Socio-Economics meets Security

Executive Summary:
Security is a relatively nebulous concept and hence the quantification of the impact of a security policy at the public or operational level is similarly difficult to identify with any degree of certainty. In the past two decades there has been a movement away from ideologically driven policy approaches to the more nuanced idea of evidence driven policy. For many applications the evidence is often in the form of empirical results from scientific experiments. However, security policy has been resistant to the conventional evidence based policy development mechanisms for several reasons. First, the emotive nature of the subject, security in the broadest sense is a matter of life and death and when stakes are such as these a precautionary approach has prevailed. Second, the very nature of evidence in the security domain is filled with difficulties. Data collected on historical incidents cannot be relied on to paint a fair picture of the underlying drivers. Each security incident, be it in an airport, a train or in the provision of an important public utility has an almost unique set of circumstances under-pinning its realization. Furthermore, it is impossible for us to quantify using an empirical approach all of the incidents that did not happen due to a litany of factors many of which cannot be measured or even identified after the fact.

Into this difficult policy arena comes the SECONOMICs project. We approach the security problem from a foundational viewpoint, looking at the main technological, behavioural and social drivers of security risks and then incorporating this information into a menu of tools (our toolkit) that can be used by policy makers at operational and public policy levels to provide perspective on the potential impacts of their decisions. SECONOMICS is an EU funded project which deals with issues such as the mitigation of potential security threats and the sustainability of security. The main objective of the project is to provide a direction to policy-makers seeking to understand their policy alternatives and the possible effects of these policies.

The project partners in SECONOMICS have conducted interdisciplinary studies in research areas of media analysis, the public economics of institutions and the quantitative operational research of organizations. In previous years, other projects have studied the security policy problems in an isolated manner which considered only one or two research areas. In SECONOMICS, we use a unique approach which combines the abovementioned research areas all together. This allows the project to provide policy-makers with broader view and deeper insight in the security policy issues and solutions.

SECONOMICS has three scientific work packages: comparative media analysis of security, public policy and economics of security, and operational research on adversarial risk analysis. While each scientific work package can tackle the security policy issues and solutions separately, our aim in the project has been to generate coordinated and aggregated view on them. The SECONOMICS approach is based around three industry driver case studies: Aviation, Critical National Infrastructure, and Regional and Urban Transport, these form our user case studies. The scientific work packages observe patterns of risk in the security setting for them and build reality models. These models are rich enough to capture the important effects from the patterns but tractable enough to make predictions.

The research and deliverables from the SECONOMICS project have been disseminated widely both nationally and internationally through journal and conference papers and various industrial events. Information from the project has been made available to both academia and industry.

Project Context and Objectives:
A summary description of project context and objectives

The EC FP7 SECONOMICS (Socio-Economics meets Security) project brought together leading European research groups, state-of-the-art scientific tools and key industry players to investigate the current and emerging threats for both information and physical security in critical infrastructure industries. The project was particularly driven by industry case studies in the protection of civil aviation, regional and urban transportation and critical national infrastructure, which are all indispensable to the economic and social lives of EU member states. The research focus placed social science and political science at the heart of the modeling framework. Our scientific approach integrates expertise into social, economic, system and risk modelling and provides a basis for initial developments of decision-support methodologies and tools for policy makers.

SECONOMICS Context

Faced with multi-level governance systems, recent research on security has stressed the inter-relatedness of policy content and institutional context in this area. This research focus is required in order to push the discussion beyond its narrow assessment of the current institutional set-up. Therefore it is timely and crucial in the security research within the current multi-level governance system to take into account not only national level, but also the European and international levels. For example, involvement in international organizations such as NATO can produce conflicting security interests and policies among the EU member states, or similarly energy requirements or energy demand can affect policy process and further complicate the system of multilevel governance.

This is even more important when considering the existing divergences in the interpretation of basic norms such as democracy, human rights, the rule of law, within the domestic–national arenas of EU member states and the transnational arena of EU and global institutions. These various distinct norms in different entities have direct effect on policy decisions in the fields of security and risk and go far beyond the issues of institutional set-ups, to the core of normative interpretations of social reality.

As a result, research in multilevel governance, ends to concentrate on institutional actors, while the literature on the social perception of security and risk, and attitudes towards these phenomena, underlines the importance of individual dimension, distinguishing between “objective risk” and “subjective risk”, based on perception, and "acceptable risk", in terms of attitudes. Hence it is necessary to have a complex research agenda concentrating on developing models of the communication needs required to address not only institutional actors, but also the individual actors and the patterns of communication and mobilization related to issues of security and risk perception and acceptance.

In recent years, the issue of security and risk have increasingly been topics of social mobilization. Numerous non-governmental actors enter the public sphere and successfully mobilize the citizens against policies they regard as threats to sustainable development (e.g. nuclear energy, safety of nuclear power plants, etc.), but also enlargements of, for example, existing airports often justified by the need for improvement of existing security measures) and democratic governance (e.g. airport security measures, the presence of foreign military forces on the national territory, public surveillance mechanisms, establishment of general publically available databases, etc.).

Furthermore, citizens, and civil society actors are increasingly concerned about the apparent conflict between privacy and security, and about the cost of security. They are concerned about the implications of new security measures in terms of political use, social control, or abuse. This awareness, combined with the lack of effective communication on behalf of political elites and the mobilization power of the so called “securitization”, often results in deep social divides, which must be addressed by research that combines disciplinary approaches and focuses on institutional- and individual-level actors and their mutual interplay.

Therefore, the aim of the SECONOMICS project was to overcome the current limitations in technical and social policy architectures by using various approaches that can dynamically investigate the multi-level policy structures in the areas of security and risk, and to create potential policy recommendations based on the results.


SECONOMICS Challenges and Objectives

Security in its most general form is an elusive concept. Preventing current threats and forecasting emerging and future threats to security is one of the most challenging problems facing policy makers. This raises a set of unique challenges in the area of security research. Specifically, the SECONOMICS project focused on providing potential resolutions for the following issues and related challenges:

Social Conflicts: Choosing policies that pre-empt and prevent security threats whilst minimizing the impact on citizens' rights and privacy has emerged as arguably the most important policy challenge in the last ten years. Inappropriately applied security policies have many negative impacts associated with them. Feelings of insecurity and anxiety have are often correlated with rising national isolation and perceived loss of democratic freedoms.

Coordination: Security risks are, in general, global and it is not possible or optimal to react to them on a purely national level. As such there is a demand on supra-national entities, such as the European Union, to coordinate security policy. In a global environment, the ability of single countries, no matter how large, to undertake unilateral security decision-making is limited. Bilateral and multilateral decision-making is inarguably the only way to find a globally optimal settlement. Furthermore, simple results from game theory teach us that cooperation is often characterized by a very fragile and unique or narrowly permitted set of equilibrium states. Therefore, as shown in Figure 1, the challenge of coordination within the EU and with third-party states is likely to be rather a complex one.

Demands and Social Awareness: Security demands between various member countries, various industrial sectors, regulators, infrastructure providers and most importantly citizens are interconnected but sometimes antagonistic. Security demands in this context work on different levels:
• The security of the nation state as an entity;
• The security of ties between nation states;
• The security of citizens, both economically and physical security;
• The security and stability of the economic and financial environment;
• The security of the social well-being of citizens;
• Through everyday real interactions, transportation and privacy;
• Through digitally mediated interactions.
As a result, analysing these complex multi-level systems requires interdisciplinary research composition.


[Figure 1: Diagrammatic Depiction of a simple coordination game]

Economics: Cost is the medium through which many of the trade-offs in security policy manifest themselves. The value which citizens place on the contrasting needs of privacy and security and the intangible cost of perceived or realised loss of freedoms and democratic rights is a primary concern for policy makers. Finding the optimal trade-off in this context is a non-trivial problem that has yet to be fully solved. This challenge requires the interaction of standard economic theory and models of social choice and social preference.

Understanding Risks: Inarguably the most difficult challenge for security policy is the quantification of risk. The first challenge is the definition of the outcome space, which is often unmapped. This is essentially, what is the space of potential things that can happen within a particular context, such as transport or critical infrastructure. Good policy doctrine requires that we know only know this, but can actually apply some form of probability mass to this outcome space to build risk profiles that are verifiable and may be transformed as functions of various policy tools. These risk profiles might make it possible to answer the questions such as how the introduction of biometric scanners will reduce the incidence of terrorists crossing borders, how various procedures enacted by critical infrastructure providers does improve their security profiles, or what impact these measures do have on the social welfare of their staff and the citizens as a whole.

Therefore, the core scientific/technological objectives of the SECONOMICS project were to tackle the aforementioned challenges. More specifically, the project’s objectives were:
• To synthesize sociological, economic and security science into usable, concrete and actionable knowledge for policy makers and social planners responsible for citizen's security.
• To explore challenges of pan European coordination in security outcomes.
• To develop models of security problems in a technological and socio-economic context.
• To apply risk assessments and analysis of the social context to develop optimal policies.

In order to achieve these objectives and address the key challenges that our society faces with respect to the issues of security and risk, the SECONOMICS project was designed to have two unique features. The first unique feature of SECONOMICS was that it was led by industry case studies with the objective of achieving a pan-European cross-mission impact. The R&D work-packages were structured to interact fluidly with one another to identify social contexts, outline risk and economic costs, and model policy solutions which can then be tested using the unparalleled access afforded by the high-level interactions with domains of these case studies. The results were then distilled into cross-mission policy toolkits that make it possible for decision makers to adapt the general socio-economic methodologies to their concrete problems. Figure 2 illustrates the approach employed by the SECONOMICS project.

[Figure 2: SECONOMICS Approach]

The second unique feature of SECONOMICS was the focus on integrating physical and information security issues. At the systems and enforcement level this focus has been a routine occurrence in many projects (e.g. outputs from previous project such as EUSECON, NEAT, SEABILLA and RIBS). However, there has been less focus on using the identifiable threats to help to formulate concrete policy instruments for decision-makers. We sought to fill this gap.

