In July 2024, unstable improvised incendiary devices were deliberately shipped inside packages via the air cargo network. The devices were designed to ignite during transit. They were not sophisticated military ordnance. They were crude, effective, and concealed within the kind of everyday items and packaging that moves through air cargo networks by the millions every day.

The incident was a stark reminder that the air cargo supply chain remains one of aviation's most challenging security environments, and one where the threat is evolving faster than many organisations' defences. While passenger screening receives the majority of public attention and regulatory scrutiny, cargo security operates largely out of sight, handling vastly greater volumes with proportionally fewer resources and less public accountability.

For more than 20 years, Redline Assured Security has worked with cargo operators, freight forwarders, ground handlers, and regulators to build the training, assurance, and security management systems that protect the air cargo supply chain. As TrustFlight's security capability, Redline brings government-standard security expertise to an industry that can no longer afford to treat cargo security as the quieter, less urgent sibling of passenger screening.

The E-Commerce Surge and What It Means for Cargo Security

Global air freight volumes continue to climb, driven in large part by the surge in cross-border e-commerce. The International Air Transport Association (IATA) reported approximately 22.7 billion tonne-kilometres of air freight in 2025, with significant year-on-year growth projected to continue. Much of that growth comes from time-sensitive, high-value consumer goods shipped in unprecedented volumes across international borders.

For security teams, this growth is not just a logistics challenge. It is a security challenge. Every additional package is another item to screen, assess, and clear. The characteristics of e-commerce cargo compound the difficulty: high volumes of small, individually packaged items, often with limited advance information about contents, shipped through complex, multi-party supply chains that span multiple jurisdictions.

Traditional cargo security models were designed for a world of palletised freight moving between known commercial partners with established relationships. E-commerce has introduced millions of individual consignments from unknown senders, routed through aggregation hubs, and loaded onto aircraft alongside conventional freight. The security assumptions that underpin the known consignor model are stretched thin when the consignor is an anonymous seller on a marketplace platform and the consignment is a single parcel among thousands.

This is not a future problem. It is a present one. And the organisations that fail to adapt their cargo security programmes to the e-commerce reality are carrying risk they may not fully understand.

The Screening Bottleneck

Here is the uncomfortable reality: screening infrastructure has not scaled at the same rate as cargo volumes.

The technology required for effective screening, particularly for detecting concealed threats in dense, complex cargo, demands significant investment. Advanced X-ray systems, computed tomography (CT) scanners, and explosive trace detection equipment are expensive to procure, install, and maintain. The facilities to house them need to meet specific regulatory and operational requirements. And the throughput capacity of even the most advanced screening systems has physical limits.

There are not enough certified screening facilities to handle current throughput without creating bottlenecks. When cargo volumes spike, particularly during peak e-commerce periods, the pressure on screening operations intensifies. The temptation to prioritise speed over thoroughness is real, and it is exactly the kind of pressure that creates security gaps.

The cost of upgrading equipment and training operators falls disproportionately on freight forwarders and ground handlers already operating on thin margins. For smaller operators in particular, the capital investment required to maintain state-of-the-art screening capability is a genuine barrier. This creates an uneven security landscape where the quality of screening varies significantly across the supply chain.

The Evolving Threat Picture

The July 2024 incendiary device incident was not an isolated event. It was a data point in a trend. Threat actors have demonstrated sustained interest in exploiting the air cargo supply chain, and their methods continue to evolve.

The cargo environment presents several characteristics that make it attractive to adversaries. Volumes are high and growing. Supply chains are long, with multiple handoff points. Advance information about consignment contents varies in quality and reliability. And the sheer diversity of items moving through air freight, from electronics to chemicals to consumer goods, creates a screening challenge that is fundamentally different from passenger baggage.

Concealment techniques are becoming more sophisticated. Threats are designed to evade detection by X-ray screening, exploiting the visual complexity of dense cargo to hide prohibited items. The IID devices sent in July 2024 were deliberately concealed within items that appeared routine. Without highly trained screeners using current screening technology,  these items can pass through screening checkpoints undetected.

The convergence of physical and cyber threats adds another dimension. Supply chain management systems, customs documentation platforms, and cargo tracking tools are all potential targets for cyber intrusion. A compromised system could be used to manipulate cargo manifests, alter screening records, or bypass security controls without any physical breach. The insider threat dimension, covered elsewhere in this series, applies equally to cargo operations, where access to warehouses, screening facilities, and aircraft loading areas is held by a large and often transient workforce.

