Several of our colleagues were involved in the chaos, causing major upset to their holiday plans as well as significant additional costs. Several customer staff who were involved reported their laptop, mobile phone and house and car keys going missing, possibly stolen.

You may very reasonably be asking yourself why I am writing about this? Was I involved and want to let off steam? Do I want to support my colleagues and customers who were so badly treated? No, my purpose is much more serious. This situation is a classic case where a major enterprise failed to understand that business agility was by far and away the most important business objective they should have been pursuing. BAA was required by government edict to implement modified processes and they were completely unable to cope. They suffered what must be described as TOTAL SYSTEMS FAILURE.

The results were immediately catastrophic to passengers suffering horrendous delays, loss of valuable personal technology and real inconvenience through loss of house and car keys. The results for the businesses will gradually come clear as a) the airlines and passengers start to file law suits and b) passenger numbers drop dramatically as potential customers actively avoid going through Heathrow.

Shareholders must not be sympathetic to BAA’s excuse that this was an unprecedented circumstance.

One would assume the UK government’s published security level policy would be a matter of great interest to BAA. BAA should have made plans to respond to changes in the type, number and level of security checks made over time. Further it would be reasonable to assume BAA would be actively looking to increase the process performance of security measured both in terms of throughput and security effectiveness. But no, BAA continued to operate a blanket process which focused on taking mints from 70 year old grandmothers, laptops from "regular traveller" business people and asking youth orchestras to put their invaluable, antique instruments in the care of the Heathrow baggage handlers.

Presumably no one asked the question whether a stable security system is inherently less secure than an agile, changing security system which makes is much harder for the potential terrorist to make their plans.

CBDI provided detailed guidance on this topic OVER THREE YEARS AGO!

In early 2003 CBDI published two reports on the subject of modelling for SOA, and specifically for the agile business. In April the second of these reports comprised a worked example – based on airport security! Yes back in 2003 CBDI provided the airline industry with a worked example of how a service oriented architecture approach to airport security might work. The reason that we chose this example was of course that since 9/11 there had been a huge focus upon security in general and airport security in particular.

We illustrated techniques such as ecosystem analysis, service modeling, collaborative processes, policy modelling and context modelling to the subject. A primary thrust of the report was that the only way to solve this problem is by using the DIFFERENTIATED SERVICE PATTERN. Furthermore we identified that the actual selection criteria must be kept secret from competitors and business partners, as well as from the customers themselves. That if customers discovered the criteria, they could then manipulate them to their own advantage. Even at that time we recognized that simplistic profiling based say on race, religion and age, would be ineffective. Rather a complex set of policies should be employed that are constantly changing to ensure potential terrorists cannot forecast a reasonable chance of success.

After the chaotic events of last week government ministers and BAA officials were quoted as saying “nothing will be the same again”. But within days the announced government security level was reduced and the security regulations were relaxed. Everything went back to nearly normal.

My recommendation to the airline industry is that they need to undertake a radical review of security and their ability to respond to unforeseen events.

Frankly other businesses shouldn’t be complacent. Sometimes it seems that agility is one of those system characteristics that's almost impossible to quantify, and so the business case for SOA is extremely hard to make. Consequently business units are allowed to plough their own furrow and enterprise SOA initiatives fail to deliver the real potential. Sensible businesses need to look more closely at their core business and determine what their real requirement for agility is. Don’t get caught out.

If you would like to learn more about CBDI Forum’s unique insight into business modeling for SOA may like to consider attending a SOA for Business Analysts workshop