The only chance of delivering results is by being driven by concrete case studies and by being impact-led. Therefore, the SECONOMICS project was primarily structured around three case studies that were designed to address the core themes of the call and can be applied to the majority of the missions that were outlined within the CORDIS Cooperation Security Theme. More specifically, the activities of the SECONOMICS project were organized by adoption a workpackage (WP) structure. It consisted of nine workpackages plus the management package. In Figure 3, we have outlined the broad structure of the workpackages contained within the project and grouped them by function.

[Figure 3: SECONOMICS Workpackage Structure and functions]

In detail, case study workpackages were led by industry partners and covered:
• WP1: Airports and airport security;
• WP2: Critical Power Infrastructure;
• WP3: Regional and Urban Transport.

For each case study workpackage (WP1, WP2, and WP3), the initial task was to investigate the real needs of the stakeholders involved in the security management of critical infrastructures. This investigation was complemented by the review of security policies and regulations aiming at identifying the key factors characterizing current security issues and challenges and describing whole security ecosystem. From this investigation, each case study workpackage was able to identify the concrete issues in security missions.

When case study workpackages have characterized the menu of security missions, scientific workpackages (WP4, WP5, WP6) started to characterize the threats and distil socio-economic methodologies based on rigorous and well-developed approaches from the social sciences, risk and operations research, and economics and systems models. In detail, each scientific workpackages covered:
• WP4 have identified the qualitative societal impact scenarios, from the future or emergent threat. Quantification of the social cost was made by contingent valuation.
• WP5 have studied the outcome space and associated risk measures. In addition, WP5 analysed the threat environment and potential security measures and their effectiveness.
• WP6 developed economic and systems models of the policy interactions with the architecture of the physical and ICT system under threat and develops an optimal set of policy tools and control instruments designed to optimally deal with the future or emergent threat, subject to social cost constraints.

Once a series of mechanisms identified to implement the policy objectives were determined, the concrete case studies were pursued by means of empirical studies and feedback from citizens and decision makers (looping back into WP1-3). This approach has generated a positive forward loop that strengthened the results of the project.

It should be emphasized that the security missions of the three case studies are just single examples. There was the need to generate a policy tool that is cross-mission and offers guidance to policy-makers and regulators on which types of legislative and regulatory instruments are best suited to a particular type of security threats. For example, best practice guidance for security policy might be a useful tool for certain types of risk, as it is flexible and easily applicable to new emerging threats. On the other hand, it relies on the threat being easily mitigated by the actions of the primary service provider (e.g. a train operator or airport). Certain types of threat including particular terrorist activities require more than passive security measures and may require legal enforcement or proactive and pre-emptive security. Important primary legislation is enacted within the Acquis Communautaire and then enacted in national parliaments. At a lower level, entities such as ENISA enact guidance for member states and critical infrastructure providers (such as airports and air-transport security), which is administered in supra national oversight by the European Commission.

In order to explore the correct policy mix, which is a primary goal of the SECONOMICS project, we have structured the additional workpackages that placed the creation of recommended policy tools as being the primary output:
• WP7 consolidated the results of the three case studies to cross-mission relevance results and assisted in consolidating the validation assessment between WP4, WP5 and WP6. That is, it was “hand-booking” the results of the concrete case studies.
• WP8 provided the necessary computer-aided support to manage real data, by generating tools that maps the research models either to collected or to simulated data (for instance backing out the policy parameters from structural models of economic risk and risk preferences).

Therefore, WP7 was responsible for the cross-mission consolidation and to ensure that the results and experiences gained from applying technical results developed in WP4-5 in the case studies WP1-3 can be generalized into a consolidated framework, namely the SECONOMICS framework for other domain applications. Moreover, the policy framework developed in the SECONOMICS project needs to be applicable in supporting the stakeholders of critical infrastructures and transport links other than: the airport (WP1), national grid (WP2) and urban local transport (WP3) cases that are studied in the project. Therefore, we pursued to ensure that the developed framework can be used in the alternative areas of research such as Oil & Gas, telecommunication and data networks, service centres, and nuclear power plant support systems. On the other hand, WP8 provided a tool support for the SECONOMICS framework. The framework and its tool support has been developed in a case-driven manner, ensuring that user requirements are properly addressed. Figure 4 illustrates how the workpackages in the SECONOMICS project interacts and how the looping mechanism in the project works.

[Figure 4: Workpackage Interaction and Looping Mechanism]

Finally, WP9 is responsible to disseminate and exploit the results from the project with a wider community.

Project Results:
A description of the main S&T results/foregrounds

Policy makers are often in the unenviable position of having to make regulatory and investment decisions on security based on incomplete information about the risk structure, and unknown or unknowable preferences of their stakeholders.

The SECONOMICS project has hence generated various models that can be used in the decision and policy making processes in various critical infrastructure sectors. Although this can be helpful for stakeholders to design appropriate security strategies and policies, relying solely on theoretical approaches might not guarantee the validity of such strategies and policies in practice. The SECONOMICS project teams have therefore attempted to overcome the potential shortcomings in the theoretical models by including practical information and employing a battery of empirical and game theoretic methodologies in the process of the development of our SECONOMICs toolkit. In order to do this, we have used the various quantitative tools including comparative statics, workshops, case-control studies and media analysis. We have also tried to combine these methods together in the project to intensify the advantages and reduce the weaknesses of each method. Furthermore, the project has spared no efforts to interact with stakeholders in getting practical information and capture in-depth meaning of the information. Many meetings, conference calls, workshops and evaluation sessions have helped defining the requirements, validating the models and evaluating the outcomes

As a result, the project has been able to develop an interactive toolkit to provide a visualization of security strategies and policies which can then be validated in a practical setting. With our industrial case studies we have undertaken this task and part of the results of the project are in illustrating the benefits of our approach.

In the following, we explore more details of main S&T results of each workpackage.

WP1: Airports and Airport Security

Airports security requires tightly coupled systems with the complex technical and human infrastructure that is in place to mitigate potential security threats. This organizational infrastructure encompasses advanced IT infrastructures for the real-time exchange of sensitive data, technologies for scanning and monitoring the passenger flow, trained and skilled operators, complex procedures and rules, etc. This complex socio-technical system does not, however, guarantee that in case of a crisis, all the key players and the enabling technologies will support appropriate or coordinated decisions to assure the security of the airport, its employees and passengers.

Furthermore, airport security is interdependent, in the sense that crisis events that may affect one part of an airport will likely have consequences on all others parts of the airport organization. A breach of security in the handling department, for example, will have a domino effect on control tower decisions concerning delaying and rerouting aircraft, which in turn affects the flow of passengers. In addition, airports, like other work places, are employed with people who have different perspectives, all of which can colour judgments and influence decision. Airports are open systems, as they affect also nearby infrastructures or connected organizations (and are affected by events occurring to them). It is hard to trace a clear boundary around an airport, as it is usually connected in multiple ways to the surrounding space and organisations. Because of these considerations, airport infrastructures are particularly weak with respect to small multiple attacks to different sub-systems, carried out in a short timeframe. Nowadays terrorists are changing their strategies, trying to exploit the complexity and interconnection of the system both from the IT and physical sides.

A security incident in an airport has significant economic consequences: delayed or wrong decisions can have grave consequences in terms of both life and property, and lead to the critical disruption of transportation systems. Losses due to delay or cancellations of flights could run into the hundreds of thousands of Euro per incident. By including both direct and indirect costs for physical damage to infrastructure and medical costs for those killed or hurt, in cases of actual terror incidents, this figure grows exponentially.

The analysis and finding of cost effective and satisfactory solution taking into account complex organizational issues in crisis decision making, safety and economics considerations will be great enhancement for airport security policy and management all over Europe.

As a result, WP1 primarily aimed at developing a decision making took in the direction of what could be relevant for airport security organisations. More specifically, WP1 pursued to identify and analyse the current main security concerns of the airport world, in order to feed scientific WPs; to validate the risk model and economics models developed by scientific WPs; and validate the decision-making tool, by means of live trials whenever feasible.

In the first phase of the project, WP1 identified and analysed the main issues for airport security by listing the stakeholders, their mutual interactions, and their requirements with reference to key scenarios that were selected. A range of techniques that were used include interviews of key stakeholders, ethnographic observation, and collection of quantitative indicators. This process made it possible to address the research questions raised by the scientific workpackages; to describe the scenarios for both high level and operational aspects of airport security structure; to provide insights about economic and sociological issues of airport security; and to introduce the modelling of the case study.

As a result, WP1 has consolidated the Airport Security case study scenarios and provided support to scientific workpackages’ model development by mean of extensive data collection campaigns and direct stakeholders engagement and contribution. The final Airport Security scenarios leading model development were:
• The “Cyberthreat – Emerging Threat” scenario
• The “Attack to Tower” scenario
• The “Towards effective airport security regulations” scenario

In parallel with scenario consolidation, an extensive data gathering campaign has been conducted with the aim of supporting model development. The Adversarial Risk Analysis (ARA) modelling approach was used for WP5 models (i.e. Cyberthreat – Emerging Threat and Attack to the Tower scenarios). The results of the “Cyberthreat – Emerging Threat” model can be summarized as:
• When the attack is perpetrated by highly skilled groups, the defender will tend to invest on the most effective measures, although they are also the most expensive ones, and this fact prevents the defender from investing in other cheaper but less effective areas;
• When the cyber-terrorist threat is not so high, because of the inexperience of the attacking group, airport authorities would tend to invest in more measures, aiming at covering as many control areas as possible, although not necessarily investing in the most effective ones.

