HOME/2013/CIPS/AG/4000005001

Terrorism & Other Security-related Risks in Transportation Systems

Wednesday, 21th January 2015

Villa Cambiaso Via Montallegro 1 – 16145 Genova, Italy

1st DAISY Workshop

HOME/2013/CIPS/AG/4000005001

9:00 Welcome Stam

9:10 Impact Analysis and Cost Benefit Analysis of Countermeasures on Airport Infrastructure

Umberto Battista (Stam)

9:40 Novel Intruder Detection & Authentication Optical Sensing Technology

Isabel Oliveira (Aeroportos de Portugal)

10:25 Low Cost and Fully Passive Terahertz Inspection System Based on Nano-Technology for Security Application

Wojciech Gołębiowski (SKA Polska)

10:55 Coffee Break

11:10 MobilE Applications & future InterneT - MEgAbIT: Research Activity and Security Aspects

Mario Marchese (UNIGE)

11:30 The Protection of Critical Infrastructures on Trans-Boundary Areas: a Multidisciplinary Challenge Massimo Migliorini

(SiTi)

12:00 Modelling and Simulation for Security in the extended maritime framework

Alberto Tremori (NATO)

12:30 Wrap-up and Conclusions Stam

13:00 Meeting closure

Agenda

HOME/2013/CIPS/AG/4000005001

DAISY Impact Analysis and Cost Benefit Analysis of Countermeasures on Airport infrastructure

HOME/2013/CIPS/AG/4000005001

industrial research

HOME/2013/CIPS/AG/4000005001

Stam was established in Genova in 1997 thanks to the seed funding provided by the European Space Agency Technology Transfer Program for the development of an innovative gearbox technology. Today Stam is a successful high tech company offering its services and products in a number of market sectors including: Aerospace Security and Defense Transport Robotics and Bio-engineering Energy

Who We Are

Genova

HOME/2013/CIPS/AG/4000005001

Project Operation Sites

Project Locations Since 1997 Stam has completed more than 150 projects in more than 15 countries in the EU. Thanks to the strong technical and managerial background Stam is able to offer its services and products to a number of clients in various industrial sectors. Stam has also developed a significant experience in working with the funding instruments of the European Commission under FP5, FP6 and FP7.

HOME/2013/CIPS/AG/4000005001

Selected Customers and Partners

HOME/2013/CIPS/AG/4000005001

A large part of Stam’s activities are related to safety and security aspects in transportation engineering. Stam has established partnerships with key players in the field of defense and security: the Italian Navy, Oto Melara, WAT, Gilardoni, AeroSekur, Istituto Affari Internazionali, QinetiQ. The company has also deep experience in the analysis and simulation of explosion effects and consequences. Its senior research staff have been involved in the simulation and evaluation of the effects of blast on vehicles and structures.

Transport and Security

http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=VFyQVym4e9mXaM&tbnid=0kdKJ2Y1-5cEwM:&ved=0CAUQjRw&url=http://www.zingarate.com/foto/notizie-dal-mondo/fatti-interessanti-sul-sistema-metropolitano-del-mondo/&ei=MyDJU4iZCcGmO8G5gWA&bvm=bv.71198958,d.bGE&psig=AFQjCNEKKGqZ3DXYiDEDUHvHn340a1xv0A&ust=1405776299819257http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=RAnb1Poyr3DLnM&tbnid=SJuXbrUr5USOmM:&ved=0CAUQjRw&url=http://www.travelquotidiano.com/trasporti/aeroporti-di-roma-fusione-con-autostrade-per-litalia/tqid-135823&ei=YiDJU8rFEse7OaC_gLgL&bvm=bv.71198958,d.bGE&psig=AFQjCNE1ZNWYS-EiLqOLeXGLM1COled8qQ&ust=1405776337935784http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=L847PLBUrYIIJM&tbnid=fbWZ4SuPWYaXXM:&ved=0CAUQjRw&url=http://www.dipendentistatali.org/marina-militare/&ei=liDJU7ypK83KOcXNgUg&bvm=bv.71198958,d.bGE&psig=AFQjCNE8QWDGATRja9x-ZNK15-xG1ZA7rA&ust=1405776401589407

