Since June 2004 the aviation security regime in Australia has been intensified and expanded. The regime has been intensified by upgrading several layers of the old regulatory regime, such as background checking, access and screening requirements. The regime has been expanded by widening the criteria of aviation industry participants required to meet minimum regulatory standards.

All parties associated with aviation transport, regulator and regulated alike, supported the necessity of a risk based approach to security so that appropriate resources are assigned to meet identified levels of threat.

DoTaRS stated:

The key principle underpinning the development of these [maritime and aviation] preventative security regimes is that, regardless of mode, security measures must address identified risks.¹

Qantas expanded on what it saw as fundamental to a risk based approach:

we really need to come to an outcomes based regulatory approach where the means of the outcome is not necessarily prescribed; it is the outcome that is prescribed.²

Although all parties agreed on the desirability of a risk based approach, some aviation industry participants and peak bodies criticised DoTaRS’ implementation of the regulatory regime on the grounds that:

• either the regime remained too prescriptive and rigid; or
• the regime relied too much on unguided self-assessment by regulated parties, which introduced an unacceptable degree of uncertainty for them in whether proposed measures would meet minimum required regulatory standards.

Implementing a risk based approach

Some aviation industry participants claimed that elements of the security regime remained too prescriptive, which promoted undesirable inflexibilities in the regime.

Qantas expressed a reservation that:

the regulator’s adherence to this [intelligence-led, risk-based and outcome-focused] model has faltered from time to time.³

Claims of the inadequacy of relying on the reporting of regulatory breaches to deliver security outcomes was supported by the operator of Melbourne International and L au nceston Airports, Australia Pacific Airports Corporation (APAC):

The DoTaRS compliance auditing system concentrates on one off issues and … does not consider the effectiveness of systems which support aviation security.⁴

DoTaRS referred to the limits inherent upon a regulator in implementing a risk based approach in aviation security by citing its role as prescribing:

a set of minimum standards to be achieved by operators in the implementation of preventative security measures.⁵

Aviation industry participants identified the expansion and upgrading of the regulatory regime in the regional sector of the industry as a particular area in which the risk based character of aviation security remained too rigid.

More generally, aviation industry participants identified the underlying reason for rigidities in security as inadequate consultation with industry by the regulator.

Regional aviation participants

In December 2003 the Australian Government announced that the aviation security net in regional Australia would be extended and upgraded to include:

• about 180 security classified airports facilitating Regular Public Transport services; and
• the requirement that all non-jet aircraft with more than 30 seats operating Regular Public Transport (RPT) services to fit hardened cockpit doors.⁶

The entry into force of the Aviation Transport Security Act 2004 and Regulations 2005 on 10 March 2005 implemented the expanded regional aviation security regime from the previous 29 regulated regional airports to include 145 previously unregulated airports and 111 prescribed air service operators.⁷

Some regional aviation industry participants questioned whether a sound risk based approach to aviation security could justify the extension of the regulatory regime, both in terms of the appropriateness of prescribed security levels and whether these levels could be implemented effectively.

The Australian Airports Association (AAA), which represents over 260 airports, stated:

Recent scenarios put to the industry by DoTaRS to supposedly improve upon security at certain regional airports have not been based on any current risk assessments and in real terms will do nothing to enhance security at those affected airports.⁸

The operator of Mount Gambier Airport, the District Council of Grant, challenged the appropriateness of expanding regulatory requirements to include all airports taking RPT services:

aviation security has not been based on any Commonwealth Risk Assessment, but in the case of the Mount Gambier Airport declared ‘Security Controlled’ on the basis of the Regular Transport Services conducted to and from the Airport. The Mount Gambier and District Airport has never had a security incident to date.⁹

The operator of Avalon and Essendon Airports, Linfox Airports, argued that the smaller scale of operations at regional airports made them harder targets for breaches of aviation security:

at eight o’clock this morning [at Melbourne International Airport] there would probably have been … 20 or 30 aircraft on the ground. They average 78,000 passenger movements each day. It is easy to get lost in that maelstrom of activity. With terrorist or security breaches, it is obviously easier to be lost in a crowd. If you compare that to Avalon Airport at eight o’clock this morning, there would have been one aircraft on the ground with a maximum of 177 passengers, four or five baggage handlers and one refueller out in the operational area. So it is very easy to identify any inappropriate activities going on within those areas.¹⁰

Regional Express Airlines (REX) stated:

