WP8 – D8.1 Review of existing means and measures for ... · Document ID: Restricted Page 1

Document ID: Restricted DEL_D8.1_KITE_WP8_100507_V06

European Commission Seventh Framework programme

MODSafe Modular Urban Transport Safety and Security Analysis

WP8 – D8.1

Review of existing means and measures for security systems


Contract No. 218606 Document type DEL Version V06 Status Final Date 7 May 2010 WP WP 8 Lead Author Mirella Cassani, KITE Contributors RATP: Patrick Dillenseger

KITE: Carlo Cacciabue UITP: Yves Amsler, Lindsey Barr

Reviewers WP8 partners Description D 8.1 – Review of existing means and measures for security

systems Document ID DEL_D8.1_KITE_WP8_100507_V06 Dissemination level RE Distribution Consortium members and European Commission (EC)

Document History:

Version Date Author Modification [very short description] V1 27.11.2009 M. Cassani Draft proposed to partners V2 14.12.2009 M. Cassani

Y. Amsler New structure defined with other partners

V3 05.02.2010 M. Cassani P. Dillenseger

Changes according to new structure Completion of some missing parts Additions from RATP

V4 19.03.2010 M. Cassani C. Cacciabue P. Dillenseger L. Barr

Changes according comments of partners Completion of missing and incomplete parts

V5 09.04.2010 M. Cassani P. Dillenseger

Included comments from WP8

V6 07.05.2010 M. Cassani Included comments from WP10

Approval: Authority Name/Partner Date Visa EB members WP responsible Coordinator


Table of contents

1. Introduction.................................................................................................... 7 1.1. References ............................................................................................ 9 1.2. Terms and abbreviations ..................................................................... 12

2. Methodology ................................................................................................ 14

3. Countermeasures and technologies supporting URGT security............. 17

4. Security technologies in other passenger transport domains ................ 29 4.1. Security technologies in the aviation domain....................................... 29 4.2. Experience from long distance rail transport ....................................... 42

4.2.1. Regulations in force related to long distance rail transport.................42 4.2.2. Relevant technologies for rail security................................................43

5. Conclusion ................................................................................................... 44

ANNEX 1.................................................................................................................. 46

1. Experience from the aviation domain ........................................................ 46 1.1. Scope of security in the aviation domain ............................................. 46 1.2. Regulations in force related to aviation security .................................. 49

1.2.1. Italian legislative situation...................................................................49 1.2.2. EU and ICAO regulations ...................................................................50 1.2.3. ENAC regulations ...............................................................................57 1.2.4. ECAC – Role of the European Civil Aviation Conference ..................59 1.2.5. General remarks on regulations .........................................................60

1.3. Classification and treatment of dangerous passengers in aviation...... 62 1.3.1. Occasional or potentially dangerous passengers...............................62 1.3.2. Powers and responsibilities of aircraft commander ............................63 1.3.3. Categories of unruly and/or disruptive behaviour ...............................64 1.3.4. Levels of unruly / disruptive passengers ............................................65 1.3.5. Operating procedures.........................................................................66 1.3.6. Potentially disruptive passengers .......................................................70

1.4. Human Factors in aviation security ..................................................... 72 1.4.1. Multi layer security system .................................................................72 1.4.2. Human Factors in ICAO documents...................................................72 1.4.3. “Operation-based” axes......................................................................74

1.5. Training in aviation security ................................................................. 79 1.5.1. Regulations about training..................................................................79


1.5.2. Requirements for security staff ...........................................................81 1.5.3. Training courses .................................................................................83 1.5.4. Security trainers certification ..............................................................86

1.6. Critical issues ...................................................................................... 88 1.7. Possible transfers ................................................................................ 92


List of figures Figure 1. Urban rail guided transport security conceptual breakdown ...................... 14 Figure 2. Alstom’s fully integrated on board solution ................................................ 25 Figure 3. Alstom’s on board IP environment............................................................. 26 Figure 4. Alstom’s security subsystems in infrastructure .......................................... 27 Figure 5. Alstom’s integrated Control & Security Center .......................................... 28 Figure 6. Body scanner (Di Renzo, 2009) ................................................................ 38 Figure 7. X-ray machine for hold baggage (Di Renzo, 2009) ................................... 38 Figure 8. Example of sniffer (Di Renzo, 2009).......................................................... 39 Figure 9. Metal detector (Di Renzo, 2009)................................................................ 39 Figure 10. Airbus reinforced cockpit door (Di Renzo, 2009) ..................................... 40 Figure 11. X-ray machine for hand baggage (Di Renzo, 2009) ................................ 40 Figure 12. CCTV on aircraft (Di Renzo, 2009).......................................................... 41 Figure 13. Overhead bins mirror (Di Renzo, 2009)................................................... 41 Figure 14. Notice of violation for unruly / disruptive passengers (Mazzoleni, 2010) . 68 Figure 15. Report of unruly / disruptive event (Mazzoleni, 2010).............................. 69 Figure 16. ICAO Doc9808 human factor structure.................................................... 73 Figure 17. SHELL architecture ................................................................................. 75 Figure 18. Modified SHELL model............................................................................ 95


List of tables Table 1. Global URGT security sectors .................................................................... 15 Table 2. Global URGT security sectorial fields of activity ......................................... 15 Table 3. Countermeasures & technologies supporting URGT security operations ... 16 Table 4. Countermeasures & technologies supporting URGT security operations ... 18 Table 5. Countermeasures & technologies supporting aviation security .................. 30


1. Introduction

Task 8.1, the first task of WP 8 on “Level of sophistication and relevant technology of security surveillance systems”, is dealing with the “State-of-the-Art (also other fields of transport)”. The work is based on the outcomes of some European projects in which operators played a significant role, in particular COUNTERACT (Cluster Of User Networks in Transport and Energy Relating to Anti-terrorist ACTivities). COUNTERACT is a European project funded under the Sixth Framework Programme whose main objective has been to improve security against terrorist attacks aimed at public passenger transport, intermodal freight transport and energy production and transmission infrastructure. Inside the project, a review of existing security policies, procedures, methodology and technologies to identify the best practices has been performed. Starting from these peculiar outcomes, the aim of Task 8.1 in MODSAFE project is to review the existing countermeasures and technologies supporting transport security applied to Urban Rail Guided Transport (URGT) systems, aviation and long distance rail operations. In correspondence with this objective, deliverable 8.1 has considered the following two main lines of assessment:

• Countermeasures and technologies to prevent crime linked to person integrity

(passengers, staff and infrastructure) and their associated technologies. • Countermeasures and technologies to respond to criminal acts linked to person

integrity (passengers, staff and infrastructure) and their associated technologies. Countermeasures and technologies vary from one sector of activity to another. For example, those implemented in aviation security domain are not necessarily adapted to urban rail guided transport systems much less to mass transportation due to the latter’s intrinsic nature (relatively open systems, dense flows, frequency of daily trips per passenger, etc.). With regard to the urban guided transport sector, the report concentrates on the technologies which are or can be used. Indeed, the regulatory framework for this sector is covered within Task 8.2 on “Regulation in force and technology needed in regard to the level of sophistication”. With regard to long distance rail transport, research has shown that there is no specific European legislation and few differences between security measures and technologies for urban guided systems compared to long distance rail systems can be identified. As such, a separate section dedicated to this mode has not been developed. Instead, the particular


details of this mode worthwhile to consider have been included in the section of the deliverable related to “Security technologies in other passenger transport domains”. With regard to the aviation domain, the report presents a section dedicated to the accurate description of security technologies. Hence all other interesting security aspects, such as regulations in force, classification and treatment of dangerous passengers, human factors and training, are described in detail in Annex 1 of the deliverable, starting from the consideration that they will be no longer detailed in the next tasks of WP8.


1.1. References

Reference-ID

Document title, identifier and version

CEN Prevention of crime – Urban planning and building design – Part 7: Design and management of public transport facilities; CEN/TR 14383-7; 2009

CER Community of European Railway and Infrastructure Companies [WWW] http://www.cer.be/

COUNTERACT State of the art review – Public passenger transport chapter; D2; COUNTERACT; SSP4/2005/TREN/05/FP6/S07.48891; Dec 2007

Di Renzo L. Course ‘La Security in Aviazione Civile e le sue interfacce con la Safety’ – Politecnico di Milano – Aula LM5 – 15 January 2009

Di Renzo L., Volpe A.

Deliverable of the European Project “Assessment of Techniques and Tools for Protection against Terrorism in Aviation Systems and Integration with Human Factors methods”, 2006

EASA European Aviation Safety Agency: [WWW] http://www.easa.europa.eu

ECAC European Civil Aviation Conference [WWW] http://www.ecac-ceac.org/

EIM European Rail Infrastructure Managers [WWW] http://www.eimrail.org

ENAC Ente Nazionale per l’Aviazione Civile [WWW] http://www.enac-italia.it/Home/

SEC-01 del 7 ottobre 2004 – Qualificazione e formazione degli istruttori della sicurezza dell’Aviazione Civile [WWW] http://www.enac-italia.it/repository/ContentManagement/node/N968925277/SEC_01.pdf

SEC-02 del 7 ottobre 2004 – Affidamento dei servizi di controllo di sicurezza esistenti nell’ambito aeroportuale. Procedure operative per le Direzioni di Circoscrizione Aeroportuale [WWW] http://www.enac-italia.it/repository/ContentManagement/node/N968925277/SEC_02.pdf

SEC-03 del 7 ottobre 2004 – Modalità per l’accertamento dei requisiti tecnico-professionali delle imprese di sicurezza e dei requisiti professionali degli addetti alla sicurezza. Programma di formazione professionale per gli addetti ai controlli di sicurezza. Certificato di “addetto alla sicurezza” [WWW] http://www.enac-italia.it/repository/ContentManagement/node/N968925277/SEC_03.pdf European Union Law [WWW] http://eur-lex.europa.eu/

EU-Lex

EC No 2320/2002 of the European Parliament and of the Council of 16 December 2002 establishing common rules in the field of civil aviation security [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:355:0001:0021:EN:PDF

http://www.cer.be/�

http://www.easa.europa.eu/�

http://www.ecac-ceac.org/�

http://www.eimrail.org/�

http://www.enac-italia.it/Home/�

http://www.enac-italia.it/repository/ContentManagement/node/N968925277/SEC_01.pdf�






http://eur-lex.europa.eu/�

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:355:0001:0021:EN:PDF�



EC No 1217/2003 of 4 July 2003 laying down common specifications for national civil aviation security quality control programmes [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003R1217:EN:HTML

EU-Lex

EC No 1486/2003 of 22 August 2003 laying down procedures for conducting Commission inspections in the field of civil aviation security [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:213:0003:0006:EN:PDF

Commission Regulation (EC) No 1546/2006 of 4 October 2006 laying down measures for the implementation of the common basic standards on aviation security [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:286:0006:0007:EN:PDF

EC No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:097:0072:0084:EN:PDF

EC No 820/2008 of 8 August 2008 laying down measures for the implementation of the common basic standards on aviation security [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2008R0820:20090630:EN:PDF

EC No 272/2009 of 2 April 2009 supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 of the European Parliament and of the Council [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:091:0007:0013:EN:PDF

EC No 483/2009 of 9 June 2009 laying down measures for the implementation of the common basic standards on aviation security [WWW] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:145:0023:0024:EN:PDF

European Commission

Safety & security: Radioactive transportation by Loris Rossi; Nuclear Energy Outlook Review 2006; EC; 2006

European Communities

Research for a secure Europe; Report of the group of personalities in the field of Security research; European communities; 2004

Eurotransport publication

CCTV Supplement & buyers guide; Eurotransport; Sept 2006

Gazzetta Ufficiale n. 77 del 02-04-1999

Decreto 29 gennaio 1999, n. 85. Regolamento recante norme di attuazione dell’articolo 5 del decreto-legge 18 gennaio 1992, n. 9, convertito, con modification, dalla legge 28 febbraio 1992, n. 217, in materia di affidamento in concessione dei servizi di sicurezza [WWW] http://gazzette.comune.jesi.an.it/77-99/3.htm International Civil Aviation Organization [WWW] http://www.icao.int/ ICAO Annex 17 [WWW] http://www2.icao.int/en/AVSEC/SFP/Pages/Annex17.aspx

ICAO

ICAO Doc 8973 [WWW] http://www2.icao.int/en/AVSEC/SFP/Pages/SecurityManual.aspx

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003R1217:EN:HTML�

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003R1217:EN:HTML�







http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2008R0820:20090630:EN:PDF�







http://gazzette.comune.jesi.an.it/77-99/3.htm�

http://www.icao.int/�

http://www2.icao.int/en/AVSEC/SFP/Pages/Annex17.aspx�

http://www2.icao.int/en/AVSEC/SFP/Pages/SecurityManual.aspx�


Accident/Incident Reporting Manual Second edition - 1987 DOC 9156-AN/900 ICAO Safety Management Manual. Doc 9859, AN/460

Mazzoleni N. Course ‘Security Eurofly SEC-03 PNT’ – 17 November 2009 Mazzoleni N. Personal communications – Deputy Security Director – Eurofly S.p.A. – 26 January

2010 UIC International Union of Railways

[WWW] http://www.uic.org/ UITP Security Commission

Glossary of French and English terms and definitions pertaining to Urban rail guided transport security; UITP SecCom; 2009 (draft)

CCTV as a security measure in public transport: Factors to consider before installing or upgrading; UITP SecCom; 2009 Draft

UITP Metro Committee

Report on CCTV: Topic 31 Videosurveillance; Metro Committee; IESS sub-committee

UNIFE Union of the European Railway Industries [WWW] http://www.unife.org

USA, APTA APTA Standards Security 2.1 HS USA, Dot, FTA AFTA Standards Development Program USA, MTI Report 04-05