HOME/2013/CIPS/AG/4000005001

DAISY Project

The main objective of the DAISY project is to provide CI Security Managers and Airport Manager with an instrument which will help in defining the risk their infrastructures are subject to, in order to assess the vulnerabilities and identify/implement the most appropriate integrated non-invasive inspection countermeasures. Moreover, the most valuable target of this project is to provide the end-users with an instrument that will help them in evaluating which non-invasive inspection systems are the most effective.

http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=SdtCWN7uzCQYSM&tbnid=ugYriqJmulmIsM:&ved=0CAUQjRw&url=http://precisesecurityandprotection.com/history&ei=wQXOU4TIMoerO8jFgNgF&bvm=bv.71198958,d.bGQ&psig=AFQjCNEEXvkLe9SijaMsZDQpWz3qv9bxFA&ust=1406097192257423http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=OdOUd1lL9lYDuM&tbnid=guJ_pLiBnGbYoM:&ved=0CAUQjRw&url=http://travel.nationalgeographic.com/travel/traveler-magazine/the-insider/airport-security-2/&ei=hs7HU6fAKoPnPPyKgegF&bvm=bv.71198958,d.d2k&psig=AFQjCNEFsQI-r08YLR_qANcITSA2Io4STg&ust=1405689860725533

HOME/2013/CIPS/AG/4000005001

Project Consortium

http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=EhAsAu43R1qWfM&tbnid=tjYmQwGLWhXK6M:&ved=0CAUQjRw&url=http://www.master.eurec.be/en/Partnering-Universities/Spe-Ocean-Energy-IST-Lisbon-Portugal/&ei=Ks_HU5PrJszEPKi6gZgL&bvm=bv.71198958,d.d2k&psig=AFQjCNEz8K5iBV0zw0vgInMagvtfH7VSLA&ust=1405690020656536http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=d43ej5Eep_6e4M&tbnid=T3JCHrAUgBI8aM:&ved=0CAUQjRw&url=http://worldwide.vortal.biz/anas-experience-with-vortalgov_item_5182&ei=087HU8-uFcOrPKzsgYgN&bvm=bv.71198958,d.d2k&psig=AFQjCNHKrNv7vF5Qoleqqcsb20PC9hLxbg&ust=1405689926950720

HOME/2013/CIPS/AG/4000005001

Aims (1/2)

The current methods to detect people transporting harmful and hazardous materials inside the terminal are expensive and time-consuming and generate indirect costs on the community that are invisible to the security manager but create frustration to passengers and additional burden on the general economy. EU indications are in fact to reduce as low as possible, compatibly with the necessary degree of security, the number of body analyses.

http://www.google.it/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=-iP6q9yZiBtVCM&tbnid=sJotvsmE9HOh0M:&ved=0CAUQjRw&url=http://www.whitespace.on.ca/Blog/bid/59773/Is-your-business-blog-writing-too-time-consuming&ei=TNbMU9SOKsHROZ6WgegO&bvm=bv.71198958,d.bGE&psig=AFQjCNG1K_QjyeXhAYIBWhbR0W1vnhRnzg&ust=1406019481430081

HOME/2013/CIPS/AG/4000005001

Aims (2/2)

This aspect is addressed by the DAISY Consortium through the involvement of partners from Italy, Portugal and Poland, with great expertise dealing with security related issues from a technological perspective. Project dissemination activities on and workshops will divulgate the project results and recommendations to analyze and achieve an adequate level of security in airports. The project results will complement other present and future activities: • Providing effective methodologies for airport security engineering activities. • Promoting new investigation activities taking these developments as the basis. • Prevention and mitigation and training operations in such a way that evaluation of risk

scenarios is possible.

