Creating an Agenda for Research ON Transportation sEcuity

Executive Summary:
Executive summary

Easy, efficient, safe and secure transportation is a core factor for European growth, collaboration and employment, and thus for the Europe 2020 strategy. Land transportation has two main security challenges: to avoid interruptions of transport and to ensure the free flow of freight and passengers which guarantees supply to Europe’s populace, and to avoid that transportation modes become open avenues of attack. CARONTE helps to tackle these challenges by producing a research agenda for security in land transport that focuses on the core relevant gaps caused by existing and emerging risks.

All in all, the CARONTE project has achieved its goal of providing input to strategic research planning in the domain of land transport security. Information from more than a hundred experts was collected through various methods, more than 120 ongoing and recently completed research projects were evaluated, and a large number of relevant policy papers and research programmes were analysed. During the last Work Package “Elaboration of a research agenda”, the information thus obtained was sorted and processed in a transparent way in order to obtain research ideas that are highly relevant for current and future strategic research planning. These ideas have been sorted and are presented in a way that allows easy uptake in the strategic research planning processes of the European Commission and other authorities. Furthermore, two monographs within deliverable D6.2 (general public part) have been added that provide an outlook on land transportation security beyond short-term research planning.

The top priority issues identified for land transportation security research and which should lead to EU research activities are:

• Staying operational in the event of a cyber-incident
• Timely and efficient threat detection
• Special security problems of railways as open systems (an integrated approach)

The high priority issues identified for land transportation security research and which should lead to EU research activities are:

• Balancing security requirements and privacy demands of passenger
• Security awareness of personnel and customers
• Crisis Management
• Security by design
• Security retrofit
• Secure communication links for traffic control systems
• Protection of autonomous vehicles against cyber-attacks
• Secure critical infrastructures (cyber/road system)
The topics raised cover operation and infrastructure as well as passenger and freight transport. This especially effects the rail sector with its traditionally integrated companies, although the today obligation leads to divided responsibilities for railway operation and infrastructure management.

Project Context and Objectives:
Summary of project context and project objectives

Objectives

Europe’s prosperity relies on effective transport systems. Any attacks and disturbances to land freight and passenger transport have significant impacts on economic growth, territorial cohesion, social development and environment. Unfortunately, there are specific weaknesses in land transport security. Criminals and terrorists have taken the transport sector (e.g. stations, tunnels, and urban transport systems etc.) to be an easy target. In Europe, the theft of high value and high risk products moving in supply chains costs businesses in about € 8.2 billion a year. The terrorist attacks in 2004 in Madrid (train bombings) and in 2005 in London (bus and metro bombings) claimed the lives of 191 and 52 innocent civilians, respectively. Security issues related to land transport security are diverse and complex. Therefore, continuous and coordinated efforts and investments are needed to address these issues. To this date, there are a number of regulations, norms, and research projects addressing land transport security at the national, European, and international level.

To meet these challenges CARONTE provides a future research agenda for security in land transport, which focuses on the core relevant gaps caused by existing and emerging risks. At the same time the research agenda avoids doubling-up of research. CARONTE will also contribute to future European Security policies.

The objective of CARONTE is to provide answers to the question of what type of security related projects should be planned in the future to respond to threats facing land transport.
CARONTE’s results answer the following questions, among others:

• Which existing research projects merit a follow-up and expansion?
• What are the possible research combinations and synergies?
• Which themes and topics should be elaborated on in new research projects?
• Who should be involved and integrated in future research projects (stakeholders, authorities, etc.)?

Context

The project worked in land transportation on both parts, passenger and freight transport, and covered rail, road, inland navigation and the interfaces between the modes including those to aviation and maritime transport. Also a view on the logistics sector, where transport is one of the most important success factors for efficient production shows respective vulnerabilities. Many threats for the population and economy in the EU and beyond are discussed. They come from terrorism but also from smuggling (economical dangers of product piracy, tax and custom duty evasion, human health risks due to forged medicines or food), theft and other general crime. As the European economy is strongly dependent on easy and inexpensive transportation, this sector is seen as an attractive target for terrorism.

Passenger transport has been a target for terrorism for a long time. The aircraft hijacking of the seventies and eighties with the final “peak” 9/11 are still well remembered. Land transport was affected by terrorism, e.g. the Atocha Attack in 2004 and attacks on the London metro and a bus in 2005. Russia and Belarus are frequently affected by attacks in underground systems (Moscow 1996, 1998, 2001, 2004, 2010; Minsk 2011). In Israel public buses are attacked by terrorists from time to time. During the project life span we recognised the incidence of an armed attack in a Thalys train. The attacks in Paris (7. January 2015 and 13. November 2015) showed that even attacks, which do not directly tackle the transport sector may have significant impact on transport flow (closing borders or extension of controls, stopping transport in affected areas in a large region).

After finalising the project at the end of February 2016 we saw the attacks on Brussels Metro and Airport: one tackling the land transport system directly and one attacking an interface between land and air transport. Relevance of attacks on passengers has risen significantly during the project’s life span and still continues to rise. These attacks show a serious problem in the land transportation sector. Immediately after an incidence various activities like army controlled access to Metro stations or security checks when accessing airport terminal appear. But these activities appear as not really sustainable for in integrated security approach which balances the easy flow of transport and a high level of security.

Attacks on aircrafts and hijacking have always attracted high public attention, making this an attractive field for terrorists. Nevertheless, the number of incidences in air traffic declined dramatically in the last decades, mainly due to more stringent security checks and regulations. In contrast to this, land transportation modes have become more attractive for terrorists, as access is very easy (no passenger controls) and the potential number of affected people can be very high, especially within cities. Tunnels and underground trains are especially attractive targets, as the effect of bombs, fire and poison (e.g. the Sarin attack in Tokyo underground in 1995) have a potentially devastating effect as many people are crowded with little chances of evasion. A few attacks in a short period of time can make people afraid to use public transportation and can necessitate very expensive measures by the authorities. Cities may even get critical economic problems if mass transportation is avoided by the population and companies consider settling in other locations due to dangers and access problems.

The aim for a European concerted, well organised and well balanced (ethical, technical, organisation, personal, etc.) Research Agenda is to enhance security, to avoid attacks and to lower their effects in an efficient manner (low costs). Together with this, fear and panic in reaction to a potential series of attacks should be minimised. These panic reactions can cause very high and potential misallocated, doubled and ineffective efforts, due to political actions in case of current pressure.

Public transport systems are open to all users and airline style controls are not practical given the mass usage and walk-on nature of the service. Furthermore most of the infrastructure was not built with security in mind. Nevertheless it is essential to make urban passenger transport less vulnerable to attacks as well as to prepare plans for what to do in case of an attack, without compromising the unrestricted access and ease of use that passengers depend on.