Designing and operating safe and secure transit systems: Assessing current practices in the United States and abroad; Mineta Transportation Institute; MTI Report 04-05; Nov 2005

http://www.uic.org/�

http://www.unife.org/�


1.2. Terms and abbreviations

Abbreviations Definitions AC Aviation Code ACAMS Access Control and Alarm Monitoring System ADREP Accident/Incident Data Reporting AFTA ASEAN Free Trade Area APTA American Public Transportation Association ASEAN Association of South-East Asian Nations ATS Automatic Train Supervision CBR Chemical, biological, radiological CC Criminal Code CCTV Closed-circuit TV CEN European Standardisation Office (Centre européen de

normalisation) CER Community of European Railway and Infrastructure Companies Comms Communications COUNTERACT Cluster Of User Networks in Transport and Energy Relating to Anti-

terrorist ACTivities CPC Criminal Procedure Code CTX Computed Axial Tomography DG Directorate-General DG TREN Directorate-General for TRansport and ENergy DM Ministerial Decree DoT US Department of Transport EASA European Aviation Safety Agency EC European Commission ECAC European Civil Aviation Conference EESC European Economic and Social Committee EIM European Rail Infrastructure Managers ENAC Ente Nazionale Aviazione Civile (Italian Civil Aviation Authority) ETDS Explosive Trace Detection System EU European Union FTA US Federal Transportation Administration (DoT) HF Human Factor HMI Human Machine Interaction HR Human Resources HW Hardware (including Middleware or MW)


ICAO International Civil Aviation Organization ID Identifier IFSO In-Flight Security Officer IP Internet Protocol IR Infra Red IT Information Technology LBRL Least Risk Bomb Location MTI Mineta Transportation Institute, Massachusetts, USA MW Middleware PED Platform Edge Doors PIS Public Information System PSD Platform Screen Doors RFID Radio Frequency IDentification SCADA Supervisory Control And Data Acquisition SOP Standard Operational Procedures SW Software including upgraded SW or Intelligent SW TCMS Train Control and Monitoring System Telecoms Telecommunications TFT LCD Thin Film Transistor Liquid Crystal Display TIP Threat Image Projection U(R)GT Urban (Rail) Guided Transport UIC International Union of Railways UNIFE Union of the European Railway Industries WP Work Package


2. Methodology

The object here is: • To recall the conceptual breakdown of Urban Guided Transport (UGT) security;

• To identify the fields of activity of UGT security operations;

• To review the countermeasures supporting these fields;

• To review and align the technologies supporting UGT security in the context of

global security (Safety & security);

• To link each technology with a field of activity (Prevention, response and/or restoration).

H RH R SecuritySecurityOpsOps

RespondingResponding

PreventingPreventing

SimulatingSimulatingTrainingTraining

Health & EducationHealth & Education

BudgetBudget

Procurement Procurement

Intelligence Intelligence Risk ManagingRisk Managing

AssessingAssessingSurveillanceSurveillance

AccessAccessControlControl

ForceForceProtectionProtection

ManagementManagement

GlobalGlobaltransittransit

SecuritySecurity

SupportSupportEvaluationEvaluation

PlanningPlanning

RecruitingRecruiting Early warningEarly warning

RestoringRestoring Information Information managementmanagement

CommandCommandControlControl

AwarenessAwareness

Operating procedures Operating procedures

ThreatThreatAssessmentAssessment

RiskRiskAnalysisAnalysis

Smart cardsSmart cards

BarriersBarriers

C C T VC C T V

DetectorsDetectors

Ops centreOps centre

……

ArmourArmour

CybersecurityCybersecurity

ExercisesExercises

LogisticsLogistics

Lessons Lessons learnedlearned

……

Info systemsInfo systems

Info systemsInfo systems……

……

……

……

……

……

……

……

……

……

……

……

Figure 1. Urban rail guided transport security conceptual breakdown

From global Urban rail guided transport security policies to supporting technologies The technologies supporting Urban Rail Guided Transport (URGT) security are the result of a simple process. The methodology consists in breaking down the URGT security concept


from global security policies to supporting technologies as shown in the following concentric chart. The chart in Figure 1 illustrates how global security breaks down into four corporate sectors:

Table 1. Global URGT security sectors

SECTORS Management Human resources Support

GLOBAL URGT SECURITY

Urban rail guided transport security operations (or policing)

These four sectors are themselves broken down into X fields of activity as follows:

Table 2. Global URGT security sectorial fields of activity

SECTOR FIELDS OF ACTIVITY MANAGEMENT Auditing; Inspection; Risk management; Plans & policies;

Organisational chart; Budget; various processes such as threat assessment, risk analysis, lessons learned and corrective action plan to introduce system changes to improve security, etc.

HUMAN RESOURCES Recruiting; Training & personnel vetting; Outsourcing, etc. SUPPORT Logistics; Procurement; Energy; etc. URGT SECURITY OPERATIONS

Prevent, respond and restore.

In Table 2, the fields of activity identified for Management, HR and Support are examples. They are not meant to be exhaustive or complete. However, the fields of activity identified for “Urban rail guided transport security operations” (bottom line) are complete and threefold (prevent, respond and restore). Each field of activity consists in a various number of capabilities and countermeasures supported by:

• Trained and dedicated human resources (HR), • Standard operational procedures (SOP),

• And Urban rail guided transport (URGT) security technologies.


Table 3. Countermeasures & technologies supporting URGT security operations

URGT SECURITY OPERATIONS

FIELDS COUNTERMEASURES HF SOP TECHNOLOGIES

PREVENT Access control, Surveillance,

Etc.

Smart cards, Pass systems, Barriers,

Etc.

RESPOND Command & Control,

Early warning, Etc.

Command centre, Comms, Ground picture,

Etc.

RESTORE Information management,

Surveillance, Etc.

Secure Coms, CCTV,

Etc.


3. Countermeasures and technologies supporting URGT security

The present table of information provides an international “menu” of countermeasures and technologies supporting Urban Rail Guided Transport (URGT) security operations with the following considerations:

• Column A: the different categories of URGT security countermeasures are listed in alphabetical order:

o E.g. Access control; Canine; Command & control; etc.;

• Column B: the technologies supporting URGT security countermeasures are listed in alphabetical order: o E.g. Badges; Barriers; Fencing; etc.;

• Column C, D & E: fields of activity to be checked Yes (Y) or No (N) for a given technology, • Column F: additional notes to develop a point or to describe a given technology in further detail.

Contrary to Figure 1 and to tables 1 to 3, which are not meant to be exhaustive or complete, the following table’s aim is to provide a “menu” of available or sought countermeasures and technologies which is as complete as possible. Most of the capabilities or countermeasures listed hereafter are deemed self-explanatory except perhaps “Mobility”. “Mobile-capable” assets tend to provide a tactical advantage to respond in a timely way to critical challenges in one’s area of operations or area of responsibility. In addition to the countermeasures listed in the table below, the deterrence of crime in URGT shows a renewed interest in the following good practices:

• Vigilance by operators in addition to security guards or police


• Behavioural Pattern Recognition or Behavioural Assessment Screening Systems as described in the aviation sector • Stop and search powers for law enforcement linked to the above (and not through profiling).

Table 4. Countermeasures & technologies supporting URGT security operations

A B C D E F

URGT security counter-

measures Supporting technologies

Prev

entio

n

Res

pons

e

Res

torin

g

Notes

Access control Barriers Y Y N Turnstiles, sliding doors, etc. Biometrics Y Y N Finger print, other technology, etc. Electronically controlled revolving door (lock chamber) Y Y N Badge or smart card

(Perimeter) Fencing Y Y N Barbed wire, concertina, double fencing, etc.

Intelligent (no-key for ex.) panel / door locks Y Y N Locking gates Y Y N Grids, metallic curtains, etc. Platform edge doors (PED) Y Y N Dual technology (safety & security)

Smart cards (multipurpose employee ID or badge) Y Y N


A B C D E F

Canine Trained dog handlers Y Y N Trained dogs Y Y N Sniffer, crowd control, etc. Command & control

Back-ups Y Y Y

Operational resilience heavily depends on functional redundancy based on back-up solutions such as a secondary security centre to fall back in case of need

Call-center type systems for information collection and reporting Y Y Y Geopositioning of mobiles Y Y N Hostile, friendly, etc. Gesture-powered devices Y Y Y E.g. hand gestures remote controlling (shared) Ground picture display touch-screen Y Y N Incident management IT tools (HW, SW & MW) Y Y Y See countermeasure ‘‘information

management’’ Information systems (e.g. radio communications, etc.) Y Y N Security (operations) centre Y Y Y Touch-screen display Y Y N Design (infrastructure internal & external design in general)

Architecture (spatial and structural specifications for more secure buildings, public & private spaces) Y Y Y

Anti crime design considerations (e.g. Clear lines of sight, anti raming devices, fire-proof & bullet-proof material; shatter-proof glass; bomb resistant material, etc.

A = URGT security countermeasures; B = Supporting technologies; C = Prevention; D = Response; E = Restoring; F = Notes


A B C D E F

Design (infrastructure internal & external design in general)

Cleanliness Y Y Y Solid trash bins (from standard models to blast resistant type) Easy-to-clean surfaces

Furniture Y Y Y

Specially designed furniture to provide a heightened sense of security (e.g. Replacement of benches by individual seats, etc.)

Lighting (natural light, artificial, etc.) Y Y Y

Adapting both natural & artificial lighting to reduce dark areas and to provide a heightened sense of security

Platform screen doors (PSD) Y Y Y This technology is fully dual as it supports both safety and security requirements

Early warning & reporting

CBR detectors Y Y Y Chemical, biological and radiological sensors placed at significant nodal public transport points

Discreet alarms (incident reporting systems) Y Y N Explosives detectors Y Y Y Help points with audio recording Y Y Y

Intrusion detectors (IR, etc.) Y Y N Especially platform and track intrusion detection systems

Public address systems Y Y N IT solutions include service update announcement systems



A B C D E F

Early warning & reporting Scanners (body, baggage, etc.) Y Y Y Smoke detection Y Y Y Surveillance cameras Y Y Y Information management

Communications (radio, telephone, satellite, etc.) Y Y Y

Hard wire and wireless (secure & non-secure to exchange data e.g. voice, e-documents, imagery, etc.) providing interaction with emergency services and mobile telephone operators

Cyber security or Information systems security (e.g. firewalls, etc.)

Y Y Y

Dedicated data processing SW Y Y Y Imagery processing SW Y Y Y Incinerator to destroy classified material Y Y N



A B C D E F

Information management

Information technology Y Y Y

IT arms transport security with real-time information, information exchange tools (e.g. e-mails, text messages, etc.) risk-related data in all urban guided contexts (trains, stations, tracks and tunnels, depots, control centers, etc.), early-warnings, pre-configured instructions to act fast and effectively, and solution-oriented options allowing enhanced decision-making

Safe to store classified material Y Y N Shredder to shred classified material Y Y N

Single shared architecture and IT platform Y Y N

To integrate 4 functional sub-systems: Control & monitoring; Passenger information or “infotainment”, Security data exchange and Networks & Telecoms System architecture should provide an integrated control & security center information system

Video-conference equipment Y Y Y Dedicated live video links are recommended between crisis centers

Wireless communications Y Y Y Especially dedicated networks in tunnels supporting crisis comms



A B C D E F

Mobility Vehicles Y Y Y Ground, airborne, etc. Resilience

Adhesive film on hard surfaces Y Y N

All-weather systems (rolling stock, tunnel systems, etc.) Y Y Y Hardened equipment to resist extreme natural hazards (snow blizzards, floods, etc.)

Anti bomb designed equipment / specially designed furniture for public spaces (e.g. vending machines, benches, etc.) Y Y N Adapted vending machines, benches,

etc. Anti graffiti varnish on porous surface Y Y N Blast-resistant material (e.g. reinforced glass, etc.) Y Y N Bomb-proof material (e.g. windows, doors, etc.) Y Y N Bullet-proof material (e.g. windows, doors, etc.) Y Y N Bunkerized facilities (e.g. reinforced, buried, etc.) Y Y N

Filtering systems Y Y Y

In the aftermath of multiple attacks, some extreme environmental conditions may affect the target’s epicentre: dense smoke and aerial particles may require on-board filtering systems

Fire-resistant material Y Y N Shields (e.g. body armour, reinforced plates, etc.) Y Y N Sprinklers Y Y N

Vandalism resistant material Y Y N



A B C D E F

Resilience Ventilation & smoke extraction Y Y Y Surveillance

CCTV Y Y Y Facial recognition Y Y N Intelligent video surveillance Y Y Y Tracking Y Y N

Video surveillance Y Y Y Training Emergency preparedness tools Y Y N Exercise tools Y Y Y Table-top & Live field exercises Simulator(s) Y Y N



Here are presented some figures related to the technological security applications in URGT used by Alstom Transport.

Figure 2. Alstom’s fully integrated on board solution


Figure 3. Alstom’s on board IP environment


Figure 4. Alstom’s security subsystems in infrastructure


Figure 5. Alstom’s integrated Control & Security Center

The integration of security subsystems within the integrated Control & Security Center is guarantee through Automatic Train Supervision (ATS) and Supervisory Control And Data Acquisition (SCADA) functions to allow superior incident management.


4. Security technologies in other passenger transport domains

4.1. Security technologies in the aviation domain

The following table of information lists and describes the main countermeasures and technologies supporting aviation security with the following considerations:

• Column A: the same categories of security countermeasures listed in the previous section are presented;

• Column B: for each category, the technologies used in the aviation domain for security purposes are listed in alphabetical

order; • Columns C, D & E: fields of activity to be checked Yes (Y) or No (N) for a given technology.

• Column F: additional note to develop a point or to describe a given technology in further detail.


Table 5. Countermeasures & technologies supporting aviation security

A B C D E F

Security category Supporting technologies

Prev

entio

n

Res

pons

e

Res

torin

g

Note

Access control

Aircraft security seals Y N N

They are seals with specific characteristics defined by both the European and Italian regulations in order to protect the aircraft. They are applied when the aircraft is parked for more than 12 hours and are put on the doors of the aircraft, over those of the passenger cabin and on those of the hold. They give indication if the aircraft has been opened.

