the past decades airports and mass transportation sites havehttp
TRANSCRIPT
1
V r i j e U n i v e r s i t e i t
B r u s s e l
K r i s t o f V e r f a i l l e
M i r e i l l e H i l d e b r a n d t
R o s a m u n d e v a n B r a k e l
Deliverable D 6.2
SIAM Security Impact Assessment
Measures
Assessing Security Threats in Mass Transportation Sites
Project number
261826
Call (part) identifier
FP7-Security-2010-1
Funding scheme
Collaborative Project
2
Table of content
EXECUTIVE SUMMARY 3
1. INTRODUCTION 4
2. TRANSNATIONAL TRENDS IN TERRORISM, TRANSNATIONAL ORGANIZED CRIME, ILLEGAL MIGRATION, CYBER CRIME, TRANSNATIONAL WHITE COLLAR CRIME 6
2.1 TRANSNATIONAL ORGANISED CRIME 7
2.2 TRANSNATIONAL WHITE COLLAR CRIME 10
2.3 TERRORISM 14
2.4 ILLEGAL MIGRATION 16
2.5 CYBERCRIME 18
2.6 CONCLUSION 19
3. ASSESSING SECURITY THREATS: FLOWS, NODES AND PROACTIVENESS 21
3.1 NODAL SECURITY GOVERNANCE 22
3.2 NODAL ORIENTATION AT SCHIPHOL INTERNATIONAL AIRPORT 23
3.3 CONCLUSION 26
4. TWO MODELS OF PROACTIVE MASS TRANSPORTATION SECURITY 27
5. RISK-BASED SECURITY POLICIES: THREATS, VULNERABILITIES, AND CRITICALITIES 33
5.1 A QUANTITATIVE RISK ASSESSMENT MODEL FOR AIRPORT SECURITY 35
5.2 A QUALITATIVE RISK ASSESSMENT MODEL FOR PUBLIC TRANSPORT SECURITY 37
5.3 EVALUATION 39
6. SCENARIO THINKING 46
6.1 SCENARIO EXERCISES 48
7. CONCLUSION 49
BIBLIOGRAPHY 51
3
Executive summary
In deliverable 6.2 we present a literature review of current scientific research and the
analysis of security threats. We provide an in-depth review of authoritative transnational
and European threat assessments about organized crime, cybercrime, white-collar crime,
illegal migration, and terrorism, and we further explore the conceptual and methodological
challenges these assessments raise based on a literature review of current scientific research
about policing mass transportation sites and a high-level review of security assessment
methodologies in the EU transport sector. We conclude that the assessment of security
threats to inform SMT evaluations can benefit from scenario studies, not to present ready-
made SMT solutions for security threats, but to improve the quality of decision-making
about SMTs in mass transportation sites (cf. DOW, 11). The findings of the literature review
suggest that qualitative decision-making about SMTs, in light of security threats, requires
methodologies that introduce and mobilize a sound knowledgebase about these threats to
the SMT decision-making process, and these include outside perspectives (e.g. scientific
analyses), threat and risk assessment trends and security intelligence, to encourage long-
term thinking, support the creation of a common vision and a shared understanding of
‘security’ among different stakeholders, and to challenge decision-makers assumptions
about security threats and SMTs to avoid tunnel vision, rigidity and bias in decision-making.
As such, scenario studies can allow decision-makers to assess threats, possible targets and
impacts in ways that contribute to a process-oriented and reflexive evaluation of SMTs.
4
1. Introduction
SIAM is an assessment support system that intends to support the evaluation or
assessment of security measure and technology (SMT) proposals. The development of a
support system goes beyond the idea that strategic decision-makers, policy-makers, and
academics need to be informed about how efficient particular SMTs are at performing a
particular task. Surely such considerations are important. Decision-makers want to make
cost-benefit analyses, which requires them to know what SMTs can do exactly and how
much they cost. There is, however, much more to evaluating SMTs than considering their
efficiency. In addition to efficiency, assessing what an SMT can do and at what cost, decision-
makers need to know if the SMT performs tasks that will actually improve security. Is the
SMT effective in providing security, and what does it mean ‘to provide security’? Once
decision makers find that an SMT is efficient and effective, they face yet another range of
considerations. What effects does the SMT have on the customer experience? Will
passengers be willing to use the mass transportation facility once an SMT is in place? What
effects does the SMT have on the citizen? Does the SMT fit with the principles of a
democratic society? Have decision-makers considered how SMT investments affect
customers and citizens’ trust? Are decision-makers aware of people’s expectations about the
use of SMTs, and do they know if people are confident about the ways in which SMTs are
mobilized?
WP6 focuses on the issue of security. The evaluation of SMT proposals requires
decision-makers to assess whether SMTs actually address probable targets and impacts so
that investments in security concepts that do not focus on any relevant threat or a criminal
action can be avoided. Decision-makers therefore have to (be able to) reflect on possible
targets and victims, consider how threats are actually carried out, and what the impact of a
threat might be (DOW, 7, 10-11, 26-28). The key objective of WP6 is then to develop
scenarios that give insights about possible targets for specific threats, as well as the impacts
those targets could suffer (DOW, 30; see infra). The choice was made to develop scenarios,
as these tools are expected to provide answers to questions about what could happen from
the moment that these threats materialise (DOW, 26).
As such, WP6 presents a number of conceptual and methodological challenges.
Decision-makers need to evaluate SMT proposals, and information about security threats is
5
an important part of that evaluation. But what are security threats exactly, and how do
decision-makers obtain such information? The DOW suggests we focus on 5 security threats:
(i) terrorism; (ii) transnational organized crime; (iii) illegal migration; (iv) cyber crime; (v)
transnational white collar crime. In this paper, in which we present the literature review of
current scientific research and threat analyses (Task 2, WP6), we will first review what is
currently known about these 5 security threats. We will do so based on existing
transnational threat assessments, as these reports provide information about these
emerging and developing security threats on a global or regional level.
Although the analysis of transnational threats provides valuable clues about what the
5 security threats mean in practice, they do raise two particular questions that will be
explored further. First, while the transnational threat assessments do refer to mass
transportation settings, in themselves these assessments do not allow us to make
statements about possible targets, and the impacts those targets could suffer in the
concrete settings of our 4 case-studies. We thus need to understand what these trends
mean exactly in these settings, and what they mean to the people that have to make
decisions about SMTs in those settings. The empirical exploration of these questions will be
further developed in task 6.3, where workshops will be conducted with security experts and
decision-makers in our case-study settings.
Second, the DOW suggests that decision-makers do not only need to be aware of
what has happened, but they need to be proactive. When evaluating SMTs they need “to be
one step ahead of the criminals” (DOW, 26) and consider events that have yet to take place.
It is thus insufficient that we inform decision-makers about developing trends and merely
present the results of existing threat assessments. We need to explore how decision-makers
can prepare for events that have yet to take place. But what does it mean “to be one step
ahead of the criminals”? What information should be gathered to that end? What
information should be used or dismissed and on what grounds? What are decision-makers
assessing exactly, what is meant by ‘a security threat’, and how are such threats to be
assessed?
We will further explore these conceptual and methodological issues based on a
literature review of current scientific research about policing mass transportation sites and
threat analysis concepts and methodologies. In this review, we will focus in particular on
methodologies that allow us to meet the SIAM objectives. WP6 contributes to an assessment
6
support system that intends to increase the reflexivity of SMT assessments (DOW, 11), and
we will argue that this means that we can not present ready-made solutions for security
threats to security experts and decision-makers in specific settings. Our basic argument will
be that scenario studies can allow decision-makers to assess threats, possible targets and
impacts in ways that contribute to a process-oriented and reflexive evaluation of SMTs.
