airport access control in the late 1980s.
Accordingly, these two organizations jointly set up a special committee to evaluate airport access control systems and to make recommendations and technical standards for implementation at airports within the United States. The FAA, the regulatory agency at that time, approved and actively participated in this activity and subsequently used this standard (DO 230) as the basis on which to allocate federal grants for such systems.
But how can two organizations like this presume to set up a committee and make such standards and recommendations that apply to all airports? Well, the RTCA is one of the select groups of organizations within the United States that has been authorized to set up and operate official
Federal Advisory Committees to define such standards. Indeed the RTCA has been doing this in the aviation sector for over 50 years.
This special committee published its original standard in 1995. It was updated in 2003 and again in late 2008. These updates were required for three reasons: technical progress, new regulatory requirements and scope creep. It will be no surprise that these issues are also the core of the main challenges facing airport access control systems today.
Let us start with regulatory change. These changes come in three areas:
• Changed definition of secure areas in an airport and the measures necessary to
• Changed definition of what constitutes an acceptable credential, or security badge.
• Changed definition of the process by which badges are issued to staff.
The first is an area of change, which almost by definition cannot be discussed in detail in the public domain. Suffice to state that the changes involved both relocation of access control devices and changes in the distribution and in the number of devices.
The second area can be discussed in more detail. As technology has developed, old forms of identity credential have become obsolete and insecure. Increased levels and sophistication of international terrorist activity and identity theft have moved almost the entire world towards new and more secure methods of identity documentation, such as smart cards.
In the United States the Federal government has recognized this challenge, and to enhance the security of credentials has developed two initiatives, the REAL ID initiative in the public field and the PIV initiative for its employees and subcontractors. (See sidebar).
Whilst neither have an impact on airports directly, the policy of the TSA under the last administration and under the current administration remains that they intend the airports to eventually use a new technology PIV type credential.
This specific credential was designed for use by the federal government and contractors and provides a significant improvement in security and identity verification, over conventional identity credentials, incorporating as it does, biometric identifiers and data secured by asymmetrical keys in a smart card credential, backed up by a nationwide PKI infrastructure (see panel).
However to use such a credential in access control at an airport is a very challenging proposition. No commercially available complete access control system yet supports such a credential, and to implement more that the initial transition phases of the PIV programme would require a significant update to most existing airports systems.
Given that there are probably over 350 such automated systems, with a probable total of an estimated 65,000 access control readers at United States airports, this puts in clear perspective the nature of the challenge.
Couple this with the fact that the implementation of PIV access control systems in the federal government itself is also slower than expected, and that the maritime equivalent has seen numerous schedule delays, one can easily understand the airport community’s natural unwillingness to undertake such a conversion: one for which no specific funding has been made available.
In addition to this, the process by which such credentials are issued is also the target of a change by the TSA. This process is an inherent part of the FIS 201 standard (see sidebar) on which the PIV is based. It requires a significant change, and an increase in complexity to the airport credential issuing process, compared with current practices at most airports.
At the core of this new process are two key features: an enhanced identity and background check, and the implementation of a standard controlled process for issuance of these new credentials with a trusted chain of transactions and interrelationships between computer systems certified by mean of a PKI infrastructure.
But one of the most important consequences of this approach is not just a more secure credential; it is that with a common process and a common standard, the capability of using such a credential at multiple locations is possible. This is called interoperability.
At present, for a combination of regulatory, technical and operational reasons, each airport issues its own access credentials. These initiatives allow the possibility of implementing a common identity credential, which could be used to establish identity and security clearance at any airport, and latter even a common access credential which could be used, subject to local requirements, at any airport.
At this stage there are no plans to extend an airport credential into other transportation modes. Maritime, for example, has its own programme (TWIC), which is using different technical and issuance standards.
In contrast to their earlier attempts at an airport ‘TWIC’ in the period 2002-2004, in late 2007 the TSA, recognizing the complexity of these issues, the scale of the challenge, and the need for an airport specific solution, developed a phased initiative alongside the deliberations of the third round of RTCA standard development, in 2008.
This initiative was called the Airport Credential Interoperability Solution ACIS (see sidebar). Its recommendations, although drafted in a different form, were largely those of the RTCA, but with the specific approval of the TSA.
Technical obsolescence and change is the second major challenge facing airports.
Many of the existing access systems were implemented many years ago. The last major wave of replacement of airport access control systems occurred just before Y2K. Some of these systems are now old, use obsolete technology and are expansive to maintain and upgrade. In addition many of them are still proprietary in nature.
The upgrade of these systems, both to simply achieve current functionality using newer equipment, and to allow the incorporation of newer technologies to provide additional functionality is not a trivial issue.
Airports typically implement these systems as part of capital improvement projects. But the replacement cycle of such systems at about seven years, does not match those of normal capital projects, which is much longer.
In addition, contrary to public opinion, the prime cost component of an access control system is not just the credential readers, but is frequently the communication infrastructure to support such systems. Unfortunately this is also often the most difficult and costly component to implement.
