Plenary Lecture: A conceptual framework to counter Hybrid Threats that change the security paradigm
Dr.Ing. Georg Peter, born in 1959 in Frankfurt, Germany, holds a degree as Mechanical Engineer and a Ph.D. in nuclear safety. He joined the European Commission in 1989 as a research engineer in the Joint Research Center in Ispra analysing accident scenarios in nuclear power plants and in hydrocarbon facilities by developing and applying complex computer simulation models.After having been responsible for the Safety & Security Unit of the JRC Ispra site, he was appointed as Head of the Unit “Technology Innovation in Security” in the Directorate “Space, Security and Migration” of the Joint Research Center of the European Commission. His team is dealing with innovative solutions for the protection and resilience of critical infrastructures in Europe, hybrid threats, advanced radio signal processing such as 5G, spectrum sharing and interference studies, scientific support to the European Global Navigation Satellite System Galileo, hazards in chemical industry and consequences of natural hazards to technological installations as well as possible policy aspects of future quantum technologies.
The European project which has brought unprecedented peace, prosperity and democracy faces severe and acute challenges that undermine its very existence. The current geopolitical situation, emerging security threats and societal challenges are menacing the resilience of European countries and eventually the one of the EU project as a whole. Security is a fundamental issue for European societies. The events in Ukraine have showed that a new realm of security threats has emerged that poses an acute threat to the integrity of a state and that the internal-external security are tightly linked. In addition, security is linked with the citizens’ perceptions about a country’s governance performance. As a consequence, addressing security challenges is not anymore an exclusive competence of security professionals and related policy makers. It is much broader requiring a serious and systematic consideration of societal aspects and changes. The Digital Transformation of our society, migration and Artificial Intelligence (just to name a few) are changing completely the way societies will function in the next decades. The limits between traditional disciplines are blurring and actually create a continuum upon which policy makers need to act. The EU has recognized the need to act in a holistic manner in the domain of security and has published two communications on the issue of Hybrid Threats. Hybrid Threats are the mixture of coercive and subversive activity, conventional and unconventional methods (i.e. diplomatic, military, economic, technological), which can be used in a coordinated manner by state or non-state actors to achieve specific objectives while remaining below the threshold of formally declared warfare.
Critical infrastructures are an essential element of hybrid threats. However, compromising their performance is not the final objective but rather the means to more overarching objectives such as affecting the core values of societies and trust to institutions. Disruptive events in critical infrastructures might be leveraged to undermine the trust of citizens to the risk and disaster management capabilities of their government and discredit leadership.
Today internal security is mainly tackled at sectoral level (e.g. cyber security, physical security, fight against terrorism, critical infrastructure protection, etc.). This has to change. Security has to be seen in the context of the overall resilience of the society. The political framework at EU level related to Hybrid Threats supports addressing security related issues in a holistic manner. If the EU aspires to maintain or even increase its role as a global actor as well as maintain a high level of security for its citizens, it is necessary to act urgently and step-up efforts building upon the existing momentum. This requires also a change of thinking in risk analysis.
We have to find answers to questions such as:
How can we change our risk management approach to improve the protection and resilience of our critical infrastructures given this new complex threat vectors?
How can we build resilience against security related incidents that aim at leveraging existing societal vulnerabilities in order to potentiate their impact?
How can we bolster resilience at societal level introducing a whole of governance and whole of society approach?
The JRC responds to these questions by supporting the conceptualization of Hybrid Threats. This aims to assist Member States to identify such threats and support attribution. Tools allowing an early identification of Hybrid Threats are of outmost importance for security analysists in an effort to connect the dots and to get a coherent and overarching view of the security threats. The Conceptual Framework for Hybrid Threats developed jointly by EC Joint Research Center and the Center of Excellence for countering Hybrid Threats in Helsinki aims to provide a basis for a better understanding of the phenomena, and for developing analysis tools to detect and counter Hybrid Threats in an early phase.
