I527-290 ESRIF Final Report (WEB).indd - European Commission

More documents

Recommendations

Info

130 Many mechanisms like climate change, scarcity of raw materials, the introduction of nano technologies, and the proliferation of cyberspace lifestyles generate or enable new risks but seldom lead to the radical removal of old ones. Increasing complexity and interdependence make the networks of higher order eff ects of an incident harder to foresee and comprehend. While the mixture of trends and events may diff er dramatically between plausible futures, only few risks and challenges are likely to become completely irrelevant. It turned out that ESRIF members diff ered in their reactions to this fi nding. With a reasonable simplifi cation it is possible to distinguish between two main positions. The first view is that if a risk is real, sooner or later it will manifest itself. Therefore, the key aspect of major risks is the magnitude of their consequences, their future likelihood is difficult to assess and, at least according to some, also irrelevant. Therefore in principle security solutions must be put in place for all real risks of major magnitude, to disallow them by design, intercept them (‘incident prevention’ as opposed to ‘root-cause prevention’, which is of limited relevance per this view) or to reduce their consequences – often referred to as resilience. Combining this with the growing panorama of risk one is led to fear that an ever-increasing share of our wealth would have to be expended on security – directly and indirectly, e.g., due to time delays caused by security screening. This can be called a consequence-oriented view. An alternative view can be understood departing from the observation that societies diff er greatly with regard to the levels of, e.g., serious violent crime even though this phenomenon exists in essentially all societies. In line with this the general character of scenarios M and W as ‘malign’ and G and N as ‘benign’ comes very strongly across in our work with the other WGs. The insight from this comparison can be expressed such that security at societal level is no zero-sum game. Societies in the world diff er with regard to the levels of trust and social cohesion, and, as a consequence, of real and perceived security. Per this view it is natural to base security decisions on both magnitude and likelihood. Then there is a security dividend for high-trust societies that do not have to spend so much on perimeter defences and intervention forces: Even if the scope of risk increases, the combined impact may still go down. Thus here investing 10 in ‘root-cause prevention’ can be a very viable alternative to ‘incident prevention’, resilience, and crisis management. At a more day-to-day level per this view it is natural to make security operations intelligence-led, varying, e.g., levels of access controls with levels of assessed threat and risk. According to a standard defi nition of risk as being a combined measure of likelihood and consequence this view can be labelled risk-oriented. The most well-known technical approach here is of course probabilistic risk assessment (PRA), using the statistical expectation of the consequences as the composite measure. It is possible to carve out two radically opposed positions based on the discussion above. Our main assertion is that the most compelling challenge lies in developing intermediate positions between the two views. But as a background to this, in Box 1 we do precisely such carving out of the extremes. Box 1: A discussion of consequence vs. risk oriented views in relation to ESRIF’s key messages We start with ‘societal resilience’ – or perhaps better ‘human’ to stress which aspect we are after. From this vantage point – and with the benefit of a long-term perspective – the risk-oriented view suggests reducing fundamental causes of risks and threats (‘root cause prevention’): for example, less social exclusion in Europe is likely to lead to less violent radicalisation and hence reduced risks for home-grown terrorism. The consequence-oriented view may also lead to proposals for increasing trust and social cohesion, but here the focus is typically to prepare people to better handle and reduce consequences of, e.g., a terrorist attack in preparation or being perpetrated. While this is no irrelevant concern for the risk-oriented view either, the two views in pure