Airport access control standards

This paper cover a major airport security focus since the tragic events of 9/11; namely employee access to secure areas, and the application of new technologies (biometrics and smart cards) to enhance airport security. The significance of access controls systems to airport security is apparent by several recent studies made by US federal oversight entities, which identified "unauthorized access" to secure areas as one of the highest potential vulnerability. As a consequence, deployment of biometrics and other new technologies were emphasized by US legislation shortly after 9-11. Although the new legislation for creating the US Transportation Security Administration focused on passengers and their baggage screening, equal importance was placed on airport access controls with potential new multipurpose applications such as a transportation worker identity card and trusted traveler card. Existing access control systems at US airports were based on a series of regulatory requirements and guidelines, which did not reflect this increased security requirement. Accordingly, a federal advisory committee under the RTCA (Radio and Technical Commission for Aeronautics) was established to set an appropriate set of guidelines and minimum standards to meet the new requirements. This paper discusses the process used to establish new guidelines and minimum standards, and the results of the process, and its importance to airports. The guidance provided various airport security stakeholders, namely airport operators, consultants and federal regulating agencies, on the areas of operational requirements, system and subsystem performance, system verification and validation are described. Critical technical issues such as nature of the credential, nature of the biometrics, and interoperability requirements within the USA and elsewhere, are elaborated. Finally, lessons learned from the previous generation of access control systems implementation difficulties: including poor specifications, environmental susceptibility, system verification, system phasing and limited planning for future technology, are discussed.