This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
V r i j e U n i v e r s i t e i t
B r u s s e l
K r i s t o f V e r f a i l l e
M i r e i l l e H i l d e b r a n d t
R o s a m u n d e v a n B r a k e l
Deliverable D 6.2
SIAM Security Impact Assessment
Measures
Assessing Security Threats in Mass Transportation Sites
Project number
261826
Call (part) identifier
FP7-Security-2010-1
Funding scheme
Collaborative Project
2
Table of content
EXECUTIVE SUMMARY 3
1. INTRODUCTION 4
2. TRANSNATIONAL TRENDS IN TERRORISM, TRANSNATIONAL ORGANIZED CRIME, ILLEGAL MIGRATION, CYBER CRIME, TRANSNATIONAL WHITE COLLAR CRIME 6
2.1 TRANSNATIONAL ORGANISED CRIME 7
2.2 TRANSNATIONAL WHITE COLLAR CRIME 10
2.3 TERRORISM 14
2.4 ILLEGAL MIGRATION 16
2.5 CYBERCRIME 18
2.6 CONCLUSION 19
3. ASSESSING SECURITY THREATS: FLOWS, NODES AND PROACTIVENESS 21
3.1 NODAL SECURITY GOVERNANCE 22
3.2 NODAL ORIENTATION AT SCHIPHOL INTERNATIONAL AIRPORT 23
3.3 CONCLUSION 26
4. TWO MODELS OF PROACTIVE MASS TRANSPORTATION SECURITY 27
5. RISK-BASED SECURITY POLICIES: THREATS, VULNERABILITIES, AND CRITICALITIES 33
5.1 A QUANTITATIVE RISK ASSESSMENT MODEL FOR AIRPORT SECURITY 35
5.2 A QUALITATIVE RISK ASSESSMENT MODEL FOR PUBLIC TRANSPORT SECURITY 37
5.3 EVALUATION 39
6. SCENARIO THINKING 46
6.1 SCENARIO EXERCISES 48
7. CONCLUSION 49
BIBLIOGRAPHY 51
3
Executive summary
In deliverable 6.2 we present a literature review of current scientific research and the
analysis of security threats. We provide an in-depth review of authoritative transnational
and European threat assessments about organized crime, cybercrime, white-collar crime,
illegal migration, and terrorism, and we further explore the conceptual and methodological
challenges these assessments raise based on a literature review of current scientific research
about policing mass transportation sites and a high-level review of security assessment
methodologies in the EU transport sector. We conclude that the assessment of security
threats to inform SMT evaluations can benefit from scenario studies, not to present ready-
made SMT solutions for security threats, but to improve the quality of decision-making
about SMTs in mass transportation sites (cf. DOW, 11). The findings of the literature review
suggest that qualitative decision-making about SMTs, in light of security threats, requires
methodologies that introduce and mobilize a sound knowledgebase about these threats to
the SMT decision-making process, and these include outside perspectives (e.g. scientific
analyses), threat and risk assessment trends and security intelligence, to encourage long-
term thinking, support the creation of a common vision and a shared understanding of
‘security’ among different stakeholders, and to challenge decision-makers assumptions
about security threats and SMTs to avoid tunnel vision, rigidity and bias in decision-making.
As such, scenario studies can allow decision-makers to assess threats, possible targets and
impacts in ways that contribute to a process-oriented and reflexive evaluation of SMTs.
4
1. Introduction
SIAM is an assessment support system that intends to support the evaluation or
assessment of security measure and technology (SMT) proposals. The development of a
support system goes beyond the idea that strategic decision-makers, policy-makers, and
academics need to be informed about how efficient particular SMTs are at performing a
particular task. Surely such considerations are important. Decision-makers want to make
cost-benefit analyses, which requires them to know what SMTs can do exactly and how
much they cost. There is, however, much more to evaluating SMTs than considering their
efficiency. In addition to efficiency, assessing what an SMT can do and at what cost, decision-
makers need to know if the SMT performs tasks that will actually improve security. Is the
SMT effective in providing security, and what does it mean ‘to provide security’? Once
decision makers find that an SMT is efficient and effective, they face yet another range of
considerations. What effects does the SMT have on the customer experience? Will
passengers be willing to use the mass transportation facility once an SMT is in place? What
effects does the SMT have on the citizen? Does the SMT fit with the principles of a
democratic society? Have decision-makers considered how SMT investments affect
customers and citizens’ trust? Are decision-makers aware of people’s expectations about the
use of SMTs, and do they know if people are confident about the ways in which SMTs are
mobilized?
WP6 focuses on the issue of security. The evaluation of SMT proposals requires
decision-makers to assess whether SMTs actually address probable targets and impacts so
that investments in security concepts that do not focus on any relevant threat or a criminal
action can be avoided. Decision-makers therefore have to (be able to) reflect on possible
targets and victims, consider how threats are actually carried out, and what the impact of a
threat might be (DOW, 7, 10-11, 26-28). The key objective of WP6 is then to develop
scenarios that give insights about possible targets for specific threats, as well as the impacts
those targets could suffer (DOW, 30; see infra). The choice was made to develop scenarios,
as these tools are expected to provide answers to questions about what could happen from
the moment that these threats materialise (DOW, 26).
As such, WP6 presents a number of conceptual and methodological challenges.
Decision-makers need to evaluate SMT proposals, and information about security threats is
5
an important part of that evaluation. But what are security threats exactly, and how do
decision-makers obtain such information? The DOW suggests we focus on 5 security threats:
If decision-makers need to evaluate SMT proposals, and if we believe information
about security threats is an important part of that evaluation, what do decision-makers need
to be informed about exactly? ‘Security’ refers to a field of practices that intend to provide
protection against deliberate acts and/or the intentional infliction of harm (Van Sluis and
Bekkers, 2009). Harm that is inflicted unintentionally, e.g. environmental disasters or
accidents, is not included in SIAM. ‘Threats’, as they are usually conceptualised in risk
assessments, refer to ‘the likelihood that a specific type of attack will be initiated against a
specific target’ (Tamasi and Demichela, 2011: 893). As such, the assessment of threats most
often requires information about the intent and capability of offenders to carry out a
particular act (Vander Beken, 2004). Threat assessments are thus essentially developed to
inform decision-makers about people’s intent to carry out a particular act and their
capability to do so.
WP6 suggests that we focus on terrorism, transnational organized crime, illegal
migration, cyber crime, transnational white collar crime. Each of these categories are policy
priorities in the EU, and although in practice they often connect and intertwine, they are
believed to represent distinct categories of deliberate acts that are committed for specific
purposes. Each of these acts are believed to be threats because European policy-makers
believe there are individuals and groups that have the intent and capability to perform them,
and are likely to perform them in the future.
The EU, and various other public and private international organizations, have
developed threat assessments to be informed about these security threats and draft policies
that are more evidence-based. As such, these reports attempt to develop a knowledge-base
to improve the quality of decision-making. We will review these reports to assess whether
7
they might be useful for SIAM and the evaluation of SMT proposals1. We do not intend to
present a legal analysis, an historical overview of the 5 security threats, nor will we present
elaborate datasets about these issues. Our aim is to present a review that allows us to
understand what each of these threats mean in practice and what the most important
trends are. We highlight trends that apply to Europe, and where possible, we point to the
implications of these trends to mass transportation sites.
2.1 Transnational Organised Crime
Under the United Nations Organized Crime Convention, transnational organized
crime (TOC) is defined ‘as any serious transnational offence undertaken by three or more
people with the aim of material gain’ (TOCTA, 2010: 1). The Transnational Organised Crime
Threat Assessment Report (TOCTA), which is drafted by UNODC (2010: v)2, maps the
following main organized crime flows from, or to, Europe (TOCTA, 2010: 1; v-vi) 3:
- Heroin (from Afghanistan to Europe)
- Cocaine (from the Andean region, South America to Europe)
- Fire arms (from Eastern Europe to Africa)
- Smuggling of migrants (from East – Africa, West-Africa, North- Africa to West and
Central Europe)
- Trafficking female victims (from Brazil, The Balkans, The Russian Federation to
West and Central Europe)
1 For the purpose of this review we have selected threat assessments that report on the most recent global
and/or European trends for each of the 5 security threats selected in SIAM: the EU organised crime threat assessment - OCTA (Europol, 2011), Global Money Laundering and Terrorist Financing Threat Assessment (FATF/OECD, 2010), the Internet facilitated organised crime threat assessment - iOCTA (Europol, 2011), TE-SAT 2011: EU Terrorism Situation and Trend Report (Europol, 2011), the 2010 Report on Terrorism (NCTC, 2011), The role of organized crime in the smuggling of migrants from West Africa to the European Union (UNOCD, 2011), Transnational organized crime threat assessment – TOCTA (UNODC, 2010), the Internet Security Threat Report (Symantec Corp, 2011) and the 2012 Threats Predictions (McAffee Labs, 2011) 2 The TOCTA-report provides the most comprehensive information about transnational organized crime that is
currently available. The report was prepared by the Studies and Threat Analysis Section, Policy Analysis and Research Branch, Division for Policy Analysis and Public Affairs, UNODC, experts from the Stockholm Peace Research Institute, Environmental Investigation Agency, and Cybercrime Research Institute, TRAFFIC, INTERPOL, Small Arms Survey and Europol, as well as the input and data from national governments. 3 The TOCTA report also identifies cybercrime as an important transnational organized crime threat, but does
not identify it in terms of a flow. We will discuss cybercrime more in depth further on. Money laundering, which is connected to organized crime in that it is used to process criminal proceeds, will also be discussed more in depth in the section white collar crime.