The nature and design of regional airports, combined with the small staff numbers working at the airports, significantly reduces the probability of [a criminal] event occurring. Should such an event occur at a regional airport, the culprit would be easily identifiable, which is a significant deterrent.¹¹

The Regional Aviation Association of Australia (RAAA) argued that aircraft used by operators of regional services constituted a lower security risk than the major carriers bec ause:

They simply do not have the mass or the fuel load to do any great damage – they are simply too small – or they are located too far away from any prospective target area to be a major threat.¹²

Mr Michael Allsop expanded upon this principle in terms of the regulatory requirements being imposed on general aviation:

an average fully laden four seat light aircraft weighs less than 1.5 tonnes, and is only capable of lifting about 400kg of people, baggage and fuel combined. This is about the same as four people in a Holden Barina . The average 5 tonne truck carries a far greater risk to public safety…¹³

A DoTaRS Aviation Risk Context Statement issued in January 2005 acknowledged:

Within Australia, the major metropolitan airports are more likely to be targeted by terrorists than regional airports and general aviation, due to their proximity to major population centres and the potential to achieve a high level of impact and public alarm. The level of threat depends on a mix of factors in each case, including size of the airport; types of aircraft using the airport; amount of traffic; and location…

[However,] While regional airports are not likely to be an attractive target for international terrorism in their own right, they could conceivably be used in terrorist plans, directed at other targets, which involved the use of aircraft based at, or leaving from, these airports.

Regional airport infrastructure could also be targeted, but again would provide limited symbolic value and comparatively low damage potential, in terms of casualties, compared to major airports.¹⁴

DoTaRS confirmed that:

two [ASIO] threat assessments indicated that the terrorist threat to regional aviation is currently negligible to low…

There was, however, some concern that the majority of regional airports may not have the resources and capability to rapidly deploy additional security measures in response to an increase in alert levels in an acceptable timeframe.¹⁵

The implementation of the regulatory regime in regional Australia was also questioned in terms of its limited effectiveness:

The regional airports while subject in some cases to funding increases for security are often ill equipped to effectively implement security regulations largely designed for the big end of town. It is amusing to see Security Restricted Areas at these airports strenuously protected during operational periods and left to stock fences to protect the facility in all other times.¹⁶

The Australian Licenced Aircraft Engineers Association (ALAEA) stated:

Current security measure would not prevent a malicious party entering a regional airport and depositing packages in an aircraft … All aircraft are manufactured with non-lockable inspection panels at various points on the external skin of the aircraft, many with access to areas where packages … could be very easily deposited and concealed.¹⁷

DoTaRS stated:

in trying to build the aviation security system, there is an issue of breadth as well as depth. Bec au se of the nature of our aviation industry and the geography of the country, the Government took a decision to drive aviation security down to all passenger transport. That took us to a number of very small airports. We were very conscious of the capability of those airports … to participate in the security debate …

we as a regulator are certainly not being silly. We do not apply the same standard to a little airport … as we do to, say, Sydney Airport .¹⁸

The operator of Karratha Airport , Shire of Roebourne, acknowledged DoTaRS current flexibility but stated that this was not sufficient to assuage concerns about possible future developments:

you cannot be heavy-handed with regulations – and, to date, DoTaRS have not been…

But the problem … is that, at some point in time, that button will be pushed and they will say, “We are now savvy enough, educated enough and understand enough; these guys should be up to speed.” The reality of that is that the test case will be an airport somewhere.¹⁹

Adequacy of consultation

There was a range of views among aviation industry participants concerning the adequacy of consultation with DoTaRS.

Virgin Blue stated:

considerable progress has been made to involve industry in discussions about measures to improve security…²⁰

Some aviation industry participants claimed that inadequate consultation was largely responsible for compromising the implementation of a sound risk based security regime.

Effective consultation was understood to have been limited by:

• allowing insufficient time for industry comment before the implementation of measures; and
• the announcement of additional security requirements before current arrangements had been allowed to settle into place.

