Foresight of Evolving Security Threats Posed by Emerging Technologies

Executive Summary:
Executive summary
"FESTOS results are a very good contribution to policy and ethics discussions in the commission, FESTOS helps address challenges and threat of the future that need to be taken into account in Horizon 2020" (Ms Eva-Maria Engdahl EC DG enterprise and Industry in the FESTOS final workshop in Brussels, 8 December 2011). This message presents in a nutshell one of the main achievements of the FESTOS project namely exposing decision makers, as well as the security community, to future challenges to security in Europe emerging from developing technologies, anticipating novel threats and discussing possible responses. FESTOS helped accomplish the goal o to identify and asses evolving security threats posed by abuse or inadequate use of emerging technologies and new S&T knowledge and propose means to reduce their likelihood. As the pace of science – based developments accelerates there is a pressing need for continued scanning of the unfolding technology landscape for potentially security threats.
Looking ahead to 2030 FESTOS conducted a wide horizon scanning activity to identify potential threats stemming from future technologies. Information and Communication technologies (ICT), Robotics, Nanotechnologies, Materials and Biotechnology were the main fields covered in this stud. This effort yielded thirty three interesting examples of threats that could be realised in the next 5-25 years. Termed as the "dark side" of technology these are the tip of the iceberg. Deeper and wider horizon scanning might shed light on more and more such potential threats.
Preparedness to future threats is not on easy task to accomplish and not always possible. Priorities should be assessed, signals should be identified and surprises should be avoided. In FESTOS we were able to develop a novel way to carry out security assessment stemming out from the Ansoff filtering method, using a modified STEEPV scheme and finalising with analysis of signals of change and identifying possible wild cards. Six spheres of society were chosen to asses the impact of possible threats and evaluate what we termed as the Intensity of a threat according to its integrated impact on all these spheres: Economy, Environment, Infrastructure People, Political systems and Values. Evaluating the intensity helped us categorise the various threats in question.
In a further step scenario were built to demonstrate the possible threat realisation as a basis for policy considerations. Key high priority technologies were in the focus of these scenario including: a. Swarms of cyber-insects attack on people and animals. b. Individual DNA misuse for extortion c. Self-destruction of everyday intelligent nano-based products responding to wireless signals. d.
Use of viruses to change behaviour of population for a certain period of time.
Scenario were then used to identify indicators hinting at growing likelihood of technology misuse.
The issue of the free distribution of sensitive knowledge in contrary to possible knowledge control was raised and debated widely in the project. The balance between the freedom of science on the one hand and the needs for security on the other hand was in the center of this discussion. Studying existing control regimes and using experts' surveys has enabled to identify consensus among experts from the security and science communities on possible policy measures. The bottom up approach and application of "soft" measures such as codes of conduct and internal regulations in research centers were accepted as measures that will help in copping with the threat and still keep the right level of the freedom of science . In this context 9 principles of a policy of a "knowledge control" regime have been proposed. Additionally we evaluated concepts and bodies that could complement the above measures by implementing more operational attitudes which will help identify emerging threats in their early stages and apply response measures to avoid their harmful impacts. Situation analysis bodies in the national levels as well as the EU level were presented. Finally various tasks for R&D programs were recommended in the relevant S&T fields to better understand the threats involved and means to counter them.


Project Context and Objectives:
The project context and the main objectives.

FESTOS’ main goal has been to identify and assess potentially evolving security threats originating from the abuse of emerging technologies and new S&T knowledge. A further objective, following this assessment, has been to propose policy guidelines to be undertaken in order to reduce as much as possible the likelihood of the realisation of such threats. As part of this objective, FESTOS has evaluated possible ways to limit and control the proliferation of this new knowledge to the hands of actors with malicious purposes in order to reduce potential futures dangers.

FESTOS is a project launched by the European Commission under the framework of the FP7 security program. FESTOS is one of a series of projects and studies that aim to cope with the emerging security threats on the European society and find ways to reduce their impact.

FESTOS is a forward looking activity. Analyzing technological as well as societal developments in the next twenty years and beyond, this foresight study has identified and assessed security threats that could stem from future technologies. Fields like Nanotechnology, Biotechnology, Robotics and Information technology are some of the key activities in S&T that have been scanned for this purpose. Special attention has been given by FESTOS researchers to the potential breakthrough envisioned in the phenomena of convergence of technologies which might open new surprising opportunities. FESTOS sees its mission also to contribute to the improvement of security foresight as an effective policy tool in Europe.

The detailed objectives of FESTOS are as follows:
? Identification of the relevant new technologies and new areas of scientific research – focusing on five main S&T areas: New Materials, Robotics, Nanotechnologies, Biotechnologies and Information Technologies, including technologies that may emerge from convergence of the different areas.
? Foresight and assessment of security threats that may emerge from the identified technologies and research areas
? Elaboration of scenarios reflecting the emerging and evolving security threats
? Development of indicators to be watched as early warning signals
? Discussion of relevant societal and ethical issues aiming at possible policy measures and options to prevent proliferation and abuse of potentially threatening technologies.

The overall strategy of FESTOS is based on three pillars:
(a) Horizon scanning: Identification of potentially threatening new technologies and field of techno-science research (WP2)
(b) Evolving Threats: Assessment of emerging threats, construction of related threat scenarios, their impact on society, and development of early-warning indicators (WP3, WP4)
(c) Pathways towards solutions: Towards preparedness measures and policy guidelines (WP5, WP6)

FESTOS includes seven work programmes (including management and dissemination). The following present the objectives of WP2 – WP6:
WP2: The Technology Landscape and Horizon
Scanning of a long-range technology landscape and horizon, emphasizing potential security aspects.
A broad mapping of new and emerging technologies with the aim to asses this risk/threat level:
• Horizon scanning of emerging technologies and scientific developments with indications of potential abuse/threat, focusing on five key S&T fields and including technologies that may emerge from convergence between different fields.
• Preparation of an international expert survey.
• Running the expert survey and evaluation of the results. Classification and prioritisation of the potentially threatening technologies according to their risk level as assessed in the survey.

WP3: Emerging Threats
The main objective is to evaluate emerging security threats and the most important weak signals and emerging security issues. WP3 tasks are closely inter-related with WP2 tasks, and their results provide important insights and inputs to the subsequent scenario construction in WP4.
• Preparation and conducting of expert brainstorming group to identify, discuss, classify and assess the potential threats based on the mapping of new and emerging technologies (WP2) as well as on existing public threat analysis and security strategies of various origins.
• Evaluation of results of the expert survey in WP2, in terms of likely times of threat realization, prioritization (relative impact of each technology), nature and extent of the potential damages, as well as societal issues. This activity also includes ranking and selection of security threats for scenario construction.

WP4: Scenarios and indicators
Develop specific scenarios of the identified security threats posed by emerging technologies (WP2 and WP3) with special attention to possible but low-likelihood future events and their potential impacts on a variety of societal fields:
In conjunction with each scenario critical early-warning indicators will be identified, namely indicators that hint at a growing likelihood of specific scenarios:
• Societal Security Contexts: identification of determinants of future societal context of security issues (so called ‘security climates’) and evaluation of set of determinants (key factors) and their future projections.
• To construct threat portfolio on the set of emerging threats as identified, filtered and validated in WP3.
• To identify threat options and to analyse them with respect to their impacts in the specific security contexts.
• To build threat scenarios in order to portray a vivid and accessible picture of the future security threats posed by emerging technologies, which makes dissemination to stakeholders easy.
• To develop indicators to detect an increase in likelihood of misuse of future technologies by terrorists or criminals.


WP5: Control and Prevention
To determine the complexity of the monitoring/control and prevention measures applied in order to prevent threats and abuse of new and emerging research areas and technologies:
• To establish in each partner country a map of the key actors (public, stakeholders and civil society organisations), which are involved in the discourse on control/preventing of abuse of emerging research disciplines and technologies.
• To develop an online expert survey questionnaire.
• To conduct an online expert survey
• To conduct 5-10 semi-structured in-depth interviews in each participating country with selected key actors representing civil society and other relevant organisations
• Evaluation of results of the expert survey, interviews and international workshop in WP5.