8
- Counterfeit consumer goods (from China to Europe)
- Timber (from South-East Asia to West and Central Europe)
- Cassiterite, a tin oxide mineral (from the Democratic Republic of the Congo to
West and Central Europe)
The report identifies the growth of civil aviation over the past 30 years as one of the
main drivers for illicit activity (TOCTA, 2010: 29-30). Organized crime threats that are
primarily reported on in the context of airport facilities are trafficking in persons and the
trade in cocaine. Of particular interest, and because of geographical challenges, are Latin
American traffickers that make use of tourism agencies to recruit victims, most often
women, and these women are transported by air, using regular airlines and three-month
tourist visas to cross the borders at major European airports (TOCTA, 2010: 45). Additional
threats in this context are the victims being trafficked from Brazil to Europe using ‘European
administrated territories in the Caribbean or South America to reduce the risks of being
intercepted in Europe’ (TOCTA, 2010: 45). The trade of cocaine is a second organized crime
threat that is explicitly linked to airport facilities. Although the largest shipments and
seizures of cocaine continue to be made at sea, a large number of smaller shipments are
detected at airports and in the mail (TOCTA, 2010: 45).
The 2011 Europol Organised Crime Threat Assessment (OCTA) allows for a more
detailed perspective on organized crime threats in Europe. One of its key findings is that a
new organized crime landscape seems to be emerging in Europe (OCTA, 2011: 8). Criminal
groups seem to collaborate more, and this occurs in multiple jurisdictions and criminal
sectors. There is a greater mobility in and around the EU, a diversification of illicit activity,
and a growing dependence on a dynamic infrastructure, anchored in key locations and
facilitated by widespread use of the Internet. The report focuses on the following organized
- Environmental crime (illegal waste trafficking, trafficking in endangered species)
These organized crime activities can also be located geographically. Europol identifies
5 major organized crime hubs (OCTA, 2011: 9): (i) the North West hub, which functions as
the main coordination centre for drug distribution in Europe; (ii) the North East hub, with its
transit of ‘illicit commodities to and from the Former Soviet Union’ and its ‘violent poly–
criminal groups with international reach’; (iii) the South West hub, which functions as a
transit zone for victims of trafficking in human beings for sexual exploitation and the transit
and distribution of cocaine and cannabis; (iv) the Southern hub, in which some of the best
resourced criminal groups in Europe operate, and which seems to function as ‘a centre for
counterfeit currency and commodities, a transit zone for victims of trafficking in human
beings and illegal immigrants’; (v) the South East hub, which has known the greatest
expansion in recent years, ‘as a result of increased trafficking via the Black Sea, proliferation
of numerous Balkan routes for illicit commodities to and from the EU, and a significant
increase in illegal immigration via Greece’.
The OCTA documents various organized crime trends that involve mass
transportation sites, and its findings have profound implications for policing such sites. First,
organized crime groups use commercial and passenger transport infrastructure, i.e.
container shipments, air freight, and light aircraft, to shorten supply chains, and Europol
believes this trend is likely to become more important (OCTA, 2011: 48). The result is that
the routes for illicit commodities have become more diversified and flexible (OCTA, 2011: 8).
Second, most organized crime threats identified in the OCTA are best perceived in
terms of flows (cf. the TOCTA – report). They involve the transfer of money, the trafficking of
illicit goods and people from, to, and through particular locations (hubs) in Europe.
Commercial and passenger transport infrastructures are used to facilitate these flows. What
happens in mass transportation sites, the organized crime threats they face, is thus
connected to processes that occur far beyond the reach of local security experts or decision-
makers.
10
Third, if organized crime threats should be perceived in terms of flows, this means
that mass transportations sites are inevitably connected to one another. For the heroin
trade, for instance, where West-African groups seem most involved, and the involvement of
Iranian, Iraqi and Pakistani groups is growing, connections have been found between
airports in Pakistan, Iran, India and the EU, with direct flights or stopovers in West and East
Africa (OCTA, 2011: 11-12). What happens at one mass transportation site, whether local
security policies interrupt or facilitate flows, thus profoundly affects what happens to other
mass transportation sites. For instance, the more prominent role of the Dominican Republic
as a transit point for cocaine is believed to be the result of law enforcement actions against
the former Dutch colonies in that area. A similar trend was found in the TOCTA (2010: 45,
supra), where organized crime groups involved in trafficking human beings move their
operations to particular areas precisely to avoid the risk of being intercepted. West-African
groups play a prominent role in trafficking cocaine to the EU by air courier, yet fewer (male)
couriers of West-African origin are identified at European airports because women and EU
nationals are recruited to act as cocaine couriers from Latin America to evade law
enforcement (OCTA, 2011: 13). Security policies at one particular location thus not only
affect the nature of organised crime flows, their origin, shape and direction, they inevitably
have an impact on other security policies as well.
Finally, because mass transportation sites are crucial to the flow of goods and people,
the ability to pass through these sites undetected is of crucial importance. Mass
transportation sites thus face counterfeit or forged documents, the illicit use of visas and
other personal or travel documents, the abuse of asylum procedures, the exploitation of
legislative loopholes, the abuse of legitimate business structures (travel, employment and
shipping agencies) and the creation of businesses, e.g. small private airlines for smuggling,
that are used to that end (TOCTA, 2010; see also: OCTA, 2011: 21).
2.2 Transnational white collar crime
White collar crime can be perceived as ‘a heterogeneous group of offences
committed by people of relatively high status or enjoying relatively high levels of trust, and
made possible by their legitimate employment’ (Tombs and White, 2001: 319-320). As such,
the focal issue of white collar crime is the identity (the status) of the offender, rather than
11
any particular offence or the manner in which an offence is committed. In this review we
focus on transnational white collar crime, which implies that offences are either committed
in more than one state, or committed in one state but planned and controlled in another,
the offences can have an impact on another state than the state where they are committed,
or they can be committed in one state by groups (or individuals) that operate in different
states (UNODC, 2010: 25). We thus focus on threats assessments with a global or regional
(European) focus on white collar crime, i.e. the Global Money Laundering and Terrorist
Financing Threat Assessment (FATF/OECD, 2010)4, and such assessments focus primarily on
money laundering and other threats to the integrity of the financial systems and
institutions5. Because the FATF suggests that it is currently not possible to provide detailed
threats and global trends about money laundering due to a lack of factual, reliable and
quantifiable data (FATF/OECD, 2010: 59), we amend the FATF/OECD report with findings
from the 2011 Europol Organised Crime Threat Assessment (OCTA, 2011: 40), in which
money laundering is identified as a horizontal issue: as money laundering refers to the
processing of criminal proceeds to disguise their illegal origin (FATF, 2012), it connects to all
offences that bring forth such proceeds6.
The FATF/OECD report (2010: 8) suggests that the money that is laundered through
the financial systems comes from all the designated categories of offences that are defined
in the FATF Recommendations7. However, the main sources of criminal proceeds are tax,
4 The Financial Action Task Force (FATF) is an inter-governmental body that develops and promote policies,
legislative and regulatory reforms, both at national and international levels, to combat money laundering and terrorist financing (see: FATF: 2012, available at: http://www.fatf-gafi.org/. 5 In this review we cannot review global or European trends about corruption. Due to its covert nature, there
are no reliable and standardized data about the frequency or amount of corruption on a global, regional or even local level (Transparency International, 2011: 3). As such, Transparency International publishes perception indexes, such as the Corruption Perceptions Index, the Bribe Payers’ Index (BPI), and the Global Corruption Barometer (GCB). Additional information can be found in Transparency International’s annual reports and Global Reports about corruption. The latter focuses on thematic issues (e.g. corruption and climate change in 2009) and descriptive country reports. 6 In its 40 Recommendations, which were updated in February 2012, the FATF suggests that ‘predicate offences
for money laundering should cover all serious offences and countries should seek to extend this to the widest range of predicate offences’ (FATF/OECD, 2012: 13). 7 These designated offences are: ‘participation in an organised criminal group and racketeering; terrorism,
including terrorist financing; trafficking in human beings and migrant smuggling; sexual exploitation, including sexual exploitation of children; illicit trafficking in narcotic drugs and psychotropic substances; illicit arms trafficking; illicit trafficking in stolen and other goods; corruption and bribery; fraud; counterfeiting currency; counterfeiting and piracy of products; environmental crime; murder, grievous bodily injury; kidnapping, illegal restraint and hostage-taking; robbery or theft; smuggling; (including in relation to customs and excise duties and taxes); tax crimes (related to direct taxes and indirect taxes); extortion; forgery; piracy; and insider trading and market manipulation’.