Qantas acknowledged strong levels of consultation between DoTaRS and industry in the initial period of developing the Aviation Transport Security Regulations, however:

Unfortunately … consultation was rushed during the period immediately preceding commencement of the ATSRs, and therefore DoTaRS was unable to attend to a number of anomalies and ambiguities identified by the industry…²¹

Qantas again offered qualified support for the level of consultation engaged in by DoTaRS:

DoTaRS has been receptive to suggestions about what works and what does not, but there remain a number of new regulatory requirements with no demonstrable security outcome, and a number of regulations which are ambiguous as to their intent and application.²²

Toll Transport provided instances of unclear Regulations arising from inadequate consultation:

The problem that we have at the moment is that … The new Aviation Transport Regulations do not differentiate between international and domestic [cargo] and they do not differentiate between cargo which travels on pax flights and cargo on dedicated freighters.²³

The Conference of Asia Pacific Express Carriers (CAPEC), which consists of four major air cargo industry participants, DHL, UPS, TNT and Fedex, confirmed that the issue of distinguishing between screening cargo travelling on passenger flights from cargo only flights had been raised with DoTaRS on 17 January 2005, prior to the entry into force of the Regulations, and 21 March 2005 shortly thereafter.²⁴

The operator of Geraldton Airport , Shire of Greenough, identified a further instance where Regulations appeared to act at cross purposes:

there is an obligation now for all general aviation aircraft to have some sort of locking device on their aircraft when it is unattended. But there is a conflict in the Regulations in that you cannot interfere with an aircraft. So, unless the locking device is on the front wheel, which some of them have, you would not know whether they were locked or not.²⁵

Sydney Airport Corporation Limited (SACL) stated that effective consultation was also hindered by the announcement of changes to security requirements that appeared pre-emptive:

While industry and Government had just begun discussions on amendments to the new Aviation Transport Security Act and Regulations to improve security outcomes, the Government announced further enhancements to the aviation security framework on …7 June 2005.²⁶

The 7 June announcements were also criticised as pre-emptive by Qantas:

The Government’s announcements on 7 June 2005 of immediate measures, prior to completion of the reviews by … [the JCPAA] and by Sir John Wheeler , seem to be … [on the basis of “community expectations” rather than any stated security outcome] despite their genuine potential to benefit aviation security. Qantas regards this approach with a degree of concern.²⁷

Linfox Airports expressed concern that:

It seems the Department is considering a return to the old regime of generic processes; “a one size fits all approach”…

we note that the Department advised … on 23 rd June 2005 of various homogenous proposals … In particular …a requirement to fully screen all persons, goods and vehicles entering and leaving Avalon’s [Security Restricted Area] SRA and/or airside …[and] it is understood that the Department may specify a minimum standard of fencing.²⁸

DoTaRS outlined several fora which served to provide consultation with industry:

• High Level Group on Aviation Security [As of September 2005 the Aviation Security Advisory Forum]

… consists of staff from various Government agencies as well as senior representatives from the aviation industry, including Qantas, Virgin Blue, Sydney Airport , Melbourne Airport and Brisbane Airport.…

• Industry Consultative Meeting

The Industry Consultative Meeting (ICM) is chaired by the Executive Director of the Office of Transport Security and meets three times a year to focus on Government and aviation industry issues of mutual concern…

Membership includes all international airport corporations, major airlines (Qantas and Virgin Blue) and various pilot and airline associations (such as Airservices Australia , the Regional Aviation Association of Australia and the Board of Airline Representatives of Australia).

A regional ICM (RICM) has been established to focus on issues of importance to the smaller regional airports and airlines which are subject to the same security concerns and regulations as the major players…

• Cargo Working Group – Air Cargo Operators

… The Working Group is made up of representatives from air cargo industry bodies, aviation industry participants and government agencies.²⁹

Shire of Roebourne stated:

At every opportunity we have had regional consultative meetings that DOTARS have organised. We now have a representative … on the ASAF [Aviation Security Advisory Form]…³⁰

Mackay Port Authority identified improvements in the level of consultation through the implementation of Regional Industry Consultative Meetings.³¹

However, Shire of Roebourne stated that:

The problem with those [RICM] forums is that there are dozens of issues raised but no answers forthcoming. Every opportunity to discuss a problem raises another series of questions and you just go away with a longer list of questions. The unfortunate thing about it is that we have become more and more specific as deadlines have drawn closer. The questions we are asking relate to information needed, say, for ASIC programs. The last RIC meeting was about two weeks ago in Perth . At that meeting we were still being told that things could change in the ASIC regime, yet I have a date of 31 March to have the whole system implemented at Karratha. All we can do is implement what we have and then, if it changes, we will pick up the pieces both in time and in cost.³²

Uncertainty and the divide between self assessment and regulatory requirement

The central platform in DoTaRS implementation of a risk based approach to aviation security is the requirement of all regulated parties to develop a Transport Security Plan (TSP).

