For decades, the hijacking of a commercial airplane was seen as a way for political extremists to secure prisoner releases or political concessions.[1] On September 11, 2001, however, this paradigm changed. The devastating attacks on the World Trade Center in New York and the Pentagon in Washington demonstrated that commercial airliners could be weaponized as instruments of mass destruction[2], inflicting mass civilian casualties, paralyzing economies, and reshaping global politics.
In the years since, aviation security has been radically transformed. Reinforced cockpit doors, biometric screening, no-fly lists, and international intelligence-sharing are all part of the post-9/11 legacy. Nearly a quarter century later, aviation remains both highly symbolic and deeply vulnerable. Terrorists continue to see aircraft and airports as attractive targets, not only because of their potential for mass casualties, but also because of the profound psychological and economic disruption that airline attacks generate.
Despite heightened fears of terrorism since 9/11, the overwhelming majority of aviation disasters are still caused by human error or technical malfunction rather than deliberate attacks. According to the International Civil Aviation Organization (ICAO)[3] and multiple safety studies, pilot error remains the leading factor in aviation accidents, followed by mechanical or systems failures.[4] Terrorism-related incidents account for only a very small fraction of crashes globally. However, in the immediate aftermath of high-profile disasters such as the crash of Malaysia Airlines Flight MH370 or Metrojet Flight 9268 in 2015[5], public and media speculation often gravitates toward terrorism as the cause. While vigilance against extremist threats is necessary, overemphasizing terrorism can distort perceptions of risk and divert attention from addressing systemic issues in aviation safety.
Screening or Preening? Flying During the Era of Watchlists and Biometric Boarding
The events of 9/11 brought in a new era of securitization and surveillance exemplified by the passing by the U.S. Congress of the Patriot Act just more than a month after the attacks.[6]
Passenger screening is one area that has advanced considerably since 2001. From millimetre-wave body scanners to explosive trace detection, airports have invested heavily in preventing non-metallic or liquid-based devices from slipping through. However, terrorist innovation remains adaptive: surgically implanted devices, 3D-printed weapons, and chemical explosives continue to challenge detection systems.[7]
An equally important shift has been the introduction of biometric technologies such as facial, iris, and fingerprint recognition throughout the passenger journey. E-gates, “smart tunnels,” and biometric boarding systems now verify travellers’ identities before they even reach the gate, reducing opportunities for fraud and allowing security officers to focus more closely on passengers flagged as higher-risk. Adoption varies widely across regions, privacy regulations restrict how data can be stored and shared, and differences in technology standards create gaps that determined adversaries could exploit.[8]
The development of no-fly lists, watchlists, and Passenger Name Records (PNR) has revolutionized passenger risk profiling. However, false positives, inconsistent data-sharing, and accusations of profiling persist. Over time, watchlists have evolved from static spreadsheets into real-time, integrated vetting systems such as Secure Flight, which checks passenger identities before a boarding pass is even issued. This shift has moved the point of interdiction earlier in the travel process, making it harder for flagged individuals to slip through. Nonetheless, the system still faces two key weaknesses. First, false positives remain a recurring problem, with limited avenues of appeal for those wrongly identified. Second, so-called “clean skins,” individuals with no prior record or intelligence flags, can pass undetected because they simply do not appear on any list. These limits make clear that watchlists cannot stand alone; they must function as one layer within a broader, multi-tiered security approach.[9]
Evidence suggests that technology-driven upgrades, such as CT scanners and enhanced data-sharing, have proven more effective than crude “security theater” methods like mandatory shoe removal. Unlike psychological profiling, which risks bias and uneven application, layered technological vetting and intelligence integration offer measurable improvements in detecting threats without relying on subjective human judgment. The recent elimination of the shoe-removal requirement in U.S. airports, enabled by CT scanner deployment, illustrates how smarter technology can replace outdated rituals while maintaining or even enhancing security.[10]
The Security Dilemma of Airline Personnel: First Responders, But Also Prime Suspects
Cabin crew are often overlooked in security debates, yet they are the first responders in the sky. Since 9/11, they have been trained not just in passenger service but also in threat detection, conflict de-escalation, and emergency restraint. However, their ability to neutralize threats is limited by resource constraints and the physical environment of the aircraft. The shift in hijack protocols, where crew and passengers are now expected to resist rather than comply has improved resilience but also introduced risks of escalation.[11]
At the same time, flight attendants themselves can be both an asset and a potential vulnerability. Because they move freely throughout the cabin and interact with passengers, they are in a unique position to spot suspicious behaviour early but this also makes them prime targets for coercion or insider recruitment. Fatigue, high turnover, and uneven training standards can reduce their effectiveness, especially during long-haul flights or in high-stress situations. In rare cases, disgruntled employees or those facing financial or personal pressures could be exploited by malicious actors, much like ground staff or maintenance personnel.