2. Transnational trends in terrorism, transnational organized crime, illegal migration, cyber
crime, transnational white collar crime
If decision-makers need to evaluate SMT proposals, and if we believe information
about security threats is an important part of that evaluation, what do decision-makers need
to be informed about exactly? ‘Security’ refers to a field of practices that intend to provide
protection against deliberate acts and/or the intentional infliction of harm (Van Sluis and
Bekkers, 2009). Harm that is inflicted unintentionally, e.g. environmental disasters or
accidents, is not included in SIAM. ‘Threats’, as they are usually conceptualised in risk
assessments, refer to ‘the likelihood that a specific type of attack will be initiated against a
specific target’ (Tamasi and Demichela, 2011: 893). As such, the assessment of threats most
often requires information about the intent and capability of offenders to carry out a
particular act (Vander Beken, 2004). Threat assessments are thus essentially developed to
inform decision-makers about people’s intent to carry out a particular act and their
capability to do so.
WP6 suggests that we focus on terrorism, transnational organized crime, illegal
migration, cyber crime, transnational white collar crime. Each of these categories are policy
priorities in the EU, and although in practice they often connect and intertwine, they are
believed to represent distinct categories of deliberate acts that are committed for specific
purposes. Each of these acts are believed to be threats because European policy-makers
believe there are individuals and groups that have the intent and capability to perform them,
and are likely to perform them in the future.
The EU, and various other public and private international organizations, have
developed threat assessments to be informed about these security threats and draft policies
that are more evidence-based. As such, these reports attempt to develop a knowledge-base
to improve the quality of decision-making. We will review these reports to assess whether
7
they might be useful for SIAM and the evaluation of SMT proposals1. We do not intend to
present a legal analysis, an historical overview of the 5 security threats, nor will we present
elaborate datasets about these issues. Our aim is to present a review that allows us to
understand what each of these threats mean in practice and what the most important
trends are. We highlight trends that apply to Europe, and where possible, we point to the
implications of these trends to mass transportation sites.
2.1 Transnational Organised Crime
Under the United Nations Organized Crime Convention, transnational organized
crime (TOC) is defined ‘as any serious transnational offence undertaken by three or more
people with the aim of material gain’ (TOCTA, 2010: 1). The Transnational Organised Crime
Threat Assessment Report (TOCTA), which is drafted by UNODC (2010: v)2, maps the
following main organized crime flows from, or to, Europe (TOCTA, 2010: 1; v-vi) 3:
- Heroin (from Afghanistan to Europe)
- Cocaine (from the Andean region, South America to Europe)
- Fire arms (from Eastern Europe to Africa)
- Smuggling of migrants (from East – Africa, West-Africa, North- Africa to West and
Central Europe)
- Trafficking female victims (from Brazil, The Balkans, The Russian Federation to
West and Central Europe)
1 For the purpose of this review we have selected threat assessments that report on the most recent global
and/or European trends for each of the 5 security threats selected in SIAM: the EU organised crime threat assessment - OCTA (Europol, 2011), Global Money Laundering and Terrorist Financing Threat Assessment (FATF/OECD, 2010), the Internet facilitated organised crime threat assessment - iOCTA (Europol, 2011), TE-SAT 2011: EU Terrorism Situation and Trend Report (Europol, 2011), the 2010 Report on Terrorism (NCTC, 2011), The role of organized crime in the smuggling of migrants from West Africa to the European Union (UNOCD, 2011), Transnational organized crime threat assessment – TOCTA (UNODC, 2010), the Internet Security Threat Report (Symantec Corp, 2011) and the 2012 Threats Predictions (McAffee Labs, 2011) 2 The TOCTA-report provides the most comprehensive information about transnational organized crime that is
currently available. The report was prepared by the Studies and Threat Analysis Section, Policy Analysis and Research Branch, Division for Policy Analysis and Public Affairs, UNODC, experts from the Stockholm Peace Research Institute, Environmental Investigation Agency, and Cybercrime Research Institute, TRAFFIC, INTERPOL, Small Arms Survey and Europol, as well as the input and data from national governments. 3 The TOCTA report also identifies cybercrime as an important transnational organized crime threat, but does
not identify it in terms of a flow. We will discuss cybercrime more in depth further on. Money laundering, which is connected to organized crime in that it is used to process criminal proceeds, will also be discussed more in depth in the section white collar crime.
8
- Counterfeit consumer goods (from China to Europe)
- Timber (from South-East Asia to West and Central Europe)
- Cassiterite, a tin oxide mineral (from the Democratic Republic of the Congo to
West and Central Europe)
The report identifies the growth of civil aviation over the past 30 years as one of the
main drivers for illicit activity (TOCTA, 2010: 29-30). Organized crime threats that are
primarily reported on in the context of airport facilities are trafficking in persons and the
trade in cocaine. Of particular interest, and because of geographical challenges, are Latin
American traffickers that make use of tourism agencies to recruit victims, most often
women, and these women are transported by air, using regular airlines and three-month
tourist visas to cross the borders at major European airports (TOCTA, 2010: 45). Additional
threats in this context are the victims being trafficked from Brazil to Europe using ‘European
administrated territories in the Caribbean or South America to reduce the risks of being
intercepted in Europe’ (TOCTA, 2010: 45). The trade of cocaine is a second organized crime
threat that is explicitly linked to airport facilities. Although the largest shipments and
seizures of cocaine continue to be made at sea, a large number of smaller shipments are
detected at airports and in the mail (TOCTA, 2010: 45).
The 2011 Europol Organised Crime Threat Assessment (OCTA) allows for a more
detailed perspective on organized crime threats in Europe. One of its key findings is that a
new organized crime landscape seems to be emerging in Europe (OCTA, 2011: 8). Criminal
groups seem to collaborate more, and this occurs in multiple jurisdictions and criminal
sectors. There is a greater mobility in and around the EU, a diversification of illicit activity,
and a growing dependence on a dynamic infrastructure, anchored in key locations and
facilitated by widespread use of the Internet. The report focuses on the following organized
crime threats in Europe:
- Drugs (heroin, cocaine, synthetic drugs, cannabis, quat)
- Facilitated illegal migration (trafficking in human beings)
- Fraud (VAT fraud)
- Cigarette smuggling
9
- Counterfeiting (Euro counterfeiting, commodity counterfeiting, document
counterfeiting)
- Weapons trafficking
- Organized property crime
- Environmental crime (illegal waste trafficking, trafficking in endangered species)
These organized crime activities can also be located geographically. Europol identifies
5 major organized crime hubs (OCTA, 2011: 9): (i) the North West hub, which functions as
the main coordination centre for drug distribution in Europe; (ii) the North East hub, with its
transit of ‘illicit commodities to and from the Former Soviet Union’ and its ‘violent poly–
criminal groups with international reach’; (iii) the South West hub, which functions as a
transit zone for victims of trafficking in human beings for sexual exploitation and the transit
and distribution of cocaine and cannabis; (iv) the Southern hub, in which some of the best
resourced criminal groups in Europe operate, and which seems to function as ‘a centre for
counterfeit currency and commodities, a transit zone for victims of trafficking in human
beings and illegal immigrants’; (v) the South East hub, which has known the greatest
expansion in recent years, ‘as a result of increased trafficking via the Black Sea, proliferation
of numerous Balkan routes for illicit commodities to and from the EU, and a significant
increase in illegal immigration via Greece’.
The OCTA documents various organized crime trends that involve mass
transportation sites, and its findings have profound implications for policing such sites. First,
organized crime groups use commercial and passenger transport infrastructure, i.e.
container shipments, air freight, and light aircraft, to shorten supply chains, and Europol
believes this trend is likely to become more important (OCTA, 2011: 48). The result is that
the routes for illicit commodities have become more diversified and flexible (OCTA, 2011: 8).
Second, most organized crime threats identified in the OCTA are best perceived in
terms of flows (cf. the TOCTA – report). They involve the transfer of money, the trafficking of
illicit goods and people from, to, and through particular locations (hubs) in Europe.