As for the “Attack to the Tower” model, the results showed that, considering three possible conditions (i.e. low, medium and high traffic level), which are representative of the usual activity at the incumbent airport, under the scenario of an airport which will incur in big losses if a terrorist attack occurs, the terrorists would behave in the following manner:
• They tend to be cautious when they see that the defensive measures are too intense, typically choosing attacking with, at most, only one terrorist;
• Otherwise, if they feel that the ATC Tower is vulnerable they would launch the most powerful attack they can;
• Only in case of doubt, when they do not perceive with clarity any of the situations mentioned above, they would opt for an intermediate strategy, sending between two to four attackers.
However, if the terrorists feel that the damages inflicted to the airport will not be so considerable, their strategy would radically change. Although they are considered as risk seekers, they also put a certain value to their lives and, therefore, they will not put themselves in unnecessary risk if the chances of causing spread and costly damages to airport authorities are reduced.

The “Towards effective airport security regulations” scenario was modeled by WP6 using law and economics approach. The model was developed to analyse the effectiveness of airport security training policy and the fairness of airport security financing. The main results can be summarized as:
• Airport security interdependence might cause unfairness in security financing.
• The effectiveness of security training can be improved by recognizing the transferable value of the training.

WP4 supported the development of the WP5 and WP6 models by conducting various activities for investigating social aspects of security: the media analysis about the 3D body scanner, the Istanbul Ataturk International Airport passenger survey, and the focused traveller online survey

Overall, the following policy insights were derived:
• Security financing: Due to interdependency issues impacting the probability of a successful attack current regulation on Airport Security could result significantly unfair for small or medium airport;
• Risk-based assessment: Airport Security stakeholders prefer a risk-based (vs. rule-based) approach supported by contextual, shared and complete assessment to be done in collaboration with international regulator bodies and national aviation authorities;
• Security training: The human factor has been recognized of high value in making the security training policy evolve to a more effective stage;
• Security measures acceptance: The evaluation of the social acceptance of security countermeasures highlighted that health, privacy and dignity concerns prevail over security risks. Proper communication, open discussion and passenger engagement is essential to foster acceptance.

Furthermore, WP1 has identified that, as for the future and emerging threats:
• Hiding Explosives: The threats currently under major expansion regards new ways of hiding explosives. The EC cannot easy to say what the emerging risks are and what their consequences may be.
• Cyberthreats: The EU context cyber security needs to be tackled in a more holistic way, involving all security actors and all aviation players in order to tackle the interdependency between sectors.
• Changing Regulation: New and emerging threats dedicated committees and working groups work together with member states Intelligent services to review the regulation baseline and to produce new regulation.

Along the project, WP1 pursued to have strong stakeholders’ involvement in in-depth focused activities aiming at scenario and model validation. The consolidation of the case study scenarios and the model building activities allowed the preparation of an Airport Security customized validation framework.

State-of-the-art validation methods, like the European Operational Concept Validation Methodology (E-OCVM) and Participatory & User Centred Design approach and techniques, have been applied in the Airport Security case study. In particular, WP1 has integrated established methods into a customized framework for validating Security and ICT-oriented methods and models. The high-level validation objectives defined across the three case studies were User Acceptability, Domain Suitability and Technical Usability. These objectives have been measured through their ‘decomposition’ into more measurable entities, thus leading to identification of various key validation criteria and indicators.

The scenario and model validation process has been structured within a comprehensive framework. Such framework encompassed the definition of a variety of validation activities, such as workshop activities with Airport Security managers and directors; expert judges with information and airport security experts; interviews with policy makers; online and on-site airport security questionnaires targeting passengers. The integration among the different activities listed above resulted in a comprehensive and coherent evaluation of the airport security case study, to which WP4, WP5 and WP6 contributed on both contents and methodologies. The summary results of the model validation show:
• Issues to be improved
o Model compliance with existing regulations at European level.
o Highly specialized expertise and effort needed in the modeling phase.
• Strengths
o Modular and customizable modeling approach for different type of airports and traffic levels.
o The probabilistic reasoning of the models is a positive choice with respect of the hardly deterministic decisions taken in real world scenarios.
o The mechanisms and computational strategies under the models are useful and leading to quality of results.

As for the toolkit validation, the results are:
• Issues to be improved
o In order to foster its adoption, the proposed Toolkit should be cost-effective and easy to use.
o A possible exploitation model could be to include as additional consultancy service the support for the modeling and quantitative analysis part.
• Strengths
o The Toolkit is an integrated set of instruments with its own internal coherence and effectiveness.
o The SECONOMICS tool is valuable for analyzing different security-critical scenarios and forecasting the impact of the different security measures.
o The Toolkit is a valuable instrument for supporting the airport management companies in tackling possible conflicting goals.
o The Tool GUI look and feel and memorability is of great value since provides an easy input selection layout and a comprehensive overview of the scenario and the results.

Overall, model and toolkit received positive feedbacks from the participants.

WP2: Critical Power Infrastructure

NGRID in the UK is the ‘primary’ agent distributing electricity and gas to all users, firms, government agencies, public bodies and households. The importance of its operational condition cannot be exaggerated for the welfare of all agents in the UK. NG is a complex organisation, relying heavily on software-controlled systems, which, in the event of failure, will have a highly detrimental impact on the country as a whole. The power generation system has a direct influence on the life and health of humans/households, the environment, private and public organisations and society in general.

The system’s integrity and the avoidance of information security (IS) breaches constitute important are sources of concern for both the point of view of internal agents and more importantly for the interests of the users whose welfare depends critically upon the smooth functioning of the services provided by the NGRID.

The aim of WP2 led by NGRID was therefore to investigate possible security breaches that will result in severe downgrading of the system’s operational status. In detail, the main objectives of WP2 were:
• To assess and catalogue the interactions of security policy on the operation of critical national (and supra national) infrastructure (CNI) and the interaction with national and supra-national regulators and the wider European public.
• How are various security concerns viewed from within a provider of CNI and from outside by its stakeholders.
• To provide good practice guidance on how to implement security policy for CNI, balance cost and risk and communicate these trade-offs to the relevant stake holders (for instance government and public)

In the first phase of the project, WP2 focused on understanding and assessing the information/cyber security regulatory frameworks that are or could apply to Critical National Infrastructure operators. NGID’s electricity transmission network in the UK serves as the example that is used to assess these regulatory structures in WP2.

The information/cyber security scenarios of WP2 have been constructed to cover the entire picture of National Grid’s UK Critical National Infrastructure in the current state and the short to medium term future. For the current state, which considers the security threats, risks and impact to National Grid’s current CNI systems, processes and assets, both threat and risk assessments were completed for the different business areas in scope. The future state consisted of the future and emerging threats that were identified in numerous internal National Grid workshops and external security roundtable meetings.

WP2 focused on understanding and assessing the information/cyber security regulatory frameworks that are or could apply to Critical National Infrastructure operators. In collaboration with WP4, 5, and 6, WP2 therefore tried to answer the following questions:
• Do the current CNI regulations in the UK and US adequately and appropriately ensure that National Grid mitigates the risks in the current state i.e. are the current regulatory frameworks fit for purpose?
• As National Grid and the energy industry across Europe moves towards the future state, are the current regulatory frameworks flexible and adaptable enough to manage these changes?
• Which regulatory structures, whether risk-based, rules-based or something else, would be better in the current and future states? And can we look at examples elsewhere in the world or in other industries?

Through the models developed by scientific WPs, WP2 was able to identify the following results:
• A CNI Operator is better placed, and thus more effective, at mitigating security risks directly rather than through following rules defined by a regulator.
• The effectiveness of a rules-based regulatory structure is dependent on how informed the regulator (rules-setter) is of the security of key or core assets.
• A regulator’s payoff is acutely dependent on what it values as important. Assurance or the limiting/absence of security incidents.
• Cultural attitudes vary widely in different jurisdictions and this can have a significant impact on how firms and CNI Operators react to security regulation, or the lack of it.
• The view of many stakeholders is that a mixed regulatory response could be best for society. Specifically, rules could apply to CNI Operators that were less security mature and for those CNI Operators above a certain maturity threshold (i.e. those with an established risk management and mitigation framework) a risk-based regulatory framework could apply.
• Due to the lack of cyber attacks in CNI with direct impact on the services provided, such as energy delivery, a data-driven approach to designing security regulation in this space would be ill-conceived.

The modelling approaches have been validated and calibrated by National Grid’s Digital Risk & Security leadership team and the European Network of Transmission System Operators for Electricity (ENTSO-E) Cyber Security Protection and Critical Infrastructure Protection subgroups in a number of meetings. The results from the validation are:
• User Acceptability: Stakeholders gave high praise around how the complex concepts had been presented.
• Domain Suitability: DR&S leadership, CPNI and ENTSO-E cyber group, gave useful feedback and reached agreement regarding the high level domain suitability achieved by the models.
• Technical Usability: Very positive feedback was given as to the importance and quality of the technical academic rigour demonstrated by the models.
• However, it was identified and agreed that facilitated interaction with experts provided a more suitable platform for communicating the key concepts.


WP3: Regional and Urban Transport

Urban passenger transportation – by which we mean urban metros, regional train lines, light and urban rail, trams and bus networks – is an economically and socially vital part of Europe’s infrastructure. As such it has proven to be an attractive target for general criminality and terrorist attacks and their disruption would create a deep impact on the economic and social well-being of the citizens.

In order to increase the security of Europe’s transport systems, is necessary the development and acceptance of a common socio-economic methodology for the decision support in security across EU countries, and develop adequate standards and procedures for the harmonised implementation of solutions and services consistent with the defined (across countries) framework; and to support the implementation of security measures taking efficiency, business and societal impact into account. Indeed, such operators will see an economical interest in implementing the same or similar security solutions throughout their operations, although these might concern different (and distant) areas, cities or countries.

TMB, hailed as one of the world’s most modern and well-designed mass transit systems, is responsible to provide a public transport network for a sustainable development of Barcelona city and their suburbs. Forming part of an integrated passenger service, the underground metro runs in conjunction with aboveground transport networks, satisfying the mobility necessities of Barcelona citizens with a good levels of quality, price and security. The underground railway operates on seven lines providing daily service amongst 125 stations. With a total route length of 90 km, trains run continuously throughout the daytime, evening hours and until late on Saturday nights. With over 60,000 journeys completed every hour during peak periods, TMB transports over 1.3 million passengers on a daily basis.