Freight transport and logistics is another important factor for economic success, supply of the population with goods of daily need (food, energy, information, etc.) and for cohesion of the European Union. Production and supply are embedded in global logistic chains. It is a goal of the EU to let all European regions participate in economic growth, which is dependent on efficient and cheap transportation. Terrorist attacks on the transportation system, especially land transportation, can have considerable negative effects on economic growth and supply. This comes from two aspects. On the one hand, goods can be directly affected by damaging, degradation or poisoning. This leads to a lack in supply of the population, stops in production or even direct injury of people. Depending on what type of goods are affected, the lack can become urgent within a very short time span (energy or health) or cause effects of the second order as important products cannot be produced in time (medicine for example). A series of attacks or very big single events (e.g. disturbance of the functionality of a big harbour like Rotterdam, Marseille or Hamburg) can cause reactions by politics and authorities that affect the efficiency and the costs for freight transport in a negative way. The local economic factor indeed should not be neglected and shortages in supply can (locally and temporary) appear. As a result of the incidences on 11th September 2001, there are a lot of new and expensive regulations, which currently affect the logistic chain and further regulations introduced since 2001 have been mostly driven by demands of the US government.
The ISPS Code is a regulation concerning ports where vessels are handled with cargo for the USA. ISPS demands certain security standards for controls of persons who enter the port and for perimeter fencing of the terminals, among others. This standard is adapted in the EU with Directive 725/2004. All ports which handle sea going vessels with more than 500 register tonnes are affected by the directive. With the Container Security Initiative (CSI) the U.S. customs introduced a security program for containers entering the USA. In particular, the CSI also works in foreign ports (viewed from the USA side), so it can access the data of containers already far outside the U.S. and may prevent a shipment to the USA. CSI is part of a message of safety cargo data 24 hours (24 hour rule) before the ship's departure to the Customs and Border Protection (CBP). Another part of the CSI will be an obligation to examine all containers before loading or upon reaching the port of loading by using radiographic techniques. Furthermore, there is currently a lot of discussion, particularly in terms of cost, effectiveness and practicability especially (see research projects).

C-TPAT (Customs-Trade Partnership Against Terrorism) is established by the CBP of the USA. It is a voluntary program in which international manufacturers, shippers and freight forwarders can participate. They meet with CBP in an agreement to secure the supply chain in order to identify vulnerabilities and implement specific security measures. In addition, the CBP partners document their safety program for their own company and outline specific security measures that the company undertakes to protect the supply chain. Successfully certified C-TPAT members are considered as low-risk and are therefore given preferential treatment in customs formalities and border crossings.

In Europe the Authorized Economic Operator (AEO) is basically the European equivalent to the US C-TPAP. According to the customs an AEO is "very reliable and trustworthy”. For this, after having passed the assessment, an AEO can take special deductions under the customs claimed. The relevance to safety issues is considered only secondary. Status of AEO applicants will be granted community.

Research programs

The 7th Framework Program for research and also the HORIZON 2020 research program have announced or will announce research areas for security, sometimes directly related to (land) transportation, but mostly more general for core security issues. Although CARONTE was an FP7 project, it will contribute to H2020, setting up targeted research topics for land transport security. This could tackle the areas of

• Critical Infrastructure Protection (CIP)
• Disaster-resilience: safeguarding and securing society (DRS)
• Fight against crime and Terrorism (FCT)
• Border Security and External Security (BES)
• General Matters (GM)
• Digital Security Focus Area (DS)

FP7 also announced most of these areas in with a couple of topics. The security related projects set the basis for CARONTE to recognise missing aspects for land transportation security. Together with national projects, CARONTE partners elaborated their own database for existing security research projects, to identify projects which could cover the gaps and requirements announced by CARONTE. This was done to avoid any double research in the Future Research Agenda. CARONTE is well established in the existing national and European research context.

Security Policies

Key policy areas regarding passenger transport are accessibility, security, and quality of service issues, such as level of service, user friendliness, comfort, image and reliability.

Policy on security of passenger transport has traditionally been set and implemented at local level, tying in with general policies on law and order (discouraging attacks and preventing vandalism) and concern aspects such as design, surveillance and staffing of public transport vehicles and stations/interchange points. However, since the terrorist attacks on public transport systems in Madrid and London, as well as the more recent threats of influenza pandemics, public transport security policies have moved more into the European and international domain.

Relevant policies on EU level, which have been considered for identifying relevant research topics are the following:
• Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace
• A European Program for the Critical Infrastructure Protection
• Customs Risk Management and Security of the Supply Chain
• A new EU approach to the detection and mitigation of CBRN-E risks
• The European Agenda on Security
• An open and secure Europe: making it happen COM(2014)
• EU Internal Security Strategy &
• The final implementation report of the EU Internal Security Strategy

Project Results:
Main results and foreground

Research topics and their prioritisation

As a result of the work process, the following priority lists were generated. The items in the three individual lists are sorted alphabetically according to their identifiers (e.g. “Cross cutting issue - CC-13” before “Cyber issue Cyber-1”).
A lot of aspects and topics for security in land transportation have been announced during the project. Not all of them led directly to research topics as some of them set frames to consider (for instance, financing of research or financing the introduction of security measures), or described relevant “philosophies” such as “never forecast but be prepared” or made other recommendations (e.g. proportionality). The core criteria for research topics are the following:

• topics should be relevant and address pressing problems,
• topics should be specific for land transport, and
• topics should explicitly call for scientific action (criterion 4).

It is worth noting that there is an additional item, namely Rail-3 “Securing future rail systems”, which could not be attributed to any of the following individual lists. On the one hand, the experts agreed that this was a very important issue, both being specific for land transport and requiring further research. On the other hand, there were strong voices that this topic might be sufficiently covered by other items (e.g. Rail-2, Road-1, CC-4 and CC-13).

At the least, the topics with top and high priority should lead to European Research as
• the threats or challenges tackled affect all or at least more than one member state (e.g. terrorism, organised crime)
• the projects provide standards or protocols that need international harmonisation
• cyber-crime is never local, especially regarding transport on the TEN-T corridors and cyber-attacks tackle international infrastructures
• The cohesion of Europe needs efficient, safe and secure land transportation especially, but not only, on the TEN-T corridors
• as chains are only as strong as their weakest element and transport companies operate European wide, equal measures, procedures and levels of security assure and also facilitate the efficiency of security measures
• European collaboration and common research allows identification of best practices and spreading of knowledge

The topics raised cover infrastructure and the operational assets (vehicles, staff on board and so forth). This is also relevant for the rail sector with traditionally an integrated infrastructure operational approach, which today is more separated into different companies. The projects tackle freight and passenger transport.

Top priority issues

• Staying operational in the event of a cyber-attack (Cyber-4)
(Proposed research title:
“An integrated approach to assure cyber resilience in land transportation”)
• Timely and efficient threat detection (Interfaces-1; incl. Rail-5: Early threat detection in trains, stations and on track)
(Proposed research title:
“An integrated approach for early and efficient threat detection in land transportation”)
• Special security problems of railways as open systems (Rail-2)
(Proposed research title:
“An integrated approach for railway and mass transportation security – detection, crises management, human factor research”)

High priority issues

• Balancing security requirements and privacy demands of passenger (CC-4)
(Proposed research title:
“A toolbox for balancing privacy and fundamental human rights in security research and when introducing security measures”)
• Security awareness of personnel and customers (CC-9)
(Proposed research title:
“Training, and education schemes for security staff and communication measures”)
• Crisis Management (CC-11)
(Proposed research title:
“A toolbox for crises management in land transportation”)
• Security by design (CC-13) physical and ICT
(Proposed research title for physical:
“Guidelines and strategies for security by design of land transportation assets”
(Proposed research title for ICT:
“An integrated approach for transport ICT security by design”)
• Security retrofit (ICT) (Cyber-1)
(Proposed research title:
“Adaption existing IT-Systems for emerging cyber risks – threat and vulnerability analyses and measures to close emerging gaps”)
• Secure communication links for traffic control systems (Cyber-6)
(Proposed research title:
“Risk assessment and secure protocols for traffic control systems”)
• Protection of autonomous vehicles against cyber-attacks (Road-1)
(Proposed research title:
“Protection of autonomous vehicles against cyber-attacks by collaborative development and harmonisation of vehicle cyber architectures, reliable communication systems and improved knowledge exchange”)

