January 18, 2024
Airports continue to be sites where security is of paramount importance. Leading the charge for the specification of modern security measures for airports is the Faith Group. Alcatraz AI had the privilege of interviewing Joe Fallon, the Director of Security and Constructions Services for Faith Group. He leads the firm’s security consulting, site services, construction administration, and commissioning groups to enhance service offerings, improve project delivery, and serve on the Leadership Team. His technical expertise includes electronic safety and security, as well as traditional low-voltage systems and cybersecurity considerations. Joe’s experience spans the entire project lifecycle from system design, software development, hands-on installation, troubleshooting, project management, and project risk mitigation.
Throughout his nearly 30-year career, Joe has provided system design and project management for various projects for large-scale command, control, and communication (C3), airports, transportation, oil and gas, city/state/federal governments, education, and commercial clients. He recently earned the Aviation Security Professional Manager (AVSEC PM) certification from the International Civil Aviation Organization. Joe was gratuitous enough to share his input on the evolution of airport security standards and the overall security landscape.
Domestically and internationally, widely accepted standards form the basis for airport security. Please explain how airport security standards have evolved over time.
Since the inception of air travel, the industry has seen changes in the threat landscape. As a result, the International Civil Aviation Organization (ICAO) has worked across all member states to drive the development of conventions that cover recommendations around aviation security. These conventions are typically a result of incident trends. For example, the Beijing Convention was ratified after an increase in aircraft hijackings, and the Montreal Convention was ratified after a spike in passenger disturbances onboard aircraft. The Chicago Convention establishes rules of airspace, aircraft registration, safety, security, and sustainability and details the rights of the signatories in relation to air travel. Annex 17 of the Chicago Convention relates specifically to aviation security and forms the basis for overall security standards in the industry. These are updated and adopted frequently to maintain pace with the changing threats in the United States and globally. Although the standards lay the foundation, a regulatory arm must codify and enforce them to be effective. In the U.S., that mechanism is Title 49 of the Code of Federal Regulations Part 1542 (49 CFR 1542), which codifies international standards, making them enforceable laws stateside.
How often are these airport security standards updated?
The Code of Federal Regulations (CFR) is updated and published every six years. In addition, Annex 17, focused on Aviation Security, is updated every few years and is currently on the 12th Addition Amendment 18, published in July 2022. With frequent regulation updates and a constantly evolving threat landscape, consultants must stay abreast of these changes to guide clients through their large, multi-phase aviation projects effectively.
What are some of the most significant security scenarios airports seek to solve, and how can biometrics, including the Rock, provide solutions?
Airports are moving to 100% employee screening and, as such, must implement screening lanes outside of the existing passenger screening lanes for their employees. Like the passenger screening lanes, these are located at the transition from public to sterile space, and all employees and contractors entering must be either badged or escorted. Utilizing biometric authentication has several benefits in this scenario, adding an increased level of identity validation while still facilitating an expedient entry process.
Can you explain the difference in the security processes between the SIDA (Security Identification Display Areas) and AOA (Air Operations Areas) areas at an airport? How can technology enhance security in these areas?
Security at any facility, particularly at airports, is not and should not be an all-or-nothing environment. Airport regulations require that personnel who receive access to an area have legitimate needs to access that area. To that point, airports are divided into regulated security zones under CFR 1542, and most employees do not need access to the entirety of the facility. Some zones require additional security, and those typically increase access requirements from single-factor to dual or even 3-factor authentication. Facial authentication, as the preferred means of biometric identification, is often used for the second or third authentication factor.
What are some of the most challenging areas of the airport that are most difficult to secure?
Airports are highly dynamic environments, and their sheer size and function are challenging sites to secure. Cargo and catering facilities are difficult to secure due to the high volume of deliveries and merchandise that must be received, inspected, and transferred to secure storage areas before being used or loaded onto an aircraft.
What are the penalties airports face when unauthorized people enter a secured area with no credentials or when an employee uses someone else’s credentials?
Penalties for access violations can range drastically from simple citations to criminal felony charges, depending on circumstances and intent. Typically, these penalties are the burden of the offender unless the airport has created a process by which individuals can circumvent security procedures outlined in the Airport Security Program (ASP). In this case, an airport can be held liable for not following through with or enforcing its ASP by the U.S. Transportation Security Administration (TSA).
What features of the Alcatraz Rock provide the most significant opportunity to enhance airport security while maintaining user privacy?
Facial authentication has become the preferred means of biometric authentication both in the U.S. and abroad. By utilizing a measurement of facial features and not the actual facial image, the Rock system does not expose any personally identifiable information (PII). It, therefore, reduces the overall amount of PII stored on-site. The individual's image and name are not saved or transferred to another interface. Only the badge number and encrypted Digital Profile are maintained by the system.
What is your favorite feature of the Rock?
The Rock has interoperability with any standard OSDP and Weigand access control system, which allows it to be utilized without requiring software integrations or additional server/interface hardware. That makes the Rock particularly useful in conjunction with existing systems. Additionally, the auto-enrollment feature is an option for retrofit applications.