WP6: Synthesis of Results and Guidelines for Policy
• Raise awareness to potential threats from emerging technologies;
• Identify early-warnings based on the indicators (developed in WP4), which may signal a growing likelihood of occurrence of high-impact threat scenarios;
• Assisting authorities to assess alternatives for prevention or preparedness and to make the appropriate trade-offs between security and other societal objectives such as the right to privacy, freedom of scientific research and free access to knowledge.

WP7: Dissemination and Exploitation
• To increase awareness of this project among a wide group of individuals and organisations including: Government departments, Security agencies, Public interest groups, General public etc.
• To disseminate results to these individuals and organisations


Project Results:
FESTOS findings give strong indications on potential evolving future threats emerging from new technologies. Some of these threats are expected earlier while some are long range.
The analysis pointed out threats that are more likely than others and also categorises threats according to the severity of their expected effects if realised. This kind of analysis enabled FESTOS to identify "wild cards," namely threats with low likelihood but high severity. Such threats should deserve special attention and special policy guidelines.
FESTOS focused mainly on crime and terrorism as threats to society. Interviews with stakeholders from counterterrorism bodies, police, homeland security and others shed light on the importance of such a forward looking project. The need to be prepared in advance and prevent surprises was clearly stressed. FESTOS also started a debate on the need to control knowledge proliferation in order to prevent such knowledge from reaching malicious groups. Policy guidelines and recommendations were developed to raise awareness among decision makers as well as knowledge creation of future threats emerging from new technologies.
The following describe the main activities and results in each workpackage:

WP2: The Technology Landscape and Horizon
This Workpackage includes three main tasks:
Task 1: Horizon scanning of emerging technologies and scientific developments, which will have impact on security threats in the future. Detailed mapping of new and emerging technologies, with indications of potential abuse/threat, focusing on five key S&T fields and including technologies that may emerge from convergence between different fields. The activity resulted in the D2.1 report. Based on a broad literature scanning, in-depth interviews with security and counterterrorism experts as well as technology experts from different fields: engineering, biotechnology, materials, and information technology. In addition numerous internal discussions have been conducted and preliminary mapping of potentially threatening technologies has been prepared and refined by several iterations among the partners. Each partner was responsible to screen at least one technology field. ICTAF focused mainly on the fields of ICT, Nano and Biotechnology as well as converging technologies and integrated the entire contributions from all other partners. FFRC focused on the fields of telecommunication and converging technologies. Sources for the detailed scanning included relevant publications, R&D programmes, technology forecasts and technology trends as well as interviews and discussions with experts. FEWN focus was on material sciences and related fields (such as nanotechnology, ICT).
The report includes about 80 technologies, each of them described together with a brief indication of potential security threats. For each of the five main fields under consideration an introductory overview was written. Some first observations are presented in the concluding section. For each of the five main fields under consideration an introductory overview was written.

Task 2: Conducting an international expert survey, targeted at about 2000 experts from all over the world, in cooperation with WP3, based on results from task 1 and on the Brainstorming in WP3. Questions to be included in the expert survey have been discussed with the leader of WP3 (FFRC) and the other partners. ICTAF ran an expert brainstorming to select the technologies to be included in the survey. 35 technologies were covered in the survey. The survey was extended and included also questions prepared with the leader of WP4 (TUB) to cover issues of security climates. A list of interviewees was prepared by ICTAF based on lists prepared by the partners. ICTAF data and survey manager integrated the lists to produce a comprehensive list used for this survey. CALIBRUM was chosen as the project tool for the online survey. ICTAF together with the CALIBRUM team adapted this tool for FESTOS’ needs. A pilot survey was launched in January 2010 and the complete updated online survey was run during March-April 2010. 288 experts participated in the survey.
Experts were asked to asses the risk potential of leading future technologies as well as the realization time of their widespread use. Participation in this survey was limited to people chosen by the partners.
Task 3: Running the expert survey and evaluation of its results with contribution from the partners. The potentially threatening technologies were classified and prioritised according to their risk level as assessed in the survey. The results were presented in a workshop for further discussion and inputs. The results contributed to WP3 (FFRC) and WP4 for further evaluation by TUB.


Results achieved

WP2 presents three main deliverables:
1. Preliminary Mapping of Potentially Threatening Technologies (D2.1)
2. Horizon scanning, expert survey report (D2.2)
3. Final report on potentially threatening technologies (D2.3)

The following are the main results of WP2: “The Technology Landscape and Horizon”
In WP2 the FESTOS team carried out a horizon scanning of emerging technologies, which may pose security threats in the future if abused, and an assessment of the potential threats. The first result (presented in D2.1) was a structured description of around 80 "potentially threatening" technologies in six fields: ICT, Nanotechnologies, Biotechnology, Robotics, New Materials, and Converging Technologies (i.e. Nano-Bio-Info-Cogno convergence). Next, the threat aspects of 33 selected technologies were evaluated by means of an international expert survey. The results were presented in D2.2 followed by the final WP2 report, D2.3. The collection of technologies was not intended to be exhaustive but to stimulate further discussions and to provide a basis for a subsequent analysis in WP3. As such, it can serve as a "dynamic bank" of potentially "abusable" technologies, which may be useful beyond FESTOS' completion.
Three broad categories of potential threats could be identified:
(1) disruption of certain technological applications for malicious purposes;
(2) increased availability of technologies that once were confined to the military or to unique heavily funded laboratories, and as such were prohibitively expensive;
(3) surprising malicious uses of new technologies developed for completely different, beneficial purposes.
The most interesting for FESTOS is the third category, where we may find the most unexpected threats, perhaps signals to surprising "wild cards". Some possible wild cards (namely low-likelihood but high-severity threats of maliciously used technologies) have been indicated in the FESTOS expert survey and inspired the scenarios construction in WP4.
Experts' opinions about the threat potential of selected emerging technologies were elicited through an international online survey, as well as general attitudes to technology-related threats (important input to the analysis of "security climates" in WP4). The results provided the experts' estimates concerning the following issues:
• The timeframe in which each technology will be sufficiently mature to be used in practise
• The severity of the potential security threat posed by each technology (scale 1 to 5: 1=very low severity, 5=very high severity).
• The easiness level of malicious use of each technology (scale 1 to 5: 1=not easy at all, 5=very easy).
• The likelihood of each technology to actually pose a security threat in the future, in different time-frames (from now till after 2035)
• Which societal spheres (people, infrastructures, economy, environment, political systems and values) would be mostly affected by security threats posed by each technology
For full descriptions of the technologies examined in the survey see D2.3. According to the survey results, the technologies can be roughly divided into four groups according to their estimated (median) time of maturity:
Short term (now – 2015): Radio-frequency identification (RFID), smart mobile phone technologies mash-ups, cloud computing, tailored nanoparticles, and new gene transfer technologies.
Medium term (2016 – 2025): Internet of things (IoT), ultra-dense data storage, advanced Artificial Intelligence, autonomous & semi-autonomous mini robots (toys and amateur objects), AI-based robot-human interaction and co-existence, ethical control of robots, robotic artificial limbs, energetic nanomaterials, molecular manufacturing, molecular nanosensors, future fuels and materials for nuclear technologies, crystalline polymers, cyborg insects, personal rapid prototyping and 3-d printing machines, synthetic biology, DNA-protein interaction, Induced Pluripotent Stem Cells, Brain-Computer Interface ("Mind Reading" commercial gadgets),
Long term (2026 - 2035): Self-replicating nanoassemblers, medical nanorobots, Nanotechnology-enabled brain implants, Human enhancement/augmentation based on NBIC convergence, Programmable matter, processes and structural materials for nuclear technologies, water catalysing explosive reactions, Bio-mimicking for fluids mixing at extremely small scales, metamaterials and "optical cloaking", swarm robotics.