12
fraud, corporate crimes, embezzlement, intellectual property crimes and drug related
crimes. Other source trends that have been identified are internet-based crimes, the
smuggling of goods and contraband, taxation or excise evasion, corruption and bribery,
including the embezzlement of public funds (FATF/OECD, 2010: 8). Features that are widely
abused by money launderers and terrorist financiers are cash and bearer negotiable
instruments, the transfer of value, assets and stores of value, gatekeepers,
jurisdictional/environmental aspects (FATF/OECD, 2010: 11-12). From these findings, the
FATF identifies a number of global threats that often involve more than one jurisdiction and
are carried out using both formal and informal systems, as well as multiple sectors and
techniques (FATF/OECD, 2010: 59): the smuggle and use of cash, internet-based systems and
new payment methods, complicated commercial structures and trusts, wire transfers, and
trade-based transactions, often involving the use of false or stolen identities.
investigation and detection of individual crimes’ (Maguire, 2000: 315). Ratcliffe and Guidetti
(2008: 111) suggest that intelligence-led policing is not a methodology to gather
information, it is a business model and ‘an information-organizing process that allows police
agencies to better understand their crime problems and take a measure of the resources
available to be able to decide on an enforcement tactic or prevention strategy best designed
to control crime’. Crime intelligence is thus used to direct police resources with the aim of
reducing and preventing (serious) crime, and disrupting criminal activities (Ratcliffe, 2008).
The European field of crime control thus promotes the use of intelligence to allow for a
proactive approach: decision makers want to be informed about significant and emerging
challenges and threats to anticipate, plan and take appropriate preventive action, and target
their crime control efforts better. The key objective is then for law enforcement agencies to
develop proactive or future-oriented law enforcement action, i.e. to develop plans and tools
that can aid decision-makers in the assessment of criminal goals, objectives and intentions
(Verfaillie, et. al., 2006).
3.1 Nodal security governance
The past decades, and in particular in the wake of the 9/11 terrorist events, airports
and mass transportation sites have been identified as high-risk locations that require a
strategic, future-oriented and targeted approach in which particular people, activities or
areas need to be identified, analysed and managed for security purposes. Such locations
have been described as ‘nodes’ that require a ‘nodal orientation’ (Bekkers, van Sluis and
Siep, 2006; van Sluis and Bekkers, 2009: 78-80; van Sluis, Marks and Bekkers, 2011; Marks,
Van Sluis and Bekkers, 2012). A nodal orientation focuses on the management of ‘nodes’ and
‘flows’. People, goods, energy, capital and information move from one location to the other
(‘flows’). As they do, they make use of physical and virtual infrastructures and spaces, where
they mingle, merge and connect (‘nodes’). From a nodal security perspective, security
experts thus focus, and intend to govern the nodes where flows come together.
The monitoring and governance of flows, nodes, infrastructures and spaces implies
that a variety of security experts and stakeholders are involved in the management of
security issues. Wood and Shearing (2007; Shearing, 2005: 58) have referred to this plurality
of actors in the governance of nodes as ‘nodal security governance’, or the idea that the
23
public police are but one node in a security network. It is important to distinguish between
the notion of nodal policing as it was introduced by Shearing (2005) and the Dutch notion of
nodal policing, i.e. ‘nodal orientation’. The former refers to the idea that security is governed
through security networks that consist of different nodes (e.g. the police)9. The latter
accepts that same idea but adds a perspective on policing that focuses on infrastructural
networks (Van Sluis, Marks and Bekkers, 2011: 365).
In this review we focus mainly on the Dutch interpretation of nodal policing as it was
first adopted by the Dutch Board of Police Chiefs (2005) in the strategy document ‘police in
evolution’ and further developed by Bekkers, van Sluis and Siep (2006). We focus on this
perspective as it seems to integrate and reinvigorate many of the conceptual discussions
about ‘policing’ and the police function that have been conducted the previous decades
(Hoogenboom, 2009), and, more important, it is one of the very few and recently developed
perspectives on policing described in police literature that explicitly recognises the
particularity of policing mass transportation sites, providing an innovative framework to
analyse and comprehend modern security assemblages in such contexts. As such, the notion
of nodal orientation connects to our findings in the first part of this review, which suggest
that we can perceive of airports and mass transportation sites as nodes in which flows of
people, goods, energy, capital and information come together. As these flows pass through
the node they become the object of various monitoring and governance practices of a
variety of security experts and stakeholders all involved in the management of security. We
will review the key findings of a case study of Schiphol international airport that was
developed by Van Sluis and Bekkers (2009: 78-92). These case-study results will allow us to
illustrate and elaborate on the notion of a nodal orientation and nodal security governance
in mass transportation sites so that we can understand how security threats are assessed in
such locations.
3.2 Nodal orientation at Schiphol International Airport
Schiphol is a node, it represents a node of infrastructures (air, road, rail) in which
mainly people and goods flow and a diverse set of public and private activities are
9 The idea of networked security governance is an important and much-debated trend in policing and crime
control (see e.g. Bailey and Shearing (1996), Loader (2000), Garland (2001), Loader and Sparks (2002), Woods (2006), Crawford (2007), Brodeur (2010), for an overview and critique see: Jones and Newburn (2002))
24
performed 24/7. For the management of security issues Schiphol distinguishes between
safety and security (Van Sluis and Bekkers, 2009: 81-82; see also, supra). The management of
safety implies the involvement of actors and stakeholders that focus on problems that
emerge unintentionally, such as aviation safety, environmental safety, traffic safety, and fire
safety. The management of security implies the involvement of actors and stakeholders that
focus on the protection against deliberate acts and threats, guarding and the security of the
public. Safety and security are secured through the use of public-private cooperation
schemes, CCTV systems, control of (and intervening in) flows of goods and people in
aviation, rail and road; the use of information and information management; control of hand
luggage; the demarcation of security areas and the use of biometrics to secure access to
specific areas; the use of security scans and cooperation with the US (Van Sluis and Bekkers,
2009: 82-85).
The Dutch nodal orientation, the governance of flows within the node that is
Schiphol10, thus involves a wide array of public and private (security) actors and
technologies, each with their proper focus, competences and responsibilities in providing
safety and security, either in terms of inspection, guarding, monitoring, order maintenance
or prosecution. In order for this multitude of actors, technologies and policies to be
successful in providing safety and security from a nodal orientation perspective, Van Sluis
and Bekkers (2009: 86-90) have identified a number of important prerequisites and critical
success factors:
(i) The development of nodal strategies and methods
The basic idea behind nodal orientation is that nodes provide important focal issues
for policing, regardless of any imminent threat, precisely because these are locations where
important (illicit) flows pass through or connect. As such, nodal strategies and methods have
to be developed that allow security experts to render potentially harmful behaviour
‘transparent’ (van Sluis and Bekkers, 2009: 78). To that end, security experts will focus on
monitoring flows and securing infrastructure access and exit points (e.g. iris scans, body
10
Van Sluis and Bekkers (2009: 87) argue that Schiphol, as a node, in itself contains multiple sub nodes (e.g. baggage handling hubs). What is thus important is that a node is a location or space where flows of people and or goods, communication, energy and so forth come together.
25
scans). What is considered ‘normal’, deviant’ or potentially harmful is either determined in
terms of checking forbidden goods (e.g. body scanners) or assessing people and goods based
on information in databases (e.g. automatic licence plate recognition systems), or it can be
determined in terms of the way flows or nodes are supposed to operate. Security experts
and analysts will then focus on behaviour in a node or flow that deviates from how these
nodes and flows are expected to function (see also: Marks, Van Sluis and Bekkers, 2012).
(ii) Cooperation and governance
A nodal orientation implies that the plurality of actors and technologies involved in
policing a node come to understand and accept that they operate within a node and that
they share a common interest (Van Sluis and Bekkers, 2009: 87). This requires different
stakeholders and security actors to reflect on their role and position within a network of
security actors, and this should be done for each node and flow. Cooperation and
governance thus requires communication platforms and cooperation agreements.
(iii) Information gathering and information management
Nodal orientation strategies are based on intelligence gathering and sharing so that a
proactive approach can be developed (Van Sluis and Bekkers, 2009: 88). If these strategies
are to be successful security experts need to gather information about vulnerabilities and
obtain information from a variety of sources so that risk profiles and relations can be
detected.
So a nodal orientation strategy implies that security experts need to be able to
monitor flows and secure or control access and exit points. They need to develop
cooperation and governance schemes in which responsibilities are clearly defined.
Information needs to be gathered and shared so that risk profiles might be developed that
allow for proactive action. Based on their case-study, however, van Sluis and Bekkers (2009:
86-88) identify a number of challenges a nodal orientation perspective faces, but remain
underdeveloped. First, there is the issue of proactiveness. If security experts are to draft risk
profiles from the information they gather and if they are to monitor flows and secure or
control access and exit points in meaningful ways, ways that allows them to provide security
26
proactively, much more investments need to be made in the quality of risk definitions, risk
analysis, and risk evaluation, training of analysts to detect meaningful patterns and to
understand the dynamics of flows and nodes. Second, to develop clear risk concepts and to
understand the dynamics of flows and nodes is to invest in the development of a common
vision, cooperation and coordination among the different stakeholders involved in providing
security. Third, a common vision, cooperation and coordination requires stakeholders to
invest, first and foremost, in a fundamental debate about what it means to provide security.
