Hangar and FBO Security for Private Aviation | CloseProtectionHire

Private aviation security is frequently approached as if the significant risk is airborne – hijack, in-flight threat, or airspace intrusion. In practice, the most operationally significant security gaps for HNWI principals using private aviation are on the ground: the window between arrival and departure when the aircraft is parked, when ground crew and maintenance personnel have unsupervised access, when catering and fuel are taken on board, and when the principal transits between the FBO and their destination.

Fixed Base Operators are the private aviation equivalent of a hotel lobby – a controlled space with managed access, but one that processes dozens of customers and service providers daily, and where the social norms of aviation ground operations create a culture of assumed trust between ground crew, handlers, and principals that a security-aware adversary can exploit.

The FBO Access Gap

Commercial airports operate Security Restricted Areas (SRAs) under national aviation security programmes. In the UK, this is the Department for Transport Aviation Security Programme under the Aviation Security Act 1982. In the US, TSA enforces airport security requirements under 49 CFR Part 1542. Within an SRA, access requires background screening, access credentials, and documented authorisation.

General aviation airports and the FBO facilities at mixed airports often operate outside the SRA perimeter, or benefit from access controls that are significantly less systematic than the commercial terminal. The UK CAA General Aviation Security Review (CAP 1711, 2018) identified this gap explicitly: many GA aircraft operators park on unsecured ramps where physical perimeter security is the only layer between the aircraft and the public.

An individual dressed as ground crew – hi-visibility vest, appropriate footwear, equipment bag – can access the ramp at many GA facilities without systematic challenge. This is not a theoretical scenario. It reflects the operational culture of general aviation, where ground crew are expected to be mobile and responsive. A security-aware operator manages this gap through a combination of access control at the ramp gate, a confirmation step before allowing non-pre-approved individuals near the aircraft, and hangar storage when available.

ADS-B Tracking and OPSEC

ADS-B (Automatic Dependent Surveillance Broadcast) is a surveillance technology requiring aircraft to broadcast their identity, position, altitude, and speed. Since January 2020 in the US (FAA mandate) and January 2017 in European airspace (EASA mandate), most aircraft operating in controlled airspace transmit ADS-B. Publicly accessible aggregators – FlightAware, FlightRadar24, ADS-B Exchange – make this data available to anyone with an internet account.

The security implication for HNWI principals using private aviation became a documented public discussion in 2022. Multiple open-source tracking accounts targeting specific tail numbers demonstrated that a private aircraft’s movements – origin airport, destination, departure time, arrival time – were available in near-real time to anyone monitoring the aggregators. In at least one documented case, physical surveillance of an FBO was correlated with publicly tracked aircraft movements.

The FAA Limiting Aircraft Data Displayed (LADD) programme, substantially expanded from 2023, allows US-registered N-number operators to block their tail number from participating aggregators. LADD enrolment removes the tail number from FlightAware and FlightRadar24 with a 24-hour processing delay. ADS-B Exchange does not participate in LADD, but the exposure is materially reduced for operators enrolled in the FAA programme.

For non-US-registered aircraft, LADD is not available. Mitigation options include: charter through intermediary arrangements that do not publicly associate the principal with the aircraft registration; varied departure and arrival slots; use of secondary FBO facilities; and operational communications discipline about flight schedules.

Aircraft Tampering: Threat and Mitigation

Aircraft tampering is documented at the criminal and terrorism-adjacent level, though it remains rare. Historical incidents and intelligence cases involving tampering include: introduction of foreign objects into air intakes; fuel system contamination; oxygen system valve interference; and covert installation of tracking devices.

Tampering requires unobserved access to the aircraft for a sustained period. The primary mitigation is eliminating unobserved access:

• Hangar storage. Aircraft in a locked hangar with access-controlled entry are significantly more difficult to approach than aircraft on an open ramp. Where hangar storage is unavailable, ramp parking should be in a well-lit position within CCTV coverage.
• Access logging. All personnel who approach or board the aircraft should be logged: name, affiliation, purpose, time. This applies to fuelling crew, cleaners, caterers, and maintenance technicians as well as crew and passengers.
• Crew pre-flight inspection. A thorough pre-flight inspection by the crew – covering fuel caps, fuel sample checks, air intakes, control surfaces, cargo compartment, and cockpit – is the final barrier.
• Tamper-evident markers. For high-profile principals, tamper-evident tape on external access panels is a low-cost step that makes any interference between the last crew inspection and the next visible.

