Om goed in te spelen op complexe ontwikkelingen in onze snel veranderende samenleving, hebben organisaties hulp en handvatten nodig. In dit artikel wordt daartoe een driestapsaanpak beschreven voor het inzetten van toekomstscenario’s bij strategievorming: identificeren van drivers for change; toekomstscenario’s creëren en toekomstscenario’s toepassen. Deze aanpak is in de praktijk toegepast, drie van deze praktijkcases worden hier beschreven: ‘Grafimedia 3.0’; ‘The food after tomorrow’ en ‘Een leefbare stad Eindhoven 2030’. Op basis van de resultaten uit deze cases en de verschillen en overeenkomsten ertussen kunnen de volgende aanbevelingen worden gegeven: de tijdshorizon van de toekomstscenario’s moet aansluiten bij de urgentie van de opdrachtgever; adequate begeleiding bij het toepassen van de toekomstscenario’s is onmisbaar en het is belangrijk om actief te zijn in het verbeelden van de toekomst, voor zowel de makers van de toekomstscenario’s als voor de opdrachtgever. In order to comply with the complex and rapid developments of our society when directing an organization, policymakers need help and guidance. To offer these, this article describes a three-step approach for using future scenarios in strategy development: the identification of drivers for change, the creation of future scenarios and the practical application of these future scenarios. This approach has been used in real life and three of these cases are described here: ‘Grafimedia 3.0’; ‘The food after tomorrow’ and ‘Een leefbare stad Eindhoven 2030’ (‘A livable Eindhoven in 2030’). The following recommendations can be derived based on the case results and their differences and similarities: the time scale of the future scenarios should match the urgency of the client’s situation, adequate tutoring in the practical application of the future scenarios is essential and, lastly, it is important, not only for the creators of the future scenarios but also for the client, to imagine the future in an active fashion.
Airports have undergone a significant digital evolution over the past decades, enhancing efficiency, effectiveness, and user-friendliness through various technological advancements. Initially, airports deployed basic IT solutions as support tools, but with the increasing integration of digital systems, understanding the detailed digital ecosystem behind airports has become crucial. This research aims to classify technological maturity in airports, using the access control process as an example to demonstrate the benefits of the proposed taxonomy. The study highlights the current digital ecosystem and its future trends and challenges, emphasizing the importance of distinguishing between different levels of technological maturity. The role of biometric technology in security access control is examined, highlighting the importance of proper identification and classification. Future research could explore data collection, privacy, and cybersecurity impacts, particularly regarding biometric technologies in Smart Access Level 4.0. The transition from Smart Access Level 3.0 to 4.0 involves process automation and the introduction of AI, offering opportunities to increase efficiency and improve detection capabilities through advanced data analytics. The study underscores the need for global legislative frameworks to regulate and support these technological advancements.
Cybercriminaliteit is een veelvoorkomend probleem geworden in Nederland (CBS, 2022). Nederlandse gemeenten hebben cybercrime dan ook breed als beleidsprioriteit opgepakt. Gemeenten geven daarbij aan behoefte te hebben aan handvaten om hun inwoners en ondernemers weerbaarder te maken tegen cybercriminaliteit. In het project “Cyberweerbaarheid: Een gemeentelijk offensief ter preventie van slachtofferschap van cybercrime” werken professionals uit twaalf4 gemeenten en vier5 regionale veiligheidsnetwerken samen met onderzoekers van de Haagse Hogeschool, Hogeschool Saxion en het Nederlands Studiecentrum Criminaliteit en Rechtshandhaving (NSCR) aan wetenschappelijk onderbouwde interventies waaromee ambtenaren openbare orde en veiligheid de cyberweerbaarheid van burgers en bedrijven binnen hun gemeente kunnen vergroten. In dit rapport staat slachtofferschap van cybercriminaliteit onder mkb’ers centraal. Het midden‐ en kleinbedrijf (mkb) wordt relatief vaak slachtoffer van cybercriminaliteit en ondervindt hiervan in hoge mate schade (CBS, 2018; Notté et al., 2019). Met name de toename van slachtofferschap van ransomware binnen het mkb is een zorgelijke ontwikkeling. Het is van groot belang dat mkb’ers maatregelen nemen om een ransomware aanval te voorkomen en de schade zo veel mogelijk te beperken. Beschermende maatregelen worden echter door veel mkb’ers slechts in geringe mate ingezet (Bekkers et al., 2021; CBS, 2021; Notté et al., 2019; Veenstra et al., 2015). De cyberweerbaarheid van mkb’ers (het vermogen van een organisatie om cyberincidenten te weerstaan, daarop te kunnen reageren en van te herstellen, zodat de organisatie operationeel blijft) is daardoor te beperkt. In dit rapport presenteren we de ontwikkeling en evaluatie van een interventie genaamd “MKB Cyber Buddy’s”. Het doel van de interventie is om de weerbaarheid van mkb’ers tegen ransomware te vergroten. De interventie is er op gericht om mkb’ers niet alleen te informeren over cybercriminaliteit, maar ze ook door actieve deelname tot een positieve gedragsverandering te brengen. Onder mkb’ers verstaan we in dit onderzoek ondernemers met minimaal één en maximaal 250 werknemers. De hoofdvraag in dit rapport is: Is de interventie “MKB cyber buddy’s” een effectieve interventie voor Nederlandse gemeenten om de cyberweerbaarheid van mkb’ers in hun gemeente met betrekking tot ransomware te bevorderen? Het doel van dit rapport is tweeledig. Enerzijds beschrijft dit rapport de onderbouwing en ontwikkeling van de interventie “MKB Cyber Buddy’s”. Anderzijds beschrijft dit rapport de evaluatie van de pilot die is uitgevoerd in 2022, betreffende de effectiviteit, sterke kanten, valkuilen en onvoorziene gevolgen van de interventie. Hiermee zullen inzichten geboden worden in hoe de interventie verbeterd kan worden en in de toekomst op grotere schaal kan worden ingezet.
