Responsible implementation of open architecture

A win/win situation for all stakeholders

 

Open architecture (OA) – the interoperability of security screening hardware, software, and algorithms from different suppliers within one solution – is gathering momentum in the air transport industry. Open Architecture for Airport Security Systems, a paper prepared last year by Heathrow Airport Limited and Avinor AS, with endorsement from a range of regulators and airport stakeholders, such as ACI Europe, the US Transportation Security Administration, the Canadian Air Transport Security Authority and the UK Department for Transport, clearly identifies the potential benefits, especially when it comes to exploiting new products and services.

Key drivers for open architecture adoption include the need to respond quickly to ever changing threats; leverage new and developing technologies such as AI; and produce detailed management information from an increasingly complex screening operation. It is perceived as a more flexible approach which would accelerate innovation and reduce time to market.

It is already commonplace to integrate lanes and scanners from different suppliers and developing this further to incorporate software and algorithms is an exciting concept. To ensure the result is versatile, enabling peak performing and highly secure screening solutions, there are some complex challenges to be addressed along the way.

A collaborative approach

Screening systems manufacturers have extensive experience in developing and delivering detection technologies and security solutions and understand the complexities and ramifications of interoperability. Smiths Detection and others are fully committed to taking open architecture forward and solving any issues and through the European Organisation for Security are actively involved alongside the air transport industry and regulators in establishing an agreed approach.

Reliability, performance, security, and regulatory compliance must be agreed and assured for the hardware, the detection algorithms, and the networks at the very heart of the system controlling the various components. Image generation and distribution are critical, regulated and often classified functions and as such can never be compromised. Therefore, mitigating the risks of open architecture is a fundamental requirement for responsible implementation. 

At Smiths Detection, we believe there are three principal areas to investigate – how open architecture will work technically; testing and certification; and also, liability and intellectual property.

Technical interoperability

It is relatively easy to link different brands of hardware, but we still need to explore and define standard interfaces. With solutions already existing in other industries, there is no reason to have a bespoke security version and, in fact, a proprietary option could make solutions unworkable and unsupportable. The Smiths Detections Universal Checkpoint Interface was created with this challenge in mind.  It is open and available to allow the easy and reliable interoperability of lanes and scanners.

How to exchange images and data between devices and IT systems is a more challenging question. Software developers offering, for example, detection algorithms, require access to image data in a standard format. Further adoption of the DICOS standard file format for sharing images is important in solving this issue. It could also allow the development of standard GUIs that could be displayed on 3rd party workstations.

Testing Implications

The importance of component compatibility is underlined by the regulatory approval process which tests detection algorithms in combination with given X-ray hardware – making them entirely co-dependent.

This current approach to testing is expensive and cumbersome and open architecture raises the questions of how this approach would work when running a third-party algorithm? Also, how could we ensure regulatory compliance throughout the life of a system, during which there are likely to be configuration changes?

So, the challenge is to investigate more flexible certification protocols, something similar perhaps to a building inspector signing off the overall finished structure.  It also has to be practical enough to avoid negating the advantage of more innovations reaching the market in a shorter timescale.

As a solution, Smiths Detection is willing to assume responsibility in this area, acting as a prime / integrator and selecting third-party algorithm developers, working with them to deliver guaranteed lifetime compliant solutions. Customers could then benefit from innovation such as new algorithms, knowing that the risks are mitigated.

Who is accountable for what?

Accountability for the integrity and availability of a security system is a huge issue. Currently OEMs have responsibility for the supply and maintenance of certified screening equipment. They provide classified data protection and ensure electrical and mechanical safety as well as electromagnetic compatibility (EMC). Contractual obligations include equipment ‘up-time’, system availability and lifetime management of the products.

If a screening solution is put together with elements from various suppliers, who is liable if a newly deployed system does not perform as expected; or if software upgrades to one component cause other components to malfunction? Even more crucial, following hardware or software configuration changes, who is accountable for cyber security? These are just a few questions to be answered in terms of accountability.

So, the pivotal question here is, how should a hybrid solution be designed, implemented, and maintained? The best way of dealing with these issues is to clearly define roles and liabilities. Whether it be an OEM, a VAR (value-added reseller), or the airport itself, one body needs to accept accountability for the overall solution by acting as the integrator.

New business models

Finally, to ensure viability and long-term support, intellectual property of all parties must be protected, and commercial models put in place which are acceptable to everyone. We can expect new and interesting business models but not necessarily lower costs. If we ensure an open architecture market is sustainable for all concerned and implemented responsibly, we believe it can be a win-win for airports, regulators, software developers, new businesses, and existing OEMs alike.

open architecture certainly has the potential to transform security screening. It can succeed if the technical, certification and liability issues are resolved. Whatever the outcome, maintaining and improving standards and performance is imperative and security can never be compromised. Collaboration is at the heart of open architecture; only together we can make aviation safer and more efficient.