What is security exactly, and what is deviant, suspicious or potentially harmful behaviour?
How do we want to organize security and at what cost? Fourth, a nodal orientation
perspective can have profound implications on privacy and requires a thorough reflection
about checks and balances. The need to create a common understanding about security
should thus inevitably be linked with a debate about safeguarding privacy and oversight.
3.3 Conclusion
Thus far we have reviewed the state-of-the-art in global and European threat
assessments in the 5 security fields identified in SIAM. We have reviewed contemporary
trends in policing mass transportation sites to better understand how decision-makers and
security experts intend to provide security, and we found that they try to come to grips with
the management of security in an age of networks and flows. The policing of networks and
flows requires information and the creation of intelligence so that security experts can
develop proactive strategies to tackle security threats. With our review of nodal policing,
and the Dutch nodal orientation perspective in particular, we found that policing mass
transportation sites is perceived in terms of monitoring flows, securing access and exit
points, developing cooperation and coordination schemes among a variety of security
stakeholders, and organizing information gathering and information management to allow
for proactive security strategies. At the same time, however, Van Sluis and Bekkers (2009)
suggested that most of these key notions are rather underdeveloped (see also: Van Sluis,
Marks and Bekkers, 2011) and raise particular but unresolved challenges in the field of
privacy and oversight.
The past decades airports and mass transportation sites have indeed developed a
wide variety of practices to assess security threats and gather information so that they can
27
move beyond the traditional reactive response to crime. ‘To be proactive’, however, has
come to mean a wide variety of things and has come to refer to a wide range of practices
among which considerable differences exist. Governments, airports and mass transportation
sites invest in security actors and technologies, and use various risk and threat assessments.
Some of them conduct critical infrastructure and vulnerability analyses, they use red teams,
threat image projections and role plays to improve awareness and avoid a cognitive bias of
security staff and management. Airports and mass transportation sites are the object of
scenario exercises, strategic warning and early warning systems. All of these practices are
developed with a focus on the future, the prevention of threats, and in case of contingency
planning and resilience studies, decision-makers attempt to mitigate the consequences of
possible future threats.
In the remainder of this review, we will thus explore what methodologies exist for
the assessment of threats in airports and mass transportation sites. In line of our findings
thus far, these should be methodologies that allow decision-makers to go beyond the threat
information provided in the global and European threat reports, but at the same time allow
them to further exploit that information to develop proactive threat assessments that can be
used as an integral part of an SMT evaluation.
4. Two models of proactive mass transportation security
In the wake of 9/11, governments have taken significant steps to shape and redesign
the organization of security in mass transportation sites, and in civil aviation in particular.
From 2002 onwards, the European Parliament and the Commission have established a set of
common rules for civil aviation security to harmonize airport security policies in the EU11 in
11
See Regulation (EC) No 2320/2002, which was repealed by Regulation (EC) No 300/2008 to simplify, further harmonize, and clarify the existing rules on civil aviation security and to improve the levels of security. In 2009, the basic common standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 were supplemented by the Commission Regulation (EC) No 272/2009 and Commission Regulation (EU) No 1254/2009 set criteria to allow Member States to derogate from the common standards on civil aviation security and adopt alternative security measures. In 2010, Regulation (EC) No 300/2008 was amended by the Regulation (EU) No 18/2010, which provides specifications for national quality control programmes in the field of civil aviation security. Commission Regulation (EU) No 72/2010 laid down procedures for conducting Commission inspections in aviation security and Commission Regulation (EU) No 185/2010 laid down detailed measures for the implementation of the common basic standards on aviation security. This last Regulation has been amended to further enhance harmonization and a common interpretation of aviation security in the EU and its application to third countries (see e.g. Commission Regulation (EC) No 1087/2011, Commission Regulation (EC) No 1147/2011, and Commission Regulation (EC) No 173/2012).
28
terms of a common interpretation of ICAO Annex 17 to the Convention on International Civil
Aviation, commonly referred to as the Chicago convention, which covers the minimum
aviation security standards and recommended practices for international civil aviation (ICAO,
2006).
For the implementation of Annex 17, policymakers developed a Security Manual for
Safeguarding Civil Aviation Against Acts of Unlawful Interference, which is a restricted
document (doc 8973) that intends to assist States bound by the convention for the
application of the Convention’s standards and recommended practices (ICAO, 2012). The
ICAO suggests that both Annex 17 and doc 8973 are ‘constantly being reviewed and
amended in light of new threats and technological developments that have a bearing on the
effectiveness of measures designed to prevent acts of unlawful interference’. In its latest
2010 edition, doc 8973 provides guidelines for (i) the national organization and
administration; (ii) recruitment, selection and training; (iii) airport security, organization,
programme and design requirements; (iv) preventive security measures; (v) crisis
management and response to acts of unlawful interference. These last set of guidelines
focus on, and emphasize, the importance of ‘threat and risk assessments, contingency plans,
the collection and transmission of information during an act of unlawful interference, and
the subsequent review, analysis and reporting of any act of unlawful interference’ (ICAO,
2012).
Poole (2009: 9) suggests that the Chicago convention contains an important paradox in
how it intends to harmonize and develop security in civil aviation. On the one hand,
‘Standard 3.1.3 of Annex 17 states that each contracting state ‘shall keep under
constant review the level of threat to civil aviation within its territory, and establish and
implement policies and procedures to adjust relevant elements of its national civil
aviation security program, based on a security risk assessment carried out by the
relevant national authorities’ (Poole, 2009: 9).
On the other hand, Poole (2009: 9) points out that
‘Annex 17 goes on to provide standards for pre-board screening of passengers and
baggage, the quality of screeners and periodic testing of them, passenger-bag
29
reconciliation, cargo security controls, access control via secure identification and
random screening, and airport perimeter control. Other Annexes provide for secured
cockpit doors, procedures for dealing with disruptive passengers, and air marshals. In
other words, there is tension between the implication that various inputs and methods
must be used and the directive that decisions should derive from risk analysis based on
up-to-date intelligence’.
The same ambiguity or tension between advising governments what measures have to
be in place and suggesting that decisions about security measures should be based on risk
assessments and up-to-date intelligence can be found in EU Regulation (EC) No 300/2008,
which harmonizes EU aiport secrutiy in providing a common interpretation of the Chicago
convention. On the one hand, Regulation (EC) No 300/2008 and Commission Regulation (EU)
No 185/2010, specify in detail how the common basic standards on aviation security in the
EU have to be implemented. Although these regulations leave some room for choice about
implementing SMTs, they do intend to harmonize security policies, which inevitably implies a
significant reduction of the choices that can be made about the use of SMTs by particular
airports throughout the EU. On the other hand, however, Regulation (EC) No 300/2008
points to the importance of evolving risk assessments to legislation, it allows Member States
to apply more stringent measures laid down in the Regulation on the basis of risk
assessments, as long as these measures are in compliance with Community law, relevant,
objective, nondiscriminatory and proportional to the risk that is being addressed, and it
allows Member States to derogate from the common basic standards to adopt alternative
security measures that provide an adequate level of protection on the basis of a local risk
assessment. Commission Regulation (EU) No 1254/2009, which regulates the derogation
from the basic standards and the adoption of alternative measures suggests that these
alternative measures can be less stringent than the standards proscribed in Regulation (EC)
No 300/2008 (see also: Poole, 2009).
The EU has thus put in place detailed standards about what security in aiports is and
how such sites should be organized to that end. These standards have come about, and
continue to transform, in terms of past events and technological innovations. Information
about past threats is used to adopt new security policies. From this perspective, ‘to be
proactive’ means to provide security in terms of events that have occurred, and measures
30
are put forward to prevent these events to occur again, not only at the same location but in
other locations as well. The basic assumption is thus that future threats will evolve in a
similar manner and investment in SMTs are needed to prevent these threats from unfolding,
regardless of the actual indication that any threat will or might unfold at any particular
location.
The prominence of risk assessments in aviation security legislation and policy can then
be seen as a way to objectify the implementation of any alternative measures, be it more or
less stringent ones. Risk assessments are thus used to develop more-tailored security
policies. They allow to prioritize and differentiate security policies in terms of relevant threat
levels, the kind of facility or the nature of traffic (for the latter see: Regulation (EU) No
1254/2009). As they seem more sensitive to actual threat levels, to the intent and capability
of offenders, and to the nature of the facility or context to be protected, they imply a
different approach to the proactive assessment of security threats in mass transportation
sites than the use of standards and recommended practices.
The use of risk assessments is likely to become more important for the assessment of
security threats in the EU field of mass transportation, and the tension between the two
approaches to proactiveness is a key issue in the public debate. Although, at this point, there
is no common formalized EU risk assessment approach in place to support mass
transportation security assessments, both EU policymakers and important industry
stakeholders have issued policies or have expressed their desire to move toward more risk-
based security policies.