Even pilots can be security threats. The 2015 Germanwings Flight 9525 tragedy, in which a co-pilot deliberately crashed his aircraft into the French Alps, killing 150 people, demonstrated how individuals already entrusted with command could exploit their authority to catastrophic ends. Mental health screening, “two-person cockpit rules,” and monitoring systems have since been strengthened, but enforcement varies widely by country. The underlying challenge remains: pilots, while highly trained and vetted, are human actors subject to stress, depression, radicalization, or coercion.[12]
The risks extend beyond the cockpit to the broader “insider lifecycle” within airlines. Employees with airside access, including baggage handlers, catering staff, and maintenance crews also represent a security vulnerability, as they can bypass security checkpoints altogether. This insider threat is particularly difficult to manage, as these individuals are essential to airport operations. In 2015, an employee at Mogadishu’s airport smuggled a bomb onto a Daallo Airlines flight disguised in a laptop, leading to an onboard explosion, which fortunately only killed the bomber. Three years later, in 2018, a ground service worker at Seattle-Tacoma International Airport stole and crashed a turboprop plane, showing how insider access can be abused not only for terrorism but also for personal or suicidal purposes.[13]
Traditional one-time background checks are giving way to more continuous oversight, covering criminal records, financial pressures, and social or behavioural warning signs. Airlines are also tightening access privileges, ensuring staff only have the minimum clearance needed for their role, and requiring periodic revalidation of credentials. For pilots specifically, regulators are debating standardized approaches to psychological evaluation, stricter duty-time and fatigue limits, and confidential reporting channels that encourage early intervention without stigmatizing those who seek help. Together, these measures reflect a shift from reactive checks to an ongoing process of monitoring and support aimed at preventing insider threats before they escalate.
Insider exposure is not limited to core airline employees as it extends across contractors, vendors, and third-party service providers. Audits have repeatedly uncovered credential-management failures, such as access badges remaining active after staff departures, or inadequate vetting for temporary workers with unescorted airside privileges. The aviation sector faces chronic labour shortages, worsened by responses to the COVID-19 pandemic and subsequent travel rebound. In 2024, the TSA reported a 20% vacancy rate for security screeners, driving reliance on overtime, shortening training cycles, and stretching already thin teams. Airlines and airports alike are struggling to recruit and retain qualified pilots, mechanics, and security personnel, raising concerns about both safety and consistency of standards. High turnover and fatigue not only undermine vigilance at checkpoints but also heighten the risk of mistakes or lapses that insiders — or adversaries —can exploit.[14]
Maintaining the Plane: Security Changes Post-9/11 Focus on Cockpit, Tampering
Aircraft maintenance is both highly technical and highly trusted. A single insider could sabotage flight systems, tamper with avionics, or introduce explosive devices during servicing. While multi-level oversight reduces this risk, the complexity of modern aircraft means sabotage may go undetected until airborne. Ensuring robust oversight and rotating teams for critical tasks are emerging best practices.
The same vulnerabilities extend to the areas around the aircraft. Airport perimeters and airside zones are often less secure than passenger screening points, making them attractive targets for intrusion. Breaches have occurred due to weak fencing, poor surveillance coverage, and slow response times, allowing unauthorized individuals to reach restricted areas or even active runways. To address these risks, many airports are adopting multi-sensor detection systems that combine radar, thermal imaging, and fiber-optic monitoring, integrated directly with air traffic control.[15]
One of the most visible reforms after 9/11 was the reinforcement of cockpit doors to prevent hijackers from storming the flight deck. Combined with restricted access protocols, this change has dramatically reduced the feasibility of passenger-led cockpit takeovers.[16]
To address the vulnerability created when cockpit doors are opened mid-flight, the FAA has mandated “secondary barriers” on new aircraft. Southwest Airlines has begun installing retractable gate-like partitions on its Boeing 737s, offering greater protection than the traditional beverage cart block. Although implementation was scheduled for August 2025, the Federal Aviation Administration (FAA) extended the deadline by a year after airlines cited certification and training delays, even as unions push for faster adoption.[17]
Aviation Technology Has Changed Significantly Since 9/11
Modern aircraft are increasingly reliant on digital systems for navigation, communication, and maintenance. Airlines and airports also depend on integrated IT platforms for ticketing, baggage handling, and cargo tracking. This creates vulnerabilities to cyberattacks, whether targeting flight operations or paralyzing airports through ransomware. The aviation industry has only recently begun to treat cybersecurity as seriously as physical security, but gaps remain.