form are likely to lead to different results on the importance of striving for inclusiveness also of marginalised groups in building cohesion. In terms of technology the consequence-oriented view stresses innovation and a flexible system-of-systems approach (‘systematic approach to capability development’) to be able to satisfy the ever increasing scope of security demands without running out of reasonable economic bounds. The risk-oriented view may lead to similar approaches to flexibility – but here more to enable intelligence-led operations of security systems, i.e. smoothly 10 By ‘investment’ we mean decisions that are costly to implement and/or revoke, In addition to, e.g., equipment this can also apply to organisation and legislation. Research and innovation involve many investment decisions of this nature under ‘broad’ (or ‘deep’ – terminology diff ers) uncertainty. ESRIF FINAL REPORT - PART 2 • Working Group: Foresight and Scenarios
adapting security to the spectrum of risk as it evolves over time 11 . Similar analyses can, more of less, be made for the other key messages to the effect that they are robust in the sense of being applicable to both perspectives. At a more detailed level, however, the precise interpretation of the key messages tends to differ according to view. At the level of what exact portfolio of security measures to invest in, the difference between the two types of view is likely to be even more pronounced. Furthermore under the risk-oriented view different context scenario will lead to different portfolios of measures being optimal, hence giving rise to multi-period investment planning problems. The observations in Box 1 are indicative of the fact that even the types of analytic approaches to inform security investment decisions diff er between the views. The risk-oriented approach in its most extreme form has a well-developed probabilistic risk analysis methodology. This makes many problems, e.g., various types of aggregation, quantitatively tractable, which under other approaches must be analysed in a more judgemental fashion. This is true for both investment and operational decision-making. The consequence-oriented approach, arguably, has time-honoured safety engineering practices like safety factors and margins, as well as the traditional scenario-based approach to defence planning. More recently the precautionary principle has been developed in the environmental policy area. But in addition to being less analytically tractable these approaches run into even more real problems when facing budget constraints that forbid investments suffi cient for dealing with all conceivable scenarios. The shortcomings of the consequence-oriented approach are a problem since some types of security investment problems are hard to properly appreciate within the probabilistic framework of the risk-oriented approach: situations where things like very long time-spans, very ‘broad’ (some say ‘deep’) uncertainty, rare but dramatic events, or antagonistic behaviour need to be considered. As already foreshadowed above our analysis suggests the need to develop approaches intermediate to the extreme consequence oriented approach and the extreme probabilistic risk assessment – both for professional analysis and public debate. Therefore we propose a development based on the above-mentioned precautionary principle in the environmental domain. However the environmental principle deals with another type of issue, viz. whether or not to undertake human interventions. In security we are instead dealing with countering ‘interventions’ from external actors (including Nature). Yet – in line with the consequence-oriented view – a straightforward extension of the precautionary principle could be argued for to the eff ect that if a serious enough case can be made for a risk having the potential to cause severe or irreversible harm to the public or to the environment, then it should be considered in security policy, e.g. in decisions on capability development or legislation. One problem with this, as already commented, is the risk for excessive claims on limited resources 12 . In response to this WG5 has developed a ‘balanced precautionary principle’. This combines the systematic scenariobased approach to defining priorities with an all-hazards approach by requiring the scenarios used in priority-setting to represent the whole space of risks