Biometrics for staff Y Y N

In general, biometrics comprises methods for uniquely recognised humans based upon one or more intrinsic physical or behavioural traits. Biometric characteristics can be divided into two main classes:

- Physical biometrics are related to the shape of the body. Examples include fingerprint verification, iris scan, facial recognition, palm geometry recognition. They use data resulting from direct measurement of a specified human body part.

- Behavioural biometrics are related to the behaviour of a person. Examples include signature verification, voice recognition, and key stroke dynamics. They use data from a direct measurement of action.

The current standardised biometrics used for the access control of staff persons in restricted areas are facial recognition, fingerprint recognition and iris recognition.


A B C D E F

Access control

Body scanners – Microwave machines Y Y N

The use of body scanner (Figure 6) is a very important topic of discussion today. Indeed, while before the latest terroristic attack of 25 December 2009 this technology was not widely implemented at European airports, after this event a heated debate for its use has resurfaced. At present there are not precise guidelines about the use of body scanners at European airports, because Member States have different ideas about it. For some states it is considered a necessary preventive measure for the safety of flight; other states consider this tool does not respect privacy. Moreover another point at issue is precisely related to the usefulness of this equipment: truly it offers more guarantees than other existing controls, such as metal detectors and manual inspection? With regard to Italy, the body scanners have been accepted, so in the near future Italian international airports will use them starting from the airports defined ‘more sensitive’ as Rome, Milan and Venice.

CTX (Computed axial tomography) Y Y N

All hold baggage must be checked prior to boarding by special X-ray machines. They use CTX (computed axial tomography) based systems and are able to detect also explosives by looking at the density of the items being examined (Figure 7).

ETDS (Explosive Trace Detection System) – Sniffer Y Y N

An example of sniffer is an automated chemistry lab in a box. At random intervals, or if there is reason to suspect the electronic device that someone is carrying, the security attendant quickly swipes a cloth over the device and places the cloth on the sniffer. The sniffer analyses the cloth for any trace residue of the types of chemicals used to make bombs. If there is any residue, the sniffer warns the security attendant of a potential bomb. In addition to desktop sniffers, there are handheld versions that can be used to sniff lockers and other enclosed spaces and unattended luggage. The sniffers are also used to screen passengers. Another type of sniffer is presented in Figure 8.

A = Security category; B = Supporting technologies; C = Prevention; D = Response; E = Restoring; F = Note


A B C D E F

Access control

E-passport for passengers Y Y N

An e-passport is a combined paper and electronic passport that uses biometrics to authenticate the identity of travellers. It relies on contactless smart card technology, including a microprocessor chip and antenna embedded in the front or back cover, or centre page, of the passport. Document and chip characteristics are documented by ICAO.

(Perimeter) Fencing Y Y N E.g. barbed wire, concertina, double fencing Intelligent (no-key for ex.) panel / door locks Y Y N

Metal detector Y Y N

All passengers, before access to restricted areas, must be checked by metal detectors. A metal detector is a device which responds to metal that may not be readily apparent (Figure 9).

Other barriers (turnstiles, sliding doors, alarms…) Y Y N

Examples of other barriers are turnstiles, sliding doors, alarms. However in aviation security the most important barrier is called ACAMS. ACAMS stands for ‘Access Control and Alarm Monitoring System’ and it is a system which electronically controls access to doors, gates and other entry points leading directly or indirectly to security restricted areas, and which alarms relevant authority when an unauthorised entry has taken place.

Reinforced cockpit door Y Y N

After 9/11 attack, the cockpit door and related procedures (Figure 10) were changed in order to deny access to intruders. According to the last regulations, the door of the flight deck must remain closed from the starting to the shutting down of the engine after landing. During the flight, pilots should never leave the cabin, except for physiological needs. Flight attendants are required to be more independent in handling problems in the passenger cabin.



A B C D E F

Access control

RFID (Radio Frequency Identification) Y Y N

RFID (Radio Frequency Identification) technology consists of a chip, with a permanent write only once memory which transmits the data in own memory when activated by radio frequency waves from an outside inquiring and reading device. RFID is used for baggage reconciliation.

Screening for passengers Y Y N All passengers must be equipped with boarding card (or ticket, including electronic) and identity document to gain access to restricted areas.

Smart cards (multipurpose employee ID or badge) Y Y N

TIP (Threat Image Projection) Y Y N

The usual X-ray or CTX machines are enhanced with dedicated software containing an explosives threat library and false-colour coding. This system is called TIP (Threat Image Projection) and consists of the computerised and random projection of false dangerous goods during normal X-ray screening duties, to assess the individual staff ability to detect such threats. TIP should be used to enhance the performance of screeners, examining both cabin bags and hold bags, by means of projecting virtual images of threat articles into an X-ray image of a bag. TIP should inform them if they have responded correctly in identifying the virtual image of the threat article. Furthermore, the library of virtual images used for TIP are enlarged and refreshed on a regular basis, in order to take into account new threat articles and to avoid familiarity with the virtual images.

X-ray machine Y Y N All hand baggage of passengers, before access to restricted areas, must be checked by X-ray inspection. X-ray machines are used to screen objects non-invasively (Figure 11).



A B C D E F

Canine Trained dogs (sniffer, crowd control…) Y Y N Command & control Geopositioning of aircraft Y Y N

Information systems (e.g. radio communications, etc.) Y Y N

Security (operations) centre including existing HW, SW and back-up Y Y Y

In all airports there is a specific operation centre. It has the task of preserving both images coming from CCTV in airport and images from X-ray controls. Furthermore, it also stores the record of phone calls made to the operation centre itself. Instead, the real management of this information is entirely assigned to the police.

Early warning & reporting Help points with audio recording Y Y Y Information management

Incinerator to destroy classified material Y Y N Non secure & secure communications (e.g.; voice, e-documents, etc.) Y Y Y

Safe to store classified material Y Y N Shredder to shred classified material Y Y N Design Lighting Y Y Y



A B C D E F

Mobility

Vehicles Y Y N

Each airport has a rule according to which the movement of vehicles is regulated and controlled. In particular, vehicles must have a range of characteristics: company logo, banner, numbering, a specific insurance, etc. Each vehicle is screened at the entrance. The driver must have a specific license. No vehicle or person has access to restricted areas and movement areas without the authorization of airport management.

Resilience

Anti bomb zone in airport Y Y N In all airports there is a remote area (bunker) in which explosive experts can isolate a possible bomb.

Blast-resistant material (e.g. reinforced glass, etc.) Y Y N

Constraint Kit N Y N

The constraint kit is a tool designed for constraining unruly or disruptive passengers when they put at risk the safety of the flight. In fact, in case of a safety emergency situation, the restrained passenger can be freed; it is a requirement to have on board small cutters or scissors ready to be used in such situations.

LBRL (Least Risk Bomb Location) Y Y N

LBRL (Least Risk Bomb Location) consists of an area indicated by the aircraft manufacturer as an area where a possible bomb can explode with limited risks so that the aircraft can still land. Therefore, when a bomb is found on board, the procedure requires that it is isolated in this specific area, with a great number of arrangements, so as to minimize the risk for passengers.



A B C D E F

Surveillance

Behaviour Pattern Recognition Y Y N

This technology, called ‘Behaviour Pattern Recognition’, is a security technique developed to detect human irregular and suspicious patterns of behaviour that may indicate terrorist’s intention or potentially unruly and disruptive passengers. It has replaced the old HF security tool named ‘Passenger Profiling’, which was widely used in the past in some countries, specifically Israel. When it came into the United States the profiling has been judged racial, because any profiling system requires the creation of stereotypes based on existing information. Moreover the experience showed that this tool may not actually be effective. The ‘Behaviour Pattern Recognition’ is based on the assumption that when a person wants to perform an unlawful act, he/she has a suspicious behaviour which can be felt by the security staff. With respect to passenger profiling, behaviour pattern recognition teaches that more objective criteria must be used that is focused on behaviour. In fact, racial profiling is not only unethical, but also detrimental to security objectives. The passport, or other travel document, and flight itinerary contain a host of clues that tell a story, without the need to ask a passenger a single question. When screeners are faced with passengers who give some causes for concern, either due to their appearance and behaviour or due to dilemmas posed by their travel documents, they need to be able to engage with them in a conversation that will elicit the facts. The objective is to obtain the maximum amount of pertinent information in the minimum amount of time. Moreover they should consider the answers by examining how the wording used and the associated facial expression might indicate the passenger is lying.

CCTV Y Y Y CCTV are used both in airports and on aircrafts (Figure 12).



A B C D E F

Surveillance

Overhead bins mirrors Y Y N

They are mirrors (Figure 13) in the parcel shelf of aircrafts to allow flight attendants to check if shelf are empty both before boarding the passengers and after the passenger disembark on arrival to destination. This simple technology is used to prevent someone from leaving dangerous parcels on the aircraft.

People count Y Y N

The count of passengers is a very simple technology still used in aviation. The calculation is performed for the first time during check-in. Then again, passengers are counted upon boarding, namely at the gate. Finally, some companies operate passenger counting again once when the persons are aboard. If there is a discrepancy between these three counts, the procedure requires that the existence of hold baggage aboard of property of missing passenger is verified. If this baggage exists, it is immediately disembarked for the safety of passengers and crew.

Tracking Y Y N It consists of a code or a microchip that allows to draw a passenger from check-in procedure until boarding.

Video surveillance Y Y Y Training

Emergency preparedness tools Y Y N Simulator(s) Y Y N



Here are presented some figures related to the technologies in the aviation domain.

Figure 6. Body scanner (Di Renzo, 2009)

Figure 7. X-ray machine for hold baggage (Di Renzo, 2009)


Figure 8. Example of sniffer (Di Renzo, 2009)

Figure 9. Metal detector (Di Renzo, 2009)


Figure 10. Airbus reinforced cockpit door (Di Renzo, 2009)

Figure 11. X-ray machine for hand baggage (Di Renzo, 2009)


Figure 12. CCTV on aircraft (Di Renzo, 2009)

Figure 13. Overhead bins mirror (Di Renzo, 2009)


4.2. Experience from long distance rail transport

4.2.1. Regulations in force related to long distance rail transport

Rules for the security of long distance rail transport, be it national or international operations, depend on the national authorities of the individual countries within the European Union. There are no regulations in place at European level. National rules set by the individual countries are either mandatory or voluntary. Existing international rules have been brought about by bilateral agreements between countries. At EU level, CER (the Community of European Railway and Infrastructure Companies) represents the railway undertakings and infrastructure companies from the European Union, the accession countries as well as the Western Balkan countries, Norway and Switzerland. CER represents its members’ interests vis-à-vis the European institutions and other policy makers and transport actors. It covers all policy areas, including security. UIC, the International Union of Railways, is a worldwide association for heavy rail and it supports its membership on the topic of security. It set up the UIC Security Platform in 2006, empowered to develop and formulate analyses and policy positions on behalf of the rail sector in matters relating to the railway security. In its security brochure, UIC states that “the institution context may differ between countries but there is a need for coherence at European or even international level to accompany traffic development”. However, based on a questionnaire issued by the European Commission (DG Justice Security Liberty in November 2005) relaunched by DG TREN in January 2006, UIC, CER and EIM provided a common answer insisting more precisely on the following points:

• Conditions for the exchange of information aiming at an agreement on common politics without attacking the competition conditions between the actors in an opening market

• Rail transport and Urban transport have to be managed in a coherent way

• The existing information networks (within UIC, CER and EIM) must be

privileged to avoid the creation of redundant new structures

• There is a deep interest for a cooperation concerning planning design of infrastructures as well as for joint exercises have been underlined

• Coordination between the international institutions, associations and actors

involved in the sector, must be reinforced to avoid double use and to


guarantee the best spreading of needed information, allowing the railway companies to develop their policies of security in a coherent and adapted institutional environment.

In response to the 2004 Madrid train bombings, governments throughout Europe stepped up their state of alert with a consequent impact on public transport. The long distance rail sector sought to establish stronger intelligence links with governments and police forces.

4.2.2. Relevant technologies for rail security

With the exception of Eurostar which employs airport security techniques before boarding, there are no specific security technologies used in rail that might be different from the ones used by urban operators.


5. Conclusion

In this deliverable, countermeasures and technologies supporting public transport security applied to urban rail guided transport systems and aviation have been structured in categories. For each technology, the following fields of activity have been checked:

• Prevention of crime, linked to person integrity (passengers, staff and infrastructure).

• Response to criminal acts, linked to person integrity (passengers, staff and

infrastructure).

• Restoring. Moreover, a specific note has been added to provide more details about a given technology. This has been judged necessary in order to improve user understanding. With regard to long distance rail transport, research has shown that little difference exists between security measures and technologies for urban guided transport systems with respect to long distance rail systems. For this reason, only a subsection of the deliverable has been dedicated to this subject with a short description of this security mode. D8.1 shows that countermeasures and technologies vary from one sector of activity to another and are often not comparable. The technologies implemented in aviation security domain are not necessarily adaptable to urban rail guided transport systems as many of them are strictly related to the structure of airports and aircrafts and their intrinsic characteristics (close systems, stringent checks on passengers and baggage, etc.). However, other aspects of aviation security, not limited to technologies and countermeasures, offer interesting insights, suggestions and opportunities for discussion. For this reason, an extensive Annex 1 has been developed containing a number of topics of high relevance also for the URGT. The most relevant topics are:

• Role and importance of human factors in aviation security. Starting from consideration that the human factor in security is always prevailing, because everything is operated, managed and assessed by humans, the security system is presented as a multi-layer system. Each layer can be considered as a barrier. Among all barriers, the awareness and initiative of the staff is considered the most valuable barrier that can involve all the functions of a barrier system. In


addition the importance of motivation, atmosphere and satisfaction as the background of an organisation is underlined, both in the section related to ‘Human Factors’ and in the section related to ‘Critical issues’.

• Role and importance of training in aviation security.