Under the new regulatory regime, all regulated airports, prescribed air services, operators of facilities with direct airside access, Regulated Air Cargo Agents and Airservices Australia are required to undertake a risk analysis with reference to standards such as the Australian and New Zealand Standard 4360: 2004 Risk Management and the Aviation Risk Context Statement provided by DoTaRS.³³

Security classified aviation participants are required to address a series of general security requirements as well as the operators’ ‘local security risk context … and an outline of what must be protected’ through the development and implementation of a TSP.³⁴

DoTaRS specified:

Major airlines and airports already have approved TSPs in place under the Air Navigation Act 1920. These programs are continuing in force, as if they were approved under the new legislation, until 9 March 2007. However, these operators are required to submit a draft of a new TSP, complying with the new legislation, by 9 March 2006 …

With the introduction of the Act came the requirement for a number of [previously unregulated] regional airports and prescribed air services to have approved … TSPs in place by 10 March 2005 .³⁵

Aviation industry participants expressed a range of views in relation to the quality of advice that DoTaRS provided in supporting the aviation industry to meet upgraded security requirements in their TSPs.

Industry participants expressing concerns about poor levels of advice claimed that it c aused an unacceptable level of uncertainty for their operations.

They commonly attributed refusal to provide advice to the inexperience of Office of Transport Security personnel. The high level of inexperience was, in turn, understood as arising from the rapidity with which the aviation security regime had expanded.

Provision of advice

Shire of Derby – West Kimberley, which operates airports at Derby and Fitzroy Crossing, praised the levels of advisory and funding support it had received:

DoTaRS, whom we dealt with a fair bit during 2004 and up until the Shire Transport Security Plans were approved, provided the Shire of Derby – West Kimberley with timely and up-to-date advice on all issues relating to new entrants and the production of TSP … as new entrants, we had a very minimal idea of what was required. DoTaRS was excellent in helping us with that aspect…

I probably did three runs to which DoTaRS and I both said “No, this does not work.” They came back and said, “We reckon you should do that,” and I said, “No, that does not work up where we are; it has to be done this way.”³⁶

Shire of Halls Creek supported the positive view of DoTaRS service delivery:

we really do appreciate the assistance that they have given us. My interpretation is that it has been a fairly drawn-out and cumbersome process and I have really appreciated their tolerance and help in preparing all the documentation.³⁷

Albury City stated that:

DoTaRS, in conjunction with the relevant police authorities have provided valuable training and information seminars regarding security issues as they apply to regional aviation. DoTaRS have also provided personnel to visit regional airports to discuss security issues directly with local general aviation businesses.³⁸

Shire of Carnarvon stated that:

we have had two visits by the Perth [DoTaRS] group. Both have been very informative; they were good visits … The people that I have contact with in DoTaRS, here and in Canberra , have been excellent.³⁹

However, other witnesses before the inquiry advised the Committee of difficulties they had experienced. Some aviation industry participants claimed unacceptable levels of uncertainty arose bec ause they were not provided with advice on the adequacy of measures proposed in TSPs to meet identified threats and minimum required standards.

While the Shire of Carnarvon was, as noted above, positive about its dealings with DoTaRS, they also referred to difficulties in:

trying to speak to people who do not understand where Carnarvon is or what the factors are that are impinging on us…

it would be good to be able to say, “… we recognise some of the difficulties with material, delay, contractors, transport et cetera.”⁴⁰

The consequences of uncertainty arising from lack of advice appeared particularly urgent for regional aviation industry participants.

The operator of Newman Airport, Shire of East Pilbara, stated:

If you go to [DoTaRS] with a query and ask them a question, they will say, “Well, you do the risk assessment, you put it in place and then we will tell you whether we think it is suitable.”

We cannot function like that. We do not have the funds to function like that. We need it to be clear-cut and precise, not, “You will hopefully do this; you may do this; you could consider this … We need some clarity and continuity that this will be in place. We can deal with minor changes, but a small airport like this one just cannot handle significant changes which impose million-dollar expenses at any given time.⁴¹

Shire of East Pilbara provided an example of the difficulties that inadequate advice could impose on operators. East Pilbara had sought advice on regulatory requirements governing the separation of general aviation and Regular Public Transport apron areas:

with the apron, do we extend the apron we have or do we build another one with a 50-metre separation between them? That is the question that is facing us at the moment and we need to act on that quite soon too. It is the one question we have not got answered in black and white.⁴²

Some regional aviation industry participants contrasted the reluctance of DoTaRS to provide advice with the operation of the Civil Aviation Safety Authority (CASA).

