Enhancing Airport Security

Executive Summary

At 07:58 on 22 March 2016, two TATP-based improvised explosive devices were detonated in the departure hall of Brussels Airport (Zaventem). Sixteen people were killed, and 187 were injured. Fifty-six minutes later, a third device detonated at Maelbeek metro station, killing 16 more. The attackers walked into the departure hall through the public entrance, checked in luggage at the check-in desks, and detonated the devices before reaching any security screening point. The entire attack occurred in the unscreened landside zone.

Brussels 2016 demonstrated the core issue for modern airport security engineering: airport security design after 9/11 focused narrowly on protecting aircraft rather than the broader airport environment. Concentrating all security screening at the airside boundary created an unprotected, high-density gathering in the landside departure hall—a location more accessible and crowded than the aircraft it was intended to protect. To address this, airports should extend layered security measures to landside areas, revisit crowd management practices, and review screening protocols for people and vehicles entering public terminal areas.

This paper presents the gold standard airport security architecture — derived from the operational model of Ben Gurion International Airport, the most comprehensively protected civil aviation facility in operation — and applies it against the full documented threat typology: PBIED in the landside zone, VBIED at the terminal approach, insider threat, drone-delivered payload, and coordinated multi-vector attack. All incident data is sourced from named judicial, regulatory, and governmental primary documents.

1. The Threat Architecture — What Airports Actually Face

Airport security design must be assessed against the documented threat typology—the specific attack methods used against airports over the past two decades—not against a generic terrorism threat. The threat typology has advanced considerably since 9/11, and the security architecture must have evolved with it. In most European airports, it has not kept pace.

1.1 Brussels Zaventem — 22 March 2016: The Landside PBIED

Attack parameters. Two devices detonated in the departure hall check-in area at 07:58 local time. Each device contained approximately 10-15 kg of TATP (triacetone triperoxide), with nails added to enhance fragmentation. TATP RE factor: 0.83 (pressure-based, per Cooper 1996) — approximately 8-12 kg W_TNT equivalent per device. A third device containing TATP and approximately 15 kg of HMTD (hexamethylene triperoxide diamine) failed to detonate and was subsequently neutralised by Belgian EOD. Total killed: 16 at Zaventem; 187 injured. Ibrahim El Bakraoui detonated the first device; Najim Laachraoui the second. A third attacker — subsequently identified but not immediately apprehended — fled the scene.

Geometry of the attack. The departure hall at Zaventem is a ground-level public space accessible directly from the terminal road. The attackers arrived by taxi, carried luggage trolleys loaded with the devices into the check-in hall, and detonated them near the American Airlines and Brussels Airlines check-in desks. The nearest security screening point — the document and ticket check prior to the x-ray machines — was approximately 50-80 metres from the detonation points. The attackers never reached screening. The entire attack occurred in the zone that the airport's security architecture implicitly assumed was safe.

The TATP detection failure. TATP has a vapour pressure of approximately 7 Pa at 20 degrees Celsius — approximately 50 times that of RDX and 10 times that of PETN. Ion Mobility Spectrometry (IMS) equipment, the standard trace detection technology at airport security checkpoints, detects TATP at concentrations above approximately 2 parts per billion. TATP would have been detectable by IMS equipment if the attackers had been subjected to trace detection before entering the terminal. They were not — no trace detection was deployed at the landside entrance. Source: ECAC. Best Practice Standards for Explosive Trace Detection. Doc 30, Chapter 5. 2019.

Post-attack regulatory response. EU Regulation 2015/1998 was amended by EU Regulation 2019/1583, which requires reinforced security measures for airports receiving international traffic above defined passenger thresholds. The amendments included requirements for landside security measures — screening of persons and vehicles before entry to the terminal building — at airports assessed as facing elevated threat. The Belgian authorities implemented military patrols in Zaventem's departure hall from March 2016. These are deterrence measures. They are not the structural security redesign that Brussels demonstrated is necessary.

Source: Belgian Federal Prosecutor's Office. Attentat de Bruxelles du 22 mars 2016: acte d'accusation. Brussels. 2019. Belgian Commission of Inquiry into the Brussels and Paris Attacks. Final Report. 2019. ECAC Doc 30 Part I: Recommendations and Resolutions, Chapter 5. 2021 edition.

1.2 The Pattern — Brussels Was Not an Isolated Event

Brussels 2016 was the most lethal airport landside attack in recent European history, but it was not the first, and it has not been the last. The pattern of attacks in the landside zone of international airports documents a sustained, unresolved vulnerability:

Domodedovo Airport, Moscow — 24 January 2011. A suicide bomber detonated an IED in the international arrivals hall. 37 killed, 173 injured. The device was detonated in the unscreened public arrivals zone — the same landside vulnerability exploited five years later at Brussels.

Istanbul Ataturk Airport — 28 June 2016. Three attackers detonated explosive vests and fired AK-47s in the international departure terminal. 45 killed, 230 injured. One attacker detonated at the terminal entrance vehicle drop-off. Two penetrated the check-in area before detonation. Three months before Brussels, same vulnerability class.

Glasgow Airport — 30 June 2007. A Jeep Cherokee loaded with propane canisters was driven into the main terminal entrance at speed. The vehicle was stopped by security bollards at the entrance. The driver and passenger attempted to ignite the vehicle. One attacker suffered fatal burns. Zero public fatalities. The bollards worked — the attack failed because a physical vehicle barrier stopped the vehicle.

Iloilo Airport, Philippines — 27 December 2020. A bomber detonated a device in the departure area. 7 wounded. The attack reinforced that landside areas remain vulnerable targets in airports that have not implemented multi-layer screening.

Kabul Hamid Karzai Airport — 26 August 2021. A suicide bomber detonated outside Abbey Gate while thousands of evacuees queued in the landside approach. 170 Afghan civilians and 13 US service members were killed. The crowd density was the direct consequence of a security perimeter that created a gathering point — the security measure itself became the vulnerability by concentrating an unscreened population.

The Kabul precedent is operationally significant beyond its specific context: it demonstrates that any security measure which creates a crowd-density gathering point in an unscreened landside area simultaneously creates the highest-value PBIED target that a terrorist could wish for. The queue for security screening — the defining feature of modern airport departure halls — is a high-density gathering of civilians in an unscreened space.