This domain is characterised by a high staff turnover within many operators, supposedly for the frustrating and stressful working conditions and poor salaries for security staff. To work on people motivation and behaviour is described as the most effective security measure: training is judged the best preventive and reactive measure against acts of unlawful interference.

• Identification of critical issues encountered in aviation security.

The importance of the aviation issues is given by the fact that many of them seem to be equally interesting and applicable in all systems. Hence, the experience gained for their resolution in the aviation domain, which is a sector considered at a forefront from this point of view, could be partially transferred to all domains, and in particular to URGT domain.

This Annex ends with an attempt of comparison between aviation security domain and urban guided transport systems domain and the presentation of some suggestions about possible transfers. Finally, it has to be noted that the aviation security will no longer be subject of study for next tasks of the project. Moreover, in this deliverable the review of the URGT domain has been focused on technologies and countermeasures, whereas other topics of security of URGT will be addressed in subsequent steps of work inside MODSAFE.


ANNEX 1

1. Experience from the aviation domain

1.1. Scope of security in the aviation domain

In all systems, security involves a criminal intent, a wilful act to cause harm, destruction or damage. The focus of security is to deter and prevent voluntary harmful acts and acts of unlawful interferences and, if they happen, to respond and contain the adverse consequences of these acts. Hence the security involves prevention and, if the event has occurred, the reaction with the aim to counter or minimize the consequences while learning from it for future prevention. With reference to the aviation domain, security refers to the techniques and methods used in protecting airports and aircraft from crimes. It also includes all procedures as well as infrastructures designed to avoid crime problems aboard aircraft. Precisely, aviation security can be defined as a combination of measures and human and material resources to protect (prevent, mitigate, respond) civil aviation against acts of unlawful interference. In turn, acts of unlawful interference include all those acts or omissions that endanger the safety of an aircraft, an airport or a passenger. Examples of acts of unlawful interference are:

• Seizure of an aircraft on the ground or in flight • Taking of hostages on board an aircraft or in airport • Intentional intrusion on board an aircraft, in an airport or in aviation facilities • Introduction onboard an aircraft or in an airport of weapons and / or objects or

dangerous goods with the intention of committing crimes • Communication of false information to endanger the safety of an aircraft (in flight

or on ground), passengers, crews, ground staff, or the public at an airport (or in aviation facilities).

Starting from these considerations, two main lines of assessment, preventive and reactive means and measures, have been considered:


• Preventive measures to anticipate malicious activities in aviation linked to person’s integrity.

• Reactive measures against malicious activities in aviation linked to person’s

integrity. Annex 1 of the deliverable is a revision of existing approaches in the domain of aviation and ends with the suggestion of possible transfers in the domain of urban guided transport systems. The security technologies in the aviation domain are not presented here because they have already been described in a dedicated section of the document (§4.1). The Annex is subdivided into the following parts:

• The first subsection deals with the examination of existing regulations in force

related to aviation security, starting from the description of Italian legislative situation.

• The second subsection presents all aspects related to the classification and

treatment of unruly and/or disruptive passengers. Moreover, it describes which passengers can be considered potentially dangerous a priori and, for this reason, requires a specific treatment and adequate implementation of security measures by operators in the aviation domain.

• The third subsection describes the role and importance of human factors in

aviation security. In this part the security system is presented as a multi-layer system and the main factors that influence the performance of security staff are examined and taken into consideration. Finally the importance of good programmes of training is underlined.

• The fourth subsection describes all aspects concerning the training in aviation

security. In particular it focuses on : o Existing international and national regulations about training. o Requirements and skills asked to security staff and trainers. o Content, duration and frequency of existing training courses in Italy.

This section is very important because training is considered the best preventive and reactive measure against acts of unlawful interference in the aviation domain.


• The fifth subsection presents the main difficulties encountered in the domain of aviation in terms of security enhancement and, in some cases, how these critical issues have been faced and partially solved. This part is very interesting from the point of view of the domain of urban guided transport systems, because the critical issues identified in the aviation domain can be shared by other domains and the experience gained can be transferred to all systems.

• The last subsection contains some suggestions of possible technology transfers

from the aviation domain to the domain of urban guided transport systems.


1.2. Regulations in force related to aviation security

1.2.1. Italian legislative situation

While examining the Italian situation, the first result is that there are several laws, codes, regulations or international standards. They can be divided into the following groups:

• European Union (EU) regulations: these regulations are mandatory in every single State of the Union, and are a primary legal reference.

• Italian Aviation Code: during 2005, a reform of the Aviation Code has been

approved. This reform deals with the main aspects of Italian civil aviation: regulations, procedures, role of police, responsibilities of persons involved in the domain.

• Italian Civil and Penal (or Criminal) Codes

• EASA requirements / regulations: EASA (European Aviation Safety Agency) is

the centrepiece of the European Union’s strategy for aviation safety. Its mission is to promote the highest common standards of safety and environmental protection in civil aviation. The Executive Manager of the Agency has the power to take decisions which are immediately applicable in the Member States after their publication on the web site of the Agency (www.easa.europa.eu).

• ICAO Conventions and related Annexes: ICAO (International Civil Aviation

Organization) was established in 1944 by the Convention on International Civil Aviation, also known as the Chicago Convention, whose aim was to assure the safe, secure, orderly and economic development of international air transport. ICAO conventions have been introduced in Italy with the law 213/83 and the Presidential Decree 461/85, but until 2002 just few of them were issued.

• ENAC Regulations: with art. 1 of the Legislative Decree 96/2005 and further

Legislative Decree 151/2006, ENAC has been designated as the Aviation Authority responsible to implement ICAO Annexes and future Standards with its own Regulations. ENAC stands for Ente Nazionale Aviazione Civile (Italian Civil Aviation Authority) and it is engaged in dealing with the diverse regulatory aspects of air transport system. It performs monitoring functions related to the enforcement of the adopted rules regulating administrative and economical issues.

With regard to security, some international and national regulations will be now examined and described in detail.

http://www.easa.europa.eu/�


1.2.2. EU and ICAO regulations

The European Union represents a fundamental source of ruling acts with its Regulations in the security field. In fact, the security in aviation is guaranteed by a set of international rules and by the controls of their application. These rules aim at protecting persons and goods within the European Union from acts of unlawful interference that jeopardise the safety of civil aviation. On the other hand, ICAO, in quality of major agency of United Nations, has the important role to foster the planning and development of international air transport to ensure safe and secure flights. All European and ICAO regulations can be classified on the basis of the historical period they belong to:

BEFORE 2001:

o ICAO Annex 17: the dramatic increase in crimes of violence which adversely affected the safety of civil aviation during the late 1960’s resulted in an Extraordinary Session of the ICAO Assembly in June 1970. One of the resolutions of that Assembly called for specifications in existing or new Annexes to the Chicago Convention to specifically deal with the problem of unlawful interference. Hence Standards and Recommended Practices on Security were adopted by the Council on 22 March 1974 and designated as Annex 17 – Security. This Annex set out the basis for the ICAO civil aviation security programme and sought to safeguard civil aviation and its facilities against acts of unlawful interference. Of critical importance to the future of civil aviation and to the international community at large were the measures taken by ICAO to prevent and suppress all acts of unlawful interference against civil aviation throughout the world. Because this document set minimum standards for aviation security worldwide, it was subjected to careful scrutiny before undergoing any changes, additions or deletions. Since its publication, Annex 17 has been amended many times in response to needs identified by States. For example, prior to 1985, the significant threat to civil aviation was seen as the hijacking. As a result, the Standards and Recommended Practices tended to focus on hijacking rather than sabotage, in-flight attack or facility attack. By modifying existing technology and applying agreed specifications and procedures, the worldwide aviation community established a reasonably effective screening system for passengers and their carry-on luggage. Following the three-year cycle for Annex amendments, additional changes to Annex 17 were developed in 1988 which included specifications to further assist in fighting sabotage. Currently, according to ICAO, acts of unlawful interference include


sabotage, hijacking, air transport of prohibited goods and omissions. Annex 17 is primarily concerned with technical measures for the protection of the security of international air transport, requiring each Contracting State to establish its own civil aviation security programme with such additional security measures as may be proposed by other appropriate bodies. Annex 17 also seeks to co-ordinate the activities of those involved in security programmes. It is recognised that airline operators themselves have a primary responsibility for protecting their passengers, assets and revenues, and therefore State must ensure that the carriers develop and implement effective complementary security programmes compatible with those of the airports out of which they operate.

o ICAO Manual “Security Manual for Safeguarding Civil Aviation

against Acts of Unlawful Interference”: the aviation security specifications in Annex 17 were amplified by detailed guidance material contained in the “Security Manual for Safeguarding Civil Aviation against Acts of Unlawful Interference” (ICAO Doc. 8973) which was first published in 1971. This restricted document provided details of how States could comply with the various Standards and Recommended Practices contained in Annex 17. The manual has been developed for the purpose of assisting States to promote safety and security in civil aviation through the development of the legal framework, practices, procedures and material, technical and human resources to prevent and, where necessary, respond to acts of unlawful interference. Like Annex 17, also the Security Manual is constantly being reviewed and amended in light of the new trends and technological developments which have a bearing on the effectiveness of preventive measures against acts of unlawful interference. The last edition of the Security Manual comprises the following volumes:

Volume 1 – National Organisation and Administration: it is intended for the appropriate authority and provides guidance with regard to the development and implementation of a national legal framework (legal aspects, international cooperation, national civil aviation security programme, quality control, etc.).

Volume 2 – Recruitment, Selection and Training: it is intended for any entity responsible for the recruitment and training of personnel involved in the implementation of aviation security.

Volume 3 – Airport Security, Organisation, Programme and Design Requirements: it is intended for the airport operator and any entity responsible for design of the airport infrastructure.

Volume 4 – Preventive Security Measures: it is intended for all entities responsible for the implementation of an aviation security


system and consists of preventive procedures. Volume 5 – Crisis Management and Response to Acts of

Unlawful Interference: it is intended for the appropriate authority, airport and aircraft operators and any other entity responsible for crisis management and emergency response. This volume provides guidance with regard to threat and risk assessment, contingency plans, collection and transmission of information during an act of unlawful interference, and the subsequent review, analysis and reporting of any act of unlawful interference.

o Tokyo Convention (1963): formally called the Convention on Offences

and Certain Other Acts Committed on Board Aircraft, this Convention applied to offences and other acts prejudicial to good order and discipline on board an aircraft, committed while the aircraft is in flight. An aircraft was considered to be in flight from the moment when power is applied for the purpose to takeoff until the moment when the landing run ends. In detail, the Tokyo Convention was concerned with the following issues:

It ensured that when an offence was committed on board an aircraft, at least one state (that in which the aircraft is registered) could take jurisdiction over the suspected offender.

The Convention, for the first time in the history of international aviation law, recognised certain powers and immunities of the aircraft commander who on international flights may restrain any person(s) he has reasonable cause to believe is committing or is about to commit an offence liable to interfere with the safety of persons or property on board or who is jeopardising good order and discipline. The aircraft commander may also disembark the offender or, if the offence is serious, deliver him to the competent authorities of a Contracting State when the aircraft lands.

Finally, the Tokyo Convention also contained provisions relating to unlawful seizure of aircraft, powers and duties of states, and extradition in the event of an offence.

o The Hague Convention (1970): usually known as the Convention for the

Suppression of Unlawful Seizure of Aircraft, it defined the act of unlawful seizure of aircraft and it defined the following rules:

The Convention required Contracting States to make hijackings punishable by severe penalties.

It required Contracting States that have custody of offenders to either extradite the offender or to submit the case for prosecution; and

It required Contracting States to assist each other in connection with criminal proceedings brought under the Convention.


o Montreal Convention (1971): this Convention dealt with acts other than

those covered by the Tokyo and The Hague Conventions. It defined a wide spectrum of unlawful acts against the safety of civil aviation and the Contracting States had undertaken to make these offences punishable by severe penalties.

o Montreal Protocol (1988): this Protocol added to the definition of

offence given in the Montreal Convention of 1971 unlawful and intentional acts of violence against persons at an airport serving international civil aviation which cause or are likely to cause serious injury or death and such acts which destroy or seriously damage the facilities of such an airport or aircraft not in service located thereon or disrupt the services of the airport.

o Montreal Convention (1991): usually known as the Convention on the

Marking of Plastic Explosives for the Purpose of Detection, this Convention required each State Party to prohibit and prevent the manufacture in its territory of unmarked plastic explosives.

FROM 2002 TO AUGUST 2006:

The facts of 11 September 2001 showed that the terroristic attacks can threaten all nations and not only the geographic areas involved in critical situations. For this reason, many important regulations were implemented after “9/11”.

o AMENDMENT 10 TO ANNEX 17: the Amendment 10 to Annex 17 was adopted by ICAO Council on 7 December 2001 in order to address challenges posed to civil aviation by the events of 11 September 2001. It became applicable on 1 July 2002. The amendment included:

various definitions and new provisions in relation to the applicability of this Annex to domestic operations;

international cooperation relating to threat information; national quality control; access control; measures related to passengers and their cabin and hold

baggage; in-flight security personnel and protection of the cockpit; code-sharing / collaborative arrangements; human factors; management and response to acts of unlawful interference.


o ICAO Circular 288: this circular, entitled “Guidance Material on Legal Aspects of Unruly/Disruptive Passengers”, has been published by ICAO in June 2002. The main purpose of this Circular was to set out a model law on certain offences committed on board civil aircraft, in order for ICAO Member States to transpose them into their national legislation.

o EU 2320/2002: during 2002, the European Parliament has implemented

the recommendations included in Annex 17 by approving the European Regulation 2320/2002. It is the fundamental aviation security law. It has the benefit to try to define a minimum standard of requirements in Europe and to coordinate efforts of every single State and every single Operator of the Civil Aviation Air Transport. On the other hand, it allows Member States to adopt more stringent measures, given that the risk of terroristic attack is not the same in all Member States. Starting from this law, the security issue has been developed inside other EU regulations.

o EU 622/03: this regulation established some new definitions and added

more detailed aviation security requirements such as: Access Control at the Airport, Aircraft Searching and Protection, Passengers and Cabin Baggage, Hold Baggage and Cargo, Courier and Express Parcels. It has been amended by many following regulations: 68/04, 781/05, 857/05, 65/06, 240/06, 831/06, 1448/06, 1862/06, 437/07, 915/07, 1477/07.

o EU 1217/03: this regulation established common specifications for

national civil aviation security quality control programmes. o EU 1486/03: this regulation established procedures for conducting

Commission Inspections in the field of civil aviation security.

o EU 1138/04: this regulation established a common definition of critical parts of security restricted areas at airports. It required that within five years, and in three phases, all airport staff that come into contact with screened passengers and screened baggage shall themselves have been screened.