The NBAA (National Business Aviation Association) Security Guide (2023 edition) covers aircraft tampering scenarios and recommended mitigation protocols as part of its IS-BAO (International Standard for Business Aircraft Operations) security framework.

P1 City FBO Environments

Private aviation in P1 city markets involves ground security requirements significantly above the European or North American baseline.

Lagos (Murtala Muhammed International Airport – General Aviation Terminal). The Lagos GAT environment requires vetted ground handlers, armed security at the aircraft for periods of extended parking, and close coordination between the FBO and the ground security detail. The Apapa-adjacent environment generates approach risk from individuals seeking to contact principals identified from flight manifests. Ground transport from the GAT to central Lagos requires a fully planned close protection operation.

Bogota (El Dorado International – Private Terminal). Private aviation operations in Colombia require ground security planning that accounts for the post-2016 FARC agreement landscape – ELN remains active, and executive kidnap remains a documented risk for identifiable HNWIs transiting Colombian airports. The ground transfer between private terminal and final destination is the primary risk window.

Istanbul (Istanbul Airport – General Aviation Terminal / Ataturk Business Aviation). Istanbul private aviation terminals are professionally managed. The primary security consideration is schedule OPSEC – Turkey’s position as a transit hub means a significant volume of intelligence-community interest in identifying the movements of regional executives, political figures, and high-net-worth individuals. Communications discipline about flight schedules is particularly important in the Istanbul context.

Dubai (Al Maktoum International / Dubai International – private terminal). The Dubai private aviation environment is well-regulated under GCAA oversight with robust access control at dedicated private terminals. The primary security consideration is OPSEC for movements that could be sensitive given the UAE’s proximity to the Iran and Yemen conflict zones and its status as a hub for regional deal-making.

Mumbai (Chhatrapati Shivaji Maharaj International – private terminal / Juhu Aerodrome). Private aviation in Mumbai requires coordination with local security services for extended parking periods and careful management of ground handler access given the general Mumbai security environment.

MRO Provider Security

Scheduled maintenance – 100-hour checks, annual inspections, avionics work – involves multiple MRO technicians over multiple days with unsupervised access to the aircraft interior. MRO provider vetting should include:

• IS-BAO or ARGUS audit status for the MRO facility
• Confirmation that employed technicians are background-checked under the applicable national standard
• A named contact who is responsible for access management during the maintenance period
• A work completion sign-off before the aircraft is returned to service, confirming all access panels are secured

For the airborne security planning – itinerary management, crew briefing, in-flight threat scenarios, and ground transport coordination at destination – that operates alongside FBO and hangar security, see our business aviation security and private jets guide. For the yacht and superyacht security framework that applies to the same HNWI client base in a marina context – crew vetting, tender access control, port security, and OPSEC for vessel movements – see our security for luxury yachts and superyachts guide.

Sources

FAA: Limiting Aircraft Data Displayed (LADD) Programme – Participation Guidance and Enrolment Procedures, 2023. US TSA: 49 CFR Part 1542 (Airport Security). UK CAA: General Aviation Security Review (CAP 1711), 2018. UK Department for Transport: Aviation Security Programme (under Aviation Security Act 1982 as amended). NBAA: Business Aviation Security Guide, 2023 edition. IS-BAO: International Standard for Business Aircraft Operations (IS-BAO) Stage 1-3 Security Requirements, IBAC, current edition. ARGUS PROS Security Rating Programme, current edition. EASA: ADS-B/Mode S Implementation Regulation (EU) 1207/2011 and implementing regulations. FlightAware Privacy Policy / LADD Participation (noted absence of ADS-B Exchange). Control Risks: Executive Travel Security – Private Aviation Risk Assessment, 2024. IATA: Ground Handling Agreement Security Annex, IGOM 2024.

James Whitfield is a Senior Security Consultant with 20 years of experience in HNWI personal security, private aviation ground security, and close protection operations across global markets.