|Tuesday 3 November
Virtual room 1
10.45 / 11.30
Cyber Security Officer for the Western European Region HUAWEI
Plenary Lecture: Risk Mitigation – A Shared Responsibility in the 5G Ecosystem
Bob Xie has been working at Huawei for 22 years. He gained experience in Marketing and R&D as Senior Engineer, Senior Marketing Manager and Director. In 2010, he was entrusted with the mission to set up the Huawei Cyber Security Evaluation Centre in the UK, first of its kind. He directed the HCSEC from 2010 till July 2018. Then he moved on to set up the Huawei Cyber Security Transparency Centre in Brussels, which officially opened in March 2019. In August 2019, he was also appointed as the CSO for the Huawei Western European Region. Bob Xie is well versed on the cyber security management system and practices of the company
Biography- Over 35 years of experience in transportation, nuclear, and defence industries; actively promoting the application of risk management in enhancing safety
This Lecture addresses the aspiration of global ‘Vision Zero’ movement, and the systems and processes organisations need to take on the journey in reduction health and safety accidents. The speaker, Dr Vincent Ho, will discuss how MTR Corporation takes on ‘Vision Zero’ and transforms it into its own Zero Harm campaign with an aim to promulgate a preventive safety culture among the workforce. Dr Ho will discuss the impact of COVID-19 to the workforce under the new normal, and share experience for management to achieve a high level of health and safety using the Zero Harm approach during this difficult time.
Professor Doctor of Technology, Director of the Laboratory.
Professor Salo has worked extensively on the development of decision analytic methods and their uses in resource allocation, innovation management, risk management, technology foresight, and efficiency analysis. He has published widely in leading international journals (including Management Science and Operations Research) and received awards for his research from the Decision Analysis Society of the Institute for Operations Research and the Management Sciences (INFORMS). He serves on the Editorial Boards of several refereed journals.
Professor Salo has directed a broad range of basic and applied research projects funded by leading industrial firms, industrial federations, and funding agencies. He has been visiting professor at the London Business School, Université Paris-Dauphine and the University of Vienna. He has been the President of the Finnish Operations Research Society (FORS) for two biennial terms. In 2010-11, he served as the European and Middle East representative of the International Activities Committee of INFORMS. In 2010-16, he was jury member of the EDDA Doctoral Dissertation Award of the Association of European Operational Research Societies (EURO), and chaired this jury in 2016. He has been on the Board of the Association of Parliament Members and Researchers (Tutkas) since 1999.
AbstractAt present, trends such as the wider adoption of sensors, communication devices and data science tools make it possible to develop increasingly accurate representations of techno-economic systems and their safety performance. Together with methodological advances in portfolio decision analysis, such representations support the formulation of increasingly comprehensive decision models which are systemic in that they account simultaneously for multiple objectives and associated preferences; the full range of alternative risk mitigation actions; logical and probabilistic dependencies within the system; as well as relevant resource and risk constraints, including budgets and regulatory requirements.
In this talk, we show how these kinds of systemic decision models can be developed and transformed into optimization problems which can be solved with tailored knapsack algorithms or techniques of mixed integer linear programming (MILP). A major benefit of these models is that they recommend portfolios of risk mitigation actions which are guaranteed to be optimal in view of the stated constraints: thus, these actions will, as a rule, contribute more to the chosen objectives (such as safety performance) than selecting actions one-by-one based on “piecemeal” approaches such as the comparison of individual risk importance measures or benefit-to-cost ratios. Furthermore, these models can capture many kinds of probabilistic and chance constraints (such as conditional Value-at-Risk) while they also help identify which actions are robust selections subject to different assumptions about the numerical values of model parameters. Several examples are given to illustrate how these advances in portfolio decision analysis provide information that serves to improve decisions.
|Wednesday 4 November
Virtual room 1
11.00 / 11.30
Head of The Global Infrastructure & Networks bussiness line at ENEL Group
Plenary Lecture: People, Infrastructure, Stakeholders: Sustainable Risk Mitigation in Power Grids
Antonio Cammisecra is the Head of the Global Infrastructure & Networks business line at Enel Group since 1st October 2020.
