Skip to main content
European Commission logo print header

Secure Dynamic Cloud for Information, Communication and Resource Interoperability based on Pan-European Disaster Inventory

Final Report Summary - SECINCORE (Secure Dynamic Cloud for Information, Communication and Resource Interoperability based on Pan-European Disaster Inventory)

Executive Summary:
The overall aim of SecInCoRe is to enable information sharing by providing context based access to structured and unstructured data used for the purpose of disaster risk management. SecInCoRe has developed a dynamic and secure cloud based ‘Common Information Space’ (CIS) concept that facilitates richly informed disaster risk management and cross-border, multi-agency cooperation.
The H1N1 pandemic starting on April 27, 2009, for example, spread so quickly that the World Health Organisation declared a global pandemic on June 11. A lot of information and experiences had already emerged along the way, but lessons learned were distributed all over Europe, unstructured and in various languages. SecInCoRe makes information searching and sharing easier.
Therefore, SecInCoRe’s socio-technical dynamic and secure cloud based CIS concept facilitates information exchange amongst collaborating actors in the emergency domain. Many parties could be involved in such a CIS, willing to share information in a secure, useful and trusted manner. Amongst them, a shared understanding as well as an awareness of differences between cultures, languages, contexts, approaches and perspectives is essential. The SecInCoRe CIS brings together an arrangement of methods, tools and agreements that can be assembled to create Common Information Spaces. This includes:

• The CIS concept itself enables the support to share information and collaboration between and within organisation.
• The Network Enabled Communication concept, which allows seamless, robust and role-based access to the CIS, including the RescueRoam concept, which supports first responders and their partners to connect in a common network, wherever they are. This facilitates mobile work and meetings in physical common information spaces and reduces the barriers which often prevent collaboration. Further the Communications interoperability concept between PPDR organisations leveraging both legacy narrowband PMR systems (based on Tetra or TetraPol technologies) and broadband PMR systems.
• The Knowledge Base includes the inventory in terms of databases and also interlinks the content based on a semantic model, the implemented SecInCoRe taxonomy. The inventory consists of research on past disaster, data sets, processes, information systems, business models used by first responders and police authorities and ethical, legal and social issues (ELSI) influencing the their work supports the understanding of differences and similarities of the various organisations involved.
• The Semantic search bridges between different frames of meaning and enables richer information retrieval, as well as supporting translation and sense-making by using an ontology-driven search functionality.
• Guidance addressing ethical, legal, and social principles when governing information sharing using technology for disaster risk management.

Pandemics are just one example. An established CIS could support first responder and police authorities being prepared for different types of incidents. Other examples which SecInCoRe is based on are: CBRN planning and training, the refugee crisis, major incidents and large scale accidents.
For detailed information visit the project website at: www.secincore.eu and the demonstration space to explore our concepts please visit: http://185.12.5.114/demonstration-space.

Project Context and Objectives:
Project context and the main objectives
SecInCoRe had designed a Secure Dynamic Cloud based concept for Information, Communication and Resource Interoperability in multi-agency crisis management, including information exchange and access to a CIS. This is based on a pan-European disaster inventory collating information about stakeholders, information systems, resources and data sets used in regional, national as well as cross European emergencies and disasters. SecInCoRe developed models for sustainable access to the inventory for different users, from open access to commercial service provision. The technical concept/system is operated by first responders and police authorities, from European Member States, for collaborative management of emergencies and disasters.

Project context
Many occurrences have revealed that – in addition to day-to-day operations – extreme events such as floods (1997, Poland), storms (Kyrill 2007, Europe), forest fires (2010, Portugal), earthquakes (1999, Turkey), avalanches (1999, Austria) and hazardous landslides (2010, Italy) as well as man-made disasters such as suicidal bombing (2005, London) and train bombings (2004, Madrid) have an impact on a local, regional, national and even international level. The number of joint operations is increasing where information is sent by first responders from different organisations or even nationalities related to different contexts using diverse technologies to coordinate and accomplish the operation. While they collect a large amount of information at each incident scene, in case of a disaster as well as in preparative processes the access to real-time and historical information is essential for decision making but often missing. Additionally, other stakeholders like politics, industry and research rely on information being subject to limited financial, material, human and temporal resources; the involvement of a variety of stakeholders, mental models, goals and concepts before, in and during an emergency are challenging for an on-going information exchange. Nowadays, the information exchange relies highly on spoken language or written text. While human-to-human communication is essential for emergency management, support by information technology is not sufficiently utilised due to risks in changing established organisational structures and due to incompatible systems. Content from preparative and post-operational processes is only accessible via intra-organisational channels and systems. When disaster relief forces from different countries co-operate cross-border or internationally, the information management situation is getting even more complicated: On the one hand, heterogeneous languages, organisational structures and responsibilities hinder the information sharing; on the other hand, even if these challenges are met, technical incompatibilities obstruct information sharing between first responders and police authorities from a national and international point of view. Neither a concept for a common knowledge base nor standards for information exchange between all first responders and police authorities have been established so far. Concerning information access and exchange there is no ‘common information space’ (see [Bannon1997], [Balis2009]) providing context based access to structured and unstructured data used for the purpose of security.
SecInCoRe changes this situation. The project identified processes, information systems and data sets used by first responders and police authorities leading to requirements for a CIS. While taking account established approaches and carefully addressing existent barriers, a system was designed complementing the potential of information exchange standards on the one hand and communication network and cloud based technology on the other hand. SecInCoRe evaluated its results involving all types of stakeholders in complementary operational contexts.

Main objectives
In detail the high-level objectives of SecInCoRe are:
1. A pan-European inventory of past critical events and disasters and their consequences (especially in terms of time dimension and costs) focused on collaborative emergency operations and real-time decision making. This objective is highly driven by end-users and targeted by empirical research from the perspectives of economics and engineering taking into account ethics, law, psychology and privacy.
2. Design of a secure, dynamic cloud based knowledge base and communication system concept including the ability to use emergency information by means of a trans-European communication infrastructure. The consortium followed a design science approach:
a) To define taxonomy of data sets, standards, processes and information systems and
b) To formulate a network enabled communication system concept including effects on business models and new possible emergency as well as crisis management models. Latest technological innovations from information management; service provisioning and communication networks was integrated.
3. Conceptual integration of available technology from the field of information and communication technology into patterns of infrastructure found in first responder organisations. The variety of emergency IT-systems available in Europe and the related variety of information acquisition devices present a new set of challenges to end-users involved in effective emergency management and law enforcement.
4. Evaluation and validation of all results in representative fields of application. A developed, adapted or already in use system was selected for validation in the project scope. The inventory was used for SecInCoRe system conception and as a database for co-operative disaster management. As a conclusion, extensions to existing crisis management models and modifications to business models of first responder and police authorities was proposed.

Project Results:
Main Scientific and Technological results/foregrounds
According to the cyclic approach applied for the work plan all work packages are in focus continuously. The red rectangle indicate milestones during the project.

The strategy to implement the SecInCoRe concept transfers S/T objectives and the intended progress beyond the state-of-the-art was to interconnected tasks and work packages:

1. End-user community inherent actions: WP2 complements end-user activities and workshops by research on ethical, legal and social issues (ELSI) and the evaluation of possible effects of SecInCoRe concepts (see section 4.2).
2. Multi-level pan-European inventory: WP3 built on representative incidents (see WP2) and performed empirical research on data and processes, information systems and business models (see section 4.2).
3. Solution oriented design of a ‘common information space’ concept (complementing user centred and demand oriented research): WP4 transferred results to a holistic system concept (see section 4.2).