THE DESIGN FLAW — CONFIRMED BY FOURTEEN YEARS OF EVIDENCE: The pattern from Domodedovo 2011 to Brussels 2016 to Kabul 2021 is consistent: attacks concentrate in the landside zone because that is where the security architecture is absent. Upgrading airside screening technology — better X-ray machines, CT scanners, body scanners — does not address attacks that never reach airside. The required structural reform is to extend the security perimeter outward from the airside boundary to the airport road boundary — exactly the model Ben Gurion International has operated since the 1970s.

1.3 Vehicle Attack — The Terminal Approach Threat

The vehicle-borne threat to airport terminals differs from the PBIED threat and requires distinct countermeasures. Glasgow 2007 is the most relevant UK case; Nice 2016 established the mass-casualty potential of a large vehicle attack against a crowd; the Istanbul 2016 attack included a vehicle component.

The terminal approach geometry. Airport terminal drop-off areas are, by design, the busiest vehicle-pedestrian interface in the urban environment — a short access road with high-volume vehicle flow, pedestrians moving between vehicles and the terminal entrance, taxi ranks, and bus stops creating continuously high crowd density. The design objectives — rapid passenger throughput, accessibility to all mobility levels, efficient taxi and private hire flow — conflict directly with the standoff distance requirements for vehicle attack mitigation.

HVM specification for terminal approaches. PAS 68 / IWA 14-1 P4-rated barriers (7,500 kg at 80 km/h, zero penetration) at all vehicle drop-off approaches. Fixed bollards at 1.2 m centres, preventing passage of any vehicle wider than 1.2 m without engagement. Retractable bollards for controlled vehicle access to service bays and emergency vehicle lanes, fail-safe to raised position on power loss. Approach road geometry — chicanes and speed tables reducing approach speed to 30 km/h or below before the terminal entrance — reduces the kinetic energy of any attack vehicle to within the PAS 68 standard test envelope, even for heavy goods vehicle class threats. Glasgow Airport's post-2007 bollard installation is the documented UK model: the bollards that stopped the Jeep Cherokee in 2007 were subsequently upgraded to the rated PAS 68 standard across all approach roads.

Source: UK Home Office / CPNI. Counter-Terrorism Protective Security Advice for Major Events and Crowded Places. 2020. CPNI. Hostile Vehicle Mitigation for Crowded Places Guidance. 2021.

2. The Gold Standard — Ben Gurion International Airport

Ben Gurion International Airport (TLV) has operated for over 50 years in a documented high-threat environment against which every major adversary of the State of Israel has attempted, planned, or executed attacks. Its security architecture is the product of direct operational experience with the threat typology that European airports now face — and which most European airports have not fully adapted to. The 2016 EU Commission-funded study on airport security (ECAC 2017 comparative assessment) identified Ben Gurion as the international benchmark against which European airport security should be measured. No successful attack has been mounted against Ben Gurion's airside or terminal since the 1972 Lod Airport massacre.

2.1 The Perimeter Begins at the Road

Ben Gurion's security architecture begins at the airport road boundary—not at the terminal entrance or the airside screening checkpoint. Every vehicle entering the airport road network passes through a staffed vehicle checkpoint. This is not a casual wave-through: it is a structured security engagement that begins the security process at the earliest possible intervention point.

Vehicle checkpoint — what happens: Each vehicle is stopped at a manned checkpoint on the approach road. The checkpoint officer conducts a visual inspection of the vehicle exterior, observes the occupants, and asks a structured set of questions — destination, travel origin, purpose of travel, and final destination. The question set is not primarily designed to elicit information; it is designed to create an interaction that a trained behavioural analyst can observe. The questions are asked in English and Hebrew; the responses, the posture, the micro-expressions, and the consistency of the answers are all assessed simultaneously. Vehicles that pass the initial screening proceed to the terminal. Vehicles that raise concerns are directed to a secondary inspection lane for enhanced screening, including vehicle inspection, passenger document check, and an elevated-question protocol.

What this achieves: The vehicle checkpoint moves the first security engagement from the terminal entrance (approximately 50-100 metres from the check-in desks) to the road boundary (approximately 500-1,000 metres from the terminal building). For a VBIED or PBIED carried by vehicle, this is the difference between detonation at the perimeter with limited terminal effect and detonation at the check-in desk with the consequence documented at Brussels. For a behavioural detection operation, this is the earliest point at which a nervous, rehearsed, or pre-attack-stress response can be observed — before the attacker has settled into the attacker’s operational posture.

2.2 Multi-Layer Landside Screening — Four Checkpoints Before Airside

Ben Gurion operates multiple security checkpoints between the road boundary and the airside departure gate. The specific number and configuration are operationally sensitive and have varied over time, but the published and documentable model, as described in academic security literature and ECAC comparative assessments, includes:

Layer 1 — Road vehicle checkpoint: As described above. Every vehicle. Behavioural observation. Secondary inspection capability. PAS 68-rated barriers prevent vehicle penetration beyond the checkpoint.

Layer 2 — Terminal entrance screening: At the terminal entrance doors, all passengers and visitors pass through a staffed screening point before entering the terminal building. This is not an X-ray checkpoint — it is a document and identity check combined with a behavioural observation interaction. Bags may be visually inspected. The purpose is to prevent any person who triggers a behavioural concern from entering the terminal without secondary screening. This is the checkpoint Brussels lacked — the two attackers passed through no equivalent control before reaching the check-in desks.

Layer 3 — Check-in area screening: Passengers presenting at check-in desks and bag drop points interact with security-trained check-in staff who conduct passenger questioning before accepting luggage. This is not casual conversation — it is a structured interview designed to find inconsistencies in travel narrative, stress indicators, and anomalous responses. Luggage accepted at check-in undergoes enhanced screening before being placed in the baggage system.

Layer 4 — Security hall (pre-airside): The conventional X-ray, body scanner, and trace detection checkpoint are before the airside departure zone. At Ben Gurion, this checkpoint receives passengers who have already passed three prior security engagements — those who reach this point have been assessed by multiple trained observers, and any concerns have been escalated before they arrive. The security hall is the last layer, not the only layer.

THE SEQUENCING PRINCIPLE: The Ben Gurion model does not rely on any single checkpoint to detect all threats. It relies on the cumulative probability of detection across multiple sequential interactions, each providing an independent assessment. A pre-attack-stressed individual who successfully controls their behavioural response at the road checkpoint faces the same challenge again at the terminal entrance, again at the check-in interaction, and again at the security hall. The probability of successfully passing all four interactions is significantly lower than the probability of passing any one of them, which is the mathematical basis of multi-layer security architecture.

