“Deepening our knowledge of · - Empowering citizens to act efficiently by themselves during an event following best practices and guidelines, and to be better prepared to recover

“Deepening our knowledge of

security research needs and

identifying the priorities to be

addressed”

17 October 2019

Room 19/SDR01

Covent Garden, Place Rogier, 16 - 1210 Brussels

GENERAL APPROACH

General approach

General approach:

• moving towards a capability-based approach

• continuity from past

• but also respond to new/emerging requirements and new technologies

• Keep strong participation of end-users / practitioners

• Continued attention to SSH dimension of technology

Driving questions:

• how to be more proactive towards longer-term scenarios?

• how also to take better account of short-term needs?

Needs/priorities in the area of

DISASTER-RESILIENT SOCIETIES

The implementation of international (e.g. the Sendai FWA) and EU Disaster Risk Reductionpolicies tackling natural and man-made threats (either accidental or intentional) requireenhanced collaboration among different actors (policy-makers, scientists, practitioners,SME/industry sectors, and citizen representatives). Enhanced knowledge covering the riskmanagement cycle, from prevention / preparedness to response includes innovative methodsand solutions addressed to decision-makers and the overall society as well as technologies andtools in support of first responders operations. Needs are particularly acute in the areas of:

Support to Disaster Risk Management and Operations

• Risk Assessment / Awareness

Technologies, tools and solutions for enhanced risk assessment / awareness are essentialfor a better prevention and preparedness to any kind of disasters, in particular:

- Enhanced assessment of risks, taking into account available data and historical occurrences

- Impact forecasting systems able to anticipate the occurrence of disasters, thus supporting the rapiddeployment of first responders and communication to citizens in vulnerable areas

- Early warning and alert systems

• Monitoring / Surveillance

Disaster risk reduction is closely linked to data acquisition through monitoring /surveillance programmes, requiring innovation solutions for faster risk detection:

- Identification of precursors, scenario building based on past events to design or improve risk-targetedmonitoring programmes

- Quality Assurance / Quality Control of CBRN measurements

Disaster Risk Reduction

Societal resilience

• Citizen Awareness

Enhanced knowledge on the way citizens behave in case of disasters, with implications onpolicy design and implementation:

- Disaster risk awareness raising based on past events to improve citizen understanding of risks andenhance societal preparedness and resilience trough education and knowledge about how to react

- Behavioral analysis in case of a disaster to anticipate appropriate responses from civil authorities andservices

- Enhanced collaboration and communication with citizens before and during an event

- Empowering citizens to act efficiently by themselves during an event following best practices andguidelines, and to be better prepared to recover from the event

• Citizen involvement in research

Linked to awareness raising, good practices can only be implemented if local actors areinvolved in decisions and operations, which can be supported by research, in particular:

- Improved information exchanges among citizens, local authorities, schools and first responders

- Involvement of citizens in field validation of different approaches / methods related to different risks usedby local authorities and first responders, in representative urban and non-urban environments


Technologies for first responders

• Situational awareness and preparedness

Technologies enabling first responders to get a faster overview of any disaster situation andbe better prepared in emergency operations:

- Novel technologies and tools for enhanced situational awareness with faster communication to emergencyservices

- Smart wearable protection equipment for first responders, in particular in case of CBRN-related event(accidental or linked to terrorism)

- Minimise time-to-react in urban areas (First Responders way through traffic, UVs for First responders)

• Response to severe disasters

Innovative technologies and solutions are required for first responders to respond moreefficiently to disaster events, with operational approaches that are affordable, accepted bycitizens and customized to the cross-sectoral responder’s needs:

- Enhanced system communication solutions between first responders and victims

- Faster detection of victims enabling more efficient rescue operations

- Rapid and accurate detection of CBRN substances resulting from all sorts of disasters of natural, accidentalor terrorist origins

- Victim triage and decontamination chain in case of CBRN (accidental or terrorist origin) event



FIGHT AGAINST CRIME AND TERRORISM

Cross-cutting: Modern information analysis and solutions

• New challenges for LEAs

Technological advances enable criminals and organised criminal networks to stay out ofthe grid. LEAs encounter challenges in the following areas in particular:

- investigation on the Dark Web (technological, legal, and operational issues)

- detecting and tracing back illegal activities related to decentralized computing technologies (e.g.Blockchain based databases, Peer-to-Peer,..) where no entity is in control of the underlyinginfrastructure, which makes both attribution and disruption very complex. This is particularly relevantin the area of child sexual exploitation (CSE) and financial crime.

