The US Transportation Security Administration (TSA) made headlines in June when a Department of Homeland Security (DHS) inspector general’s report revealed weaknesses at US airports’ passenger screening checkpoints.

The report, which details “red team” undercover investigators’ efforts to bring banned items through passenger checkpoints, was classified, but ABC News reported that investigators were able to get “mock explosives or banned weapons through checkpoints in 95% of trials.”

DHS says it takes the report very seriously and is working on immediate remedies, but some technology solutions are being developed that could ultimately help fill gaps identified by the report. Long-term, such technologies should help screen passengers, bags and cargo more effectively. Even short-term, many improvements in passenger and carry-on screening are possible, according to Guido Peetermans, project manager for Smart Security at IATA. For example, centralized processing of X-ray images of carry-on bags, remote from harried screening lines, will speed things up and let image specialists focus on tasks in a quiet environment. Central imaging stations can automatically divert suspect bags, marking potential problems for quicker manual searches.

If bottlenecks then move to where passengers unpack and remove accessories, trays can be returned automatically and parallel stations for unpacking can be set up to ease problems there. Delays in repacking can be removed by extending lanes and installing sit-down repack stations.

Body scanners are better than metal detectors for searching passengers because they precisely point to the location of possible threats, such as a wrist or ankle. Scanners can check up to 360 passengers per hour, but practically process about 200 an hour, allowing time for alarm resolution. If one specialist can view multiple scanner screens, however, throughput increases to 300 an hour. Peetermans says combining current technologies gets 250 passengers per hour though the entire process, up from 150 in the period just after 9/11.

In the near future, central imagers might use algorithms for simple bag images, reserving more complex pictures for human inspection. European regulations will probably allow this in two to three years.

Computed tomography (CT) scanners for carry-on bags are also in the works. These provide much better detection while allowing complex objects to stay inside bags.

Some current technologies can also yield dramatic improvements in screening efficiency, Peetermans said. For example, Rapiscan’s flagship 620DV integrates an X-ray scanner with a computer to screen carry-on bags.

Rapiscan is also working on automating carry-on baggage tray returns to speed the process and integrate scanner data with other law-enforcement data.

Border Security

SITA will have more than 500 automatic passport control kiosks (APCs) in the US by the end of 2015, says Jorge Ramirez, business development director for government solutions. APCs scan in biographic data, take biometrics like faces and fingerprints and check data in real time with border authorities and SITA’s Advanced Passenger Information System (APIS). Passengers who clear automatic checks need answer no questions from border agents. APCs have cut congestion by 75% at Miami and Orlando airports.

Outside the US, gates rather than kiosks are used for the same purpose. Scanning works with both electronic and standard passports, and coverage is expanding. By the first quarter of 2016 the scanned passport faces will be checked against actual travelers’ faces for additional security. Vancouver Airport, IBM, Dedo, GCR, Vision-Box also offer APCs.

The US is looking at letting passengers use smartphones in their seats to scan passports, avoiding the need for even automated kiosks except to get confirmation they are cleared. Even fingerprints can be scanned by phone.

In 2016 the US will install kiosks to monitor exits as well as entrances. And SITA is working on an APIS that could track visitors as they move around hotels and in rental cars. It is also developing a website that travelers could use instead of filling out landing cards.

Rapiscan now offers Real-Time Tomography (RTT) for screening hold baggage. Current CT machines are good at threat detection, but use rotating gantries to spin sensors at 120 rotations a minute. This makes them slow and vulnerable to breakdown, Andrew Goldsmith, VP, global marketing at Rapiscan, said.

RTT uses a stationary gantry, firing off sensors in sequence, making scanning both faster and more robust. RTT has received lab certification from TSA and has been certified at the highest level in the EU. The technology will be installed in Rome, and Goldsmith expects it to win more installations as existing CT machines become obsolete.

Jason Gash, director of technical sales at Smiths Detection calls Smiths’ HI-SCAN 10080 XCT the next generation of high-speed explosive detection systems for checked bags. This model can screen 1,800 bags per hour while reducing out-of-gauge bags and manual handling. “It provides the most economical solution for airport checked baggage screening,” he said.

Air Cargo

Rapiscan is active in air-cargo security around the world. Equipment here is similar to checkpoint scanners except with much bigger tunnels, 1x1m, to accommodate pallets. Goldsmith believes the future will mostly mean better algorithms to detect new explosive substances. In addition to screening machines, Rapiscan offers software to automate screening, workflow processes and reports to government—major headaches for many carriers and forwarders.