FROM AUGUST 2006: In August 2006, the security domain registered another important and perceivable activity increase: the alarm level changed back very high, when a terroristic plan in the United Kingdom was foiled. The attacks foresaw the use on board of liquid explosive. Starting from this event, new regulations were


adopted. o AMENDMENT 11 TO ANNEX 17: with this regulation, ICAO established

the figure of IFSO (In-Flight Security Officer). o EU 1546/06: this regulation introduced new rules in aviation security by

limiting the typologies and quantities of liquids which passengers can carry on the aircraft. Starting from it, the control on the passengers became more stringent and capillary.

o EU 23/2008: this regulation was another amendment to the EU 622/03. It

is related to the use of the system of image projection of dangerous articles (Threat Image Projection – TIP).

o EU 358/08: this regulation was the last amendment to the EU 622/03. It

is related to the elimination of the restrictions on the hand luggage dimensions.

o EU 820/08: this regulation and the decision (CE) n. 4333/08 replace and

repeal the regulation 622/03. It underlines the necessity to keep secret certain measures, the disclosure of which could facilitate their circumvention and the perpetration of acts of unlawful interference. It has been amended by regulation 483/2009.

FUTURE CHANGES:

o EU 300/08: the experience gained in the field of aviation security requires that new regulations are continually implemented by seeking the simplification, harmonisation and clarification of the existing rules and the improvement of the levels of security. For this reason, during 2005, the European Commission started a revision of the existing regulations in aviation security. On 11 January 2008, a final consensus has been reached among all members of European Parliament and Council. On the basis of this consensus, the regulation 300/2008 has been implemented on 11 March 2008. It will become effective on April 2010 when the regulation 2320/02 will be repealed. Given the need for more flexibility in adopting security measures and procedures, this regulation includes the basic principles of what can be done in order to safeguard civil aviation against acts of unlawful interference without going into the technical and procedural details of how they are to be implemented. The regulation 300/08 will be the fundamental aviation security law and it


establishes the following guidelines:

The acts of unlawful interference can be prevented by establishing common rules for safeguarding civil aviation. This objective should be achieved by setting common rules and common basic standards on aviation security.

The various types of civil aviation do not necessarily present

the same level of threat. For this reason, Member States should also be allowed, on the basis of a risk assessment, to apply more stringent measures than those laid down in this Regulation.

In order to define responsibilities for the implementation of the

common basic standards on aviation security and to describe which measures are required by operators and other entities for this purpose, each Member State should draw up a national civil aviation security programme.

In order to check the level and quality of civil aviation security,

each Member State should ensure the implementation of the national civil aviation security programme by drawing up, applying and maintaining also a national quality control programme.

Penalties should be provided for infringements of the provisions

of this regulation. The penalties, which may be of a civil or administrative nature, should be effective, proportionate and dissuasive.

o EU 272/09: with this regulation, general measures supplementing the

common basic standards on civil aviation security laid down in the regulation 300/2008 are defined in the field of screening, access control and other security controls as well as in the field of prohibited articles, third country recognition and equivalence, staff recruitment, training, special security procedures and exemptions from security controls.

From this description, it is clear that both European Union and ICAO perform a very important role in aviation security. The regulations from European Union are legislative acts which become immediately enforceable as law in all Member States simultaneously and do not need to be mediated into national laws by means of implementing measures. When a regulation comes into


force, it overrides all national laws dealing with the same subject matter and subsequent national legislation must be consistent with and made in the light of the regulation. On the other hand, also ICAO gives a meaningful contribution to aviation security. Initially ICAO’s security-related work focused on developing Standards and Recommended Practices for inclusion in Annex 17. Over the years, its work in the field of aviation security has broadened and today is essentially carried out in three inter-related areas: policy initiatives, audits focused on the capability of Contracting States to oversee their aviation security activities, and assistance to States that are unable to address serious security deficiencies highlighted by audits. Security audits are performed under the Universal Security Audit Programme, whose implementation began with the first security audit in November 2000. The second cycle of security audits commenced in January 2008, and is expected to conclude in 2013. ICAO’s other activities in the field of aviation security include efforts to enhance the security of travel documents and improve the training of security personnel.

1.2.3. ENAC regulations

ENAC, the Italian Civil Aviation Authority, is the Authority committed to oversee the technical regulation, the surveillance and the control in the civil aviation field. It manages the relationship with other organisations and administrators, both on national and international level. In fact ENAC represents Italy in the major international civil aviation organisations such as ICAO. Nevertheless, the core business of ENAC is doubtless represented by safety and security control. Safety is understood as the safe planning, construction, maintenance and exploitation of aircraft, as well as the skill assessment of air carriers and in-flight personnel. Security is meant as the land-side safeguard of passengers, in board aircraft, inside and outside the airports, aimed at the prevention of illicit acts. With regard to aviation security, ENAC primarily:

• Draws up the National Security Programme and related updates. • Ensures that the National Security Programme is respected. • Maintains relationship with national and international industries, in order to

favour the introduction of new technologies in security systems.

• Provides for certification of security employees and airport operators involved in activities related to security;

• Verifies that requirements for certification are preserved.


The National Security Programme aims at ensuring the security of passengers, crew members, operators and infrastructures and the efficiency of civil aviation in the prevention of acts of unlawful interference. It is organised in nine security cards which correspond to three main programmes:

• Airport Security Programme • Quality Control National Programme • Airline Security Programme.

The management of training, the definition of training courses with the related contents and frequency, and the accurate description of requirements of security staff are all issues defined in ENAC regulations. These regulations reflect the international standards described in ICAO annexes and the guidelines included in the European Regulations related to security. At the same time, they are in agreement with the national laws and decrees. The ENAC regulations related to security are the following ones:

• SEC-01 (7 October 2004): Certification and training of security instructors in civil aviation.

• SEC-02 (7 October 2004): Concession of security control tasks in airport.

• SEC-03 (7 October 2004): Instruction for the verification of technical and

professional requirements of security agencies and related employees. Training programme for security control employees.

The definition of a National Security Programme and, in general, of regulations about requirements for security domain is not enough to guarantee a good level of security of flights. Another task assigned to ENAC is to assure that all these laws, standards and procedures, including the National Security Programme, are respected. The importance of developing a programme aimed at verification of standards in aviation security is also underlined by European Union. In fact, to this regard, both the current European regulation 1217/2003 and future European regulation 300/2008 underline that the development, implementation, application and maintenance of a national civil aviation security quality control programme by each Member State are essential to ensure the effectiveness of its national civil aviation security programme and to check the level and quality of civil aviation security. In these regulations, the following specifications for the


national civil aviation security quality control programme are provided, in order to ensure a harmonised approach of all Member States:

• The quality control programme shall contain all necessary quality control monitoring measures taken to assess on a regular basis the implementation of the national civil aviation security programme, including the policies on which they are based.

• Audits to be undertaken under the responsibility of an appropriate authority are

needed.

• To be effective, audits should be carried regularly. They should not be restricted as to the subject, stage or moment at which they are carried out. They should take the most suitable forms to ensure their effectiveness.

• Penalties should be provided for infringements of the provisions of these

Regulations. The penalties, which may be of a civil or administrative nature, should be effective, proportionate and dissuasive.

In Italy, during 2004 and 2005, ENAC has started a comprehensive inspection programme based on the European regulation 1217/2003, in order to verify the quality of security in all Italian airports open to air traffic. The quality controls are performed through tests and audits by a unit whose managers are the ENAC department of security and the Ministry of the Interior. All members of this unit have been chosen on the basis of criteria defined by the European Regulation 1217/2003, are trained with specific courses and are certified by ENAC. With reference to these courses and, in general, all courses defined by ENAC for certification in aviation security, they will be described in detail later in a specific section of this annex.

1.2.4. ECAC – Role of the European Civil Aviation Conference

ECAC (European Civil Aviation Conference) has been founded in 1955 as an intergovernmental organisation. It aims at harmonising civil aviation policies and practices amongst its Member States and, at the same time, promote understanding on policy matters between its Member States and other parts of the world. Due to its close liaison with ICAO, it can be considered the unique European forum for discussion of every major civil aviation topic; it works on a range of civil aviation issues of common interest, including training activities in the security, safety and environmental fields. Unlike all other organisations and units described above, ECAC can not legislate, but it is mainly involved in audit; for this reason, its role in aviation security is very important.


With this regard, during 2003, ECAC has produced a reference document, named Doc 30, which contains the recommendations aimed at ensuring the application of Annex 17 of ICAO in all Member States. This document is regularly updated to reflect revised EU rules. In this way, ECAC and the European Union have reached a modus operandi for close co-operation with the aim of ensuring a single comprehensive aviation security policy for the Europe.

1.2.5. General remarks on regulations

The examination of regulations in force in aviation security and, in particular, of Italian situation has shown that many laws are strictly related to the aviation domain. They describe procedures, technologies and methods generally applied in the airports or on the aircrafts, whose transfer in the domain of urban guided transport systems is not totally viable. For example, some preventive procedures in aviation security are strictly related to access control, aircraft operator security, general aviation and aerial work, passengers and cabin baggage, hold baggage, special categories of passengers, cargo, mail and security procedures for other entities. Moreover, some security issues associated with aviation focus on the airplane cockpit, whereas in urban guided environments the hazard associated with passenger station is as relevant as the actual vehicles and driver cabin. On the other hand, other security aspects encountered in the aviation domain seem to be interesting in all domains and, in particular, can be shared with the domain of urban guided transport systems. For this reason, the next subsections of the deliverable will focus only on the examination of these preventive and reactive measures. In particular:

• All aspects related to the treatment of occasional or potentially unruly and disruptive passengers will be described. This reactive measure will be dealt with a particular emphasis, starting from the consideration that it must be addressed by operators of all domains.

• It is not possible to forget that, in ensuring security enhancement in the aviation

domain, great importance is given to the exploitation of the Human Factors (HFs) and training, starting from the consideration that everything is operated, managed and assessed by humans. Since human factors involves the study of all aspects of the way humans relate to the world around themselves, with the aim of improving operational performance, safety and security, this concept is equally interesting and important in all domains. For this reason, the last part of the deliverable will focus on the human factors, with special attention to training,


which can be considered the main tool for the achievement of the desirable level of security in the aviation domain.


1.3. Classification and treatment of dangerous passengers in aviation

1.3.1. Occasional or potentially dangerous passengers

This section of the deliverable is dedicated to the description of all categorisations, rules and procedures related to the treatment of occasional or potentially unruly and disruptive passengers in the aviation domain. The distinction between “occasional” and “potentially” unruly and disruptive passenger is based on the following assumptions:

• An “unruly” passenger is a passenger who can occasionally become unruly, disruptive or violent because of personal reasons or because under stress or under the influence of alcohol, drugs or group dynamics. A number of definitions are present in European regulations. In general, an unruly passenger is a person whose behaviour is manifestly abnormal and threatens to compromise the safety of a flight. In detail, he/she is a person who commits an act of:

o Assault, intimidation, menace of wilful recklessness which endangers

good order or the safety of property or persons. o Assault, intimidation, menace or interference with a crew member in

performance of duties or which lessens ability to perform duties.

o Wilful recklessness or damage to an aircraft, its equipment, or attendant structures and equipment such as to endanger good order and safety of the aircraft or its occupants.

o Communication of information which is known to be false, thereby

endangering the safety of an aircraft in flight.

o Disobedience of lawful commands or instructions for safe, orderly or efficient operations.

• A passenger is defined “potentially disruptive” if he has specific characteristics

that make him potentially dangerous for the safety of the flight. In detail, in the European Regulation n.300/2008, it is clarified that the term “potentially disruptive passenger” means a passenger who is a deportee, a person deemed to be inadmissible for immigration reasons or a person in lawful custody.


All aspects regarding the treatment of dangerous passengers in aviation deserve particular attention, since operators and ground staff are increasingly in the position of facing more and more passengers of this type.

1.3.2. Powers and responsibilities of aircraft commander

In compliance with Italian and international law, the commander of the aircraft has the authority to take any action deemed necessary for the safety of the flight and to manage unruly/disruptive passengers: every person on board shall follow the lawful orders/instructions given by the commander, even through cabin attendants. Are considered disciplinary violation or (in some case) a crime to disobey orders of the commander and instructions given by station staff, unruly/disruptive behaviour which may jeopardise the safety of the flight, of other passengers, of the crew and of station staff. The following regulations apply:

• Aviation Code/AC – Art. 1235 – Police Officers: According to art. 57 of the Criminal Procedure Code/CPC the aircraft commander is a Police Officer in regards to crimes committed on board during flight. Are thus applicable articles from the Criminal Code/CC: 336 - Violence or threat to a Public Official (imprisonment up to a 3 years) and 337 – Resistance to a Public Official (imprisonment from 6 months to 5 years).

• Aviation Code/AC – Art. 809 – Authority of the Commander: All persons on board

shall obey commander’s orders. It follows that are applicable articles: 496/CC - False declarations of own (or others’) identity (imprisonment up to 1 year or fine up to € 516) and 651/CC - Refusal to be identified (imprisonment up to 1 month or fine up to € 258).