For the movement of goods across borders an EU Security Amendment of the Customs
Code and the Common Customs Risk Management Framework (CRMF) was completed in
January 2011, ‘including systematic electronic submission of pre-arrival and pre-departure
declarations by trade, electronic risk analysis by EU customs, exchange of messages through
the Common Customs Risk Management System (CRMS) and the Authorised Economic
Operator (AEO) programme’, and further efforts will be made ‘to improve capabilities for
risk analysis and targeting’ (COM(2011) 790: 23).
Although from the Chicago convention and its restricted doc ICAO 8973, one might
infer that common guidelines about the use of risk and threat assessments in civil aviation
do exist (supra), in its recent First Annual Report on the implementation of the EU Internal
Security (COM(2011) 790: 8-9) the Commission announced that although Europol, Frontex,
31
the EU Joint Situation Centre (SitCen), and the European Commission's Monitoring and
Information Centre allow the EU ‘to draw on certain capacity and expertise in information
gathering, analysis, threat assessment and emergency response in the different areas of
internal security’ (…), ‘one of the main challenges for the coming years will be to move
gradually towards a coherent risk management policy, linking threat and risk assessment to
policy formulation and implementation’12.
Industry stakeholders too have argued for an increased use of risk-based security
policies, and they have done so mainly in terms of cost-reduction and passenger comfort. In
civil aviation, the Association of European Airlines (AEA) and the Airports Council
International – Europe (ACI Europe) issued a joint statement (ACIE/AEA, 2011) in which they
suggest that the burden for organizing aviation security is too high: whereas before 9/11,
security accounted for 5-8% of the operating cost, it now represents an estimated average of
29%, and these resources are invested in security technologies and security staff, which now
represent 41% of the total workforce. The ACIE/AEA (2011) suggest that the build up of
security investments have come to inconvenience passengers and that ‘resources should be
focused on passengers that pose a genuine threat’. They welcome EU initiatives such as the
‘one-stop’ security concept, ‘where a passenger or cargo consignment deemed ‘safe’ at any
EU airport continues to be regarded as ‘safe’ throughout the journey’, but argue that more
efforts need to be made in the international dimension, i.e. the development a global
perspective on aviation security.
To mitigate these problems the ACIE/AEA (2011) announce the project ‘Better Security’
to further reform and streamline aviation security in the future. ‘Better security’ implies that
security investments focus on ‘dangerous intent instead of dangerous objects’, which
12 It is unclear, however, to what extent and how exactly the development of a common EU risk assessment policy will apply to transnational crime and irregular migration, the 5 threats identified in SIAM. In the Commission Working Staff Paper (SEC(2010)1626: 6) about Risk Assessment and Mapping Guidelines for Disaster Management, the Commission suggests that its risk assessment and mapping guidelines apply to all natural and man-made disasters, including chemical, biological, radiological and nuclear disasters, but ‘armed conflicts and threat assessments on terrorism and other malicious threats’ are explicitly excluded. In its First Annual Report on the implementation of the EU Internal Security Strategy (COM(2011)790: 8-9), however, ‘the threat of malicious acts’ is included, although here too a common risk assessment policy is referred to in terms of crises and disaster management. The Commission furthermore clearly distinguishes between the need to further develop both the (existing) threat assessments and risk assessments, and for issues such as border management integrated interagency risk assessments should be developed. In 2014, all these efforts should culminate in a coherent risk management policy linking threat and risk assessments to decision making (COM 2010)673: 14; COM(2011)790).
32
requires ‘international cooperation and data sharing to strengthen the effectiveness of
passenger profiling’. Security strategies should be ‘proactive, not responsive’, i.e. ‘highly
unpredictable, but consistently adhered to, and based on effectiveness, not on past events’.
Security technologies must be further developed to provide high levels of security, ‘while
minimising passenger disruption’.
In November 2011, 14 European Member States of the ICAO agreed on a strategy to
improve aviation security in which the ‘risks to the security of international air transport
must be addressed through proactive and holistic means to detect threats, prevent unlawful
interference, assure the timely response to attacks and attempted attacks when they occur
and ensure air transport system resilience’ (ICAO, 2011). Initiatives the Member States have
committed to will focus on reducing ‘costly disruptions and delays’ (…) ‘through modern
detection technologies, one-stop security arrangements and more robust identity
management and document validation systems’ (…) ‘risk-based security measures, more
rapid sharing of security-critical information among government and industry stakeholders,
exchanges of best practices, enhanced security training and assistance to States in capacity
building and strengthening of national security systems’ (ICAO, 2011).
In the field of land transport security, in particular the transport of passengers over
land, a common EU security policy is not yet in place, and here too the nature of
proactiveness, deciding on common EU security policies and standards to prevent security
threats or focussing on more tailored risk-based security policies, is a much-debated issue.
Industry and public transport stakeholders explicitly denounce the need for a mandatory
standardisation or regulation in public transport security (UITP13, 2011)14. They argue that
both the threats and the features of public transport are distinct from the field of civil
aviation so that security policies and strategies from that field should not be transposed and
a one-sided focus on terrorism should be avoided. The public transport sector is a highly
diverse field of actors (e.g urban public transport versus long-distance passenger rail or rail
freight), each facing very different threats, which requires risk-based security policies,
‘tailored to the specific context and security threats faced’ (CER, et. al., 2011; UITP, 2011).
13
The UITP is the International Association of Public Transport, an international network for public transport authorities and operators, policy decision-makers, scientific institutes and the public transport supply and service industry. 14
See also the Joint letter from CER, COLPOFER, EIM, ERFA, RAILPOL, UIC and UITP (7/4/2011), representing the public transport and rail industry in Europe, to Matthias Ruete, Director of the DG MOVE: http://www.uitp.org/mos/positionspapers/130-en.pdf
According to the stakeholders, the EU should first and foremost support and facilitate these
tailored security policies at the strategic level, while avoiding a ‘common European approach
and/or policy on security which would be binding for all public transport networks in the EU’:
‘standardisation on specific technical topics could be useful’, (…) e.g. standardisation for the
exchangeability of images from video surveillance systems, (…) ‘but the standardisation of
operational procedures is neither practical nor beneficial’ (UITP, 2011).
The EU’s Internal Security Strategy (COM 2010) 673: 8) argues ‘for a more active
European approach to the broad and complex area of land transport security, and in
particular to the security of passenger transport’ in urban transport, ‘local and regional rail
and high-speed rail, including related infrastructure’. In its white paper Roadmap to a Single
European Transport Area – Towards a competitive and resource efficient transport system
(COM(2011)144: 11), the Commission suggests that a European approach to land transport
security needs to be found ‘in those areas where EU action has an added value’. That
approach will require public transport to have appropriate security systems in place, with
common EU security standards for the high-speed rail network as one of the priorities to be
assessed in 2012, but the focus will be on ‘setting security outcomes, rather than
prescriptive security requirements for transport’ ((COM, 2011)790: 17).
5. Risk-based security policies: threats, vulnerabilities, and criticalities
Thus far, we found that there are distinct ways to define and gather information on
security threats in the EU, and each of these perspectives and methodologies has different
implications for the use and evaluation of SMTs in mass transportation sites15. The global
and European threat assessments we reviewed focus mainly on the nature of past unlawful
acts and the capability and intent offenders have shown to commit these acts. Depending on
the qualitity of the available information, they prove to be valuable tools that show how and
where security threats manifest themselves, who is involved, and what the trends are.
Global and European threat assessments alone, however, do not provide a methodology
that allows decision-makers to assess the implications of the documented threat trends to a
15
To argue that these approaches are distinct is not to suggest that in practice they do not intertwine or that they are incompatible. As is obvious from our policy review, the EU is exploring meaningful ways to integrate the use of threat and risk assessments and the use of mandatory standardisation or regulation.
34
particular site or context. Analysis of these implications is important for the evaluation of
SMTs.
Mandatory standardisation or regulation of mass transportation security implies a top-
down definition and proscription of security and the organization of security through
regulations and standards, often developed in light of high impact past events or attempts,
and implemented across a sector and or region (e.g. ban on liquids). Even when the
standards and regulations allow for derogations or alternative security policies, which they
do, there still is relatively little room for extensive tailored or situated decision-making about
the use of SMTs.
A most prominent trend in the EU, however, seems to be the use of risk assessments to
assess security risks. Although, at this point, there is no common (disclosed) and formalized
EU risk assessment approach for transport security in place, its growing importance for the
assessment of security issues (and thus for the assessment of SMTs) suggests that we need
to explore this issue further to understand what risk assessments are, what information they
require to assess risks, and what the implications are as to how security experts assess
security threats, possible targets and consequences. Our aim is not to provide an in detail
review of the wide-range of risk assessment techniques and typologies that exist. We focus
on a quantitative and a qualitative risk assessment application in mass transportation
settings to understand their basic principles and how they are applied in such contexts. As
such, we will be able to assess whether risk assessments can overcome some of the focal
issues and challenges we encountered thus far in assessing security threats.