Commercial and passenger transport infrastructures are used to facilitate these flows. What
happens in mass transportation sites, the organized crime threats they face, is thus
connected to processes that occur far beyond the reach of local security experts or decision-
makers.
10
Third, if organized crime threats should be perceived in terms of flows, this means
that mass transportations sites are inevitably connected to one another. For the heroin
trade, for instance, where West-African groups seem most involved, and the involvement of
Iranian, Iraqi and Pakistani groups is growing, connections have been found between
airports in Pakistan, Iran, India and the EU, with direct flights or stopovers in West and East
Africa (OCTA, 2011: 11-12). What happens at one mass transportation site, whether local
security policies interrupt or facilitate flows, thus profoundly affects what happens to other
mass transportation sites. For instance, the more prominent role of the Dominican Republic
as a transit point for cocaine is believed to be the result of law enforcement actions against
the former Dutch colonies in that area. A similar trend was found in the TOCTA (2010: 45,
supra), where organized crime groups involved in trafficking human beings move their
operations to particular areas precisely to avoid the risk of being intercepted. West-African
groups play a prominent role in trafficking cocaine to the EU by air courier, yet fewer (male)
couriers of West-African origin are identified at European airports because women and EU
nationals are recruited to act as cocaine couriers from Latin America to evade law
enforcement (OCTA, 2011: 13). Security policies at one particular location thus not only
affect the nature of organised crime flows, their origin, shape and direction, they inevitably
have an impact on other security policies as well.
Finally, because mass transportation sites are crucial to the flow of goods and people,
the ability to pass through these sites undetected is of crucial importance. Mass
transportation sites thus face counterfeit or forged documents, the illicit use of visas and
other personal or travel documents, the abuse of asylum procedures, the exploitation of
legislative loopholes, the abuse of legitimate business structures (travel, employment and
shipping agencies) and the creation of businesses, e.g. small private airlines for smuggling,
that are used to that end (TOCTA, 2010; see also: OCTA, 2011: 21).
2.2 Transnational white collar crime
White collar crime can be perceived as ‘a heterogeneous group of offences
committed by people of relatively high status or enjoying relatively high levels of trust, and
made possible by their legitimate employment’ (Tombs and White, 2001: 319-320). As such,
the focal issue of white collar crime is the identity (the status) of the offender, rather than
11
any particular offence or the manner in which an offence is committed. In this review we
focus on transnational white collar crime, which implies that offences are either committed
in more than one state, or committed in one state but planned and controlled in another,
the offences can have an impact on another state than the state where they are committed,
or they can be committed in one state by groups (or individuals) that operate in different
states (UNODC, 2010: 25). We thus focus on threats assessments with a global or regional
(European) focus on white collar crime, i.e. the Global Money Laundering and Terrorist
Financing Threat Assessment (FATF/OECD, 2010)4, and such assessments focus primarily on
money laundering and other threats to the integrity of the financial systems and
institutions5. Because the FATF suggests that it is currently not possible to provide detailed
threats and global trends about money laundering due to a lack of factual, reliable and
quantifiable data (FATF/OECD, 2010: 59), we amend the FATF/OECD report with findings
from the 2011 Europol Organised Crime Threat Assessment (OCTA, 2011: 40), in which
money laundering is identified as a horizontal issue: as money laundering refers to the
processing of criminal proceeds to disguise their illegal origin (FATF, 2012), it connects to all
offences that bring forth such proceeds6.
The FATF/OECD report (2010: 8) suggests that the money that is laundered through
the financial systems comes from all the designated categories of offences that are defined
in the FATF Recommendations7. However, the main sources of criminal proceeds are tax,
4 The Financial Action Task Force (FATF) is an inter-governmental body that develops and promote policies,
legislative and regulatory reforms, both at national and international levels, to combat money laundering and terrorist financing (see: FATF: 2012, available at: http://www.fatf-gafi.org/. 5 In this review we cannot review global or European trends about corruption. Due to its covert nature, there
are no reliable and standardized data about the frequency or amount of corruption on a global, regional or even local level (Transparency International, 2011: 3). As such, Transparency International publishes perception indexes, such as the Corruption Perceptions Index, the Bribe Payers’ Index (BPI), and the Global Corruption Barometer (GCB). Additional information can be found in Transparency International’s annual reports and Global Reports about corruption. The latter focuses on thematic issues (e.g. corruption and climate change in 2009) and descriptive country reports. 6 In its 40 Recommendations, which were updated in February 2012, the FATF suggests that ‘predicate offences
for money laundering should cover all serious offences and countries should seek to extend this to the widest range of predicate offences’ (FATF/OECD, 2012: 13). 7 These designated offences are: ‘participation in an organised criminal group and racketeering; terrorism,
including terrorist financing; trafficking in human beings and migrant smuggling; sexual exploitation, including sexual exploitation of children; illicit trafficking in narcotic drugs and psychotropic substances; illicit arms trafficking; illicit trafficking in stolen and other goods; corruption and bribery; fraud; counterfeiting currency; counterfeiting and piracy of products; environmental crime; murder, grievous bodily injury; kidnapping, illegal restraint and hostage-taking; robbery or theft; smuggling; (including in relation to customs and excise duties and taxes); tax crimes (related to direct taxes and indirect taxes); extortion; forgery; piracy; and insider trading and market manipulation’.
12
fraud, corporate crimes, embezzlement, intellectual property crimes and drug related
crimes. Other source trends that have been identified are internet-based crimes, the
smuggling of goods and contraband, taxation or excise evasion, corruption and bribery,
including the embezzlement of public funds (FATF/OECD, 2010: 8). Features that are widely
abused by money launderers and terrorist financiers are cash and bearer negotiable
instruments, the transfer of value, assets and stores of value, gatekeepers,
jurisdictional/environmental aspects (FATF/OECD, 2010: 11-12). From these findings, the
FATF identifies a number of global threats that often involve more than one jurisdiction and
are carried out using both formal and informal systems, as well as multiple sectors and
techniques (FATF/OECD, 2010: 59): the smuggle and use of cash, internet-based systems and
new payment methods, complicated commercial structures and trusts, wire transfers, and
trade-based transactions, often involving the use of false or stolen identities.
The 2011 Europol Organised Crime Threat Assessment (OCTA, 2011: 40-41), identifies
the following European trends and emerging threats in money laundering:
- The movement of cash is the most favoured method to transfer criminal
proceeds;
- Cash smuggling: the use of couriers and money mules to carry cash below the
reporting thresholds so that no declaration is needed; the transport of cash by
delivery companies without their knowledge; illicit cash is declared as legitimate
funds; the use of light aircraft and helicopters to smuggle cash; declaration
requirements and powers of seizure in respective jurisdictions affect smuggling
routes; the euro is important for cash smuggling because of its high
denomination notes, in particular the 500 euro note, and because it allows
criminal groups to conceal the origin of the cash and the location of the criminal
activity;
- The use of fictitious contracts to legitimise cash movements and a sharp increase
in transnational movements of precious metals;
13
- The use of Money Service Businesses to convert small banknotes to high
denomination notes, and the use of money transmission services (e.g. Western
Union) for the layering stage of money laundering; to avoid detection and anti-
money laundering strategies, criminal groups use less detectable transactions
(smurfing), they pay migrants to use their passports to transfer money, or they
turn to alternative remittance systems (e.g. hawala) or cash intensive businesses
(e.g. restaurants, casinos, used car dealerships and travel agencies) to decrease
the risk of detection;
- The use of cash as a preferred means to launder illicit proceeds (e.g. to pay for
raw materials, tools and the low salaries of workers in sectors known for labour
exploitation of victims of trafficking in human beings);
- The use of shell companies, most often in offshore jurisdictions, in all stages of
the money laundering process, with a notable trend of using import/ export
companies for the virtual importation of goods on the basis of forged documents;
- The use of internet to commit fraud and money laundering and the ability to
conceal these activities;
- Extensive cooperation with specialists in the legal and financial sectors, most
prominently investment firms and money service businesses;
In sum, most of these key trends in transnational white collar crime, i.e. money
laundering, have important implications for mass transportation sites (e.g. cash smuggling,
the use of money service businesses or money transmission services, use of shell companies
and travel agencies) and they provide clear focal issues for security management and the
development of mass transportation security policies. However, as such policies will use and
evaluate SMTs in terms of their ability to detect and make transparent flows of illicit money,
and the structures and methods developed to do so (e.g. shell companies), the most
important feature of white collar crime should not be overlooked. With Tombs and White
(2001) we argued that the focal issue in white collar crime is the identity of the offender, i.e.