Smiths screens air cargo with three devices. Its HI-SCAN 180180-2is Pro inspects large consolidated and palletized goods, including the maximum accepted skid size. Dual views with two powerful X-ray generators penetrate even large and dense objects, reducing re-inspection times and ensuring high throughput rates. Its HI-SCAN 145180-2is is similar but designed for inspection of air cargo transported on standard European, British and US pallets. The HI-SCAN 100100V-2is is designed for screening differently sized packages and break-bulk cargo within a small footprint. Gash says the common theme for all bag and cargo screening is continually speeding up throughput and reducing the area required for equipment.

Especially with connected aircraft, security now touches planes and airlines themselves. Cyber threats come from hackers, ‘hacktivists,’ criminal organizations and terror states, warns Bob Gourley, co-founder of Cognito. Some attacks will succeed, so systems must be designed to contain damage and detect intrusions to remove them.

Intelsat Security Officer Vinit Duggal stresses that aviation communication is not like terrestrial comm. “There are lots of moving parts, flight ops, IFE, and the pipe has mobile gateways, with drop-off and pick-ups. There is a large attack surface. Technology moves so fast that security can be left behind,” Duggal said.

Andy Beers, a director at Cobham SATCOM, urges collaboration through RTCA’s SC-216 communication security panel. “There are lots of positive developments, the industry is coming together, ” Beers said.

Aviation is far ahead of where it was ten years ago on security, according to Axel Jahn, managing director at Zodiac Aerospace. Cyber security is being designed into new systems formally from the beginning. If it’s not, “you never get rid of vulnerabilities, ” Jahn said.

The Zodiac exec emphasizes that security is not just a matter of firewalls and viruses. Content must also be protected all though the transmission chain.

Security experts agree that candor about real cyber risks will motivate top execs better than catastrophe hoaxes. “Just be honest,” Beers advises. “Don’t exaggerate.”

The risk level will go up when and if IFE systems are integrated with operating systems for communication over satellite broadband. Everybody must be very careful with how and how much these two functions are integrated. Physical separation is always the safest tactic, but economics urges some shared use.

IATA global director for aviation security Carolina Ramirez says airline operating systems are usually secure. Cyber risks come from companies contracting with airlines to provide flight management, electronic flight bags, e-enablement and air traffic management. “Entry points to be worried about are at connections with third parties, ” Ramirez said.

IATA works through the Industry High Level Group on cyber security with aviation stakeholders, especially aircraft manufacturers. The strategy is to understand the risks and cooperate to meet them. Stakeholders must share information on vulnerabilities, incidents, policies and procedures.

Ramirez says frameworks based on threats, risks and outcomes are better than prescribing specific solutions.

IATA has launched a set of tools that airlines, airports and air traffic management organizations can use to help identify, assess and reduce their chances of a cyber attack. The Aviation Cyber Security Toolkit was announced last year and provides guidance to help airlines and their partners stay ahead of those with intent to do harm through cyber-attacks. The toolkit provides a detailed analysis of the current cyber threats and helps airlines and aviation security stakeholders identify ways to protect their critical IT infrastructures. These include reservation systems, departure control, aircraft maintenance, crew planning and flight management as well as technologies for electronic flight bags, e-enablement of aircraft and air traffic management. The toolkit also includes practical guidance materials and videos. IATA has also joined with ICAO and others via the Industry High Level Group to coordinate cybersecurity activities and provide a common framework for the industry.

“We have not had the cyber equivalent of a printer cartridge plot, but we are not waiting for one to occur before moving forward. Aviation relies on computer systems extensively in ground and flight operations and air traffic management, and we know we are a target,” IATA CEO and DG Tony Tyler said last year.

“It is vital that government and industry embrace collaboration to understand and identify any threats and devise strategies to combat them. We cannot afford information silos. Regulations should be outcome-focused, not prescriptive. This is a fast-evolving threat that simply cannot be addressed with static, one-size-fits-all solutions.”

This year, IATA is assisting carriers in testing their cybersecurity, doing awareness workshops and developing version 2 of the Toolkit. It has partnered with ICAO, ACI, the Civil Air Navigation Services Organization and the International Coordinating Council of Aerospace Industry Associations on a Cybersecurity Action Plan.