35
5.1 A quantitative risk assessment model for airport security
Tamasi and Demichela (2011: 893) suggest that although there are various ways to
conduct a risk assessment, they always consist of three basic elements: a threat assessment,
a vulnerability assessment, and a criticality assessment16. In airport security, risk
assessments have to empasize ‘the level of the current risk, the possible consequences of
attacks, and the actions to be undertaken if the residual risk is superior to the tolerable
values’ (Tamasi and Demichela, 2011: 893)17. Quantitative risk assessments in airport sites
should focus on (i) assessing threats, i.e. detecting the presence of hostile groups in the
home territory; evaluating the threat level in the nation; and evaluating the threat level near
airports; (ii) assessing vulnerabilities, i.e. analysing the critical points and the functional
importance of airport systems and infrastructures; evaluating protection systems for every
critical airport infrastructure and evaluation of the accessibility and vulnerability levels; (iii)
assessing criticality, i.e. analysing the potential accidental scenarios consequent to the
success of the attacks on critical targets; analysing the costs for the re-establishment of the
critical targets; and evaluation of the missed indirect incomes because of their unavailability;
evaluation of the economic losses related to every accidental scenario (Tamasi and
Demichela, 2011: 893).
16
We adopt the work of Tamasi and Demichela (2011) as they provide a basic overview of risk assessment principles and apply this to airport contexts. We do not refer to the EU guidelines for risk assessments here, as these were first and foremost developed to assess natural hazards and disasters. Further developments in EU policymaking will show if these guidelines will apply to transport security, and how they will be applied to that end. 17
For a visualization of the risk assessment approach see: fig 1 (Tamasi and Demichela, 2011: 894).
36
Fig. 1 Risk assessment approach in airports (Tamasi and Demichela, 2011: 893)
According to Tamasi and Demichela (2011: 893), risks can be quantified in terms of
the threat assessment, i.e. ‘the likelihood that a specific type of attack will be initiated
against a specific target (scenario)’, the vulnerability assessment, i.e. ‘the likelihood that
various safeguards against a scenario will fail’, and the criticality assessment, i.e. the
quantified ‘magnitude of the negative effects if the attack is successful’: [Threat (T) x
Vulnerability (V)] x Criticality (C). As such, the ultimate goal of conducting a risk assessment
is ‘to evaluate the risk associated to each critical element of the airport and the loss related
to the succes of the threats’ so that decisions about security investments can be considered
in light of risk impacts (Tamasi and Demichela, 2011: 893).
37
5.2 A qualitative risk assessment model for public transport security
In 2009, COUNTERACT18, a European research project coordinated by the
International Association of Public Transport (UITP), developed tools and guidelines to
improve security policies, in particular in the field of terrorism, of public transport
organizations. One of the objectives was to provide public transport organizations with
generic guidelines to assess security risks, and to that end a qualitative risk assessment
methodology was developed, tailored to the specific needs of the sector (Barr and Luyten
2010: 22-25; 2011). A qualitative risk assessment is based on expert opinion, not on
quantitative data sets, so it does not involve (or allow for) a calculation of measures of
likelihood, probability or impact. If quantitative data sets are used, they underpin the
qualitative expert assessment. Quantiative risk assessments are only as strong as the data
sets they are based on, just as qualitative risk assessments are dependent on the nature of
the experts and the quality of expertise. The preparation of the assessment and the
development of the different risk assessment steps should therefore be done in workshops
in which experts with relevant and qualitative expertise can participate.
The generic guidelines are straightforward and easy to use, and involve a step by step
process in which a matrix is filled out (see fig. 2). Experts have to select threats (top row) and
assets (left column). For each threat, the ‘probability of occurrence’ needs to be assessed,
ranging from very unlikely to very high (top of each square) and the ‘impact and severity’ of
each threat for each asset (bottom of each square), ranging from uncritical to disastrous.
Probability and impact and severity are not calculated or assessed in quantitative terms,
they require experts to reach a consensus about these notions in the preparatory phase of
the workshops.
18
Cluster Of User Networks in Transport and Energy Relating to Anti-terrorist ACTivities. More information about Counteract can be found at: http://www.uitp.org/eupolicy/projects-details.cfm?id=433. We review the qualitative methodology as it was published by Barr and Luyten (PTI, 2010).
38
Fig. 2 Qualitative riskassessment for public transport organizations (Barr and Luyten, 2010)
Finally, the ‘probability of occurrence’ and impact and severity are combined to
create risk categories (see fig. 3). Here too, the numbers and risk scores that are attributed
are used to better differentiate the risks so that a ranking of risks can be visualized.
39
Fig. 3 Risk categories (Barr and Luyten, 2010: 25)
5.3 Evaluation
Risk assessments have become an important tool to assess security threats in the EU.
Risk assessments are methodologies that are used to develop more evidence-based policies
and objectify decision-making in the field of mass transportation security. They allow
decision-makers to prioritize information and as such, they can support the assessment of
SMT investments. Although there are a wide variety of risk assessment methodologies
available and many of them are used in practice, the EU is making considerable efforts to
further develop, standardize and implement the risk assessment process in various fields.
Risk assessments are used in border management and the movement of goods, and
for crises and disaster management standardized ISO 31010 - based guidelines have been
developed to allow for a EU wide application. In aviation security, in its restricted doc. 8973,
the ICAO provides guidelines for risk and threat assessments to all its contracting States, and
we turned to the risk assessment process outlined by Tamasi and Demichela (2011), to
understand what the generic methodological principles of such risk assessments might be.
As our review of the EU policy debate showed that there seem to be distinct differences
between the approach of security threats in civil aviation and public transport, we also
reviewed the first generic qualitative risk assessment guidelines that were recently
developed for public transport organizations.
40
5.3.1 the framing of risk assessments
Though a valuable tool, in light of our findings, the use of risk assessments faces a
number of fundamental challenges. First, risk assessments seem to be overly focused on
terrorist threats against mass transport facilities. As such, security policies and SMTs are
often assessed in terms of attacker models. Decision-makers need to identify threats in
terms of the likelihood that an offender will initiate an attack against a target, they need to
assess vulnerabilities, i.e. weaknesses, critical points and the performance of the security
system, and they need to evaluate criticalities, i.e. assets, groups of people at risk,
significance of structures and so forth (Tamasi and Demichela, 2011: 893). Our review of
global and European threats, however, suggests that although some threats might in fact be
initiated against a mass transportation facility, or one of its assets, most of the security
threats are not. Smuggling timber, cash, drugs or stolen goods, trafficking human beings,
irregular migration, they are all issues that occur at an airport or mass transportation site, or
they are issues for which such sites are used, but none of them are explicitly aimed at mass
transportation facilities and its assets. In other words, conducting risk assessments to
understand the risk of security threats to a facility might seem sensible for counter terrorist
purposes, its focus differs significantly from assessments of the risk that a facility will be
used for unlawful acts.
This distinction, or the issue of focus of risk assessments, matters profoundly for the
evaluation of SMTs, even in the field of terrorism. If we assess the risk of terrorism to a mass
transportation site, the usefulness of SMTs will be evaluated differently than when SMTs are
expected to detect and deny access to terrorists that simply use the facility to gain access to
a country or region to commit terrorist acts. The former poses a risk to the facility, whereas
the latter poses a risk to the location the terrorist attempts to gain access to. If we conduct a
risk assessment in which we simply assess threats to a facility, many of the threats we have
reviewed will not be selected or will not be perceived as a priority risk to the facility. The
Dutch nodal orientation perspective, with its focus on monitoring flows and securing access
and exit points, was sensitive to this issue, and highlighted the importance of developing risk
assessments to make unlawful acts within flows transparent or detect irregularities in the
movement of flows. SMTs are then used and evaluated in terms of their potential to detect
security risks, make transparent unlawful acts, from a process-oriented perspective.
41
Before risk assessments can be used, decision-makers thus need to reflect on what
these tools are for, and as the nodal orientation perspective suggested this requires a debate
about the nature of security threats. Do we assess the risk that drugs are transported across
borders, do we intend to assess drug transactions and drug abuse in airports and public
transport sites, or do we want to assess the risk of drugs to the facility and its assets? If the
challenge of multiple focal security issues is to be resolved in terms of multiple risk
assessments, e.g. for border management and facility risk assessment, this poses challenges
to priority-setting and evaluation of SMT investments in mass transportation facilities.
Multiple risk assessments conducted for different purposes and by different actors will
significantly complicate any overall evaluation of SMTs in light of security risks at mass
transportation facilities. The Dutch nodal orientation perspective suggested that this issue
could be resolved in terms of cooperation and coordination schemes, but at the same time
indicated that this often is an underdeveloped feature of mass transportation security.