2.3 Behavioural Detection — The Human Intelligence Layer

The central operational capability that distinguishes Ben Gurion from European airports is the systematic deployment of trained behavioural detection officers (BDOs) throughout the landside and airside environment. This is not a passive CCTV monitoring programme — it is an active, trained, uniformed and plainclothes observation capability integrated with the questioning and screening functions.

The Israeli approach — documented methodology: The Israeli Airport Authority and Shin Bet (internal security service) jointly operate the security function at Ben Gurion. The methodology merges two distinct psychological frameworks: SPOT (Screening of Passengers by Observation Techniques) — developed by the US Transportation Security Administration and now deployed in modified form at major airports worldwide — and a proprietary Israeli behavioural assessment methodology that has been refined over decades of operational experience. The Israeli methodology places greater emphasis on passenger interaction (questioning and conversation) rather than on passive observation alone, on the grounds that interaction elicits observable stress responses that passive observation alone cannot.

What behavioural detection observes: Published academic literature on behavioural detection practices (Ekman, P., 2003; Aldert Vrij, 2008; TSA SPOT programme documentation) identifies the following as indicators warranting enhanced screening: micro-expressions of fear, contempt, or disgust inconsistent with the travel context; excessive physiological arousal (perspiration, flushing, tremor) in a cool environment; avoidance of eye contact combined with hypervigilance; verbal response inconsistencies (different answers to the same question asked at different checkpoints); grooming behaviours (touching face, adjusting clothing repeatedly); gait anomalies consistent with concealed object carriage; and travel narrative inconsistencies detectable using structured questioning.

The documented effectiveness: The effectiveness of behavioural detection as a standalone screening measure is contested in academic literature — the US GAO's 2010 and 2013 assessments of the TSA SPOT programme found insufficient evidence that it outperformed random screening in real-world settings (GAO-10-763, May 2010). The Israeli position is that this criticism applies to behavioural detection when operated as a passive observation programme without integrated structured questioning — the passive SPOT model — rather than the active engagement model. The operational record at Ben Gurion since 1972 provides the most significant available evidence: no successful attack in over 50 years at the world's highest-threat airport.

The staffing requirement: The Ben Gurion model is staffing-intensive. Estimates from published security literature suggest that Ben Gurion deploys approximately 1 security officer per 10-15 passengers passing through peak-period screening — a ratio significantly higher than that at European airports. The Israeli Airport Authority does not publish staffing ratios, but the training programme is documented: each security officer completes a six-month initial training programme before deployment, compared to the weeks-long training typical for European airport security staff under ECAC Doc 30 minimum standards.

Source: Ben Gurion Airport model: ECAC. Comparative Assessment of Airport Security Standards. European Civil Aviation Conference. 2017. Behavioural detection technique: Ekman, P. (2003). Emotions Revealed. Henry Holt & Co., New York. Vrij, A. (2008). Detecting Lies and Deceit. John Wiley and Sons. GAO-10-763: Aviation Security: Efforts to Validate TSA's Passenger Screening Behaviour Detection Program Underway. GAO. May 2010.

2.4 The Israeli Model Applied — What European Airports Can Implement

The full Ben Gurion model — road checkpoint for every vehicle, four landside security layers, 1:10-15 officer-to-passenger ratio, six-month initial training — is operationally infeasible at the scale and passenger throughput of major European hub airports. Heathrow handles 80 million passengers per year; Ben Gurion handles approximately 24 million. The staffing model does not scale linearly to European volumes without fundamental changes to terminal design and passenger flow management. The components of the Israeli model that are operationally transferable to European airports, and which directly address the Brussels vulnerability, are:

• Terminal entrance screening point: a staffed checkpoint between the terminal road drop-off and the terminal entrance doors. Not necessarily a full x-ray checkpoint — a document and observation checkpoint that prevents uncontrolled entry to the terminal and creates the first behavioural engagement. This is achievable at any airport with terminal entrance modification and trained staff.

• Passenger questioning at check-in: security-trained check-in staff conducting structured passenger interaction before accepting luggage. This is the layer that existed at El Al counters at Brussels Zaventem, but not at the general check-in desks the attackers used. EU Regulation 2015/1998, as amended by 2019/1583, does not require this as a general standard — it is an Israeli-specific operational practice.

• Behavioural detection officer deployment in landside areas: uniformed and plainclothes BDOs patrolling the departure hall, arrivals hall, and vehicle approaches. The TSA SPOT programme provides the documented Western equivalent. UK airports operate Behavioural Detection Officers under the Counter Terrorism Airport Police Officers (CTAPO) programme following the 2006 Heathrow liquid explosives plot.

• Trace detection in the landside zone: IMS explosive trace detection units deployed at the terminal entrance checkpoint, capable of detecting TATP, PETN, RDX, and HMTD at concentrations above 2 parts per billion. This is the specific technical control that would have detected the Brussels attackers' TATP-laden luggage before they entered the terminal.

3. Layered Landside Security — The Architecture That Brussels Required

The following section specifies the complete layered landside security architecture that addresses the Brussels vulnerability model. It is derived from the ECAC Doc 30 recommendations post-Brussels, the Israeli model analysis, the CPNI crowded places guidance, the IATA recommendations post-Brussels, and the regulatory requirements of EU Regulation 2015/1998 as amended.

3.1 Layer 0 — Road Boundary: Vehicle Control

Perimeter vehicle control points: At all road access points to the airport campus (not just terminal drop-off): rated HVM barriers (PAS 68 / IWA 14-1 P4 minimum) with staffed control points. Not all vehicles need to stop — private vehicles using the long-term car park may be waved through to a controlled parking area. But any vehicle whose route brings it to within 50 metres of the terminal building must pass through a staffed control point. The control point officer can divert suspicious vehicles before they reach the effective VBIED range of the terminal facade.

Terminal drop-off geometry: The drop-off approach road must incorporate speed-reducing geometry, such as chicanes or raised tables, to reduce vehicle speed to 15-20 km/h before reaching the terminal entrance bollard line. At this speed, even a 25-tonne heavy goods vehicle carries kinetic energy below the PAS 68 P4 test envelope (as established in the Breitscheidplatz paper). The bollard line at the terminal entrance face is the stop point; the approach geometry ensures the vehicle arrives at the stop point within the rated performance envelope.