North West Travel Services , which provides services for Paraburdoo and Newman Airports , stated:

if you go to CASA when developing an airport, they tell you exactly where to put that line, exactly where to put that marker and exactly how much distance should be in between them. They are very specific about it. If they come out and measure it and if it is wrong, they will tell you. However, if you go to DoTaRS … “It is up to you. We will tell you what the regulation says, but we will not tell you how to implement it”⁴³

The operator of Port Hedland International Airport , Town of Port Hedland , stated:

CASA have a couple of aerodrome inspectors in the regions who are familiar with the airports that they au dit. That means that we have an opportunity to liaise with those particular officers and they apply the standards. There are some problems with that, bec au se there can be different interpretations of the legislation across state boundaries. But at least you have somewhere to go.

At the moment we go to a state office from OTS, but the problem we have … is that they will not give you the advice; they will say, “We do not provide that advice.” So we are not able to get that information.⁴⁴

Broome International Airport went so far as to state:

[DoTaRS] actually had an edict not to give information or opinions on your information. You can ring CASA and say, “I have the minimum standards here; this is how I interpret them,” and they will give you an opinion and they will give it in writing. If you ring DoTaRS and say, “I have a person in custody,” or “I have an anomaly between my security manual and the regulations; what do I do?” you will be told, “Sorry, guys, we are not allowed to give opinions.” They will tell you, “If I tell you something over the phone, I will not give it to you in writing.” This is what we get. They will not give you an opinion…

The Department says, “You go and do it and then we will see if you have got it right and then we will jump on you if you have got it wrong.” It is just terrible.⁴⁵

North West Travel Services and Shire of East Pilbara acknowledged that a result of the prescriptive character of CASA’s advice was inflexibility:

CASA is quite inflexible, in our experience…

They have their 58-page checklist that they will go through and they will check everything. They will go through your manuals and check your spelling…

But you know what you have to do…

They tell you exactly what has to be done.⁴⁶

However, Broome International Airport suggested that the inflexibilities of a prescriptive approach can be ameliorated with the use of discretion:

The other problem we find with the Department is that, unlike other regulators, DoTaRS officers have no discretion; they have no discretion to apply commonsense at your airport. They keep saying at all these meetings, “Oh, we know that one-size-fits-all is not a good idea and we do not want that,” but that is exactly what they do want and there is no discretion. CASA will come around and say, “You should have a wind socket there. Oh, it cannot go there. Okay, I see now that that is silly for Broome. I will approve it to go over there.” But these other guys have no discretionary power, which is not their f au lt, but it locks you in to some things which at some airports do not make any sense and the security outcomes are not there.⁴⁷

Shire of East Pilbara suggested:

We do have au ditors coming around to do au dits on our security plan and our operational plans. But why not have them come to look at the airport and say to them, “We have to pay for a risk assessor, but we need the basics to start off with.” There should be someone you can go to who knows the legislation, knows a bit of the industry and can give you a response.

[DoTaRS] are good at reading the legislation, but they are not necessarily good at interpreting it and providing information to us. We just need someone who knows the legislation, who knows the category and who knows, “This is what you need; this is the minimum requirement. You do that and we will be happy,” not “You do this – oh, we are not really happy and you have to do this, this and this”…

One of the concerns that perhaps some of the DoTaRS staff have is the question of culpability or liability if something goes wrong. I think that tends to c au se this reluctance to interpret the Act in some way. So perhaps there could be that definition of guidelines.⁴⁸

Criticism of a perceived reluctance by DoTaRS to provide advice was not confined to regional aviation participants.

Toll Transport suggested more prescriptive advice was required:

the Regulations as they stand now do not ask for anything. They ask for screening, but they do not stipulate that it should be ETD or should be X amount. There is no percentage of freight stipulated.⁴⁹

Qantas also expressed concerns about the lack of advice among major aviation industry participants:

Qantas sought from DoTaRS an explanation regarding the desired security outcome of each new regulation. This would assist the industry and Qantas to determine what measure, procedure or practice could be best introduced to achieve that outcome most effectively. It is difficult for the industry when there is insufficient clarity about the purpose of many of the regulations, in particular where detailed information is required to be included in a TSP but which serves no discernible security purpose…

The Department’s new approach of giving “guidance but not advice” is … creating some difficulty for the industry. In principle, this stance is consistent with the commitment to risk management decisions being made by industry, with the regulator then au diting the efficacy of industry measures against the desired security outcome. In practice, however, the “guidance not advice” approach has on occasion led to confusion about the intended meaning of the ATSRs and inconsistency in response.⁵⁰

DoTaRS affirmed its position that:

The Aviation Transport Security Act 2004 and the Aviation Transport Security Regulations 2005 have been drafted to be deliberately non-prescriptive … DoTaRS has no mandate under this legislation to provide prescriptive advice. In this regard, the role of the Department does not extend beyond the provision of interpretative assistance.

