Domestic civil aviation infrastructure has undergone a series of vulnerability assessments of varying types; this has gone on not only since 9-11 but for decades. These vulnerability assessments have become a feel-good exercise. While they are often applauded as a proactive step, they ultimately provide little more than a canvas for rhetorical flourishes.
The problem with this endless cycle of assessments is threefold.
First, each exercise tends to be self-contained; each assessment becomes a discrete product that is completed for its own sake, then put on a shelf, with its recommendations most likely ignored. The next assessment goes over the same ground.
Second, each assessment is devoid of any purpose beyond stating the obvious—you don’t have to be a security expert to spot airport vulnerabilities; the lack of an overarching process with a clearly defined end precludes any real strategic utility to most of these efforts.
Third, and most critical, this approach feeds a myopic focus on vulnerabilities. We need to pay more attention to the other parts of the equation: threat and risk, with the ultimate goal of assessing how better to counter the former and reduce the latter.
Airports would be better served if assessments and resulting data were folded into a process-based risk assessment that was focused not on individual airports but rather on holistic mitigation strategies to identify, meet, and counter changing threats, thereby reducing overall risk.
It is time for the industry and regulators to reassess the value of repeatedly doing assessments of domestic airports without process-driven results.