.png)
Open Architecture & Aviation Security
“Open Architecture” is a decades-old, standards-based technology design approach that is already present in a range of industries—including computing, data networking, telecommunications, healthcare, and defense. It has, among other things, enabled the development of today’s ubiquitous third-party “app” economy.
But within the domain of aviation security technology, Open Architecture (OA) is an evolving and emerging concept. Industry players have embraced it in principle, but it is not yet an operational reality in many aviation security environments.
We’ve outlined below the state-of-play, key stakeholders, and important reference materials for those keen to learn more.
What is “Open Architecture”?
The Transportation Security Administration (TSA) defines Open Architecture (OA) as a “design approach in which equipment components, such as software and hardware, are standards-based and interoperable to allow a wide range of industry partners to create improved subcomponents (like new detection algorithms, user interfaces, or reporting system)”.
In simple terms, OA can therefore be understood as a system design approach that allows different security technologies, such as x-ray scanners, cameras, and threat detection software devices, and software to work together seamlessly, regardless of who made them. - TSA
Why Now?
Following the events of 9/11, discussions around increased security concerns and rapid technological advancements in the aviation security industry began to emerge. At that point, systems like surveillance, access control, and screening technologies were siloed, or ‘isolated’. In the 2010s, as a response to these concerns, formal discussions around OA gained momentum as AVSEC stakeholders in the U.S. and Europe started showing interest in moving away from proprietary isolated systems where hardware and software are linked.
In the early 2020s and with advances in machine learning and AI, the U.S. Transportation Security Administration (TSA) and a small group of airports began exploring OA as a means of enhancing flexibility and cost-efficiency, allowing operators to replace or upgrade specific system components without needing a full overhaul.
AVSEC stakeholders started perceiving OA to be an enabler for the seamless integration of new detection algorithms for specific threats such as explosives or contraband, allowing for improvements in threat detection and passenger flow efficiency. - Transportation Security Administration. (2023, July). Open Architecture Roadmap.
At this stage, wide-spread adoption and/or implementation of OA has not yet occurred based on a range of concerns we have heard over the last four years:
1. Cost and resourcing – Open-source applications may be difficult and expensive to set up and use at scale, possibly lacking user-friendly interfaces and ultimately hurting user productivity and deterring adoption.
2. Cyber risk – Open systems raise concerns about data breaches and system vulnerabilities, which would require ongoing investment and vigilance to mitigate.
3. Performance and reliability – There may be times when proprietary software, based on closed architecture that is tightly controlled by a single developer offers exceptional quality and design that cannot be matched by open systems.
4. Liability– Given the nature of the business, concerns have been raised over liability when a third-party software is used on an OEM’s product and something is missed in the screening process and/or a system goes down at a critical juncture.
In this regard, the adoption of OA presents a dilemma for security equipment manufacturers and throws up flags related to possible competitive disadvantages. As an example, the development of an Explosive Detection System (EDS) requires a substantial upfront investment and, given the relatively small size of the aviation security market, there are limited opportunities to recoup these investments while third parties benefit from the manufacturer’s innovations. The counter argument, however, is that OA can drive overall market growth by fostering innovation, positioning these companies as standard-setting industry leaders, and enhance trust with customers who value adaptability and performance. There is truth in both arguments.
Key Stakeholders
U.S. and European stakeholders involved in the OA debate include, but are not limited to:
AVSEC Operators (Airports and Airlines):
· U.S. and European airports and airlines would favor the adoption of OA if it could help lower costs or provide more flexibility. However, some remain cautious due to potential cybersecurity risks associated with interconnected systems. As well, many buyers are not clear on how to integrate an OA approach and feel more comfortable with a single provider or integrator.
Regulators (Governments):
· As both a regulator and a buyer of security equipment, TSA aims to foster a secure, interoperable environment across AVSEC technology to respond to emerging threats more readily and dynamically. European government entities, however, do not purchase aviation security equipment and have, until recently, largely steered clear of the debate. Any focus on the topic has emphasized the importance of data security and regulatory compliance, particularly through the GDPR.
Hardware vendors (Technology Providers – for biometrics or x-ray imaging, for example):
· At this stage, most OEMs accept OA in principle, seeing it as a chance to expand into more adaptable solutions. However, there remain concerns over some of the issues outlined above.
Third-party software providers:
· Third-party software providers in the U.S. and Europe view OA as an opportunity to foster innovation, enhance interoperability, and expand market access by integrating specialized solutions into standardized systems (As shown in the TSA, EOS, and ACI publications referenced above). As third-party vendors have gained momentum in the U.S. with government-funded programs, these same vendors are also seeing progress in certain European airports where OA companies have fostered productive relationships with OEMs directly.
Relevant Reference Materials
Various stakeholders, including government entities and other aviation organizations, have become more vocal about OA and its adoption in recent years, as evidenced by these industry publications and/or efforts:
A publication from TSA outlining requirements and incentives for adopting OA in aviation security. Other government entities, like the European Union Aviation Safety Agency (EASA), have also released similar reports regarding the adoption of interoperable systems.
EOS & ACI Open Architecture for Airport Security Systems
A whitepaper by the European Organization for Security (EOS) and Airports Council International (ACI) discussing OA principles and advocating for a shift towards more adaptable and integrated security systems on behalf of leading regulators, airport operators, security equipment manufacturers, and service providers. It also identifies the issues and challenges that remain around the successful deployment of solutions using OA.
The TSA Security Technology Integrated Program (STIP)
This TSA program was developed to enhance interoperability across security technologies used in the United States. The development of OA was a key part of the initiative as STIP was to establish a centralized integration platform for screening and monitoring systems at TSA checkpoints. STIP aims to foster an environment where various security systems – from luggage screening devices to biometrics – can function in a unified manner.
So where does this leave us?
As the OA debate continues, third parties are working directly with hardware manufacturers to find win-win scenarios like Europe’s recent roll-out of Automated Prohibited Items Detection (APIDS) standards and the coupling of traditional hardware with third-party detection software products for evaluation.
The future of OA largely depends on two key factors: first, whether governments decide to force OA’s implementation through regulatory means. Second, whether buyers decide to include OA requirements in their bids. Both streams are very much dependent on where OA falls on a list of rapidly evolving priorities.
For governments, OA can only be prioritized if it has a clearly demonstrated impact on security. For buyers (including TSA) to make OA a priority, it must lead to cost reductions and facilitate the deployment of more adaptable products with an equal or greater level of security. For this to happen, OEMs must be incentivized to make it work, and the addressable market and gain should be sizable enough to ensure it’s worth everyone’s while.