Other important issues

Most of these topics can also lead to European research activities but some are also more likely on national level.
• Sharing of best practices among stakeholders (CC-1)
• Effective communication between companies, police and other administrations about threats (CC-2)
• Efficient security solutions (lifecycle costs) (CC-3)
• Sufficient financial support for the implementation of security measures (CC-5)
• Sufficient financial support for security research (CC-6)
• Applying the best security measures and technologies (CC-7)
• Securing legacy systems (physical) (CC-8)
• Secure critical infrastructures (especially tunnels and bridges) (CC-10)
• Data security / privacy (CC-12)
• User-friendliness of security systems (Cyber-2)
• Keeping pace with developing risks and threats (Cyber-3)
• Secure communication in freight transport chains (Cyber-5)
• Limiting damage in the case of an attack (Interfaces-2)
• Professional security management (Interfaces-4)
• Common standards and protocols for rail security (Rail-4)
• Secure truck parking and protection of driving personnel (Road-2)
• Protection against inside threats (Road-3)
• Avoidance of dangerous routes or parking lots (Road-4)

Deep analysis of top priority issues

The in-depth analysis of the items identified to be of top or high priority was conducted in a five-step approach:
1. In a first step, research projects with a focus on, but not limited to, European Framework Programmes that had been identified to be connected to the individual topics (see Annex III of deliverable D6.1) were re-visited, and their relevance for a possible research agenda was thoroughly assessed.
2. In a second step, the research projects analysed were clustered to achieve a systematic overview of relevant research areas
3. In the next step, available research roadmaps and policy papers were considered. This included the policy papers analysed in deliverable D6.1 research roadmaps produced in previous projects and additional documents identified for the individual topics.
4. The fourth step compared the threats and gaps identified during work packages 3 and 4 of the CARONTE project with the research activities and priorities identified in steps 1 to 3. Consequently, threats and gaps not sufficiently covered were identified.
5. The final step consisted in the description of urgent research needs and possible approaches, based on the information obtained in the previous steps.

The following sections give an overview of the results of these assessments, with a focus on possible directions of future research. The full in-depth assessments are documented in the restricted Annex III of deliverable D6.2 (only accessible for authorised persons!).

Item Cyber-4 “Staying operational in the event of a cyber-incident”

“Staying operational in the event of a cyber-incident” includes both ICT systems being resilient to cyber-attacks and the ability to operate transportation systems in the case of IT-failure (even if in a reduced quality of service). This issue received considerable attention during the course of the CARONTE project: On the one hand, many legacy ICT systems are employed in critical systems of the transportation sector, which might be vulnerable to cyber-attacks. On the other hand, the breakdown of transportation systems can quickly lead to mayor economic disruption and thus a speedy at least partial recovery is highly desirable.
The following threats were recognised under this item which are not covered by existing projects or measures:
• Crisis Management
• Crisis Management upon a cyber-attacks (including EMC)
• Governance, Risks and Controls methodologies are still to be implemented properly
• Government intervention/responsibility
• Disruption of functional safety device
• Incapability of using the armed forces (traffic managers) as an active infrastructure tool for national purpose during peace time when crisis situation or incidence occurred. Need for some kind of "integration" of armed forces into the Integrated Rescue System.
• Restoration: physical solutions to mitigate C dispersion and to facilitate decontamination
• Standing joint emergency response bodies
In WP 3, CARONTE has identified threats and risks to land transport in general and has summarised them. Land transport assets where we identified threats not covered based on the categories in step 2 are:
• Mobile units: With the exception of SECURE-ED (for public transport) no research covered the mobile units in this topic.
• Staff: Except SECURE-ED (for public transport) no research project covered the question of staff in case of a major disturbance.
• Inland waterway: No research project was found that deals with the resilience and operation after a major disturbance at inland water transport.

As shown in D6.2 there is a need for additional research in this field. Few research projects have been identified which address this top priority issue and of those identified only two projects are transport specific. A number of European strategies and agendas highlight the need for more research in this area. To realise these objectives the main research needs are shown in Table 1.

Item Interfaces-1 “Timely and efficient threat detection”

Much research effort has been invested in the field of threat detection in the recent years. Nevertheless, there is still an urgent need for reliable and affordable detection technologies that meet the special requirements of land transportation, which is characterised by open systems. Especially in the rail sector there is a gap between the need to identify threats (preferably from a distance) and the technologies commercially available today.
For practical reasons, the analysis was split into the detection of conventional threats and the detection of non-conventional threats (chemical, biological, radiological, nuclear; CBRN).
Based on CARONTE deliverable D4.1 the following identified threats or gaps are not directly covered by the measures identified:
• interoperability of systems
• need for multi-hazard approach
• coherent technologies (able to screen for different threats in one go)

Most land transport assets can be matched with a respective existing measure, i.e. there are past or current research projects with the aim to develop a security solution, which can be applied at the respective land transport asset. However, there are some land transport assets which deserve additional attention:

Connecting infrastructure: There has been a research project (ISTIMES) which deals with non-destructive electromagnetic monitoring of critical transport infrastructures like e.g. a highway-bridge in Switzerland and railway and highway infrastructures in Italy. However, to our knowledge there are no research projects which deal with CBRNE threats at connecting infrastructures in general.

Staff: There are research projects or organisational measures which deal with inside threats (sabotage; bribed or threatened staff) like RES-192-22-0145, but to our knowledge there are no research projects that deal with CBRNE-detection technologies to be applied for the surveillance of staff (apart from airports).

Passenger (Road): Currently there are no known research projects which deal with the detection of CBRNE threats or other conventional threats in the area of personal vehicles or busses.

On the basis of the results of step 3 (analysis of research roadmaps and policy papers) and step 4 (threats and security gaps identified in WP 3 and WP 4) Table 2 contains a summary of the identified research needs in the area of “timely and efficient threat detection”.

Item Rail-2 “Special security problems of railways as open systems”

Item Rail-2 “Special security problems of railways as open systems” was intensively discussed in several CARONTE meetings and workshops as it shows conflicting requirements: on the one hand, there is a need for ensuring the operational competitiveness of railway systems. On the other hand, this openness could be exploited and is susceptible to a number of threats.
Regarding the “special security problems of railways as open systems” topic, the main threats can be classified in various attack categories, in particular bombing (explosive), chemical, biological, radioactive, nuclear and cyber-attacks with various likelihood and severity levels. All these attack types are related to the open nature of railways (in opposition to, e.g. the air transportation domain).

In addition, such attacks cause considerable economic impact due to traffic disruption as well as an important psychological impact with regard to the number of potential victims and media coverage. It is worth noting that this kind of attacks could affect both railway stations and moving trains. However, the likelihood of targeting stations is more important based on past incidents and the respective damages. Another threat concerns the access to tracks. Indeed, given the long distance of railway lines, it is economically unaffordable to protect the whole railway lines in a secure way.

