A Fast-Track Method for Assessing the Risk of a Terrorist Attack on Transportation Facilities Abstract The study reported in this paper was designed to develop a fast-track method for assessing the risk of a terrorist attack on transportation facilities. This method may be of particular significance for transportation systems with numerous facilities, like subways and railroads. For instance, in a situation where there is information that in the coming days a terrorist attack may occur along a subway line, employing this method can enable the experts to promptly determine the facilities (stations) which are the likeliest to be attacked by the terrorists. Upon receipt of the data, the police and security team will be able to go ahead and concentrate the forces around those specific facilities, which should help boost the likelihood of the terrorist attack getting prevented.

A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises Abstract The EU’s General Data Protection (GDPR) is an EU regulation that affects everyone in the EU and all organisations outside the EU that wants to do business with the EU. GDPR introduces tougher requirements for processing personal data, which may be difficult for many small- and medium-sized enterprises (SMEs) to follow without major adjustments. This work uses design science to develop a framework for SMEs to adapt to GDPR. The framework was empirically evaluated in three different types of organisations, resulting of GDPR compliance according to their Data Protection Officers. It was also theoretical evaluated against scientific literature including the identified implications of GDPR. In this paper the framework is presented, from initial analysis and design to implementation and future work, with advice on how to work with each part to achieve compliance. The paper also highlights some of the most important changes in GDPR compared to its predecessor, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DIR95).

Behavioural Economics of Security Abstract For years, the field of behavioural psychology has shaped the understanding of human behaviour. More and more findings of that discipline are also applied in economics. However, potential implications for the specific area of economics of security have been widely ignored. This paper transfers empirically proven phenomena of behavioural psychology, such as decision heuristics and fallacies, to the economics of security. In particular, we will focus on the subjective perception of risks and its implications on the evaluation of security solutions. Our paper provides an overview on aspects of behavioural psychology in economics of security. We argue that findings from behavioural psychology bear the potential to influence the assessment of security measures, and therefore need to be clearly identified for ensuring the efficient allocation of limited budgets for security solutions. In our view, sensitising decision-makers in the field of security for aspects of behavioural psychology is useful and conducive to enhance the management of risks for public security.

Indus Water Treaty in the Doldrums Due to Water–Power Nexus Abstract Hydropower dams on rivers in the Indus Basin are becoming new elements in power geopolitics due to the threat of “aqua bombs” to downstream regions. Water law may limit such perceived water wars. The transboundary river water sharing agreements that bind bordering states are overstretched, particularly between Pakistan and India. Meanwhile, factors such as the expansion in industry and population, global warming, and reduction in oil and gas resources diminish scarce natural water resources. In addition, due to water pumping at levels above natural recharge rates, the underground water table has reached a state of continual free fall in the Indian and Pakistani Punjab. This work points out the dire need to reform international law to address such transboundary river conflicts, as water conflicts may become fully fledged armed conflicts with the current approach. The concurrence of power, energy, food, and water crises may wreak havoc on international river agreements if not addressed in international law. However, the laws that define rights among developed states may not be suitable for developing countries, and water and food security are critical issues for sovereign nations. Water sustains life, effectively determining all other geopolitical issues. The aim of this work is to investigate how international law could be adjusted with regard to international water sharing in order to resolve issues such as the energy crisis, economic collapse, global warming, and climate change.

On the Application of the Safety-II Concept in a Security Context Abstract This paper presents an alternative and broader security risk perspective, incorporating uncertainty, as a two-dimensional combination of (1) threat (Th) on value (Vl), (2) vulnerability (Vu) given coping capabilities (Cc), and associated uncertainties U (will the threat scenario occur? and to what degree are we vulnerable?). Moreover, this work attempts to provide an integrated approach to the safety and security fields. We look closely into the issues related to Safety-I, Safety-II and security. Whereas conventional safety management approaches (Safety-I) are based on hindsight knowledge and risk assessments calculating historical data-based probabilities, the concept of Safety-II looks for ways to enhance the ability of organisations to be resilient in the sense that they recognise, adapt to and absorb disturbances. Three determinants that shape the Safety-II concept in the security perspective are the capacity of organisations to operate in changing circumstances; formulating strategies that promote a willingness to devote resources to security purposes, driven mainly by the organisation’s leader; and an organisational culture that encourage people to speak up (respond), think creatively (anticipate), and act as mindful participants (monitor and learn). Based on clarifying some of the fundamental building blocks of security risk assessment, this work develops an extended security risk assessment, including an analysis of both vulnerability and resilience. The analysis explores how the system works following any type of threat scenario and determines whether key functions and operations can be sustained.