• Opportunity for increased security

(assuming the individual rights are adequately addressed) Fueled by smarter datacollection, AI, big data technologies relying on high-performance computing could enablebetter detection of weak signals, offer deeper analysis more quickly, and suggestoperational responses to human decision-making.

• Technical solutions for data protection

Technical solutions could help law enforcement comply with data protection requirementswhen handling data, while being able to extract information when needed. Anonymization/ masking and unmasking technologies could be developed to facilitate data managementensuring, in case of necessity, full access to the data actually needed (in line with theproportionality principle).

Fighting Crime and Terrorism

PNR information analysis

It could include research on 1) (possibly AI) methods to combine different data sets, shiftthrough (and learn from) vast amounts of data to "predict" possible behaviours etc., 2)the use of large data sets on risk analysis, and/or 3) possibility of having solutions basedon blockchain to streamline the identity management of passengers.


Terrorism

•Protection of public spacesInnovative measures could be searched for, to: 1) stop uncooperative vehicles and unmannedvehicles (making use of E-Call, hacking, non-lethal weapons, smart and advanced barriers), or2) mitigate threats by real or perceived CBRN-attacks via UAVs; 3) full-scale VulnerabilityAssessments by using augmented reality training and multiple data sources.

•ExplosivesThree ideas: 1) Substitutes for chemicals used for explosives (e.g., substitute for aceton); 2) Detection of darknet distribution of CBRN-E materials; 3) Mitigation of risks from possible construction of explosives via 3-D printing;

•Combating disinformation and fake news with implications for securityCausing a mass panic by spreading fake news is one example. This could be an interdisciplinary research on both social capabilities to withstand such a threat (e.g. education on trustable sources of information) and technological means of defending against it.

•Links between terrorism and serious and organised crime (including cyber)

Terrorist groups may exploit organised crime infrastructures to procure tools, such as firearms or fraudulent documents, and move goods and people needed to perform attacks in the EU. The involvement in serious and organised crime may as well allow terrorists to generate funds to finance terrorism-related activities.


Radicalisation

• Consolidate

Impact evaluation of what has been done so far and identifying the most efficient responses inareas such as e.g. risk assessment tools, radicalisation in prisons, multi-agency collaboration…

• Explore

Areas still to be analysed e.g.: possible use of big data to identify terrorist content online,identification of what makes alternative narratives and counter-narratives be effective, linksbetween online and offline radicalisation, resocialisation and rehabilitation approaches ofreturning foreign terrorist fighters and their families (including children)…

Corruption (may include procurement corruption)

• Estimate its impact

Social, impact on vulnerable groups, economic, as well as fiscal and development costs.

• Analyse its role as an enabler of other crimes

Terrorism, organised crime, human trafficking, smuggling.


Trafficking of Human Beings

• Forensic tools to combat human trafficking and smuggling

The goal would be to develop new technologies and the use of innovative approaches with theaim of increasing prosecutions and convictions, and to ensure early identification of victims.The research would aim to contribute to countering the culture of impunity by increasing LEcapacity to detect the trafficking crime and its victims and to disrupt the business modeland/or establish responsibility of all those involved in the trafficking chain.


Cybercrime

• Cryptocurrencies

[legal as well as technical research]: money laundering techniques, seizure, tracking, fraudcommitted against legitimate users of cryptocurrencies.

• Child Sexual Exploitation

1. Prevention: research is needed in order to devise effective strategies in preventing childabuse, by providing the necessary assistance to potential offenders.

2. Challenges related to

- encryption: As end-to-end encryption is being widely deployed among major messengersapplications, it is important to study if and how tools that can be currently used for thedetection of CAM - Child Abuse Material (e.g. photo DNA) can be adapted to encryptedcommunications;

- detecting and tracing back to the source CAM on peer-to-peer networks;

-the development of new online threats such as Live streaming (i.e. the crime is committedabroad and live streamed for a European predator);

-deepfakes.

• Identity theft

It is a major component of any online fraud. The means of fighting this type of crime requirescooperation and exchange of information, as well as tools to enable the proper understandingof the corresponding organized crime activity.


Digital forensics

• Internet of Things

Research is needed in the area of acquisition and analysis of data in the era of Internetof Things, with a particular focus on forensic mobility (e.g. connected cars).

• Data mining, data management

Once data is accessed, continuous research is needed on effective tools to manage andanalyse it. Emerging technologies, such as AI, play a central role in, e.g.: informationscrapping, content clustering, predictive policing, multimedia analytics and naturallanguage processing.