Known Consignor, Known Risk

The known consignor and regulated agent model is the backbone of air cargo security across the EU and UK. Trusted supply chain participants undergo vetting and inspection to earn the right to ship goods with reduced screening requirements. In principle, the model is sound: it concentrates screening resources on unknown and higher-risk consignments while allowing verified, low-risk cargo to move efficiently.

In practice, the model is only as strong as the assurance behind it.

When a known consignor programme is well-managed, with regular audits, trained assessors, and a robust security management system, it provides genuine risk reduction. Auditors who understand the current threat picture can assess whether a consignor's security measures are truly effective or merely compliant on paper. Trained Auditors can also evaluate whether the controls in place would actually detect or prevent the types of threats that the cargo supply chain faces today.

When the programme becomes a paper exercise, renewed annually and forgotten in between, it creates a false sense of security that is arguably more dangerous than having no programme at all. A known consignor designation that was earned through rigorous assessment and maintained through continuous assurance is a genuine security measure. One that was ticked off on a form and filed in a drawer is a liability.

The quality of auditing and assessment is not a bureaucratic detail. It is the mechanism that determines whether the known consignor model actually works. Organisations that invest in trained, current, and rigorous auditors are building real security. Those that cut corners on assurance are building a facade.

Screener Competency: The Last Line of Defence

When a consignment reaches the screening point, the X-ray operator is the last line of defence. Everything upstream, the supply chain controls, the documentation checks, has either worked or it has not. The screener's job is to catch what everything else missed.

This makes screener competency one of the most critical variables in air cargo security. And it is a variable that requires continuous investment.

Threat Image Recognition Training (TIRT) is one of the the primary mechanisms for maintaining and testing a screeners competency. TIRT presents screeners with X-ray images containing concealed threat items, measuring their ability to detect threats under realistic conditions. The quality and currency of the threat library matters enormously. Screeners trained on unrealistic imagery will not be prepared for the concealment techniques that current threat actors employ.

Standardised Image Interpretation Testing (SIIT) provides the benchmarking framework to assess screener performance against consistent standards. Together, TIRT and SIIT ensure that screener competency is not assumed but measured, and that gaps in performance are identified and addressed through targeted training.

Redline delivers TIRT and SIIT programmes using current, realistic threat imagery across both 2D and Computed Tomography 3D screening formats. The difference between a screener who last saw threat images six months ago and one who trains regularly is not marginal. It is the difference between detection and a miss.

E-commerce cargo presents particular screening challenges. The density and diversity of items in small packages creates cluttered, visually complex X-ray images where threat items are harder to identify. Screeners working high-volume cargo operations face fatigue, time and operational pressure that can degrade performance.  Training and testing programmes need to account for these real-world conditions rather than assuming ideal operating environments.

Regulatory Pressure from All Directions

The regulatory landscape for air cargo security is tightening across multiple jurisdictions simultaneously.

In the United States, the TSA enforces 100% cargo screening with stricter background checks, restricted facility access controls, and new chain-of-custody documentation standards designed to reduce cargo tampering. In the UK, the CAA's security regulation covers air cargo as part of a comprehensive framework encompassing airport, airline, and ancillary operations, with continuous review of measures to ensure they remain appropriate, proportionate, and effective.

The EU's aviation security regulations mandate comprehensive screening protocols and require logistics firms across European airspace to invest in security solutions that meet defined standards. EASA's cybersecurity requirements, under Implementing Regulation 2023/203, add a digital security dimension that cargo operators must now address alongside their physical security obligations.

For cargo operators working across multiple jurisdictions, the compliance burden is significant. Different regulators have different requirements, different audit standards, and different expectations for documentation and reporting. Organisations without a structured security management system to track and coordinate compliance across these frameworks risk falling out of compliance in one jurisdiction while focusing their attention on another.

Connecting the Cargo Security Chain

The air cargo supply chain is long and involves multiple handoffs: shipper to forwarder, forwarder to ground handler, ground handler to airline. Each handoff is a potential point of vulnerability. Each participant has their own systems, their own training standards, and their own interpretation of regulatory requirements.

The organisations that manage cargo security effectively are those that treat it as a connected system rather than a series of independent checkpoints. That means security management systems that provide visibility across the chain, training programmes that maintain consistent standards across all participants, and audit frameworks that test real-world performance rather than documented intent.

Security Management Systems (SeMS) provide the structured framework for this connected approach. When implemented across the cargo supply chain, SeMS creates the visibility, accountability, and feedback loops that turn individual security measures into a coherent programme. Risk assessments inform screening priorities. Audit findings drive training updates. Incident data feeds back into threat assessments. Each element strengthens the others.