It should also be recognised … that many airports appreciate the ability to make their own decisions about how to comply with legislative provisions, by choosing options that will be efficient and effective given their operating environment.⁵¹

DoTaRS provided details of 18 workshops held around Australia prior to the entry into force of the Regulations for operators of regional airports between June and September 2004.⁵²

Transport Security Plans and transitioning aviation industry participants

One further source of uncertainty was presented for those aviation industry participants that had been security classified prior to the entry into force of the Aviation Transport Security Act and Regulations. These industry participants were deemed to have their extant security arrangements in transition until March 2007.

Qantas referred to the unsatisfactory character of transitioning arrangements where:

despite having formally approved existing TSPs as sufficiently compliant, the Office of Transport Security has subsequently informed industry participants, that:

• In case of discrepancy between a TSP and the ATSRs, the ATSRs will apply;
• It is the responsibility of industry to identify and remedy such discrepancies;
• It is not permissible to amend existing TSPs pending submission and approval of a new TSP;
• DoTaRS will au dit industry compliance with the ATSRs and existing TSPs during the transition period.⁵³

Town of Port Hedland stated:

We are au dited on the new Act and Regulations, but our Transport Security Program is a transitional, which now does not reflect the new Act. We are au dited on our old transitional program and found to be deficient. As soon as our TSP – it is a new one – is adopted over the next 12 months, that will disappear and we will have to comply with the new one. There are situations whereby fencing and/or screening requirements in the old Act and Regulations and our Transport Security Program are required; in the new one, they are not. So you are going to have to expend those funds. How you get a balance with that is where we are really coming unstuck.⁵⁴

Experience and resources in the Office of Transport Security

In the changed security environment the Office of Transport Security has faced on-going challenges in implementing a dramatically upgraded aviation security regime.

The Office of Transport Security has faced a period where it is inevitably recruiting inexperienced staff, given its rapid expansion to meet the changes in the aviation security environment. The challenges of resourcing and lack of experienced employees during this phase were cited as underlying the difficulties in obtaining adequate levels of advice from DoTaRS.

DoTaRS stated:

the number of staff in the Office of Transport Security continues to increase in order to meet the increasing demands of the transport security environment. OTS has developed a comprehensive capability building strategy for staff, including the development of a competency-based Capability Framework, with a priority placed on the role of Inspectors. Training is also provided to staff in relation to protective security and some have been involved in incident exercises. This training is specifically targeted to meet both international standards and the requirements of the Australian transport security environment.⁵⁵

REX pointed to advantages and disadvantages of the rapid expansion of the Office of Transport Security:

major changes have occurred within the Department, not the least of which is a large personnel increase. These changes have induced an improved customer service product from the Department and made industry contact with the Department easier…

With respect to regulation, we have found that the Department has less corporate experience with and knowledge of regional aviation than they have of major domestic and international aviation. This has lead to a number of issues with regulations which may only have a minor impact on domestic and international operators but do have a major and serious impact on regional operators.⁵⁶

Subsequently, REX stated that the experience of DoTaRS staff in regional aviation had improved:

That [previous] statement was aimed more at the DoTaRS Canberra facility and the head office people. It came about – and was freely admitted to by senior DoTaRS people – that they had no idea of regional operations. Their experience with aviation has been with large airlines and international travel. We have attempted to address that. We have an open invitation for the Canberra people from DoTaRS to visit our facility at Wagga. They have accepted that invitation … As far as the field officers are concerned, the number of field officers has increased in size since our submission and their experience has changed. There are some Office of Transport Security field officers who have regional aviation experience…⁵⁷

However, RAAA identified problems not with staff in the Canberra Office of Transport Security but with OTS field officers:

central officers may have had a very clear idea but field officers then get a bee in their bonnet about something, and documents can go backwards and forwards for no real gain.⁵⁸

Shire of Roebourne stated that despite the increase in staffing levels, DoTaRS resources were stretched beyond reasonable limits:

Despite the best efforts of DoTaRS staff we are still struggling to gain the information required to transition our security program to a new [TSP].⁵⁹