14
people with a high status or enjoying relatively high levels of trust, who can facilitate crimes
through their legitimate employment. The threat assessments only briefly touch upon this
issue (e.g. cooperation with specialists in the legal and financial sectors) as there is no
reliable and standardized data about these kinds of threats so that sensible trends are hard
to discern. The evaluation of SMT proposals in light of white collar crime threats should
therefore include a focus on (potential) offenders who can facilitate crimes through their
status and employment in a mass transportation site.
2.3 Terrorism
Our review of terrorist threats is based on a global threat assessment, the 2010
Report on Terrorism, provided by the US National Counter Terrorism Center (NCTC, 2011),
and the 2011 EU Terrorism Situation and Trend Report (TE-SAT, 2011) provided by Europol,
which allows us to develop a more detailed European perspective on terrorism. The NCTC
report is based on open source information. The TE-SAT is based on analysis made by
Europol analysts and experts, contributions from EU Member States, Eurojust, third
countries and other partner organisations (TE-SAT, 2011: 2).
The NCTC (2011: v) defines terrorism in terms of ‘premeditated, politically motivated
violence perpetrated against noncombatant targets by sub-national groups or clandestine
agents’. Based on the world wide incidents tracking system (WITS), the NCTC report
identifies a number of global threat trends in terrorism in 2010 (NCTC, 2011: 5-8), and we
provide a summary overview of the most notable ones:
- +11,500 terrorist attacks occurred in 72 countries; +-50,000 victims were
reported, including +-13,200 fatalities; there is a 5% increase of the number of
attacks, a drop of fatalities for the third consecutive year and a 12 % drop of
fatalities compared to 2009; +75% of terrorist attacks and fatalities in the world
take place in South Asia and the Near East; attacks and fatalities in the Western
hemisphere declined by 25%, and overall, fewest terrorist incidents are reported
in this region; there is a slight decline of the number of attacks and fatalities in
Europe and Eurasia, most of them occurring in Russia (NCTC, 2011: 5-6);
15
- +-60% of terrorist attacks world wide are committed by Sunni extremists, causing
+-70% of fatalities; Sunni extremists conducted 93% of suicide attacks in 2010
NCTC, 2011: 6, 8);
- Armed attacks, including the use of mortars, rocket-propelled grenades, and
missiles, are the most prevalent form of terrorism, closely followed by bombings,
including IEDs and suicide attacks, and kidnapping; Bombings, including suicide
attacks, account for 70% of all fatalities; most victims are wounded by IEDs,
followed by explosives, vehicle bombs and firearms;
- Transportation facilities are among the targets least involved in a terrorist attack;
The EU defines terrorism in terms of acts that aim to ‘intimidate populations, compel
states to comply with the perpetrators demands and/or destabilize the fundamental
political, constitutional, economical or social structures of a country or an international
organization (TE-SAT, 2011: 4). As such, the 2011 EU Terrorism Situation and Trend Report
reports on islamist terrorism, separatist terrorism, left-wing and anarchist terrorism, right-
wing terrorism, and single-issue terrorism. We focus on the following European terrorist
threat trends (TE-SAT, 2011: 4):
- In 2010, 249 terrorist attacks were recorded, resulting in 7 fatalities; 64% of
terrorist attacks are attributed to separatist terrorism, 18% to left-wing terrorism,
and no right-wing terrorism was recorded, only 1% of attacks are attributed to
Islamist terrorism, but 29% of arrests made involved Islamist terrorists; 611
individuals were arrested for terrorist related offences and 307 tried for terrorism
charges; 46 threats statements were made against EU Member States; the
Internet is a crucial facilitator for terrorism and extremism (TE-SAT, 2011: 9, 36);
- Islamist terrorism is believed to be the main, and highly diversified threat to EU;
command and control from outside the EU is decreasing and more lone actors
with EU citizenship are involved in terrorist activities (TE-SAT, 2011: 6);
16
- Connections between terrorist and organised criminal activities appear to be
growing, and there seems to be more international cooperation between
terrorist and extremist groups in and outside the EU (TE-SAT, 2011: 6-7);
The open source trends in terrorism seem to suggest that terrorism, especially from a
global perspective, may not be a priority threat to EU mass transportation facilities, either
because these sites are currently not frequently targeted or because, at this point, law
enforcement agencies and the intelligence community are successful at proactively
detecting and neutralizing such threats (see e.g. the terrorism related arrests versus terrorist
attacks). These trends thus seem to point to the importance of the performance of law
enforcement and the intelligence community for the evaluation of SMTs in mass
transportation sites: whether SMT investments should be made in aviation security or public
transport inevitably requires an assessment of the performance of these agencies and their
ability to provide security in mass transportation sites. The trends in terrorism furthermore
raise the issue of how security management should prioritize security threats, i.e. whether
security policies and SMT investments should be made in terms of the potential impact of a
threat rather than its likelihood of occurrence. Should SMT investments focus on long-term
trends, or should they be incident-based, and to what extent should they include events that
are highly unlikely but disastrous if they were to occur? We will return to both of these
issues when we review risk assessments in mass transportation security (infra).
2.4 Illegal Migration
In our review of transnational organized crime we discussed the issue of smuggling
migrants and trafficking human beings (‘facilitated illegal migration’) as important organized
crime threats to the European Union. In this section we look at both threats more in detail.
Although illegal migration, or what the EU now commonly refers to as ‘irregular migration’,
does not necessarily imply the involvement of organized crime, a significant share of the
estimated 50 million irregular international migrants in the world today are believed to have
paid for assistance in illegally crossing borders (TOCTA, 2010: 55). Even without paying for
assistance, most of the methods identified in the context of organized crime (infra) would
have to be used by the individuals attempting to cross borders.
17
When we refer to facilitated migration and trafficking human beings, both crimes are
organized to obtain financial profits for organized crime groups, and their impact is assessed
in terms of human rights violations, the exploitation and death of migrants and irregular
migration. The TOCTA (2010: 3) estimates that the trafficking in human beings to Europe for
sexual exploitation is a relatively stable threat, generating a gross estimated annual income
of 3 billion dollars, with 140.000 victims in Europe and 70.000 new entries each year. The
most lucrative flow of migrants being smuggled into the EU runs from Africa to Europe,
although this threat seems to be in decline, with 55.000 new entries each year and
generating a gross estimated annual income of 150 million dollars (TOCTA, 2010: 16). Turkey
seems to be the nexus for transit to the EU and Greece is currently a focal issue (see also:
Frontex, 2012). The main mode of transportation for irregular migrants in the African-
European flow is by long land passages or short maritime hops to European Islands (TOCTA,
2010: 5).
The OCTA (2011: 25) specifies that trafficking in human beings preferably occurs by
‘air travel on counterfeit, forged or fraudulently obtained documents’, and that the internet
plays a key role in the recruitment of victims and the advertisement of their services. Victims
are exploited in a range of sectors, including agriculture, construction, textile, healthcare,
domestic service and the sex industry (OCTA, 2011: 25). Facilitated immigration, or the
smuggling of migrants, is mainly facilitated by the use of counterfeit, forged or fraudulently
obtained travel and identity documents, and the abuse and exploitation of asylum
procedures, visa regimes, and legislative loopholes (OCTA, 2011: 25).