SecInCoRe intended to transfer new knowledge to a distinct new capability in terms of FP7 Security. Therefore two elements are added being included in SecInCoRe’s high level objectives:

4. WP5 subsumed the implementation, the application to use cases, the validation towards requirements and the evaluation towards the expected impact incl. community building (see section 4.2).
5. WP6 highlighted standardisation, dissemination and exploitation targeting core cross-cutting objectives of FP7 Security (in co-operation with WP2) (see chapter 5).

Significant results from Work Packages
One main aim with relation to objective 2 and 3, described in chapter 3 is the development of a flexible, modular and adequate CIS concept to support first responder and police authorities in their work, collaboration with other and enable more information exchange. SecInCoRe aims to bridge not only between organisations, but also within organisations among different sectors, units, etc. or between systems to enhance the interoperability and information awareness during all phases of emergency management. One way to improve existing mechanisms is the interdisciplinary development of an enhanced way of interaction and information management. Further, SecInCoRe provides a platform for secure information exchange and management. Based on a pan-European inventory of crisis related information, several services are developed: e.g. secure cloud based services are developed to support more efficient and qualitatively improved processes (e.g. cope with existing language problems by offering translation services) or enable new processes in crisis management (e.g. new ways of collaboration and information exchange); ELSI services and guidelines are derived to support in all phases of crisis management; a taxonomy focused on crisis management enhance the information gathering and retrieval process.

The specification of the common information space concept, one of the major outcomes of SecInCoRe, is divided in two main parts:
• Socio-technical elements of the CIS concept.
• Cloud Emergency Information System (CEIS) concept.

The result is a visionary interdisciplinary concept developed in a co-design process and an exploration of its future ‘environment’. This delineates need for long term innovation beyond the SecInCoRe concept (such as implications for organizational practice, crisis management interoperability and models, policy, regulatory and legal reform and societal expectations).
Each part has several modules. Each module is connected to a certain task within the DoW of the SecInCoRe project.

• Terminology: this contains a common terminology that is used in the scope of the project for external and internal communication. The glossary part of the CIS-Documentation keeps track of this. Further existing terminologies of stakeholder, first responder and police authorities were analysed and used in the development process of a taxonomy.
• Stakeholders: all stakeholders, related activities have to be linked with each other using existing social network and contact management infrastructures. A stakeholder analysis was performed during the project and support the building of a representative community and the development of each SecInCoRe outcome.
• Collaboration Practices: to cope with the holistic concept different practices of collaboration are studied and evaluated. The co-Design process is one practice we use in SecInCoRe and is described in several publication listed in the report in section 5.2.
• Taxonomy: the taxonomy offers an order and a link on data. This concept is combined with the other modules in SecInCoRe to support the linkage between these various solutions.
• ConOps: in general, ConOps are a detailed description of how the SecInCoRe concept will work in use. It identified and detailed the functions and processes, and their corresponding interactions and information flows, concerned actors, their roles and responsibilities.

Connecting both parts is an objective of the translation into high-level requirements (HLR). These are used for internal and external purposes and to define general holistic concept objectives and goals.

• HLRD: High level requirement documentation, was done within JIRA . Further, validation and evaluation criteria based on HLR are defined in WP5. For verification and validation purposes regarding the CIS concept and its elements, HLRs need to be detailed by specific and SMART requirements; in SecInCoRe such a validation with regard to SMART requirements was done by the implementing party.
• Modular System Architecture: a modular system architecture was developed to allow easy extension and specified use of the various components.
• Network Enabled Communication (NEC): NEC offers a communication layer that enables reliable and seamless communication.
• Semantic Framework (SF): Based on the modular system architecture SF represents a set of interlinked services to facilitate the utilisation of semantic technologies (subsuming, for instance, semantic tagging of data sets, ontology mapping, reasoning and semantic search or translation). Among other functions, it allows the implementation of the SecInCoRe taxonomy and the integration in a search engine. Supporting the search allows to define a domain specific search on already existing databases and reasoning on existing semantic models.
• Knowledge Base (KB): The knowledge base is the technical representation of the inventory. It is composed by a data layer (i.e. the inventory content) and a semantic models interlinking the inventory content (i.e. the SecInCoRe taxonomy implemented as an ontology in RDF) Using the KB the inventory content can be accessed easier. Further, this allows to identify interfaces to other databases and to define specific services on that.

The overall CIS concept includes reference implementations (RI) to demonstrate the functionality of the described conceptual elements before.
Further the SecInCoRe concept and outputs are being validated by demonstration cases based on scenarios (WP5) that are leading to a novel common information space concept in emergency management. Therefore a concept of identifying and designing demonstration cases was implemented in the project and is highlighted in more detail in section 4.2.4.

Domain analysis, collaborative design and ethical, legal and social issues (ELSI)
WP2 includes four ongoing tasks (T2.1 T2.2 T2.3 and T2.4) which deals with the conducting of a past disaster inventory and the analysis of crisis management models, collaboration practices and in the end the provision of guidance targeting ethical, legal and social issues (ELSI) in relation with the use and governance of a CIS. Elements that are addressed by this WP are highlighted in Figure 4: Core results regard to terminology, stakeholders and collaboration practices; the database of past disaster events is an essential part of the KB; the results of WP2 are incorporated into the taxonomy in WP4.

Figure 4: WP2 elements of the overall CIS concept

Inventory of past disaster
The following table shows the categories and amount of past disasters, investigated by the SecInCoRe team and one part of the overall inventory, to address the SecInCoRe objective 1 (see chapter 3).

Table 1 Amount and categories of past disaster

Before starting to describe and analyse past disaster a template was developed to use a common approach by all involved partner. One significant element which is missed in other past disaster description before are a provision of explicit and implicit lessons learned based on the respective disaster.
Filled tables and all results of the past disaster inventory is visible on the SecInCoRe homepage (www.secincore.eu) and also available via the SecInCoRe demonstrator (www.secincore.eu/search).

ELSI Guidance
Some ethical guidance relating to DRM and ICT already exist, including a variety of codes of conduct and ethics, focusing on humanitarian issues, disaster response and resilience, matters of work practice, and – more recently – on ICT. Many originate from international organizations such as the UN, the International Federation of the Red Cross and Red Crescent (IFRC) (see Büscher et al 2013 for a review). EU organisations have developed codes of conduct for research and innovation (see for example Dratwa, 2014; European Commission, 2013; Pauwels, 2007; Rogerson, 2009; von Schomberg, 2007).
While some of the guidance for DRM addresses key issues relating to ICT such as data protection privacy, informed consent, they also leave many aspects of ethics in information technology design and use unaddressed. They often focus on technology as if it were separate from contexts of design, management, and use, rather than acknowledge the interconnected social, economic, political, cultural, organizational complexities enfolded into it in each stage. They leave unaddressed how the same technology may be used differently in different disasters, in different places, at different times, with different actors, where different, sometimes contradictory, ELSI will emerge. In order to address this misconception, it became necessary to develop new ELSI Guidance that could capture more of the dynamics involved and, with that, develop a new concept and structure for ethical guidance.
The ELSI Guidance address ELSI that can arise when managing and governing CIS for information sharing in DRM. They combine explanations of Key Terms complemented by Guidance entries to seed an evolving community resource. The ELSI Key Terms are derived from the SecInCoRe inventory and ethical impact assessment (EIA) process. They define, more broadly, the ELSI related to collaborative disaster IT and provide a starting set of general aspects that need to be considered. However, while these aspects help define end-goals, they do not offer clear paths of action. The Guidance entries explore a range of questions to consider to help figure out what about the principles, values, virtues and challenges captured by the Key Terms is important to consider in specific DRM collaborative ICT situations. As a whole, the ELSI Guidance provide resources for those engaged in collaborative, digitally augmented DRM to consider how they might pro-actively notice and address ELSI challenges, or take advantage of ELSI opportunities. The explanations and guiding entries are grounded in empirical research -- ethnographic, interviews, and desk studies – and designed to support better understanding and capabilities to articulate the social, technical, and data practices that enact ELSI, including, among many others, collaboration, security, accountability, privacy, interoperability, and diversity.
Overall, the ELSI Guidance support translation of awareness of issues into best-practice context-sensitive responses. By providing a mix of rules and reflexive questions, they help focus and direct stakeholders who might host, implement, or govern CIS by posing questions that can help them make the best possible decisions regarding ELSI. They do not provide all-purpose solutions, checklists or instructions. Instead they support reflexivity and acknowledge that ELSI emerge dynamically and cannot be addressed in universal ways. The ELSI Guidance are intended to seed an evolving community resource.
In the following an example for the description of a key term and a guidance is given.

