Aviation security risk management

Andrew Nicholson

CEO

View profile

Andrew Nicholson

CEO

Andrew, CEO, founded Osprey Flight Solutions with the aim of driving a quantum shift in the capabilities available to the industry for security risk management, enabled by a focus on cutting edge computing techniques and data-led risk management. Recognised as a leader in the aviation security arena, Andrew frequently provides expert comment and analysis to the leading international news networks, discussing topical global aviation security issues, as well as being a regular contributor and featured speaker at numerous international industry events. In 2021 Andrew was named a Top 20 Dynamic CEO by The CEO Publication.

After graduating with a degree in engineering, Andrew spent 12 years in the Royal Navy, 6 with UK Special Forces, which included operational tours in all major conflict regions. Leaving the military at the height of the Somali Piracy phenomenon, for 3 years Andrew led the maritime and oil and gas divisions for the largest provider of maritime security in the industry. At the same time, he was a member of the steering committee and subsequent Board of Directors for the only international human rights focused initiative for the security risk management industry.

Andrew moved to International SOS and Control Risks in July 2014 to head up the aviation security team. Realising that the industry’s requirement for risk management support had changed in the wake of the MH17 disaster, Andrew co-founded Osprey, which is now recognised across the industry as the leader in open source risk management data, developing innovative tools to support all operators, no matter their size or resource, in conducting comprehensive and accurate risk management.

In a dynamic and rapidly changing operating environment for air transport, the need to maintain the strongest focus on threat intelligence remains paramount to ensuring safe and secure operations in line with ICAO Annex 17 requirements.

Gallagher Aerospace appreciate the critical nature of threat intelligence in aviation security risk management and the importance of accessing the most up to date analytics and data for informed flight operations decision making. We are committed to delivering enhanced risk management value to all our industry clients beyond the core insurance product.

With this in mind, Gallagher Aerospace are pleased to advise their collaboration with Osprey Flight Solutions, the leading provider of aviation security risk management solutions for the air transport industry. By seamlessly integrating cutting-edge technology with world-class human analysis, we believe the Osprey system is set apart as an industry resource for understanding the risks in the global aviation operating environment.

The collaboration is geared to enabling client access to this service and strengthening value to them from insurers’ appreciation of the enhanced risk mitigation this delivers.

To mark the opening of this new initiative we are now delighted to share the following thoughts on the aviation security risk environment from the CEO of Osprey Flight Solutions, Andrew Nicholson.

“We are living in a complex world. A cliché phrase I know; much overused, much misunderstood and much ignored. But, when taken at face value, it describes the biggest challenge that faces any sector that needs to understand the environmental factors at play in order to support, inform or make operational decisions.

Historically, there has not been a consistent or objective model used in security risk management. In reality, there have been as many models as there have been aviation security analysts. Every single one has had a slightly different way of viewing the world, coloured by hundreds of sub-conscious preconceptions that are an inherent and unique part of every single one of us. This has, and continues to, completely undermine the true value of security risk management in the aviation sector.

Static risk assessments, subjective analysis, the lack of quantification and data supporting analysis all lead to the perception (usually, if not entirely correct) that security risk assessments or analysis are simply someone’s ‘opinion’ and can therefore, even if sub-consciously, be dismissed in favour of an assessment that better fits the requirement or that doesn’t pose the same internally political challenges. If an external organisation assesses an environment as EXTREME risk, and the internal policies or perceptions mean that the word EXTREME will have a significant operational (and commercial) impact, then that assessment, even if it is the best assessment that has ever been conducted, can be dismissed as opinion (because it is) and superseded by an internal assessment that is more acceptable and therefore will have less of an impact.

It is not surprising that we are in this situation. Dealing with all these challenges requires an Herculean effort firstly to reject the status quo, harder still to admit that we were wrong and even harder still to be unrelenting in our self-criticism. Practically it requires the development of new tools to enable us to firstly better understand the environment through the creation and maintenance of models that are complex enough to reflect reality in a useful way, but simple enough to understand quickly and effectively, and secondly that can communicate that understanding in an operationally useful way. But most importantly it requires data to fill those models. Massive amounts of data.

In the last decade the amount of data created, captured, copied and consumed worldwide has exploded. In parallel with this, AI capabilities to ingest, understand, analyse and monitor huge amounts of data have developed exponentially. It was inevitable that, at some point, we would hit a tipping point when the amount of open source data and the computing power would both be sufficient to create a model of the aviation security environment sufficiently complex to adequately reflect reality,which could be visualised and utilised in a way that would make it both understandable and operationally effective.

We hit that point about 5 years ago.

We have a model of the global aviation security environment that reflects reality sufficiently that it can forecast even relatively minor changes in the risk. This is very clear in dramatic events. For example, Osprey’s data and analysis isolated the risk of misidentification and shootdown, and we advised against all flight operations within FIR TEHRAN almost 2 hours prior to the regrettable loss incident involving flight PS752, not to mention our circulation of all the alerts and data that was available and highlighted the escalation. But it is also the case for monitoring changing dynamics within an existing situation:

Saudi Arabia – Abha Airport

The military conflict between the Saudi-led coalition (SLC) and Yemeni Houthi rebels has been ongoing since March 2015. Surface to-surface missile (SSM) and drone attacks against the southwest provinces in Saudi Arabia dropped significantly following peaks in August-September 2019 and remained at consistent levels through 2020. However, there was a sustained increase in such attacks and downings since the start of February 2021. Based on the significant increase of drone and SSM strikes as well as shoot-downs both inside the southwest provinces (Asir, Jizan & Najran) as well as over multiple areas deep inside the interior of the kingdom in early 2021, Osprey assessed there was an increased likelihood of further deterioration of the airspace operating environment over Saudi Arabia in the months ahead. Osprey issued dozens of alerts during this period and raised our airspace risk levels for Saudi Arabian airspace in early 2021. Our alerts allowed the industry to make informed decisions on flight operations within the kingdom amid a dynamically evolving airspace risk environment over Saudi Arabia.

Changing the conversation

The European Union Aviation Safety Agency (EASA) shares the belief that a cooperative partnership within the aviation community, where continuous, dynamic, comprehensive and consistent information sharing becomes the industry standard, is critical for the future of flight safety and security. In early 2021, Osprey was selected as EASA’s partner in developing and supporting The European Information Sharing and Cooperation Platform on Conflict Zones. Through their commitment to information sharing, they have achieved what no other government or regulatory body has ever achieved in the history of aviation; a platform that provides a consistent view of all airspaces in which there is a threat or risk to aviation in flight, along with the ability to engage and discuss across the industry within a secure forum.

Now the challenge is to get the wider industry to be open to that same self-awareness that is needed to move towards a more globally consistent view of aviation security risk, to understand the security environment better and be able to avoid or mitigate those risks effectively and efficiently.

We all have to admit that there is a better way of doing this. We need to change the conversation.”

Gallagher Aerospace sees the collaboration with Osprey as an important investment in supporting our clients around a critical area of their operations and risk profile. Both Osprey and Gallagher Aerospace are registered strategic partners of IATA and Osprey are not only active on projects with them but also have industry engagement for their services with several leading regulators including the TSA and EASA as well as a number of major airlines.

Article originally published in Gallagher’s Plane Talking Q1 2022. (https://www.ajg.com/uk/news-and-insights/2022/january/plane-talking-q1/)