• Law n° 468/67 (and related amendment) which implements Tokyo

Convention/1963: o The aircraft commander may impose upon a person any reasonable

measures including restraint which are necessary, when he has reasonable grounds to believe that such a person has committed, or is about to commit, on board the aircraft an offence against penal law or an act which, whether or not they are offences, may or do jeopardize the safety of the aircraft or of persons or property therein or which jeopardize good order and discipline on board: to protect the safety of the aircraft, or of persons or property therein; to maintain good order and discipline on board; to enable him to deliver such person to competent authorities or to disembark him.


o The aircraft commander may require or authorize the assistance of other crew members and may request or authorize, but not require, the assistance of passengers to restrain any person whom he is entitled to restrain. Any crew member or passenger may also take reasonable preventive measures without such authorization when he has reasonable grounds to believe that such action is immediately necessary to protect the safety of the aircraft or of persons or property therein.

o The aircraft commander may, insofar as it is necessary disembark in the

territory of any State in which the aircraft lands any person who he has reasonable grounds to believe has committed, or is about to commit, on board the aircraft an act contemplated above.

1.3.3. Categories of unruly and/or disruptive behaviour

In Italy, the categories of behaviours against the safety of the flight are defined starting from the Law n° 906/73 which implements La Hague Convention (1970) and Montreal Convention (1971). It establishes that:

• Any person commits an offence if he unlawfully and intentionally performs an act of violence against a person on board an aircraft in flight, if that act is likely to endanger the safety of that aircraft; causes damage to such an aircraft which is likely to endanger its safety in flight: places or causes to be placed on an aircraft in service, by any means whatsoever, a device or substance which is likely to endanger its safety in flight.

• Any person also commits an offence if he: attempts to commit any of the offences

mentioned in previous bullet; or is an accomplice of a person who commits or attempts to commit any such offence.

Hence the following categories of unruly and/or disruptive behaviour against the safety of the flight can be envisaged in the aviation domain:

• Smoking: for the safety and health of all persons on board, smoking is strictly forbidden. Specifically, smoking in the toilets (and in other specific areas) jeopardises the safety of the flight and thus is criminally negligent.

• Alcohol and drugs: it is not permitted to come on board in a state of drunkenness

or under the influence of drugs. Alcoholic beverages will not be served to passengers under 16 or to unruly/disruptive passengers.

• Safety equipment: it is forbidden to damage, tamper or remove safety equipments

(such as: life jackets, seat belts, etc.). Any of such behaviours may jeopardise the


safety of the flight and of other passengers and thus, being a crime, may lead to criminal prosecution.

• Passenger cabin: it is forbidden to damage, tamper or remove any on board

system or passenger cabin fitting. The company will take all the relevant legal actions, against passengers responsible for this type of actions.

• Portable electronic devices: it is strictly forbidden to use any electronic/electric

equipment which may interfere or negatively affect performances of on board systems. Their use is allowed only according to cabin crew’s instructions: with aircraft doors closed on ground, it is mandatory to make sure they are all switched off.

• Dangerous goods: it is strictly forbidden to bring on board (on the person and/or

in the baggage) dangerous goods or prohibited articles, as listed on tickets’ information and on public notices displayed in the check-in area.

• False information, offensive language and bothering behaviours: it is forbidden to

spread false information which may jeopardise the safety of the flight, to bother other passengers, crew members and station staff, to insult or undermine the authority/honour of the commander or to disrespect crew members.

1.3.4. Levels of unruly / disruptive passengers

In Italy, the behaviours of unruly / disruptive passengers are classified into the following levels of danger:

• Level 1: this level corresponds to a misbehaviour which can be brought back with reasonable likelihood. This type of behaviour occurs when the passenger is particularly angry, speaks loudly and not listening to the calls to order by the crew or other persons. The state of irritability of the passenger, at this level, has not an aggressive connotation yet.

• Level 2: this level corresponds to an aggressive behaviour with little chance of

being affected in a positive way. This behaviour occurs when the passenger enacts threats and / or heavy disturbance actions. At this level, it is reasonable to assume that the threatening attitude of the passenger can continue or even worsen despite intervention to call to order.

• Level 3: this level corresponds to an aggressive behaviour with physical violence

and / or other acts prosecuted under the legal outline. This behaviour is evident when there are attacks or damages despite having put in place interventions of calls to order.


1.3.5. Operating procedures

Threatening or offensive behaviour shall be considered not only during the flight, but also during ground operations, such as pre-boarding and boarding. In all cases, when there are situations which might jeopardise the smooth progress of flight operations or of airport activities, due to aggressive physical or verbal behaviour put in place by an unruly / disruptive passenger, the flight crew or ground staff must activate some operating procedures, use specific alerts to be delivered to the passenger and complete a report for the description of occurred facts. Regarding the transportation of passengers travelling in organised groups, in particular those categories of risk such as football fans, a preventive procedure must be activated for ensuring the identification of a responsible of the group. A specific notice must be always delivered to such responsible, so that all components of the group are aware of the behavioural rules that they must follow. As for the operating procedures related to the treatment of an unruly or disruptive passenger in Italy, they are defined as follows:

• Before flight:

o Level 1: with this type of passenger, the carrier shall determine, on the basis of occurred facts and passenger conditions, whether or not to take him/her on board. In the case of boarding, the following preventive measures shall be taken:

Careful inspection of the passenger and his/her baggage and hold luggage.

Boarding before or after all other passengers, in agreement with the carrier or commander of the flight.

Allocation of a seat not adjacent to corridors or emergency exits. Availability of restraint devices necessary in the context of risk

assessment. o Level 2: in the situation of second level, the same measure described for

level 1 is initially taken. Moreover, in case of refusal of boarding, the carrier shall inform the airport Police, providing all available details about the occurrence. In case of boarding, the behavioural conditions the unruly / disruptive passenger must observe on board shall be established with him/her and the crew shall be alerted. The ground personnel shall compile a form about the event.


o Level 3: in this case the carrier shall refuse the boarding of the passenger; promptly inform the airport police providing all the details of the events and fill out a form for the description of occurrence. In addition, the staff directly involved in the episode shall consider the possibility of denouncing the fact to the authority, collecting any evidence.

• During the flight:

o Level 1: in this level, if deemed necessary, the crew will give to the passenger a specific notice to draw his/her attention to the proper behavioural rules to be observed on board.

o Level 2: in the situation of second level, the carrier must deliver to the

passenger the specific notice in order to draw his/her attention to correct behavioural norms to be observed on board. If aggressive behaviour persists, the commander of the aircraft and the senior cabin crew shall assess the situation to decide whether to deliver to the passenger the notice of violation to the rules. Moreover the crew shall compile a form which describes the event.

o Level 3: in this case the commander of the aircraft, based on the

information provided by senior cabin crew, shall consider whether to proceed with immobilisation of the passenger by using constraint kit. In principle, the person subjected to coercion can be maintained under these conditions only until the first port of landing. This practice is however subject to the following three exceptions:

When the airport landing is not located on the territory of a State

contracting the Tokyo convention or if the authorities refuse the disembarkation of the passenger or when the flight must continue for the delivery of the passenger to other authorities.

When the aircraft makes a crash landing and the commander can

not deliver the passenger to the authorities.

When the person subject to coercion agrees to continue the flight in such conditions.

In this case, the crew shall compile a form which describes the event.

• After the flight:


o Level 1: in this level, if following the delivery of the notice the attitude of the passenger has returned to normality, no further action is needed.

o Level 2: in this level, according to the severity of the event, the carrier

shall consider whether to inform the competent authorities of the airport Police and prosecute the responsible for any damage.

o Level 3: in this case, the event shall be reported in detail by the carrier to

the competent authority of airport Police. Furthermore, the personnel involved in the event shall consider whether to lodge a formal complaint to the authorities. Finally, the carrier shall consider whether to prosecute the responsible for the damages suffered.

Here an example of notice of violation sent by the commander of an aircraft when the aggressive behaviour of a passenger persists.

Figure 14. Notice of violation for unruly / disruptive passengers (Mazzoleni, 2010)

Here an example of form for the description of the events caused by an unruly / disruptive passenger:


Figure 15. Report of unruly / disruptive event (Mazzoleni, 2010)


1.3.6. Potentially disruptive passengers

As described in the beginning of this subsection of the annex, potentially disruptive passengers are all those passengers who, for personal characteristics or for their past, can represent a threat for crew, ground staff, other passengers or equipments. The following categories of potentially disruptive passengers are identified:

• The first category of potentially disruptive passengers is given by deportees. The deportees are persons who had legally been admitted to a Member State by its authorities or who had entered a Member State illegally, and who at some later time are formally ordered by the authorities to leave that Member State.

• Another category of potentially disruptive passengers is given by inadmissible

persons. They are persons whose entry to a Member State is refused by the competent authorities and who are being transported back to their country of departure, or to any other country where they are admissible.

• The last category can be identified with persons in lawful custody. They are

persons either under arrest or convicted by a court of law who have to be transported. Persons in lawful custody shall always be escorted.

For all these categories of passengers, before departure, appropriate extra security measures are required to be taken. These measures are defined according to the Italian and European regulations. In particular, a written notification to the air carrier and to the pilot-in-command is required. It must contain the following details:

• identification of the person • reason for transportation • name and title of escort(s), if provided • risk assessment by the competent authorities (including reasons for escort or

non-escort) • prior seating arrangement, if required, and • nature of available document(s).


Moreover, these persons may also be kept handcuffed for the duration of the flight if this security measure is deemed necessary to ensure the crew and passengers the good order and safety of the flight itself.


1.4. Human Factors in aviation security

1.4.1. Multi layer security system

The term “human factors” has grown increasingly popular as the commercial aviation industry has realised that human error, rather than mechanical failure, underlies most aviation accidents and incidents. In Europe, recent accidents show serious organisational failures and lack of training. This situation highlights the human factor predominance over technical failures. In fact, despite rapid gains in technology, humans are ultimately responsible for ensuring the success, the safety and the security of the flights. With reference to the security aviation, the security system can be seen as a combination of technical, procedural and human resources to obtain a secure flight: since any single measure may be ineffective or easily defeated, only a multi-layer system can provide an effective protection through a good combination and integration of such layers of defences. Hence security is a multi-layer system, where each layer can be considered as a barrier. Security barriers can be preventive and / or protecting. Examples of some layers in the aviation security system are the following:

• Reinforced cockpit door and related locking / unlocking procedure. • Video surveillance • Human Barriers.

In all domains, the awareness and initiative of the personnel can be considered the most valuable barrier that may involve all the functions of a barrier system such as preventing, deterring, monitoring, supervising, anticipating, delaying, restraining, protecting, regulating, indicating, communicating. The last events show that this is essential to train and educate human beings in learning and anticipating the move of disruptive passengers, while considering that this is not always based on a technological level, but often involves the human factor. The conclusion is that the human factor in security is always prevailing.

1.4.2. Human Factors in ICAO documents

After 9/11 attack, ICAO has developed the subject “Human Factor” in the Annex 17, reference document already described in the previous chapter, and in the DOC 9808 – Human Factors in Civil Aviation Security Operations – issued for the first time in 2002.


Figure 16. ICAO Doc9808 human factor structure The ICAO Doc9808 scheme is taken as a guide in the comprehension of the links among the several areas involved in this field. It divides the range of influence of the HF in the aviation security in four inter-linked parts (Figure 16):

• Operators (Axis 1) • Technology (Axis 2) • Operational Environment & Organisational culture (Axis 3)


• Certification (Axis 4).

Even though each part, although interlinked, can be examined separately, they must be always considered as a whole representing more than the sum of its parts:

• Axis 1 and Axis 2 can be defined “User Focus”. • Axis 3 and Axis 4 can be defined “Regulatory Focus”. • Axis 1 and Axis 3 are called “operation-based” and deal with the everyday

operational life. • Axis 2 and Axis 4 are called “performance-based” since they set required goals to

be achieved through the use of technology and the certification of tools, procedures, security staff and organisations.

In recent years, our culture has paid more attention to technologies rather than human factors, forgetting that the first is useless without the latter, because their development alone can not represent an effective barrier. For this reason and given that the technologies (Axis 2) have already been studied in a dedicated section of the deliverable (§4.1), the next chapters will focus on Axis 1 (Operators) and Axis 3 (Operational Environment & Organisational Culture) identified in the ICAO Doc 9808 and, in general, all aspects related to human beings involved in aviation security will be examined in detail.

1.4.3. “Operation-based” axes

The “operation-based” axes include operators (Axis 1) and operational environment and organisational culture (Axis 3). With the term “Operational environment”, it is meant the knowledge and understanding of working conditions, quality of technologies and equipments, wages, professional skills of supervisors and company management. On the other hand, organisational culture means highlighting personal behaviours, company missions, corporate and organisational beliefs. The axes 1 and 3 seem to be strictly related each other, because in the human factor studies, the human being can not be considered independent from the environment in which he/she works. Areas of interest for human factor studies include: training, staff


evaluation, communication, job descriptions and functions, procedures, knowledge, skills and abilities, shift work, characteristics of environment. All these concepts are well explained and developed inside the taxonomy ADREP. A taxonomy (from Greek words taxis = order and nomos = rule) is a hierarchical classification of concepts, items, elements that build a reality. ICAO has adopted for a number of years a specific “Accident/Incident Data Reporting” (ADREP) system for the collection of information and data on aviation accidents. A development of this classification has been especially dedicated to improving the reporting of human behaviour and the new system has been called ADREP-2000 (ICAO, 2006). This taxonomy is in constant evolution and expansion so as to cover the variety of aspects that intervene in civil aviation environment.

Figure 17. SHELL architecture

The taxonomy adopted in ADREP-2000 for structuring and classifying human factors is based on the SHELL architecture. In particular, the links between persons, organisations and society are of special interest to the analysis of aviation accidents and are well captured by the reference structure of SHELL.


In the model considered by ADREP-2000, the human being (Liveware, L), plays a central role in a system made of other humans (L), environment (E), hardware (H), and software (S). The taxonomy based on this model considers therefore five major areas of analysis (Figure 17): Human (L), Liveware-Liveware interface (L-L), Liveware-Hardware interface (L-H), Liveware-Environment interface (L-E), and Liveware-software interface (L-S). These five areas of analysis can be described as follows:

• Human (L) covers all aspects associated with the individual characteristics and performances, including physical attributes, physiological and psychological issues.

