What Is Aviation Security? The Complete Guide

Aviation security is the combination of measures, human resources, and technology used to protect civil aviation against acts of unlawful interference — deliberate acts such as hijacking, sabotage, and attacks on aircraft, airports, and air navigation infrastructure. The international baseline is Annex 17 to the Chicago Convention, maintained by the International Civil Aviation Organization (ICAO). In practice, aviation security spans everything from passenger screening at the checkpoint to intelligence-led decisions about whether an aircraft should overfly a conflict zone at all.

This guide explains what aviation security covers, how it differs from aviation safety, who is responsible for it, the threats that matter most today, and how modern airlines assess and manage security risk.

What does aviation security actually cover?

Aviation security — often abbreviated AVSEC — exists to prevent acts of unlawful interference against civil aviation. ICAO Annex 17 frames these as deliberate acts, or attempted acts, that jeopardize the safety of civil aviation.

The scope is wider than most passengers realize. It includes:

Passenger and baggage screening at airports, the most visible layer.
Access control to aircraft, ramps, and security-restricted areas.
Air cargo and mail security, including supply-chain controls for goods carried on passenger aircraft.
In-flight security, from hardened cockpit doors to in-flight security officers (IFSOs).
Overflight and route risk, the assessment of whether airspace is safe to transit — see our guide to conflict zone airspace risk.
Crew security on the ground, covered by duty of care obligations during layovers.
Cyber and navigation security, including interference with GNSS signals that aircraft rely on.
Landside security, protecting public areas of airports before the screening checkpoint.

A useful way to think about it: airport screening protects the aircraft from what gets on board; intelligence-led security protects the aircraft from the environment it operates in. Both are aviation security.

How is aviation security different from aviation safety?

Aviation safety addresses unintentional hazards — mechanical failure, weather, human error. Aviation security addresses deliberate acts — someone intends to do harm. The two disciplines share a goal, the protection of life, but they use different tools: safety relies on engineering and procedure, while security relies on screening, intelligence, and threat assessment.

The boundary is not always clean. GPS jamming, for example, is a deliberate act (security) whose primary operational consequence is degraded navigation (safety). Conflict-zone overflight is a security threat that materializes as a catastrophic safety outcome. Modern operators treat the safety/security classification as an explicit analytic decision for each event, because the response differs: a safety issue goes to the safety management system (SMS), while a security threat drives route, destination, and scheduling decisions through the operations control centre.

What is the international framework for aviation security?

The legal foundation of aviation security is the Convention on International Civil Aviation, signed in Chicago in December 1944, which established ICAO. Security obtained its own annex in March 1974, when ICAO adopted Annex 17 in response to the hijacking wave of the late 1960s and early 1970s.

Annex 17 sets the global baseline. Its core requirement is that every ICAO member state must maintain a National Civil Aviation Security Programme (NCASP) — a written national framework that allocates responsibilities, sets screening and access-control standards, and requires airports and airlines to operate their own approved security programmes.

Alongside Annex 17, a family of criminal-law treaties makes specific acts prosecutable across borders:

The Tokyo Convention (1963) on offences committed on board aircraft.
The Hague Convention (1970) on unlawful seizure of aircraft.
The Montreal Convention (1971) on acts against the safety of civil aviation, such as sabotage.
The Beijing Convention (2010), which modernized these instruments to cover aircraft used as weapons and the transport of dangerous materials.
The Montreal Protocol (2014), which updated the Tokyo Convention to strengthen jurisdiction over unruly passengers.

In 2017, ICAO adopted the Global Aviation Security Plan (GASeP), the strategic roadmap intended to raise security performance worldwide.

Regional and national layers build on this baseline. In Europe, Regulation (EC) No 300/2008 and Implementing Regulation (EU) 2015/1998 set common rules enforced across EU member states, complemented by ECAC Doc 30 guidance. In the United States, the Aviation and Transportation Security Act of November 2001 — passed weeks after the 9/11 attacks — created the Transportation Security Administration (TSA) and federalized passenger screening.

History explains the architecture. The bombing of Pan Am Flight 103 over Lockerbie in December 1988, which killed 270 people, drove hold-baggage screening and passenger-baggage reconciliation requirements. The 9/11 attacks drove hardened cockpit doors, federal screening in the US, and a global rethink of the insider threat. The framework is, in a real sense, a record of lessons paid for in lives.

For a deeper treatment of Annex 17 and compliance obligations, see What Is AVSEC? Aviation Security and ICAO Annex 17 Explained.