The analysis undertaken in WP 3 also raises cyber security attacks as potential threats. These attacks may target signalling systems or train control. Cyber-attacks targeting signalling systems are more relevant to other top/high level and will not be considered here since these are not directly related to railway openness. On the contrary, cyber-attacks which target train control systems could be led by attacker’s on-board trains. This issue was addressed, in particular in the SECRET FP7 project, where several cyber-attacks have been analysed, in particular jamming.

The main gaps related to the “special security problems of railways as open systems” topic derived from the work performed in Work Package 4 are:

• Insufficient detection and monitoring means: the issues most highlighted pertain to the efficiency of technological solutions able to detect threats in terms of explosive, chemical and biological substances in the railway operation context, namely in railway stations, without hindering the passenger fluidity and operational procedures. The lack of efficiency concerns the ability for detection in crowded contexts and the level of false alarms. As for railway tracks, the lack of technological solutions to monitor long distances, which are both economically and technically affordable, is pointed out.
• Lack of common standards and protocols: although many common specifications and standards pertaining to railway safety are available on the national and European levels, only a small number of common standards relevant to security are available in the railway sector
• Gaps in terms of cybersecurity: Cybersecurity threats are relatively new and evolve very quickly. Moreover, the lack of sufficient specifications in terms of cybersecurity resilience for railway systems affects the confidence on existing railway control and operation systems.
• Lack of awareness: this involves both railway users as well as railway staff
• Insufficient risk assessment tools: As for common standards, although many risk assessment approaches are available for safety issues, it has been pointed out that there is a lack of risk assessment tools regarding security issues. This is mainly due to the nature of security threats which cannot be investigated on the basis of analytical models, etc.
On the basis of the analysis performed, the following research priorities have been identified for the rail sector:
Detection and monitoring in railway stations:
• Efficient: this refers to the capacity to detect dangerous substances in an operational context, namely in crowded railway stations, without causing unacceptable rates of false alarms
• Economically affordable: the cost has to be reasonable so the solutions can be introduced on a broad level
• Improve the feeling of security: a good balance between monitoring/detection and the feeling of security needs to be found. This raises issues related to human factors and must be handled with special care.

Monitoring of long railway track sections:
• Efficiency: this means the ability to detect potentially dangerous situations
• Economically affordable: the costs have to be reasonable since long track sections need to be monitored
Another aspect related to detection and monitoring (regarding both railway stations and track sections) is related to management. Indeed, besides the technological solutions in terms of sensing and detection that need to be developed, the appropriate management procedures have to be established accordingly to handle the various situations that may appear. Particularly efficient crisis management procedures have to be elaborated. This may raise management and human factor research issues.

• Development of common standards for security: besides some procedural and legislative aspects that may be raised by this need (experience and best practices sharing, legislation analysis and upgrade, etc.), some research activities related to interoperability assessment and human factors are needed as preparatory steps toward the development of common security standards. In particular, new cyber threats deserve special attention, given their dynamic nature and the lack of reliable standard specifications.
• Methods for risk assessment: as mentioned in step 4, the lack of means for risk assessment in relation to security problems could make the threat evaluation process subjective and error-prone. The development of comprehensive risk assessment techniques which take into account the various impacting factors (accident/incident statistics analysis, expertise, political context, etc.) will greatly help the risk analysis process.
Human factors research:
• Development of reliable techniques for measuring the “feeling of security”, to help the decision making process.
• Development of reliable techniques for measuring the awareness of railway users and staff in terms of security, to identify the potential security vulnerabilities and guide the decision making process.
• Issues related to the above items, which have been detailed above.

Other items

Similar descriptions for the high-priority topics can be found in deliverable D6.2.

Aspects / items of importance outside the Research Agenda

Next to the research topics, aspects and issues to be considered or to be elaborated to come as political frames for security in land transportation. These are topics which are of importance but do not meet the criteria set for research projects. Aspects of importance, which do not meet all the criteria (especially the call for scientific action), are

• Discussion of an acceptable security level
• Standards and norms for priorities in transport in case of interruptions
• Proportionality
• Financing of security measures
• Never forecast but be prepared
• Continuous information exchange about threats
• Synergies between day-to-day challenges and counter terrorism
• Improved and more targeted international cooperation
Lastly, an elaboration about how European Transport Security Research can be a model for a European framework for general improvement of security. The section with the headline “Ensuring legitimacy: How an ‘Open Method of Coordination’ approach for European Transportation Security could serve as a model for a European Security framework” figures out the policy background, summarised CARONTEs’ contributions for Transport Security Research and describes the OMC (Open Method of Coordination) tool for fostering dialogues.

Matching raised items to H2020

Rationale

One of the core aims of the CARONTE project was to support future research planning on a European level. Consequently, it was of high importance to present the results of CARONTE in a way that is both relevant and compatible with current European research programmes, with HORIZON 2020 being at the centre of these considerations.

During the process described in deliverables D6.1 and D6.2 (and the deliverables for the work packages before), relevance for European research planning had been assured in various ways, e.g.:

• detailed analysis of the state-of-the-art, with a special focus on current and recently completed European research projects,
• collection and evaluation of the views of a large number of experts and stakeholders, and
• alignment of the gaps, requirements, and solutions prioritised with European policies.

This chapter aims at increasing compatibility of the research ideas identified by categorising them along the programme lines of HORIZON 2020, and more specifically along the build-up of the work programmes within the security challenge. These are divided into the following areas:

• Critical Infrastructure Protection (CIP)
• Disaster-resilience: safeguarding and securing society (DRS)
• Fight against crime and terrorism (FCT)
• Border Security and External Security (BES)
• General Matters (GM)
• Digital Security Focus Area (DS)

A first semi-quantitative analysis of the categorisation of the research ideas previously identified gave the following results: “Fight against crime and terrorism” (FCT) is the field most addressed by the research ideas collected during the CARONTE project. This is hardly a surprise, given the focus of the project on malicious attacks, crime, and accidents caused by human error. Nevertheless, “Critical Infrastructure Protection” (CIP) and “Disaster-resilience: safeguarding and securing society” (DRS) were also found to be well covered by the research ideas collected. In this context, it was noted that a clear attribution of research ideas to either CIP or DRS was not always possible. For this reason DRS and CIP are addressed in one section when giving more details. While a number of ideas touching ICT could be attributed to the “Digital Security Focus Area” (DS), “Border Security and External Security” (BES) was clearly out of the scope of the CARONTE project.

In many instances, individual research ideas are labelled with the identifiers of the items they originate from (e.g. “CC-9” or “Cyber-1”).

Ideas for “Fight against crime and terrorism” (FCT)

Introduction

Several of the top priorities and highly prioritised topics are closely related to “Fight against crime and terrorism” (FCT):

• Interfaces-1 “Timely and efficient threat detection”
• Rail-2 “Special security problems of railways as open systems”
• CC-4 “Balancing security requirements and privacy demands of passengers”
• CC-9 “Security awareness of personnel and customers”

Furthermore, several “other important issues” relate to FCT (e.g. CC-3, CC-8, Interfaces-4, Road-2, -3, and -4)

Research ideas related to threat detection

In this section, research ideas related to conventional threats (e.g. anti-social behaviour, use of weapons), threats associated with explosives, and non-conventional threats (e.g. chemical, biological, radiological, and nuclear threats; CBRN) are described.