TrustFlight's integrated approach, connecting Redline's security training and assurance expertise with safety and security technology, provides cargo operators with the tools to manage security as a connected system. When your training records, screening competency data, audit findings, and compliance tracking sit within a single, integrated platform, you can see the full picture rather than managing security through disconnected spreadsheets and standalone systems.

Building Genuine Cargo Security Resilience

The e-commerce boom is not slowing down. Air cargo volumes will continue to grow. The threat actors targeting this supply chain are adaptive, patient, and willing to exploit any gap in the security chain.

Meeting that challenge requires more than better technology at the screening point, though technology matters. It requires trained people who understand the current threat picture, not last year's briefing. It requires assurance programmes that test real-world performance, not just documented procedures. It requires security management systems that connect the entire supply chain into a coherent, visible, and accountable operation.

And it requires the recognition that cargo security is not a standalone discipline. It connects to personnel security, cyber security, crisis preparedness, and the broader safety and compliance ecosystem that every aviation organisation must manage. When these elements work in isolation, gaps appear. When they work together, as part of an integrated security capability, the result is genuine resilience.

Trust in your security is not built at any single checkpoint. It is built across the entire chain.

Frequently Asked Questions

Why is air cargo security considered more challenging than passenger screening?

Air cargo presents unique challenges that differ from passenger screening in several important ways. Volumes are significantly higher and growing rapidly due to e-commerce. Consignments are more diverse, ranging from electronics to chemicals to consumer goods, creating visually complex screening images. Supply chains are longer, with multiple handoff points between parties. And advance information about contents is often less detailed and reliable than for passenger baggage. These factors combine to make cargo screening operationally demanding and resource-intensive.

What happened in the July 2024 air cargo incendiary device incident?

In July 2024, unstable improvised incendiary devices (IIDs) were deliberately concealed inside packages and sent via the air cargo network. The devices were designed to ignite during transit. The incident demonstrated that threat actors continue to target the air cargo supply chain and are willing to use crude but effective methods concealed within routine everyday items. It underscored the importance of screener competency, current threat imagery in training programmes, and robust security management across the supply chain.

What is the known consignor model and does it still work?

The known consignor model is the foundation of air cargo security across the EU and UK.  It allows supply chain participants who have been vetted and inspected to ship goods with reduced screening requirements, concentrating screening resources on unknown and higher-risk consignments. The model works when it is backed by rigorous, ongoing assurance: regular audits, trained auditors, and continuous compliance monitoring. It fails when it becomes a paper exercise. The quality of the assurance behind the known consignor designation is what determines its security value.

What is TIRT and why is it important for cargo screening?

Threat Image Recognition Training (TIRT) is a programme that presents X-ray screeners with images containing concealed threat items, testing and developing their ability to detect threats under realistic conditions. For cargo screening, TIRT is particularly important because the density and diversity of items in cargo consignments create cluttered X-ray images where threats are harder to identify. TIRT programmes using current, realistic threat imagery are essential for maintaining screener competency. Redline delivers TIRT across 2D and Computed Tomography 3D formats as part of TrustFlight's security capability.

How does e-commerce specifically affect cargo security risk?

E-commerce introduces millions of individual consignments from unknown senders, routed through complex aggregation networks, and loaded onto aircraft alongside conventional freight. This challenges the regulated agent / known consignor model, which was designed for established commercial relationships. E-commerce parcels are typically small, individually packaged, and arrive with limited advance information about contents. The sheer volume creates screening throughput pressure, and the diversity of items creates visually complex X-ray images that increase the demands on screener competency.

What role does a Security Management System play in cargo security?

A Security Management System (SeMS) provides the structured framework to manage cargo security as a connected programme rather than a series of isolated checkpoints. SeMS integrates risk assessment, compliance tracking, incident management, training records, and audit findings into a single system. This creates the visibility and accountability needed to identify gaps, coordinate response across supply chain participants, and demonstrate compliance to regulators across multiple jurisdictions. TrustFlight's security technology platform includes SeMS solutions designed for aviation and critical infrastructure, connected to Redline's training and quality assurance expertise.

What should cargo operators prioritise to improve their security posture?

Three priorities stand out. First, invest in screener competency through regular quality assurance and TIRT and SIIT programmes that reflect the actual threat picture. Second, strengthen the assurance behind regulated agent and known consignor programmes through trained auditors and robust audits that test real-world performance rather than documented intent. Third, implement a structured Security Management System that connects training, screening, compliance, quality assurance, and incident data into a single, integrated framework. These measures, taken together, build the kind of connected security resilience that the current threat landscape demands.