Example Key Term: Accountability
Accountability refers to being answerable for one’s choices and actions and recognising one’s role and being responsive to the, sometimes divergent, expectations attached to it. It also applies to technology in the sense that infrastructures and algorithms should ‘account for’ their affordances and actions in ways that are intelligible to people. Recognising the role of individuals and organisations involved in CIS design, management, and use necessitates appreciating the responsibility shouldered by each individual and group involved. This includes considering how actions could impact those engaged in the CIS as well as the greater society.
• Be cognisant of and take responsibility for actions in information sharing.
• Be responsive in accordance with the duties of your role.
• Consider the potential impacts of behaviour, research, and sharing outcomes.
• Be aware of your expectations of others' capacities, focus, and responsibilities and how they affect your own decisions.

Sources
Buttarelli, G. (2016) The accountability principle in the new GDPR, Speech at the European Court of Justice, Luxembourg, 30 September. https://edps.europa.eu/sites/edp/files/publication/16-09-30_accountability_speech_en.pdf
European Data Protection Supervisor (2016) Guidelines on processing personal information in administrative inquiries and disciplinary proceedings. https://edps.europa.eu/sites/edp/files/publication/16-11-18_guidelines_administrative_inquiries_en.pdf
Petersen, K. et al. (2015) D2.02 ELSI guidelines for collaborative design and database of representative emergency and disaster. SecInCoRe EU Deliverable. http://www.secincore.eu/publications/deliverables/
Satori (2016) Ethics assessment for research and innovation - Annex A. CWA SATORI-1:2016
Tenenberg, J., Roth, M.-W. Socha, D. (2016) "From I-Awareness to We-Awareness in CSCW". Computer Supported Cooperative Work (CSCW). V. 25(4-5): 235-278.
Weitzner, D. J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., & Sussman, G. J. (2008). Information accountability. Communications of the ACM, 51(6), 82–87. http://doi.org/10.1145/1349026.1349043

Related Guidance
Justifying Exclusion
Accountable Anonymity
Transparency of Data Processing
Data Controllers
Technology and Power

Example ELSI Guidance: Goal Diversity

Hint: Working with shared and divergent goals

CISs need to afford negotiation between the various stakeholders’ goals, interests and concerns. Participants should be supported in taking one user’s specific way of knowing risks or incidents and translating it to be understood by fellow users with different backgrounds and experiences. This is because CISs put into conversation information gathered using several different methods and put together information that is intended to achieve different goals by the various actors involved. While standards, procedures, and classification schemes are fundamental to sharing across organisational and institutional boundaries, a CIS needs more to support collaboration. It needs to involve the identification of the key overarching goals of the system itself, as well as of the governing bodies, organisations, and individual users of the system.

Guiding Questions
What goals do you have that others might not share? What goals are interrelated?
How are goals, interests, concerns communicated?
How can the CIS help clarify shared or divergent interests and concerns?
How can the CIS support collaboration amongst actors with competing goals?
How can the CIS encourage the articulation/translation of these goals?
How can these articulations be tied to data as it is gathered for, and used within, the CIS?

Further Information
As the amount of linked data increases, so too does the diversity of data. Stakeholders often find it difficult to make sense of the various data coming their way, since they do not have the same focus in their engagements with the information as those who entered it into the system. To be useful, the CIS needs to provide a flexible, ever changing, yet self-evident standard of classification and meta-data to accommodate for the increase in data without abstracting and erasing the diversity.

Examples
In a study entitled ‘Understanding Complex Information Environments’ Van House, Butler, and Schiff (1998) explore the working patterns around information sharing and collaboration in relation to California watershed planning and examine how these ideas might play out in a CIS. They describe the watershed planning process and CIS as “distributed physically in time and space, and logically in terms of control; and with no omniscient agents organizing the work” (p. 336). The engagements they observed involved a range of stakeholders, from government agencies, resource-based industries such as agriculture and timber, environmentally-based industries such as recreation, landowners, and non-government environmental groups, and community groups. The planning took place at state, regional and local levels, often with the need to manage competing interests. The goal for these interactions in relation to watershed planning were for these stakeholders to come to as much of a shared understanding of the current state of their watershed regions as possible. From this they hoped to produce a common set of expectations from future actions and agreements for overarching goals. Van House et al. found that the shared information was not just used for decision-making but equally “for defending points of view and persuading and educating others” (1998, p. 337), illustrating the qualities of information as a ‘boundary object’. In doing so, the different stakeholders used different data and privileged different uses of the data.

Concerns:
• Fear of losing the legitimacy of their communities of practice that would limit their authoritative voice.
• Fear of the use of their data in unintended ways because the data were disassociated from their site of production and thus made to mean new things without consideration for the specifics from which they derive.

Solutions:
Using descriptive meta-data that aimed made it possible to calibrate measurements, terminology and data elements across the range of information provided within the CIS.
Using established mapping or reporting structures supported stakeholders in knowing they were appropriately combining different data from different sources. Van House et al. do note that, “whether such detail can be sufficiently specified is, however, debatable” (p. 340).

Tags: Cooperation, Diversity, Fairness, Impartiality, Solidarity

Resources
Cooper, A. and Reimann, R. (2003). About face 2.0: The essentials of interaction design. John Wiley & Sons
Joshi, A. Usability Goals Setting Tool. Available at http://www.idc.iitb.ac.in/~anirudha/ugt.htm
Star, S. L., & Griesemer, J. R. (1989). Institutional ecology,translations’ and boundary objects: Amateurs and professionals in Berkeley's Museum of Vertebrate Zoology, 1907-39. Social Studies of Science, 19(3), 387. Also available at http://www.lchc.ucsd.edu/MCA/Mail/xmcamail.2012_08.dir/pdfMrgHgzULhA.pdf
Tognazzini, B. (2003). First principles of interaction design. Available at http://www.asktog.com/basics/firstPrinciples.htmlhttp://www.usability.gov/how-to-and-tools/methods/develop-plan.html
Usability.gov Project team roles and responsibilities. Available at http://www.usability.gov/how-to-and-tools/methods/project-team.html
Van House, N. A. Van, Butler, M. H., & Schiff, L. R. (1998). Cooperative Knowledge Work and Practices of Trust : Sharing Environmental Planning Data Sets. The ACM Conference On Computer Supported Collaborative Work, Seattle, WA November 14-18, 335–343. Doi:10.1145/289444.289508.