For the evaluation of SMTs, irregular migration along the African-European flow
presents a number of important issues (see: UNOCD, 2011: 1-2): (i) diversity of the threat, or
the qualitative differences that exist among organized crime groups in terms of
specialization and professionalism; (ii) the emergence of criminal networks, their
professionalization and specialization, seems to be the outcome of the increased efficiency
of border interdiction; (iii) those that facilitate or assist irregular migration are usually
migrants themselves, they do not perceive of themselves as criminals, just as the irregular
migrants being smuggled or assisted usually do not perceive of themselves as victims; (iv) a
great majority of people from the African-European flow with an irregular status in Europe
seem to have crossed the border legally, mostly by air, ‘before overstaying the period of
their visa or other permission to remain’ (UNOCD, 2011: 12).
18
2.5 Cybercrime
Though ‘cybercrime’ connects to all of the security threats that we have discussed
thus far, it is considered to be a distinct policy issue in the European field of crime control
(see e.g. the iOCTA reports). Cyber crimes can be defined in terms of terrorism (cyber
terror), they can refer to practices that are of geo-strategic importance (cyber warfare), they
can be committed by organized crime groups, governments, the private sector and
individuals, they can be described in terms of offences against computer data and systems
(‘hacking’), or they can refer to criminal practices that are not new in themselves (e.g. theft,
fraud, child pornography, copyright infringements) but are distinct because of the use of
computer and e-communication networks.
The TOCTA (2010: 12, 17) identifies identity theft and child pornography as the most
problematic global cybercrime threats, though trends in these field are hard to assess and
thus unclear. Globally, identity theft makes an estimated 1,5 million victims on an annual
basis and generates an estimated 1 billion dollars (TOCTA, 2010: 205). Most victims are
believed to be located in the US, the theft and trade of credit card information and bank
account credentials are believed to be the most common forms of identity theft, its impact is
assessed in terms of an increase in the cost of credit, a loss of trust in e-commerce and the
negative effects on the economy in general, and although data acquisition is an individual
activity, the generated criminal proceeds can be controlled by organized crime groups
(TOCTA, 2010: 205). The TOCTA (2010: 211) suggests that child pornography generates over
50.000 new images on an annual basis and an estimated 250 million dollars in criminal
proceeds, it involves individual offenders organized through social networks, and its impact
is assessed in terms of child victimization (TOCTA, 2010: 211).
Europol (iOCTA, 2011: 10) identifies cloud computing and corporate virtual worlds as
two important emerging threat scenarios in the EU. Cloud computing refers to the trend that
‘individuals and organisations are increasingly opting to outsource their data storage to third
parties, as a cost-saving option and to enable remote access to data from any location’,
which raises concerns about the risks of remote access, the vulnerabilities of the stored data
to external attacks, the proper enforcement of security measures by the storage provider,
and whether these measures are sufficiently understood by the data owner or customer
19
(iOCTA, 2011: 10). The threat of corporate virtual worlds refers to the use of (corporate)
social sites and ‘other Web 2.0 functionalities to distribute crimeware’ (…) and ‘the the
potential to infect corporate networks with spyware and other means to harvest large
amounts of personal, corporate and financial data for profit’ (iOCTA, 2011: 10).
McAffee (2012: 3-9) assesses a number of emerging threats and estimates the further
development of these threats in 2012: (i) a maturation and segmentation of industrial
threats; (ii) a widening and deepening of embedded hardware attacks; (iii) the reboot and
evolution of ‘Hacktivism’ and ‘Anonymous’; (iv) more and broader attacks on virtual currency
systems, i.e. services that allow people to exchange money online (McAffee, 2012: 5); (v)
increased potential for cyber war; (vi) new threat vectors will emerge due to Domain Name
System Security Extensions (DNSSEC), which is a technology ‘to protect name-resolution
services from spoofing and cache poisoning by using a “web of trust” based on public-key
cryptography’ (McAffee, 2012: 7); (vii) spearphishing, which is a targeted form of phishing,
i.e. a way to obtain personal data by posing as a legitimate entity, will become more
important; (viii) increased attacks on smart phones, mobile devices and mobile banking with
the further development and convergence of mobile botnets and rootkits, the latter
referring to malicious software that is used to conceal programs and activities on a computer
from detection; (ix) the abuse of digital signatures and certificate authorities; (x) attacks on
hardware and the further development of botnets, rootkits and bootkits to subvert
operating systems and security.
Finally, in its internet security report, Symantec (2011: 4-5) lists the top threat trends
identified in 2010: (i) the use of targeted attacks against major public and private
organizations by exploiting the trustworthiness of the source; (ii) the abuse of social
networks, with the ability to collect information about a target online, so that hackers can
develop hard to detect social engineering attacks; (iii) the use of zero-day vulnerabilities and
rootkits to avoid detection; (iv) a growing proliferation of Web-attack toolkits; (v) the abuse
of smart phones (applications) and other mobile applications.
2.6 Conclusion
Our review of the current state of affairs of key security threats in transnational
organized crime, transnational white-collar crime, terrorism, illegal migration, and cyber
20
crime has surfaced important and concrete focal issues that decision-makers can use to
evaluate SMT proposals from a security perspective. In addition to identifying and
highlighting concrete threats, we found a number of clues about the nature of these threats
that pose important challenges for the evaluation of SMTs.
First, we found that the 5 security threats are best perceived in terms of flows, rather
then static and highly localized events. Airports and mass transportation sites are thus
caught up in a transnational flow of illicit activities of which the origins and effects are well
beyond the scope of local decision-makers and security experts. This suggests that
investments in SMTs are not merely to be considered from a local perspective, in terms of
what happens in one particular airport or mass transportation site, but that a European
focus is required.
Second, we found that the implementation of SMTs matters profoundly to the flows
of illicit activities and the emergence and development of new security threats. SMTs create
criminal opportunities and they can prompt criminal flows to transform and displace. What
this means is that the organization of a security assemblage in one particular airport or mass
transportation site does not only matter to the nature of the flow of illicit activities to that
site. It equally matters to the organization of security assemblages in other mass
transportation sites the site is connected to and which might be located elsewhere.
Third, both the TOCTA and OCTA revealed the situated nature of many security
threats (e.g. the different European hubs identified in the OCTA). Airports and mass
transportation sites are inevitably located somewhere, and the flow of illicit activities thus
poses different security challenges to different sites. In addition to understanding their role
in providing security within a wider network of security systems and illicit flows, decision-
makers in particular sites do need to consider tailored made SMT policies to tackle issues
that impact upon their site. This raises the issue whether the use of transnational threat
assessments can suffice for the evaluation of SMTs in those local sites. Van Duyne and
Vander Beken (2009) have argued that transnational threat assessments, like the Europol
OCTA, are highly dependent on the information the Member States are willing to provide
and that the information that is disclosed is of a very general nature and not always based
on clear developed concepts, definitions and methods. The TOCTA (2010: v) suggests that
although transnational threat assessments do intend to improve decision-makers
21
knowledgebase about security threats, the available data is rather limited, often out-of-date
and frequently conflicting, rendering quantitative estimates, in particular, imprecise.
In other words, the transnational threat assessments we have reviewed do inform
decision-makers about emerging trends, patterns and flows, but they do not provide in
detail information about security threats to the airports and mass transportation sites we
focus on in SIAM. We thus need to explore the implications of the documented threats to
our case studies. We need to understand how decision makers and security experts assess
threats like terrorism, organized crime, cyber crime, white-collar crime and illegal migration.
What do these phenomena mean exactly to the experts and decision makers in our case
studies? As the empirical exploration of these questions will be further developed in task
6.3, for task 6.2 we will focus on the conceptual issue of how information about security
threats is obtained in mass transportation sites. To that end we conduct a literature review
of contemporary trends in policing and security management, with a specific focus on the
use of threat assessments in mass transportation sites.