• Challenges caused by 5G and beyond

Software-based architecture of 5G brings new challenges in investigation (cross-border exchange, encryption), but will also support the development of new types of applications that will be used by criminals and even be an origin of fraud.


Forensics

• Human factors

Understanding how human interaction impacts on decisions at all levels of an investigativeprocess is critical for the development of safe justice outcomes. Research is needed to 1)evaluate, develop and enhance methods and cognitive techniques to communicate nonambiguously in the forensic and legal context; 2) develop, improve and enhance communicationmechanisms between the actors of the criminal justice chain (providers and requesters).

• Transfer, persistence and background abundance

Two types of developments are needed: 1) of ground truth datasets to support interpretation atthe activity level for transfer microtraces (paint, glass, etc), biological traces (body fluids, DNA),chemical traces (explosives, drugs, ignitable liquids), biometric traces (fingermarks, shoemarks,CCTV footages); 2) of methods of biological fluid identification for forensic applications.

• Biometrics

It includes, e.g., 1) automation and scalability of the identification, identity verification,intelligence, investigation and evaluation processes; 2) robustness and validation of biometricsin forensic conditions; 3) biometric data protection and privacy; 4) standardisation of data andprocesses and conversion of existing biometric tool for use in the judicial system; 5) exchangeof biometric data and interoperability of the systems, and risk of direct adoption of existingbiometric tool for use in the judicial system.

• Emerging technologies (and industry)

Long-term methodologies could be developed to analyse and forecast trends in technologydevelopment and evaluate its applications and implications for forensic science. As anotherpossibility, existing subjective techniques could be converted to new objective methods.


Drugs

• Better monitoring of illicit drug use

It is related especially to poly drug use and drug related mortality, in particular bystrengthening data collection efforts of forensic toxicological labs.

• Developments in the illicit drug market

Innovative methods to research developments in the illicit drug market, especially onprevention, in particular by improving pill testing data, consumption rooms as reporting source,testing of syringe residues, etc.

• Darknet monitoring and drugs

While vendor and customer interactions are relatively well researched and understood, there islimited knowledge regarding the actors and mechanisms involved in this trade beyond thedistribution/sales phase in the drug trafficking chain. Knowledge gaps also remain in relation tothe extent of involvement of traditional organised crime in the darknet trade in illicit drugs.Then, gaps exist in the knowledge of the financial flows related to the profits from darknetmarket platforms. Finally, in future, the role of AI could be a fruitful area for applied research.

Monitoring of other illegal online trades (including dark web)

• organised property crime

Online marketplaces have become a place to advertise and sell stolen goods from organisedburglaries, thefts and robberies, motor vehicle crime and the trafficking of cultural goods.

• counterfeit goods (food and beverages, pesticides, pharmaceutical products)

• firearms



BORDER AND EXTERNAL SECURITY


Continuous and integrated border surveillance

Research border surveillance solutions that are enhanced or made more reliable bytheir integration among existing or upcoming systems, and/or by the use of assisteddecision-making, autonomous systems.

• Continuous and robust surveillance capabilities under all weather conditions incomplex and dynamic environments

• Targets including but not limiting to prevention and countering of cross-bordersmuggling.

• Cybersecurity an aspect to be considered for all solutions explored

Protection and continuity for border surveillance and border checks

- Safety and security for the operational EBCG staff

Interesting novel tools and methods contributing or facilitating the work of EBCGoperational staff, including their safety and security. Components to explore mayinclude:

• Increased situational awareness, security and safety solutions, analytics support

• Complementarity with other security research streams and tailoring to user needs

- Capabilities consolidating harbour protection

Identity for crossing the borders of the future

Research on next steps and solutions for integrated secure identity creation, protectionand management for digitalized borders. Components may include but not limit to:

• Innovative solutions against morphing attacks, morphing detection

• Biometrics on the move

• Advances in breeder and travel document security

Further and beyond interoperability for border checks

Research for better, faster and more comprehensive information availability andexchange between Member States and EU Agencies. Links with research on borderdigitalization. Components may include:

• Human – machine interaction

• Exchange data analysis ahead of traveler's arrival

• Enhance risk assessment

• Analytics tools


Customs and supply chain security: horizontal considerations

• Secure, Measurable, Automated, Risk Management-based and Technology-driven (SMART)

• Increased automation and decision support

• Reduce the need to open containers, cargo, baggage, courier and postal packages

• Data analytics

Detection of threats in postal and express courier flows at customs

Innovation needed to allow more effective detection without impeding flow; at the same time possibleopportunity for research cooperation with operators of postal and express courier services.

