Part 5 of 5 in a series on fixing aviation security.
TSA needs to embrace SeMS – Security Management Systems. SeMS is already up and running through IATA and ICAO. Here in that States, the FAA has been dragging its feet on SMS (Safety Management System) for years although it’s a proven program and already in use by the US Coast Guard, the airlines and most every other component of our industry except airports. Unfortunately, I’ve even never heard the SeMS term in any of TSA’s vocabulary and that’s sad. Why wait on a program that moves us away from chasing the soccer ball and moves us toward: everyone moving in the same direction; proactive measures; risk assessments so we’re not wasting money on “threats” that aren’t really threats; determining what works through audits and internal reporting; and instilling a real security culture (by the way, I appreciate TSA’s latest endeavor, It’s my airport, but this feeling of ownership that the program is trying to instill works better when it comes from the local level, not from Olympus). There are already local programs in place at some airports that were developed locally and therefore embraced locally – programs that SeMS can create.
SeMS may also help get the TSI regulatory workforce working more closely with the ASC and air carrier security personnel, in both word and deed, rather than trying to play gotcha games on regulatory enforcement actions. That metric needs to be reversed – the effectiveness of a TSI should not be on the most amount of enforcement actions on their airport operator but the least. We need to get the TSI on the side of the airport operator in trying to achieve the overall goal of protecting the system. The philosophy of: the beatings will continue until morale improves has never worked. With SeMS there are audit systems that can help ensure that everyone is moving the ball in the same direction, not just engaging in a shell game to avoid regulatory action.
SeMS is more about whether the mission is being accomplished, rather than whether one particular component is working. It focuses everyone on the big picture. I’d be happy to rattle off a list of airports that are already embracing this culture, but unfortunately, the vast majority of airport and air carriers will not, until it’s required. It’s not that the local ASC does not want to, it’s that many of the city councils, county commissioners and airport authorities that run your local airport, will not support something unless it’s required.
I know that TSA administrators feel that their success will be measured on whether there is an attack, but frankly, you can’t control that, no more than you can control whether a family heads out on their sailing vessel in bad weather. I encourage you to put into place measurable benchmarks that makes it as difficult as possible to attack aviation, and if it is attacked, is able to bounce back as quickly as possible. I’ve met many of your senior personnel and they are good, smart people, but don’t disregard the hundreds of ASCs and police officers who are on the front lines every day.
Like it or not, in the industry, Kip Hawleys legacy was the liquid rule and upgrades to our x-ray systems and body imaging capabilities; John Pistole’s legacy was risk-based security and not worrying about what Congress was running off to chase every other day. I challenge you to raise the reputation, and thus the credibility and deterrence level of TSA, through real industry engagement and a focus on what you can control. Like I learned in USCG OCS, the term Not on my Watch recognized that I couldn’t save everyone, but I can save a lot just by focusing on what I can control.
Good luck Sir,
Professor, Metropolitan State University of Denver and lead author of Practical Aviation Security: predicting and preventing future threats.
U.S. Coast Guard 1989-1992