The technologies included in the survey can be broadly divided by their severity of threat:
Low severity (1 – 2.50): Molecular manufacturing, brain-computer interface, crystalline polymers, ethical control of robots, robotic artificial limbs, bio-mimicking for fluid mixing, molecular nanosensors, Induced Pluripotent Stem Cells.
Medium severity (2.51 – 3.39): Gene transfer, cyborg insects, energetic nanomaterials, RFID, autonomous mini robots, AI-based robot-human interaction, swarm robotics, water catalyzing explosive reactions, brain implants, ultra-dense data storage, human enhancement, nano-assemblers, personal rapid prototyping and 3-d printing, metamaterials and "optical cloaking", tailored nanoparticles, future fuels processes and materials for nuclear technologies, DNA-protein interaction, programmable matter, medical nanorobots, brain-to-brain communication,
High severity (3.40 – 5): Cloud computing, Internet of Things (IoT), smart mobile phone mash-ups, advanced AI, Synthetic Biology
One useful way to prioritize the technologies is by using the multiplication of values A (easiness of malicious use) and B (severity of threat), which we interpret as the actual potential of abuse:
The top 10 technologies which have a relatively significant potential of abuse (C>9) are the following(the results for C is given in brackets).

1.Smart mobile mash-ups(12.88)
2.Internet of Things (IoT)(12.60)
3.Cloud computing(11.61)
4.Gene transfer (11.33)
5.Advanced AI (11.01)
6.Synthetic biology (10.74)
7.Cyborg insects (10.26)
8.Energetic nanomaterials (9.99)
9.RFID (9.51)
10.Mini-robots (9.51)

For most of the technologies analysed the likelihood to actually pose a threat rises with time but in some cases it declines in later stages, presumably because it is envisioned that appropriate means will be effectively applied to prevent the realisation of the threat.

It is interesting to note that some of the technologoies threaten several spheres of society. As expected People are effected by most of the envisioned threats. Infrastructures is the second major sphere to be effected mainly by threats stemming from ICT and materials technologies. Societal spheres like Political Systems and Values are threatened to a lesser extentmainly by threats stemming from converging technologies.

Finally insufficient awareness was revealed (even among the experts!) of security threats stemming from emerging technologies, hence underscoring the importance of FESTOS. Several comments by experts indicate that they feel that the issues addressed by FESTOS are highly important and most of the technologies assessed are indeed relevant and deserve attention. The survey results served as a valuable base for further analysis in WP3, and inspired some of the scenarios developed in WP4.



WP3: Emerging Threats
This Workpackage includes three main tasks:

Task 1: Preparation and conducting of the expert brainstorming meeting to identify, discuss, classify and assess the potential threats based on the mapping of new and emerging technologies (WP2) as well as on existing public threat analysis and security strategies of various origin.
FEWN organised meetings in the Division IV “Technical Sciences” of the Polish Academy of Sciences to discuss potential threats on the base of the data gathered in the WP2. The main topic of the discussion was to identify the directions of development of emerging science fields and technologies, focusing particularly on the material science, which might pose possible threats in the future. In general, the opinion of the experts attending the meetings was, that development of the material science (excluding some sensitive sub-fields, such as related to the military applications) should serve in the future for the increasing level of the life conditions rather than posing threats. Nevertheless, some examples of abuses or threats referred to the new materials and nanoscience/technologies were presented by experts (e.g. a method producing explosives without mixing liquids, using water as a cathalisation agent as a potential threat for aviation terrorism).
Major event was the brainstorming session in Helsinki Vantaa, held on Monday 12.10.2009 (mid of month 8). The brainstorming session was realised together with Mindcom oy, which provided highly developed ICT tools to run the brainstorming sessions. All partners were participated and contributed.

Task 2: Preparation with WP2 the online expert survey questionnaire and the online tool to run the survey. Analyse the results of the expert survey in WP2, specified to WP3 in terms of likely times of threat realization, prioritization (relative impact of each technology), nature and extent of the potential damages, as well as societal issues. This activity also includes ranking and selection of security threats for scenario construction.
Task 3: Developing the STEEPV method adapted to the field of security, based on “Ansoff filters” model. The model was discussed and assed during the progress meeting in Finland. Analysis of the results of the international expert survey in the light of the further developed STEEPV method. Weak signals and wild cards were listed related to technology developments basing on the analysis in WP2. Weak signals were filtered following an adapted Ansoff filter method and categorised to produce clear new strategic insights.


Results achieved

WP3 includes the following main outputs:

1. “Brainstorming Lab report: Emerging Security Threats stemming from Emerging Technologies” (D3.1)
The Brainstorming Workshop was held October 12th 2009 in Technopolis Helsinki Vantaa. Participants of the workshop consisted of 10 FESTOS research team members and 5 external experts. From the FESTOS research team following members attended the workshop: Yair Sharan, Aharon Hauptman, Jari Kaivo-oja, Burkhard Auffermann, Tadeusz Zoltowski, Roman Peperhove, Christoph Henseler, Myer Morron, Marileena Koskela and Anne Karjalainen. External experts were Vagan Terziyan, Sergiy Nikitin, Ilpo Kulmala, Tuomo Kuosa and the representative of ASB Rauno Kuusisto. In addition, the facilitator of the computerised session, Juha Lång, was present. The workshop consisted of the following parts: opening, three rounds of discussions, two presentations, final discussion and a summary. Additionally, simultaneously with the second round of discussions, a computerised session was held. Issues under discussion were the previous deliverable D2.1 of WP2: “Preliminary Mapping of Potential Threatening Technologies”, which had been sent to the participants in advance and the planning of the Delphi questionnaire.
The results had been evaluated as an important step towards an analysis of the potential threats emerging from new technologies in the chosen fields. Several additional technologies had been proposed by the external experts and were included in the final report on this subject. The brainstorming process proved to be an efficient way to elicit relevant knowledge from experts related to issues discussed, thereby enriching the data needed for further evaluation. The threat assessment process had been initiated and essential theoretical and methodological questions discussed. The design of the joint questionnaire for the expert survey has been started. Finally the discussions during the workshop assessed the security foresight process used in FESTOS following the Ansof model as presented by Burkhard Auffermann. The mentality filter was used applying the Delphi questionnaire which was launched based on the lessons learned during the present workshop.

2. Categorised security threats in foresight perspective (D3.2) and the integrated security threat report(D3.3)


WP3 employed a mixed methodology approach to foresight, which is a novel way to analyze new security threats. This includes a specific model for threat analysis and includes:
• the filtering method according to Ansoff,
• a modified STEEPV scheme,
• the analysis of signals of change,
• identification of wild cards.

This FESTOS security analysis is a methodology developed for the early detection, recognition and diagnosis of potentially future threats emerging from new technologies.
The concept of signals of change is a further modification of the analytical concept of “Weak Signals” which are:
-factors of change that contain future oriented information,
-factors of change hardly perceptible at present, but which will constitute a strong trend in the future,
-something unlikely not based on current trends and maybe used among pioneers of a certain field,
-complete surprises to many people.

In FESTOS emerging technologies with abuse potential convey signals of changes
Signals of change are evaluated to be important as early warning indicators of possibly emerging new threats. Based on the international expert survey, the misuse of a technology has to be possible and plausible. The signal might be surprising for a general public, but the relevance of the impact to pose a security threat in the future is plausible to the experts As further assessed in FESTOS the potential threat is not only to people but also to other spheres of society namely: Economy, Infrastructure, Environment, Political systems and Values (six societal spheres altogether). Every one of them can be affected once a threat is realised. We term the integrated impact on all six spheres as the Intensity of the potential threat . Signals of change are identified and assessed by the potential for malicious use of a technology and the Intensity of the potential stemming threat. These criteria also made it possible to categorise the threats according to both criteria.
The five leading technologies according to the first criteria(potential for malicious use) were: Smart mobile telephone,Internet of Things, Cloud computing , New gene transfer Technologies and Advanced Artificial Intelligence. The five leading technologies according to the Intensity criteria came out to be: Advanced Artificial Intelligence, Human Enhancement, Swarm Robotics , Cyberg Insects and Internet of Things.