3. Assessing security threats: flows, nodes and proactiveness
Security experts and policymakers in the field of crime control no longer focus only
on developing reactive responses to crime, they want to be informed about coming
challenges and threats in order to take appropriate preventive or anticipatory action (e.g.
Ericson and Haggerty, 1997; Zedner, 2007; Boyle and Haggerty, 2009; Anderson, 2010)8. In
the EU, various threat assessments have been developed to allow policymakers to go
beyond traditional descriptive reports of crime and identify risks and threats to society
(Verfaillie and Vander Beken, 2008; Vander Beken and Verfaillie, 2010; see also infra).
The EU’s approach to crime thus subscribes to what Maguire (2000) has defined as
intelligence-led policing (Vander Beken and Verfaillie, 2010; see also Heaton, 2000; Cope,
2004; Sheptycki, 2005; Maguire and John, 2006; Ratcliffe 2008; Ratcliffe and Guidetti, 2008):
‘a strategic, future-oriented and targeted approach to crime control, focusing upon the
identification, analysis and ‘‘management’’ of persisting and developing “problems” or
“risks” (which may be particular people, activities or areas), rather than on the reactive
8 See also FP7 FESTOS: ‘Foresight of evolving security threats posed by emerging Technologies’:
http://www.festos.org/
22
investigation and detection of individual crimes’ (Maguire, 2000: 315). Ratcliffe and Guidetti
(2008: 111) suggest that intelligence-led policing is not a methodology to gather
information, it is a business model and ‘an information-organizing process that allows police
agencies to better understand their crime problems and take a measure of the resources
available to be able to decide on an enforcement tactic or prevention strategy best designed
to control crime’. Crime intelligence is thus used to direct police resources with the aim of
reducing and preventing (serious) crime, and disrupting criminal activities (Ratcliffe, 2008).
The European field of crime control thus promotes the use of intelligence to allow for a
proactive approach: decision makers want to be informed about significant and emerging
challenges and threats to anticipate, plan and take appropriate preventive action, and target
their crime control efforts better. The key objective is then for law enforcement agencies to
develop proactive or future-oriented law enforcement action, i.e. to develop plans and tools
that can aid decision-makers in the assessment of criminal goals, objectives and intentions
(Verfaillie, et. al., 2006).
3.1 Nodal security governance
The past decades, and in particular in the wake of the 9/11 terrorist events, airports
and mass transportation sites have been identified as high-risk locations that require a
strategic, future-oriented and targeted approach in which particular people, activities or
areas need to be identified, analysed and managed for security purposes. Such locations
have been described as ‘nodes’ that require a ‘nodal orientation’ (Bekkers, van Sluis and
Siep, 2006; van Sluis and Bekkers, 2009: 78-80; van Sluis, Marks and Bekkers, 2011; Marks,
Van Sluis and Bekkers, 2012). A nodal orientation focuses on the management of ‘nodes’ and
‘flows’. People, goods, energy, capital and information move from one location to the other
(‘flows’). As they do, they make use of physical and virtual infrastructures and spaces, where
they mingle, merge and connect (‘nodes’). From a nodal security perspective, security
experts thus focus, and intend to govern the nodes where flows come together.
The monitoring and governance of flows, nodes, infrastructures and spaces implies
that a variety of security experts and stakeholders are involved in the management of
security issues. Wood and Shearing (2007; Shearing, 2005: 58) have referred to this plurality
of actors in the governance of nodes as ‘nodal security governance’, or the idea that the
23
public police are but one node in a security network. It is important to distinguish between
the notion of nodal policing as it was introduced by Shearing (2005) and the Dutch notion of
nodal policing, i.e. ‘nodal orientation’. The former refers to the idea that security is governed
through security networks that consist of different nodes (e.g. the police)9. The latter
accepts that same idea but adds a perspective on policing that focuses on infrastructural
networks (Van Sluis, Marks and Bekkers, 2011: 365).
In this review we focus mainly on the Dutch interpretation of nodal policing as it was
first adopted by the Dutch Board of Police Chiefs (2005) in the strategy document ‘police in
evolution’ and further developed by Bekkers, van Sluis and Siep (2006). We focus on this
perspective as it seems to integrate and reinvigorate many of the conceptual discussions
about ‘policing’ and the police function that have been conducted the previous decades
(Hoogenboom, 2009), and, more important, it is one of the very few and recently developed
perspectives on policing described in police literature that explicitly recognises the
particularity of policing mass transportation sites, providing an innovative framework to
analyse and comprehend modern security assemblages in such contexts. As such, the notion
of nodal orientation connects to our findings in the first part of this review, which suggest
that we can perceive of airports and mass transportation sites as nodes in which flows of
people, goods, energy, capital and information come together. As these flows pass through
the node they become the object of various monitoring and governance practices of a
variety of security experts and stakeholders all involved in the management of security. We
will review the key findings of a case study of Schiphol international airport that was
developed by Van Sluis and Bekkers (2009: 78-92). These case-study results will allow us to
illustrate and elaborate on the notion of a nodal orientation and nodal security governance
in mass transportation sites so that we can understand how security threats are assessed in
such locations.
3.2 Nodal orientation at Schiphol International Airport
Schiphol is a node, it represents a node of infrastructures (air, road, rail) in which
mainly people and goods flow and a diverse set of public and private activities are
9 The idea of networked security governance is an important and much-debated trend in policing and crime
control (see e.g. Bailey and Shearing (1996), Loader (2000), Garland (2001), Loader and Sparks (2002), Woods (2006), Crawford (2007), Brodeur (2010), for an overview and critique see: Jones and Newburn (2002))
24
performed 24/7. For the management of security issues Schiphol distinguishes between
safety and security (Van Sluis and Bekkers, 2009: 81-82; see also, supra). The management of
safety implies the involvement of actors and stakeholders that focus on problems that
emerge unintentionally, such as aviation safety, environmental safety, traffic safety, and fire
safety. The management of security implies the involvement of actors and stakeholders that
focus on the protection against deliberate acts and threats, guarding and the security of the
public. Safety and security are secured through the use of public-private cooperation
schemes, CCTV systems, control of (and intervening in) flows of goods and people in
aviation, rail and road; the use of information and information management; control of hand
luggage; the demarcation of security areas and the use of biometrics to secure access to
specific areas; the use of security scans and cooperation with the US (Van Sluis and Bekkers,
2009: 82-85).
The Dutch nodal orientation, the governance of flows within the node that is
Schiphol10, thus involves a wide array of public and private (security) actors and
technologies, each with their proper focus, competences and responsibilities in providing
safety and security, either in terms of inspection, guarding, monitoring, order maintenance
or prosecution. In order for this multitude of actors, technologies and policies to be
successful in providing safety and security from a nodal orientation perspective, Van Sluis
and Bekkers (2009: 86-90) have identified a number of important prerequisites and critical
success factors:
(i) The development of nodal strategies and methods
The basic idea behind nodal orientation is that nodes provide important focal issues
for policing, regardless of any imminent threat, precisely because these are locations where
important (illicit) flows pass through or connect. As such, nodal strategies and methods have
to be developed that allow security experts to render potentially harmful behaviour
‘transparent’ (van Sluis and Bekkers, 2009: 78). To that end, security experts will focus on
monitoring flows and securing infrastructure access and exit points (e.g. iris scans, body
10
Van Sluis and Bekkers (2009: 87) argue that Schiphol, as a node, in itself contains multiple sub nodes (e.g. baggage handling hubs). What is thus important is that a node is a location or space where flows of people and or goods, communication, energy and so forth come together.
25
scans). What is considered ‘normal’, deviant’ or potentially harmful is either determined in
terms of checking forbidden goods (e.g. body scanners) or assessing people and goods based
on information in databases (e.g. automatic licence plate recognition systems), or it can be
determined in terms of the way flows or nodes are supposed to operate. Security experts
and analysts will then focus on behaviour in a node or flow that deviates from how these
nodes and flows are expected to function (see also: Marks, Van Sluis and Bekkers, 2012).