in an unbiased way (cf. the concept of ‘representativity’ in Section 5.4) – it is not practically feasible to include literally all hazards, but all broad types of hazards should be considered. And a decision to prioritise some extremely unlikely types of insecurity at the expense of others should be fully transparent 11 Arguably (in particular governmental) security services should be more willing to pay for fl exibility and adaptability than most other actors, since they form a fi nal defence line and are expected to be able to handle precisely those problems that no-one else is able to handle. While a normal company can always say that this particular demand is too marginal to cater to, security services are not really in the position to make that choice. 12 Another problem worth mentioning, which is however a common feature of a precautionary principle and PRA applied to antagonistic insecurity, has to do infringements on civil liberties. Without special restrictions in this regard, both the precautionary principle and PRA are likely sometimes to suggest such infringements on bare suspicion. 131
Page 1 and 2:
ESRIF FINAL REPORT DECEMBER 2009
Page 3:
Foreword Dragutin Mate, Chairman of
Page 6:
6 5. Working Group: Foresight and S
Page 11 and 12:
1. Introduction 1.1 ESRIF’s tasks
Page 13 and 14:
2. ESRIF’S Vision: Key Messages T
Page 15 and 16:
Indeed, certain problems such as ne
Page 17:
New capability driven, standardisat
Page 20 and 21:
20 SECURITY CYCLE; PREVENTING, PROT
Page 22 and 23:
22 Understanding the situation is a
Page 24 and 25:
24 3.5 Explosives Explosives are un
Page 26 and 27:
26 CAPABILITIES FUNCTION MISSION FU
Page 28 and 29:
28 ESRIF is acutely aware that as a
Page 30 and 31:
30 SECURING IDENTITY, ACCESS AND MO
Page 32 and 33:
32 SYSTEMIC NEEDS RESEARCH NEEDS CR
Page 34 and 35:
34 3.14 Evidence and forensics Due
Page 36 and 37:
36 Ultimately, EU-wide governance i
Page 38 and 39:
38 discordant legislation aff ects
Page 40:
40 Preparations to meet foreseeabl
Page 45 and 46:
Introduction Introduction Part II o
Page 47 and 48:
on research capabilities and techno
Page 49 and 50:
1. Working Group: Security of the C
Page 51 and 52:
• Security service providers. In
Page 53 and 54:
1.2.1.4 Research needs Research is
Page 55 and 56:
CIVIL RIGHTS To enhance privacy, sp
Page 57 and 58:
co-operation on a national and inte
Page 59 and 60:
SYSTEMIC NEEDS LEGAL BASIS FOR THE
Page 61 and 62:
During the post-disaster phase, aft
Page 63 and 64:
2. Investigation with respect to cr
Page 65 and 66:
COUNTERACTING EXPLOSIVES SYSTEMIC N
Page 67 and 68:
• Law enforcement and intelligenc
Page 69 and 70:
2. Working Group: Security of Criti
Page 71 and 72:
Weaknesses inherent to existing sys
Page 73 and 74:
data - will need to be secured, req
Page 75 and 76:
embarkation points will be importan
Page 77 and 78:
the rapid on-lining of powered-down
Page 79 and 80: Research Needs: Information and Com
Page 81 and 82: STOCKTAKING Research into security
Page 83 and 84: 2.5 Point of Focus: New Critical In
Page 85 and 86: enhanced research eff orts need to
Page 87 and 88: 2.6.6 Intervention The evolution o
Page 89 and 90: 3. Working Group: Border Security 3
Page 91 and 92: The above mentioned tools could be
Page 93 and 94: The chosen system should be adaptab
Page 95 and 96: In general, interoperability will r
Page 97 and 98: • Guaranteed data networks with a
Page 99 and 100: • Combination of assets (coastal,
Page 101 and 102: 4. Working Group: Crisis Management
Page 103 and 104: 4.1.2 Work organisation In order to
Page 105 and 106: CROWD MANAGEMENT AND EVACUATION SEA
Page 107 and 108: SITUATIONAL AWARENESS They are coup
Page 109 and 110: ASSESSMENT OF THE SITUATION AND DEC
Page 111 and 112: might be low due to the overall opt
Page 113 and 114: 4 STRATEGY AND TACTICAL SIMULATION
Page 115 and 116: 11 RECOVERY LOGISTICS Complex crise
Page 117 and 118: ESRIF KEY MESSAGES CONTRIBUTION OF
Page 119 and 120: 5. Working Group: Foresight and Sce
Page 121 and 122: foresight can enhance fl exibility
Page 123 and 124: the like. The underlying diff erenc
Page 125 and 126: Demography Science and Technology M
Page 127 and 128: 5.4.3 Identifi cation and prioritis
Page 129: Global economy (including eff ects
Page 133 and 134: Enhancing creative capabilities in
Page 135 and 136: Handling high-quality societal fore
Page 137 and 138: 6. Working Group: CBRN 6.1 Introduc