Roebourne stated that the recent rapid increase in resources has also meant a shortfall in experience:

the staff, particularly if they are new, are endeavouring to interpret where they fit into the scheme of things, and this is new legislation that they are not across. So, when you ask a question – “How does this work?” or “How does this get applied?” or “What will this mean in our airport?” – nine times out of 10, and it is probably nine and a half times out of 10, you get told, “I will have to check with Canberra and I will get back to you.” Then you wait and wait and wait. Then the next call you get is from someone in Canberra who is in a different section who says, “You are aware that this information you need to provide to us is due in two weeks time.”…

Often the response you get is, “Oh yes, that’s a problem with the regulations. We will be working on that and changing it.” So you think, “Okay, I am going to do all of this work to implement this and the people who are looking after it have already said that it needs to be changed.” You sit and think, “Well, that will cost money and time and then we will have to change it again.”⁶⁰

AAA suggested that:

the career path development program within the Commonwealth Public Service does not necessarily mean that knowledgeable and experienced officers in any given line are retained within any department for any particular pre-determined length of time. In this regard, DoTaRS is no different to any other Commonwealth Government department or agency. However, aviation is a complex and in many ways a somewhat dysfunctional industry which requires a high level of expertise and practical working knowledge. Unfortunately, at the present time there are too few people within DoTaRS with such experience and knowledge.⁶¹

Committee comment

The aviation industry unanimously supported the risk based objectives of the regulatory regime and the expansion of the aviation security regime to include all airports facilitating Regular Public Transport services.

However, significant numbers of industry participants were critical of the implementation of a risk based approach on two grounds:

• first, because they believed a risk based approach had been compromised by the regulator returning to the imposition of prescribing minimum standards, often without what was considered appropriate levels of consultation; or
• second, bec ause they believed that the focus on self-assessment was being used by the regulator to avoid providing binding advice to regulated parties on the adequacy of proposed measures to meet identified security threats.

Both criticisms of DoTaRS performance arose from understandable concern and frustration on the part of aviation industry participants.

However, the reasonable concern and frustration of industry must be placed in a context of the massive overh aul of aviation security in Australia and the consequent magnitude of the task in implementing the changes faced by DoTaRS.

The Committee believes that the task of a regulator seeking, on the one hand, to ensure minimum security standards, while, on the other, implementing a risk based approach focusing on security outcomes inevitably leaves it open to criticisms of, on the one hand, being too prescriptive and, on the other, not being prescriptive enough.

The criticisms show that, on different occasions, DoTaRS failed to achieve the difficult balance between achieving flexible security outcomes and prescribing minimum standards.

The Committee believes that DoTaRS should ensure it develops a compliance regime that focuses on security outcomes rather than concentrating on isolated breaches of regulations.

Concerns that the regulatory regime may be returning to a prescriptive approach were attributed to insufficient consultation as a result of the arrival of deadlines or what were perceived as pre-emptive announcements of additional measures by the Government.

The Committee is fully aware that security is an area in which the occurrence of events is always unexpected and the responses must be urgent.

While the Committee acknowledges that the regulatory regime has been developed in a climate of urgency and at times rapidly changing circumstances, there appears to be occasions when security measures could have been:

• better explained to industry, particularly in terms of their intended outcomes; and
• implemented with less urgency, specifically in the case of regional aviation where the ASIO security threat assessment remained unchanged and was considered ‘low to negligible’.

The Committee encourages DoTaRS to continue to implement required security standards in a way that is consistent with a security outcomes approach to aviation in Australia.

Since June 2004, the aviation security regime in Australia has undergone rapid expansion requiring large increases in the resources, particularly personnel, available to the Office of Transport Security.

A broad array of aviation industry participants claimed that the expansion in numbers of personnel has led to unfortunate but unavoidable levels of inexperience in the Office of Transport Security with regard to aviation industry requirements.

The Committee believes that Office of Transport Security personnel would benefit from increased contact and familiarity with the aviation industry participants they are regulating, particularly in the case of remote and regional sectors of the industry.

Office of Transport Security personnel require the experience and authority to both advise of the adequacy of proposed measures to meet identified security threats and to exercise discretion in facilitating security outcomes through the flexible implementation of regulatory requirements to accommodate local circumstances.

First hand experience of the conditions faced by regulated parties is of the utmost importance in implementing an effective risk based security regime, particularly where these conditions are not familiar to officers charged with the implementation of the regulatory regime.

To this end, Office of Transport security personnel would benefit from increased site visits to regional airports that are required to subscribe to Aviation Transport Security Regulations.