Research on threat detection can be done on several levels. The development of novel sensors for threat detection (TRL 1-4) is usually not specific for the land transportation domain and it might be inefficient to develop detectors for land transportation only. Quite to the contrary, it is well conceivable that such research on novel detectors might even be allocated to other parts of HORIZON 2020 than those of the security challenge (e.g. the Future Emerging Technology (FET) programme). This might be especially useful for biological threat detectors where considerable challenges still have to be overcome for achieving specific, near real-time or even stand-off detection of hazardous substances.

When developing threat detection solutions for land transportation, two different scenarios pose problems that deserve special attention:

• Crowded places (e.g. railway and bus stations, especially at rush hours)
• Large unguarded areas (e.g. railway tracks, shunting yards, and truck parking areas)

For the first scenario, the development of systems for stand-off detection that have high detection and low false alarm rates is key. It is illustrative to compare the situation at airports with the one at railway stations: In an airport setting it is possible to check passengers and pieces of luggage one by one. Current railway operations render such an approach impossible for several reasons:

• Much higher number of passengers (less than one billion air travellers in Europe per year as compared with more than two billion travellers with Deutsche Bahn, alone)
• Much higher number of railway stations compared to airports (approx. 22,000 railway stations as compared to approx. 4,000 airports)
• Railway passengers are probably not willing to pay for security checks (especially in local railway transport)

For local and long distance bus travel, the situation is probably comparable, if not even worse. Nevertheless, it could be worth researching how far technologies and best practices developed for airport security can be transferred to other modes of transportation. More concretely, the following research ideas have been conceived:

• Research on detector coherence (combinations of various detection technologies, incl. sensor data fusion)
• Research on the application of threat detectors in large crowds (both stand-off detectors and portable units operated by security personnel)
• Research on CBRNE detection in buses and bus stations
• Development of emergency protocols (what to do if a threat has been detected)

For the scenario of unguarded areas, the comparison with airport security is again useful: While airports have a defined perimeter that can be fenced and monitored, railway transportation has extensive infrastructures (e.g. long tracks, holding sidings, and minor railway stations). The same applies for cargo transportation, both by rail and truck where fencing is in many cases not feasible. In these scenarios the following research topics might be of interest:

• Development of surveillance solutions for railway tracks
• Development of surveillance solutions for freight distributions centres and truck parking areas
• Development of systems to detect tampering and malicious intrusion (especially in the freight domain)
• Integrated systems for threat detection in containerised transportation
• Development of methods for effective and proportionate monitoring of staff

In addition to these rather concrete topics, it might also be desirable to develop transparent methods for assessing the life-cycle costs and benefits of security measures, as land transportation is a low margin business where operators are reluctant to install security measures if the benefit is not clearly provable (CC-3).

Research ideas related to railway security

We propose one or more projects specifically for railway security, with a focus on passenger transportation. Within such projects, the communication with passengers and staff could be a core element. This includes both information flows from operators and authorities to staff and passengers, and vice versa:

• Research on security perception of passengers and staff, including factors that lead to a feeling of insecurity (Rail-2)
• Development of protocols for the communication of security issues to passengers (balancing the need to raise awareness with the risk of causing a feeling of insecurity; CC-9, Rail-2, and Interfaces-1)
• Research on how passengers and staff can be more actively involved in threat detection (being the “eyes and ears” of operators and authorities) (Rail-2 and Interfaces-2)

Other research activities connected to railway security are:

• Research on flexible protocols to react on imminent threats (Rail-2)
• Development of risk-based approaches to passenger checks (Rail-2)
• Research of potential benefits and limitations of passenger name recording (PNR; Rail-2)
• Research on assessment methods for complex risks in the railway domain (Rail-2)

Furthermore, several elements discussed in the previous section on threat detection have a direct connection to railway security (e.g. threat detection in stations and on long railway tracks).

When planning novel research concerning railway security, the results of previous projects should be taken into account, with the SECUR-ED demonstration project (FP7, April 2011 to September 2014) being the most prominent one. An extensive analysis of other such projects is document in Annex III (Restricted only accessible for authorised persons!) of deliverable D6.2.

Research ideas on balancing security requirements and privacy demands

Security and freedom are often seen as antipodes. One of the suggestions of the CARONTE project is to see ethical, legal, and societal aspects (ELSA) not as show-stoppers but as a source of inspiration for technological research. To achieve this, the assessment of ELSA issues right from the beginning of technological research is indispensable. Concrete research ideas to approach this are:

• Research on institutional barriers that hinder the uptake of privacy-balanced security measures (CC-4)
• Development of guidelines and best practices lists concerning the inclusion of ELSA in technological research projects (CC-4)
Furthermore, activities to improve the involvement of society in security research and to achieve more transparency concerning its aims and methods might be desirable as a “general matter”.

Other ideas related to FCT

Beyond the complex topics described above, several smaller ideas for FCT research were developed and prioritised during the CARONTE project, e.g.:

• Development of simulation tools to assess the impact of future security measures on cargo and passenger flow (CC-8)
• Development of scientifically based approaches to staff training, both for security personnel and other staff (CC-9). This could prepare the introduction of new formal qualifications for security staff (Interfaces-4).

In addition to these ideas directly associated with FCT research, several other ideas came up during the CARONTE project which predominantly call for activities other than research:
• Activities to enhance the transfer of knowledge, methods and best practices between different security research projects and from other research domains, especially RRI (CC-4)
• Development of common standards for railway security (Rail-2)
• Provision of secure truck parking spaces (Road-2)
• Harmonisation of tools to guide truck drivers to secure parking spaces (Road-2)
• Development of standards for closed and sealed freight units (Road-3)
• Sharing of best practices on social and organisational measures to mitigate inside threats (Road-3)
• Support for the sharing of hot spot information in real time for transport operators (Road-4)

In addition to these points, several ideas on “security by design” are also relevant for FCT. They are discussed in the next section.

Tentative roadmap for FCT

The research ideas listed above were tentatively plotted by the two axes

• “maturity” (“basic research” => “development” => “application”) and
• “type of research” (from “technical research” to “societal research and organisational measures”; see Figure 1).

As the CARONTE approach only allowed for a snapshot of what kind of research is most urgently needed at the moment, no “lines of development” can be derived.

Ideas for “Critical Infrastructure Protection” (CIP) and “Disaster-resilience: safeguarding and securing society” (DRS)

Introduction

Several of the top priorities and highly prioritised issues are closely related to “Critical Infrastructure Protection” (CIP), which is hardly surprising as many elements of land transportation can be considered to be critical infrastructures. When looking at technologies and procedures, several of the ideas generated in CARONTE are also relevant for the “Disaster-resilience: safeguarding and securing society” (DRS) research area. Both areas are mainly addressed by the following items:

• CC-13 “Security by design”
• CC-11 “Crisis management in the case of major disruption”
• Cyber-4 “Staying operational in the event of a cyber-incident”

Furthermore, several “other important issues” relate to CIP and DRS (e.g. CC-8, CC-10, Interfaces-2, and Rail-4). It is worth noting that most ideas that emerged during the CARONTE project concerning these research areas are of a non-technical nature.