(ii) Cooperation and governance
A nodal orientation implies that the plurality of actors and technologies involved in
policing a node come to understand and accept that they operate within a node and that
they share a common interest (Van Sluis and Bekkers, 2009: 87). This requires different
stakeholders and security actors to reflect on their role and position within a network of
security actors, and this should be done for each node and flow. Cooperation and
governance thus requires communication platforms and cooperation agreements.
(iii) Information gathering and information management
Nodal orientation strategies are based on intelligence gathering and sharing so that a
proactive approach can be developed (Van Sluis and Bekkers, 2009: 88). If these strategies
are to be successful security experts need to gather information about vulnerabilities and
obtain information from a variety of sources so that risk profiles and relations can be
detected.
So a nodal orientation strategy implies that security experts need to be able to
monitor flows and secure or control access and exit points. They need to develop
cooperation and governance schemes in which responsibilities are clearly defined.
Information needs to be gathered and shared so that risk profiles might be developed that
allow for proactive action. Based on their case-study, however, van Sluis and Bekkers (2009:
86-88) identify a number of challenges a nodal orientation perspective faces, but remain
underdeveloped. First, there is the issue of proactiveness. If security experts are to draft risk
profiles from the information they gather and if they are to monitor flows and secure or
control access and exit points in meaningful ways, ways that allows them to provide security
26
proactively, much more investments need to be made in the quality of risk definitions, risk
analysis, and risk evaluation, training of analysts to detect meaningful patterns and to
understand the dynamics of flows and nodes. Second, to develop clear risk concepts and to
understand the dynamics of flows and nodes is to invest in the development of a common
vision, cooperation and coordination among the different stakeholders involved in providing
security. Third, a common vision, cooperation and coordination requires stakeholders to
invest, first and foremost, in a fundamental debate about what it means to provide security.
What is security exactly, and what is deviant, suspicious or potentially harmful behaviour?
How do we want to organize security and at what cost? Fourth, a nodal orientation
perspective can have profound implications on privacy and requires a thorough reflection
about checks and balances. The need to create a common understanding about security
should thus inevitably be linked with a debate about safeguarding privacy and oversight.
3.3 Conclusion
Thus far we have reviewed the state-of-the-art in global and European threat
assessments in the 5 security fields identified in SIAM. We have reviewed contemporary
trends in policing mass transportation sites to better understand how decision-makers and
security experts intend to provide security, and we found that they try to come to grips with
the management of security in an age of networks and flows. The policing of networks and
flows requires information and the creation of intelligence so that security experts can
develop proactive strategies to tackle security threats. With our review of nodal policing,
and the Dutch nodal orientation perspective in particular, we found that policing mass
transportation sites is perceived in terms of monitoring flows, securing access and exit
points, developing cooperation and coordination schemes among a variety of security
stakeholders, and organizing information gathering and information management to allow
for proactive security strategies. At the same time, however, Van Sluis and Bekkers (2009)
suggested that most of these key notions are rather underdeveloped (see also: Van Sluis,
Marks and Bekkers, 2011) and raise particular but unresolved challenges in the field of
privacy and oversight.
The past decades airports and mass transportation sites have indeed developed a
wide variety of practices to assess security threats and gather information so that they can
27
move beyond the traditional reactive response to crime. ‘To be proactive’, however, has
come to mean a wide variety of things and has come to refer to a wide range of practices
among which considerable differences exist. Governments, airports and mass transportation
sites invest in security actors and technologies, and use various risk and threat assessments.
Some of them conduct critical infrastructure and vulnerability analyses, they use red teams,
threat image projections and role plays to improve awareness and avoid a cognitive bias of
security staff and management. Airports and mass transportation sites are the object of
scenario exercises, strategic warning and early warning systems. All of these practices are
developed with a focus on the future, the prevention of threats, and in case of contingency
planning and resilience studies, decision-makers attempt to mitigate the consequences of
possible future threats.
In the remainder of this review, we will thus explore what methodologies exist for
the assessment of threats in airports and mass transportation sites. In line of our findings
thus far, these should be methodologies that allow decision-makers to go beyond the threat
information provided in the global and European threat reports, but at the same time allow
them to further exploit that information to develop proactive threat assessments that can be
used as an integral part of an SMT evaluation.
4. Two models of proactive mass transportation security
In the wake of 9/11, governments have taken significant steps to shape and redesign
the organization of security in mass transportation sites, and in civil aviation in particular.
From 2002 onwards, the European Parliament and the Commission have established a set of
common rules for civil aviation security to harmonize airport security policies in the EU11 in
11
See Regulation (EC) No 2320/2002, which was repealed by Regulation (EC) No 300/2008 to simplify, further harmonize, and clarify the existing rules on civil aviation security and to improve the levels of security. In 2009, the basic common standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 were supplemented by the Commission Regulation (EC) No 272/2009 and Commission Regulation (EU) No 1254/2009 set criteria to allow Member States to derogate from the common standards on civil aviation security and adopt alternative security measures. In 2010, Regulation (EC) No 300/2008 was amended by the Regulation (EU) No 18/2010, which provides specifications for national quality control programmes in the field of civil aviation security. Commission Regulation (EU) No 72/2010 laid down procedures for conducting Commission inspections in aviation security and Commission Regulation (EU) No 185/2010 laid down detailed measures for the implementation of the common basic standards on aviation security. This last Regulation has been amended to further enhance harmonization and a common interpretation of aviation security in the EU and its application to third countries (see e.g. Commission Regulation (EC) No 1087/2011, Commission Regulation (EC) No 1147/2011, and Commission Regulation (EC) No 173/2012).
28
terms of a common interpretation of ICAO Annex 17 to the Convention on International Civil
Aviation, commonly referred to as the Chicago convention, which covers the minimum
aviation security standards and recommended practices for international civil aviation (ICAO,
2006).
For the implementation of Annex 17, policymakers developed a Security Manual for
Safeguarding Civil Aviation Against Acts of Unlawful Interference, which is a restricted
document (doc 8973) that intends to assist States bound by the convention for the
application of the Convention’s standards and recommended practices (ICAO, 2012). The
ICAO suggests that both Annex 17 and doc 8973 are ‘constantly being reviewed and
amended in light of new threats and technological developments that have a bearing on the
effectiveness of measures designed to prevent acts of unlawful interference’. In its latest
2010 edition, doc 8973 provides guidelines for (i) the national organization and
administration; (ii) recruitment, selection and training; (iii) airport security, organization,
programme and design requirements; (iv) preventive security measures; (v) crisis
management and response to acts of unlawful interference. These last set of guidelines
focus on, and emphasize, the importance of ‘threat and risk assessments, contingency plans,
the collection and transmission of information during an act of unlawful interference, and
the subsequent review, analysis and reporting of any act of unlawful interference’ (ICAO,
2012).
Poole (2009: 9) suggests that the Chicago convention contains an important paradox in
how it intends to harmonize and develop security in civil aviation. On the one hand,
‘Standard 3.1.3 of Annex 17 states that each contracting state ‘shall keep under
constant review the level of threat to civil aviation within its territory, and establish and
implement policies and procedures to adjust relevant elements of its national civil
aviation security program, based on a security risk assessment carried out by the
relevant national authorities’ (Poole, 2009: 9).
On the other hand, Poole (2009: 9) points out that
‘Annex 17 goes on to provide standards for pre-board screening of passengers and
baggage, the quality of screeners and periodic testing of them, passenger-bag
29
reconciliation, cargo security controls, access control via secure identification and
random screening, and airport perimeter control. Other Annexes provide for secured
cockpit doors, procedures for dealing with disruptive passengers, and air marshals. In
other words, there is tension between the implication that various inputs and methods
must be used and the directive that decisions should derive from risk analysis based on
up-to-date intelligence’.