HOME/2013/CIPS/AG/4000005001

Methodology (1/2)

The project will be carried out by relying on the following aspects, which are deemed as fundamental in the achievement of the stated goals: • Definition of a methodology for cost/benefit evaluation of integrated non-invasive

inspection countermeasures implementation. • Development of IT instruments to support the methodology application. • Provision of an instrument that can be used for training purposes by the users. • Support to the development of risk assessment methodology to protect airport critical

infrastructures. • Support to the identification and analysis of European criticalities in the airport terminal

infrastructures. • Development of tools and concepts to integrate the protection of airport terminal

infrastructures into crisis management.

HOME/2013/CIPS/AG/4000005001

Methodology (2/2)

• Development of a common framework for the effective protection of critical infrastructure at EU level.

• Increase in the security awareness of airport terminal infrastructure stakeholders. • Improvement of information management with regard to airport terminal

infrastructures. • Increase of critical infrastructure protection capability in the civil aviation sector. • Promotion of investment in innovative non-invasive inspection technologies applied to

airport terminal infrastructures, taking the project developments as the basis.

HOME/2013/CIPS/AG/4000005001

Main Inputs: • Existing security procedures, practices, and relationships in airports • Threats analysis • Scenarios definition Objectives: • Identification of existing security procedures, practices, and relationships • Identification of reference threats, and capture of new threats • Identification of real scenarios, in a critical infrastructures which could be

vulnerable to attacks from a terrorist source

WP1 - Homeland Security Trends and Application Scenarios

HOME/2013/CIPS/AG/4000005001

Main Inputs: • Existing security procedures, practices, and relationships in airports • Threats analysis • Scenarios definition Objectives: • Identification of countermeasures to eliminate, reduce, or mitigate risk on

selected critical infrastructure • Appraisal and evaluation of the methodologies and processes and identification

of strengths and weaknesses of state-of-the-art risk assessment methodologies • Development of specifications for risk assessment methodology and tool • Definition of risk assessment methodology • Definition of the cost/benefit assessment methodology

WP2 - DAISY risk assessment methodology and countermeasures set definition

HOME/2013/CIPS/AG/4000005001

Main Inputs: • Economic losses, keeping into account the expected magnitude of damage in

terms of fatalities, injuries, property damage, asset replacement cost, productivity losses and other direct and indirect business values

• Risk management process Objectives: • Definition of assets value and impact, based on expected magnitude of

damage • Development of DAISY risk assessment package, based on specifications

defined in the previous WPs • Development of DAISY cost/benefit package • Development of upgrade recommendation for target group and stakeholders • Development of DAISY tool

WP3 - Development of the DAISY tool

HOME/2013/CIPS/AG/4000005001

Main Inputs: • Development of DAISY tool Objectives: • Simulation of DAISY methodology on real scenarios • Validation of DAISY tool • Optimization of DAISY tool

WP4 - Use case validation

HOME/2013/CIPS/AG/4000005001

Objectives • To conduct workshop to validate and verify functionality of tool • To disseminate outputs of DAISY to key industry stakeholders and wider public • To develop training methodology to roll-out DAISY software tool

WP5 - Exploitation and training

HOME/2013/CIPS/AG/4000005001

WP1 - Homeland Security Trends and Application Scenarios

• Security in Aviation based on a layered approach fits well to the airport infrastructure.

• Analysis of existing Regulations and regulating Bodies. • Analysis of screening methodologies for passenger, cabin baggage and hold baggage. • Best practices in Risk Management (SeMS, decision processes)

HOME/2013/CIPS/AG/4000005001

WP1 - Homeland Security Trends and Application Scenarios

Classification Monitoring and recording

Inputs for risk analysis tool

• Type of attack • Objectives • Motives • Locations • Perpetrators • Casualties

Statistics

HOME/2013/CIPS/AG/4000005001

WP1 - Homeland Security Trends and Application Scenarios

• Threat assessment review o attack planning o collecting information o assessing future threats

• Current Trends of Terrorist Threats o Global terrorism (GTD) o Situation in the World o Situation in Europe (Europol)

