General Aviation Safety and Security Practices (2007)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Security has undergone a significant change over the past five years, mostly in the commercial aviation arena. Since the new era of aviation security began after the 2001 ter- rorist attacks, there has been an ebb and flow of calls to regulate the general aviation community. Regulations have been promulgated by both the FAA and TSA to the extent of their legislative authority; however, very little regula- tory activity has occurred with regard to general aviation airport security. In the initial uncertainty of the post-9/11 aviation security world many different aviation groups worked to develop security guidelines for general aviation airports. This was done in an effort to be proactive and give the airport community a baseline from which to establish its own set of operating practices. These guidelines ranged in complexity from the Aircraft Owners and Pilots Associ- ation’s (AOPA) Airport Watch Program, to Security Plan- ning for General Aviation Airports (2004) developed by the Florida Airports Council, to the Terrorism Protective Measures Resource Guide (2005) assembled by the state of Colorado’s Office of Preparedness and Security, and ulti- mately the TSA’s Security Guidelines for General Avia- tion Airports (2004). There appears to be operational and procedural overlap in all of these documents; however, each offers a unique viewpoint developed from their own perspectives. Because security has been the primary concern over the past five years, there has also been a great deal of activity in security operations. As the industry waited for security guidelines to be developed by the TSA, many airport opera- tors took the initiative to enhance security at their own facil- ities. Additionally, airports were bombarded with proposed technological solutions, many of which were of little value to the majority of the general aviation community and too costly for practical application. This chapter will highlight some of the security opera- tions implemented by general aviation airports and FBOs since 2001. It will begin with an overview of regulations that affect general aviation, both federally and at the state level. It will be followed by a summary of survey findings, which is broken down by category to match the topics listed in the survey questionnaire. Interspersed within each of the subsections are portions of conversations and e-mail with individual respondents designed to emphasize some of the survey findings and to introduce new concepts and share ideas. 14 FEDERAL SECURITY REQUIREMENTS To date, general aviation airports have not been subjected to direct federal security regulation. The exception is the “Mary- land Three,” three general aviation airports located within the Flight Restricted Zone associated with the Washington, D.C., metropolitan area that were subject to a federal rulemaking. These airports, all located in Maryland (College Park Airport, Potomac Airfield, and Hyde Executive Field), must comply with unique security rules established specifically for their air- port by the TSA. Most other regulations affecting general avi- ation security have been issued within the already established scope of authority by the FAA, which is through the regulation of pilots, flight rules, and airspace. Temporary Flight Restric- tions, which are issued by means of NOTAMs (Notices to Air- men) to pilots, are another means of restricting activity at air- ports. The FAA issues Temporary Flight Restrictions for a variety of reasons, including protection of venues during sport- ing events, entertainment, and space shuttle launches. Besides the restrictions outlined previously, general avia- tion airports do not fall within the security purview of the FAA. This also holds true for the TSA. The biggest step to- ward federal involvement in general aviation airport security was the publication of the TSA’s Security Guidelines for General Aviation Airports (2004), which is also available on the TSA website. The purpose of the document is, “to pro- vide owners, operators, sponsors, and other entities charged with oversight of GA [general aviation] airports a set of fed- erally endorsed security enhancements and a method for determining when and where these enhancements may be appropriate.” The guidelines were developed by a working group made up of industry participants and approved by the TSA’s Aviation Security Advisory Committee. One reason why there has been little movement toward national regulation of general aviation airport security is the realization that the depth and breadth of such laws and regu- lations would need to be applied and enforced equally at all 19,800 landing facilities, and how effectively these laws and regulations would reduce the perceived threat. Another factor is funding. The General Accountability Office deter- mined in 2004 that “should TSA establish security require- ments for general aviation airports, it may be difficult for airport operators to finance security enhancements indepen- dently and federal funding will also be a challenge . . .” (General Aviation Security . . . 2004, p. 24). CHAPTER THREE CURRENT PRACTICES IN SECURITY OPERATIONS AT GENERAL AVIATION AIRPORTS