Pan-European inventory of data sets, information systems and business models
The main objective of WP 3 is the development of a Pan-European inventory, described in objective 1 in chapter 3 of this report. Subsequent gathering and analysing inventory content in the categories data sets, information management processes, information systems and business models was objective of the task. Consequently the WP targets elements of the overall CIS concept as shown in Figure 5.

Figure 5: WP3 elements of overall CIS concept

The semantic framework (WP4) is highlighted regarding its function to provide access to the inventory
In WP3 a Pan-European inventory of past critical events and disasters, their consequences (especially in terms of time dimension and costs) focused on collaborative emergency operations and especially planning and preparing to emergency operations is created. Moreover, the focus is on creating a critical mass of content and the infrastructure for a self-sustaining dynamic inventory that grows with the evolving landscape of first responder and police authorities’ practice.

Figure 6: Inventory content

The inventory of disaster events is complemented by an inventory of related information. Following the high-level SecInCoRe objectives and the research methodology the inventory includes the following categories (see Figure 6):
• Data sets: identification of data sets which are available for first responders and police authorities as well as barriers to utilising these data sets (including both access as well as exchange issues in human to human, human to machine and machine to machine communication).
• Information management processes: identification and mapping of common work flows, decision trees, general crisis management models and lessons learnt within each European country, in order to point out the possible gaps in data sets, missing interoperability within and between organisations and procedural differences.
• Information systems: identification of information and communication systems, available and used by first responders and police authorities, including relevant functionalities as well as analysis of success factors and barriers for the application of information systems.
• Business models: analysis of business models to facilitate the cooperation between stakeholders (including Public-Private Partnerships) and application of ICT solutions into practice. In addition to considering fit between problems and solutions, also included are analyses of the fit between these business models and regional, national, European, and international regulations as well as public procurement procedures.

Data sets
SecInCoRe researched and collected an extensive list of data sets which refer to disaster and crisis management.
The focus of gathering was on data sets that fulfil the following criteria:
• Origin of the data set.
• Inclusion or contradiction to the current data model.
• Incident type.

Data sets were gathered based on the emergency management cycle. Within the four phases, a further subdivision was useful to structure the gathered data. Figure 7 shows the different categories of gathered data sets and the final basis of the data model. In each category several sub-categories are defined (not shown here).

Figure 7: Categories of datasets

Data sets as part of the inventory are stored in a dedicated database of the Knowledge Base.

Information management processes
This chapter aims to provide an overview of command systems and also information management processes. In a first step EU institutions and the organisations of their member states related to disaster management were analysed. After that, an overview of the institutions, information systems and the possible connection between them was created. Following, relevant command and control systems within were identified and compared.
One example for the work done is the analysis of command systems and of information management processes. The following four command systems were compared:

• ISO 22320:2011 ‘Societal security – Emergency management – Requirements for incident response’.
• FwDV 100.
• National Incident Management System (incl. Incident Command System).
• ‘Tactics, command, leadership’ - Swedish Civil Contingencies Agency.

The main focus was on the analysis of fundamental structures, processes and activities in the mentioned command systems. Afterwards the objective was to identify differences and commonalities between the command systems, which led to the development of a representative taxonomy. The comparison was done manually by selecting all relevant terms in the different command and control system and their respective definitions. This Reference Command System should represent a consistent combination of all identical or rather similar elements that are essential for a basic command system in the field of emergency services identified by their individual definitions in the command systems.
The selection of command systems is based on an accordance of the main intentions and functionalities, because every system tries to ensure a standardised execution of incident response operations. The involved organisations and other institutions have to act according to the specified guidelines or rather requirements of the concepts, which should provide more efficiency and additionally improve the results of multi-organisational operations. Besides the mentioned command systems apply to the organisations, fire services or rescue services as an obligation in their respective countries. The commonalities are the prerequisites for the following analysis that intends to identify ‘connecting-points’ with regard to the content, knowing that some of these ‘connecting-points’ could be too abstract to be implemented. Eventually the amount of ‘connecting-points’ is a reference for the potential and extent of a Reference Command System, which consists of representative basic elements that are available in the above-named, already existing, command systems. In order to take country-specific differences into consideration, the selection includes several areas of validity. In addition to command systems with relevance for European countries, the National Incident Management System (incl. Incident Command System) represents a perspective outside of the EU and may reveal partial, but significant differences. There is a possibility to compare elements individually and objectively, because every command system contains necessary basic elements) in their structure. Furthermore, the definitions of these elements are nearly identical or at least similar. After visualising the single command systems in hierarchical process structures, the next step is to develop the taxonomy of a Reference Command System in relation to WP4, which provides a hierarchical structure of all identical elements.
Information systems
The inventory of information and communication systems aims to define relevant criteria and parameters for describing the range of function of a respective system. Overall about 130 systems were analysed, categorised and stored in the Knowledge Base. In the following section the resulting data scheme is provided based on the analysis. This enable system provider to optimise their individual system descriptions and make the confusing landscape of information system in this domain more comparable. The data scheme shown in the Figure below has been developed and applied in tabular form for different IS.

Figure 8: Database scheme for information systems

Business models
Through a literature review and desk analysis, it has been possible to identify some crucial points when talking about business models for information systems for emergency services. The main finding is related to the perspective that is adopted to face a discussion on business models; it has to be considered who has to buy or to obtain an information system, and, on the other side, the operated business models by those who are implementing and promoting an information system.
Starting from the perspective of national emergency services, being generally public institutions, which intend to adopt an information system it is generally necessary to follow the rules of public procurement. For this reason, a first work of analysis was dedicated to public procurement procedures in various European countries. What emerged is that public procurement can change from country to country, even if in Europe the process has been harmonised compared to the past in order to align procedures. In addition to public procurement other forms, such as public private partnership are also applied.
On the other hand, if we adopt the perspective of who implements and sells information systems, different business models can be developed. The variety of business models depends on the different approaches on which the information systems are based, on the different scopes and also to the different actors that implement the system.
In line with this, the data gathering about business models for the Knowledge Base has been performed in order to identify the most relevant business models for information systems used by emergency services for crisis management. With this it has been possible to identify four major business models that are adopted for information services. Such models have also been discussed with the users that attended the SecInCoRe workshops in order to verify the correctness of the categories. The four models identified have been analysed and categorized as:

• Publically funded Pan-EU model;
• Vertical model, that can be public or private, focused on specific emergency or related topics;
• Not-for profit model, building a volunteer community, that could be a new community or integrating outcomes into an existing one;
• Commercial model based on private companies.

Access to inventory
The data in the emergency domain within the EU is

• Distributed among several organisations, persons and storage systems;
• Unstructured hence stored in several formats and without unified data formats, available in different languages;
• Available in different languages, because most organisations are working in their national language and not in English;
• Either public or sensitive or restricted, depending on the kind of data and the regulations of the nations / organisations.

This causes duplication of effort. Obviously, the problems cannot be solved within a single project, but requires ongoing technical and especially organisational developments in the EU.
The Semantic Framework matches results of SecInCoRe together to make first steps, solving these issues. Therefore, it uses four main approaches:
• Make the data accessible from one source;
• Structure data using semantic approaches;
• Try possibilities of automatic translation;
• Enable a trusted environment.

Having these approaches in mind, the top-level concept shown in Figure 9 was developed. The data in the domain is stored either in databases or in filesystems, spread among all organisations. The data is inserted into the Knowledge Base either connecting the databases directly or uploading the contents of the filesystems. In addition to these data sources, the SecInCoRe databases are connected to the Knowledge Base. Within WP4 different ontologies and semantic approaches were developed, representing broad parts of the emergency domain. These ontologies as well as semantic approaches representing the ‘world knowledge’ are used to structure the data within the Knowledge Base. Finally, members of the domain could search within the Knowledge Base using the Semantic Search.