Risk and Resilience Analysis of Public Civil Buildings Against Shelling with Explosive Sources in Urban Contexts Abstract Due to their high availability and low cost level, passive protection measures are a key factor for reducing the vulnerability of persons within and close to assets against potentially impacting mortar, rocket and artillery threats. Particularly, mortar shelling has even most recently been reported. At risk are permanent and nonpermanent assets of civil, (non)governmental or peacekeeping organizations with corresponding effects, e.g., on civil society, civil services or successful nation building, respectively. Of interest are the identification of vulnerable areas and the assessment of the effectiveness of protective structures while taking also other counter measures into account. To this end, a seven-step quantitative risk and resilience analysis and management methodology is described and applied. It consists of the analysis of scenarios, frequencies, hazards, damage effects and risks and yields individual and collective risks for multi-threat scenarios. Local individual or collective risks can be minimized below criteria, thus reducing vulnerability and increasing resilience in an efficient way, e.g., by using geometrical changes, by structural roof, wall and window retrofits, by mitigating barriers and/or organizational measures. The approach is demonstrated along with three detailed example cases.

Obituary

Trends of Modern Terrorism in the Metro Systems of the World Abstract The issue of anti-terrorist protection of metro systems in recent decades has significantly worsened. This is due to the general growth of the terrorist threat in the world. According to the Global Terrorism Database of the National Consortium for the Study of Terrorism and Responses to Terrorism (START), a number of terrorist attacks have been committed in metro systems of various countries of the world, including Britain, Russia, USA, Japan and France. For effective measures to counteract such attacks, it is necessary to clearly know the trends of modern terrorism, particularly on the basis of systematization and analysis of statistical data on the terrorist attacks committed in the metro systems with the subsequent formation of a matrix of trends, which in this case was carried out by the authors of the article. The main statistical analysis method is the factor analysis. The proposed matrix helps to assess terrorist threats for metro systems and can be used to develop measures to ensure their security. The Matrix of Trends of Modern Terrorism in the Metro Systems’ main trends are identified: frequency of attacks; object of attacks; tool of attacks; method of attacks.

On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems Abstract According to Cybersecurity Ventures research in 2017, in every 40 s, a business falls prey to a ransomware attack and the rate is predicted to rise to 14 s by 2019. Business organizations have had to pay cybercriminals even up to $1 million in a single attack, while others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyberthreat to enterprise systems that can no longer be ignored. In this paper, we address the various facets of the ransomware pandemic narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems, detailing the various susceptible ransomware entry points. We evaluate how the incorporation of asymmetric and symmetric encryption in hybrid cryptosystems with worm-like properties in recent ransomware strains has brought about tragic targeted ransomware attacks campaigns such as WannaCry, Erebus, and SamSam. We also detail the economic impact of ransomware on various businesses in terms of paid ransoms and loss of revenue due to downtime and loss of production. Results show the substantial role played by the Bitcoin cryptocurrency and email as the prevalent attack vector in indiscriminate attack campaigns, while vulnerability exploitation is dominant in targeted attacks. Furthermore, results show that lack of offline backup and poorly implemented offline backup strategies end up costing businesses more than the ransom demand itself. We suggest mitigation strategies and recommend best practices based on the demystified core components of successful ransomware attacks campaigns.

Identity and Insecurity: Societal (In)security and Emergent Legal Challenges to European Identity Abstract This paper challenges the notion that European identity building remains a certain and effective path to societal security in the European Union. Instead, it argues that other emerging securitizations in the face of the migration crisis now represent a major challenge to European identity as the foundation of societal security in Europe. It begins by addressing the nature of the Copenhagen school and the societal security concept, then illustrates how it can be used to understand the post-war securitization of European identity and subsequent identity building process. However, the article then challenges the established normative position at European identity is a reliable security referent by highlighting the ongoing challenges posed by member-state counter-securitizations in the context of the migration crisis. These securitizations in turn manifest into legal challenges that threaten the foundations of European identity building. By focusing on themes of identity building, threat perception, and response, this paper highlights how the position occupied by the constructed notion of pan-European identity is declining in its role as a source of security and increasingly portrayed as a referent for member-state insecurity.