15 STATE SECURITY REQUIREMENTS In the immediate post-9/11 wave of legislation and regulation most state aviation laws applicable to airports were intended to criminalize certain offenses. For example, in California the state legislature passed a law in 2002 that made it a misde- meanor offense for refusing to leave a posted airport area. Most state laws enacted since 2002 were not designed to have applicability for general aviation airports, but to strengthen the security of commercial service airports. One post-9/11 law passed by the Massachusetts legislature was a requirement that all public-use airports in the commonwealth prepare an Air- port Security Plan. Additionally, the Aeronautics Commission developed a secure website in an effort to help communicate the latest in security information to general aviation airports. Similar laws have been enacted by other states as well. Aside from the legislative efforts to mandate security at general aviation airports, one unique method for instituting security requirements is to link them to the application and receipt of state funding. In Ohio, a general aviation airport security plan is required as a condition for receiving state funds and must be submitted with an application for funding. In Virginia, the Department of Aviation developed the General Aviation Airport Voluntary Security Certification Program. Participation is not required; however, those air- ports that become a “Secure Virginia Airport” are eligible to receive funds for security projects and project bonus points within the Airport Capital Program project priority system. CURRENT SECURITY PRACTICES AT SURVEYED GENERAL AVIATION AIRPORTS The survey included 13 questions covering security plan- ning, security operations, perimeter fencing, access control, airport watch programs, and risk assessments to determine current security practices in use at general aviation airports. The topics of these questions are all relevant to general avi- ation airports and also provide a baseline for identifying what security operations are in practice at these airports. Follow- up interviews were conducted with some of the survey respondents in instances where answers needed to be clari- fied or the respondent provided an interesting comment that warranted a follow-up interview. Security Planning In the document Security Guidelines for General Aviation Airports (2004), the TSA reports that, “the most efficient and cost-effective method of instituting security measures into any facility or operation is through advance planning and continuous monitoring” (p. 14). Security plans can range in size and complexity depending on the airport and threat. Typical airport security plans cover communications, access control, perimeter control, and procedures, but can include much more. Thirty-eight of the responding airports (80%) have a security plan in place and 30 of those have procedures that escalate with the threat. As was mentioned earlier, some of the states require general aviation airports to have security plans in place and some of the surveyed airports are located in those states. Those organizations that do have a security plan indicated that they designate an individual as the secu- rity coordinator for the facility. Virginia General Aviation Airport Security Programs The Commonwealth of Virginia, through their Department of Aviation, undertakes a comprehensive, proactive approach to airport security. They have implemented an Aviation Security Advisory Committee (ASAC), which is comprised of a diverse membership representing different agencies and associations who periodically meet and discuss aviation security issues and their impacts on the Commonwealth. One program developed as a result of meetings of the ASAC is the development and implementation of a voluntary security program. The group wanted general aviation airports to develop security plans, but did not want to introduce an unfunded man- date. The program provides bonus points within the Airport Capital Program, which are granted to those airports that partic- ipate in the voluntary security program. The program is a joint effort between the Department of Avia- tion and the Virginia State Police and seeks to encourage a gen- eral aviation airport to develop an appropriately sized security program for their facility. After developing the plan the airport conducts an annual “self-audit.” Every third year the audit is conducted by the Virginia State Police. Having a knowledgeable third-party such as the State Police conduct the audit provides valuable insight because they view security through a different perspective than the airport. The audits cover three areas—Access Control, Territoriality, and Surveillance. For access control they are looking to see if there are measures in place that deny or restrict access to facili- ties, and that traffic flow directs people to visible entry areas. Territoriality refers to the perception of a safe and secure airport and the audit is checking to see if the maintenance and upkeep of the property is in such a condition that it promotes a sense of legitimacy to the operation of the airport. The final area is sur- veillance. Criminals do not want to be seen committing a crime and the audit identifies potential weaknesses in surveillance at the airport. The State Police is completing its first round of audits and has found some common deficiencies in the GA [general aviation] security plans. These include: • Airports that do not have appropriate minimum standards or air- port rules and regulations in place to manage tenant security. • Lack of clear boundary delineation between the airport and surrounding property (airport does not have 100% fencing or vegetation growth encroaches airport boundaries). • Inadequate maps or diagrams that show existing infrastructure that may not be shown on an ALP. • Illumination of terminals is satisfactory, but lighting of fuel farms and hangars should be improved. This program has proven both popular and successful. This vol- untary, proactive approach supports a partnership between air- ports and law enforcement and allows the relationship to develop before an incident occurs.

