I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
130<br />
Many mechanisms like climate change, scarcity of raw materials, the introduction of nano technologies, and the proliferation of<br />
cyberspace lifestyles generate or enable new risks but seldom lead to the radical removal of old ones. Increasing complexity and<br />
interdependence make the networks of higher order eff ects of an incident harder to foresee and comprehend. While the mixture of<br />
trends and events may diff er dramatically between plausible futures, only few risks and challenges are likely to become completely<br />
irrelevant.<br />
It turned out that <strong>ESRIF</strong> members diff ered in their reactions to this fi nding. With a reasonable simplifi cation it is possible to<br />
distinguish between two main positions.<br />
The first view is that if a risk is real, sooner or later it will manifest itself. Therefore, the key aspect of major risks is<br />
the magnitude of their consequences, their future likelihood is difficult to assess and, at least according to some,<br />
also irrelevant. Therefore in principle security solutions must be put in place for all real risks of major magnitude,<br />
to disallow them by design, intercept them (‘incident prevention’ as opposed to ‘root-cause prevention’, which is of<br />
limited relevance per this view) or to reduce their consequences – often referred to as resilience. Combining this<br />
with the growing panorama of risk one is led to fear that an ever-increasing share of our wealth would have to be<br />
expended on security – directly and indirectly, e.g., due to time delays caused by security screening. This can be called<br />
a consequence-oriented view.<br />
An alternative view can be understood departing from the observation that societies diff er greatly with regard to the levels of,<br />
e.g., serious violent crime even though this phenomenon exists in essentially all societies. In line with this the general character of<br />
scenarios M and W as ‘malign’ and G and N as ‘benign’ comes very strongly across in our work with the other WGs. The insight from<br />
this comparison can be expressed such that security at societal level is no zero-sum game. Societies in the world diff er with regard<br />
to the levels of trust and social cohesion, and, as a consequence, of real and perceived security. Per this view it is natural to base<br />
security decisions on both magnitude and likelihood. Then there is a security dividend for high-trust societies that do not have<br />
to spend so much on perimeter defences and intervention forces: Even if the scope of risk increases, the combined impact may<br />
still go down. Thus here investing 10 in ‘root-cause prevention’ can be a very viable alternative to ‘incident prevention’, resilience,<br />
and crisis management. At a more day-to-day level per this view it is natural to make security operations intelligence-led, varying,<br />
e.g., levels of access controls with levels of assessed threat and risk. According to a standard defi nition of risk as being a combined<br />
measure of likelihood and consequence this view can be labelled risk-oriented. The most well-known technical approach here is<br />
of course probabilistic risk assessment (PRA), using the statistical expectation of the consequences as the composite measure.<br />
It is possible to carve out two radically opposed positions based on the discussion above. Our main assertion is that the most<br />
compelling challenge lies in developing intermediate positions between the two views. But as a background to this, in Box 1<br />
we do precisely such carving out of the extremes.<br />
Box 1: A discussion of consequence vs. risk oriented views in relation to <strong>ESRIF</strong>’s key messages<br />
We start with ‘societal resilience’ – or perhaps better ‘human’ to stress which aspect we are after. From this vantage<br />
point – and with the benefit of a long-term perspective – the risk-oriented view suggests reducing fundamental<br />
causes of risks and threats (‘root cause prevention’): for example, less social exclusion in Europe is likely to lead to<br />
less violent radicalisation and hence reduced risks for home-grown terrorism. The consequence-oriented view may<br />
also lead to proposals for increasing trust and social cohesion, but here the focus is typically to prepare people to<br />
better handle and reduce consequences of, e.g., a terrorist attack in preparation or being perpetrated. While this<br />
is no irrelevant concern for the risk-oriented view either, the two views in pure form are likely to lead to different<br />
results on the importance of striving for inclusiveness also of marginalised groups in building cohesion.<br />
In terms of technology the consequence-oriented view stresses innovation and a flexible system-of-systems<br />
approach (‘systematic approach to capability development’) to be able to satisfy the ever increasing scope of<br />
security demands without running out of reasonable economic bounds. The risk-oriented view may lead to similar<br />
approaches to flexibility – but here more to enable intelligence-led operations of security systems, i.e. smoothly<br />
10 By ‘investment’ we mean decisions that are costly to implement and/or revoke, In addition to, e.g., equipment this can also<br />
apply to organisation and legislation. Research and innovation involve many investment decisions of this nature under<br />
‘broad’ (or ‘deep’ – terminology diff ers) uncertainty.<br />
<strong>ESRIF</strong> FINAL REPORT - PART 2 • Working Group: Foresight and Scenarios