Finally, there is the challenge of scope creep. This reflects the fact that over the years the complexity and scale of airports has increased significantly and thus access control systems have to move commensurately with this change.
With this scale and complexity increase comes an equivalent operational increase in complexity to effectively control and monitor these new systems and operations, and has lead the airports to adopt ever more intricate operational models. This is clearly manifested in four areas.
Firstly the concept of a single point of command and control, typically called a Security Operations Centre (SOC) has become the accepted model. Based on military models, this centre provides a focus of management and control for all airport security systems.
Over the years these centres have become progressively more complex both in an attempt to respond more effectively to security incidents, and to reduce security staff requirements in the face of a universal desire to cut costs in the aviation industry.
Secondly, a significantly enhanced use of video. This, or to be more specific CCTV, has become a ubiquitous visible security measure worldwide. For airports it provides the ability for remote surveillance, incident assessment, and forensic event analysis. Even small airports in the United States can have hundreds of CCTV cameras located strategically around the airport.
To assist in the management and operation of these CCTV cameras there has been a steady migration to digital rather than analogue video, and corresponding developments in video analytics and display management and in particulate close integration with the airport access control system(s). Digital video also has some significant advantages in storage and retrieval of video clips of past events over analogue.
Thirdly there is perimeter intrusion. Perimeter intrusion has also become a key issue in recent years. Under the regulations airports are required to provide levels of security out to the airport perimeter. Within this area each secure site also has a perimeter. Many of these areas cannot be conveniently controlled by walls and conventional gates or portals. This means the installation of newer virtual perimeter technology, such as microwave and vibration detection, has become common.
Contrary to public belief, many of these systems when selected carefully and installed in the right manner are quite effective and difficulty to evade.
But it is the final area, that of systems integration, which has seen quite radical developments.
Faced with hundreds of access points hundred of CCTV cameras and in some cases miles of perimeter to secure, airports cannot manage without whole integration between the disparate access control and surveillance components. The larger airports, such as SFO, LAX, ATL, and PHX have all implemented such systems.
These systems are complex and typically require expert assistance in implementation. To integrate all an airports security systems together with the airport operational systems, both in normal operational mode and in emergencies, is not a trivial task for which there are no ‘off the shelf’ solutions.
But all these devices would be unable to communicate and interact without the communication infrastructure mentioned above. This “hidden” component of access systems has not receive the attention it deserved as it has until recently been considered just simple wiring.
But today almost nothing is simple. The typical communication backbone of any access or video system is now a conventional IP network, and there is a steady trend towards even individual door controllers being network connected.
These communication backbones are now typically fibre with copper in the secondary distribution. But not everything can be via IP. The power consumption and local nature of many devices requires conventional wiring.
The RTCA 2008 standard addresses all these issues. But how can one standard do this?
The reason is that the standard was developed over some three years. At 359 pages it is some seven times as long as the original 1994 standard and provides comprehensive guidance in all the abovementioned areas and several others. To the author’s , no other document in any language is as complete as this document, in the area of airport access control. But how was a document of this complexity actually produced?
The RTCA is a very experienced organization. It has existed in some form since 1935 and it understands how to get consensus in a technical environment: it has rules of procedure that satisfy all the regulatory requirements. Its meetings are open to the public and are announced formally in the Federal Register.
But even by the standards of previous documents the development of this new 2008 standard was an effort: to be precise some 14 plenary sessions and over 100 workgroup sessions by some very talented people. This standard can be obtained via www.rtca.org for a nominal fee.
But what happened to the 2008 ACIS initiative of the last (Bush) administration?
Like so many other government initiative it was left unimplemented, because of lack of funding, and other government priorities. A pity, as it contained many great insights, and was developed by people of great talent.
In its place, the AAAE decided with ACI and ACC participation and TSA encouragement to set up an organization called the Biometric Access System Interoperable credential (BASIC).
This initiative is underway; with several dozen airports as participants, and uses both the ACIS credential proposal and the RTCA document as its foundation. Its objective is to assist the airports in phased transition to Biometric Access control, while still maintaining adherence to current regulations. This is a significant challenge.
As such it has several pilots underway to evaluate alternative migration strategies. The TSA is participating and encouraging this development but is yet to provide significant funding.
The long-term future for biometrics and enhanced credentialing at airports within the United States is clear. The migration steps and funding to get there are not.
Radio and telecommunication concepts in Aviation
REAL ID Real Id act of 2005 www.dhs.gov
ACC Airports Consultants Council www.acconline.org
PIV Personal Identity Verification program www.piv.gov
FIPS 201 Federal processing Information Standard 201
BASIC Biometric Airport Security Identification Credential
ACIS Airport Credential Interoperability Solution www.tsa.gov
TWIC Transportation Worker Identity credential www.tsa.gov
PKI Public key infrastructure
Dr Christer Wilkinson from AECOM, twice chairman of the RTCA airport security standards commission, reports on staff access control issues at US airports.