Results show that ICT and Robotics are a major part of these lists in both criteria. This could be related to the fact that these technologies are estimated to be realized in the near future and are more familiar to many security experts. However other fields appear to be very significant. Materials, Biotechnology, Nanotechnology and Converging technologies appear in these lists too, hinting on their future dangerous potential. It has to be underlined that the experts were rather careful in their evaluations of the potential of technologies for malicious use and also cautious with respect to the intensity of the potential threat. They did not use in their assessments the highest values offered by the questionnaire, but moved slightly higher than the central field. Such lack of extreme views give reason to interpret the views of experts as realistic and seriously concerned.

An important dimension of the results' interpretation is related to the probable time of threat realization and the related technology fields: ICT is the sector with a significant amount of newly emerging technologies that are seen as being relevant for the scope of FESTOS. In this sector new technologies with potential for negative effects on security by criminal or terrorist misuse are expected to be realized in the short term future between now and 2020. Negative effects stemming from nanotechnology and from biotechnology are expected to become a reality much later, in some cases not before 2035.

Of major importance – is the result that most experts do not imagine that a specific technology will never be a potential source of new threats. Experts are aware of rising problems – and probably expecting newly emerging threats as a result of new technologies.


.
Outputs and results of the WP3 evaluation were presented in two reports. D3.2 includes categorization of security threats in foresight perspective and finally, D3.3 has released an integrated security threats report . D3.3 developed the FESTOS Security analysis method described above by combining both the modified STEEPV method and Ansoff’s filtering system, signals of change and wild cards. The results of the expert survey are interpreted and analysed in the light of these concepts. These results were further used in WP4 to build scenario for future threats.




WP4: Scenarios and indicators

This workpackage includes four main tasks:
Task 1: Societal Security Contexts:
(a) Identification of determinants of “security climates”:
Development of the concept of security climates and presenting to the partners different definitions and criteria. First concept paper was circulated and discussed in the progress meeting in Finland. Results have been published in D4.1.
(b) Security Context generation
Developed special questions which were included in the expert online questionnaire within WP2 and WP3. These questions aimed at assessing the experts view on the public perception of the risks posed by technologies and their opinion on the current policies regarding the use of new technologies. The results of these questions were analysed and some interesting findings were reflected and presented in D4.1 report.
Developed the concept of different levels of risk assessment and perception of risks. For this goal the following steps have been conducted:
First step: literature review and desk research. In addition, case studies of historical exemplary events were analysed in terms of the societal reaction to new threats. Based on sociological findings, cultural frameworks were identified and concluded in the Security Climates, which are part of the deliverable D4.1. The concept was presented in the meeting in Finland and feedback was implemented in the report. This created the background for the second step.
Second step: in which these findings were operationalized and, a conceptual assessment of societal conditions were identified, which could have an influence on society regarding threat perception and assessment, and are important for scenario process and the development of policy guideline, which are part of WP6.

Task 2: Threat portfolio and impact analysis:
(a) Construction of threat portfolio and (b) Threat Impact analysis
Task 3: Scenarios Building
(a) Scenario drafting (b) Interactive Scenario questionnaire development (c) Survey and feedback analysis and (d) Scenario finalization
Within these two tasks the following activities have been conducted:
a. Experts for Security and Technology were identified by an extensive scanning of the technological and security field of expertise. More than 50 experts were contacted, informed about the project and the scenario development process and were invited to the scenario workshop.
b. Methodologies for creative development of threat scenarios were identified and tested within the CTS.
c. Organised and conducted the Scenario Building workshop. For this task, the identified experts from Technology and Security were contacted and invited to the workshop. The workshop was held between 22nd and 23rd of June 2010 and attended by 27 participants. In the workshop the external experts in collaboration with the FESTOS team identified and assessed wild card threats. In a second step the Futures Wheel methodology was applied to develop scenarios of future incidents, their direct impact and consequences for future societies in a collaborative effort. Based on these inputs Dr. Steinmüller from Z_Punkt-The foresight Company in a third step developed and presented scenario sketches. In a fourth step these sketches were assessed by the experts. This feedback will be worked in and the draft of the scenarios will be send to the experts for additional feedback.

Task 4: Indicators development: The whole set of threat scenarios is analysed and assessed with respect to factors that make a certain scenario more probable and indicators that hint at a growing likelihood (or imminent realization) of a specific scenario (to be used within an early warning system).



Results achieved

Three deliverables have been established.
• D4.1 Security Context Report: describes determinants of security climates and security context (Task 1.a and 1.b) as input for the scenario building process..
• D4.2 Draft Scenarios (with results of threat impact analysis) and Interactive Scenario Questionnaire: includes Draft Scenarios with the results of the threat impact analysis (Task 2. and Task 3.a) and an Interactive Scenario Questionnaire (Task 3.b).
• D4.3 the final scenario and indicators report with analysed survey feedbacks and conclusions (Task 3.c 3d and 4).

1. Security Context Report: (D4.1)
First step of scenario development has been the development of Security Climates, which were defined in FESTOS as the trias of (1) risk perception/risk aware¬ness, (2) attitude towards risks and (3) dealing with incidents/new threats on a socie¬tal level. As these dimensions influence how certain threats/events unfold in different societies, they have to be considered in building scenarios.
Based on a survey of recent research on risk perception and risk taking in psychology and social sciences, three main parameters for a societies’ response to (new) dangerous threats and major incidents were identified: trust (in societies’ institutions), vulnerability (of societies’ structures and fabric due to social and cultural factors) and preparedness (as measure for the institutional framework – as regulations, security measures, forecasting efforts etc. – protecting the society from future harm). Based on a variation of these factors on the one hand and major results from trend forecasting and future research three (fictional) future societies were sketched to serve as background for scenario construction and served as framing devices to explore and analyse impacts in different settings, i.e. societies.

2. Draft Scenarios (with results of threat impact analysis) and Interactive Scenario Questionnaire (D4.2)
Based on the security contexts/future societies developed in 4.1 and the threat analysis from WP 3 scenarios of future misuse of technologies were developed. This was done in a workshop with more than 30 experts from security and future studies and domain experts in the technological fields addressed in FESTOS employing five different methods: wild cards, security climates, futures wheel, security café for impact analysis, and brainstorming. In a participatory manner four different scenarios were developed and brought into literary form. The following table gives an overview on the wild card scenarios developed:

Scenario 1: Cyber-Insects attack!
Wild card: Swarms of cyber-insects attack people and animals
Impact: Confusion, Panic, Covering of entrances, Prohibiting of open-air events, Suspending of air travel, Skyrocketing of grain and livestock prices, Introducing of export embargoes, Riots due to dramatically increased food prices in Latin America and North Africa, Creation of no-go areas …
Reason/agents/causes: Political action carried out by radical environmentalists? An inhuman terrorist attack, meant to create panic? Fundamentalist bioterrorist group? Manufacturing error? Have synsects finally developed swarm intelligence? Profiteers who are getting rich from the whole mess?

Scenario 2: The Genetic Blackmailers
Wild card: Individual DNA is misused for extortion
Impact: DNA crime profiling fails, paternity suits against a billionaires, digital semen theft – using synthetic DNA, insurance company calculate its rates accordingly, DNA phishing, worst-case scenario: the “removal of inferior life” and the “optimization” of human beings using genetic technologies
Reason/agents/causes: A sick hoax perpetrated by web anarchists? Radical anti-gentech activist? Bio-ethics fundamentalists? Organized crime (blackmail, reproduction of DNA) ...

Scenario 3:At the Flea Market
Wild card: Everyday intelligent nanotechnology-based products can be set to self-destruct with a wireless signal.
Impact: Radios, televisions, computers, telephones etc. disintegrated, wireless networks collapsed, the “killer signal” spread like an epidemic, normal life comes to a standstill
Reason/agents/causes: Nano-hackers? A war between corporations? Fighters against technology (Luddites)?