These include satellite communication (SATCOM) links, avionics software update channels, and airport operational technologies such as baggage handling systems, flight information displays, and fueling networks. Studies and simulations suggest that a coordinated attack could trigger cascading failures across multiple hubs, causing widespread disruption.[18]
Passenger baggage has become subject to intense scrutiny, yet cargo freight remains a softer target. The 2010 “printer bomb” plot, in which Al Qaeda in the Arabian Peninsula (AQAP) concealed explosives in printers shipped on cargo planes bound for the U.S., revealed the vulnerabilities of freight. Unlike passengers, cargo moves in vast volumes, making comprehensive screening difficult.[19]
With the rise of e-commerce and just-in-time logistics, air cargo has increased dramatically. Screening protocols are inconsistent across jurisdictions, and small packages are especially hard to monitor. Moreover, cargo often shares space with passengers on commercial aircraft, multiplying the risks. Efforts such as risk-based cargo profiling and advanced imaging technology help, but the sector remains a prime concern for security services.
Cheap, commercially available drones have opened a new front in aviation security. Small quadcopters can easily disrupt airport operations by flying into restricted airspace, interfering with take-offs and landings, or even striking aircraft engines. Major airports such as Heathrow and Gatwick have already endured costly shutdowns following suspected drone incursions, underscoring how even a single device can paralyze air traffic. Beyond disruption, drones can also be used for surveillance of airport perimeters or deliberately weaponized to target parked aircraft, fuel depots, or crowded terminal areas.[20]
Civil aviation has repeatedly been caught in the crossfire of geopolitical tensions and armed conflict. The downing of Malaysia Airlines Flight MH17 over Ukraine in 2014, and the tragic destruction of Ukrainian International Airlines Flight PS752 in 2020, underline the risks of operating in or near conflict zones. These incidents show that even routine commercial flights can become casualties of military escalation or miscalculation. Airlines and regulators face a constant tension between commercial pressures to maintain routes and the safety imperative to avoid high-risk airspace.[21]
The challenge is made worse by inconsistent threat assessments. In 2025, for example, the U.S., European Union, and China issued conflicting advisories about overflights of the South China Sea, leaving carriers unsure of which warnings to prioritize. Such divergences create confusion, increase operational complexity, and risk uneven mitigation strategies across airlines. This fragmentation is mirrored at the airport level: a 2022 INTERPOL report[22] found that 37% of airports in Africa and 29% in Southeast Asia lacked advanced explosive detection systems, compared to near-universal deployment in North America and Western Europe.[23]
Two Decades On: Evolving Threats, Enduring Lessons
Twenty-four years after 9/11, aviation security has come a long way. Cockpit reinforcement, advanced passenger screening, and international cooperation have made it harder for terrorists to replicate the tactics of September 2001. Nevertheless, the aviation sector remains a high-value target, and vulnerabilities have shifted: pilots themselves, ground staff, cargo, drones, and cyber threats now pose some of the greatest risks.
The enduring lesson of 9/11 is that aviation security is never static. As technology evolves and threats diversify, so too must the safeguards protecting passengers, airlines, and airports. Policymakers must resist complacency, avoid reactive fixes, and instead build system-wide resilience that integrates human, technical, and digital dimensions.