• Liveware-Liveware interface (L-L) covers communications, supervision, and

checks with other persons, in the immediate surroundings of the human being at the centre of the model.

• Liveware-Hardware interface (L-H) refers to the human interacting with the

system. This includes the actual control room or working environment instrumentation, the equipment, and any supporting material which may be utilised to carry out a job or task. For example, in the case of aviation, L-H interface considers the aircraft cockpit and control panels, as well as the equipments for emergency control, such as gas masks, standards and emergency operating manuals, etc.

• Liveware-Environment interface (L-E) covers all aspects associated with the

human being interacting with the environment. This includes the physical environment, the task environment, social and company/management issues which may affect work.

• Liveware-Software interface (L-S) accounts for indirect or non-tangible issues

affecting humans at work, such as training, procedures. This part of the taxonomy is considered separately from the L-H interface, as these factors play an important role in HMI and need dedicated attention.

Both this taxonomy and the ICAO Doc 9808 underline that it is very important to focus on the interaction between human being and other elements, in particular operational environment. With respect to this matter, in aviation security, the following factors can be envisaged:


• Staff selection: the human barrier can be considered really effective only if the right person has been chosen for a specific task. Hence it is very important to detect the criteria to choose the right person, in terms of characteristics and competences required for each security function.

• Stress and workload: the security roles are under a considerable stress and the

related workload can easily increase beyond manageable limits. Additionally, a very important requirement for security staff is the ability to interact with different types of people who have different cultures. Every day the security staff has to face operation difficulties, such as time pressure, customer requests and complaints and commercial constraints. All these continuous and pressing factors often cause lapses and slips in the fulfilment of security duties.

• Team communication: the good communication between persons involved in

security tasks is another important factor which can contribute to the prevention of unlawful acts.

• Situation or security awareness: situation awareness can be described as the

perception of the elements in the environment within a volume of time and space, the comprehension of their meaning and the projection of their status in the near future. While passengers face long lists of prohibited items, security experts increasingly argue that it is passengers themselves, not the contents of their bags that need to be scrutinised. In other terms, this means that the situation awareness can be improved if the security employee has the precise knowledge of potentially dangerous behaviours.

• Motivation, atmosphere and satisfaction: the operational environment and

organisational culture are too often disregarded or underestimated, but HF studies in the safety domain highlighted the value of motivation, atmosphere and satisfaction as the background of an organisation. The security domain is characterised by a high staff turnover within many operators, which drains qualified resources from security tasks, leading to increased costs and problems related to the fact that security topics shall be kept confidential. A possible explanation for such trend could be frustrating and stressful working conditions and poor salaries for security staff. Aviation security works under preventive conditions, which aims at ascertaining that everything is normal, but this can create the perception that everything is useless. The security person often thinks to be useless because he/she performs security checks during which he/she usually finds nothing.


• Adaptation to the use of tools: the security staff usually uses specific tools and technologies, often advanced or frequently changing.

The ability to analyse such factors and find appropriate solutions has been the key element to enhance the security while taking advantage of motivated and proficient operators. The studies conducted in the aviation domain have shown that the most effective security measure (preventive and reactive) is to work on people motivation and behaviour to develop a good operational working environment and organisational culture. Training can be considered the main tool to pursue such goal. Moreover, both ICAO Doc9808 scheme and SHELL model show that all barriers must be considered in combination with others to be effective and that it is very important to consider the weakness of each of them when it is included in a barrier system. As for the weakness of the human barrier, from the studies performed in the aviation domain, the training resulted to be the key element because of its inadequacy or insufficiency in terms of time. For this reason, in the next paragraphs, training courses and related content will be examined in detail in Italian aviation security domain. In particular:

• A first part will be dedicated to the revision of existing national and international regulations about training. Some general guidelines will be provided with regard to training programmes and management of security personnel.

• A second part will be dedicated to the detailed description of requirements, skills

and competences asked for security staff.

• A third part will present in detail the content, duration and frequency of training courses, on the basis of Italian situation and regulations imposed by ENAC.

• The fourth part will describe the requirements asked for trainers in aviation

security.


1.5. Training in aviation security

1.5.1. Regulations about training

The following regulations about training can be envisaged:

• EU regulations: EU regulations contain general guidelines about training. In particular:

o Persons implementing, or responsible for implementing, screening,

access control or other security controls shall be recruited, trained and, where appropriate, certified so as to ensure that they are suitable for employment and competent to undertake the duties to which they are assigned.

o Persons other than passengers requiring access to security restricted

areas shall receive security training, before either an airport identification card or crew identification card is issued.

o All these persons involved in security tasks should have the following

requirements:

They should have successfully completed a background check or pre-employment check in accordance with national rules. Background check means a recorded check of a person’s identity, including any criminal history, as part of the assessment of an individual’s suitability for unescorted access to security restricted areas.

They should have those abilities necessary to carry out the tasks to which they are assigned.

o Training shall be conducted on initial and recurrent basis. It could be

theoretical, practical and/or on-the job training.

o The security staff shall be certified or equivalent approved by the appropriate authority; their training shall include, but not be limited to, the following security areas:

Screening technology and techniques. Screening check point operations. Search techniques of cabin and hold baggage. Security systems and access control Pre-boarding screening.


Baggage and cargo security. Aircraft security and searches. Weapons and restricted items. Overview of terrorism. Other areas and measures related to security that are considered

appropriate to enhance security awareness.

o The scope of training may be increased subject to aviation security needs and technology development. The initial training period for screening staff shall not be shorter than the ICAO recommendation.

o Flight crew and airport ground staff Security Training and Awareness

training programme shall be conducted on initial and recurrent basis. The training shall contribute towards raised security awareness as well as improving the existing security systems. The security training course for all airport and air carrier ground staff with access to security restricted areas shall be designed for a duration of at least three hours in the classroom and one hour with field introduction.

o The National Aviation Security Training Programme shall include training

requirements for the handling of unruly passengers.

o Each Member State should ensure that, upon request, Commission inspectors have access to all the documentation about the national civil aviation security programme, including the national civil aviation security training programme, and about the national civil aviation security quality-control programme.

o Appropriate measures shall be promoted to ensure that security staff is

highly motivated so as to be effective in the performance of their duties.

• Italian regulations: the specific regulations related to training for security staff are then defined by each Member State. This is the Italian situation:

o The possibility to assign some activities related to security in airports to

private agencies has been introduced for the first time during 1992, with a specific legislative measure.

o During 1999, the Ministerial Decree n.85 of 29 January has introduced the

specific rules related to the concession of security control activities to private agencies. This decree is the actual reference regulation used nowadays. In particular Annex 2-B describes personal and professional


requirements for security employees. Hence each person involved in security activities must be authorised according to the specific Ministerial Decree DM. 85/99.

o The control security activities which can be conceded to private agencies

are specified in the Ministerial Decree n.85/1999, but they are further explained and presented in the ENAC regulation SEC-02, which deals with this specific subject. These tasks should be performed under the supervision of the state police office located in the airport and under the supervision of the airport director. They are defined as follows:

Screening of passengers departing and in transit. X-ray screening, or screening with other types of equipment, of

hand luggage. X-ray screening, or screening with other types of equipment, of

hold baggage, cargo and express mail parcels.

o Each person authorised to perform security activities according to the previous Ministerial Decree should be trained on the basis of ENAC instructions. In particular, the reference document is the regulation ENAC SEC-03, which includes the content and length of time of training courses for security employees and way of certification.

o The security trainers in civil aviation must be authorised according to the

regulation ENAC SEC-01.

Now these regulations will be discussed and presented in detail.

1.5.2. Requirements for security staff

The Ministerial Decree DM 85/99 establishes the following requirements for security rules:

• In general, all persons involved in security activities shall have specific moral, personal, judicial, technical and professional requirements, skills and abilities. Moreover, they shall also be in possession of the designation of security guard.

• ENAC and Ministry of the Interior are in charge of verifying the technical and

professional requirements of security agencies and their personnel. On the other hand, the security agencies can not assigned to their employees tasks other than those for which they have received a specific training and certification.

• As for physical requisitions, each security person shall:


o be in good health from the physical and mental point of view; o not be colour-blind; o not be a consumer of drugs or alcohol; o have a good visual, auditory and olfactory ability.

All these physical requirements shall be certified by a doctor of sanitary authority.

• As for cultural requisitions, each security person shall: o be able to write and read; for some tasks, a specific diploma is also

required; o know at least a foreign language, preferably English language. The

knowledge of another language is considered preference.

• As for judicial requirements, each security person shall: o have the Italian citizenship; o have an identity card; o have reached the legal age and have performed the military service; o not be condemned for manslaughter; o have a curriculum vitae accompanied by certificates of the previous

employers (conveniently verified); o have a qualification of security guard.

• As for psycho-attitudinal requirements, each security person shall: o have ability of attention, self-control and interaction with others; these

abilities shall be verified through a specific test before the recruitment; o have attitude to perform security tasks and in particular to detect potential

threats in the behaviour of persons.

• As for professional requirements, they shall be certified by attending frequently professional courses. The content of these courses depend on the characteristic of the security task the person has been assigned to. In general, each security staff shall be trained in order to be able to:

o take the responsibility of the assigned tasks; o know the existing techniques for identification of potentially disruptive

persons on the basis of their attitude and behaviour during security controls;

o know the used technologies for security controls (metal detectors, X-ray controls, particle detector systems, etc.);

o know the techniques of controls on luggage, both hand luggage and hold luggage;

o know the techniques of interviewing passengers and related reading techniques of their behaviour.


• The nominees who have the requirements listed above shall be submitted to a preliminary test and other attitudinal tests with the objective to evaluate the following abilities:

o general knowledge; o verbal expression; o knowledge of English language; o attention, self-control and interaction with persons; o ability to perform assigned security tasks.

1.5.3. Training courses

In Italy, the guidelines about training courses in aviation security are defined by ENAC in the Circular SEC-03 of 7 October 2004, which includes the content and length of time of training courses for security employees. Each person authorised to perform security activities according to the DM 85/99 should be trained on the basis of ENAC instructions. Here are the directives contained in SEC-03:

• The holder of the security company for the sole proprietor or the legal representative of the security company must submit:

o A list of security staff, indicating for each employee the full identity and

tasks which he/she will be assigned to. o A declaration proving that employees have participated to special training

courses organised by the same company, even through outside organisations, including the description of the courses themselves and their programmes.

o A declaration of commitment to providing regular, at least once a year,

training courses for security staff. Special courses have to be organised in case of replacement of equipment used for security checks, or in presence of regulatory changes occurring in the field of control procedures.

o Indication of the criteria that are to be followed for periodic inspections of

behaviour of personnel. o An illustration of how the company intends to organise its internal quality

controls.

• At this point, the organisation can require that the professional requirements of security personnel are verified. The application must contain, for each security


employee, a statement of the task to which he/she is assigned and a proper documentation proving the possession of personal and professional requirements set out in DM 85/99.

• The training courses should be organised in modules structured into

consideration of the specific tasks for which security persons will be employed and must be conducted so as to help the creation of a highly sensitive security. At the end of each module, staff should be subjected to a test to check the level of knowledge of the topics covered in training modules. Each form must be preceded by a form of general information on subjects which should provide employees with a preparation on the organisation and the relevant national and international regulations in the civil aviation domain.

• The common module includes the following topics:

o Hints on international regulations o National legislation o Hints on international organisations (ICAO, ECAC) o Role and tasks of national bodies with regard to airport security o Objectives and organisation of national security, airport security and

relations with involved administrations o Professional ethics o Modes of behaviour toward the different types of passengers which are

checked. o Access and circulation in the airport areas o Communication systems o Statement on airport identification cards and access permissions to

restricted areas o Techniques of behaviour and action to be taken in presence of suspicious

persons or persons not authorised as well as in cases of discovery in the airport areas of weapons, explosive devices, suspicious items, dangerous goods, left baggage or packages


o Notion about the procedures for bomb threat in areas of airports or on board an aircraft

o Description of some cases of hijackings and attacks against civil aviation

occurred in the past.

• Starting from this general programme, specific modules are then defined by SEC-03 according to the security task. For example:

o The training programme of technical director must also include the

following topics, in addition to those defined in the previous bullet: deep knowledge of national security programme; knowledge of different types of equipments for security controls; information management in cases of alarm or emergency; categorisation of acts of aeronautical crimes: hijackings, sabotage, attacks and any other unlawful act against civil aviation; airport procedures for handling cases of bomb alert on board or in the airport; behavioural techniques in respect to passengers subjected to security checks and baggage screening.

o The programme of staff training in the qualification of security guard who

uses security devices to check passengers and hold baggage must also include the following topics: theoretical and practical knowledge of the operation of control equipment which are used; knowledge of techniques for reading images and screens; operational procedures in case of detection of suspicious objects, prohibited or dangerous goods.

• The training must be supervised by an experienced staff who, at the end of the

course, will issue a proof of training. This proof is necessary for certification. Different durations for courses are defined:

o For example, the training of technical director must have a minimum of 35

hours. o The programme for the training of security control staff should be carried

according to modules for a period of at least 40 hours. Staff should be subjected to practical tests of recognition of fire arms, explosives, flammable materials and dangerous goods. In case of replacement of equipment with other different characteristics, the refresher course should last at least 15 hours.

o In any case, refresher course must be at least once a year and whenever

changes are performed in the national security programme or in case of introduction of new equipments with different characteristics.