Service level is the most important indicator that impact directly to citizens any incident in the underground (technical problems, accidents, suicides and vandalism, between others) and in the second place the security in the metro. TMB has identified as a big problem the theft and violence in the metro how majors’ problems related with the perception of the security for citizens. There are investments in processes and technologies related to thess questions and also it is very important how the violent acts in public transport is communicate by public media because this impact directly to the users perception of security in underground.

Hence, the main objective of WP3 was to contribute with the surface transport (underground) requirements to develop SECONOMIC framework, which comprises a set of methodologies and techniques produced in WP4, 5 and 6 and the development of a security decision-making tool in WP8. In more details, WP3 aimed at:
• Identifying and analysing underground transport requirements and security challenges
• Validating the methods, techniques and models developed in WP4, WP5 and WP6.
• Evaluating the security policy decision making tool.

In analysing the security requirements, WP3 identified four scenarios including indicators of economic crisis, fraud, graffiti and pickpockets. In the modelling process, all the required information describing each scenario has been provided to the scientific WPs. For each of the models a slight different process has been followed. In case of social model, the information on security incidents and passengers complaints was provided to complement the media analysis done initially by ISAS CR, which provided information on the specific security scenarios with a social impact. For the design of the risk model, based on the templates of the Adversarial risk analysis methodology (ARA), the process consisted in selecting the most appropriate scenarios and approach and then providing the data required by the scientific WP for the fine design of the model.

The overall results indicates that:
• For the societal models, it was emphasized the need and importance of considering social factors in addressing security challenges, both domestic and those of globalisation and growing diversity.
• Security in urban public transport must consider and address the growing diversity of passengers in particular in communication and training of security personnel.
• The need for comprehensive solutions to security issues and the need for security coordination between public transport operators operating various means of transport and also with the security forces, not only at local level but also at pan-European level.
• For the risk models, threats like pickpockets are largely in the hands of organized crime, which has a high adaptability. Pickpockets are professionals who exploit in their favour:
o It is an opportunity crime
o They work with intelligence
o They work transnationally
o They take advantage of local laws and regulations
In summary, they work with the approach of “cost minimizing with adaptive intelligence”.
• If threats acquire a large extent, the measures may not be effective, since the strength and perseverance of the attackers is greater. Therefore, it is important that the regulations adapt to the attackers changes in an harmonized form across Europe

A validation step on the scenarios and the models has been done, with the participation of stakeholders in two workshops. Additional information has been collected during these workshops on future and emerging threats, especially in regard to the social dimension and the internationalisation of some of the already existing security threats, which are evolving into new forms of problems that must be addressed with a different approach. The question of pan-European coordination has been also discussed by the stakeholders during these workshops, specifically in regard to the coordination of law enforcement agencies and other initiatives at European level, funded from the European Commission Directorate-General for Mobility and Transport (DG MOVE).

The participants in the validation process expressed that the approach and the models provided were considered quite appropriate for their use in the public transport domain. For the social model the effects of security human resources on customer satisfaction and the impact of the application of technical resources and new technologies on the security scenarios were defined. For the risk model, it can be easily extended to consider additional scenarios by adapting the methodology to the specific countermeasures required by them. The summary results of the model validation are:
• Issues to be improved
o Security and society: The model has not much capacity to provide accurate and probable results (predictability).
o Security risk models: There were no major issues reported on the model.
• Strengths
o Security and society: It verifies the positive impact of security human resources on customer satisfaction and the not so evident impact of the application of technical resources and new technologies on the security scenarios.
o Security risk models: It can be adapted to additional scenarios through the evaluation of required countermeasures for each security threat added.

The results of the toolkit validation for the security risk models show:
• Issues to be improved
o The implementation must scale up to consider the transport network.
o It is a static model.
o The implementation must scale up to take into account the complexity.
• Strengths
o Estimation of resources.
o Calculating the costs of measures per scenario.
o Costs and benefits while considering the reaction of smart attackers.

WP4: Security and Society

The ongoing process of globalization is increasingly characterized by emergence of global risk, which constitutes crucial challenge for governance both in terms of internal and external security, but also in terms of the growing need for decision-makers to open public debates on the topic in order to reach societal consensus. The need for the debate among different actors on all levels of governance must include decision-makers, as well as media and the public. The topics ought to include the topics such as risk, security, and perceptions and attitudes of various actors and stakeholders towards them.

In terms of conceptualization of the term risk, the scientific literature distinguishes between “objective risk” and “subjective risk” based on perception; and “acceptable risk” in terms of attitudes. The underlining themes are perceptions and attitudes towards the issue. Current research projects on public perception of security focuses strongly on security technologies and on dilemma between privacy and security. Citizens and civil society actors are increasingly aware not only of the implication of new security measures in terms of political use and possible control or abuse; they are also pointing out the possible risk of commercial exploitation of security related information and of increasing costs in terms of allocation of resources. The situation after the tragedy of 9/11, and other terror attacks have increased the importance of security, the responsibility of governments for the security of citizens, the public support for the security measures adopted to decrease the risks of global terrorism.

The main aim of WP4 was to concentrate on perceptions and attitudes towards risk and security, whilst taking into account the tension between privacy and security. In detail, the main objectives of WP4 were:
• To conceptualise security and risk as a social phenomenon and analyse their mutual interplay in public opinion and attitudes.
• To study policy interactions between policy makers, industry (stake holder) and citizens (consumers), specifically:
o Identify public perception and attitudes to risk;
o Estimate the risk tolerances and consumer-demand for security
o Investigate the value citizens placed on this attribute.

Therefore, the emphasis of WP4 was on the study of communication strategies used by decision-makers and stakeholders in the system of multi-level governance, the role played by media, public participation and public scrutiny. Special attention was paid to the communication strategies and to the role of media in the process of communication and mobilisation of support/rejection. Further attention was also paid to the role of civic association in these processes.

Over the course of the project, WP4 has considered citizens’ reaction to risks and their acceptance of security measures, interplay between security and risk in public opinion and attitudes, media framing of security and security technologies; examination of salience and acceptance of security measures, the tension between security and privacy, and mutual trade-offs of risks and security for citizens; as well as the identification of effective channels and patterns of communication on security and risk.

In order to better understand citizens’ perception and attitude on security and risk, WP4 has collected and analysed secondary quantitative data on risk perception and security; studied media debates on three security issues (3D body scanners, Stuxnet and CCTV) in 20 major dailies of 10 countries over a period of 40 months (from January 2010 to April 2013); synthetized media analysis results with customer surveys data (airport, public transport), customer complaints data (public transport), and expert interviews and ethnographic observation (airports); and developed conceptual models combining cost, profit and effects of individual security measures on customer acceptance/salience.

WP4 has developed and applied instruments for qualitative comparative analysis of security issues in the media, in order to conduct in-depth qualitative and quantitative analysis of media coverage; created SECONOMICS media corpus (covering the issues and countries indicated above); and constructed salience index and model of public acceptance of security measures and validated these with stakeholders and experts in aviation, urban public transport and critical national infrastructure domains.

The case studies conducted by WP4 include cyber-terrorism as an example of risk and 3D scanners and CCTV cameras as an example of security measures, although some media outlets framed Stuxnet as a security measure. The main factors shaping how the media report on security threats and security measures are past experience with a particular security threat and the probability of the country being targeted in the future. These factors account for the main differences in the extent of coverage dedicated to the issue in the different domestic media.

The main findings can be summarized as follows. First, the media debates in the studied countries each prioritized a specific aspect of national security – in reaction to the effect of both global events (i.e. terrorist attacks) and domestic developments (economic and political). Countries that are generally more active on the international scene and/or have had a previous experience with domestic and international terrorism are generally more exposed to (and hence concerned about) potential terrorist attacks. In these countries (the UK, the US, Spain, and Germany) security measures are high on the policy agenda, as demonstrated by the prioritization of body scanners in airport security and intensified CCTV camera use in counter-terrorism. In countries with no real danger of a terrorist attack by (international/national) extremist groups (Poland, the Czech Republic, Slovakia), there is a low policy interest in advanced and costly security devices, such as body scanners at airports and CCTV cameras, are seen positively as a crime prevention measure.

Second, in the salience analysis of airport security, WP4 found that acceptance of security measure in airport context is connected with the perception of effectiveness of the given measure. Furthermore, the analysis showed that the perceived values of security procedures is enhanced by higher perception of quality, and affect the air-travel intention positively. Furthermore, WP4 established indirect, but positive relationship between perceived equity, conceptualized broadly as different treatment due to passengers’ nationality, and intention to travel.

Third, the study of salience of security measures in urban public transport also yielded highly innovative findings. Examination of critical salience index indicated very low negative salience of the three issues in question (fare evasion, uncivic behaviour – vandalism, and ticket inspectors’ behaviour). The validation of the social model in urban public transport domain emphasized the need and importance of considering social factors in addressing security challenges both domestic and those of globalisation and growing diversity. Another aspect dominant during the validation activities was the need for comprehensive solutions to security issues. In addition, security coordination was an important point raised by stakeholders; within the various units of public transport provider, between different means of public transport (for example, effective implementation of security measure in metro can shift the security issue to public busses and vice versa), between public transport providers and security forces (Police), as well as pan European coordination of both public transport providers and of security forces (Police).

Fourth, in regards to salience of Critical National Infrastructure security, the results indicated that both citizens and stakeholders largely underestimate the salience of security issues in the domain. Furthermore, the validation in the CNI domain showed that salience and satisfaction of security issues have the potential to directly as well as indirectly influence costs of security. In addition, assurance and reliability of information for future and emerging CNI threats and appropriate dissemination of sensitive information were identified as key challenges. The ways to mitigate some of the issues outlined above were ensuring that the issues of citizens’ satisfaction are acknowledged and incorporated in allocation of resources, in training of security personnel, as well as substantially addressed in communication strategies of security stakeholders.