Prior to that, he was Head of Global Power Generation since October 2019 and served as Chief Executive Officer of Enel Green Power and Head of the Africa, Asia and Oceania region since 2017. Until 2019 he was also Head of the North and Central America region.
He joined the International Department of Enel Group in 1999. He was then appointed Business Development Manager for Latin America, working in various countries in South and Central America. He joined Enel Green Power on its foundation in 2009, as Head of Business Development Italy, and in 2012 was named Head of Operations and Maintenance Hydro, Wind & Solar. In 2013, he became Head of Global Business Development, leading a team of more than 200 people, working in over 20 countries across 5 continents.
Antonio Cammisecra was born in Naples (Italy) in 1970. He graduated cum laude in Mechanical Engineering from the University of Naples “Federico II" in 1996. In 2004 he obtained an Executive MBA at Bocconi University, Milan.
|Wednesday 4 November
Virtual room 1
15.45 / 16.30
Head of Operational and ICT Risk Cassa Depositi e Prestiti (Italy)
Plenary Lecture: Risk management in the Covid-19 era
Currently Head of Operational & ICT Risk in Cassa Depositi e Prestiti, with more than a ten-year experience on operational risks in the banking sector. He earned his PhD in economic and management engineering at the "Tor Vergata" University of Rome, developing an intersectoral framework for the management of operational risks. He is author of several national and international publications within his areas of expertise. His research interests are mainly focused on risk management and corporate social responsibility.
|Thursday 5 November
Virtual room 1
09.00 / 09.45
Noval Architect CETENA S.p.A. Engineering and Technical consaltancy-Head of Design for Safety B.U.
Plenary Lecture: Realtime Damage Decision Support System for Ship Recovery
Alessandro is a Naval Architect and Marine Engineer working in CETENA, leading the “Design for Safety” Business Unit. The BU supports Fincantieri, Classification societies and ship-owners in risk analysis studies such as Alternative design, Safe Return to Port (SRtP) and Ship Design Risk Assessment. Moreover he is involved in NATO working groups and he is technical committee member at RINA (Registro Italiano Navale) and Italian Administration Adviser at IMO for Safety. The BU is also involved in research activities in both merchant and navy fields
Melinda Hodkiewicz is an engineering academic working on multi-disciplinary projects to improve maintenance, asset management and safety practices. Her academic career started in 2005 after an earlier engineering career in maintenance in the resources industry. She currently has a 5-year A$1.3MFellowship at the University of Western Australia funded by BHP, a major resources company. The aim of the Fellowship is to improve academic-industry collaboration and work to support the communities in which BHP operates. She endeavours to do the latter by research that impacts maintenance to make it more productive and safer. In October 2019 she has been elected a Fellow of the Australian Academy of Technology and Engineering.
She has four research areas: ontology and natural language processing of maintenance and safety unstructured records. This work supports validation of remaining useful life models, which in turn assists the maintainer of the future, who will be using MEMS-IIOT sensing systems for industrial maintenance applications. She works with academic and industry collaborators from a wide range of disciplines in a number of different countries.
Organisationally she co-leads the data science program for the $10M ARC funded Offshore Structures Hub, manages the UWA Critical Mass Research group on Engineering System Health, leads the UWA System Health Lab, and has conventional academic and teaching responsibilities. She also holds two external national positions, one as a member of the Board of Australia’s National Offshore Petroleum Safety and Environmental Management Authority (NOPSEMA) and the other on the advisory committee for the Australian Government’s mining equipment, technology and services (METS) Ignited Growth Centre, one of the six Government Growth Centres charged with distributing A$238M of funds 2017-2021. She is currently a visitor at the Alan Turing Institute, this is the national centre for data science in the UK.
In October 2019 she has been elected a Fellow of the Australian Academy of Technology and Engineering. Professor Hodkiewicz is an international leader in asset management through research, education and digitalization.