Airports and FBOs have a wide range of resources to choose from when developing a security plan. Before the TSA finished the general aviation airport security guidelines document other industry associations, state DOTs, law en- forcement agencies, and industry trade associations were busy developing their own guidance for the airport commu- nity. The largest percentage of survey respondents refer- enced the TSA as their primary source of material, followed by their state DOT, and AAAE. Airports hesitated early on to develop any plans in anticipation that the TSA would ini- tiate new regulations or guidance that would become manda- tory, and the airport would have to change any program previously instituted. After the TSA released their security guidelines many airports used that document, in addition to others developed over the previous two years. A smaller number hired consultants; however, one airport offered that an outside consultant is not needed if “the airport is willing to be open and look at the airport as others might look at it to get an honest appraisal of the situation. Additionally, the local law enforcement agency can be a great asset. They can tell you what they see everyday and what kind of threat environment the airport is operating in compared to the sur- rounding community crime and incident statistics.” Another airport found that hiring a consultant and having them host a series of initial meetings to gather input was a good method for obtaining buy-in from tenants early in the planning process that later earned the airport credibility as it was implementing elements of the security plan. Once the security plan is in place the airports typically share their plan with local law enforcement, followed by their FBO, TSA, and the local fire department. Other entities with which airports share their plans are federal law en- forcement agencies, which include the Federal Bureau of Investigation, Drug Enforcement Agency, and Immigration and Customs Enforcement; the FAA; state DOTs and Home- land Security representatives, city councils, and board mem- bers; and other major tenants, if appropriate. Although most of the airports and FBOs have a security plan, not as many have a full security committee in place that meets regularly. When an airport does have a committee the makeup typically involves airport staff, the local FBO and other tenants, and local law enforcement agency. An interest- ing finding was that the FAA is more involved with these committees than the TSA. One airport with a security com- mittee in place has as members of the committee representa- tives of the full Airport Advisory Committee. The Airport Advisory Committee is made up of tenants and is empowered to take responsibility for the safety and security of the airport. The airport mentioned that the make-up of this committee establishes ownership in any security procedures in both the security committee and the full advisory committee. In Col- orado, the Division of Aeronautics partnered with Metro State College in Denver during their last State Aviation System Plan Update to establish a baseline as to what security mea- sures are in place at general aviation airports. The university 16 surveyed the state’s general aviation airports and compared their current security measures with the TSA recommenda- tions outlined in the security guidelines document to see whether airports met, or did not meet, the TSA guidance. The students then created a list of eligible security projects for which the airports could apply for funding from the state. Perimeter and Access Control Perimeter control and other physical barriers are effective means of keeping unauthorized individuals from the airport. Access control methods ensure that only authorized person- nel can gain access to the facility. Most of the surveyed air- ports have perimeter fencing in place; however, many were already in place before 9/11 and were used primarily to restrict wildlife access to the airport. Airports continue to install new fencing and upgrade existing fencing as shown in Figure 6. Because fencing provides safety and security to the airport it is one of the few areas that are eligible for money through the FAA’s Airport Improvement Program. The Indi- ana study mentioned earlier also surveyed general aviation airports to determine if the airport had perimeter fencing and how much of the perimeter was fenced. The study found that the “proportion of airport perimeters fenced ranged from 7.5% to 100%, but most airport perimeters were 40% fenced” (Reduction . . . 2006, p. 85). Controlling access to an airport is accomplished through different means at different airports. General aviation facili- ties are becoming more secure, whether it is at the perimeter fence line or buildings, on the perimeter, or even the locking of aircraft. In New Jersey, the state passed a law requiring aircraft parked for more than 24 h to use a combination of two locking devices to secure or disable the aircraft. Of those airports with some type of access control the majority use card readers and/or cipher locks, followed by key locks. Many of these airports use multiple methods to accommo- date different needs at different areas of the facility. FIGURE 6 New installation of perimeter fencing at a general aviation airport.