Lastly, events such as acts of terrorism (Boston marathon bombing 2013, terrorist attempt in Bonn 2013) can cause dramatic shift in salience of security measure – most interestingly shift from negative to positive salience (CCTV in both the US and Germany). However, as the initial shock subsides and the plurality of media debate returns to the initial level (after terrorist attack media are usually dominated by voices of actors favouring the monitoring of public spaces), the salience of the given security measure returns (almost) back to its initial standpoint. Hence, while dramatic events such as acts of terrorism have the power to significantly influence public opinion, their impact is not as lasting as that of cultural attitudes and media landscape.

In sum, WP4 identified that the balance of security and freedom is the crucial task of contemporary governments, the role of critical media as a platform for public political discourse and as a guardian of freedoms is gaining considerable importance. Media play a critical role as an arena in which information is made available to the public, multiple claims and justifications are presented and discussed, and essentially opinions are formed.


WP5: Security Risk Models

Appropriate responses to terrorism represent one of the key challenges for states in this century. Indeed, in response to recent and potential large scale terrorist attacks, multi-billion euro investments are being made to increase safety and security, especially in critical infrastructures. This has stirred public debate about the convenience of such measures, especially in a context of limited resources within a shrinking economy. In turn, this has motivated a great deal of interest in modelling issues in relation with counterterrorism, with varied techniques and tools from fields such as reliability analysis, data mining or complex dynamic systems.

The key feature in studying security problems is the presence of two or more intelligent opponents who make decisions whose outcomes are uncertain. Thus, it is no wonder that much of the research in this field has reminiscent game theoretic and risk analytic flavours. However, within the risk analysis literature, game theory and other multi-person decision paradigms have long been considered of little relevance for analyzing adversarial risks.

Therefore, WP5 has developed a model by employing Adversarial Risks Analysis (ARA) to support one of the participants, which we shall call the Defender, when assessing which investments should be made when protecting critical infrastructures, illustrating them with case studies from an underground network and an airport. The key objectives of WP5 were:
• To provide a set of template models for risk analysis for critical infrastructure protection, helping to assess the most effective countermeasures.
• To adapt them to the case studies developed.
• Based on the gained experience, to describe a general methodology for risk analysis for critical infrastructure protection.
• To describe a computational tool supporting the proposed methodology.

In the course of the project, WP5 produced five template models (simultaneous Defend-Attack, sequential Defend-Attack, sequential Defend-Attack- Defend, sequential Attack-Defend and sequential Defend-Attack with private information) which serve as backbone to build more complex and realistic models. Based on this, a number of enhancements were introduced considering different scenarios:
• Multiple attackers (coordinated or not) vs. multiple defenders (coordinated or not).
• Multiple targets to protect (be they independent, or with special configurations which take into account the underlying topology, like a network or a spatial distribution).
• Interactions between attackers and defenders not as streamlined as in the template models.
• Different rationality types expected among the attackers.

The more complex models were also validated considering additional cases oriented towards emergent threats such as terrorism in a railway service (networks), delinquency in cities (spatial distribution) and cybersecurity.


WP6: Economics and Systems Models

Executable modelling languages are important tools in science and engineering, providing methods for exploring systems that are too complex to be usefully described in simple, analytical terms. It is very often difficult to validate such models of complex systems, and there are important questions about faithfulness of representation of the underlying system and of the degree to which such models can be predictive. A possible source of errors lies in the modelling language itself, because (contrary to the beliefs of many) languages are themselves complicated artefacts. It is very important to use a modelling language, which is well understood, both by its authors and by its users. This points towards the disciplined use of small, expressive, languages that have a formal semantics, that are implemented with a high-degree of integrity, and which employ constructs that naturally support the modelling idiom.

In general, we chose to represent the impact of the environment on the system of interest just as random events that are incident upon the system. There is, however, another important role for stochastic methods in our approach. Even within the system of interest, there may be (perhaps quite complex) components that we do not need to model in (process, resource, location) detail. The impact of such components on the operation of the overall system can often be handled stochastically. All of these approaches are mathematically rigorous, and stand in contrast to approaches such as UML.

The main objectives of WP6 were:
• Construct systems models of security problems in conjunction with the following WPs.
• The WP concentrates on the major modelling work required to integrate models of system architecture with macroeconomic models of policy maker preferences.
• Create simulations that test the response of security architectures to different threats and different policies.
• Evaluate the economic incentives that might mitigate the effects of policy within a particular security context.
• Mathematics and economics have, historically, interacted in a very close manner over the last two millennia.

Valuation and contingent claims analysis relies on a full understanding of the outcome space and in a security context this is often hard to define. Consistent policy doctrines are not possible without a full understanding of the outcome space, the contingent states and their probabilities.
• Rigorous systems models with a consistent axiomatic framework allow the econometrician to define the outcome space and understand its limits in and therefore create policy simulations that capture more of the system structure. Without these types of model, arbitrary distributional assumptions need to be made that may not be realistic and may lead to sub optimal policy making.

Work in this area is not designed to create new economic models, it is designed to better inform existing models by use of more granular representations of the system architecture, for instance the electricity grid or the way in which passengers proceed through airport security. In combination with models of social preference, powerful tools can be built that better inform policy makers and consumers of security (in most cases the wider public).

Moving from the operational policy context provided by the ARA models it is important to utilize these insights for public policy. Simple scaling of operational models has, historically, proven to be almost impossible in most areas of economics. Our approach does mix “micro-foundations” into the policy frame, but we also address the downside of this approach by providing more abstract but policy focused models to help derive the optimal regulatory structures. Our models fall into three main categories:
• Models of multiple attacking agents in a Bayes-Nash equilibrium.
• Representative agent models in a sub-game perfect equilibrium.
• Models of heterogeneous agents that combine elements of the previous two modelling approaches.

We have used, in effect, all of the quantitative models in the economists’ armoury. From those that incorporate time dynamics to those that are founded in a static equilibrium, to create counter-factual predictions that can be compared to reality in order to properly calibrate the models. In the main, each of these strategies have yielded materially similar results:
• Public policy is important in ensuring that the cost of security is fairly distributed.
• However, badly informed public policy can result in higher risks than when policy is absent.
• Cost sharing is inherently unfair, but sensible policy can mitigate this with little risk of the issues in the second point occurring (this is a typical mechanism design problem).
• The introduction of strategic attackers does substantively change some of the conventional results in public economics that are often used as a primary motivation for certain regulatory types.
• Mixed evidence from qualitative and empirical sources can be used effectively.


WP7: Cross Mission Consolidation

There are three main target user groups for SECONOMICS: (1) owners, suppliers and providers of critical infrastructures, (2) citizens, and (3) EU and members governments. The first invest in security to reduce risk, often supported by the latter. The citizens are end-users and subject to confusion as they have limited ability to understand the current technically focused information distributed regarding security and cyber threats. The SECONOMICS project provides methods and tools to improve the understanding of citizens, reduce the fear amongst citizens and to build and maintain the trust of citizens. The developed tools also supports the industry stakeholders and government entities. To do this, WP7 was designed for cross mission consolidation and had three main objectives:
• Gather user requirements from the case study domains: airport, Grid and transport;
• Consolidate experience and results across the three case study domains: grid, transport and airport;
• Consolidate and generalize over the technical results and compose these into the SECONOMICS.

As a result, WP7 synthesized and generalized the results from WP 4, 5 and 6 into the SECONOMICS framework, offering support to all relevant stakeholders, including the citizens. The SECONOMICS framework defined a socio-economic methodology that span across different security missions, such as airport, Grid and transport protection, in order to support decision-making processes on the viability of security measures, taking into account the impact on citizens, and to identify factors allowing a realistic impact assessment. WP7 consolidated the R&D threads of this proposal by generalising the findings identified through application of the models and methods developed in WP 4-6 to the case studies in WP 1-3 (airport, Grid, transport) and pushing forward their implementation and integration (WP8) in a tool platform that supports policy decision making in relation with the adoption of the optimal portfolio of security measures, taking into account their benefits and measures, the legal and economic constraints and the risks assessed for various threats and how these are perceived.

The field of security needs the ultimate combination of research fields including public administration, economics, and social policy. While the SECONOMICS partners used this combination to conduct the critical infrastructure case studies, the employed approaches in SECONOMICS can be generalized beyond these cases. In the project, the SECONOMICS partners addressed various aspects of human behavior, such as how citizens perceive risks and how media communicates risk with them. The partners then implemented an array of up-to-date approaches in game-theory, content analysis and adversarial risk analysis to link the evidence from human behavior with theoretical models. Finally, the partners validated the model outcomes with various stakeholders. This evidence-based approach is critical for security study since there are very few available natural experiments and direct experimentation, and hugely diversified preferences of stakeholders. The approach helps to understand how the previous policies have been built and how we can build policy recommendations in the future.

The security problems of the case studies also appeared in other critical infrastructures (e.g. nuclear, financial, oil and gas, water supply, public health), sectors that – by definition – have a direct or indirect impact on citizens as well as a high political relevance. In all of these critical infrastructures, there is also the need for integrating policy and socioeconomic considerations into the security field. The SECONOMICS approach used in WP7 provides an evidence-based and holistic approach that can be applied to address other critical infrastructure security challenges. Through the exploitation of the toolkit with security experts and sector stakeholders, the SECONOMICS approach could customize and calibrate the models and scenarios of these new sectors.


WP8: Tool Support

Modern software tools for economic analysis hold an ever-increasing complexity. This complexity is a big challenge for the development process of such software systems. Having been mainly focused on mathematical and theoretical aspects with respect to security, financial, and business constraints for many years the development now becomes more and more software centric. Being quite different worlds in their origins they now need to be closely connected in order to achieve a continuous and effective design flow and to enable iterative exchange of engineering information across development phases. Model-based system and software development is currently regarded as one of the most promising means for realizing and tool supporting such cross domain design processes and activities.

However, various software tools for security and risk assessment represent more or less isolated solutions covering only specific aspects of interest. As a result, the complete development flow is fragmented into various models and analysis, and each of them requires a more or less specific tool. There is no obvious connection or transition neither between the underlying modelling languages nor between the different state of the art and corporate specific model-based design tools.