Vehicle checkpoints — staffing and technology: Staffed control point with vehicle registration plate reader (ANPR), cross-referenced against national security watchlists and stolen vehicle database in real time. CCTV at an identification grade covering all vehicle approaches. The ANPR check provides the cyber-layer intelligence that augments the human behavioural observation at the checkpoint — a vehicle flagged on a watchlist triggers an immediate enhanced inspection protocol regardless of the officer's behavioural assessment of the occupant.

3.2 Layer 1 — Terminal Entrance: The Critical New Checkpoint

This layer did not exist at Brussels Zaventem. It is the single highest-impact addition to the standard European airport security architecture. Its implementation directly addresses the attack vector that killed 16 people on 22 March 2016.

Physical configuration: A staffed checkpoint at the terminal entrance doors. The checkpoint creates two zones: landside public space (road, drop-off, taxi rank) and landside terminal interior (check-in halls, retail, food service). All persons entering the terminal must pass the checkpoint. The checkpoint does not require X-ray equipment for all passengers — it is a document, observation, and trace detection checkpoint. Its main role is to stop the Brussels attack model: a person carrying a TATP device from a vehicle into the check-in hall.

Explosive trace detection at the entrance: IMS trace detection equipment at the entrance checkpoint. Swab-based trace detection of bags at a sampling rate appropriate to passenger throughput — typically 5-10% of bags selected by the BDO based on behavioural observation or random selection. TATP vapour pressure is high enough that a bag containing a TATP device will produce a positive trace detection result from a swab of the bag's exterior handles or zips. Detection limit for TATP on IMS: approximately 2 ppb. This is the technical control that Brussels required. The cost of an IMS unit: approximately EUR 30,000-50,000. The consequence of not having one: 16 deaths and 187 injuries on 22 March 2016.

Behavioural detection at the entrance: The entrance checkpoint is the first structured interaction between security staff and arriving passengers. Staff are trained to the BDO standard: structured question protocol (where are you flying to, where are you coming from, are you travelling alone), observation of facial micro-expressions and physiological stress indicators, and referral of any concern to secondary screening inside the terminal. The script is short — 30 seconds per passenger at normal throughput. The purpose is not to conduct an interview; it is to create an interaction that an attacker in operational preparation mode will find difficult to navigate without revealing stress indicators.

Throughput management: The entrance checkpoint creates a queuing point, which in turn increases crowd density. This must be managed: the checkpoint itself must not become a PBIED target by creating a queue of 50+ people outside the terminal in an unscreened space. Design requirement: sufficient checkpoint lanes to maintain queue length below 10-15 persons per lane under peak traffic conditions; physical separation of queue lanes to limit the population affected by a single device; and evaluation of mobile BDO patrols in the queue area as a deterrence measure against PBIED targeting of the queue itself.

3.3 Layer 2 — Check-In and Bag Drop: Security-Trained Staff

Security training for check-in staff: Under the Israeli model, check-in staff are an active security layer — not just service staff performing a logistical function. In the European context, EU Regulation 2015/1998 Chapter 11 defines the security training requirements for all airport staff. Security-trained check-in staff conduct a structured passenger interaction at the point of bag acceptance: destination confirmation, luggage packing confirmation, and security question protocol. The questions fulfil a dual purpose: regulatory compliance (confirming that the passenger packed their own bags and that no unknown items were accepted) and behavioural observation (creating a second structured interaction after the entrance checkpoint).

Checked baggage screening: EU Regulation 2015/1998 requires that all checked baggage be screened to Standard 3 (CT-based explosive detection) before loading. The technology standard for checked baggage screening is the Explosive Detection System (EDS) equipment certified to ECAC Common Evaluation Process (CEP) Standard 3. Standard 3 EDS equipment detects explosive materials by density and atomic composition analysis in CT imagery, with automatic alarm generation. This is the airside baggage-handling standard, well established in European airports. The landside equivalent — trace detection of baggage at the check-in point before it enters the system — is the Israeli model's enhancement.

3.4 Layer 3 — Security Hall: Technology Specification

Cabin baggage screening — CT standard: ECAC Doc 30 and EU Regulation 2015/1998 require cabin baggage screening to Standard 2 minimum. The transition to Standard 3 CT-based cabin baggage screening (equivalent to the checked baggage EDS standard) was mandated across EU airports above defined thresholds from September 2022, following the UK's 2021 implementation of 3D CT scanning for cabin baggage. CT cabin baggage screening eliminates the need for passengers to remove liquids and laptops from their bags — the scanner produces a three-dimensional density profile of the bag contents without the projection limitations of two-dimensional X-ray.

Body screening — automatic threat detection: Millimetre-wave body scanners (Active MMW) or advanced imaging technology (AIT) are deployed at the security hall to detect non-metallic threats, including PBIED components, ceramic weapons, and drug packets. EU Regulation 2016/329 governs the operational requirements for body scanning in EU airports. The scanner generates an automatic threat-detection image rather than a generic human silhouette, eliminating the need for operator interpretation of body outlines and reducing false-positive rates.

Liquid, aerosol, and gel (LAG) screening: EU airports have operated a 100 ml LAG restriction since 2006 following the Heathrow liquid explosives plot. EU Regulation 2015/1998 permits airports with certified LAG detection equipment to allow LAG volumes above 100 ml, provided they are screened by that equipment. Certified LAG detection equipment (bottle scanners) is now deployed at major European hub airports, enabling a gradual relaxation of the 100 ml restriction as technology capabilities expand. ECAC CEP-certified bottle scanners detect hydrogen peroxide-based explosives (TATP and HMTD precursors) and liquid explosive compounds in container volumes ranging from 100 ml to 2 litres.

4. Insider Threat — The Persistent Airport Security Vulnerability

Post-2016, European airports carried out substantial enhancements to landside public zone security. The insider threat — staff with airside access credentials exploiting that access — remains the most difficult threat vector to address through technology-based screening, because the insider has already passed the screening that is designed to detect external threats.

4.1 The Documented Insider Threat Record

Daallo Airlines Flight 159 — February 2016: A laptop computer containing an IED was handed to a passenger in the departure area of Mogadishu Aden Abdulle International Airport by an airport employee with airside access. The device detonated after takeoff, blowing a hole in the fuselage. The passenger was ejected through the hole and killed. The device did not bring down the aircraft because the detonation occurred before the aircraft reached altitude. The employee had sufficient access to deliver a device which bypassed all passenger screening.

Metrojet Flight 9268 — October 2015: An IED concealed inside a Schweppes soft drink can detonate in the baggage hold of the aircraft over Sinai, killing all 224 people on board. Egyptian and Russian investigations confirmed that the device was introduced into the baggage system at Sharm el-Sheikh Airport by an employee with access to the baggage handling system. The employee had direct access to the checked baggage stream after EDS screening.