Scenario 4: We’ll change your mind...
Wild card: A terrorist group uses a virus to change the behavior of a portion of the population for a certain time
Impact: Confusion, Strange behaviour, Increase of depression, Increase of psychological disorder, “Politics, no thanks! Change, no thanks!”, Implants and Brain chips are influenced, Recommendation of setting up an “acoustic Maginot line”, ...
Reason/agents/causes: The separatists in the Southern Province? People from the domestic secret service? Conspiracy theories: the government had released the virus in order to discredit the separatists, could people be turned into remote-controlled zombies – slave workers and “slave voters”...

3. Final Scenario and Indicators Report (with analysed survey feedbacks and conclusions (D4.3)
D4.3 consists of two parts: 1. the refined and finalized versions scenario drafted in D4.2 and 2. a framework of indicators for constructing early warning systems for threat detection.
The scenario drafts presented in D4.2 were reviewed by experts from the fields of security, future studies, administration and from the technology fields addressed by FESTOS. This was done in form of an international, interdisciplinary online survey, in which the participants were asked questions on likelihood, plausibility and validity of the scenarios, alternative paths and outcomes and were requested to comment on the scenarios in general. Based on the results, the scenarios were refined and finalised.
Based on the implicit causalities assumed by the experts and built into the scenarios a framework of indicators to detect an increase in likelihood of misuse of future technologies by terrorists or criminals was developed. These Indicators are meant as a near term method to assess situations and developments regarding possible changes in settings; this encompasses: (1) increasing vulnerability of target, (2) boosting of impact effects (3) increase of usefulness for the perpetrator.
The indicators identified address the dimensions Technology, Background and Perpetrator, thus , leading to three clusters:
1. The Technology cluster refers to several aspects of the technology itself. This ranges from the development of each component of a technology (precondition) to security measures that might be implemented in the technology.
2. The Background cluster encompasses several indicators, including economic (e.g. decreasing price) to socio-cultural aspects (e.g. increasing acceptance of a technology). These indicators set the scene for the potential misuse. They are the background against which the misuse might occur.
3. The Perpetrator cluster, as the last cluster of indicators, describes another precondition for technology misuse. Here, a perpetrator is required for technology misuse. That is why indicators such as suitable ideology and supporters appear.

Social and technical indicators are detectable and assessable independently whereas perpetrator indicators are connected with classical information gathered by police or intelligence. By a combination of all clusters a comprehensive situation analysis should be possible. Against the background of indicators, security countermeasures can be improved or created and policy guidelines developed


WP5: Control and Prevention

This Workpackage includes four main tasks:
Task 1: Establish in each partner country a map of public actors, key stakeholders and civil society organisations, which are involved in the discourse on control/preventing of abuse of emerging research disciplines and technologies. The map indicate three levels’ relevance (high, medium and low) of the selected institutions to the security issues: 1) State’s policy making and state budget creation level, 2) executive level – a main sectoral policy creation and implementation bodies, such as sectoral ministries (e.g. Ministry of Science and Higher Education, Ministry of Industry and their agencies etc), 3) mainstream implementation level (universities, counsellor bodies, National Contact Point for Framework Programmes, etc.). This map lead to a useful list of the stakeholders showing a special interest in protecting human rights in the analysed subjects and those engaged in prevention of abuse of emerging research and technologies.
Task 2: An online expert survey was conducted among 1000 selected experts and society representatives. A questionnaire was composed and tested, based on previous interviews with experts and literature review. The questionnaire examining issues such as trends, policy and knowledge capable to ensure required level of control and prevention of abuse; how to monitor/control technological developments in order to prevent abuse without halting technological progress; and the ethical problem of intrusion into the research community and effects on the freedom of science; the ethical problem of intrusion into the research community affecting the freedom of science have been explored. In particular, the problematic issue, of controlled dissemination of scientific knowledge (which may be required in certain areas) was studied in the context of necessary trade-offs between security and the freedom of research and knowledge. The survey was provided analytical information on the required model of monitoring and control system, which will ensure effective control over the relevant technologies and new areas of scientific research that might pose evolving security threats.
Task 3: Conducted 5-10 semi-structured in-depth interviews in each participating country with selected key actors representing civil society and other relevant organisations, which were previously identified in task 1. These interviews focused on issues of control of knowledge and created public debate concerning the ethical, sociological and philosophical aspect of control on knowledge.
Task 4: Conducted (in coherence with other WPs) an International Workshop on control and prevention with participation of invited experts and representatives from a broad spectrum of stakeholders, in order to reveal the most powerful capabilities of organisations which deal with in their programmes or statues with control and prevention of abuse of new and emerging research disciplines and technologies. It is planned to determine functional relations of the stakeholders to these organizations (governmental, self-governmental, and other).


Results achieved
Two main results are included in this WP:
1. Report on control and prevention (D5.1)
This report covers the national data collection about monitoring /control/ prevention measures and the social consultation scheme to determine the status of those measures, as well as the findings from the comparative analysis of both these tasks. It also summarizes some early findings from the national accounts of the elite interviews and the cross-national comparisons.

This analysis of organisational approaches aimed at counteracting misuse of sensitive knowledge adopted by the EU member states and Israel reinforces many of the findings from the national responses to the policy context questions and demonstrates the highly complex nature of this issue.

The overview of the findings from the tasks carried out in the first stage of the WP5 provides a number of useful pointers for the next stage in the work, when the other perspectives will be examined. In particular, it shows the need of seeking the views of different approaches of actors involved in the process of creation and control of sensitive knowledge as the ‘end-users’ of the security policy. To complete the picture, the representatives of the science and security communities were asked about their opinion concerning control and government intervention in openness of research and its effects on the knowledge creation.

Building on the materials collected under the tasks 2, 3 and 4 of WP5, a major activity for the partners was conducting the on-line survey and semi-structured in-depth interviews with selected key actors representing civil society and other relevant organisations, which were previously identified in task 1. The interviews enable the team to investigate how the process of control operates in different national contexts. Moreover, to reveal the most powerful capabilities of organisations which deal with in their programmes or statues with control and prevention the International Workshop with participation of invited experts and representatives from a broad spectrum of stakeholders was organised.

Analysis of the country reports, scientific literature and discussions with stakeholders and project partners with reference to this question showed that institutional reactions to security threats posed by emerging technologies vary from one country to another, but that these reactions cannot necessarily be predicted from the organisation of control system alone.

Differences between institutional setting relating to both counterterrorism measures as well as forecasting potential security threats related to emerging technologies, in countries under scrutiny are conditional on several issues.

First of all, it is related to the administrative division in a given country. Secondly, the size of the country and its population plays the crucial role. Thirdly, it is connected with the standing and the specificity of the national economy, which is also indicative for the specificity of the organization of the security measures.

In Israel and Finland two of the countries involved in the realization of the FESTOS project are perfect examples of a small countries with high-technology economies. Both invest decent share of budget in research and development being advanced in many fields of highly specialized scientific inquiry. Therefore, the issue of technological espionage and security concerning potential economic profits coming from private- and state-funded research play an important role both for Tel-Aviv and Helsinki. However, both countries differ substantially in other aspects of interplay between science development and security. Due to geographical, historical and political reasons, Israel is one of the countries which are seriously exposed to terrorist threats. On the other hand, Finland which does not belong to any military alliance, having good international relations with all the neighbours and stable, neutral position in the international politics seem to be a country with relatively secure position if it comes to the potential terrorist threats.

Two large European countries in the FESTOS sample, Germany and United Kingdom share many similarities. The first and the third of the most populous European countries possess powerful economies, largely decisive for the general standing of the European Union. The role of UK is more limited in this respect, as it is not integrated in the common EU monetary policy. Both are also active members of NATO alliance, being militarily involved, even though on a various scale in a actions abroad. Germany and UK are also among global leaders in advanced scientific research and technological development resulting from state funding, as well as private investments. These circumstances determine the need for having dense network of institutions involved in security policy, deriving from military sector, law enforcement, spheres controlled by political bodies and civic society actors. It seems that differences in institutional framework between UK and Germany derive from the most obvious factor differentiating these two countries which is the administrative setting with Germany being federal state and UK highly centralized country with issues referring to this kind of security being decided in London rather than in Wales, Northern Ireland and Scotland.