Page 139 and 140: includes threat assessment, prevent
Page 141 and 142: medical counter-measures, decontami
Page 143 and 144: simplify the dissolution of radioac
Page 145 and 146: Identifi ed capability gaps are the
Page 147 and 148: having clear Standard Operating Pro
Page 149 and 150: Even the people themselves are key
Page 151 and 152: Extended strain collections with a
Page 153 and 154: of chemical, mechanical, civil, env
Page 155 and 156: 7. Working Group: Situation Awarene
Page 157 and 158: Nonetheless, to protect information
Page 159 and 160: 7.2.1.2 Communications A key aspect
Page 161 and 162: 7.2.2 Required capabilities Securit
Page 163 and 164: Legal frameworks have to be created
Page 165 and 166: OPTIMIZED COMMUNICATION CAPABILITIE
Page 167 and 168: all around the globe near real-time
Page 169 and 170: A variety of diff erent platforms a
Page 171 and 172: 8. Working Group: Identifi cation o
Page 173 and 174: In 1997, the very fi rst secure ele
Page 175 and 176: Tuning of biometric systems The dec
Page 177 and 178: At border of destination country: t
Page 179 and 180: 2. Supply chain risks: The terroris
Page 181 and 182:
Being more fi t for purpose - some
Page 183 and 184:
A Certifi cate Policy (CP) is put i
Page 185 and 186:
8.3.1.3 New practices and technolog
Page 187 and 188:
The Electronic System for Travel Au
Page 189 and 190:
8.3.3.3 Privacy protection Need to
Page 191 and 192:
Mobile ID devices may be used for a
Page 193 and 194:
The key points we would like to rei
Page 195 and 196:
9. Working Group: Innovation Issues
Page 197 and 198:
ESRIF WG 9 set the objective to eng
Page 199 and 200:
Not only this interaction between d
Page 201 and 202:
Role of Public Procurement The Euro
Page 203 and 204:
9.3.2.1 European Security Technolog
Page 205 and 206:
for training and education for secu
Page 207 and 208:
10. Working Group: Governance and C
Page 209 and 210:
10.2.1.4 Research Governance and Ma
Page 211 and 212:
locus of governance is the first-re
Page 213 and 214:
10.3 Findings & Gaps This section p
Page 215 and 216:
which members of a society orient t
Page 217 and 218:
The second noticeable result theref
Page 219 and 220:
in thematic thrust (such as society
Page 221 and 222:
For the moment, improving synergies
Page 223 and 224:
Concepts Concepts are drawn in CSCP
Page 225 and 226:
Annual workshops, ideas boxes can b
Page 227 and 228:
In the above fi gure it can be seen
Page 229 and 230:
11. Working Group: Human and Societ
Page 231 and 232:
Good governance is refl ected throu
Page 233 and 234:
together - into enduring working le
Page 235 and 236:
6. Another research area focuses on
Page 237 and 238:
4. Best Practices in Community-Base
Page 239 and 240:
3. Terrorism and counter-terrorist
Page 241 and 242:
11.2.5.2 Themes for future research
Page 243 and 244:
excellence alone. Such systems are
Page 245 and 246:
ESRIF FINAL REPORT ANNEXES
Page 247 and 248:
ANNEX I Terms of Reference (ToR) fo
Page 249 and 250:
6. Confidentiality ESRIF members, r
Page 251 and 252:
251
Page 253 and 254:
ANNEX II Roadmap table Weight / Cos
Page 255 and 256:
Weight / Cost Estimate (small2- 5
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
ANNEX III List of ESRIF Members (No
Page 285 and 286:
PRANJÍC Stipan (Croatia) Ministry
Page 287 and 288:
Leader: UNGER Christoph Rapporteur:
Page 289 and 290:
FERNANDEZ VASQUEZ Diego FERRARI Mar
Page 291 and 292:
STAICU Marcel STELTE Norbert STENER
Page 293 and 294:
ANNEX IV Working Group References a
Page 295 and 296:
United States, Department of Homela
Page 297 and 298:
DORIZZI Bernadette, GARCIA-MATEO Ca
Page 299 and 300:
MORDINI Emilio, OTTOLINI Corinna, B
Page 301 and 302:
Working Group 9: Innovation Issues
Page 303 and 304:
Culture as a factor in the percepti
Page 305 and 306:
DE - security culture as such has b
Page 307 and 308:
AT AT AT AT + Domestic security (re
Page 309 and 310:
- Security is seen as a national sy
Page 311 and 312:
AT AT AT AT FR FR - Ministry of Tra
Page 313 and 314:
Matrix 2: Overall assessment of evi
Page 315 and 316:
Matrix 4: Cultural factor summarize
Page 317 and 318:
Austria France Germany Italy Nether
Page 319 and 320:
UAVs UAVs UAVs UAVs Links space - U
Page 321 and 322:
IT Initial Tranche JLS Justice, Lib
Page 323:
European Integration: The Dynamics
show all

I527-290 ESRIF Final Report (WEB).indd - European Commission

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?