17 Controlling access to the airport is important; however, controlling access to facilities on the airport (i.e., hangars, terminal, offices, etc.) is equally important. The National Business Aviation Association developed a series of best practices for their members that provide good guidance for se- curing buildings on the airport. These best practices include: • Ensure home facility perimeter security with effective fencing, lighting, security patrols (as appropriate), gates, and limited access areas. • Ensure street-side gates and doors are closed and locked at all times. • Require positive access control for all external gates and doors. • Close and lock hangar doors when that area is un- attended. • Secure all key storage areas (food and liquor, parts and tools, etc.). • Have an access control management system for keys and passes. • Confirm the identity and authority of each passenger, vendor, and visitor before allowing access to facilities and aircraft. • Escort all visitors on the ramp and in the hangar area. • Use a government issued photo ID to verify the identity of any visitor or vendor. • Post emergency numbers prominently around facility. • Ensure easy access to phones or “panic buttons” in var- ious facility locations (break room, hangar bay, etc.). • Confirm security of destination facilities. • Be aware of your surroundings and do not be complacent—challenge strangers. Watch Programs One of the most effective deterrents in security is awareness. One popular program is AOPA’s Airport Watch, which is done in partnership with the TSA. The program encourages pilots to be the “eyes and ears for observing and reporting suspicious activity” and includes warning signs for airports, informational literature, and a training video to teach pilots and airport employees. More than 90% of the surveyed air- ports reported that they have an Airport Watch program on the facility. One airport manager, noting that they do partic- ipate and that he posts and shares information, stated that the real difference is that his tenant base is now aware of the potential threat and the impact it could have to general avia- tion. This awareness makes them keep a watchful eye for sus- picious behavior around the airport. Another airport takes it one step further and rewards tenants and employees for play- ing a role in keeping the airport secure. The program offers cash rewards for crime-solving tips and has already proven successful as the airport rewarded four mechanics that caught a pilot trying to collect insurance money by burning his air- craft. Elements of the program are shown in Figure 7. Smith Field in Fort Wayne, Indiana, entered into an agree- ment with the local ambulance service provider to stage an ambulance at the airport (see Figure 8). In its agreement with the city, the ambulance must meet a minimum required response time to certain locations within the city. As such, the service provider will stage ambulances throughout the city to meet these response time requirements. Realizing an opportunity to enhance both safety and security, the manager entered into an agreement for the ambulance to be stationed at the airport. The agreement provided dedicated parking to the ambulance and allowed the emergency medical techni- cians the use of the services in the common areas of the ter- minal. To avoid any perceived potential revenue diversion is- sues, the emergency management technicians are allowed access to the common areas of the terminal including the vend- ing machines, coffee, restrooms, microwave, television, and furnishings. The airport noted that having an ambulance staged at the airport provides the advantage of having a 24-h pres- ence on the airport grounds. The signed agreement between Denver Centennial Airport Reward and Feedback Program Tenant participation is recognized as a key element in airport security. In order to promote participation, the airport will provide recognition and feedback to tenants for their invaluable role in maintaining a secure airport through the following programs: Reward Program ∞For providing information that leads to an arrest, ACPAA will award from $500 to $2000 to the individual responsible. ∞For providing information that leads to an ASCO/DCSO investigation, ACPAA will award a Visa Gift Card from $50 up to $2000 to the individual responsible, with a total cap of $2000 for the year. Feedback Program ï ACPAA will provide the FBOs with a report card quarterly that will list open and unattended aircraft found on their leasehold during the previous quarter • • • FIGURE 7 Denver Centennial Airport Reward and Feedback Program.