Figure 9: Screenshot of the Semantic Search

Design of Secure Dynamic Cloud for Information Communication and Resource Interoperability
The main results of WP4 are documented in four deliverables, aiming to address objective 2 and 3 (see chapter 3):

• D4.1: Requirement Report: Incl. chapters on first requirement analysis results.
• D4.2: System Views and Concept of Operations.
• D4.3: Network enabled communication system concept and common: Incl. chapters on Draft Taxonomy.
• D4.4: Report on Interoperability Aspects: Incl. chapters on Final Taxonomy.

The elements addressed in the CIS concept from WP4 are visible in Figure 10.

Figure 10 WP4 elements of the overall CIS concept

Modular system architecture
The modular system architecture of all relevant elements and moreover highlights the combination and integration of reference implementation introduced in the original CIS concept of the SecInCoRe project. It will be used to address stakeholders in a proper way targeting directly their needs or requests to deepen knowledge about the SecInCoRe CIS concept.
The Figure 11 gives a compact overview about the technical connections within SecInCoRe. The end user uses the NEC to access the collaboration platform, where the Semantic Framework enables an integrated access to the contents of the Knowledge Base.
The first step to access the cloud system is to use the RescueRoam access point to connect with the Mission Critical Services and – using the multilink and network coding – the RescueRoam server. After the credentials are checked with LDAP servers, the collaboration platform can be accessed. Open Atrium contains functions such as a forum, data exchange capabilities and the connection to the Semantic Search. The Semantic Search combines data and structuring approaches from different sources mainly from the Knowledge Base: Different databases and file systems are crawled with ManifoldCF to collect all data which should be searchable. To structure the data, SecInCoRe and external ontologies are integrated. The Open Semantic Framework integrates the data and the ontologies and provides the backend for the Semantic Search. After that the VOWL component is used within the Semantic Search, to demonstrate the connection of the ontologies and the data, enabling a “Graph View”.

Figure 11 Modular system architecture visualisation

Taxonomy and Semantic Search
The main objective in deriving taxonomy is based on the defining of relationships in existing ones as shown at a meta-level in Figure 12.
To build the basis for defining relationships, different workshops have been conducted. The workshop set-up included specific, real processes of first responders or Police Authorities. Within these processes used information systems and moreover used, needed or available data was identified.

Figure 12 Taxonomies overview

One aim of the SecInCoRe project is to define new relations between selected vocabularies or ontologies. In this sense, an analysis of tools and methods to combine the concepts of the respective ontologies was executed. Finally, the decision was rather than developing another tool for aligning the ontologies, to accomplish the task manually. Web-Protégé was used to achieve this because despite its drawbacks (using an older OWL standard for example) it provides a collaborative platform with built-in version control.
The Semantic Search is developed to help prospective users to utilise the ontology to find relevant content in the Knowledge Base. The aims are therefore, to enable the user to access the KB content and to give an idea of how semantic approaches could be used within a CIS.
A structural overview of the Semantic Search is given in Figure 13.

Figure 13 Overview of the Semantic Framework

In the emergency domain, data is distributed in local organisations and stored in several formats. When these organisations join a CIS, they can connect their databases and file systems with SecInCoRe. The data is therefore accessible in the Knowledge Base, together with the data collected within the SecInCoRe project. To structure the data, different ontologies are used. The emergency domain is represented as well as possible within the SecInCoRe ontologies. To enable also a structuring and analysis of the content concerning general topics, general ontologies are also used, which represent the “World Knowledge”. Matching all these sources together enables users from within the emergency domain to search from one single point in all connected data sources, using emergency as well as general ontologies to structure and interpret the data.

Seamless and secure communication system
The provisioning of a seamless and flexible communication platform as part of the Common Information Space is indispensable for ensuring a connection to the Cloud-based infrastructure and a key enabler for process-oriented local communication at incident scenes. The communication service should work in a transparent manner in two senses. On the one hand, and most of the time, it should ‚just work’ and make the complex processes that are necessary ‚invisible’ to the user. On the other, it should enable users and developers to, where necessary, open the ‘black box’ and inspect the logics and processes.
In SecInCoRe, seamless communication is provided on two different levels as depicted in Figure 14. First level is the seamless connectivity for the users. The RescueRoam system provides this capability. The second level is access to the cloud in a secure and resilient manner.

Figure 14 Seamless communication in SecInCoRe

Interoperability and therefore cross-border communications between Public Safety organisations in the European countries have so far been very limited mainly due to incompatible communication systems in the countries. This has limited other countries’ Public Safety forces’ ability to enter into neighbouring countries and coordinate across neighbouring countries communication systems for Public Safety in order to collaborate and being part of the same CIS.

In SecInCoRe, two system architecture options for Mission Critical Services are described in detail:
• Option 1 : Interoperability with PMR services based on an extension of the legacy PMR services.
• Option 2 : Interoperability with PMR services based on 3GPP standard solution.

Figure 15 Mission Critical Services architecture for option 2

Option 1 architecture leverages existing PMR network and is based on a proprietary solution which could be deployed immediately but with limitations when cross border communications are required.
Option 2 architecture is based on the 3GPP MCPTT standard which has just been approved by the 3GPP. Products need to be developed and will not be ready before end of 2017/2018.
The RescueRoam concept as presented in Figure 16 provides a common network space that can be shared by all parties involved in an emergency event. It includes mobile access points situated on sight of an emergency, secure WLAN connectivity that provides access to the full SecInCoRe functionality, personal Single Sign-On credentials that can be used to access other SecInCoRe components.
The initial entry point of the RescueRoam are the mobile access points that would be provided on the emergency sites. They will be configured to use a SecInCoRe LDAP server. This server is installed with OpenLDAP and freeRADIUS, which provide the authentication layer of RescueRoam. RADIUS is a network protocol - a system that defines rules and conventions for communication between network devices – for remote user authentication and accounting.

It serves three primary functions:
•Authenticates users or devices before allowing them access to a network.
•Authorizes those users or devices for specific network services.
•Accounts for and tracks the usage of those services.

Figure 16 RescueRoam concept

Seamless communication is strongly connected to a dynamic and reliable network and communication link management combined with intelligent failover mechanisms and network monitoring tools.
One way to improve the reliability of the communication access is the usage of multiple communication technologies and paths. Mobile communication technologies like IEEE 802.11 or cellular radio networks like LTE can be combined to improve performance and reliability. The challenge is to manage the different links and decide on best scheduling strategies to exploit the capacity in best way possible. In SecInCoRe, two technologies have been used and analysed to provide such functionality Multipath TCP and Network Coding.

Figure 17 Network Coding in SecInCoRe

One of the main objectives of the SecInCoRe project is to research and develop suitable security and authentication technologies to ensure secure and auditable access to cloud-based services to emergency response services, researchers, public administration, as well as members of the public. A strong emphasis is placed on the integration of diverse data sets, their secure storage and transmission, as well as authenticated access to these data sets. Secure Single Sign-On and two-factor authorisation implementations are part of this ongoing research.
Methodologies relating to cloud security such as SSH-only access to infrastructure, firewall functionality, Access Control Lists, Network Intrusion Detection Systems, Distributed Denial-of-Service protection and Private Networking Interfaces are employed to secure the cloud system.