1.5.4. Security trainers certification

The art.5 of the European Regulation n.2320/2002 requires that each Member State shall develop and implement a National Aviation Security Training programme, which should include selection, qualification, training, certification and motivation of security staff. In particular, some sections of the Regulation specify the requirements and certifications that must have the instructors for Aviation Security Training. The following guidelines are provided:

• Managers developing and conducting security training for security and air carrier and airport ground staff shall possess necessary certification, knowledge and experience which shall as a minimum include:

o Extensive experience in aviation security operations. o Certification approved by national appropriate authority, or other

equivalent approval issued by the national appropriate authority; and o Knowledge in the following areas:

Security systems and access control. Ground and in-flight security. Pre-boarding screening. Baggage and cargo security. Aircraft security and searches. Weapons and prohibited articles. Overview of terrorism. Other areas and measures related to security that are considered

appropriate to enhance security awareness.

• Managers and instructors involved in and responsible for security training of security and airport ground staff shall undergo annual recurrent training in aviation security and latest security developments.

Starting from these general requirements, in Italy, the security trainers’ certification is managed by ENAC according to the outline defined in the regulation SEC-01:

• All training courses for instructors can be arranged only directly by ENAC or by

schools certified and authorised by ENAC and paid by trainers certified by ENAC. • There are different types of instructors, depending on the type of staff they should

educate.

• Instructor certification is issued by ENAC, after examination of the curriculum vitae and documentation submitted by the candidate for the staff category for which he handles the request and shows that he has acquired a specific


experience. Specific requirements for each type of certification are described in the regulation. In general, it is required that:

o These persons have covered documented senior positions, with direct

responsibilities for management of tasks continuously for a certain period of time, in the area they want to become instructors.

o These persons have performed documented specific tasks, while not holding positions of responsibility, continuously for a certain period of time, in the area they want to become instructors. In this case, the service time required by ENAC is longer. Moreover candidates must also document their successful participation to courses in aviation security and show in an interview to know the National Aviation Security Programme.

• For the training of security staff, certified instructors can also use security trainers.

In this case training must be provided by the trainer under the supervision of an instructor and the trainer must have at least one of the following requirements:

o He/she has covered for at least two years qualified position in the specific

field of activity for which he/she handles the request, in companies or State institutions.

o He/she has covered for at least two years qualified position for a sector different from that he/she handles the request, at companies or State institutions. In this case, he/she must attend an appropriate refresher course.

o He/she has gained experience as an instructor / trainer in other areas of civil aviation for at least three years and has attended training security courses of at least eighty hours, covering the content of training programmes for security staff.

• Certified instructors and security trainers must attend recurrent training courses

lasting at least eight hours every two years and when there are substantial changes to regulations or to National Aviation Security Programme.

• Certificate of qualified instructor can be issued to safety trainers who have

performed this task for a continuous period of at least five years.

• For the provision of training courses, instructors and trainers must present to ENAC, for the prior approval, the relevant programme which must meet the requirements established by ENAC and by the National Aviation Security Programme.


1.6. Critical issues

The studies conducted in the aviation domain have shown that, in spite of the great work performed with the aim of increasing the security level and the introduction of new regulations after the most outstanding events, some critical issues can still be identified:

Balance between safety and security: the objective of security is to counter terrorism, criminal acts and unlawful interferences. On the other hand, safety involves an accidental, unintentional occurrence / outcome, which nobody wants. Both involve prevention and, if the event has occurred, to counter or to minimise the consequences while learning from it for future prevention. Interference between safety and security are possible: although they have the same objective, the safeguard of all resources can be achieved only through a proper integration of the two aspects. In the aviation domain, the best example of the difficult balance between safety and security is represented by the reinforced cockpit door and related locking / unlocking procedure. This type of door, described in the section related to technologies and introduced in aviation industry after the attack of 11 September 2001, presents advantages and disadvantages from both aspects. From the security point of view, a reinforced, locked cockpit door is an excellent tool to prevent, contain, deter and reduce some acts of unlawful interference, and primarily the aircrafts hijacking situation associated with a potential suicide mission. But from the safety point of view, there are some problems: primarily, it delays the intervention for safety purposes, for example in the case of incapacitated crew members. Secondarily, it has added a difficulty in communication and interpretation of messages between cockpit and cabin. From the safety point of view, this is a critical issue. In general, in all domains, this difficult issue should be faced and the best solution should be found in any case in order to make the environment safe and secure. The aspect of security should not be ignored, because even though in the preventive phase safety may have the priority in some specific areas, in the reactive phase both aspects shall be evaluated carefully, and the security can be a higher priority on safety, due to the possibility of more catastrophic consequences. With regard to the tool of the reinforced cockpit door, a good solution from the point of view of safety was found with the use of CCTV (video cameras). Before the introduction of the reinforced cockpit door, the privileged means of communication on board was the interphone. This allowed the communication between aircrew without opening the flight deck reducing a potential attempt of intrusion by a perpetrator. On the other hand, the interphone was a very limited way to communicate and it could create miss-communication. For this


reason, the solution of CCTV has been evaluated and, even if it is a costly option, it has been introduced by many operators.

Transparency in legislative situation: in spite of many actions performed in aviation security, the current legal situation does not cover all essential aspects and the domain needs a more harmonised approach. In particular much transparency is required. The restrictions which prevent from accessing some parts of documentation seem to be extreme. In this way, the persons involved in security tasks often are not able to find information about their role and for them it is difficult to make the correct choice in a potentially dangerous situation.

Confusion of authority: the confusion of authority can be a great problem,

because in this way the assigning of roles is not well defined. The European Regulation 300/2008 orders that even though, within a single Member State, there may be two or more bodies involved in aviation security, each Member State should designate a single authority responsible for the coordination and monitoring of the implementation of security standards.

Balance with costs, efficiency and effectiveness: this difficult balance involves

both operators and passengers. From the point of view of passengers, even if preventing occurrences is the most important aspect, they also require the comfort and the punctuality of the flight. From the point of view of operators, regulations are willingly implemented if they are simple, clear, effective and paying a particular attention to costs. In fact, even if they also consider the security the main goal, in practice they have to strike a balance between an acceptable level of security and budget constraints. Currently, air carriers can be grouped as follows:

Some operators have to face, without any State / Government financial support, more restrictive certification requirements and implementation processes. It is the case of some operators of Western Europe.

Carriers of some less keen countries just fulfil the minimum ICAO

Standards.

Some other operators benefit by several and sizable Government aids and grants to implement and develop the security system. This is the case of the American carriers.

Lack of adequate incentives and salaries for security personnel: this implies a

reduction of motivation and satisfaction of work performed and high staff turnover. This issue has been also treated by the EESC, the European


Economic and Social Committee, which is a body of the European Union established in 1957. It is a consultative assembly composed of employers, employees and representatives of various other interests. With regard to security aspects, the committee deals with three main aspects:

The committee underlines that many Member States have

considerable difficulties to recruit the security personnel. This is caused by the fact that selection criteria and requirements have become more stringent in the last years, due to increasing risk of acts of unlawful interference. The main requirements are: absence of criminal record, knowledge of one or more foreign languages, level of instruction suitable for understanding security procedures and for treating potentially unruly or disruptive passengers.

The committee admits the brain drain after that the persons have been

recruited and properly trained. The profession of security employee is often judged not satisfactory for the following factors: required flexibility of working hours, high level of stress and low salaries. For these reasons, the committee encourages the distinction and professional development of security persons and underlines that this important profession should be more appreciated in all Member States.

Finally, the committee deals with the lack of harmonised approach in

the selection of security agencies by operators: since the security is an essential element for the good functioning of air transport, a more harmonised approach between all Member States in the aviation domain is necessary. Even though many common requirements have already been defined, in practice the security agencies are often chosen by operators on the basis of their cost, in spite of the importance of their role. The final objective is to reduce costs. For these reasons, EESC underlines that new regulations are needed: they should include the existing regulations and provide new guidelines for the selection of security staff.

Lack of harmonised approach in training for security staff: the importance of

training has already been described in this document: both in the safety and security domains, only an appropriate training, integrated with human factor programmes, may develop the capability to take the right decision at the right time in the right place for that specific event. The search in the aviation domain has shown that European and ICAO regulations only provide general guidelines about training for all Member States. Then each Member State is in charge of development of a national civil aviation security programme, which should include the national security training programme. It is clear that a more


harmonised approach between all Member States should be appreciable and useful for security enhancement. Additionally, today’s training programmes are much more focused on technical or countable aspects rather than HF.

The studies conducted in aviation security domain are always in progress: the experience gained in the field continually requires that new regulations are implemented or current regulations are modified. For example, after August 2006, new regulations have been introduced related to the typologies and quantities of liquids which passengers can carry on the aircraft. In the last years, these limitations have been judged excessive. Hence the European Regulation 272/2009 underlines that methods, including technologies, for detection of liquid explosives, should be deployed on an EU-wide basis at airports as swiftly as possible and no later than 29 April 2010, thus allowing passengers to carry harmless liquids without restrictions. The European Regulation 483/2009 deals with the same problem: it underlines that the restrictions on liquids carried by passengers arriving on flights from third countries and transferring at Community airports create certain operational difficulties at these airports and cause inconvenience to the passengers concerned. Also the critical issues presented in this part of the document are always studied and developed, in order to find a good solution and balance between all involved factors. In this deliverable, their importance is given by the fact that they seem equally interesting and applicable in all systems. Hence the experience gained for their resolution in the aviation domain could be partially transferred to all domains, and in particular to the domain of urban guided transport systems.


1.7. Possible transfers

This Annex of deliverable 8.1 is a revision of existing approaches in the domain of aviation. Many aspects of aviation security have been examined and described:

• the existing regulations in force; • the aspects related to the classification and treatment of unruly and/or disruptive

passengers; • the role and importance of human factors and training; and • some critical issues.

Moreover, in the first part of the deliverable, the relevant technologies related to aviation security have been listed and described. From this study, it is clear that many aspects of the domain (procedures, technologies, regulations and methods) are strictly related to aviation, are applied in the airports or on the aircrafts and their transfer in the domain of urban guided transport systems is not totally viable. Nevertheless, the same aspects of aviation that, if examined in detail, do not appear transferable to the domain of interest, when viewed from a broader point of view, offer interesting insights and suggestions for improving security in urban guided transport systems. Indeed, one can not forget that aviation has always been judged a sector which is at the forefront in the study of safety and security and all aspects within them. The experience gained in the domain is definitely an excellent tool that can be made available to all other domains. Here are listed some general suggestions of possible transfers that result from the study undertaken within this part of the project MODSAFE. Clearly, if deemed appropriate and valid, they should be further developed individually with detailed studies devoted to each of them.

1) Importance of Human Factor and Training Starting from consideration that everything is operated, managed and assessed by humans, in the aviation domain great importance is given to the exploitation of the Human Factors.


Moreover the security system is defined as a multi-layer system, where each layer can be considered as a barrier. Among all barriers, the awareness and initiative of the staff is considered the most valuable one. In particular, training is considered the best preventive and reactive measure against acts of unlawful interference. These concepts seem to be shared with urban guided transport systems and the experience gained in aviation and described in the apposite sections of the deliverable seems to be equally interesting and valid for all other domains.

2) “Zoning” concept A possible transferable technique between the aviation and the urban transport sector can be the “zoning” concept. In aviation, zoning is a widely accepted concept serving both safety and security standardisation and certification requirements and considerations. Numerous and detailed laws are dedicated to this issue. They aim at establishing a common definition of critical parts of security restricted areas at airports. Moreover, they define the rules according to which all staff and the items they carry should be screened before being allowed access to these critical parts. In this field, technologies play a very important role, because many of them are focused on access control by passengers, baggage and staff persons. In the domain of urban guided transport systems, some of these concepts are already being applied in public transport infrastructure conception and design. For example, the notion of zoning was very recently introduced in urban transport in France in the framework of on-going government-led field tests involving the detection of explosives in the concourse of multimodal stations or hubs. The idea that in the future in some stations or hubs passengers will transit through successive zones of different security levels to access their transportation means should be further analysed. It may lead if relevant to the introduction of security standards in spaces currently open to the public. Moreover, zoning is a prerequisite for the fielding of special security technologies in stations, whether this fielding is based on standardisation or research and development.


3) SHELL model

The SHELL model, taken from the aviation domain, can be considered a reference model also in the domain of urban guided transport systems because of three major considerations:

SHELL is the reference adopted in other domains strongly affected by human factor issues, such as the domain of aviation, for the classification of accidents and incidents. The data classification ADREP 2000 of ICAO is based on SHELL.

The SHELL model is a consolidated framework of reference, developed in the early 70ies, which has been validated and widely applied in other real working context

The SHELL model was known to many experts of urban guided

transport system domain and has already been used in the past for some studies.

Starting from these considerations, the definitions of the four areas of the SHELL model can be adjusted in a slightly different manner than the original meaning of each element of SHELL (Figure 18). In this way the interaction with the domain of urban guided transport systems can be more efficient. This model allows to represent the main factors influencing the engine driver performance, with reference to the interaction with environment, colleagues and co-workers, instrumentation, relationship with company, etc. The possible applications of SHELL model in the domain of urban guided transport system are manifold:

• Root Cause Analysis: it is a retrospective study which focuses on analysis of “what has happened” and analysis of accidents and incidents. In other words, Root Cause Analysis tries to explain specific events by identifying the primary causes of each particular failure, inappropriate behaviour or manifestation. The use of SHELL model for Root Causes Analysis allows the user to be very precise and specific, especially for what concerns individual and personality aspects, as well as social and contextual factors.

• Reporting / Data Collection Analysis: the SHELL model can be used for

collection and analysis of data related to events that have threatened or


endangered the safety of operations. This is usually done in order to facilitate a process of continuous increase in the level of knowledge of potentially dangerous situations and constant improvement of economic and organisational conditions in which normal operations are carried out.

Figure 18. Modified SHELL model

4) Critical issues

The part of the deliverable related to critical issues identified in the aviation domain is very interesting, because many of these issues can be shared by other domains. In particular, the experience gained in aviation, which is a sector at the forefront with regard to security, can be transferred to other systems, such as the domain of urban guided transport.

WP8 – D8.1 Review of existing means and measures for ... · Document ID: Restricted Page 1

Documents

Transcript of WP8 – D8.1 Review of existing means and measures for ... · Document ID: Restricted Page 1