The integration of renewable energy resources, controllable devices and energy storage into electricity distribution grids requires Decentralized Energy Management to ensure a stable distribution process. This demands the full integration of information and communication technology into the control of distribution grids. Supervisory Control and Data Acquisition (SCADA) is used to communicate measurements and commands between individual components and the control server. In the future this control is especially needed at medium voltage and probably also at the low voltage. This leads to an increased connectivity and thereby makes the system more vulnerable to cyber-attacks. According to the research agenda NCSRA III, the energy domain is becoming a prime target for cyber-attacks, e.g., abusing control protocol vulnerabilities. Detection of such attacks in SCADA networks is challenging when only relying on existing network Intrusion Detection Systems (IDSs). Although these systems were designed specifically for SCADA, they do not necessarily detect malicious control commands sent in legitimate format. However, analyzing each command in the context of the physical system has the potential to reveal certain inconsistencies. We propose to use dedicated intrusion detection mechanisms, which are fundamentally different from existing techniques used in the Internet. Up to now distribution grids are monitored and controlled centrally, whereby measurements are taken at field stations and send to the control room, which then issues commands back to actuators. In future smart grids, communication with and remote control of field stations is required. Attackers, who gain access to the corresponding communication links to substations can intercept and even exchange commands, which would not be detected by central security mechanisms. We argue that centralized SCADA systems should be enhanced by a distributed intrusion-detection approach to meet the new security challenges. Recently, as a first step a process-aware monitoring approach has been proposed as an additional layer that can be applied directly at Remote Terminal Units (RTUs). However, this allows purely local consistency checks. Instead, we propose a distributed and integrated approach for process-aware monitoring, which includes knowledge about the grid topology and measurements from neighboring RTUs to detect malicious incoming commands. The proposed approach requires a near real-time model of the relevant physical process, direct and secure communication between adjacent RTUs, and synchronized sensor measurements in trustable real-time, labeled with accurate global time-stamps. We investigate, to which extend the grid topology can be integrated into the IDS, while maintaining near real-time performance. Based on topology information and efficient solving of power flow equation we aim to detect e.g. non-consistent voltage drops or the occurrence of over/under-voltage and -current. By this, centrally requested switching commands and transformer tap change commands can be checked on consistency and safety based on the current state of the physical system. The developed concepts are not only relevant to increase the security of the distribution grids but are also crucial to deal with future developments like e.g. the safe integration of microgrids in the distribution networks or the operation of decentralized heat or biogas networks.
Prompt and timely response to incoming cyber-attacks and incidents is a core requirement for business continuity and safe operations for organizations operating at all levels (commercial, governmental, military). The effectiveness of these measures is significantly limited (and oftentimes defeated altogether) by the inefficiency of the attack identification and response process which is, effectively, a show-stopper for all attack prevention and reaction activities. The cognitive-intensive, human-driven alarm analysis procedures currently employed by Security Operation Centres are made ineffective (as opposed to only inefficient) by the sheer amount of alarm data produced, and the lack of mechanisms to automatically and soundly evaluate the arriving evidence to build operable risk-based metrics for incident response. This project will build foundational technologies to achieve Security Response Centres (SRC) based on three key components: (1) risk-based systems for alarm prioritization, (2) real-time, human-centric procedures for alarm operationalization, and (3) technology integration in response operations. In doing so, SeReNity will develop new techniques, methods, and systems at the intersection of the Design and Defence domains to deliver operable and accurate procedures for efficient incident response. To achieve this, this project will develop semantically and contextually rich alarm data to inform risk-based metrics on the mounting evidence of incoming cyber-attacks (as opposed to firing an alarm for each match of an IDS signature). SeReNity will achieve this by means of advanced techniques from machine learning and information mining and extraction, to identify attack patterns in the network traffic, and automatically identify threat types. Importantly, SeReNity will develop new mechanisms and interfaces to present the gathered evidence to SRC operators dynamically, and based on the specific threat (type) identified by the underlying technology. To achieve this, this project unifies Dutch excellence in intrusion detection, threat intelligence, and human-computer interaction with an industry-leading partner operating in the market of tailored solutions for Security Monitoring.