Integration, validation and evaluation
WP5 aimed to achieve three main goals related to the objective 4, described in chapter 3. The first goal was related to the technical implementation of the common information space concept, including the SecInCoRe knowledge base, cloud services and the system integration for the validation process. The second goal was the validation of the SecInCoRe project outputs. The last one was the demonstration of the outputs in order to validate and evaluate the impact of the project. Activities started in month 1 and the work package ended in month 36. Within the three project years all activities have been implemented as planned and all planned objectives were achieved as further described in the following paragraphs. Elements of the CIS which are addressed with this WP are shown in Figure 18.

Figure 18: WP5 elements of the overall CIS concept

Regarding the technical implementation of a common information space, the work started at the beginning of the project and at the end of the project a final version of the CIS has been finalised. The final version has been improved by continuous refinements made by the project partners as well as thanks to the SecInCoRe Advisory Board feedbacks which were reviewed and led to a number of improvements and changes to the CIS. These improvements resulted in a more refined end-user experience covering the entire workflow, from discover to set up of a new space. In particular new functionalities have been integrated. For example, the user profile module in Open Atrium was upgraded to allow more profile editing options for users and more functionality. A pre-registration landing page was created using the Wix platform. A quick introduction to the OA is provided and the SecInCoRe video has been embedded. There are links to the project website and twitter account as well as contact information. The registration page of the OA was reconfigured and "terms of use" included.
In addition, in OA a validation space to store and make available the validation process has been created (Figure 19).

Figure 19: Validation Space in the Open Atrium

The reason to add the validation space is related to the need to integrate also the validation activities within the demonstrator in order to better shown how Demonstration Cases have been performed. Indeed, as shown in Figure 19, it is possible to access all contents produced for each demonstration case in order to guide the users in the understanding of the process followed within WP5.
In order to allow the validation and evaluation of the CIS, a validation and evaluation strategy was defined at the beginning of the project and finalised before the start of the validation and evaluation activities. The methodology for the validation was strictly linked to the planning of the validation activities in relation to the specification of the criteria for the identification of and requirements for stakeholders and to the refinement of the validation strategy. These activities were particularly linked to the identification of indicators and to the specification of validation scenarios and of a validation plan. The methodology, before to be used in the final validation cases, has been tested in three pilot cases to adjust methods and tools for the validation. In line with this methodology, the Demonstration Case Template was used as predefined tool in all three dedicated pilot cases. In addition to this also questionnaires, scripts for interviews and focus groups and participatory and hands-on tools for taxonomy were tested for final validation activities. The pilot cases were organised in the form of workshops, always with the participation of external users. In this sense it was possible to collect feedback from them and integrate it in the next activity. All results have been used as a refinement of the methodology.
Once the methodology and the demonstrator were ready to be used, it was possible to define a common timeline with the partners, planning three validation cases and three evaluation cases organised according to major events scheduled by the project. The common roadmap helped the project partners in working together and to be well prepared for the six meetings to validate and evaluate the different project components. The aim of the process, indeed, was to have both validation and evaluation very much embedded in all the project’s processes and not just as a final and separated activity.
As said, lessons learned from the three pilot cases were used to build a proper demonstration case, performed in October 2016, in order to validate some of the SecInCoRe’s outputs. This first validation activity was organised in Paderborn with external users. Then, the second validation activity has been performed in Rome (15 December 2016) with a representative of the Italian Fire Brigades and another one with a representative of the Italian Civil Protection (3 January 2017).
In addition to the validation activities, a set of evaluation activities have been performed. The strategy was based on the chance to link dedicated evaluation activities to three major events organised by SecInCoRe and to organise three evaluation activities in order to evaluate two major project’s outcomes: the ELSI guidance and the CIS concept. In this sense, for the evaluation of the CIS concept, two meetings have been identified as the best option to be referred to relevant stakeholders: The final Advisory Board meeting and the Joint Event (organised on 28 February 2017 by SecInCoRe, EPISECC, SECTOR and REDIRNECT, which are all projects financed by the call FP7-SEC-5.1.1 in Brussels). For the ELSI, the evaluation has been performed within the 10th International Conference on Computers, Privacy and Data Protection (CPDP), during the dedicated workshop on “Information Infrastructuring for Disaster Risk Management that took place in Brussels on 26 January 2017.
As for the validation, even for the evaluation the tools used to collect data and feedback from users included structured observation, focus groups discussions and semi-structured interviews. Data collection instruments and observation frames were adapted, when needed, to the characteristics of the Demonstration Cases and to the evaluation cases. Following the data collection achieved during each session, qualitative analyses have been performed. Qualitative analyses have been based on a coding of the emerging indicators and then performing a content analysis. This allowed to compare the matching between the elements that emerged with the users and the high level requirements established during the project
All the three events have been crucial for data gathering and for deriving the results of the evaluation activities producing results in terms of the impact produced by SecInCoRe.
The main results achieved within WP5 have been the creation of the strategy for validation and evaluation methodology and its application to the several phases of the project, starting from the Pilot Cases up to the final Demonstration Cases.
Results are briefly summarised in the following.

From a validation perspective, the activities aimed to validate the following main project components:
• CIS concept and derived principles informing the design of the demonstrator;
• Taxonomy / ontology and semantic search;
• KB/Inventory;
• Collaboration practices.

Results of the validation have shown the relevance of some elements conceptualised within the project as potential tools to be used in the current practices of first responders and emergency services.
The most important result from validation activities is the positive feedback received by the users on the need to have a CIS that could harmonise procedures for preparedness and planning around Europe. Having a common CIS that could help to standardise practices for sharing documents and enhancing collaboration is useful and needed according to the users’ comments. Another major aspect relates to the graph view developed by the project. The graph view has been perceived by the users as a new way to approach the search of topics when looking for documents to prepare a plan or an exercise.
From the evaluation perspective, it has been possible to identify why SecInCoRe is relevant and for whom. Analysis confirm that SecInCoRe is relevant because it has produced the design of a CIS that, according to the stakeholders, can improve current practices on preparedness and planning in the emergency services, effectively addressing some of the major issues that still emerge from current practices such as: the lack of information exchange, the difficulties in creating new partnerships and the obstacles to collaborate in an easy and effective way. For these reasons, the project is relevant mainly for practitioners and first responders who regularly work in the planning and preparedness phase of the emergency at the European as well as at the national level.
It emerged from the stakeholders that the use of a CIS designed according to SecInCoRe principles could improve the current procedures used for crisis management. The first issue is related to the fact that stakeholders from all around Europe do not use a unique tool for accessing and exchanging information or to collaborative produce a plan. In line with this, establishing a CIS with access for the practitioners will allow to get access to the same critical mass of information, having access to documents and material and contextually using the collaborative functions to set up collaborative groups.
In relation to its impact, the SecInCoRe impact has been mainly assessable looking at the potential consequences, as assessed by stakeholders, on the following variables:

• I mpact on knowledge and information sharing

As already stressed, one of the major elements that has been identified to produce an impact is related to knowledge and information sharing. It emerged clearly that there are currently no tools or repositories at the European level that can help the practitioners in finding information during the planning phase. In this sense, most of the stakeholders appreciated the opportunity to have access to the same critical mass of information contributed by different emergency services across Europe. The positive feedback is related to the fact that having a common repository could improve the knowledge of sources used by other practitioners and promote the standardisation of the documentation, stimulating the standardisation of the produced plans. However, it is important to say that the impact is observed not only in relation to the inventory itself but in relation to the fact that the inventory is embedded within the CIS system and so the information is not just accessible but it is also easy to share or to discuss thanks to the functionalities provided by the CIS to foster collaboration among stakeholders.