Research ideas for incident prevention and threat mitigation

Several research ideas gathered during the CARONTE project could serve to either prevent undesired incidents or to develop preventive measures to mitigate the effects of such events. Several of these ideas have already been described above, when discussing threat detection. Other ideas that fall into this category are:

• Development of guidelines concerning security by design (including incident management; both physical and ICT; these guidelines should consider both safety and security, and take into consideration aspects of “privacy by design; CC-13)
• Development of modelling and simulation tools for security by design (physical; CC-13)
• Development of methods for building infrastructures in a way that reduces blast effects (Interfaces-2)
• Development of measures to mitigate CBRN attacks (Interfaces-2)
• Sharing of best practices on security by design across organisational boundaries (CC-13)
• Sharing of technologies and best practices on security by design among different domains of land transportation (CC-13)
• Sharing of knowledge and best practices on securing legacy systems (physical; CC-8)
• Sharing of knowledge and best practices on criticality assessment concerning infrastructures (especially tunnels and bridges; CC-10)
• Creation of a common European framework for railway security (Rail-4)

Research ideas for crisis management

While the ideas listed above mainly address preventive measures, several additional ideas concerning incident management have been generated. Apart from what has already been described in the context of railway security, these ideas were:

• Development of a toolbox that makes state-of-the-art crisis management instruments available to stakeholders (CC-11)
• Development of improved first-responder processes that make better use of novel technologies (CC-11)
• Demonstration of crisis management in scenarios relevant for land transportation (CC-11)
• Research into risk communication and staff training (Cyber-4)
• Development of emergency protocols (incl. fall-back procedures to operate systems in the case of IT failure; Cyber-4)
• Activities to improve the definition of responsibilities and communication procedures, especially in cross-border incidents (CC-11 and Cyber-4)

Tentative roadmap for CIP and DRS

The research ideas listed above were tentatively plotted by the two axes

• “maturity” (“basic research” => “development” => “application”) and
• “type of research” (from “technical research” to “societal research and organisational measures”; see Figure 2).
As the CARONTE approach only allowed for a snapshot of what kind of research is most urgently needed at the moment, no “lines of development” can be derived.

Ideas for the Digital Security Focus Area (DS)

Introduction

Transportation processes today are highly dependent on secure information and communication links. It is expected that this dependency will rise further in the future. Consequently, several of the top priorities and highly prioritised issues address digital security:

• CC-13 “Security by design”
• CC-11 “Crisis management in the case of major disruption“
• Cyber-1 “Security retrofit”
• Cyber-4 “Staying operational in the event of a cyber-incident”
• Cyber-6 “Secure communication links for traffic control systems”

Ideas aimed at securing existing systems

The life-cycles of transportation assets are hardly compatible with developments in the ICT domain: While built transportation infrastructures and, e.g. rolling stock last for several decades, cyber-threats change by the day. To complicate things, securing transportation equipment through software updates and patches is difficult, as certifications and licences are often linked to specific and defined software. In addition to this, systems that operated more or less independently in the past become more and more connected to realise economic and operational benefits. All of this creates considerable susceptibility to malicious cyber-attacks which could cause considerable economic damage or even endanger human lives.

Several ideas have been voiced in the CARONTE project to deal with these difficulties:

• Development of systems for threat detection across networked systems (Cyber-1 and Cyber-3)
• Development of advanced detection mechanisms for sophisticated attacks (Cyber-1 and CC-13)
• Development of methods for coping with known security vulnerabilities (Cyber-1)
• Development of methods for coping with unknown security vulnerabilities (Cyber-1)
• Development of concepts on how to introduce new security measures and technologies in existing systems (Cyber-1)
• Development of methods for continuous risk assessment, including the assessment of the balance between safety, security and operational needs (Cyber-1)
• Research in procedures to enable speedy (partial) recovery after cyber-incidents (Cyber-4)
• Establishment of procedures for the sharing of (incident) information across different operators and organisations (Cyber-1)

Ideas aimed at securing future systems

As outlined above, cyber-threats could even become more prominent in the future, as the inter-connectivity of land transportation assets is on the rise, especially when thinking about (semi-) autonomous systems. Several ideas for research to make this development secure have been voiced during the CARONTE project:
• Development of design guidelines that consider both safety and security (CC-13)
• Development of architectures for autonomous vehicles that are inherently secure (Road-1)
• Research on redundant software processes (Road-1)
• Development of inherently secure ICT components (CC-13)
• Development of inherently resilient control systems (Cyber-4)
• Development of methods to ensure the long-time cyber-security of autonomous vehicles (Road-1)
• Development and application of risk assessment methods for traffic control systems (Cyber-6)
• Development of secure standards for communication links to be applied in traffic control systems (Cyber-6)
• Development of concepts to guarantee secure communication in freight transport chains (e.g. by the introduction of different security levels; Cyber-5)
• Development and sharing of best practices to ensure the user-friendliness of security systems (incl. integrating usability in developer training, and rooting usability in contract specifications; Cyber-2)
• Sharing of best practices on security by design across organisational boundaries (CC-13)
• Standardisation of interfaces to allow upgrades (CC-13)
• Creation of common European standards (e.g. for secure data links; Road-1)
• Measures to foster technology spin-in from other domains (e.g. military, space and aviation; Road-1 and CC-13)
• Measures to ensure increased involvement of the broader society in the development of autonomous vehicles (Road-1)

Tentative roadmap for the Digital Security Focus Area

The research ideas listed above were tentatively plotted by the two axes

• “maturity” (“basic research” => “development” => “application”) and
• “type of research” (from “technical research” to “societal research and organisational measures”; see Figure 3).

As the CARONTE approach only allowed for a snapshot of what kind of research is most urgently needed at the moment, no “lines of development” can be derived.

Results from work package 2

Work package two aimed to identify the state of the art in land transportation security and was active between September and December 2014. The results of these work packages led to a set of characteristic papers about policies, strategies, regulations and projects concerning security in land transportation, which were identified up to end of December 2014. The challenge was that the range of activities taken for land transport security is rather large and confusing. As a result of WP2, the identification of the state of the art continued during the project life span up to WP6 to remain up-to-date and to include aspects, which partners identified in the meanwhile. The results show that the majority of identified activities up to the end of December 2014 are regulations and research projects (35% and 26%).

Most of the activities identified up to the end of December 2014 affected the rail sector.

The measures and activities identified in WP2 up to end of December 2014 are described in characteristic sheets. They are attached to delivery D2.1. They describe the activity by answering a set of questions and categorise them according to their type and their relevance for CARONTE and the discussed transport mode or sub-system of the transport sector.

With Task 2.3 “Analysis of previous attacks“, another important result of WP2 was achieved. A challenge for the CARONTE project was the emergence of real incidences (e.g. Paris, Istanbul, Thalys). In the analyses of WP2, attacks with firearms was identified as an emerging issue which was shown by the Charlie Hebdo and Thalys attacks. The most important result is that explosives are still the most common used method for attacks, whereas the use of chemical, biological or radioactive substances is relatively rare. Between the years 2000 and 2013 most of the 421 identified and analysed attacks which have a relation to the land transportation sector appeared in Asia (64%) and Europe (25%).