Therefore, WP8 aimed at integrating the tools developed in WP4, WP5 and WP6, tested in case studies in WP1, WP2 and WP3 and generalised in WP7 to provide a tool that supports policy decision making in relation with the adoption of the optimal portfolio of security measures, taking into account their benefits and measures, the legal and economic constraints and the risks assessed for various threats and how these are perceived.

The overall Toolkit includes three main parts:
• The Security Problem Structurer supports the modeler by adding specific values or parameters to a given model created and visualized by the Security Problem Modeler. Therefore, the Security Problem Structurer corresponds to the lowest layer in the overview of the Levels of abstraction.
• The Security Problem Modeller is a model designer for a class of models, to create a specific instance of a model to match a problem. It aids in identifying the relevant multiple indicators/objectives for the defender, including economic and security related indicators, and how to assess them. In addition, it helps assess the distributions over the attacker’s actions and model the defender’s beliefs, incorporate data available and use no informative priors for situations in which little information is available.
• The Security Problem Solver of each model is a calculation function of the model. It helps find, for example, the optimal security policy and resource allocations.

Over the course of the project, WP8 has developed the Toolkit based on the various models produced by the scientific WPs. The toolkit integrated the models in a Matlab/Java interface that presents the information in a comprehensive and accessible manner.

The Toolkit is a computer application for conducting security policy analysis. The Toolkit runs scientific models specifically designed to analyse security scenarios and policy decisions relevant across critical infrastructure. These underlying models encompass socioeconomic aspects and interactions, which are paramount to understand the entire ramifications of security problems and policies.

[Figure 5: SECONOMICS Toolkit]

As shown in Figure 5, the Toolkit provides a user-friendly representation of the computational models and an interactive step-by-step analysis: contextualization [1], input of the parameters [2] and the results [3]. More specifically, it mainly has four components:
• Computational Models: Implementation of the SECONOMICS Scientific Models as computational models. These models are implemented in Matlab, a widely used and powerful mathematical software, and compiled in Java. Once the users provide the input using the Integrated Tool Interface, Matlab or Matlab Compiler Runtime can run the Models and provide the results back to the Integrated Tool Interface. The Toolkit contains 6 models:
o Attack to the Air Traffic Control Tower of an Airport: Adversarial Risk Analysis to select the best portfolio of security measures against a terrorist threat to an air traffic control tower of an airport.
o Fare Evasion in the Metro: Adversarial Risk Analysis to select the best portfolio of security measures against fare evasion in the metro system.
o Pickpocketing in the Metro: Adversarial Risk Analysis to select the best portfolio of security measures against pickpocketing in the metro system.
o Policy Coordination of Airport Security: Analysis of public policy decisions to select the best policy or regulatory strategy to incentivize airport security investment in both small and large airports.
o Policy Coordination in Electricity Network: Analysis of public policy decisions to select the best policy or regulatory strategy to incentivize security investment in the electricity transmission and with heterogeneous operators.
o Subsidy and Incentives Model: Analysis of the effectiveness of subsidy and regulatory framework (rules-based or risk-based) to incentivize CNI operators to meet a certain security assurance level.
• Infographics: Clear and informative representation of the Computational Models (e.g. parameters, consequences, context, steps of the analysis). The integration of the Infographics in the Toolkit interface allows users to quickly understand the scenario information and the analysis rationale. Since this information is usually complex, infographics help users to have a better awareness and control of the assessment they are performing.
• Integrated Tool Framework: Application that provides the necessary functionalities for running a security assessment with the Computational Models. It is implemented as a Java Program and has three main components:
o Analysis Plugin Provider: Background loading of the Computational Models
o Selector View: Visual component that presents a list of the available Computational Models.
o Parameter Input and Output View: User interface for interacting with the Computational Models. The Infographics of each Computational Model are represented in this component and they provide information about the Model. In the Parameter Input, several elements embedded in the Infographic allow users to insert or select the parameters to run the Model. The Output View provides an Infographic with the results of the analysis. These representations are implemented as HTML and the interaction with the Computational Models (Matlab Connection) as JavaScript.

It should be noted that the toolkit is not simply the graphical interface of the SECONOMICs tool. The toolkit is the combined knowledge base developed throughout the project. However, it is worth reviewing the “frontend” of our work, which we refer to as “the-tool”. Due to the high complexity of the threat scenarios and the different mathematical approaches the tool is divided in two major parts; first a powerful numerical engine like Matlab is needed. However, the engine does not provide easy to analyse results and as such we have created a second strand to the tool, a user interface in Java. The toolkit’s Java interface hides the models’ high complexity to the user and offers a self-explaining form where scenario specific data can be entered. Finally, the graphical results presented can support a policy-maker taking essential decisions such as “How much money should be invested in security?” or “Which investment distribution will be the most promising one?”.

Consequently, the toolkit considers Public Policy Models that incorporate mandatory and risk-based security investments, and also Adversarial Risk Analysis models which simulate the decisions of an attacker and hence compute the most effective defensive strategy.

Potential Impact:
The potential impact and the main dissemination activities and exploitation of results

In the last years, the European Community has experienced various security incidents leading to the damage or destruction of infrastructures. In addition, the threat of terrorism has arisen new challenges for the European critical infrastructure protection. The social and economic necessity to ensure a proper critical infrastructure protection is even clearer if one thinks to the strong interdependence between critical infrastructure industries and other industry sectors of the economy. This consideration allows to point out how the consequences of a crisis event on critical infrastructure can be very significant in terms of economic and social costs. In this framework, infrastructures are imperative to be protected since they play essential and unique roles for economic vitality, and, in some cases, have a high symbolic value that make them particularly attractive for terrorist attacks. In addition, ensuring the infrastructure protection is important not just from the perspective of maintaining its normal important functions but also for its emergency response importance and usefulness in the context of a terrorist incident on or off the infrastructure system.

To give an answer to these issues, the SECONOMICS project aimed at developing innovative risk assessment techniques and policy models and tools that can support policy-makers in security-related decisions by taking into account both social and economic factors. This was possible by synthesizing various research fields including social science, risk and operations research, and economics. As a result, the SECONOMICS project was able to generate usable, concrete and actionable knowledge for policy makers and social planners responsible for citizen's security. In particular, the main contributions of the SECONOMICS project are manifold.
• It made it possible to provide a general socio-economic methodology for security resource allocation which is relevant across various domains;
• It provided a tool that facilitates such process to policy makers;
• It showcased such methodologies and tools in relevant case studies, which may serve as best practice analysis that may replicated in other European (and global) critical infrastructures;
• It included within the global risk governance process issues in relation with social perceptions and attitudes towards risk as key drivers;
• It improved the process of identifying and assessing risks from an economical point of view;
• It improved the process of balancing security with policy, economics and other relevant constraints;
• It enhanced the process of quantifying positive and negative externalities.

Furthermore, by synthesizing sociological, economic and security science into a usable, concrete, actionable knowledge for citizen’s security, SECONOMICS made it possible for policy makers and social planners to better understand the current and emerging challenges in security and to develop a policy and a strategy from the point of view of pan European coordination. In the followings, the report explores the industrial impact on each case study industry and the scientific impact on academic partners.

Industrial Impact

Airport:
Aviation security is a strongly regulated domain. Regulations, mandatory procedures and internal rules to ensure Security standards compliance must be respected. The International Civil Aviation Organization (ICAO) specifies minimum standards which every country must satisfy in order to be a member (and, thus, to be permitted to have flights originating, terminating and transiting its own territory). Every Member State is required to build a civil aviation structure, which must satisfy the minimum standards and share it with the rest of the world. Members States can create a different organisation, as European Union Members did with the creation of the European Civil Aviation Conference (ECAC). Each Member State is required to draw up a National civil aviation Security Programme (NSP). In SECONOMICS, we have involved stakeholders such as European Regulatory bodies (European Commission DG Move and Eurocontrol), International Industrial Associations (IATA and ACI Europe), National Civil Aviation Authorities for Security (ENAC in Italy and AESA in Spain), Airport Management Organisations (AERDORICA, SAGA, etc.), Airlines representatives and Air Navigation Service Providers.

The SECONOMICS Toolkit validation was a comprehensive and integrated process evaluating and demonstrating, under realistic conditions, the Software Tool and the Policy Guidelines implemented. The Security Risk Model and the Economics & System Model were applied to the Airport Security domain and evaluated by the stakeholders as a coherent set of instruments with great efficacy and efficiency at security decision making and policy making levels.

Critical National Infrastructure:
CNI providers are an example of organisations whose risks have potential impacts beyond the organisation on citizens and society. Governments have the responsibility of ensuring that those organisations identify, understand and appropriately mitigate the security risks.

National Grid, as the electricity transmitter in the UK, was the CNI provider selected; there are numerous risks to electricity transmission that affect everyone connected to it. The landscape of energy delivery is changing with the development and implementation of smart grids and SCADA systems becoming more complex and connected to the internet. As a result the threat landscape would increase in the future. In addition to this, the fast pace of IT innovation will provide future attackers with continually increasing means of attacking CNI. Consequently, an increasing range of threat actors with higher capabilities and motivation to attack CNI can be expected in the future.

Members of Digital Risk & Security (DR&S) Leadership in National Grid, the Centre for the Protection of National Infrastructure (CPNI) in the UK and the European Network of Transmission System Operators for Electricity (ENTSO-E) Cyber group gave robust feedback over a significant number of validation meetings and workshops and agreed that the underlying models of the developed toolkit inherently integrate the security, economic and social perspectives of CNI. The policies presented in the validation meetings, as part of the complete policy landscape covered, were considered applicable and relevant to the CNI industry by the key stakeholders.