• Impact on networking and on establishing new partnerships

In addition to what has been stated so far, an additional dimension related to the impact of the CIS is linked to the opportunity offered by the system to establish new partnerships, fostering a network at the European level among practitioners engaged in the emergency services. As emerged from stakeholders, even during the planning phase the network of people contacted to receive additional information is generally limited to the personal contacts that each practitioner has. A system based on a network of practitioners from all around Europe would offer the opportunity to build new relations with colleagues from other countries even if no personal contact is already established. The possibility to contact the author of the information stored in the inventory would also be extremely helpful for establishing new partnerships by directly accessing the sources of relevant information. This was judged as an extremely positive opportunity to foster collaboration in a world that is very much based on fragmented contacts.

• Impact on social capital increment for users and participants

Finally, in relation to the impact on social capital among users of the same CIS, the most important element that emerged is “trust”. People engaged in emergency services (due to the high sensitivity of the work performed) are very focused on the trust established within the networks in which they are engaged. In this sense, a CIS with a high-level managing authority that could guarantee the process and the management of the system would be extremely important to guarantee the establishment of a trusted network. On such bases, stakeholders would be inclined to trust the system, the information stored in it as well as the security infrastructure behind it. These points would encourage subscriptions to the system and its use on a daily basis.
In addition to all the above identified dimensions, it is important to report that an additional major impact has been in relation to the work performed on the ELSI guidance. Even if ELSI are formally part of the CIS because they are reflected in the system, they also constitute a stand-alone project outcome.

Exploitation and Standardisation
WP6 covers the following activities in order to transfer the concepts and project results to the market, the public and scientific community, and the standardisation bodies:
• Extended Exploitation and Dissemination.
• Contribution to / New crisis management models.
• Contribution to / New business models.
• Standardisation potentials in the area of:
o Data Models of the Pan European Inventory.
o ELSI guidance.
o NEC concept.



Potential Impact:
The overall strategy of SecInCoRe was designed from two perspectives: On the one hand the demands stated by and hinted at the FP7 Security work programme, the background of its cross-cutting activity on interoperability and specifically the topic SEC-2013.5.1-1 Analysis and identification of security systems and data set used by first responders and police authorities; on the other hand the expertise and future research plans of the SecInCoRe consortium. The exact matching of these two perspectives allows high impact:

• Nowadays the number of joint operations of first responders and police authorities from different nations are increasing while problems related to communications, deviating processes or organisational structures hinder the success of an operation and also joint planning and training for future incidents. To enhance the interoperability SecInCoRe analysed existing crisis management models, procedures and used information system within a Pan-European inventory and recommend an organisational framework to achieve a shared understanding of crisis management processes. Furthermore, the design of a common information space solved these issues.
• Within the secure, dynamic cloud based approach new ways of service provision in the field of public safety and crisis management was researched on and achieved. Thereby data and information is accessible for multi-agencies such as first responders, police authorities as well as for emergency and public safety end-users in the preparation and planning phases.
• Standardisation activities was reached by SecInCoRe in different manners. On the one hand a technical-oriented view was providing capabilities for standardisation related to information systems and network enabled communication. Beyond, a process-oriented view provide a standardisation approach for ELSI Guidance, crisis management processes and models and used terminologies.

The main benefit of SecInCoRe is to enable collaboration and exploitation of information at European level. Using this system an improved emergency planning and preparation can be ensured and support first responder at cross-border and national incident scenes.
According to the nature of the project as a cross-cutting activity (cp. FP7 Security work program), the intention is not having a ‘simple’ dissemination and exploitation with regard to a unidimensional mission oriented, socio-technical system, but is more related to how SecInCoRe elements will be sustained when the project ends.
The sustainability strategy is described in the following Figure and depends on four dedicated elements:

• Extended dissemination and exploitation - All partners describe dissemination and exploitation strategies in detail in D6.3. Targeting ways for identifying selling opportunities and opening of new markets, reuse of gathered knowledge during the project, and scientific publications.
• Contribution to New Crisis Management Models – dealing with extending existing models, guidance to simplify and facilitate the use of data, information systems and partnerships.
• Contribution to New Business Models - contributing to policy making and focusing on business perspectives in the domain of first responders and Police authorities, especially procurement mechanisms and regulations for PPP and PPI.
• Standardisation – standardisation potentials are identified during the project lifetime and based on the data model of PAN-European inventory, ELSI Guidance and NEC concept.

Figure 19 SecInCoRe Sustainability Strategy

Extended dissemination and exploitation
Main Workshops, Events and Conferences
SecInCoRe performed three Advisory Board meeting (first 2014, second 2015 and the last one in 2017), conducting co-design workshops, gathering feedback of stakeholder and validating the outcomes of the project. Further separated demonstration cases were planned and conducted during the project lifetime and conferences and workshops were organised to disseminate project results and make the project visible in the community.

Table 2 Main dissemination activities


The following Figures illustrate the dissemination work done in the SecInCoRe project. Some of the SecInCoRe dissemination activities are listed in the table above.


Figure 21 Joint meeting of the projects SecInCoRe, EPISECC, SECTOR, REDIRENET

Figure 22 Advisory Board Meetings of SecInCoRe

Figure 23 Co-design workshops


Other dissemination activities
Beside several conferences and publication performed by the SecInCoRe team a project video, flyer and other dissemination matirial was created to allow interested parties getting in touch with the project, its aim but also outcomes of the project. The video is accesable via the SecInCoRe homepage at www.secincore.eu and visible in Figure 24.

Figure 24 Project video accessible at SecInCoRe homepage

Exploitation
All project partner describe individual exploitation strategies and further common approaches or even modular approaches for remaining project outcomes after the project ends. This is described in detail in D6.3 and available at www.secincore.eu.
Ways for taking care of project outcomes are also described in the following sections.

Contribution to / New Crisis Management Models
The concept of crisis management models is a complex one and there is any number of proposed structures available for organisations to make use of. It would be unrealistic to imagine SecInCoRe being responsible for the development of a new model based on the project itself – indeed, it could also be argued that, unless a new model could deliver perfection in itself, to generate yet another model would simply add to the menu without necessarily identifying which model is the ‘chef’s choice’. On that basis, it would be better to focus on where the various elements of SecInCoRe would be able to assist on any chosen model of crisis management.
The landscape of crisis management models is changing. Policy analysts, and international efforts like the UNISDR Sendai Framework assume that more open and people centred approaches can leverage important and local knowledge, and enable a more democratic, broad-based understanding of the complexities of risks and thereby foster more effective preparedness and response. Principles of ‘netcentric’ work have been developed in the Public Protection and Disaster Relief domain to ‘improve the exchange of information between heterogeneous actors’ (Boersma et al. 2010, see also Bossong and Hegeman 2015, Chen et al 2013, Scolobig et al 2015, Büscher et al 2017, See also D2.7). This approach, is based on a break with ‘established patterns of command and control ... [and] supposed to enable new networks of communication’. SecInCoRe supports these emergent new models.
An examination of crisis management models will result in a wide variety of process diagrams and terminology. There is some commonality of shape however; and that shape is the circle. Essentially to plan and train – to exercise and / or implement – to reap the lessons learned and feed back into the planning and training process. This construction may be broken down into other elements; mitigation, recovery etc. but the essentially, the flow remains the same.
SecInCoRe is focused mainly on the planning and training elements of crisis management, but with the possibility that further development could place it firmly in the operational arena and assisting with the management of rises in real time.
From the end-user perspective, the elements of the SecInCoRe project which generate the most interest are perhaps the Common Information Space, the ELSI Guidance and the Inventory. For a more detailed account of end-user feedback on the various elements of SecInCoRe, the reader should refer to deliverable D5.5.
Discussions with the project Advisory Board have led to the conclusion that an operational version of SecInCoRe would be best hosted at European level (see D6.3 for detail), together with substantial support at the national level. This concept was delivered at a joint presentation (SecInCoRe, REDIRNET, EPISECC and SECTOR) to EU-level representatives in Brussels in February 2017 and favourably received.