5.3.2 Multi-layered and multi-stakeholder decision-making
Decision-making about SMTs should be objectified and evidence-based, and when
rigorously used, risk assessments offer to do just that, but their outcome can point to the
need to set priorities and make decisions that can not always be made. Based on a risk
assessment, local airport security management might find that liquids are not a priority risk
at their site. Yet, EU policy-making at this point does not allow a particular airport facility to
lift the ban on liquids. The debate about mandatory standardization and regulation versus a
more prominent focus on local and tailored security policies (supra) suggests that decisions
about the use of SMTs are made at multiple levels, and this raises the issue which decision-
makers need to be informed about what kinds of security threats and at what level risk
assessments need to be conducted and for what purpose.
5.3.3 Qualitative data and the problem of incomplete knowledge
Most challenging, however, seems the risk assessment methodology itself. Risk
assessments, both qualitative or quantitative, are only as good as the information on which
they are based. They are valuable tools if the threats decision-makers have identified are
42
actually the threats that need to be considered. When we reviewed the global and EU threat
assessments, we found that the available data is rather limited, often out-of-date and
frequently conflicting, rendering quantitative estimates, in particular, imprecise (cf TOCTA,
2010: v, supra). If decision-makers intend to develop quantitative risk assessments for
evidence-based decision making about SMTs, in particular in the fields that were identified
in SIAM, they would have to gather data that allows them to assess the likelihood that a
terrorist attack, an organized crime attack, a cyber crime attack, a deliberate act of fraud or
corruption, and a deliberate breach of immigration laws will be initiated against a target in
an airport or mass transportation context and/or that these sites will be used for such
purposes. In light of the methodological limitations of the current EU and global threat
assessments such data is not available. Based on the available knowledge that is provided by
the threat assessments, we cannot calculate probabilities or quantify the likelihood that a
specific attack will be initiated against a specific target. We can thus not use traditional risk
assessments to determine what will most likely happen or what the most likely scenario will
be. Targets cannot be assessed in this manner.
As such, the use of what-if scenarios to assess possible or probable targets (e.g. Cole
and Kuhlman, 2010) does not solve that issue. The selection and consideration of scenarios
that might happen, both in qualitative and quantitative risk assessments, do not allow
decision-makers to set priorities and make evidence-based evaluations of SMT proposals. If
decision-makers were to find that the SMT constellation at a mass transportation site
performs poorly in light of what-if scenarios, they will inevitably find weaknesses that should
be resolved or SMTs that can be optimized. If used excessively, what-if scenarios will
inevitably lead to the finding that much more SMT investments need to be made in light of
the wide range of issues that are currently not considered. It then remains unclear on what
grounds SMT investments would need to be made and how decision-makers might strike the
balance with other SMT related concerns.
One might argue that the limitations we encountered are inherent to open-source
threat assessments, and that much more detailed and up-to-date information can be found
in undisclosed sources that might be available to the security expert community. Still the
security threats we face are adaptive and flexible and their covert nature makes it hard to
assess capabilities, intent and time of occurrence. One might attempt to resolve this in terms
of adaptive risk assessment models or by frequently conducting risk assessments, but such
43
models too are dependent on the availability of timely disseminated and qualitative
intelligence. For instance, the UK Joint Terrorism Analysis Centre (JTAC)19 communicates
terrorist threat levels that are based on available intelligence about very specific developing
threats in addition to assessments of the level and nature of current terrorist activity, events
in other countries and previous attacks, and for the threat level to remain relevant and up-
to-date, assessments of timescale are crucial.
The issue of adaptation, timescale and the ability to act on up-to-date intelligence
again poses challenges for the evaluation of SMT investments. How to invest in SMTs in light
of adaptive and flexible threats of which our knowledge is inevitably incomplete and which
have the potential to unfold within a short time-scale? How to evaluate SMT proposals to
tackle security threats that take much longer to plan and unfold and of which the outcome is
uncertain? The 2006 liquid bomb plot in the UK, for instance, was not prevented based on
quantitative risk assessments of terrorist threats, but on intelligence gathering and timely
intervention through a cooperative effort by British and American authorities. In the wake of
this plot far-reaching restrictions on liquids were put into place, not just for passenger
believed to constitute a security risk, but for passengers altogether. The EU ban on liquids
will not be lifted, the idea that liquids pose a threat remains, but new detection and
screening technology will be implemented to secure access points in airports. The liquid
bomb plot raises the issue that aviation security was obtained through an effective
performance of law enforcement and the intelligence community, not in terms of effective
airport security policies. We already addressed the question whether such incidents should
prompt policymakers to react in terms of mandatory standardization and regulation or
whether they should support situated and tailored security policies in which risk
assessments take a prominent place. However, if we acknowledge that qualitative
intelligence is important to many of the security threats we face, and if we acknowledge that
such intelligence can not be obtained by mass transportation management but should first
and foremost be the outcome of effective law enforcement and intelligence gathering, the
evaluation of SMT investments should also include an assessment of the performance of the
law enforcement and intelligence community and a debate about its role in providing mass
Fig. 4 Methodological responses to incertitude (Stirling, 2007: 312)
Stirling shows that although we might not be able to meet the standards of complete
knowledge needed to conduct traditional quantitative risk assessments, depending on the
knowledge we have, our ability to describe hazards, possibilities, outcomes and their
probabilities, we can turn to other methodologies to support decision-making. These
conditions are ‘neither discrete nor mutually exclusive and typically occur together in varying
degrees in the real world’ (Stirling, 2007: 309), nor is it possible to assign the different
security threats we reviewed to one particular condition. What is important, however, for
the purpose of this task, is that, in light of the various challenges we identified, we further
explore methodologies that do allow decision-makers to use information about relevant
emerging and developing threats for the evaluation of SMTs. Methodologies that proscribe
what SMT investments need to be made to prevent security threats are unavailable. Security
experts might not be able to predict what will happen, calculate probabilities or conduct
traditional probabilistic risk assessments, but decision-makers can be made aware of
relevant threats. To raise awareness about security threats is distinct from merely providing
decision-makers with information. Evaluations of SMTs that are made in light of security
threats, face the problem of framing, multi-layered decision-making, and incomplete or even
conflicting knowledge about security threats, so what is needed in such a landscape is a
methodology that prompts decision-makers not only to consider the available threat
46
information, but to reflect on how that information applies to their mass transportation
setting. Stakeholders and security experts involved in the development of the security
policies in a mass transportation site need to be aware of how relevant and documented
trends identified in existing threat assessments apply to their setting, and this also implies
that they need a methodology that allows them to obtain an informed consensus about
what constitutes ‘security’ or a ‘security threat’ in their setting. We believe that such
methodologies can be found in the field of scenario studies.
6. Scenario thinking
Schwartz and Ogilvy (2004: 2) define scenarios as
‘narratives of alternative environments in which today’s decisions may be played out.
They are not predictions, nor are they strategies. Instead they are more like
hypotheses of different futures specifically designed to highlight the risks and
opportunities involved in specific strategic issues’.
Elsewhere we argued that the use of scenarios remains a much debated issue,
primarily because of the conceptual and methodological diversity, as well as the ambiguity
that exists about the concrete effects scenarios might have on successful strategic planning
(Vander Beken and Verfaillie, 2010: 195). Yet, they have been applied in many fields and
have proven to be valuable in the context of corporate strategy building, catalysing change
and action, stimulating collaborative learning and creating a shared vision and increased
alignment around strategic direction (Scearce and Fulton 2004, Bradfield et al. 2005, see also
Verfaillie and Vander Beken 2008a, 2008b).
Most important, however, as Schwartz and Ogilvy point out, is that although many
scenario methodologies exist, and although they can serve many different purposes, they
are never predictions. They never depict what the future will be like or how events will play
out, nor do they replace information gathering methodologies and crime intelligence
applications that support concrete criminal investigations. Scenarios are most often used to
create a common vision and a shared understanding of a strategic issue. They intend to
surface and question decisionmakers (strategic) assumptions, and to make them aware of
47
issues or perspectives on issues they don’t consider, or don’t consider to be important, and
they intend to show what the consequences might be if these issues are left unattended20.
Scenarios thus invite decisionmakers to be reflexive about the strategic issues at hand, and
throughout the review we have found this to be a crucial issue for the evaluation of SMTs. In
its final report, the 9/11 Commission concluded that improving decision-making in security
policies in terms of foresight is not about finding an expert who can imagine that planes
might be used for terrorist purposes. It is about improving the quality of decision making.
This requires decision makers to make informed decisions, include information from multiple
perspectives, so that tunnel vision and rigidity in decision making can be avoided (e.g. a one-
sided focus on terrorism or decision-making in terms of mere political assumptions).
In mass transportation security scenarios can help decision-makers (i) comprehend
the complex geo strategic environment in which they operate (e.g. transnational flows),
facilitate a larger vision of objectives, and assess existing and alternative SMT strategies; (ii)
understand security threats or unlawful acts, as scenario studies will prompt them to make
use of threat and risk assessments about terrorism, organised crime, cyber crime, white-
collar crime, and irregular migration; (iii) surface and challenge their assumptions, and the
assumptions made by the different stakeholders about security threats and the ways in
which security threats can be mitigated, so that a common vision about security at their site
can be obtained.
It is beyond the purpose of this review to develop a scenario methodology that can
be used in mass transportation sites for the evaluation of SMTs21. We will outline some of
the basic tools that are easy to use so that the principles of scenario studies become clear.
