Airports Seek Economic Freedom

SAN DIEGO — During a press conference at the annual Conference & Exhibition here put on by Airports Council International-North America, chair Frank Miller, director of the San Antonio International Airport, spoke of “Operation Moses” — ACI-NA’s...

When asked if he was optimistic that a long-term reauthorization bill is on the horizon, Principato comments, “No. I’m more optimistic we’re not going to have a shutdown. That didn’t cover anybody in glory. But I’m not optimistic about a long-term extension – a brand new reauthorization bill.

“We’ve been pushing for just a straight two-year extension. Then after the next election we’ll come back and start again. If you do a straight two-year extension there’s nothing to stop the powers that be on the Hill sometime next year to come to an agreement and passing it.

“It’s kind of sad to think that we were celebrating a four-month extension – the longest extension in over a year and a half. In the system that is set up, so many have to depend on Washington. Airports like Kalispell, MT losing a whole construction season just because of a few-week extension. The northern half of the country has really taken a beating there.

“The FAA’s taking a beating too. I don’t know how they’re doing their job; it’s terrible.”

Safety Management Systems

Meanwhile, among the conference sessions, FAA’s pending guidelines on SMS continues to be a hot topic.

David Bannard, a partner at Foley & Lardner LLP, says safety management systems will be one of the most significant regulatory changes for airports in the last 20 years. The ‘substantial’ new regulatory requirements mean a potentially heightened liability for airport sponsors, he relates.

According to Bannard, SMS will require a cultural change as well as a significant commitment of resources by airport sponsors, including: development and implementation of a complex new program; use of additional resources and staff; an exercise in identifying and mitigating potential safety hazards; and coordination with disparate SMS programs on the airport setting.

Despite industry concerns, says Bannard, SMS is still coming. What can airports do to prepare? Bannard offers the following advice:

- Perform due diligence review and revise as necessary with regard to rules and regulations; leases and other agreements; organizational structure (How will SMS fit into existing organization?); use or obtain authority to indemnify accountable executives.

- Incorporate safety risk analysis into project planning and design at early stages.

- Consult with counsel regarding ways to protect SMS data from inappropriate disclosure.

- Identify resources required to implement SMS, both internal and external.

- Strengthen relationships with FAA, develop budgets, and begin to implement SMS now.

Cyber Security

On the topic of cyber security, Los Angeles World Airports’ chief information officer Dom Nessi provides information regarding how vulnerable airport IT systems can be.

Cyber security is “the protection of personal or sensitive information, or any form of digital asset stored in a computer or a digital memory device,” comments Nessi. “It is also the protection of physical IT assets from random attacks targeted to destroy or disable computing power.”

According to Nessi, airports need to protect against simple malicious codes called malware and spyware, and serious viruses that can wipe out a system. Because aviation continues to be the target of terrorists, and it is highly dependent on and driven by computer systems, e-enabled aircraft will present a new challenge.

From an airport standpoint, “Imagine the ripple effect at a large hub airport if someone could work their way into the baggage transition system and reroute luggage all over the world,” remarks Nessi. “It could bring the system to a grinding halt with both economic and security consequences.”

Four components – the network, the device, the application, and the back-end system - are vulnerable and each requires a different approach to security, he adds. Airports can be proactive by getting configuration management under control; installing anti-virus software and keep it updated; launch a ‘social engineering awareness’ campaign; and test your own systems often, explains Nessi.

We Recommend