Transport:
Regional and public transport is an area where security is closely integrated with the security model of the city. The laws and procedures applied in case of incidents are the same applied to other incidents in the city, but the conditions in a closed space make the risks more severe than in an open place. From the stakeholders’ point of view, even though the security incidents have not changed too much in the recent years, the background has evolved significantly. Transnational organizations (e.g. organized fare evasion) are orchestrating criminal activities and the use of new information technologies and the proliferation of antisocial behaviour require a new approach to overcome these new security scenarios. Graffiti and vandalism are also clear concerns as they are becoming not only a regional or national issue but a transnational problem. Transport operators are affected by internationally organized crime networks traveling around Europe to “express their art”. Graffiti is a growing trend in the transport sector that creates operational, financial and reputation losses.

In SECONOMICS, we focused the case study in the metropolitan transport in Barcelona and involved other public transport operators, security entities such as the regional police of Catalonia and the International Association of Public Transport (UITP).

The SECONOMICS toolkit was introduced to these stakeholders in different phases using the “Good Practice” approach, on how scientific models can be introduced and used by policy makers for evidencebased policy making. Overall, they were very satisfied with the approach of how the best resource allocation for a specific situation was calculated. They agreed that the security risk models can be extended to other types of threats.

Security standards:
SECONOMICS also contributed in the development of the third version of the Common Vulnerability Scoring System (CVSS v3), the worldwide standard for software vulnerability assessment. CVSS is widely used to manage the security of critical systems such as those managing financial transactions or power transmission. In the context of SECONOMICS we analysed patterns in vulnerability exploitation and developed a model of the “work-averse attacker” that has been instrumental in the development of the new version of the standard. In particular, UNITN was part of the CVSS First.org Special Interest Group and worked with industrial partners such as Intel, CISCO, IBM, Juniper and many others on its definition. Part of the work developed for SECONOMICS has been presented and discussed within the SIG, and the discussion resulted in a revised version of the standard that keeps into account SECONOMICS findings. The University of Trento will be acknowledged as a contributing author of the new standard, when released.


Scientific impact

SECONOMICS has produced a policy framework and toolkit that can effectively assist decision makers at a strategic-tactical level in identifying and reacting to critical infrastructures threats. The project has produced a general methodology that was fed with new research on objectives, risk perceptions and attitudes, budgetary and other constraints, to finally produce the best security resource allocation for an organisation willing to protect multiple targets against multiple threats.

Most of the results will be exploited immediately by the academic community in courses and new research projects. Some models require validation prior to further exploitation, while other results are already adequately developed and are ready for commercialisation, for instance coding techniques for salience analysis in the media, models for public policy with mandatory and risk-based security investments, and model of public acceptance of security measures. As a result, each academic partner has the following scientific impacts.

URJC:
Concerning the academic impact of the ARA aspects of security risk, 11 papers and a monograph have been produced or about to be produced. Some of them have already appeared in major journals like Risk Analysis, Decision Analysis or Annals of Operations Research. Several sessions have been organised at major conferences like EUROINFORMS or SRA-Europe, as well as invited talks and lectures have been given at major conferences such as ISBA, SRA and research centers like Bocconi, Coimbra or the Royal Academy of Sciences. The new materials developed have been incorporated into courses. Finally, one of the papers has been awarded as best paper by the Society for Risk Analysis; an AXA Cair in adversarial risk analysis has been awarded and invited talks will be delivered soon at major events like the BISP and GDRR conferences. 4 PhD students have worked related with ARA and various security aspects.

ABDN:
A key aspect of the project is the lack of tractability in using historical data to drive policy in the absence of a theoretical basis. ABDN showed this to be a dangerous approach. The main causation factors are the numerous equilibrium states that may have generated the data. Without a very rich quantitative understanding of the various agents involved in generating security threats and hence generating the data, it is almost impossible to discern these mechanisms. What we can do is delineate the potential impact of changes in investment mandated by policy makers given a shift from one equilibrium state to another.

UNITN:
UNITN has conducted various studies for supporting policy makers in designing appropriate security policies. Specifically, in these studies, UNITN in cooperation with other project partners has developed various insights and recommendations for security policies. UNITN showed that the approach used for a security policy might not guarantee the effective of the policy and the economic fairness for market players, and suggested the future direction for an appropriate security policy. UNITN further developed a methodology to assess emerging security threats, particularly vulnerability risks, and identified highly cost-effective risk mitigation policies. Some of the models developed in the SECONOMICS project are or will be introduced in the courses.

UDUR:
From an economic perspective the SECONOMICS project has provided an unparalleled opportunity to conduct qualitative studies on a variety of behavioral models of security. For instance, the policy modeling for critical infrastructure is an adaptation of models commonly applied to regulated industries with the element of security woven carefully into its structure. By addressing the strategic nature of the interaction with security threats this model illustrates that many of the standard results obtained from classical modeling of regulated industries need to be adjusted to account for the adversarial effect. As an interesting point of note, we show that even if security expenditure is mandated to be increased, unless the institutional arrangements managing the expenditure are in place, then security outcomes may not necessarily improve, in fact in exceptional cases they may deteriorate. This result is exceptionally interesting and we have empirical examples from each of the case studies that suggest that this is a possibility. On a personal note, we have used extensively the foundational work of Jean Tirole throughout the course of this project, he has had a foundational impact on the theoretical research into regulated industries and the award of a Nobel Prize in Economics for his efforts was well deserved and reflects the contemporary importance of this type of work.

ISASCR:
ISASCR has developed and applied instrument for qualitative comparative analysis of security issues in the media, in order to conduct in-depth qualitative and quantitative analysis of media coverage; constructed salience index and model of public acceptance of security measures and validated these with stakeholders from each of the case studies. By applying and advancing the methods of qualitative and quantitative research, we are able to fill the gap in the study of security and security risks by presenting a comparison of the unique data (media, survey, macro data) of transnational security issues in three areas of critical infrastructure (air transport, public transport and critical national infrastructures in form of energy provision networks).

In summary, the results of the project will be of interest to any security manager, public policy-maker or analyst with responsibility for designing, implementing or documenting security policies in most contexts, be they cyber or physical.

Exploitation Model

The SECONOMICS Toolkit Exploitation Model is a good practice to effectively implement the Toolkit. The process helps introduce the Toolkit to policy-makers and is used for evidence-based policy making. These practices were successfully used and proved during the validation of the Toolkit and its models. In a more general sense, the Exploitation Model can be applied as a good practice for the introduction and use of scientific models by policy-makers.

The SECONOMICS Exploitation Model has four stages:
• Stakeholder Buy-In: The first step is the introduction of the Toolkit to the stakeholders, describing the aim and functionality of the Toolkit and underlying models. This step helps to engage the stakeholders to participate in further steps.
• Confidence Building: Once the toolkit is introduced, there is a need of continuous interaction with the stakeholders, through meetings and other communication channels, until they are fully familiarised and confident with the Toolkit and its models.
• Calibration: Once the full familiarisation and confidence are achieved, the collaboration between the Toolkit experts and the policy stakeholders reach a state in which the Toolkit can be effectively calibrated and adapted to the particular industry or scenario considered. Important actions in this stage are the identification of the scenario parameters, and the selection of the parameters controlled by the stakeholders.
• What-If Scenarios: After the calibration, the Toolkit is ready to carry out the analysis of the scenarios and provide, to the experts and stakeholders, evidence-based support for assessing the scenario and policies under study.

The Exploitation Model allows the use of the Toolkit by industry stakeholders with the support of a consultant with expertise in the SECONOMICS Toolkit. Together, they are in a position to successfully apply, adapt and calibrate the security models for new uses or scenarios. The detailed exploitation activities are as follows:
• Stakeholder Buy-In: Identification and engagement of case study domain stakeholders at national, European and International level in the case study domains of Airport (ENAC, ACI-Europe, Eurocontrol, IATA, Assoaeroporti), CNI (National Grid’s, CPNI, ENTSO-E, UK Cabinet Office, DECC), and Urban Transport (TMB, Mossos d´Esquadra, UITP) has been crucial for stakeholder buy-in. The participation in conferences, events or specific meetings and dissemination workshops helped to present the project and gain the buy-in of these stakeholders. The SECONOMICS partners have conducted various community building activities to gain the stakeholder buy-in and to build their trust.
• Establishing Trust: Building the trust in the SECONOMICS methodology, and specifically, the Models and Toolkit was achieved through activities such as presentations, training and analysis to explore the aims of the project and the scientific background, evaluation of the potential of the Toolkit and the Models in the selected domain, and discussion of what can be answered using the Toolkit and what cannot. These activities helped to engage the stakeholders and get them to contribute to the Toolkit development (i.e. sharing data and information for calibration, discussion and validation of the final what-if scenarios).
• Calibration: Calibration of the Toolkit and the Models to the specific requirements of the domain and stakeholders has been essential. This step included the calibration of the scientific aspects (e.g. Scientific Models, scenarios and data) and the software/interface aspects (e.g. graphical user interface, infographics, Computational Models) of the toolkit. During the calibration phase stakeholders discussed the parameter structure of the models with the aim to calibrate them, provide the first interpretations of the Models (e.g. trade-offs, expectations), and analyse the Toolkit through expert judgements and interviews. This interaction generated a list of potential problems and recommendations to improve the Toolkit and the underlying models.
• What-If Scenarios: Demonstration and testing of the Toolkit in several scenarios, with different input values for the parameters, to check the results against the experience of the stakeholders, was the basis for developing what-if scenarios. Study on how the stakeholders used the Toolkit without guidance and how they took advantage of the Toolkit for accepting and validating the scenarios. Several validation sessions in each case, with discussions, interviews and questionnaires provided input at this stage. The validation activities and meetings, and the continuous interaction between domain stakeholders and consortium members, allowed to iterative improve the models, Toolkit, information, exploitation methodology, and the final policy outcomes of the project.

In the exploitation activities, the case study partners developed various information graphics that depict the security scenarios and models. These graphic visual representations helped convey complex information and data in a quick and clear way. Figure 6 shown below is one of the graphics developed in WP1. The information graphics were made necessary in order to effectively communicate the outputs of the project to the stakeholders and were used to facilitate both the discussion around the scenarios, and feedback collection about the models and their preliminary results.