• Terrorist attacks to transportation overview • Security incidents in Airports

HOME/2013/CIPS/AG/4000005001

Methodology Sector/Hazards End-Users Objectives

Inte

rdep

ende

ncie

s

CM a

sses

smen

t

Resi

lienc

e

Counteract (Generic Guidelines for Conducting Risk Assessment in Public

Transport Networks) Transport, Energy/ Terrorist threats Operators, asset managers

Risk reporting, protection measures effectiveness

evaluation No Yes No

NSRAM (Network Security Risk Assessment Modeling)

All sectors/ Technical hazards CI operators and decision makers What if analysis under malicious attacks Yes Yes Yes

RAMCAP Plus All sectors/ Technical hazards CI operators and decision makers RA and mitigation, multi-level, cross-sector Yes No Yes

RVA (risk and vulnerability analysis) All sectors/ Technical, socio- technical hazards CI Decision makers Risk assessment,

qualitative No Yes No

BMI (Baseline protection concept) All sectors/ Technical, natural hazards, Terrorist threats Private companies, CI operators,

Policy makers RA collaboration between

PM & private sector Yes No Yes

RAND ( Infrastructure, Safety) Transport/ Terrorist threats CI operators and decision makers Risk assessment, qualitative No Yes No

Stam Transport/ Terrorist threats CI operators and decision makers Risk assessment, quantitative Yes Yes Yes

WP2 - DAISY risk assessment methodology and countermeasures set definition

HOME/2013/CIPS/AG/4000005001

RA Methodology Schematic approach

• Intolerable • Precarious • Tolerable • Negligible

RA Model Available data Scenarios

results

Expert Revision

Biasing

Training

Impact analysis

HOME/2013/CIPS/AG/4000005001

RA Model Available data Scenarios

results

Expert Revision

Biasing

Training

Impact analysis

High impact / frq

scenarios

CM. Design

CM. Evaluation

RA Methodology Schematic approach

• Effectiveness • Cost • Time for implementation • Additional benefits • Crowd invasive • etc.

HOME/2013/CIPS/AG/4000005001

RA Model Available data Scenarios

results

Expert Revision

Biasing

Training

Impact analysis

High impact / frq

scenarios

CM. Design

CM. Evaluation

CM. Ranking

RA Methodology Schematic approach

HOME/2013/CIPS/AG/4000005001

RA Methodology RA Model

COA Section 1 . . Section N Section 1 . . Section N .

Casualties

Physical Impact

Impact Attack

Available Records

POA 1 .

POA N Section 1

.

. Section N

Security measure 1 . .

Security measure N Attack tactic 1

. Attack tactic N

HOME/2013/CIPS/AG/4000005001

Quantitative Risk Assessment Formulations and Methodology

𝑹𝑹𝑖𝑖𝑖𝑖𝑖𝑖 = 𝑻𝑻ℎ𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟 .𝑽𝑽𝑢𝑢𝑢𝑢𝑢𝑢𝑟𝑟𝑟𝑟𝑟𝑟𝑢𝑢𝑖𝑖𝑢𝑢𝑖𝑖𝑟𝑟𝑢𝑢. 𝑰𝑰𝑚𝑚𝑚𝑚𝑟𝑟𝑚𝑚𝑟𝑟

Risk assessment A. Threat assessment B. Vulnerability assessment C. Impact assessment

HOME/2013/CIPS/AG/4000005001

Quantitative Risk Assessment A. Threat Assessment

Threat Measure Scale

Explosives IED/VBIED Size 0~10 Incendiary Size 0~10 Public disorder Level of panic 0~10 Armed attack lethality 0~10 Unconventional weapon lethality 0~10 Sabotage destructiveness 0~10 CBRA lethality 0~10 Hoax or Threat H rate * 0~10 etc. …….. ………..

List of used threat tactics and their scaling method respect to their lethality

HOME/2013/CIPS/AG/4000005001

Security measure Scale

Past terrorist attack record 0~10

Active local Terrorist groups 0~10

Threat declared 0~10

Time of the day 0~10

Country involved in war 0~10

etc. ………..