The structural vulnerability: Both incidents demonstrate the same mechanism: an employee with legitimate post-screening airside or baggage access inserts a device into the airside environment that bypasses all passenger-facing screening. The security architecture that defends against external attacks does not defend against the credentialed insider.

4.2 Countermeasures — Personnel Security and Access Management

Background screening — ASIS ANSI/ASIS PAP.1-2019: All airport employees with unescorted airside access must undergo: identity verification; right-to-work verification; criminal record check; employment history verification (minimum 5 years); financial sanctions screening; and reference verification. EU Regulation 2015/1998 Chapter 11 specifies minimum background check requirements for airport security staff — these requirements apply more broadly under ASIS PAP.1-2019 to all staff with airside access, regardless of their specific security role.

Ongoing screening and re-vetting: Initial screening is insufficient for a long-tenured employee whose circumstances may have changed. Re-vetting at 5-year intervals for all airside access holders; self-reporting obligations for material changes in personal circumstances (financial, legal, relationship); uninterrupted monitoring against criminal record databases and national security watchlists where permitted by national data protection frameworks.

Access compartmentalisation: Airside access should be proportionate to the specific function — a catering vehicle driver does not require access to the baggage hall; a baggage handler does not require access to the fuel depot. ICAO Annex 17 Chapter 4 requires that access control systems grant access to restricted areas only to those persons with a specific operational need. The compartmentalisation reduces the insider threat by limiting what any single compromised employee can access.

Post-screening baggage monitoring: After checking baggage passes and EDS screening, it enters a baggage handling system, which carries it to the aircraft hold. Every baggage handler who touches a bag after screening is a potential insider threat access point. CCTV at identification grade in all baggage handling areas, with footage retained for a minimum of 90 days and reviewed in the event of any security incident. Random bag audits — selecting screened bags for re-inspection after baggage handling — detect interference with screened baggage.

Randomised employee screening: Random screening of employees entering the airside zone — not just initial access control — detects employees who have successfully passed vetting but are currently in possession of a prohibited item. TSA Security Directive 1542-21-01 (August 2021, following the FedEx Memphis mass shooting by a disgruntled employee) expanded random employee screening requirements at US airports. European equivalents exist under ECAC Doc 30 but are not uniformly implemented.

Source: ICAO. Annex 17 — Security: Safeguarding International Civil Aviation Against Acts of Unlawful Interference. 11th Edition. 2020. TSA Security Directive 1542-21-01. August 2021. ECAC Doc 30, Part I, Chapter 4, 2021 edition.

5. The Drone Threat to Airports — The Fastest-Growing Security Challenge

The UAS threat to airports has two operational dimensions that require distinct countermeasure architectures: the accidental or nuisance drone — a hobbyist or uninformed operator whose drone enters restricted airspace — and the deliberate, weaponised drone — a platform specifically modified and deployed to cause operational disruption or physical damage. Airport security architecture must address both, but the defensive investment priority must be calibrated to the consequences of each.

5.1 The Operational Disruption Model — Gatwick 2018 and Its Successors

Gatwick Airport — December 2018: From 19 to 21 December 2018, drones were sighted flying in the vicinity of Gatwick Airport's runway and approach paths. The airport was shut down for approximately 36 hours, with 1,000 flights cancelled or diverted, affecting approximately 140,000 passengers. The drone operator was never identified. Total economic impact estimated at GBP 50 million (CAA post-incident analysis, 2019). The Gatwick incident established that a small UAS — not weaponised — operated by a single individual could shut down one of Europe's busiest airports with zero physical attack capability and zero financial investment beyond the cost of a commercial drone.

Heathrow — January 2019: A drone was sighted near Heathrow's northern runway, causing a brief ground stop. The Heathrow incident occurred three weeks after Gatwick, demonstrating that the disruption model was replicable and that Gatwick had not triggered a rapid national counter-UAS response.

Dubai International — July 2022: Multiple drone incursions near Dubai International caused ground stops affecting international departure schedules. Dubai had deployed a military-grade counter-UAS system by 2019 — the incursions still occurred, demonstrating that detection capability does not guarantee defeat capability.

The asymmetry of disruption: A EUR 800 commercial drone operated by a single individual with no specialist knowledge can cause EUR 50 million in economic disruption at a major international airport. No physical damage need be caused. No sophisticated capability is required. The attack is simply: fly a drone near the runway and let the airport's own safety procedures do the disruption. This asymmetry is more extreme than any physical attack vector in the airport threat typology — it requires less investment and less capability to execute than any other attack that produces comparable economic consequences.

5.2 The Weaponised Drone Threat — Payload Delivery Against Airport Infrastructure

Beyond disruption, the weaponised drone presents specific physical threats to airport infrastructure that conventional airport security architecture does not address. The attack vectors differ from the land-side PBIED model and require a separate defensive architecture.

5.2.1 Airside Infrastructure — Fuel Farm and Navigation Aids

Fuel farm vulnerability: Airport fuel farms — the above-ground storage tanks supplying aircraft fuel — are generally located on the airside perimeter, outside the terminal perimeter fence but within the airport campus. A commercial quadcopter carrying a 2-3 kg incendiary payload, guided by FPV to the fuel farm vent stack or fill connection, could initiate a fuel fire. Airport fuel tanks are protected against lightning strike and static ignition, but not against directed external incendiary attack from above the perimeter fence line. A fuel farm fire at a major international airport would close the airport for days or weeks, comparable to the operational disruption caused by a major blast.

Navigation and communications infrastructure: ILS (Instrument Landing System) antennas, VOR (VHF Omnidirectional Range) beacons, ATIS (Automatic Terminal Information Service) transmitters, and the airport's approach radar are all located in defined, publicly documentable positions on or adjacent to the airfield. Physical damage to ILS localiser or glideslope antennas would require suspending CAT I or CAT II approaches — restricting operations in low-visibility conditions. The antennas are not physically protected against aerial delivery of payloads.

5.2.2 Terminal Infrastructure from Above

The Brussels 2016 attack placed devices at ground level in the departure hall. A drone-delivered device bypasses the multi-layer landside screening described in Section 3 — not by defeating any security checkpoint but by approaching from a vector (overhead) that no checkpoint addresses. Specific overhead vulnerabilities at a standard terminal building:

• HVAC intakes and exhaust vents: roof-mounted HVAC intakes are reachable by a drone delivering a chemical, radiological, or incendiary payload from above the terminal roof. A chemical agent released into the HVAC intake propagates throughout the terminal within minutes via the ventilation system. This is the same vertical entry vulnerability documented at Chornobyl in February 2025 (Drone Threat paper).

