In the months and years following the tragic shootdown of MH-17 over Eastern Ukraine, some very serious questions were left hanging over the industry. How did this happen? What can we do to ensure it doesn’t happen again? It was rapidly clear that it had been a failure in risk management, a failure to understand the threat that existed in that airspace. Very quickly, and understandably, eyes turned to governments and regulating bodies and the demands were unequivocal. In April 2015, ICAO launched the Conflict Zone Information Repository (CZIR) with the intention of providing a mechanism through which governments could share threat intelligence with the industry. It was a good initiative, with all the right intentions. But ultimately, it failed. We should not have been surprised.

In his opening remarks at IATA AVSEC World 2015 (15 months after the MH-17 tragedy), Tony Tyler, then CEO and Director General of IATA stated: “…governments must provide authoritative, accurate, consistent and unequivocal information about security threats in order for airlines to manage the risks of flight operations effectively. This is a government responsibility.”

Looking back on my notes from a session on conflict zones during that conference, the themes were clear. Governments must share comprehensive conflict zone threat intelligence with the global aviation industry in a timely manner. This is a government responsibility because only they, through their intelligence gathering capabilities, have the information that is needed by the aviation industry to properly understand the threats and risks that aircraft face when overflying conflict zones. Governments with more developed intelligence gathering capabilities must help others through capacity building, to ensure that there is globally consistent provision of such threat intelligence. Other than attempts through a few very limited initiatives, none of these issues were resolved.

Over the following years, the message remained the same, rising and falling in volume as conferences and document publications reminded us all that the problem hadn’t been solved. And then, just in case we were in any danger of ever forgetting it, the tragic shootdown of PS752 in January 2020 made it very clear that whatever progress had happened in the previous six years was not enough. Surely this was one tragedy too many. Surely the loss of another 200 passengers and crew was enough to spur governments into action.

Two years later and, once again, other than a couple of limited initiatives, nothing.

Then, in early December this year, I attended a webinar on Conflict Zone Overflight. Participating were some of the leading organizations in the aviation industry. The themes in this webinar were again clear. Governments must get better at sharing comprehensive conflict zone threat intelligence with the global aviation industry in a timely manner and use capacity building to grow this capability globally. Sound familiar?

I imagine there is a large amount of eye rolling occurring amongst readers right now, waiting for the expected vitriol against governments. In fact, I sincerely hope there is a lot of eye rolling occurring as it would demonstrate that we all inherently, even if subconsciously, know the same thing, the real point, the truth of everything I have said: this is not a failure of governments.

This issue of the lack of progress in governments sharing threat intelligence is not their failure. It is ours as an industry. It is ours because we have failed to progress or to realize and accept reality. We have failed because we continue to shirk our responsibilities, and to deflect accountability for these failures onto governments.

Over the last seven years we have listened to the same mantra that governments need to get better at information sharing, as though this is the silver bullet that is going to solve all of the challenges facing aviation risk management. This just simply isn’t the case. In fact, it is a complete rejection of reality, which is that governments just do not have the breadth or depth of information and intelligence that is an absolute requirement of robust risk management.

Every state has a limit to their intelligence gathering and intelligence may well identify specific threats, but these are flawed, highly subjective and limited sources that cannot provide the continuous, consistent reporting that is painfully needed by our industry and is an absolute requirement of robust and effective risk assessment. This is true of states that have developed intelligence gathering capabilities, let alone those that haven’t. Every state has a different level of capability and capacity and, if we rely heavily on state provided intelligence, it injects a massive level of inconsistency across the industry. This has been demonstrated time and time again. The NOTAM system and differing approaches to aeronautical information service provision, especially with respect to conflict zones, highlights this inconsistency in its starkest form. It’s all well and good if you are an operator from one of the handful of countries that can provide support, but what about everyone else? On what do you base your operational decision making, especially when consistency across the leading national and supra-national bodies is, at best, rare?

Again, this is not a criticism of governments at all — they are limited in money and resource and have very specific priorities on which they must focus. We can’t blame them for this, but we must deal with it.

As the shootdown of PS752 tragically demonstrated, the truth remains. As an industry we need to get better at understanding the risks faced by aircraft flying over and near conflict zones and we need to get better at communicating them across the entire aviation system. If governments are unable to achieve this, we must rely on ourselves to create the frameworks, mechanisms and tools that are acceptable across the industry and that will, with time, effort and commitment, provide an agreed picture of the risks.

So What Do We Do?

