Welcome to the SecAware blog

I spy with my beady eye ...

5 Aug 2015

Lessons from the aviation industry

The ICAO Global Aviation Safety Plan 2014-16 (GASP) is an extremely impressive document on so many levels.

First off, how about this for an entrance (first paragraph):
"Ensuring safety remains paramount
Continuous improvement in global aviation safety is fundamental to ensuring air transport continues to play a major role in driving sustainable economic and social development around the world. For an industry that directly and indirectly supports the employment of 56.6 million people, contributes over $2 trillion to global gross domestic product (GDP), and carries over 2.5 billion passengers and $5.3 trillion worth of cargo annually, safety must be aviation’s first and overriding priority."
Given everything that's at stake here (and just in case it escaped your notice, those are BIG numbers), "safety must be aviation's first and overriding priority".  No ifs or buts, there's absolute clarity of vision for the entire industry.  

In other words the global aviation industry has both determined and aligned itself on safety as the overriding strategic objective, eclipsing or setting aside lesser objectives such as mere commercial success, profitability, compliance, efficiency, eco-friendliness or whatever. Obviously those are important in their own right, but there is no doubt about the industry's top priority being safety.


Secondly, GASP extends more than a decade to 2027 within which are substantive near-, mid- and long-term strategic objectives building on "previous targets to reduce the number of fatal accidents and fatalities, to significantly decrease the global and regional accident rates and to improve cooperation between regional groups and safety oversight organizations".  The current version of GASP is no isolated example, but the product of a consistent strategic planning process.

Thirdly, the strategic objectives aren't hand-waving puffery. There are firm dates. The supporting text expands on the details with further explicit goals, particularly in the near term e.g. "Implementation of ICAO Standards and Recommended Practices (SARPs) related to the State’s approval, authorization, certification and licensing processes" and "four distinct Safety Performance Indicators" (standardization, collaboration, resources and safety information exchange) within a meaningful framework.

Here's a further illustration of the depth of thinking (page 6):
"Safety Information Exchange
The exchange of safety information is a fundamental part of the global plan and is required to achieve its objectives, enabling the detection of emerging safety issues and facilitating effective and timely action. To encourage and support the exchange of safety information, it is imperative to implement safeguards against the improper use of safety information. To this end, ICAO is cooperating with States and industry to develop provisions to ensure appropriate protection of safety information."
Sharing safety information within the industry is a key part of the strategy. Given the sensitivity of the information, ensuring that it is protected/secured is a prerequisite. Obvious, if you think about it. They have.

Lastly, as if that's not enough, the document itself is 80 pages long, professionally produced, a nice piece of marketing with plenty of meat behind the gloss concerning the global industry's explicit focus on safety.  

OK ... now consider all the above in relation to literally ANY OTHER GLOBAL INDUSTRY facing vaguely similar safety and security concerns: defense, power generation (including nuclear) and supply, mining, automobiles, shipping, farming, finance, IT ... When was the last time you saw anything even approximating that clarity and singularity of vision and alignment, on a worldwide scale?

'Nuff said.  Think on.



  1. There's a saying in the airline business: "If you think safety is expensive, just wait until you have your first accident . . .".

  2. == "If you think information security is expensive, just wait until your first incident ..."

    Or, more accurately, "If you think information security is expensive, just wait until you discover your first major incident ..."