Making a Plan for Business Aviation Security

Business aviation operates today in an increasingly dangerous and challenging world. For that reason, aviation security has become an integral part of everyday life. And, as the scope of the potential threats to security grows – from potential physical attacks on aviation assets, to cybersecurity issues and even the possible dangers posed by artificial intelligence (AI) – the responsibility for developing detailed security plans falls squarely on the shoulders of those working in business aviation.

However, the security needs of each organization vary depending on how and where they do business. For that reason, preparing a complete, detailed security plan that addresses the needs of each company’s employees and clientele requires ongoing analysis and adaptation as times and the nature of potential security threats change, say the experts.

“Every client has unique needs and expectations as to what their security service should provide them,” said Brian Leek, managing director, global protective solutions of Crisis24, a GardaWorld company, offering integrated risk management, crisis response, consulting and global protective solutions. “When working with corporate clients and high net worth individuals (HNWI), there is always a level of risk to manage, no matter the circumstances. Risks are incredibly varied and can be geopolitical, social, cyber, weather or medical-related, among others.”

NBAA supports the continued adoption, implementation and enhancement of many security requirements, programs and best practices that reduce business aviation’s vulnerability to terrorist threats. Risk assessments are a critical part of any organization’s security process. Proper risk assessment provides security teams with the necessary data points to mitigate or accept any residual risk.

Basic Ideas

In developing a comprehensive security plan, companies should keep two basic ideas in mind, according to Don Chupp, president and CEO of Fireside Partners, Inc., which provides emergency response services and support to business aviation and private families.

“Number one is, if you have some degree of awareness that there is a threat, then you have the inherent responsibility to contemplate a planning structure,” Chupp said. “As things move and evolve, we must move and evolve our planning resources. You do that on an organizational level, and you also lean on your service providers to keep up with the modern requirements.”

The risks and security needs are ever evolving.

“We can’t do our business like we did 10 years ago,” added Chupp. “The new security battlefront is our responsibility. Your responsibility as an organization is to develop a plan.”

Second, organizations need to thoroughly analyze their security needs.

“They need to identify what their priority drivers are and identify them before they start writing procedures, otherwise they’re writing procedures against a compass point they haven’t identified,” Chupp said. “Once you identify those priority drivers, you’ll find writing a plan a much easier affair when it comes to security.”

Understanding Cybersecurity

In today’s world, security threats are as much a product of cyberspace and AI, as they are of physical threats, such as an attack on an aircraft or office.

“The new security battlefront is in cyberspace and physical space,” added Chupp. “So, speaking of the former, bad actors have the ability to negatively influence everything from reputation to business and disruption to denial of services, because we’re so reliant on technology. So, a security attack on any of those systems has detrimental and far-reaching effects.”

In fact, Fireside now runs cybersecurity aftermath drills.

“This is not the IT infrastructure I’m talking about,” Chupp said. “It’s what do you say to your employees whose computers have all shut down. Or what do you say to your customers and when. And, what are you required to say in some instances when you become aware that data has been breached. That requires just as intentional of a plan as any other emergency response plan you think about.”

Inflight Security Preparedness

For FBOs, company flight departments and other business aviation operators, planning for inflight security risks obviously are paramount, especially when flying internationally over potential trouble spots.

“Travel to high-risk areas, whether domestic or international, affects how we apply our protective schemes of coverage,” said Leek. “Our security protocols remain commensurate to the assessed threat. Working with a security firm that is highly experienced at both the domestic and international levels is important, as this means working with operators that are familiar with the environments as well as what it takes to operate in hot zones.”

Chupp said an effective inflight security plan must take into consideration a variety of scenarios, not just during takeoff and landing but during the entire trip.

“In our world, we don’t just look at the point of departure and arrival, we look at everything in between because if you have a mechanical emergency, you may have to put down in any of these places, many of which the U.S. doesn’t have an embassy in.”

Armed guards aboard flights aren’t always a solution, either.

“In most countries you can’t show up from outside that country with armed guards on the airplane,” said Chupp. “So, the strategy around asset protection where you can’t have physical armed assets every step of the way is something you have to think about. And again, the threat is not always some physical human being who is going to intrude on your flight crew or passengers.”

And, of course, every flight is different, with a different set of factors to be considered when addressing security needs.

“We ensure we evaluate the full spectrum of risks to be prepared for anything, no matter how unlikely,” said Leek. “Our starting point with any client preparing to travel is to have a good understanding of their purpose for travel, their preferences and priorities so that we can tailor our protective services to fit their requirements.”

Keeping the identity of passengers private is important because HNWIs and senior executives for major corporations can be targeted by bad actors and activists.

“We see some clients when booking private air travel just assume their travel itinerary is being well-secured,” said Leek. Flight confidentiality “tends to be less of a concern when dealing with a client’s proprietary or in-house flight operations teams than with for-hire leasing or fractional ownership and their contracted FBOs for the trip.”

Increased activism by groups opposed to business aviation also is an increasing potential threat.

“The tracking of aircraft belonging to high-profile individuals and major corporations is being increasingly adopted by activist groups seeking to disrupt their travel,” added Leek. “For those conducting these acts, it is a means of gaining publicity and drawing attention to their cause.”

Tracking software and tools, which are easily available commercially, makes tracking flights easier than ever.

“Moreover, public awareness of this technology has recently expanded, indicating a growing future trend of tracking high-profile individuals and enterprises,” Leek said. “Despite best efforts to counter this tracking technology, such as registering for the FAA’s Limiting Aircraft Data Displayed list (LAAD), these measures offer only limited protection and privacy at best. As such, we inform most of our clients to assume their aircraft will be tracked and then we take the cautionary measures needed. This starts by maintaining strict control of the principal’s travel schedule.”

A New Threat: Climate Activism

Climate activism by groups targeting business aviation is on the rise and creating a growing sense of concern among security professionals and business aviation organizations.

“Escalating concerns over climate change have led to a surge in global activism, with particular focus on industries that produce carbon emissions, including commercial and business aviation,” according to a recently released report by MedAire, a company specializing in travel risk mitigation for the aviation and yachting industries. “As a result, activist groups have emerged and will use disruptive tactics to bolster their message.”

Business aviation interests should take extra precautions when traveling to potential activism hotspots, including Western Europe and even areas of North America, according to John Cauthen, MedAire security director, maritime and aviation.

“I think that airports, FBOs and individual operators are becoming more keenly aware of the security threats posed by activists and the need to factor mitigation measures into operational planning,” Cauthen said. “First and foremost, they need to understand who these groups are, where they’re operating, what their objectives are and why they’re targeting business aviation.”

MedAire recommends several steps that airports, FBOs and operators should take to better protect their crews, assets and passengers from potential harm:

• Proactively gather information about protest groups and related activities that may disrupt aviation operations.
• Enhance security measures to deter potential threats, including using locks, tags and seals when the aircraft is unattended to prevent unauthorized access and choosing parking locations at the maximum distance from the airport’s perimeter to reduce exposure to potential threats.
• At certain locations, hiring private security may provide an additional layer of protection for your aircraft.
• Providing crew members with the proper training to handle disruptions is essential. This can include learning de-escalation techniques to calm tense situations or emergency evacuation procedures to ensure everyone’s safety.
• Review your insurance policy to ensure it covers potential damage resulting from protests.
• Maintain clear and open communication with stakeholders, such as clients and employees, before, during and after a protest event to manage expectations, alleviate concerns and maintain trust.