Who is responsible for aviation security?

Responsibility is layered, and every layer is accountable for its own slice:

States hold ultimate responsibility under Annex 17. Each state designates an appropriate authority, maintains the NCASP, and oversees compliance through audits and inspections.
Airports operate approved airport security programmes covering screening, access control, and security-restricted areas.
Airlines operate their own security programmes covering aircraft protection, crew procedures, cargo acceptance, and — critically — the security risk assessment of the routes and destinations they choose to serve.
Crews execute in-flight security procedures and act as the last layer of detection and response on board.
Intelligence and analysis functions, whether in-house or external, feed the decisions every other layer makes.

The practical consequence: an airline cannot outsource its security judgment to the state. Regulators set minimums; the operator still decides which airspace to transit tonight. That decision gap is where aviation security intelligence lives.

What are the main threats to civil aviation today?

The threat picture has shifted decisively in the last decade — away from the checkpoint and toward the operating environment.

Conflict-zone overflight

The shoot-down of Malaysia Airlines Flight 17 over eastern Ukraine in July 2014, killing all 298 aboard, and of Ukraine International Airlines Flight 752 near Tehran in January 2020, killing 176, demonstrated that the deadliest aviation security failures of the modern era happen at cruise altitude, not at the checkpoint. States now publish conflict-zone guidance — for example, EASA's Conflict Zone Information Bulletins (CZIBs) — but the overflight decision remains the operator's. Our complete guide to conflict zone and overflight risk covers this in depth.

GNSS jamming and spoofing

GPS jamming denies satellite navigation signals; GPS spoofing feeds aircraft false position data. EASA and IATA jointly warned in 2024 that interference incidents had risen sharply, concentrated around conflict regions including the Baltic, the Black Sea, and the Middle East. Spoofing is the more insidious threat: aircraft systems can accept false positions as genuine, with downstream effects on terrain warning and navigation displays.

Insider threat

An insider threat is a person with legitimate access — staff credentials, airside passes, system permissions — who exploits that access for harm. Insider cases bypass the screening layer entirely, which is why Annex 17 emphasizes background checks, access revalidation, and security culture programmes.

MANPADS and standoff weapons

Man-portable air-defence systems (MANPADS) and other standoff weapons threaten aircraft during arrival and departure, when altitude and speed offer little protection. Proliferation of these systems in conflict regions directly shapes destination risk assessments.

Drones and counter-UAS

Unauthorized drone activity can close an airport without a single casualty. The drone disruption at London Gatwick in December 2018 affected roughly 1,000 flights over three days, according to UK reporting at the time. Counter-UAS capability — detection, identification, mitigation — is now part of the airport security toolkit.

Cyber threats

Aviation runs on interconnected systems: reservation platforms, flight planning, e-enabled aircraft, airport operational databases. Cyber attacks on these systems can disrupt operations at scale, and Annex 17 was amended to require states to address cyber risk to critical aviation systems.

Landside attacks

The attacks at Brussels Zaventem in March 2016 and Istanbul Atatürk in June 2016 targeted public landside areas — check-in halls and arrival curbs — before any screening checkpoint. Landside security relies on design, surveillance, behavioral detection, and rapid response rather than screening.

Unruly passengers and in-flight interference

IATA has reported a year-on-year rise in unruly-passenger incidents since the pandemic. Most are compliance failures rather than security threats, but escalation to the flight deck door is the scenario the in-flight security layer exists to prevent.

Air cargo

The 2010 plot that concealed explosives in printer cartridges shipped from Yemen exposed the cargo supply chain as an attack vector. Cargo security now relies on regulated-agent regimes and screening requirements that follow the shipment, not just the aircraft.

What are the layers of aviation security?

No single measure stops every threat, so aviation security is built as overlapping layers. When one layer fails, the next is positioned to catch what got through.

Intelligence and threat assessment — the outermost layer. Identifying threats before they reach the aircraft: conflict-zone monitoring, NOTAM analysis, GNSS interference tracking, destination risk assessment.
Regulatory baseline — Annex 17, the NCASP, and national programmes that set minimum standards everywhere.
Airport perimeter and access control — keeping unauthorized people and vehicles away from aircraft.
Screening — passengers, baggage, cargo, staff. The most visible layer, and the one most threats are designed around.
Behavioral detection and security culture — trained staff who notice what machines miss.
In-flight security — hardened cockpit doors, crew procedures, IFSOs where deployed.
Resilience and response — incident management, contingency planning, and the ability to recover operations.