Quantitative Risk Assessment A. Threat Assessment

List of parameters that makes a place, a potential terrorist attack target

HOME/2013/CIPS/AG/4000005001

Attacks Location Scale

Airport Parking lot 0|1

Check-in salon entrance 0|1

Power supply Unit 0|1

Check-in stands 0|1

Passport check-in gate 0|1

Transit salon 0|1

etc. 0|1

List of all available sectors in an airport

Quantitative Risk Assessment B. Vulnerability Assessment

HOME/2013/CIPS/AG/4000005001

Security measure Definition Scale

Perimeter surveillance system Level 0~10

Airport check-in salon surveillance systems Level 0~10 Uniformed patrols Q&Q 0~10 Rapid-deployment forces Q&Q 0~10 Check-in baggage scan Technology 0~10 Cabin baggage scan Technology 0~10 Airplane corridor body scan Technology 0~10 etc. …….. ………..

List of security measures and their scaling method

Quantitative Risk Assessment B. Vulnerability Assessment

HOME/2013/CIPS/AG/4000005001

Quantitative Risk Assessment C. Impact Assessment

Economy loss

Psychological Impact

Intersectoral Impact

Physical Impact Casualties

Mass media

Incident

A model has to translate the high level impact to the lower ones

HOME/2013/CIPS/AG/4000005001

CM categories: 1. Detection 2. Delay 3. Response Assessment parameters: • Expected benefits

o Reduce probability of attack o Reduce fatalities in system o Resilience

• Cost • Impact on market • Speed of implementation

Counter Measures Assessment

Constraints: • Generic and non-scenario

oriented • Non-invasive to passengers • Cost efficient Solutions that proved to have highest payback: • Human resource training • Technology

HOME/2013/CIPS/AG/4000005001

WP5 - Project Website

• Active and timely presentation of project results

• Dedicated to different target groups: the general public (“information section”), relevant stakeholders, experts, and project partners

• Internal part for the exchange of information

• External part open to the public including non-confidential information

www.daisy-project.eu

HOME/2013/CIPS/AG/4000005001

Stam S.r.l.

Piazza della Vittoria 14/11 16121 Genova, Italy

Phone: +39 010 3694967 Fax: +39 010 3626539 www.stamtech.com

Roberto Landò r.lando@stamtech.com

Umberto Battista u.battista@stamtech.com

Mony Khosravi m.khosravi@stamtech.com

Contacts

http://www.stamtech.com/mailto:r.lando@stamtech.commailto:u.battista@stamtech.commailto:m.khosravi@stamtech.com

1st DAISY WorkshopAgendaDiapositiva numero 3Diapositiva numero 4Diapositiva numero 5Project Operation SitesSelected Customers and PartnersTransport and SecurityDAISY ProjectProject ConsortiumAims (1/2)Aims (2/2)Methodology (1/2)Methodology (2/2)WP1 - Homeland Security Trends� and Application ScenariosWP2 - DAISY risk assessment methodology and countermeasures set definitionWP3 - Development of the DAISY toolWP4 - Use case validationWP5 - Exploitation and trainingWP1 - Homeland Security Trends� and Application ScenariosWP1 - Homeland Security Trends� and Application ScenariosWP1 - Homeland Security Trends� and Application ScenariosWP2 - DAISY risk assessment methodology and countermeasures set definitionRA Methodology�Schematic approachRA Methodology�Schematic approachRA Methodology�Schematic approachRA Methodology�RA Model Quantitative Risk Assessment �Formulations and Methodology Quantitative Risk Assessment �A. Threat Assessment Quantitative Risk Assessment �A. Threat Assessment Quantitative Risk Assessment �B. Vulnerability Assessment Quantitative Risk Assessment �B. Vulnerability Assessment Quantitative Risk Assessment �C. Impact Assessment Counter Measures AssessmentWP5 - Project WebsiteContacts