Additional to this, an abstract representing core information about ethical, societal and fundamental rights for the partners was established. It consists of an overview of how ethical, legal and societal aspects (ELSA) are currently situated in transport research and shows how they can be integrated in the responsible research and innovation framework. It shows that ethical issues and technical research or policy making are often in an opposite situation. Depending on the current situation, and especially after an attack, the importance of respecting ELSA issues is given a lower or higher priority. In urgent situations, the willingness to accept non-ethical solutions is very high and security is an absolute priority, or ELSA is simply forgotten in hectic situations. Negative results of this approach have to be accepted or have to be balanced at a later (or too late) stage. In other situations, far away from incidences, the opposite situation (ethics before security) could also lead to negative situations where there is high security in response to low chance of attacks. As a conclusion for security research, the following recommendations result from Task 2.2:

• It is important to consider technological innovations and ELSA dimensions not separated from each other, but as intrinsically connected.
• Any future research in transport security could make a major contribution towards better aligning the considerations of ELSA issues with the development of security tools in comparison with existing research approaches.
• Approaches like privacy by design (PBD) and responsible research and innovation (RRI) have become increasingly important in many research areas, including security research.

Results from work package 3

In work package 3 identification of existing and emerging risks to land transport were elaborated in parallel due to practical reasons. This WP was active at the same time as WP2 and finalised in December 2014 as well. As for WP2, the security incidences happening during WP3 may have led to different views. Within WP3, the identification of relevant risks was based on three pillars: assessment methods, expert consultation (Task 3.3) and individual statements by partners. The work led to three parallel results (details see D3.1):
• A synthesized risk pattern matrix, where the transport assets are matched with the risk elements (attacker, tool/measure used by attacker, vulnerability of the attacked asset, action of the attack, objective of the attack and impact of the attack).
• Tables of results of risk assessment where likelihood and impact are considered for risk identification
• Tables of frequency of identified potential threats by each mode

An integrated cyber security workshop external expert consultation was realised in WP3 with the core aim to discuss cyber risks from the operators´ perspective. In November 2014, 8 external experts met with CARONTE partners in Vienna. The most important results from this meeting are as follows:
• Generalization, consolidation, and matching of land transport assets and various aspects of identified risks are needed.
• Structured threats and vulnerability descriptions, similar to effect/impact descriptions can help to consolidate the results.
• It is also suggested to skip likelihood in the threat identification, and only consider severity as a safety and security issue.
• It is also mentioned that commercial tools exist for risk identification in practice, which allows for collection of threats and assets in two runs and then they can be matched together. This leads to the revelation that the same threat can apply to multiple assets.

The last step of the workshop was a round table discussion about the emerging cyber risk in land transport resulting in the following points:

• The dependability and inter-connectivity between transport systems arising in the future could lead to new problems and unprepared for consequences.
• Another emerging issue is the Internet of Things (IoT), in which devices start to talk to each other, e.g. in Cars-2-X communication. This opens new possible gateways for cyber-attacks.
• There is also a challenge of the “last mile”, i.e. congesting traffic in front of a major point (e.g. hospital) to stop a community/town/etc. from working or normal functioning.
• Software is everywhere. If transport systems have remote update and control possibilities, malicious software can soon appear in areas where cyber threats are not really considered as possible today.
• Another useful approach is to consider the motivation of attackers.
• It is agreed that threats and vulnerabilities are changing continuously, which makes it very challenging to assess emerging risks.
• On the information security management side, ISO 27001 has been updated to include new risk assessment approach, which can be of interest for the CARONTE project.

At the end of WP3, a table naming the current and emerging threats without prioritisation was elaborated, although some prioritising work has been realised (see Table 3).

• It is difficult to clearly distinguish between existing and emerging risks.
• The identification of risks is not a trivial issue and an important question is, how to handle risks with a very low likelihood of appearance but leading to large, nearly unbearable impacts (see a nuclear accident as a prominent example from the safety side) → HILP – igh impact low probability risks.
• The transport sector has to deal with day-to-day challenges like cargo theft, unsocial behaviour, graffiti and so forth which already costs a lot of resources. Work on rare incidences with high extra resource requirement could be better addressed by advancing measures used for day-to-day challenges.
• A recommendation from the cyber security workshop was to skip the step of estimating likelihood and only regard the severity of the potential attack in the risk assessment approach.
• A very important result of the first Advisory Board Meeting led to a core perspective: “never forecast but be prepared”. Terrorists have a large ambition to surprise the affected society and can cause large threats due to their flexibility and their capability to paralyse society.
• Also, organised crime becomes more and more urgent and has a surprising set of resources and processes.

Concerning violence and terrorism, the most important recent developments show a shift to more and more use of firearms for attacks. Explosives and bombings are still of high urgency in terrorism and affects transport as well.

The first Advisory Board meeting at the end of January 2015 (part of WP1 – Project Management, Task 1.4) confirmed the approaches from WP2 and WP3 but showed the need for continuing the analysis in both fields (state of the art and emerging risks). Main conclusions were:

• Need of a clear definition about criticality (What is critical really?)
• Respecting or considering the following philosophy for security developments concerning the terrorism and also other hazards: “Never forecast but be prepared”
• Solutions for improved resilience or robustness of the transport system should also include an all hazard approach

Results from work package 4:

After finalising WP2 and WP3 the partners began WP4, the Risk and Requirement analyses immediately.

The gap & requirement identification based on three pillars:

• a matrix analysis where threats and needs were compared with existing measures and solutions to identify gaps and requirements, together with an expert workshop - covering Task 4.1 “Identification of current measures “and Task 4.2 “Gaps and requirement definition and prioritization“ in parallel and,
• an external expert workshop held on 16th April in Brussels with external participants for Task 4.3 “integrated workshop in WP4” and
• external expert interviews in parallel with Tasks 4.1 and 4.2.
As a final result the analyses led to top gaps and requirements classified by the method of identification (i.e. matrix analyses, expert interviews and expert workshop) and by the affected transport mode namely rail or road, the logistics sector and as a service requirement the cyber aspects.
From all the gaps and requirements identified and analysed in the previous sections, the top ten gap and requirement topics of matrix, questionnaires and expert workshop are presented in Table 4 to Table 6.

Details can be found in project deliverable D4.1,which was finalised in December 2015.

The approach to balance shortcomings due to late elaboration and analysing of the WP4 results and finalisation of the respective deliverable was successful.

5.4 Work package 5

In work package 5, the partners firstly elaborated potential solutions to cover the gaps and requirements for security in the transport sector based on

• the parallel activity WP4 “Gap & Requirement Analysis”
• the Advisory Board meetings
• the experiences from WP2 and WP3
• analyses of existing research projects, their impacts and introduction status (TRL) and
• partners’ background.

For Task 5.1 “Existing measures and on-going development for mitigating vulnerabilities” much material was already available from WP2, WP3 and WP4 and was further elaborated. Also for the gap analyses for Task 5.2 “Gap analysis and proposed measures and research” already existing material was used, updated and précised in WP5.

According to the practical approach the partners realised in WP2 to WP4, much content and information already existed and that led to parallel and integrated work on Task 5.1 and 5.2. Namely, assessment of vulnerabilities, existing measures to cover security vulnerabilities, analyses of gaps and the existing or already proposed measures to fill the gaps.
Within WP5 an expert workshop with six external guests from rail and road transport was realised in Dortmund, where the gaps and requirements identified so far in WP4 were introduced as well as the visions elaborated on that basis in WP5 (Task 5.4). The expert workshop assessed the gaps and requirements from the practitioners’ point of view, added other important requirements and then discussed the visions. The visons were updated with the practitioners’ knowledge and recommendations. At last, the visions were prioritised by the participants of the expert workshop.