Poland lags behind all of the aforementioned countries, if it comes to the development of modern technologies, its economic impact and the knowledge production in the fields of particular meaning for security threats. Its size locates Poland with 38 million between two countries with more than two small ones with population not exceeding 8 million and two large states. Being a post-communist country with comparatively short record of participation in EU and NATO, Poland has become intensively involved in a global war on terror strongly supporting American policy in this respect. However, the terrorist attacks threat is perceived in Poland as rather low and therefore Polish security institutions are rather not concentrated on prevention from potential threats, but on pursuing and responding to already existing threats

2. Results of the survey and in-depth interviews on control of knowledge. Proceedings of the International Workshop on Control and Prevention (D5.2)

The results of the analyses conducted on the basis of data collected from an online experts survey with 193 respondents from all over the world; in-depth interviews and conference lead to the following conclusions:
1. Experts’ attitudes towards control of knowledge are heterogeneous and ambiguous. Depending on the control component, taking into account, the opinions expressed, both positive and negative, are more or less strong.
2. The control of the free flow of scientific information raises clear opposition of the respondents. Also the respondents’ willingness to accept measures to control sensitive knowledge that would be stronger than the ones presently existing is low. They would be ready to accept only two stronger control measures: Internal regulations in organizations (universities, research centres, etc.) and codes of conduct. They are not ready to accept stronger political and social (conducted by NGOs, religious institutions, professional associations, etc.) control on R&D.
3. Opinions relating to other control components included in the study, such as perception of threats associated with sensitive knowledge dissemination, belief in effectiveness of different control measures, awareness of existing control and impossibility to control are more ambiguous.
4. A tendency to perceive knowledge dissemination as not threatening public security prevails among the respondents of the FESTOS survey. This means that while assessing threats connected with different methods of knowledge dissemination, the experts tend to point to the medium threat level of every transfer. Exceptions to the rule are two methods of dissemination: media, including the Internet and publications, are the main sources of concern.
5. Even weaker generalised trend was outlined by the analysis of the assessment of the effectiveness of control measures. Opinions were strongly differentiated depending on the evaluated control measure.
6. Internal regulations implemented by the producer or user of sensitive knowledge or technology were perceived as the most effective of all listed control and prevention measures. Codes of conduct and legal regulations were estimated as rather effective as well but political and social control over research and development were perceived as the most ineffective measures to protect sensitive knowledge from abuse.
7. The level of awareness of control preventing the abuse of emerging technologies in six selected areas among FESTOS experts is rather high but not very high. Every fifth respondent reported at least once that such control does not exist with respect to one of the six disciplines represented. FESTOS respondents pointed out existing control measures, mainly in ICT and Biotechnology.
8. Among experts there prevails an opinion that no control measures are able to enhance public security level effectively.
9. The complexity of the problem is also proven by the relatively high rate of the lack of data and “Don’t know” answers in the survey. Moreover, in the unstructured interview there are numbers of statements revealing that the experts are aware that emerging technologies may pose severe threats to public security, but they did not come with clear views on how societies should counteract.
10. Analysis conducted at the level of the whole group of experts participating in the study showed that respondents of the FESTOS survey are more likely:
• to accept free, unrestrained flow of ideas then to accept the control of information flows;
• to share the attitude of non-acceptance rather than acceptance of stronger than existing measures to control sensitive knowledge;
• to claim when assessing different methods of knowledge dissemination from the point of view of potential transfer of dangerous knowledge to terrorists / criminals that there is small or medium (but not large or very large) threat of such transfer;
• to declare low belief in the efficiency of control;
• to state that no control measures are able to enhance public security level effectively.
11. The analyses conducted on an individual level by using the method of cluster analysis, allowed to extract three types of attitudes towards control of sensitive knowledge manifested by FESTOS experts. They differ from each other in terms of opinions on the six aspects of control with regard to thematic criteria such as control over the flow of ideas, acceptance of control, perception of threats, belief in effectiveness of control, awareness of control, impossibility of control. The first type, characterised by an ambivalent attitude to sensitive knowledge control, covers 41.5% of the respondents, the second type of attitude, oriented at knowledge control and public security, is manifested by 23.3% of the respondents, and the third type, supporting freedom of research - opposing the control of knowledge and criticizing its efficiency, is manifested by 35.29%.
12. The in-depth interviews supported the main findings of the on-line questionnaire and the quantitative analysis, especially the typology generated upon the analysis of survey results. Moreover, similarly to survey results, education, independent controlling committees, codes of conduct and legal regulation are enumerated by most of the interviewees as the most effective and potentially most acceptable by the scientists and researchers. Especially the role of education as the instrument leading to raising awareness of threats posed by emerging knowledge among scientists, researchers and students, was underlined by many respondents. Also, nearly all the respondents agreed that dissemination through media and the Internet is very difficult to control and that solving this problem would be the major challenge that security specialists will be facing in the nearest future.
13. The qualitative method also showed how differentiated the distinguished types are in a more detailed way. One of the characteristics of 'Liberal' orientation is a strong belief that knowledge creation process should remain as open as possible, and that any control measures should be invented by the researchers themselves or by the institution they work in (for example: university). 'Ambivalent' option concentrated mainly on the problems and risks caused by imposing any knowledge control systems, such as reduction of innovative research, growth of bureaucracy, deterioration of the operating conditions for companies.
14. 'Control-oriented' attitude was present in the interviews in the slightest degree, although it may be connected with these interviewees that believed that only control system based on the governmental institutions and centralized can be effective in preventing the potential abuse of 'sensitive' knowledge.

The conclusions listed above should be taken into consideration in the process of designing advanced knowledge-control system. Most important findings of Work Package 5 that should be taken into account when building recommendations for decision makers are:
1. The knowledge-control system should be based on soft-control measures, including codes of conduct and internal mechanisms of knowledge control in different organisations (academia, research institutes, industry).
2. Bottom-up approach should be the main principle of knowledge-control systems, because governmental or international bodies are perceived as incapable of coping with all the threats resulting from different fields of 'sensitive knowledge'.
3. Education should play major role in the knowledge-control system. Universities should add classes on threats posed by emerging technologies to the curricula in order to raise awareness of the students that will cope with 'sensitivity' of knowledge they will acquire or produce in future.
4. Moreover, some actions should be undertaken in order to raise awareness of threats posed by technologies and of existing control measures among the scientists. It may be done by connecting the funding of research with obligatory assessment of proposals from the perspective of whether they result in enhancing public security level or if conducting such research may pose some threats to security.
5. Last but not least, more detailed study should be conducted in the subject of control knowledge and preparedness to accept stronger control measures by the scientists and other 'sensitive knowledge' producers and users. This is justified by the ambiguous results of FESTOS Work Package 5 survey and in-depth interviews. Most of the respondents presented ambivalent attitude towards the control of knowledge. More detailed study could possibly show where this ambivalence derives from. It could also possibly show, how other groups of people dealing with 'sensitive knowledge' (not only people representing academia, who prevailed in the survey sample) understand control and prevention and how ready they would be to accept some new control mechanisms.


WP6: Synthesis of Results and Guidelines for Policy
The workpackage includes the following tasks:
Task 1: Synthesis of Results and Guidelines – draft report. Aim of this task is to derive preliminary guidelines based on the outputs resulting from FESTOS in order to orient key stakeholders’ (e.g. policy makers) interest to relevant issues.
Task 2: FESTOS Policy Recommendations: Aim is to refine and finalise the policy guidelines and to present key findings to the stakeholders. This report orients all actors involved to the ideas of both the content and implementation of possible politics and strategies to meet the challenges of foresighted emerging threats. The guidelines discussed in a policy workshop with participation of the partners and external experts and ASB to help finalized this task.
Task 3: Preparation of materials for the FESTOS final workshop (WS) with participation of key European stakeholders. The aim of the WS is to enhance the implementation process of FESTOS key outcomes. Final policy report was shaped as a result of discussions during this WS. Workshop proceedings were written. WS was conducted in cooperation with WP7 on December 2011 in Brussels.