the airport and the ambulance company outlines emergency procedures and contact information to respond to different potential incidents. A sample agreement and emergency pro- cedures are included in Appendix D. The agreement has already proven useful, as the ambulance company was able to contact the airport manager to report un- locked gates left open by tenants after hours. The airport man- ager was able to promptly resolve the issue. One caveat to the idea is that the ambulance provider may have to move its vehi- cle on short notice to meet its response time commitment as has recently happened at this airport. However, the airport reported that the agreement was a great idea, mutually beneficial, and that they would welcome the ambulance back at any time. Risk Assessment With more than 19,800 landing facilities nationwide, securing every general aviation airport for every possible threat is not practical. Tools to assess different risks and threats at airports have been developed by federal, state, and local agencies that can be used to focus an airport’s security operations to reduce the impact of the potential threat. Federally, the TSA has de- veloped vulnerability assessment tools as part of the Security Guidelines for General Aviation Airports document. On the state level, Colorado’s Office of Preparedness and Security has developed the Terrorism Protective Measures Resource Guide for General Aviation and Airports (2005). Using these and other methods, 66% of the surveyed airports have undertaken a security risk assessment in the past five years. The Colorado document identifies threat categories and protective measures assigned to response objectives. These protective measures are further categorized by type and description. For example, to provide for the protection of infrastructure, which includes site utilities, material inputs, and products, the document instructs airports to know how to turn off power, gas, and water and have contingency plans in place for the loss of critical utility services. The guide also supplies an implementation matrix that escalates depending on the threat. One county-owned general aviation airport used the TSA vulnerability assessment tool and, after completing the 18 assessment, hired a consultant to complete a more detailed vulnerability analysis. Additionally, the airport also requested that the local sheriff’s department complete such an assess- ment; therefore, the airport had one completed by an exter- nal source (the consultant) and one by an internal source (the sheriff). Having two separate analyses allowed the airport to compare threats for the airport. Neither analysis found that international terrorism was the greatest threat, but deter- mined that the most likely threat would be from environ- mental protestors because of the type of corporations located in the community surrounding the airport. The assessment believed that if the environmental protestors knew that a cer- tain aircraft was based at the airport or coming to the airport, they (the protestors) might pose a security risk. Based on that analysis, the airport introduced as part of its security plan methods to address that specific threat. The airport director believed that having both an external and internal analysis allowed for a more complete picture to be drawn of the air- port’s vulnerabilities. Another airport used the National Guard Bureau’s Full Spectrum Integrated Vulnerability Assessment Tool to pro- vide a different view toward risk assessment. The program is a National Guard Bureau Homeland Defense initiative in which each state and territory has a team of soldiers or air- men trained to conduct vulnerability assessments of critical infrastructure to prepare and plan an emergency mission response in the event of a terrorist attack or natural disaster. The airport stated that this was a useful process that provided important recognition of the potential threats that may be imposed on the airport’s infrastructure. This tool has been used to assess other critical infrastructures beyond airports. INDUSTRY SECURITY INITIATIVES After the 9/11 terrorist attacks, it was not known what types of security initiatives would be required of the airport com- munity. During this uncertain time the aviation industry took the lead in developing guidance that would prove useful un- til the system fully understood what changes might be in store. One of the first groups to address this dilemma was the AAAE, which initiated a series of meetings in late 2001 and 2002 that culminated in a series of recommendations that were sent to the TSA. Many organizations followed suit with their own set of recommendations, guidance documents, and best practices. For example, the Florida Airports Council developed a model security plan for its members, and as mentioned earlier, the National Business Aviation Associa- tion, which represents the nation’s corporate aviation com- munity, developed its own set of best practices. Equally effective was the development of AOPA’s Airport Watch Program, which helped change the mindset of the general aviation community to be vigilant while on the airport. Each of these has proven useful to the general aviation community in identifying the potential security threat and offers recom- mendations of how to manage that threat. FIGURE 8 Smith Field in Fort Wayne, Indiana, entered into an agreement with the local ambulance provider to allow it to use the facility as a staging area.