The main headlines for visions and future research topics elaborated are the following:

• Education & training / security awareness / learning from others (sectors, colleges, incidences)
• Prediction / assessment / risk analysis and risk management
• Being prepared
• Avoidance of threats, preparations (proactive handing) and robustness
• Cooperation
• Design (technical, organisational, robustness)
• Security Retrofit
• Finance and responsibility – cost benefit analysis and cost benefit approach
• Standards and Taxonomy - Harmonisation
• Need of a mid-term vision leading to a long-term vision
This topic treats two aspects,
o firstly, to provide a road-map of future security threats, research needs and solutions for the European Union to inform policy
o secondly, to give the industry clear advice and peace of mind that investments and procedures or education schemes once established are valid for the future
• Need for a definition which security level or risk level is suitable
• Need of procedures to respect / include Ethical, Legal and Societal Aspects (ELSA) in a reasonable, acceptable and early stage of developments and in research

The topics raised are described in more detailed in the restricted annex of deliverable D5.1

Another step in WP5 was to introduce the results of the work package at the second Advisory Board meeting mid of November 2015 to get a second prioritisation of the visions identified and additional adjustments of the ideas from the practitioners’ and end-users’ side.

For the task “Ethical, fundamental rights and societal implications of new solutions and approaches” the partner VICESSE made interviews and assessments about the status of implementation and treating ELSA issues in the partners´ companies. Measures and procedures to consider ELSA at relevant and promising (early enough) stages of projects or day-to-day work were discussed and problems were identified. The most important result from that work is that a smooth integration of ELSA demands in projects at an early stage, ideally at the beginning, can be more of an enabler for suitable solutions than an obstacle. A proposal for a promising approach is published in deliverable D5.2 (General public part). The proposed “Good practice principles for ELSA assessments” consists of the following steps (see D5.2 for details):

1. Clarify how societal security is understood in a given project (especially when this is implicit)
2. Clarify how societal impact can be operationalised in the context of a particular project.
3. Give the SIA (Societal Impact Assessment) design the potential to reframe the project and R&D process.
4. Take participation seriously.
5. Make sure that the SIA process is flexible.
6. Create feedback loops between SIA and the rest of the project / programme.
7. Keep the administrative burden reasonable.
8. Think about transparency and the limitations of the SIA process
9. Clarify what purpose the knowledge in a SIA should serve
This approach is provided and proposed instead of checklists.

The final result of WP5 introduced a wide set of potential topics for the final research agenda. These topics were assessed and prioritised and described in detail as written above.

Potential Impact:
Potential impacts and main dissemination activities

The potential impacts of the project are depending on the transfer of the proposed items into the HORIZON2020 research program. The results are able to lead to the creation of research projects that may cover remaining and relevant gaps without causing doubling up of research. As some of the items are not only relevant for the transport sector, the results from transport related projects may also have positive impacts on other areas where security gaps are existing, for example, large public places, public buildings among others.

The Research Agenda can lead to cost efficient research which avoids repeating earlier work and is acceptable to end-users, transport operators and transport users as the topics address existing gaps with respect to proportionality and useful results.

The following dissemination possibilities were used:

Conferences (apart from CARONTEs’ own events):

• The Future Security Conference in Berlin, Germany; 15. – 17. September 2015 where a presentation about the project and interim results was proposed and accepted. Held on 16. September 2015 by Joachim Kochsiek.
• The Transport Security Conference in London, UK 2. and 3. December where a presentation about the project and interim results was proposed and accepted. Held on 3. December 2015 by Emily Prestwood and Joachim Kochsiek.
• The SAFECOMP Workshops 2015: 277-290, Delft, Netherland; a presentation about Security Analysis of Urban Railway Systems: The Need for a Cyber-Physical Perspective held by Binbin Chen, Christoph Schmittner, Zhendong Ma, William G. Temple, Xinshu Dong, Douglas L. Jones, William H. Sanders
• VIII. MEDZINÁRODNÁ VEDECKÁ KONFERENCIA BEZPEČNOSTNÉ FÓRUM 2015 (8th International Conference SECURITY FORUM 2015) Faculty of Political Sciences and International Relations of Matej Bel University in Banská Bystrica, Slovaki; Presentation with the content: “Land transport status quo in Slovakia in the context of EU. New security threats and how they are handled by European research community. Brief information about ongoing CARONTE project.” by Ludovit Nad
• The International Conference on Logistics & Sustainable Transport 2015; Title: “Transportation security regulations, policies and best practices in Europe” by Kata Vörösköi
• Presentation in the framework of the "Nets4Cars/Nets4Trains/Nets4Aircraft 2015" conference: 8th International Workshop on Communication Technologies for Vehicles in Sousse, Tunisia, 6 – 8 May 2015; content: General presentation of the CARONTE project ==> Objectives, challenges by Mohamed Ghazel
• Presentation at the ICTTE'2015 conference (International Conference on Transportation and Traffic Engineering) in Madrid, Spain 24 - 25 May 2015; Content: This paper deals with the new Challenges of Rail Security
• Presentation at the 5th NEXTSTATION Symposium in Marrakech, Morocco; 21 – 22 October 2015; content: This paper deals with the challenges in terms of security at railway stations
• Presentation at the conference INNOVACIÓN EN LA SEGURIDAD APLICADA AL TRANSPORTE (subvencionada por el Ministerio de Fomento, organizada por CITET) Innovation in the security applied to transport. Organized by CITET in Madrid, Spain; 2. June 2015, where main objectives of the CARONTE project were explained
• Presentation at the conference Congreso de Ingenieria del Transporte CIT 2016 (www.cit2016.es). Engineering Transport Congress 2016; Valencia, Spain on 7 – 9 June 2015, where main conclusions about the CARONTE Research Agenda project were explained.

Articles:

• ERCIM News 2015(102) (2015) with the title “Combining Safety and Security Engineering for Trustworthy Cyber-Physical Systems” by Christoph Schmittner, Zhendong Ma, Thomas Gruber
• ACTA SCIENTIFICA ACADEMIAE OSTROVIENSIS. SECTIO A“, NR 6 (2) / 2015, OSTROWIEC ŚWIĘTOKRZYSKI, ISSN 2300-1739; Title : LAND TRANSPORT SAFETY AND SECURITY – THREATS, VULNERABILITY AND AFTER-EFFECTS by Ludovít Naď
The project consortium had two public conferences with introduction and discussion of the interim and final results including keynote speeches from the European Commission and from authorities and practitioners from the land transportation sector. They were held on

• 11. June 2015 in Brussels (Mid-term Conference – details see D7.2) and
• 16. February 2016 in Brussels (Final Conference- details see D7.3).

Contact:

Joachim Kochsiek
Joachim Kochsiek
Fraunhofer Institute for Materialflow and Logistics (IML)
Department for Transportation Logistics
Joseph-von-Fraunhofer-Straße 2 - 4
D-44227 Dortmund
Phone: +49 (0) 231 / 9743 395
mail: Joachim.Kochsiek@iml.fraunhofer.de