Results achieved
1. Synthesis of results and policy guidelines report (D6.1)
A comprehensive report with a synthesis of the results of FESTOS and policy guidelines was produced. The synthesis summarized the contribution of all partners at all steps and in all work packages of the FESTOS project. Secondly the report includes wide-ranging consideration and proposals for policy guidelines resulting from the analysis done during the duration of the project.
Chapter 2 includes descriptions of the work done in the work packages 2, 3, 4 and 5 including findings, insights and results gathered during the whole project duration and discussed in the various meetings. The results described in this chapter helped accomplish the main goal of the project to identify and asses evolving security threats posed by abuse or inadequate use of emerging technologies and new S&T knowledge and propose means to reduce their likelihood. As the pace of science – based developments accelerates there is a pressing need for continued scanning of the unfolding technology landscape for potentially security threats.
Looking ahead to 2030 FESTOS conducted a wide horizon scanning activity to identify potential threats stemming from future technologies. Information and Communication technologies (ICT), Robotics, Nanotechnologies, Materials and Biotechnology were the main fields covered in this study. In addition developments resulting from the convergence of technological fields were also analysed. As presented, this effort yielded thirty three interesting examples of threats that could be realised in the next 5-25 years. Termed as the "dark side" of technology these are the tip of the iceberg. Deeper and wider horizon scanning might shed light on more and more such potential threats.
Preparedness to future threats is not on easy task to accomplish and not always possible. Priorities should be assessed, signals should be identified and surprises should be avoided. In FESTOS we were able to develop a novel way to carry out security assessment stemming out from the Ansoff filtering method, using a modified STEEPV scheme and finalising with analysis of signals of change and identifying possible wild cards. Six spheres of society were chosen to asses the impact of possible threats and evaluate what we termed as the Intensity of a threat according to its integrated impact on all these spheres: Economy, Environment, Infrastructure People, Political systems and Values. Evaluating the intensity helped us categorising the various threats in question. However the likelihood of threats and their intensity changes with time and FESTOS could present this kind of changes and show how the different threats develop and change with time. Preparedness should take these findings into account.
In a further step scenarios were built to demonstrate the possible threats realisation as a basis for policy considerations. Key high priority technologies were in the focus of these scenarios including:
a. Swarms of cyber-insects attack on people and animals.
b. Individual DNA misuse for extortion
c. Self-destruction of everyday intelligent nano-based products responding to wireless signals.
d. Use of viruses to change behaviour of population for a certain period of time.

Scenarios were then used to identify indicators hinting at growing likelihood of technology misuse as well as identification of critical points in handling sensitive knowledge.
The issue of the free distribution of sensitive knowledge in contrary to possible knowledge control was raised and debated widely in the project. The balance between the freedom of science on the one hand and the needs for security on the other hand was in the center of this discussion. Studying existing control regimes and using experts' surveys it was possible to identify consensus among the security and scientific community on possible policy measures on this direction. The bottom up approach and application of soft measures such as codes of conduct and internal regulations in research centers were accepted as measures that will help in copping with the threat and still keep the right level of the freedom of science.

In Chapter 3 the threat assessment concerned with individual emerging technologies evaluated in FESTOS is presented together with some policy implications of each. Focus is on R&D tasks but other relevant policies are also indicated. These were further presented as FESTOS Alerts and have been distributed to policy makers and stakeholders to expose them to FESTOS results in a concise manner. This chapter thus, on the one hand, demonstrates the results of FESTOS and on the other hand, indicates possible policy steps to counter potential threats.

Chapter 4 of this report presents further policy guidelines of several sorts. These policies are based on outputs from the London policy workshop (M22/December 2010), the international workshop on control and prevention done in Lodz (M27/May 2011) and interviews done by all partners with experts in administration and politics in the five partner countries. Finally these guidelines were shaped following insights from national policy and dissemination workshops in partner countries and the final international workshop in Brussels in December 2011(M34).

The main idea behind the FESTOS process is to have a kind of early warning on emerging novel threats in order to be able to respond to them and prepare relevant means to cope with them and reduce surprises to a minimum. Raising awareness of policy makers to possible future threats might thus enhance preparedness activities in various levels and reduce the likelihood of their realisation. In the report we reviewed various policies possible in this direction. One field is the R&D programs that could contribute to better understanding of the potential threats and to means to counter them. These were detailed in chapter 3 at the level of individual technologies and further generalized in chapter 4 to R&D tasks to be implemented in future programs. Furthermore, the issue of responsible research and innovation was highlighted. As stressed at the FESTOS final event, this concept takes more and more central role in the Commission's ethical considerations.

FESTOS put on the table the dilemma between knowledge control as a measure to limit access of negative actors to sensitive knowledge and the freedom of science as a basic principle for science activity. Based on general acceptance of a bottom-up approach and "soft" control measures a set of nine principles have been drafted that might help realize such a regime which will, in cooperation with the science community, deny from crime and terrorism the ability to abuse future technologies. "Methods like codes of conduct, self regulation etc. are the best way to address this issue…more effective than ethical assessment after research is completed is to build in design control measures during the design phases of research. This results in 'privacy by design', 'safety by design', ect." (Dr. von Schomberg, from the EU commission at the final FESTOS event, 8 December 2011). The importance of international cooperation in this context was also stressed: "There is a need for networking, international cooperation to evaluate technological waves" (Dr. Kaivo-oja, Finland, FESTOS final event) and "There is willingness to cooperate with other countries to assure a more secure Europe" (Ms. Eva-Maria Engdahl, EU DG enterprise, FESTOS final event). Additionally we evaluated concepts and bodies that could complement the above measures by implementing more operational attitudes which will help identify emerging threats in their early stages and apply response measures to avoid their armful impacts. Situation analysis bodies in the national levels as well as the EU level were presented.

2. Preparation and Proceedings of Workshop with key European stakeholders (D6.2)
All partners prepared and realized the final workshop of FESTOS on December 2011 in Brussels. In cooperation between EFPC (WP7 dissemination leader) and FFRC the proceedings have been prepared and submitted. Special edition of the FESTOS alerts were prepared and distributed. The results of the workshop combine the outcome of the FESTOS research team with the contributions of external experts present at the workshop. The following issues have been raised by the members of the FESTOS research team and the participants of the workshop. They contribute to the FESTOS policy recommendations:
- The need for a continuation of horizon scanning of emerging technologies;
- The need to carefully follow the possible contradictions between academic freedom in democratic societies and the need for "knowledge control”;
- Consider measures like ethical control, self-regulations, and codes of conduct at the first place.
- The need for Security assessment, social responsibility, and security by design;
- Inclusion of dimensions like international cooperation and networking
- The necessity to reflect a dimension like the role of education in all levels including students, scientists and engeenirs towards responsible innovation;

3. A foresight briefing document (D6.3)
FFRC has agreed with AIT, the Austrian Institute of Technology to publish a foresight brief with the results of FESTOS. AIT is responsible for the publication of the European Foresight Platform (EFP) is a network building program supported by the European Commission’s Framework Programme 7. EFP aims at building a global network of networks bringing together different communities and individual professionals to share their knowledge about foresight, forecasting and other future studies methods. The FESTOS Brief is available under http://www.foresight-platform.eu/briefs-resources/.


Potential Impact:
FESTOS impacts and benefits are as follows:
1. Direct impacts:
• Threat analyses to European policy makers to better the preparedness to future possible threats stemming from emerging technologies.
• Contribution of foresight method to security assessment processes.
• Security policy guidelines to different European stakeholders. FESTOS produced a policy-support report which may be helpful for different European organs such as the European Parliament, the EC, various EU agencies and EU Member countries´ governments.
• Shaping of R&D programs to cope with these emerging threats.
• Promoting the debate on knowledge control as a measure to reduce the abuse potential of new knowledge.
• Improvement of European security research co-operation .

2. Indirect impacts

FESTOS raised awareness of the science and technology community to the possible negative impacts of uncontrolled proliferation of relevant knowledge to the hands of hostile groups and the ways to reduce it.