• Roof structure over high-density zones: the departure hall roof is typically a large-span glazed or steel structure above the check-in area. A drone-delivered shaped charge targeting the roof structure above the check-in desks achieves the Brussels effect from above the perimeter — without penetrating any landside security layer.

• Aircraft on stand: aircraft parked at gates are available to a drone approaching at 50-100 m altitude over the airport perimeter fence. Damage to a parked aircraft's engine nacelle, fuel vent, or pitot tube by a drone-delivered payload could ground the aircraft and trigger a safety investigation lasting days. GPS spoofing of an aircraft's navigation systems during taxiing is also a documented drone-adjacent threat vector.

5.3 Counter-UAS Architecture for Airports — The Full Technology Stack

Airport counter-UAS presents a more complex technical and legal environment than CNI perimeter counter-UAS because: the RF environment is extremely dense and controlled (airport frequency management is safety-critical); the airspace is among the most regulated in the national airspace system; the passenger population creates a jamming constraint (jamming affects passenger mobile devices as well as drone control links); and the legal framework for defeat is subject to aviation safety regulation as well as the RF regulatory limitations described in the Drone Threat paper.

Detection — The Airport-Specific Sensor Stack

Primary Air Surveillance Radar — adapted for Small UAS: Airport Surface Detection Equipment (ASDE) and approach radar systems are designed for aircraft, not small UAS — minimum detectable RCS is typically 0.1 m² or above. A dedicated small UAS detection radar (Blighter B400 series, Robin Radar Elvira, or equivalent) with RCS sensitivity to 0.001 m² is required as a supplementary layer. Airport deployment requires integration with Air Traffic Management (ATM) systems — the counter-UAS track must be displayed on the ATM screen to enable ATC coordination during a drone incursion.

RF Detection — CONECT and Remote ID Integration: EASA Regulation (EU) 2019/947 requires Remote ID for commercial UAS operations above 250 g from 1 January 2024. Airport RF detection systems (Dedrone DroneTracker, D-Fend Solutions EnforceAir) receive Remote ID broadcasts and correlate with non-cooperative RF signals on drone control frequencies. Airport-specific constraint: RF detection systems must be coordinated with the airport frequency manager to avoid interference with safety-critical aviation communications on VHF (118-137 MHz) and radar frequencies. Airports are RF-managed environments — counter-UAS RF systems must be type-approved for use in the airport RF environment.

Acoustic Detection — Lower Effectiveness in Airport Environment: Acoustic detection performs best in quiet rural environments. An international airport is among the noisiest environments in the urban landscape — jet engine noise, taxiing aircraft, ground handling equipment, and terminal PA systems create a continuous acoustic noise floor that significantly degrades the acoustic detection performance of small UAS. Acoustic detection is a supplementary layer at airports, not a primary sensor. It may provide useful detection in quiet periods (overnight, low-traffic hours) or at remote perimeter locations away from apron noise.

Electro-Optical and Thermal — The Identification Layer. FLIR Triton F-Series cooled thermal imaging and Axis Q6135-LE PTZ optical cameras provide the same identification function as in the CNI perimeter application. At airports, these sensors must be positioned to cover all approach vectors to the airfield boundary — including approaches from residential areas adjacent to the airport perimeter, which are the most likely launch points for landside drone operations. Pan-tilt coverage of 360 degrees around the perimeter is required; fixed cameras with a limited field of view create blind spots that an attacker can exploit.

Sensor Fusion — Airfield Integration: At airports, counter-UAS sensor fusion must integrate with ATM systems. The Genetec Security Centre PSIM platform or equivalent must receive counter-UAS alerts and display them on the ATC operational picture. When a counter-UAS alert is generated, the ATC tower must be able to see the drone's track, altitude, speed, and bearing simultaneously with the alert—not after a voice notification. The system integration reduces the ATC response time from minutes (a phone call from security to ATC) to seconds (a common digital display).

Defeat — The Airport Legal Framework

Active defeat of drones at airports faces the same legislative constraints as civilian CNI — but with additional aviation safety dimensions that make some defeat technologies specifically prohibited in the airport environment:

RF Jamming — prohibited in the airport environment: RF jamming is prohibited under the Wireless Telegraphy Acts in Ireland, regardless of location. At airports, there is an additional prohibition: jamming aircraft communication frequencies (VHF 118-137 MHz and ATC radar frequencies) is a safety offence under ICAO standards and Aviation Authority regulations. A counter-UAS jamming system that is not frequency-selective could jam aircraft communications simultaneously with the drone — a safety-critical failure mode. Only frequency-selective jamming systems, type-approved for airport use, are permissible — and these are not generally available for civilian deployment.

GPS Spoofing — aircraft navigation conflict: GPS spoofing targeted at drone navigation systems affects GPS receivers within the spoofing radius — including aircraft navigation systems and ground vehicle GPS units on the airport surface. GPS spoofing at an airport is a safety-critical risk and is not a viable civilian defeat option.

Kinetic defeat — net launchers and trained raptors: Net-launching systems (SkyFence at Gatwick post-2018, DroneGun range) provide physical intercept without RF or GPS interference. Trained raptors — eagles trained to intercept drones — were trialled by the Dutch National Police (Project Guard) in 2016-2017; the programme was discontinued in 2017 after it was assessed as insufficiently reliable for operational deployment. Net launchers provide intercept at 50-100 m range — sufficient for perimeter defence at locations where the drone must fly close to the fence to reach its objective.

Directed energy — the emerging airport option: High-energy laser systems, in development for military and civil protection applications, provide drone defeat at 500-1,500 m range without RF interference. Rheinmetall's HEL effector system and Raytheon's High Energy Laser Mobile Demonstrator have both been assessed for airport counter-UAS application. The technology is approaching civil deployment readiness, but is not currently certified for civilian airport operation. This is the 3-5 year horizon solution for airports that cannot deploy RF jamming.

The current realistic option — detection plus immediate ATC response: For most airports today, the realistic response to a drone detection is: alert ATC immediately; issue NOTAM suspending operations in affected airspace; deploy ground assets (police, airport security) to locate the operator using direction-finding equipment on the control link RF signal; and if the drone approaches within net-launcher range, deploy the net launcher. This is the Gatwick 2018 response model — slow, operationally disruptive, and effective only at preventing a collision rather than catching the operator. It is the best available option within current legal constraints.