[Figure 6: Information Graphic – Attack to the Tower Scenario]


Dissemination Activities

A detailed description of the main activities for the SECONOMICS dissemination is provided in D9.9 “Final Dissemination Plan” which lists main dissemination activities. This report provides a brief synthesis of these activities.
• 7 press releases in different languages have been produced. HORIZON - the EU Research & Innovation Magazine - also published a 1-page article about SECONOMICS. 5 newsletters have been produced and are available in pdf version to be downloaded from the website. Around 200 issues of the printed version of the newsletter have been distributed. Around 160 issues in electronic version were distributed by direct mailing actions.
• More than 70 scientific articles have published, including 7 that have been added to the OpenAIRE Repository.
• In terms of outreach SECONOMICS was present at more than 50 conferences and workshops; the project was officially presented at 8 events. To increase reach to practitioners, SECONOMICS good practice has been published on ePractice.eu.
• Synergies have been established with the First.org SIG Team for the definition of the Common Vulnerability Scoring System Standard CVSS v3, the UK Government, ACI Europe, ENAC and UITP Security Commission amongst others.


UNITN dissemination efforts received overall very positive and interested feedback from both Academia and Industry. UNITN enthusiastically participated in a series of dissemination activities in the course of the project to spread the ideas and insights of the project. In order to achieve higher awareness of the SECONOMICS project, UNITN carried out various presentations and publications in academic and validation conferences, industry fairs and scientific journals from the beginning of the project. As a result, UNITN have published more than 20 scientific articles (some of them under review) and presented in more than 10 academic and industry conferences. UNITN also considered dissemination as a chance to further develop research models. Comments and feedback obtained from the dissemination activities were fed back into the models to reflect the interests and create stronger engagement of the stakeholders. Furthermore, through the dissemination and validation activities, UNITN conducted more than 20 interviews with stakeholders and security experts in the field of aviation and critical infrastructures. The interview results were used for model elaboration, parameter calibration in the model and validation of results. In addition, SECONOMICS efforts in identifying the trade off between security and costs found strong academic participation in both students and researchers. A number of joint research activities stemmed from there. Further, Industry interest created collaborations with partners such as Symantec, Poste Italiane, SAP and Accenture and contact with other players in the security industry such as Qualys, Risk I/O and Deutsche Post. As a result UNITN was also invited to join the First.org team for the creation of the third revision of the Common Vulnerability Scoring System, the standard-de-facto for software security assessment, among others such as Intel, IBM, Juniper, NIST and CISCO.

DBL exploited its good connections with industry as well as with academia to transfer the scientific and technological results of SECONOMICS. In particular DBL, supported dissemination activities among European Stakeholders in the Aviation domain, receiving very positive feedback about SECONOMICS outcomes. DBL carried out various presentations and publications in academic and aviation-related conferences, industry fairs and scientific journals. DBL supported the organization of various Validation events for the Airport Case Study, of the Anadolu Dissemination Workshop and of the SECONOMICS Final Summit. DBL have published (jointly with SECONOMICS academics partners) 8 scientific articles (some of them under review) and presented SECONOMICS results in 10 academic and industry conferences. DBL used the experience from SECONOMICS to stem further R&D projects, building on the research carried out in SECONOMICS. This includes some proposals under the EU H2020 programme, as well as in the SESAR Exploratory Research Call.

ISST uses its good connections to industry as well as to academia to transfer the technological results of SECONOMICS. The results of modelling security scenarios and derive different implementations strategies finds much interest in industry. We succeed in gain industry projects with the help of SECONOMICS results. As one successful example we are starting projects with the steel producer CD Wälzholz, Ernst and Young and IASI Airport. Further we use our experience from SECONOMICS to stem further research projects, building on the research done in SECONOMICS. This includes some proposals for EU-H2020 calls as well. Further we use our presence at good academically conferences to disseminate results from SECONOMICS there and reach a broad academically audience.

URJC dissemination efforts in relation with SECONOMICS received notorious acceptance mostly in relation with the developments of the methodology and applications of adversarial risk analysis (ARA). From the academic point of view, we have been awarded a best anual paper prize from the Society of Risk Analysis, an AXA endowed Chair and have been invited to deliver invited talks in key conferences in the field like BISP, GDRR or a Dagstuhl seminar on Seminar Choice. Collaborations with other groups both in the EU and the US have been started. We have also started collaborations with organisations like Madrid Police, the Spanish MoD, AXA or A3sec in relation with applications of ARA.

UNIABDN engaged with stakeholders throughout the lifetime of the SECONOMICS project. It continues to engage with industry and government stakeholders in electricity transmission through its connection with NGRID. Academic publications arising from the project are under development.”

ATOS, in conjunction with TMB, supported dissemination activities among local stakeholders for the urban transport use case that received very positive feedback. This was performed through local workshops with Spanish stakeholders such as security areas from transport operators, and Metropolitan Transport Security Area police. Another important milestone was the organization and participation in the final project summit with a specific panel discussion on Security Issues in Urban Public Transport. These activities provided insights for the urban transport scenarios, the models and the software tool built during the project. These activities were also very useful to collect inputs for the pan-European coordination and the new and emergent threats in the urban transport field.
ATOS kept the website and a Tweeter account updated. Atos has produced 2 press releases which appeared in CORDIS and coordinated its translations to other languages for the distribution in different countries. Atos has also coordinated the production and distribution of 5 newsletters along the project. Around 200 issues of the printed version of the newsletter have been distributed. Around 160 issues were distributed by direct mailing actions. The newsletters are also available to download from the SECONOMICS website.
ATOS also helped to upload some SECONOMICS scientific papers to the European Commission OpenAIRE Repository.

Secure-NOK dissemination of SECONOMICS have received positive feedback and interaction, and we think we were also successful on spreading the SECONOMICS view on security to a varied set of people. The most interesting fact about our dissemination effort is that through the explanation of SECONOMICS and its approach, we were able to capture the attention of the audiences, and their interest, on the idea that the assessment and control of social, economic and political factors, both at public and organization level, are key for security policies and measures to work. In addition, we also insisted on show the audience the need for multi-disciplinary views and solutions of security. In our Information Security Economic sessions (both the MSc course and business presentation) and our ETSI presentation, we raise awareness on the importance of socioeconomic factors and thinking in cybersecurity to different types of audiences – standardization bodies, energy experts, cybersecurity students, or start-ups – and the importance of assess and understand these interactions (rather that consider this factors as something given and unchangeable). The application of Adversarial Risk Analysis in O&G brought the opportunity to discuss the ramifications of cybersecurity in industrial installations with Computer Security experts, whereas capture the attention of industry audiences as an interesting starting point to assess different security concerns holistically (e.g. intentionality of attackers, comparison of different impacts). The discussion of security decisions process – with academic experts in operations research, security and energy – highlighted the need of modeling and the importance of social factors (since a successful incident handling roots are communications and security culture).

IS ASCR dissemination efforts met with a positive response both at the national and international academic community and among stakeholders. Interest was aroused by a combination of media analysis and customer surveys data and customer complains data with the aim to design a conceptual model combining cost, profit & effects of individual security measures on customer acceptance/salience.
ISAS CR contributed with the knowledge how is various security concerns and measures viewed from outside, from the public perception and what is the human impact on risk perception. Publication of studies after Prague Graduate School in Comparative Qualitative Analysis awakened an interest of academia and industry and resulted in invitations to the presentations for scientific community and for business Organizations.
The added value was the use of analytical framework, originated for the project, later by the Summer School participants in their own work or dissertations.

NGRID focused its dissemination efforts with industry and government at a national and supranational level. In collaboration with the SECONOMICS partners, NGRID was proactive in presenting the overall SECONOMICS project and specifically the research work of the CNI case study. At a national level NGRID presented to UK intelligent services and agencies namely CESG and Centre for the Protection of National Infrastructure (CPNI). Also, NGRID enthusiastically engaged with UK government departments, Department of Energy & Climate Change (DECC) and Cabinet Office, to increase awareness of the CNI workstream and the potential research outcomes.
At a European and international level NGRID gave a number of presentations at academic and industry conferences. Also, one of NGRID’s key validation stakeholders was the European Network of Transmission Systems Operators for Electricity (ENTSO-E), a group that brings together the transmission system operators from across the Europe. NGRID was able to secure agenda items at 6 ENTSO-E subgroup meetings disseminating the CNI workstream across Europe.

AU dissemination efforts in relation with SECONOMICS project received very positive feedback and also interest from international and national civil aviation authorities (ext. Eurocontrol, DGCA) and national Air Navigation Service Provider (DHMI), Airport security organisations, Airlines and Air Traffic Controllers (TATCA). The Airport and Air Traffic Management related scenario based adversarial risk analysis were presented to high level, operational and academic stakeholders in validation workshops and academic papers and conferences published and presented which were found very interesting and value added. AU performed a passenger survey research in Ataturk International Airport and created knowledge about SECONOMICS and airport security involvement at the passenger level reaching up to 904 international passengers. Academic paper published including survey research and book chapter is prepared for 2016 publish with the other partners. SECONOMICS efforts and results helped to develop new project ideas and consortium agreements for proposals to HORIZON 2020 calls. AU is involved in one successful example is IMPACT (HORIZON 2020-DRS-2014_653383) project starting in the May of 2015.

UDUR have been a member of the consortium for only one year, however in that time we have managed to produce four significant research outputs in addition to the impact activities associated with the project. In lieu of this project several new ongoing research relationships have developed (with partners UNITN and ISASCR) and these will progress into more extensive research networks. Our work ongoing work exploiting the theoretical developments in relation to the project have provided a forum for an ongoing interaction with the UK government in this area and we hope to progress this in the near future to full policy platform.

List of Websites:

Website: http://www.seconomicsproject.eu/

Coordinator's contact details:
Fabio Massacci
Universitá degli Studi di Trento
email address: Fabio.Massacci@unitn.it
phone number: +39 0461 282086