The challenge here is not whether the data, information and intelligence are available, they are. The sheer volume of consistent open source reporting is phenomenal. Data and information on the dynamics of conflict zones, from the proliferation of anti-air weaponry, to airstrikes, to weaponized and militarized drone usage, to rocket and missile launches and attacks against anything in flight, to evidence of command and control, training and logistics is accessible through comprehensive open source exploitation.

The challenge is therefore threefold. Firstly, and probably the hardest part, is to admit we have failed, to accept our own responsibility for working towards and finding solutions, to stop blaming others for our inertia in innovation. If we can do this, we have made a huge leap towards success.

Secondly, is to simplify the inconceivable complexity of the global operating environment into a simulation, a model that can be understood and communicated and therefore can inform operational decisions. Thankfully, this has already been achieved.

Considering this complexity, emails, pdf documents and phone calls simply aren’t going to cut it. “Governments need to do more” has been said over and over since 2014. The same goes for “NOTAMs need to be fixed”. The solution to this issue is currently being found in technological innovation and data science applications combined with highly technical human expertise. Developments in AI and geospatial/data visualizations make this, perhaps not easy, but eminently doable.

Therefore, thirdly, more importantly, and much more difficult, we need to come together as an industry, to find a common and consistent way of working. Any solution has to be based on data, methodologies and technologies that are accepted, agreed and trusted across the industry, an industry that is currently fragmented in these efforts.

There are many organizations that are, largely independently, trying to drive the conversation about conflict zones and information sharing: ICAO, EASA, IATA, EGRICZ, Safer Skies, Dutch Safety Board, not to mention all the national aviation authorities that have their own programs. The challenge is harder still because every organization and every country has its own risk appetite and its own assessment based on the specifics of their individual context. That will never change, but there is still space for global consistency, particularly in threat and risk identification. Fundamentally, until we can come together as an industry and work together on a single mission to properly identify and understand the risks that aviation faces in overflight, there will never be consistency in approach.

So, we need a collective buy-in towards developing a solution that embraces speed, accuracy and transmissibility. We don’t need to get more people talking about threats to aviation, we need to harmonize collective efforts in developing systematic risk management. We don’t need more information sharing, we need to revolutionize the collective technology used for disseminating threat/risk intelligence and make it accessible to the aviation industry at scale. If we can come together as an industry and create such a solution, then we succeed. A tall order, but not, I firmly believe, impossible.

Here’s my challenge. Let’s change the conversation. Let’s stop demanding the unachievable from someone else as an excuse not to do anything ourselves. Let’s work as a cohesive industry. Let’s behave like the professional risk managers we profess to be and throw politics and agendas away, be honest about our own capabilities in an unrelenting pursuit of ways to better, more objectively, more consistently understand and communicate the risks aviation faces. Are you in?

About Osprey Flight Solutions

Founded in 2017, Osprey fuses real-time information, technology, and industry-leading expertise to deliver the most advanced aviation risk analysis available anywhere. Our revolutionary data-driven approach provides instant situational intelligence to power dynamic decision making. Being able to see, understand and react to threats as they emerge sets a new standard for ensuring the safety and security of passengers, crew, and aircraft. Because risk isn’t static in a fast-moving, turbulent world.

Article originally published in the winter edition of Transport Security International (TSI) Magazine. (https://www.tsi-mag.com/accepting-reality-why-are-we-still-asking-the-same-questions-about-overflight-risk/)

About the author

Andrew Nicholson CEO

Andrew, CEO, founded Osprey Flight Solutions with the aim of driving a quantum shift in the capabilities available to the industry for security risk management, enabled by a focus on cutting edge computing techniques and data-led risk management. Recognised as a leader in the aviation security arena, Andrew frequently provides expert comment and analysis to the leading international news networks, discussing topical global aviation security issues, as well as being a regular contributor and featured speaker at numerous international industry events. In 2021 Andrew was named a Top 20 Dynamic CEO by The CEO Publication.

After graduating with a degree in engineering, Andrew spent 12 years in the Royal Navy, 6 with UK Special Forces, which included operational tours in all major conflict regions. Leaving the military at the height of the Somali Piracy phenomenon, for 3 years Andrew led the maritime and oil and gas divisions for the largest provider of maritime security in the industry. At the same time, he was a member of the steering committee and subsequent Board of Directors for the only international human rights focused initiative for the security risk management industry.

Andrew moved to International SOS and Control Risks in July 2014 to head up the aviation security team. Realising that the industry’s requirement for risk management support had changed in the wake of the MH17 disaster, Andrew co-founded Osprey, which is now recognised across the industry as the leader in open source risk management data, developing innovative tools to support all operators, no matter their size or resource, in conducting comprehensive and accurate risk management.

Bring operational risk management through innovation and technology to your organisation

Contact Us