THE DEFEAT GAP — AIRPORTS SPECIFICALLY: Airports are the civilian environment most in need of active counter-UAS defeat capability and the environment where that capability is most legally constrained. RF jamming affects aircraft communications. GPS spoofing affects aircraft navigation. Kinetic intercept at 50-100 m may be too late if the drone's objective is the fuel farm 300 m from the perimeter fence. The legislative reform required — specific authorisation for airport operators to deploy frequency-selective, aviation-certified counter-UAS jamming under CAA/IAA oversight — is a policy priority that security engineering alone cannot resolve. The UK CAA CAP 2124 (Counter-UAS at UK Airports, 2022) provides the most developed regulatory framework for airport counter-UAS in Europe and should be the model for Irish IAA guidance development.

Source: UK CAA. CAP 2124: Counter-Unmanned Aircraft Systems (C-UAS) at UK Aerodromes. January 2022. UK CAA. Gatwick Drone Incident Report 2019. CAP 1769. March 2019. EASA. Easy Access Rules for Unmanned Aircraft Systems. Regulation (EU) 2019/947. 2024 edition.

6. Post-Pandemic Volume and Staffing — The Security Degradation Risk

Post-COVID-19, international airports have experienced the most operationally trying period in the history of commercial aviation: passenger volumes recovered faster than staffing, creating a sustained period in which security screening was conducted by under-trained, under-experienced staff under high throughput pressure. This operational context directly degrades security effectiveness in ways that technology cannot compensate for.

6.1 The Staffing Crisis — Documented Evidence

Dublin Airport 2022. At Dublin Airport in summer 2022, passengers missed flights due to security queues exceeding 3 hours. Aer Lingus reported that approximately 1,700 of its passengers missed flights in a single week in June 2022. The Irish Aviation Authority and the DAA (Dublin Airport Authority) commissioned an independent review. The review found: insufficient security screening staff due to post-pandemic staff attrition and slow recruitment response; an inadequate training pipeline to replace attrited staff at the required rate; and queue management procedures that created high-density gathering points in the landside departure zone — precisely the crowd density that the Brussels attack targeted.

UK airports 2022. Heathrow, Gatwick, and Manchester airports all reported similar staffing shortages in summer 2022. Heathrow imposed a daily passenger cap of 100,000 — effectively rationing airport capacity — for six weeks in summer 2022 to manage the security queue problem. The UK Home Office Select Committee on counter-terrorism noted in its 2023 report that staffing shortages at airport security checkpoints during peak periods created conditions in which the behavioural detection function was effectively suspended — screeners were focused on throughput rather than observation.

6.2 The Throughput-Security Trade-off

The staffing crisis of 2022 demonstrated a structural tension in airport security: the commercial pressure to minimise queue times and maximise passenger throughput is in direct conflict with the security requirement for adequate dwell time per passenger at screening checkpoints. When throughput pressure is high, BDO observation is reduced, questioning is truncated, and trace-detection sampling rates decline. The Ben Gurion model partially addresses this tension by distributing the security function across multiple layers — if the entrance checkpoint observation is rushed due to queue pressure, the check-in interaction provides a second assessment opportunity. But the distributional benefit requires that all layers be adequately staffed, and the Israeli staffing ratios are not commercially viable at the European scale without a fundamental change to how airport security is funded.

The ICAO and ECAC position. ICAO Annex 17 and ECAC Doc 30 specify minimum training requirements for security staff, but not minimum staffing ratios per passenger throughput. This gap means that operators experiencing throughput pressure can legally reduce per-passenger dwell time at screening checkpoints — there is no regulatory minimum. Closing this gap requires either a mandated minimum dwell time (operationally unfeasible at high volumes) or a technology solution that reduces reliance on staffing for base-level screening while maintaining human observation for the higher-risk detection task.

7. The Integrated Architecture — Priority Order for Implementation

The full airport security architecture presented in this paper discusses six threat vectors: landside PBIED (Brussels model), VBIED at the terminal approach (Glasgow model), insider threat, drone disruption (Gatwick model), weaponised drone, and insider-enabled airside attack. No single control addresses all six. The architecture works through the compound effect of multiple layers, each addressing a specific threat vector. The following priority order for implementation is based on threat frequency, consequence severity, and countermeasure cost-effectiveness:

Priority 1 — Terminal entrance checkpoint (Brussels threat, immediate): The single highest-impact security addition at any European airport that does not already have it. Cost: staff training programme (EUR 200,000-500,000 for a medium airport), physical checkpoint infrastructure (EUR 100,000-300,000), IMS trace detection equipment (EUR 30,000-50,000 per unit). Consequence prevented: Brussels model PBIED in the departure hall. Basis: every year that a major European airport operates without a terminal entrance checkpoint is a year that the Brussels attack model is available to any motivated actor with a TATP device and a taxi.

Priority 2 — HVM upgrade at vehicle drop-off (VBIED, immediate): PAS 68 / IWA 14-1 P4-rated barriers at all terminal approach vehicle lanes. Approach road chicane geometry to reduce vehicle speed before the bollard line. Cost: EUR 200,000-600,000 per terminal frontage, depending on length and geometry. Glasgow Airport's post-2007 upgrade is the documented implementation model.

Priority 3 — BDO deployment and training programme (all threats, 0-12 months): Uniform BDO presence in the landside departure and arrivals areas. Minimum 6-month initial training programme per BDO (TSA SPOT or equivalent). Integration with the terminal entrance checkpoint as a combined document/observation function. Cost: ongoing staffing costs, typically 15-20% above standard security staff costs for BDO-qualified staff.

Priority 4 — Counter-UAS detection deployment (drone threat, 0-18 months): Radar primary sensor, RF detection secondary, EO/IR identification layer, ATM integration. Full perimeter coverage with no gaps. Cost: EUR 500,000-1,500,000 for a medium international airport, depending on perimeter length and ATM integration complexity.

Priority 5 — Insider threat programme (ongoing): Personnel security re-vetting programme, access compartmentalisation audit, randomised employee screening programme, and post-screening baggage CCTV monitoring. Cost: primarily programme management and training costs; relatively low capital requirement.

Priority 6 — Active counter-UAS defeat capability (drone, 18-36 months pending legislation): Frequency-selective RF jamming capability under IAA/CAA oversight, coordinated with the national counter-UAS legal framework development. Net launcher deployment at perimeter critical points. Directed energy has a 5-year horizon. Cost: dependent on regulatory framework development.