We will do so based on the work of Scearce and Fulton (2004: 39-45).
20
As such, one might argue that the qualitative risk assessment methodology developed in counteract might serve a similar purpose, or has the potential to do so. As participants of this risk assessment exercise are invited to assess, actively discuss and reflect on threats, assets, the probability of occurrence of threats and their impact and severity, the counteract methodology will inevitably surface decisionmakers (strategic) assumptions, and might make them aware of issues or perspectives on issues they don’t consider, or don’t consider to be important, and it will show them what the consequences might be if particular threats are left unattended. 21
Based on this review we did, however, develop guidelines for the scenario building exercises in deliverable 6.3. To that end we suggested that the counteract methodology be used as a common framework for the further construction and selection of scenarios.
48
6.1 Scenario exercises
One of the basic and frequently used scenario exercises is the scenario matrix, which
consists of a number of methodological steps (Schwartz, 1997; Ringland, 2002). The amount
of steps might differ, but the basic process remains identical all together. Scearce and Fulton
(2004: 24-34) describe a 5-step process that requires participants (decision-makers) (i) to
identify a focal issue (what are the scenarios about), a time-frame, and ensure the input
from multiple perspectives; (ii) explore the dynamics that shape the focal issue; (iii)
synthesise and combine the driving forces (‘critical uncertainties’ and ‘predetermined
elements’) that were identified to create scenarios; (iv) situate and imagine the focal issue in
the scenarios; (v) monitor.
Scearce and Fulton (2004: 39-40) suggest that decision-makers might not have the
time or resources to conduct scenario exercises along the lines of this basic process and
therefore they outline alternatives, each of them, however, reflect the basic idea of scenario
thinking, that is to think long term, to introduce outside perspectives, and to challenge
assumptions.
A first alternative is to ‘articulate the official future’. This exercise implies ‘the explicit
articulation of a set of commonly held beliefs about the future external environment that an
organization implicitly expects to unfold’ (Scearce and Fulton, 2004: 41). For mass
transportation security this would require scenario developers to surface assumptions about
how, for instance, organized crime threats are unfolding in the EU. When the assumptions
have been surfaced, the official future is tested against the actual environment (e.g.
information about organized crime trends that can be found in the global or EU organized
crime threat assessments) and the mass transportation security strategy. What is thus
considered in this exercise is whether the official future, the assumptions of security
management, are aligned with how shifts in the environment are actually unfolding, and
whether the official future is aligned with the organization’s strategy and actions (Scearce
and Fulton, 2004: 42).
A second alternative, and very similar to the official future exercise is to test existing
strategies by focussing on stable trends in the environment (Scearce and Fulton, 2004: 41).
In other words, the question here is whether decision-makers have strategies in place in
49
which stable trends are being considered (e.g. do mass transport security policies take the
trends into account that are identified in the available threat and risk assessments?).
A third alternative is to discuss scenario implications (Scearce and Fulton, 2004: 43).
In these kinds of exercises, participants draw on scenarios that already exist, and they use
them to explore the implications for their organization and its strategies. As such, decision
makers can be made aware of strategic issues at hand without having to draft scenario’s
themselves.
7. Conclusion
In this paper, we have presented a literature review of current scientific research and
the analysis of security threats. We first provided an in-depth review of authoritative
transnational and European threat assessments to assess what is currently known about
organized crime, cybercrime, white-collar crime, illegal migration, and terrorism, and we
evaluated the strengths and weaknesses of these reports. We then further explored these
findings, and the conceptual and methodological challenges they raised, and focused on
current scientific research about policing mass transportation sites to better understand
how decision-makers and security experts intend to provide security and assess threats in
such sites. We found that decision-makers try to come to grips with the management of
security in an age of networks and flows. The policing of networks and flows requires
information and the creation of intelligence so that security experts can develop proactive
strategies to tackle security threats. With our review of nodal policing, and the Dutch nodal
orientation perspective in particular, we found that policing mass transportation sites is
perceived in terms of monitoring flows, securing access and exit point, developing
cooperation and coordination schemes among a variety of security stakeholders, and
organizing information gathering and information management to allow for proactive
security strategies.
The literature review of trends in policing prompted us to explore what
methodologies exist for the assessment of threats in airports and mass transportation sites,
and to that end we reviewed the EU policy debate about transport security. This debate
shows that there are distinct ways to be proactive, to define and gather information about
security threats and organize transport security in the EU. There are European threat
50
assessments, there is mandatory standardisation or regulation of mass transportation
security and there are risk assessments, and each of these perspectives and methodologies
has different implications for the use and evaluation of SMTs in mass transportation sites.
In light of the growing importance of risk assessment methodologies to assess
security risks in the EU, we decided to elaborate on this issue to understand what risk
assessments are, what information they require to assess risks, and what the implications
are as to how security experts assess security threats, possible targets and consequences. As
there currently is no common (disclosed) and formalized EU risk assessment approach for
transport security in place, we chose not to provide an in detail review of the wide-range of
risk assessment techniques and typologies that exist in theory, but focused on a recent
quantitative and a qualitative risk assessment application in mass transportation settings to
understand the basic principles of such tools and how they are applied in such contexts.
This review showed that the use of risk assessments for mass transport security
purposes faces a number of fundamental challenges, i.e. the problem of framing, multi-
layered decision-making, and incomplete or even conflicting knowledge about security
threats. With Stirling, we argued that these challenges should not prompt decision-makers
to abandon informed decision-making, as there are many alternative tools available that can
support decision-making. We concluded that the assessment of security threats to inform
SMT evaluations can benefit from scenario studies, not so much to help decision-makers
prepare for what might happen or to make them more resilient to surprise, but to improve
the quality of decision-making. This review suggests that to increase the reflexivity of SMT
assessments (DOW, 11) is to surface and challenge decision-makers assumptions about
security threats and the use of SMTs to tackle those threats, to encourage informed long-
term thinking about security threats and to support the creation of a common vision and a
shared understanding of ‘security’, and to introduce a sound knowledgebase, outside
perspectives, threat assessments and intelligence, to that end. In this way, scenario studies
can contribute to a process-oriented and reflexive evaluation of SMTs.
51
Bibliography
ACIE/AEA (2011) Joint Briefing. Aviation Security: 10 Years on from 9/11. Available from:
http://files.aea.be/news/joint_ACI_AEA.pdf [Accessed 25 February 2012]
Anderson, B. (2010) ‘Preemption, precaution, preparedness: Anticipatory action and future
geographies’, Progress in Human Geography, 34 (6): 777-798.
Bailey, D. and Shearing, C. (1996) ‘The Future of Policing’, Law and Society Review, 30 (3):
585-606.
Barr, L. and Luyten, D. (2010) ‘Conducting Risk Assessments in PT Networks – Guidelines for
Operators’, Public Transport International, 60 (1): 22-27.
Bekkers, V.J.J.M., Van Sluis, A. and Siep, P.A. (2006) De nodale oriëntatie van de Nederlandse
politie: over criminaliteitsbestrijding in de netwerksamenleving. Bouwstenen voor een
beleidstheorie. Rotterdam: Center for Public Innovation.
Boyle, P. and Haggerty, K. (2009) ‘Spectacular Security: Mega-Events and the Security
Complex’, International Political Sociology, 3, 257-274.
Bradfield, R., et al. (2005) ‘The origins and evolution of scenario techniques in long range
business planning’, Futures, 37 (8), 795-812.
Brodeur, J.-P. (2010) The Policing Web. Oxford: Oxford University Press
Chermack, T.J. (2007) ‘Disciplined imagination: building scenarios and building theories’,
Futures, 39 (1), 1-15.
Cope, N. (2004) ‘Intelligence led policing or policing led intelligence? Integrating volume
crime analysis into policing’, British Journal of Criminology, 44 (2), 188-203.
52
Cole, M. and Kuhlman, A. (2010) ‘Preparing Today’s Airport Security for Future Threats – A
Comprehensive Scenario-Based Approach’, Security in Futures – Security in Change,
1-10.
Commission Regulation (EC) No 272/2009 of 2 April 2009 supplementing the common basic
standards on civil aviation security laid down in the Annex to Regulation (EC) No
300/2008 of the European Parliament and of the Council. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 1254/2009 of 18 December 2009 setting criteria to allow
Member States to derogate from the common basic standards on civil aviation
security and to adopt alternative security measures. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 18/2010 of 8 January 2010 amending Regulation (EC) No
300/2008 of the European Parliament and of the Council as far as specifications for
national quality control programmes in the field of civil aviation security are
concerned. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 72/2010 of 26 January 2010 laying down procedures for
conducting Commission inspections in the field of aviation security. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures
for the implementation of the common basic standards on aviation security.
Available from: http://ec.europa.eu/transport/air/security/legislation_en.htm
[Accessed 25 February 2012]
53
Commission Implementing Regulation (EU) No 1087/2011 of 27 October 2011 amending
Regulation (EU) No 185/2010 laying down detailed measures for the implementation
of the common basic standards on aviation security in respect of explosive detection