This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
With the increase of needs for controlling the passengers that use different modes of transport such as airports, ports, trains, or future ones as hyper loops, security facilities are a key element to be optimized. In the current study, we present an analysis of a security area within an airport with particular restrictions. To improve the capacity, different categories and policies were devised for processing passengers and we propose to adapt the system to these categories and policies. The results indicated that, by designing a proper category in combination with novel technology, it is possible to increase the capacity to values of 2 digits (in terms of passengers/day). As a proof-of-concept, we use a case study of an area within an airport in Mexico based on data and layout of early 2019.
COVID-19 arrived in the world suddenly and unexpectedly. It caused major disruptions at economical, operational and other levels. In the case of flight traffic, the operations were reduced to 10% of their original levels. The question after COVID-19 is how to restart the operations and how to keep the balance between safety and capacity. In this paper we present an analysis using simulation techniques for understanding the impact in a security area of an important airport in Latin America; the airport of Mexico City. The results allow to illustrate the potential congestion given by the implemented covid-19 restriction, even when the traffic recovers only by 25% of the pre-covid-19 traffic. The congestion can be mitigated by applying some layout changes (snake queue vs parallel queue) and when more capacity is added to the system (extra security line). The results will raise situational awareness for airport stakeholders when implementing the actions suggested by different international institutions like WHO, IATA or ICAO.
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
Since the 1970s, Caribbean reefs have transitioned from coral-dominated to algal-dominated ecosystems. The prevalence of algae reduces coral recruitment, rendering the reefs unable to recover from additional disturbances and jeopardizing crucial ecosystem services, including coastal protection, fisheries, and tourism. One of the main factors to the proliferation of algae is the scarcity of grazers, which is a result of overfishing and disease outbreaks. While fishing supports livelihoods, enhances local food security, and is an integral part of the Caribbean communities' culture, it remains a significant threat to coral reefs. Consequently, the Nature and Environmental Policy Plan (NEPP) 2020-2030, outlining conservation and restoration priorities in the Caribbean Netherlands, underscores the necessity of an integrated approach to tackle the complex challenges of coral reef restoration and fisheries development. The Saba government, and nature management organizations of Bonaire, St. Eustatius, and Saba are implementing the NEPP. Together with University of Applied Sciences Van Hall Larenstein, Wageningen University and WWF, they aim to identify novel species of native invertebrate grazers with the dual purpose of reef restoration and fisheries diversification. The Caribbean king crab (Maguimithrax spinosissimus), the West Indian sea egg (Tripneustes ventricosus), and the West Indian top shell (Cittarium pica) have been identified as potential candidates. Despite their preference to graze on macroalgae, their current densities are inadequate. Population enhancement of these species holds promise for reducing algae, promoting biodiversity, and simultaneously supporting small-scale fisheries. However, there is limited knowledge regarding the ecological effects and socio-economic potential of these grazers. The ReefGrazers project aims to assess the current densities of these herbivores around the BES islands, analyze their impacts on the reef, and evaluate their retention post-restocking. Socio-economic research will quantify current small-scale fishing practices, while market analysis will help assess the potential for the development of these novel resources as sustainable fisheries.
Despite the benefits of the widespread deployment of diverse Internet-enabled devices such as IP cameras and smart home appliances - the so-called Internet of Things (IoT) has amplified the attack surface that is being leveraged by cyber criminals. While manufacturers and vendors keep deploying new products, infected devices can be counted in the millions and spreading at an alarming rate all over consumer and business networks. The objective of this project is twofold: (i) to explain the causes behind these infections and the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data; and (ii) to promote effective remediation mechanisms that mitigate the threat of the currently vulnerable and infected IoT devices. By performing large-scale passive and active measurements, this project will allow the characterization and attribution of compromise IoT devices. Understanding the type of devices that are getting compromised and the reasons behind the attacker’s intention is essential to design effective countermeasures. This project will build on the state of the art in information theoretic data mining (e.g., using the minimum description length and maximum entropy principles), statistical pattern mining, and interactive data exploration and analytics to create a casual model that allows explaining the attacker’s tactics and techniques. The project will research formal correlation methods rooted in stochastic data assemblies between IoT-relevant measurements and IoT malware binaries as captured by an IoT-specific honeypot to aid in the attribution and thus the remediation objective. Research outcomes of this project will benefit society in addressing important IoT security problems before manufacturers saturate the market with ostensibly useful and innovative gadgets that lack sufficient security features, thus being vulnerable to attacks and malware infestations, which can turn them into rogue agents. However, the insights gained will not be limited to the attacker behavior and attribution, but also to the remediation of the infected devices. Based on a casual model and output of the correlation analyses, this project will follow an innovative approach to understand the remediation impact of malware notifications by conducting a longitudinal quasi-experimental analysis. The quasi-experimental analyses will examine remediation rates of infected/vulnerable IoT devices in order to make better inferences about the impact of the characteristics of the notification and infected user’s reaction. The research will provide new perspectives, information, insights, and approaches to vulnerability and malware notifications that differ from the previous reliance on models calibrated with cross-sectional analysis. This project will enable more robust use of longitudinal estimates based on documented remediation change. Project results and methods will enhance the capacity of Internet intermediaries (e.g., ISPs and hosting providers) to better handle abuse/vulnerability reporting which in turn will serve as a preemptive countermeasure. The data and methods will allow to investigate the behavior of infected individuals and firms at a microscopic scale and reveal the causal relations among infections, human factor and remediation.