3. Network-based impacts:
FESTOS has caused many network impacts in Europe and also globally. FESTOS results have been disseminated in various scientific and political forums, thus helping in global risk management and security policy efforts.

Finally FESTOS presented its main results and policy guidelines in "policy alerts" (see attached document) which have been distributed to relevant stakeholders and actors to convey the major massages and guarantee further interest and possible implementation of relevant recommendations. This measure will help us to keep awareness to FESTOS' results also in the future.

Dissemination and exploitation activities:

Identification of target audience
The FESTOS dissemination contact list contains 2,400 people and includes:
• Members of the European Commission
• Other projects funded under the FP Security program
• Government departments
• Security agencies
• Law enforcement authorities
• Commercial organisations
• Research and academic institutions
• Relevant committees of the European Parliament
• Security policy makers
• The network of National Contact Points for Security related issues and in particular network(s) of security research stakeholders). These actors are seen as instrumental in promoting the dissemination of security research to end users, national public authorities and citizens alike.
• Security research programme makers, (mission oriented)

In addition the FESTOS Advisory Security Board (ASB) has acted as a main interface between the project and formal stakeholders to assist in information collection, dissemination and explanation of results. Security board members were invited to take part in project workshops. They have enabled FESTOS to directly connect to relevant decision makers


Set-up and Maintenance of the project website
The coordinator, ICTAF, designed and established the FESTOS Logo and website. The website contains a public part and a project part. The project part is used by the project partners and assists with the management tasks. It serves as a tool for documentation and knowledge sharing between the researchers during the project. The public part is used for dissemination of the project results, including project information, results, news and events. Please refer to www.FESTOS.org and D7.1 and D7.1.1 (Report describing Website and Content) for further information. The website was established on month 3 (including basic information and links), and was regularly updated during the project. In addition to the Project website, each partner has disseminated FESTOS via their own Websites.

Flyers and Printed materials
• Flyers - FESTOS has produced two flyers and a program (please refer to D7.2 and D7.2.1). The flyers were distributed by all partners at relevant seminars, workshops and events to disseminate information about FESTOS to relevant actors working in the Security domain and also to the wider public. The first project flyer was produced, printed and distributed by the end of month 3 described in D7.2. In addition two additional flyers/programs were produced towards the end of the project in preparation for the FESTOS final event (D7.2.1). A flyer was produced as folded leaflet which was distributed by FESTOS partners to relevant contacts persons and organisations at meetings, seminars and conferences. FESTOS was also represented at SRC’11 which took place in Warsaw, Poland on 19-21 September 2011.
• Posters - FESTOS has produced two posters that were distributed to all FESTOS partners for use at their organisation premises and at relevant seminars, workshops and events. A draft of the FESTOS poster text was produced and discussed at the management meeting held in Helsinki, Finland. The project poster was produced on M11 (18.01.10). Each partner received a copy of the poster at the FESTOS Working Meeting on 24 January 2010. An additional poster was produced after FEWN left and the University of Lodz joined the Consortium in order to correct partner information.
AT the SRC’09, SRC’10 and SRC’11 security events, FESTOS applied and was accepted to take part in the poster sessions of these events. This involved presenting the FESTOS poster and was a great opportunity for informing people about the FESTOS project, its results and achievements.
• The Commission designed and produced a FESTOS poster which was used at SRC09 in Stockholm. The Commission sent a JPEG of the poster for future use.
• FESTOS program was produced for the final FESTOS event which took place in Brussels, Belgium on 8th December 2011. This program formed part of the materials participant received at the workshop when they registered.
• FESTOS “Alerts” were produced for the final FESTOS event in Brussels (see attached document).

Event Participation

FESTOS Workshops:
FESTOS Scenario Workshop in Berlin on 21 June 2010
The workshop took place in Berlin, Germany on 22-23 June 2010. The objective of the scenario workshop was to lay the groundwork for the scenarios by using creative and participative methods with involvement of FESTOS project member and external experts. More than 30 interdisciplinary experts on technology, security and administration participated. The scenario workshop was divided into different steps and concepts to reach different goals: (a) Development of Wild Cards based on the work of WP2,3, (b) impact analysis of the selected Wild Card events and (c) presentation of the first scenario sketches and feedback on the second day. For more information about this workshop, please refer to D4.2 (Draft Scenarios (with results of threat impact analysis) and Interactive Scenario Questionnaire) and D4.3 (Final Scenario and Indicators Report (with analysed survey feedbacks and conclusions).

FESTOS Policy Workshop
The workshop took place in London, UK on 15th December 2011. Before the workshop, FESTOS activities had so far focused on identifying and analysing future technologies that may pose a threat as well as methods for control and prevention. The next step was to define policy guidelines to be able to cope with future threats evolving from future technologies. A one-day workshop was held in to launch the policy discussion and help generate a list of measures leading to a policy plan. Seven external experts in addition to twelve consortium members participated in the workshop. An internal FESTOS report was produced describing the detailed proceedings of the workshop

FESTOS Control of Knowledge International workshop
International Workshop on "Freedom of Knowledge in the Era of Emerging Security Threats" took place in Lodz, Poland on 17 May 2011. The aimed to be the platform of exchanging views and experiences connected with controlling sensitive knowledge. Around 25 experts (including the ASB and the partners) were participated from the academia, governmental institutes and organizations which deal with in their programmes or statues with control and prevention of abuse of new and emerging research disciplines and technologies. A one day workshop was held including six plenary sessions and discussions. The results assisted to shape the conclusions and recommendations.


FESTOS National Dissemination Workshops
One FESTOS dissemination event was planned to take place in each partner country towards the end of the project. The objectives of the national dissemination workshops were to:
a) To disseminate FESTOS information and results
b) Obtain reactions and responses to measures for control and prevention and to obtain feedback to policy guidelines developed in the project to solve these issues.
c) Use the feedback from the workshops as input into an updated D6.1 and D6.2

Each workshop was organised in a semi-structured manner to elicit additional ideas from the participants via brainstorming, discussing and debating the ideas produced by FESTOS.

Each partner conducted a National workshop with relevant external experts. The feedbacks were elicited through discussion of the FESTOS completed/draft deliverables via a round-table discussion. Deliverable D7.4 reports on these national dissemination workshops.

FESTOS Final Event
A final FESTOS workshop took place in Brussels on 8th December 2011, in Brussels Belgium. The main objective was to present the FESTOS results and obtain feedback for policy recommendations regarding prevention of future threats, and to give recommendations for how to be better prepared. The results of FESTOS are of particular interest to the Commission and hopefully will assist in their decision making processes. The Project Officer and other representatives from the Commission were invited and participated in the workshop as well as relevant experts from all over Europe.

The FESTOS final event was disseminated through: the FESTOS dissemination list; Cordis Wire, the Linked-In Information Security Community (100,000 members); Events (e.g. SRC’11); FESTOS Advisory Security Board; partner direct contacts.

Around 60 people participated in the event. These included decision ,makers from the commission and representatives from other European governments, security as well as technology experts. The workshop proceedings have been document in D6.2. FESTOS alerts were distributed to all participants.

Attendance at relevance EU and Worldwide events
FESTOS Partners attended many relevant EU and Worldwide events. FESTOS was disseminated at these events throughout the Project. FESTOS partners attended around 60 events, workshops, conferences and meeting during the lifetime of the project. FESTOS invoked interest also outside Europe including USA, Canada, Singapore, South Korea and more.

List of Websites:
The address is: www.FESTOS.org

The website is managed by ICTAF in cooperation with EFPC, WP7 leader.
As seen in the following chart, the website has several inner pages:
• Objectives – describing the objectives of the project.
• Consortium – describing the FESTOS consortium.
• Work description – including description of the overall project and methodology.
• Workpackages - including a short description of all WPs.
• Results – for public deliverables.
• News
• Contact persons.
• Member’s areas – for internal work documents and procedures.

Contact details: Dr. Yair Sharan,
sharany@post.tau.ac.il