• Drugs, firearms and other illicit activities

• For criminals is relatively low risk

• Risk profiling, detection, data sharing

• Effective detection without disrupting postal flow

Detection of New Psychoactive Substances at customs

• Access to updated spectra

Detection with portable devices at customs

Research on portability and portable devices: to deploy where appropriate and more efficient, and/or to carryout inspections “on the move”. Particularly interesting aspects:

• For concealments on moving persons: based on non-ionising approaches, providing safety and privacy

• For goods: detection at customs site



INFRASTRUCTURE

INFRASTRUCTURE

Addressing interdependencies and systemic risksBesides the classical approach of protecting infrastructures by sector, a stronger focus onthe systemic dimension of attacks is necessary. As such, not only interdependencieswithin one type of infrastructure (or closely related types) can be taken into account, butlarge scale disruptions also with a view of the specific challenges of the cross-borderdimension. Specific attention could be dedicated to Hybrid Threat scenarios.

• Large-scale Vulnerability Assessments and risks management capabilities, forecastingof emerging risks (via AI)

• Simulations to prepare for systemic disruption of several key infrastructures

• Cross-border scenarios (also with third-countries)

• Better anticipation of systemic risks (including advanced FDI-screening, technologicalrisk assessment)

• Integration of national and EU-databases, secure exchange on CI-related incidents

• Societal resilience against CI-disruption with Hybrid Attacks and false news (e.g.finance infrastructure, food-supply and medical system )

Increasing protection and resilience of Critical Infrastructures

Research on CIP is a well-established domain with significant results achieved. Due tothe fast evolving technological landscape there are however constantly new challengesand opportunities. Resilience and Preparedness are keywords to possibly defineupcoming research priorities of a cross-cutting nature.

General and cross-sectoral priorities:

• Autonomous systems for CIP (UAVs, robots, autonomous detection & repaircapabilities)

• Operational testing in real-scenarios and augmented reality

• Protection against large-scale UV-attacks (e.g. new radar systems, counter-measures)

• Risk anticipation through real-time data analysis

• Countering espionage against CI

• Faster identification of hazardous agents and contaminants

• New approaches in ‘Security-by-design’

• Forecasting of emerging challenges (e.g. Internet of Nanothings)

INFRASTRUCTURE

Critical Transport Networks

• Advanced protection of (smart) tunnels, bridges and roads

• Security upgrades for existing infrastructures

• Advanced protection of the EU airspace

• Training modules and augmented reality for threat scenarios

• Concepts to minimise disruption by false alarms and non-intended security breaches

• Better integration of detection capabilities between different transport modes

• Protection of physical and digital infrastructures for Unmanned Vehicles (U-Space, vehicle-to-vehicle communication, charging facilities)

• Future capabilities for harbour and port protection

Critical Services

• Protecting infrastructures for democratic elections and democratic processes

• Ensuring functionality of public first response capabilities (attacks on the infrastructures of LEA, Fire fighters or medical responders)

• Protection of physical components of the 5G-network

INFRASTRUCTURE

Critical Supplies

• Food and water-supply-chain protection against chemical and biological threats (including advanced bio-weapons)

• Smart security concepts to allow for remote on-scene operations without endangering responders

• Enhanced use of existing sensors for multi-source incident command operations

INFRASTRUCTURE


CYBERSECURITY

•Network and Information Security – critical infrastructures; CSIRTs/CERTs

•Security certification

•IoT security

•Supply chain security

•Strategic autonomy

•Data protection and privacy (GDPR, ePrivacy)

Cybersecurity – policy priorities

Automated security quantification and certification

•Verifiable security, privacy, and ethics

Cybersecurity – R&I priorities

Resilient infrastructures and interconnected systems

•Advanced cryptography; quantum

•Automated threat prediction, detectionand response

•Human factors – risk and crisis management

•Authentication of IoT objects

Cybersecurity – R&I priorities (cont’d)

Securing disruptive technologies

•Securing AI - 5G - IoT – blockchain –distributed computing

•Big Data privacy


Hardware and supply chain security

•Cryptography and its implementation

•Secure systems, despite vulnerable components

•Virtualisation


Thank you for your attention!

Documents

“Deepening our knowledge of · - Empowering citizens to act efficiently by themselves during an event following best practices and guidelines, and to be better prepared to recover