Safety and Security (S&S) have the same goal, that is to maintain the integrity of human, infrastructure, hardware, software, capital and intangible assets of a system. However, literature and practice indicate that the relationship between S&S has not yet been clearly defined and their boundaries remain blurry. The current paper presents a short review of academic and professional literature about the relationship between S&S. This relationship is examined by looking at the S&S dependencies, their similarities and differences, and the role of the human element in achieving and maintaining the desired S&S levels. The review of literature showed that (1) there is a tendency to emphasize on the effects of security on safety and underestimate the opposite, (2) human factors are not part of security training to the extent are addressed in safety training, (3) security and safety problems can be the result of both internal and external disturbances and agents, (4) the intentionality or not of outcomes, and not of the action, can stand as a valid criterion to classify an event as a security or a safety one correspondingly, (5) S&S issues can result in negative implications internally and externally to the system, and (6) the synergy between S&S is of paramount importance for achieving the optimum levels of system protection. The positions of this paper might comprise a basis for enriching educational programmes around S&S and igniting relevant research.
The sense of safety and security of older people is a widely acknowledged action domain for policy and practice in age-friendly cities. Despite an extensive body of knowledge on the matter, the theory is fragmented, and a classification is lacking. Therefore, this study investigated how older people experience the sense of safety and security in an age-friendly city. A total of four focus group sessions were organised in The Hague comprising 38 older people. Based on the outcomes of the sessions, the sense of safety and security was classified into two main domains: a sense of safety and security impacted by intentional acts and negligence (for instance, burglary and violence), and a sense of safety and security impacted by non-intentional acts (for instance, incidents, making mistakes online). Both domains manifest into three separate contexts, namely the home environment, the outdoor environment and traffic and the digital environment. In the discussions with older people on these derived domains, ideas for potential improvements and priorities were also explored, which included access to information on what older people can do themselves to improve their sense of safety and security, the enforcement of rules, and continuous efforts to develop digital skills to improve safety online. Original article at MDPI; DOI: https://doi.org/10.3390/ijerph19073960
MULTIFILE
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
Over the past decade, the trend in both the public sector and industry has been to outsource ICT to the cloud. While cost savings are often used as a rationale for outsourcing, another argument that is frequently used is that the cloud improves security. The reasoning behind this is twofold. First, cloud service providers are typically thought to have skilled staff trained in good security practices. Second, cloud providers often have a vastly distributed, highly connected network infrastructure, making them more resilient in the face of outages and denial-of-service attacks. Yet many examples of cloud outages, often due to attacks, call into question whether outsourcing to the cloud does improve security. In this project our goal therefore is to answer two questions: 1) did the cloud make use more secure?and 2) can we provide specific security guidance to support cloud outsourcing strategies? We will approach these questions in a multi-disciplinary fashion from a technical angle and from a business and management perspective. On the technical side, the project will focus on providing comprehensive insight into the attack surface at the network level of cloud providers and their users. We will use a measurement-based approach, leveraging large scale datasets about the Internet, both our own data (e.g. OpenINTEL, a large- scale dataset of active DNS measurements) and datasets from our long-term collaborators, such as CAIDA in the US (BGPStream, Network Telescope) and Saarland University in Germany (AmpPot). We will use this data to study the network infrastructure outside and within cloud environments to structurally map vulnerabilities to attacks as well as to identify security anti-patterns, where the way cloud services are managed or used introduce a weak point that attackers can target. From a business point of view, we will investigate outsourcing strategies for both the cloud providers and their customers. For guaranteeing 100% availability, cloud service providers have to maintain additional capacity at all times. They also need to forecast capacity requirements continuously for financially profitable decisions. If the forecast is lower than the capacity needed, then the cloud is not able to deliver 100% availability in case of an attack. Conversely, if the forecast is substantially higher, the cloud service provider might not be able to make desired profits. We therefore propose to assess the risk profiles of cloud providers (how likely it is a cloud provider is under attack at a given time given the nature of its customers) using available attack data to improve the provider resilience to future attacks. From the costumer perspective, we will investigate how we can support cloud outsourcing by taking into consideration business and technical constraints. Decision to choose a cloud service provider is typically based on multiple criteria depending upon the company’s needs (security and operational). We will develop decision support systems that will help in mapping companies’ needs to cloud service providers’ offers.