THE REGULATORY MANDATE: EU Regulation 2015/1998, as amended by 2019/1583, requires airports receiving international traffic above defined thresholds to implement security measures for landside public areas proportionate to the assessed threat level. CER Directive S.I. 559/2024 classifies airports as critical entities in the transport sector. NIS2 Article 21 applies to airport operators' digital and OT infrastructure. ICAO Annex 17 Chapter 4 specifies minimum physical security requirements for all international airports. The regulatory framework mandates action. The Brussels evidence base specifies the required action. The Ben Gurion operational model illustrates that it is achievable.

8. Conclusion

The Brussels Zaventem attack of 22 March 2016 demonstrated with 16 deaths and 187 injuries that the post-9/11 airport security architecture — designed to protect the aircraft — failed to protect the airport. The departure hall check-in area, the busiest and most crowded public space in the aviation system, was the least protected. The attackers' route from the taxi rank to the check-in desk encountered no security layer, no behavioural observation, no trace detection, and no physical barrier.

The solution exists, has been operating for over 50 years, and has prevented every attack attempted against it. Ben Gurion International Airport extends the security perimeter to the road boundary, conducts behavioural assessment at the vehicle checkpoint, staffs every subsequent interaction with trained observers, and treats the check-in desk as a security engagement point rather than a logistical one. It is expensive, staffing-intensive, and disruptive to the commercial model of rapid passenger throughput. It is also the only airport security model with a confirmed zero-successful-attack record against the full threat typology.

The drone threat adds a dimension that no landside security architecture addresses — an aerial approach vector that bypasses every ground-level checkpoint, every perimeter barrier, and every trace detection system. Gatwick 2018 found that drone disruption is the highest-cost asymmetry attack in the airport threat environment. The weaponised drone adds payload delivery capability against airside infrastructure and overhead terminal vulnerabilities that current counter-UAS architectures — constrained by aviation safety legislation — cannot defeat with the tools currently available to civilian operators.

The integrated architecture this paper specifies — road checkpoint, terminal entrance screening, check-in security interaction, BDO deployment, counter-UAS detection with ATM integration, insider threat programme, and PAS 68-rated HVM — addresses the full documented threat typology. It is not the full Ben Gurion model deployed at the European scale, because that is not operationally achievable without a fundamental redesign of airport commercial operations. It is the highest-impact subset of the Ben Gurion model — the layers whose absence explains every major airport attack since Domodedovo 2011 — implemented within the operational and commercial constraints of a major European airport.

References and Primary Sources

1. Belgian Federal Prosecutor's Office. Attentat de Bruxelles du 22 mars 2016: acte d'accusation. Brussels Assize Court. 2019.

2. Belgian Commission of Inquiry into the Brussels and Paris Attacks. Final Report. Belgian Parliament. September 2019.

3. ICAO. Annex 17 — Security: Safeguarding International Civil Aviation Against Acts of Unlawful Interference. 11th Edition. ICAO. Montreal. 2020.

4. ECAC. Doc 30 Part I: Recommendations and Resolutions Relating to the Security of International Air Transport. 2021 edition. European Civil Aviation Conference.

5. European Commission. Regulation (EU) 2015/1998 — Common Basic Standards on Civil Aviation Security. November 2015.

6. European Commission. Regulation (EU) 2019/1583 — Amending Regulation (EU) 2015/1998 (post-Brussels enhancements). October 2019.

7. European Commission. Regulation (EU) 2016/329 — Body Scanning Equipment in Security Screening. March 2016.

8. ECAC. Comparative Assessment of Airport Security Standards. European Civil Aviation Conference. 2017. [Ben Gurion benchmark.]

9. US GAO. GAO-10-763: Aviation Security: Efforts to Validate TSA's Passenger Screening Behaviour Detection Program Underway. May 2010.

10. GAO. GAO-13-671: TSA Should Limit Funding for Behaviour Detection Activities. November 2013.

11. Ekman, P. (2003). Emotions Revealed: Recognising Faces and Feelings to Improve Communication and Emotional Life. Henry Holt & Co., New York.

12. Vrij, A. (2008). Detecting Lies and Deceit: Pitfalls and Opportunities. 2nd edition. John Wiley and Sons. Chichester.

13. TSA. Screening of Passengers by Observation Techniques (SPOT) Programme Documentation. TSA. Washington DC. Current edition.

14. UK CAA. CAP 2124: Counter-Unmanned Aircraft Systems (C-UAS) at UK Aerodromes. January 2022.

15. UK CAA. CAP 1769: Gatwick Drone Disruption December 2018 — Analysis and Recommendations. March 2019.

16. EASA. Easy Access Rules for Unmanned Aircraft Systems. Regulation (EU) 2019/947. EASA. Cologne. 2024 edition.

17. UK Home Office Select Committee on Counter-Terrorism. Report on Airport Security Staffing and Counter-Terrorism Capability. UK Parliament. 2023.

18. Irish Aviation Authority / DAA. Independent Review of Dublin Airport Security Operations Summer 2022. September 2022.

19. British Standards Institution. PAS 68:2013: Impact Test Specifications for Vehicle Security Barriers. BSI. 2013.

20. ISO/IEC. IWA 14-1:2013: Vehicle Security Barriers — Performance Requirement, Vehicle Impact Test Method and Performance Rating. ISO. 2013.

21. CPNI. Counter-Terrorism Protective Security Advice for Airports. Centre for the Protection of National Infrastructure. London. Current edition.

22. CPNI. Hostile Vehicle Mitigation for Crowded Places. CPNI. London. 2021.

23. Cooper, P.W. (1996) Explosives Engineering. VCH Publishers. New York. [TATP RE factor.]

24. ASIS International. ANSI/ASIS PAP.1-2019 Personnel Security Standard. ASIS International. Alexandria VA. 2019.

25. TSA. Security Directive 1542-21-01: Enhancing Public Area Security at Airports. August 2021.

26. Dedrone. DroneTracker Technical Specifications. 2024.

27. Blighter Surveillance Systems. B400 Series Technical Data Sheet. 2024.

28. FLIR Systems. Triton F-Series Thermal Security Camera. 2024.

29. European Union. CER Directive: Directive (EU) 2022/2557. December 2022. Transposed: S.I. 559/2024.

30. European Union. NIS2 Directive: Directive (EU) 2022/2555. December 2022.