[1] Patterson, Thom, 'How the era of ‘skyjackings’ changed the way we fly', CNN-US, October 2, 2027, Why US airline hijackings spiked in the early 1970s | CNN
[2] Ito H, Lee D., ‘Assessing the impact of the September 11 terrorist attacks on U.S. airline demand’, J Econ Bus. 2005 Jan-Feb; 57(1):75-95, Assessing the impact of the September 11 terrorist attacks on U.S. airline demand - PMC
[3] ICAO (2024) ‘Safety Report’, Montreal-Canda, ICAO_SR_2024.pdf
[4] Yilmaz, A. A. (2025), ‘Critical Connections: Network Analysis of Human Errors in Aviation Accidents’, The International Journal of Aerospace Psychology, 1–27. https://doi.org/10.1080/24721840.2025.2531741
[5] Shalal, Andrea ‘U.S. lawmakers see no evidence of terrorism in Malaysia jet crash’, Reuters, March 31, 2014, U.S. lawmakers see no evidence of terrorism in Malaysia jet crash | Reuters
[6] Blalock, Garrick, et al. “The Impact of Post‐9/11 Airport Security Measures on the Demand for Air Travel.” The Journal of Law & Economics, vol. 50, no. 4, 2007, pp. 731–55. JSTOR, https://doi.org/10.1086/519816
[7] Schaper, David, ‘It Was Shoes On, No Boarding Pass Or ID. But Airport Security Forever Changed On 9/11’, September 10, 2012, NPR, TSA Timeline: How Travel And Airport Security Changed After 9/11 : NPR
[8] Magdalena Tomaszewska-Michalak (2022) ‘Biometric Technology 20 Years After 9/11– Opportunities and Threats’, Studia Politologiczne, Vol. 63, pdf-147957-73904
[9] Stephen W. Dummer (2006) ‘When False Positives and Secure Flight Using Dataveillance When Viewed Through the Ever Increasing Likelihood of Identity Theft’, Journal of Technology Law & Policy, Volume 11, Issue 2, False Positives and Secure Flight Using Dataveillance When Viewed Through the Ever Increasing Likelihood of Identity Theft
[10] Bryan Walsh, ‘America is finally moving past its post-9/11 security theater’, Vox, July 12, 2025, America is finally moving past its post-9/11 security theater | Vox
[11] Leslie Joseph, ‘How the Sept. 11 terrorist attacks forever changed air travel’, CNBC, September 11, 2021, How 9/11 forever changed air travel
[12] Pasha T, Stokes PRA, ‘Reflecting on the Germanwings Disaster: A Systematic Review of Depression and Suicide in Commercial Airline Pilots’, Front Psychiatry, 2018 Mar 20, Reflecting on the Germanwings Disaster: A Systematic Review of Depression and Suicide in Commercial Airline Pilots - PMC
[13] Robert Liscouski and William McGann, 'The Evolving Challenges for Explosive Detection in the Aviation Sector and Beyond, ' CTC Sentinel, May 2016, Volume 9, Issue 5, The Evolving Challenges for Explosive Detection in the Aviation Sector and Beyond - Combating Terrorism Center at West Point
[14] Jules Yimga, 2025. "Managing risk and reputation: What TSA complaint trends reveal about transportation security challenges in 2023–2024," Journal of Transportation Security, Springer, vol. 18(1), pages 1-20, Managing risk and reputation: What TSA complaint trends reveal about transportation security challenges in 2023–2024
[15] Halawi, L., Miller, M., & Holley, S. (2024) ‘Beyond the Blue Skies: A Comprehensive Guide for Risk Assessment in Aviation,’ IntechOpen, Beyond the Blue Skies: A Comprehensive Guide for Risk Assessment in Aviation | IntechOpen
[16] Les Abend, ‘A Perspective on Cockpit Security since 9/11’, FlyingMag, October 2, 2024, A Perspective on Cockpit Security since 9/11
[17] Aero News Journal, ‘Southwest Airlines Pioneers Secondary Cockpit Barrier on First Passenger Flight’, August 31, 2025, Southwest Airlines Pioneers Secondary Cockpit Barrier on First Passenger Flight
[18] Gaurav Dave et al, ‘Cyber security challenges in aviation communication, navigation, and surveillance’, Computers & Security, Volume 112, 2022, Cyber security challenges in aviation communication, navigation, and surveillance - ScienceDirect
[19] BBC News, ‘Yemen mail bomb 'could have detonated over eastern US'’, November 10, 2010, Yemen mail bomb 'could have detonated over eastern US' - BBC News
[20] Sky Safe, ‘Drones and Airplanes: A Growing Threat to Aviation Safety’, May 30, 2024, Drones and Airplanes: A Growing Threat to Aviation Safety | SkySafe
[21] Lisa Barrington et al, ‘Expanding missile threats and airspace closures are straining airlines’, Reuters, June 10, 2025, Expanding missile threats and airspace closures are straining airlines | Reuters
[22] IINTERPOL (2022) ‘2022 INTERPOL GLOBAL CRIME TREND SUMMARY REPORT.’, Global Crime Trend Summary Report EN.pdf
[23] Tobias Feakin (2011), ‘INSECURE SKIES? Challenges and Options for Change in Civil Aviation Security’, RUSI, Insecure Skies_AG.indd