The layered model has a corollary that operators sometimes miss: the outermost layer is the cheapest place to stop a threat. A route changed before departure costs a few minutes of flight time. A threat that reaches the screening checkpoint is already inside the system. A threat that reaches the aircraft costs everything.

How do airlines assess aviation security risk?

Modern security risk assessment follows the standard model: risk is a function of threat, vulnerability, and consequence. For flight operations this translates into concrete questions. What is the threat in this airspace or at this destination? How exposed is the operation to it? What happens if it materializes?

In practice, operators run several assessment products:

Route and overflight assessments for airspace transited en route, particularly conflict-zone overflight risk.
Destination assessments covering the airport, the city, and ground-handling environment.
Crew layover assessments under duty-of-care obligations — see What Is Crew Layover Security?
Flight-level tools such as a Flight Risk Assessment Tool (FRAT) that scores individual flights against defined criteria.

Two disciplines separate a defensible assessment from guesswork. First, source reliability: a single unverified social media post is not an alert, and graded source-reliability models exist precisely to prevent one noisy signal from driving an operational decision. Second, freshness: a security assessment is a perishable product, and a stale assessment can be worse than none because it carries false confidence. Our methodology page describes how AeroVigil applies both.

Live, country-level risk pictures — the volatile layer that should never be frozen into a static article — are maintained on our flight risk pages.

What role does intelligence play in aviation security?

Intelligence is the layer that makes every other layer proactive instead of reactive. Screening finds the weapon; intelligence finds the intent. Aviation security intelligence collects signals — NOTAMs, conflict-zone bulletins, OSINT, GNSS interference telemetry, official advisories — verifies them, and turns them into route, destination, and scheduling decisions.

The discipline that matters most here is verification. Open sources are fast but noisy; official sources are reliable but slow. A mature intelligence function fuses both, grades every source, and keeps an analyst in the loop for judgments that carry operational consequences. We cover this fully in What Is Aviation Security Intelligence? A Complete Guide.

What technologies are reshaping aviation security?

Several technology shifts are changing how the layers above actually work:

Computed tomography (CT) screening at checkpoints, giving screeners 3D imagery and better automated detection of explosives.
Biometrics and digital identity, moving identity verification from documents to faces and reducing checkpoint friction.
AI-assisted analysis, which can triage thousands of open-source signals, classify events, and flag correlations faster than human teams — provided an analyst validates what the model proposes before it drives an operational decision.
ADS-B-derived monitoring, which makes live aircraft behavior observable at scale and lets operators see how the global fleet is actually responding to a threat area — avoidance patterns are themselves an intelligence signal.
GNSS interference detection, using aircraft-derived data to map jamming and spoofing activity in near real time.
Counter-UAS systems for detecting and mitigating drone incursions at airports.

The pattern across all six: aviation security is becoming a data discipline. The operators that manage risk best are the ones that can see the most, verify the fastest, and decide with the clearest process.

Frequently asked questions

Who sets aviation security standards globally?

ICAO sets the global baseline through Annex 17 to the Chicago Convention. Each member state implements that baseline through its National Civil Aviation Security Programme, and regional regimes such as EU Regulation 300/2008 or the US TSA framework add stricter local requirements.

What is an act of unlawful interference?

An act of unlawful interference is a deliberate act that jeopardizes the safety of civil aviation — including hijacking, sabotage, attacks on aircraft or airports, and communication of false threats. The term comes from ICAO Annex 17 and defines the scope of aviation security.

Is aviation security the state's responsibility or the airline's?

Both. States hold ultimate responsibility under Annex 17 and set the regulatory minimum. Airlines remain responsible for their own security programmes and for operational judgments — above all, the assessment of route and destination risk, which no regulator makes for them.

What is the biggest aviation security threat today?

There is no single biggest threat, but the fastest-evolving operational threats are conflict-zone overflight risk and GNSS jamming and spoofing — both of which affect aircraft in normal cruise flight, far from any checkpoint. Both have grown materially since 2022, according to EASA and IATA.

How often should a security risk assessment be updated?

A security assessment should be treated as perishable. Route and destination assessments should be reviewed on a defined cycle and re-validated immediately when a material signal changes — an airspace closure, a new conflict-zone bulletin, a spike in GNSS interference. A stale assessment carries false confidence.

The AeroVigil Threat Intelligence Desk publishes analysis under AeroVigil's editorial standard: every hard claim is attributed to a named source or AeroVigil's own data pipeline, and no statistics are invented. See our methodology for how sources are graded and verified.