Maintenance management practices underpin the export earnings and infrastructure of our national economies but these practices have changed little in the last 20 years. Global companies are trying to bring computational methods, statistics, and artificial intelligence to determine how, when and why maintenance is conducted. However, evidence of positive return on investment is patchy. In an Industry 4.0 world, we need to be able to apply data science methods to maintenance at scale. The slow uptake by maintenance personnel of these methods is due to poor prediction performance in practice and lack of validation of these algorithms in the field. Solutions include natural language processing and ontologies for unlocking data in inspection and repair records, bayesian methods for supporting asset-specific predictions under uncertainty, and culture evolution for shifting to secure sharing of industry data and codes. Together, these developments are building transparency and trust in prediction recommendations for maintenance.
|Thursday 5 November,
Virtual room 1
12.00 / 12.45
Silvia Abrate, Saipem S.p.A. - Italy
Plenary Lecture: Industrial risk management in oil and gas construction and drilling
projects – Saipem experience
Silvia Abrate began her career in 1994 at Arthur Andersen and subsequently worked in the Internal Audit Function of Schneider Electric. She was hired by Saipem in 2003 as a Senior Internal Auditor and since then he has held various positions within the Internal Audit Function, the last of which since 2013 as the Audit Planning, Methodologies and Relations with Control Bodies Manager. Over the years she has also worked as a member of the Compliance Committee at various Group subsidiaries. Silvia Abrate is currently the Risk Management, Supply Chain and Business Integrity Director of Saipem Group.
Industrial Risk Management is a fundamental tool for managing risks in contractor’s projects. The purpose is to present the industrial risk management framework in Saipem, which is based on 4 pillars: the Risk Appetite, the Bid Complexity Index, the Golden Rules and Silver Guidelines and the Project Risk Management. An overview of the industrial risk management organization and risk managers’ role during commercial and execution phases is also given, together with an example of assessing Covid-19 risks.
BiographyChris Johnson is Professor and Head of Computing at the University of Glasgow. He is also Director of the UK Cyber Defence Lab, which focuses on the cyber security of national critical infrastructures. He has held fellowships from NASA, the US Air Force and the US Navy and in 2019 completed cyber risk assessments for the infrastructure supporting UK aviation (for the Department for Transport) and European Air Traffic Management (for the EC Network Manager). He co-authored United Nations guidance on the cyber security of CBRN installations and is working with the UN-ICAO on guidance in aviaiton. The technical focus of his work identifies mitigations that can be used in both safety and security critical contexts where, for instance, the introduction of intrusion detection or network segregation must not compromise safety requirements.
Many international standards including IEC 61508, ISO 26262 and EN 50126 place either explicit or implicit barriers to the use of Machine Learning in safety-critical applications, especially at higher levels of integrity. Traditional approaches to the development of high-reliability systems use risk assessment techniques to focus resources on software that makes the greatest contribution to the mitigation of functional hazards. At the higher levels of integrity, this requires the use of deterministic verification and validation techniques based on strong assumptions about the eventual context of use. They also imply high levels of traceability and of transparency that enable independent inspection, for instance by regulatory agencies. In contrast, machine learning algorithms have proven to be extremely effective in identifying statistical patterns in complex data without necessarily making the justifications for the correlations in training sets transparent either to external agencies, to the software developers or to end users.
In this talk we will present a range of techniques that have been pioneered, often for use in military applications, that provide regulatory agencies and assessment boards with the confidence that is required to permit the use of Machine Learning in Safety-Critical Systems. In many cases, these techniques limit the application of ML, for example, to advisory approaches in which the human remains in ultimate control. Other approaches extend conventional methods from high-reliability engineering, including massive exposure to potential operating environments through “exhaustive” testing. These techniques are unlikely to satisfy the growing demand for the integration of autonomous and semi-autonomous systems into a host of application domains. Analytical approaches to representing and reasoning about ML, often shift the problem away from understanding these algorithms but create further problems for regulators and end users in understanding the underlying mathematical abstractions that support the analysis. We will conclude the presentation by explaining how hybrid ML and deterministic algorithms can be integrated with the appropriate use of adversarial networks to increase confidence in ML applications and yet still retain sufficient prospect that these approaches will yield significant operational benefits in complex, uncertain safety-related domains.