GUEST EDITORIAL By DAVE HOOK
Each time I read of a new security proposal that will impact general aviation, I feel like keying the mic button and saying, “Washington, we have a problem.” You know, just to see if anybody’s listening.
That’s because our freedom to fly is at risk.
Risk — now that’s a word that’s used a great deal, however, I don’t think its meaning is understood when it comes to security. When someone or something that we value can be taken away from us, denied to us, damaged or destroyed, it is at risk.
The reason why it is at risk is another matter. Perhaps Mother Nature takes the form of a tornado or hurricane and puts us, our families, or something that we want to protect — like an airplane or airpark — at risk. The cause behind the risk is the threat.
Threats are real and substantial. Threats are the reason we purchase insurance. Insurance companies rate how likely we are to suffer a loss from a threat. They call these ratings exposures. Well my fellow aviators, we are exposed. And it’s not to Mother Nature.
Threats — other than those from the environment or weather— are caused by human beings. Threats cause us to make changes to our plans and actions. If you agree with the report submitted by the Inspector General of the U.S. Department of Homeland Security on threats and general aviation, then you already know that it states, “We determined that general aviation presents only limited and mostly hypothetical threats to security.” But we’re being told that we should make changes to our plans and our actions when it comes to flying. So what threat is the force behind the proposed changes?
Last year at about this same time the general aviation community sent a clear message to Washington: We didn’t like the proposed Large Aircraft Security Program. It was too expensive. It was too invasive. It was too burdensome. So what happened afterwards?
Security Directive 08G happened. Those of us who keep our aircraft at commercial service airports — airports that are required to comply with TSA-approved security programs because they have scheduled airline service— were required to submit to criminal history records checks and obtain airport badges at our own expense. The background checks and badging requirements were part of the very same elements listed in the LASP. So who wouldn’t take the “no” for an answer that was clearly given by the 7,000-plus negative responses from the taxpayers?
I do risk assessments professionally. There are three different elements involved in an objective risk assessment. Consequence is the value an asset has. If there’s no value in something, why waste time and resources protecting it? Next, there’s the threat. Threats make use of a particular tactic to exploit a vulnerability, which is the third element used in a risk assessment. Why is vulnerability important?
I have some bad news. The world is full of vulnerabilities. I’m vulnerable to being killed by a crashing satellite. What keeps me from building an underground bunker and living like a mole is the knowledge that the probability an orbiting satellite (the threat) could come careening down and kill me by imparting a lethal dose of kinetic energy (the tactic) while I’m not surrounded by a structure that would protect me (my vulnerability) is extremely small. We make adjustments to our plans and actions based upon the level of risk. It’s because of that extremely small and mostly hypothetical threat that I don’t spend the money to build an underground shelter and hide from those pesky satellites.
The airplanes we own, rent, rent out, or fly on behalf of others are valuable. If they weren’t, we probably wouldn’t bother paying our various aviation insurance premiums. We know that our aircraft are vulnerable to damage from all sorts of things: hail and hammers, sticks and stones, even crazed café cooks with can openers.
Our challenge is in knowing the threat and the specific tactic that particular threat would most likely use. The worst case threat against which we design a system of security is known as the Design Basis Threat. Remember the report that says the threat is “mostly hypothetical” — that means there’s no Design Basis Threat. And since no one is sharing any threat information to the contrary, the only threats to general aviation seem to be coming in the form of Notices of Proposed Rulemaking.
Don’t spend a dime on security based upon vulnerabilities alone. You’d be throwing your money away. Spend money on security only when there’s a risk. If there’s no threat, then there’s no risk.
So the next time someone proposes a mandatory security program for general aviation and doesn’t share the Design Basis Threat, it’s time to key the mic and say…“Washington, we have a problem.”
Dave Hook, an expert on general aviation security, is president of Planehook Aviation Services, LLC in San Antonio, Texas.