Since the 1970s, Caribbean reefs have transitioned from coral-dominated to algal-dominated ecosystems. The prevalence of algae reduces coral recruitment, rendering the reefs unable to recover from additional disturbances and jeopardizing crucial ecosystem services, including coastal protection, fisheries, and tourism. One of the main factors to the proliferation of algae is the scarcity of grazers, which is a result of overfishing and disease outbreaks. While fishing supports livelihoods, enhances local food security, and is an integral part of the Caribbean communities' culture, it remains a significant threat to coral reefs. Consequently, the Nature and Environmental Policy Plan (NEPP) 2020-2030, outlining conservation and restoration priorities in the Caribbean Netherlands, underscores the necessity of an integrated approach to tackle the complex challenges of coral reef restoration and fisheries development. The Saba government, and nature management organizations of Bonaire, St. Eustatius, and Saba are implementing the NEPP. Together with University of Applied Sciences Van Hall Larenstein, Wageningen University and WWF, they aim to identify novel species of native invertebrate grazers with the dual purpose of reef restoration and fisheries diversification. The Caribbean king crab (Maguimithrax spinosissimus), the West Indian sea egg (Tripneustes ventricosus), and the West Indian top shell (Cittarium pica) have been identified as potential candidates. Despite their preference to graze on macroalgae, their current densities are inadequate. Population enhancement of these species holds promise for reducing algae, promoting biodiversity, and simultaneously supporting small-scale fisheries. However, there is limited knowledge regarding the ecological effects and socio-economic potential of these grazers. The ReefGrazers project aims to assess the current densities of these herbivores around the BES islands, analyze their impacts on the reef, and evaluate their retention post-restocking. Socio-economic research will quantify current small-scale fishing practices, while market analysis will help assess the potential for the development of these novel resources as sustainable fisheries.
The goal of UPIN is to develop and evaluate a scalable distributed system that enables users to cryptographically verify and easily control the paths through which their data travels through an inter-domain network like the Internet, both in terms of router-to-router hops as well as in terms of router attributes (e.g., their location, operator, security level, and manufacturer). UPIN will thus provide the solution to a very relevant and current problem, namely that it is becoming increasingly opaque for users on the Internet who processes their data (e.g., in terms of service providers their data passes through as well as what jurisdictions apply) and that they have no control over how it is being routed. This is a risk for people’s privacy (e.g., a malicious network compromising a user’s data) as well as for their safety (e.g., an untrusted network disrupting a remote surgery). Motivating examples in which (sensitive) user data typically travels across the Internet without user awareness or control are: - Internet of Things for consumers: sensors such as sleep trackers and light switches that collect information about a user’s physical environment and send it across the Internet to remote services for analysis. - Medical records: health care providers requiring medical information (e.g., health records of patients or remote surgery telemetry) to travel between medical institutions according to specified agreements. - Intelligent transport systems: communication plays a crucial role in future autonomous transportation systems, for instance to avoid freight drones colliding or to ensure smooth passing of trucks through busy urban areas. The UPIN project is novel in three ways: 1. UPIN gives users the ability to control and verify the path that their data takes through the network all the way to the destination endpoint, both in terms of hops and attributes of routers traversed. UPIN accomplishes this by adding and improving remote attestation techniques for on-path routers to existing path verification mechanisms, and by adopting and further developing in-packet path selection directives for control. 2. We develop and simulate data and control plane protocols and router extensions to include the UPIN system in inter-domain networking systems such as IP (e.g., using BGP and segment routing) and emerging systems such as SCION and RINA. 3. We evaluate the scalability and performance of the UPIN system using a multi-site testbed of open programmable P4 routers, which is necessary because UPIN requires novel packet processing functions in the data plane. We validate the system using the earlier motivating examples as use cases. The impact we target is: - Increased trust from users (individuals and organizations) in network services because they are able to verify how their data travels through the network to the destination endpoint and because the UPIN APIs enable novel applications that use these network functions. - More empowered users because they are able to control how their data travels through inter-domain networks, which increases self-determination, both at the level of individual users as well as at the societal level.