Contribution to / New Business Models
SecInCoRe has performed a business model analysis since the beginning of the project in order to understand which model could be developed to support the sustainability of project results.
The analysis has been conducted according to a framework, which followed the stages of the project development. The aim of the designed framework was to cover a wide range of sources to investigate the most appropriate way to address business models for the project. The framework has been described in D6.1 and it was based on different levels of investigation, from desk analysis to interviews with stakeholders and the analysis of innovative business models in relation to the project’s outcomes (Figure 25) and its discussion with stakeholders.
According to the plan provided in D6.1 the first actions performed at the beginning of the process were related to literature review and desk analysis of public procurement models, in house doctrine, public private procurement and new business models in Public Procurement. Indeed, in order to define the process in which information systems are generally acquired by National Authorities, public procurement models at national levels were identified as crucial issues.

Figure 25 Action plan for analysis of the business models conducted during the project life-time

Then, in addition to the literature review, several analyses have been performed, following the development of the project and studying existing solutions in more depth.
In order to specify suitable business models, it was essential to define, together with all partners, which components should be taken into account to build a business model strategy (results are reported in D6.2). In addition, discussions on business models have been conducted with stakeholders, namely experts of the SecInCoRe Advisory Board, to understand which business model they consider as the most adequate for the project’s outcomes according to their experience and knowledge.
On this basis, the analysis of best practices and the analysis of systems that can be defined as similar to SecInCoRe (results are reported in D3.4) have been performed to understand the state of the art and the most common business models used and applied in the field of innovative solutions in crisis management.
Through literature review and the analysis of existing business models, also comparing the SecInCoRe system to existing concepts and technologies, it has been possible to derive some conclusions on the potential strategies for SecInCoRe. Results are reported in the following paragraphs.

Potential outcomes for future sustainability
During the project lifetime SecInCoRe has developed the conceptual design of a Common Information Space (CIS) in order to foster cooperation and collaboration among practitioners engaged in crisis management, in particular in the preparedness and training phase. The aim of the project has been the production of a new way to address emergencies and preparatory phases in order to address several and crucial issues that practitioners face during their work routine. In this sense, from a comprehensive perspective, the main project outcome is:

• The conceptual design of the CIS.

However, the consortium has designed the CIS based on several components (Figure 26). Looking at the single components it is possible to state that additional project outcomes are:

• The Semantic framework;
• The Taxonomy;
• The Pan European Inventory;
• The ELSI guidance;
• The Network Enabled Communication.

Figure 26 Outcomes relevant for the sustainability of SecInCoRe

Due to their conceptual nature not all the outcomes can be considered as possible results on which to build a potential business model. In line with this, the definition of components to sustain has been conducted in parallel to the analysis of existing business models. This analysis is reported in the following paragraph.
5.3.2 Results from the Business models analysis performed with the project
The investigation of business models has been performed taking into account the analysis developed within WP3. This analysis, aimed at building an Inventory on business models, has identified systems that are relevant for SecInCoRe in regard to the contents or functioning and stressing the kind of business model used. It has been possible to categorize the various business models according to four main categories. The four categories are:

• Public funded Pan-EU model;
• Vertical model, that can be public or private, focused on specific emergency or related topics;
• Not-for profit model, building a volunteer community, that could be a new community or integrating outcomes into an existing one;
• Commercial model mainly based on private companies.

The four categories have been discussed and evaluated by the SecInCoRe Advisory Board members. The AB confirmed that talking about crisis management tools; these are the most relevant models to apply and to take into consideration.
Starting from the analysis conducted in WP3 and matching the results with the input from the Advisory Board, it has been possible to analyse which model(s) could best fit the purpose of SecInCore. In this process, it was possible to discard the option based on a not-for-profit model as well as the one related to the vertical model.
The not-for-profit model indeed is not applicable to SecInCoRe due to the fact that information that should be stored in the CIS and shared by users is in almost all cases information that cannot be accessible to anyone. In this sense, practitioners and first responders would not trust a system based on a not-for-profit organisation where any user could have free access to it and where there are no strict regulations implemented for the use of the CIS.
In addition, the option based on the vertical model has been discarded due to the fact that SecInCoRe expects to be a transversal source of information. SecInCoRe, indeed, even if it intends to cover the planning and preparation phase of the emergency, is not based on a selected topic. In this sense, it is not possible to build a vertical model based on selected sources because the aim is to let the users decide which is the scope of the CIS.
In this sense, the approach to follow in terms of business models was restricted to two models: the publically funded model and the commercial model. A thorough analysis of both models was performed with the aim to get a complete overview on how to build a sustainability strategy.
In order to create a sustainability strategy for SecInCoRe deeper discussions have been conducted with representatives of industry and organizations engaged in the sector. The aim was to gather data for the creation of the sustainability strategy starting from the experience of other actors on the feasibility of:

• A publically funded model;
• A commercial model.

In addition, it was also interesting for the project to understand in depth the functioning of a public-private consortium based on a strong stakeholder engagement, one of the issues also faced by SecInCoRe.
In line with this, it has been possible to discuss SecInCoRe with representatives from the Resilience Direct and Open Geospatial Consortium, to collect their experience and their feedback. To complete the analysis with insights about a real commercial model solution a desk analysis has been performed. Results are presented in the next paragraph.
Further information is available regarding this topic in D6.3 available via the SecInCoRe homepage at www.secincore.eu.

Standardisation
Main standardisation activities depend on the CIS specification and concrete efforts are highlighted in Figure 27. In order of the variety of specification outcomes (i.e. ELSI Guidance, taxonomy (data model of PAN European inventory), NEC components, etc.), the standardisation efforts have to follow different approaches.

Figure 27 Standardisation efforts depending on the CIS concept

In the following section the three identified aspects regarding standardisation will be detailed.
ELSI Guidance for design and use has been developed alongside these components, supporting design for:
• Privacy,
• Transparency,
• Accessibility,
• Pre-emptive risk assessment / regulatory changes / planning,
• Trust, articulation work, configuring awareness
• Translation between different national and organisational cultures and cross-border collaboration
• New partnerships.

The guidance is available at www.isITethical.eu.

The Network Enabled Communication (NEC) concept:
• Secure local communications. This communication is mainly required for efficient response at an incident scene (e.g. communication between first responders inside and outside of buildings);
• Communication with the CEIS and a wide area network (e.g. Internet). This communication is needed for the transmission of information about the incident scene to further organisations;
• Providing a concept for an international roaming service for rescue organizations and first responders providing secure access on distributed locations (e.g. eduroam concept).

Data model of a Pan European Inventory:
• The Pan-European Inventory (PEI) includes data for example about data sets regarding past disaster, information management processes, information systems, business models, Ethical, Legal and Social Issues (ELSI) and interdependencies between them.
• A taxonomy structure that captures key categories and terms in the PPDR domain based on the inventory categories of data sets, processes, information systems and ELSI is produced during the project. Further an ontology was derived based on existing semantic approaches and is part of the semantic framework of SecInCoRe.
• The knowledge base consists of a technology based implementation of the inventory and provides a database containing the inventory and taxonomy by using the semantic framework (especially Open Semantic Framework).

List of Websites:
www.secincore.eu