The lack of certainty arising from the refusal to provide binding advice to aviation industry participants concerned the Committee particularly in regard to smaller operators in regional Australia.

The Committee believes that in some cases the provision of advice on whether a specific security measure will meet an identified threat does not compromise a security outcomes based approach when the advice is requested by the regulated party. DoTaRS’ insistence on self-assessment to the point of refusing to provide any advice to regional aviation industry participants is not appropriate for a potentially high risk environment where resources, both physical and human, are limited.

DoTaRS, Submission No. 51, p. 4. Back

Qantas, Transcript, 23 November 2005, p. 45. Back

Qantas, Submission No. 61, p. 10. Back

APAC, Submission No. 24, p. 3. Back

DoTaRS, Submission No. 51, p. 8. Back

DoTaRS, Submission No. 52, p. 18. Back

AAA, Submission No. 33, p. 2. Back

Linfox, Transcript, 24 November 2005, p. 24; also MPA, Submission No. 47, p. 3. Back

REX, Submission No. 39, p. 7. Back

RAAA, Transcript, 10 October 2005, p. 3. Back

M. Allsop, Submission No. 58, p. 1. Back

DoTaRS, Submission No. 52, Annexure D, p. 63. Back

DoTaRS, Submission No. 52, Annexure O, p. 117. Back

Name withheld, Submission No. 21, p. 4. Back

ALAEA, Submission No. 77, p. 16. Back

DoTaRS, Transcript, 5 December 2005, pp. 4-5. Back

Shire of Roebourne, Transcript, 9 March 2006, pp. 8-9. Back

Virgin Blue, Submission No. 69, p. 2. Back

Qantas, Submission No. 61, p. 31. Back

Qantas, Submission No. 61, p. 5. Back

Toll Transport, Transcript, 23 November 2005, p. 72. Back

CAPEC, Submission No. 30, Attachment 1, p. 3 and Attachment 2, p. 3. Back

Shire of Greenough, Transcript, 7 March 2006, p. 11. Back

SACL, Submission No. 44, p. 3. Back

Qantas, Submission No. 61, p. 32. Back

Linfox Airports, Submission No. 32, p. 2. Back

DoTaRS, Submission No. 52, pp. 13-4 Back

Shire of Roebourne, Transcript, 9 March 2006, p. 9. Back

MPA, Submission No. 47, p. 3. Back

Shire of Roebourne, Transcript, 9 March 2006, p. 11. Back

DoTaRS, Submission No. 51, p. 10 and Annexure D. Back

DoTaRS, Submission No. 52, p. 17. Back

DoTaRS, Submission No. 52, pp. 17-8. Back

Shire of Derby – West Kimberley , Transcript, 8 March 2006 , pp. 2 and 10. Back

Shire of Halls Creek, Transcript, 8 March 2005, p. 20. Back

Albury City, Submission No. 62, p. 2. Back

Shire of Carnarvon. Transcript, 7 March 2006, p. 5. Back

Shire of Carnarvon, Transcript, 7 March 2006, p. 3. Back

Shire of East Pilbara, Transcript, 8 March 2006, p. 4. Back

Shire of East Pilbara, Transcript, 8 March 2006, p. 21. Back

North West Travel Services Transcript, 8 March 2006, p. 15, Back

Town of Port Hedland, Transcript, 9 March 2006, pp. 11-2. Back

Broome International Airport, Transcript, 9 March 2006, p. 8. Back

Shire of East Pilbara, Transcript, 8 March 2006, p. 20. Back

Broome International Airport, Transcript, 9 March 2006, p. 8. Back

Shire of East Pilbara, Transcript, 8 March 2006, pp. 14-5. Back

Toll Transport, Transcript, 23 November 2005, p. 72. Back

Qantas, Submission No. 61, p. 31. Back

DoTaRS, Submission No. 52.2, p. 20. Back

DoTaRS, Submission No. 52.2, pp. 6-7. Back

Qantas, Submission No. 61, p. 31. Back

Town of Port Hedland, Transcript, 9 March 2006, p. 12. Back

DoTaRS, Submission No. 52.2, pp. 20-1 Back

REX, Submission No. 39, p. 1. Back

REX, Transcript, 23 November 2005, p. 85. Back

RAAA, Transcript, 10 October 2005, p. 11. Back

Shire of Roebourne, Submission No. 31, p. 2. Back

Shire of Roebourne, Transcript, 9 March 2006, p. 6. Back

AAA, Submission No. 33, p. 1. Back