Gatwick Drone Incident Highlights Security And Risk Management

The recent situation where the sighting of a drone near the outer perimeter fence caused the shutdown of Gatwick airport for three days, provides an outstanding example for those looking for a demonstration of the diff erence between security management and risk management, according to David Rubens.

A drone was seen flying in the vicinity of Gatwick airport on December 20, 2018. As it was classified as a potential threat to aircraft (and at that stage it was not known if there was a terrorist aspect to the sighting), it was decided to close the runway to both incoming and departing flights. This caused an immediate impact, both on the passengers in the airport, and to flights in the air expecting to come in to land at Gatwick.

What was not anticipated, however, was the length of the runway closure – three days. In the aftermath of the event, during which there was confusion over what measures could neutralise the drone threat, and what role the police and military  would be taking, almost all of the discussions around the incident have concentrated on the technical, preventative and reactive side of the picture. at is, what can be done to identify drone threats, and to prevent them from negatively a ecting the airport’s operations. What is missing has been a review of the situation from a risk management perspective.

One of the rules of crisis management is that we must di erentiate the external event from the crisis. Hurricane Katrina was an event. It was the failures of the response agencies to ful l their role in responding to the damage and disruption caused in New Orleans, in exactly the sort of situation that they should have prepared for, which caused the crisis. In  much the same way, it was not the drone that caused the closure of a major global hub airport for three days, but the failure of the airport management in general, and risk managers in particular, to prepare for a situation that was not only predictable but, in the present risk climate, was practically inevitable.

As far as the airport managers are concerned, it is to be hoped that the possibility of a drone in the vicinity of their airport was something that was high on their Risk Register and had been extensively modelled in order to identify both the challenges associated with such an incident, and a full range of response options that could be used should such an incident occur.

In fact, this was not the rst time that a drone sighting had caused disruption to Gatwick’s operations. ere had been two smaller incidents in 2017, both of which should have been red lights  that agged up the necessity of having a fullydeveloped response capability, given the high likelihood that such an event would occur again.

One of the basic di erences between security management and risk management is that security management is preventative (how do we stop a drone from disrupting our airport), while risk management is about consequence management (what do we do in the event that the airport is disrupted).

From this perspective, in terms of risk management, the drone itself was relatively unimportant. The significant issue from the airport management perspective was loss of airport functionality. Under this heading, it is not substantively significant whether the loss of functionality was owing to a technical failure (such as the global check-in IT crash, September, 2017), volcanic ash (May 2011) or terrorism (September 11, 2001, and the 2006 liquid bomb plots).

One of the issues that di erentiates a major incident from a crisis event is that the former is recognised and understood, and there is a range of response options that can be put in place by responding managers and operation commanders who have had both training and personal experience of such incidents previously. e latter involves a situation that has been previously unknown, and for which there are no set response plans or frameworks.

It seems from various reports, as well as from private conversations with a number of people who were involved in the Gatwick incident, that there was no clear understanding of what the correct procedures should be, or even of assessing the level of threat. As is often the case when a situation is experienced for the rst time, rather than making a nuanced analysis of the level of threat and the ranges of possible response available, the knee jerk reaction was to go for the binary solution – on / off.

It is always easy to second guess risk management decisions after the fact, and it may well have been that in this particular situation and under those particular circumstances, shutting down airport operations was the best thing to do. However, the critical component missing in this decision was the fact that there was no clear way to trigger the re-opening of the airport.

Under a risk averse decision-making environment – which was almost certainly the situation within the airport senior management at the time – it would always have been the prudent decision, in terms of career protection if not operations management, to say: “We are not certain that it is safe to re-open the airport, therefore we will put o making that decision until we have more information.”

 

This is a classic example of crisis management as a ‘loss of sense-making’. The first question in crisis management is rarely: “What do we need to do?” It is much more likely that the first questions will be: “What the hell just happened? What does that mean? What impact is that going to have on us?” These are all questions that were clearly not suficiently well answered as part of the Gatwick risk management/crisis management process.

It is clear that the decision to close an airport is never one that is taken lightly. However, given the experience of such situations over the last few years, it is reasonable to expect that there would be a well-rehearsed process not only for making that decision, but for managing the consequences of it.

As in any crisis situation, this comes down to communication. On the one hand, it is communicating with the service users, and particularly the passengers who had been affected. As in all cases that involve national facilities and a critical suspension of operations, the story quickly turns from one of safety and security, to the competence – or otherwise – of management. It seems almost unbelievable that there is not a programme in place that can be triggered as part of the airport operations suspension to ensure that passengers are informed, those who need to be are given an appropriate level of support and that the impression given both within the UK and to the wider global audience is of management team that is responding to a critical incident in a strong and effective manner.

We are still waiting for the authoritative postincident report to be issued, but it is clear that there are a number of lessons from this incident that will be of value to any risk manger, whatever environment they are operating in. e rst, and perhaps most obvious, is that if your risk register is not regularly reviewed and updated, and the lessons learned from that review are not integrated into your overall risk management process, then you are likely to be victim to a critical incident that will escalate beyond what would have been necessary had your risk management processes been in place.

 

There had been two smaller incidents in 2017, both of which should have been red lights that fl agged up the necessity of having a fullydeveloped response capability.

 

There was nothing about the presence of an actual or suspected drone in the vicinity of the airport that should not have been planned for, and there were no consequences of the decision to close the airport that could not have been predicted.

The second point is that risk management is always about judgement. It is rare, especially in an unstable and potentially escalating situation, that there is a clear sign that the event is over. e ability to understand both the external risk and the need to monitor the organisation’s own risk appetite, and the ability to adapt that to the needs of the speci c situation, is a critical part of the responsibility associated with risk management. It is also one of the areas where the Executive Committee or C-Suite will be held responsible, both for the making of the decisions and for the impact of the consequences in the event that they (in hindsight) are seen to have got it wrong. is is a critical area where the e ective training of C-Suite decision-makers can have a critical impact in the overall success or otherwise of a crisis management situation.

The third lesson is that the rst time an event happens is always chaotic, with an inability to get a true sense of either the nature and scale of the threat, or the nature and scale of the appropriate response. is is an almost inescapable rule of crisis management. The way that you learn to deal with a crisis is to live through one. en the second time the situation arises, the learning taken from the first crisis will have a significant, and often dramatic, impact on the nature and effectiveness of the consequent response.

Whether it is the di erence between the rst and second foot and mouth disease scare in the UK, the first and second evacuation of New York in the face of severe ooding, or the response to the rst and second eruption of the Icelandic volcano, the fact that the response management teams had actually experienced a live event previously, gave them an understanding of both the event and the associated decision-making environment that could not have been replicated by any amount of training, preparation or exercising.

While we can never recreate the pressures of a true live event, we can take advantage of near misses to practise our response options in as near a live context as possible. It would be interesting to know how often the Gatwick management team had modelled and practised the response to a drone event, and particularly one that had such a signi cant impact on the overall operations of their airport.

Of course, this is not something that should have been limited to Gatwick. To a certain extent, those involved were unlucky that it happened to be them. In truth, this is something that should have been on the radar of every airport management and risk management team in the country. However, being lucky is an integral part of risk management, and as the Gatwick management team has learnt, while we cannot affect the external event, we can certainly – and we must – take responsibility for our own preparation, and the ability to respond effectively in the event that the crisis situation occurs.