The same ambiguity or tension between advising governments what measures have to
be in place and suggesting that decisions about security measures should be based on risk
assessments and up-to-date intelligence can be found in EU Regulation (EC) No 300/2008,
which harmonizes EU aiport secrutiy in providing a common interpretation of the Chicago
convention. On the one hand, Regulation (EC) No 300/2008 and Commission Regulation (EU)
No 185/2010, specify in detail how the common basic standards on aviation security in the
EU have to be implemented. Although these regulations leave some room for choice about
implementing SMTs, they do intend to harmonize security policies, which inevitably implies a
significant reduction of the choices that can be made about the use of SMTs by particular
airports throughout the EU. On the other hand, however, Regulation (EC) No 300/2008
points to the importance of evolving risk assessments to legislation, it allows Member States
to apply more stringent measures laid down in the Regulation on the basis of risk
assessments, as long as these measures are in compliance with Community law, relevant,
objective, nondiscriminatory and proportional to the risk that is being addressed, and it
allows Member States to derogate from the common basic standards to adopt alternative
security measures that provide an adequate level of protection on the basis of a local risk
assessment. Commission Regulation (EU) No 1254/2009, which regulates the derogation
from the basic standards and the adoption of alternative measures suggests that these
alternative measures can be less stringent than the standards proscribed in Regulation (EC)
No 300/2008 (see also: Poole, 2009).
The EU has thus put in place detailed standards about what security in aiports is and
how such sites should be organized to that end. These standards have come about, and
continue to transform, in terms of past events and technological innovations. Information
about past threats is used to adopt new security policies. From this perspective, ‘to be
proactive’ means to provide security in terms of events that have occurred, and measures
30
are put forward to prevent these events to occur again, not only at the same location but in
other locations as well. The basic assumption is thus that future threats will evolve in a
similar manner and investment in SMTs are needed to prevent these threats from unfolding,
regardless of the actual indication that any threat will or might unfold at any particular
location.
The prominence of risk assessments in aviation security legislation and policy can then
be seen as a way to objectify the implementation of any alternative measures, be it more or
less stringent ones. Risk assessments are thus used to develop more-tailored security
policies. They allow to prioritize and differentiate security policies in terms of relevant threat
levels, the kind of facility or the nature of traffic (for the latter see: Regulation (EU) No
1254/2009). As they seem more sensitive to actual threat levels, to the intent and capability
of offenders, and to the nature of the facility or context to be protected, they imply a
different approach to the proactive assessment of security threats in mass transportation
sites than the use of standards and recommended practices.
The use of risk assessments is likely to become more important for the assessment of
security threats in the EU field of mass transportation, and the tension between the two
approaches to proactiveness is a key issue in the public debate. Although, at this point, there
is no common formalized EU risk assessment approach in place to support mass
transportation security assessments, both EU policymakers and important industry
stakeholders have issued policies or have expressed their desire to move toward more risk-
based security policies.
For the movement of goods across borders an EU Security Amendment of the Customs
Code and the Common Customs Risk Management Framework (CRMF) was completed in
January 2011, ‘including systematic electronic submission of pre-arrival and pre-departure
declarations by trade, electronic risk analysis by EU customs, exchange of messages through
the Common Customs Risk Management System (CRMS) and the Authorised Economic
Operator (AEO) programme’, and further efforts will be made ‘to improve capabilities for
risk analysis and targeting’ (COM(2011) 790: 23).
Although from the Chicago convention and its restricted doc ICAO 8973, one might
infer that common guidelines about the use of risk and threat assessments in civil aviation
do exist (supra), in its recent First Annual Report on the implementation of the EU Internal
Security (COM(2011) 790: 8-9) the Commission announced that although Europol, Frontex,
31
the EU Joint Situation Centre (SitCen), and the European Commission's Monitoring and
Information Centre allow the EU ‘to draw on certain capacity and expertise in information
gathering, analysis, threat assessment and emergency response in the different areas of
internal security’ (…), ‘one of the main challenges for the coming years will be to move
gradually towards a coherent risk management policy, linking threat and risk assessment to
policy formulation and implementation’12.
Industry stakeholders too have argued for an increased use of risk-based security
policies, and they have done so mainly in terms of cost-reduction and passenger comfort. In
civil aviation, the Association of European Airlines (AEA) and the Airports Council
International – Europe (ACI Europe) issued a joint statement (ACIE/AEA, 2011) in which they
suggest that the burden for organizing aviation security is too high: whereas before 9/11,
security accounted for 5-8% of the operating cost, it now represents an estimated average of
29%, and these resources are invested in security technologies and security staff, which now
represent 41% of the total workforce. The ACIE/AEA (2011) suggest that the build up of
security investments have come to inconvenience passengers and that ‘resources should be
focused on passengers that pose a genuine threat’. They welcome EU initiatives such as the
‘one-stop’ security concept, ‘where a passenger or cargo consignment deemed ‘safe’ at any
EU airport continues to be regarded as ‘safe’ throughout the journey’, but argue that more
efforts need to be made in the international dimension, i.e. the development a global
perspective on aviation security.
To mitigate these problems the ACIE/AEA (2011) announce the project ‘Better Security’
to further reform and streamline aviation security in the future. ‘Better security’ implies that
security investments focus on ‘dangerous intent instead of dangerous objects’, which
12 It is unclear, however, to what extent and how exactly the development of a common EU risk assessment policy will apply to transnational crime and irregular migration, the 5 threats identified in SIAM. In the Commission Working Staff Paper (SEC(2010)1626: 6) about Risk Assessment and Mapping Guidelines for Disaster Management, the Commission suggests that its risk assessment and mapping guidelines apply to all natural and man-made disasters, including chemical, biological, radiological and nuclear disasters, but ‘armed conflicts and threat assessments on terrorism and other malicious threats’ are explicitly excluded. In its First Annual Report on the implementation of the EU Internal Security Strategy (COM(2011)790: 8-9), however, ‘the threat of malicious acts’ is included, although here too a common risk assessment policy is referred to in terms of crises and disaster management. The Commission furthermore clearly distinguishes between the need to further develop both the (existing) threat assessments and risk assessments, and for issues such as border management integrated interagency risk assessments should be developed. In 2014, all these efforts should culminate in a coherent risk management policy linking threat and risk assessments to decision making (COM 2010)673: 14; COM(2011)790).
32
requires ‘international cooperation and data sharing to strengthen the effectiveness of
passenger profiling’. Security strategies should be ‘proactive, not responsive’, i.e. ‘highly
unpredictable, but consistently adhered to, and based on effectiveness, not on past events’.
Security technologies must be further developed to provide high levels of security, ‘while
minimising passenger disruption’.
In November 2011, 14 European Member States of the ICAO agreed on a strategy to
improve aviation security in which the ‘risks to the security of international air transport
must be addressed through proactive and holistic means to detect threats, prevent unlawful
interference, assure the timely response to attacks and attempted attacks when they occur
and ensure air transport system resilience’ (ICAO, 2011). Initiatives the Member States have
committed to will focus on reducing ‘costly disruptions and delays’ (…) ‘through modern
detection technologies, one-stop security arrangements and more robust identity
management and document validation systems’ (…) ‘risk-based security measures, more
rapid sharing of security-critical information among government and industry stakeholders,
exchanges of best practices, enhanced security training and assistance to States in capacity
building and strengthening of national security systems’ (ICAO, 2011).
In the field of land transport security, in particular the transport of passengers over
land, a common EU security policy is not yet in place, and here too the nature of
proactiveness, deciding on common EU security policies and standards to prevent security
threats or focussing on more tailored risk-based security policies, is a much-debated issue.
Industry and public transport stakeholders explicitly denounce the need for a mandatory
standardisation or regulation in public transport security (UITP13, 2011)14. They argue that
both the threats and the features of public transport are distinct from the field of civil
aviation so that security policies and strategies from that field should not be transposed and
a one-sided focus on terrorism should be avoided. The public transport sector is a highly
diverse field of actors (e.g urban public transport versus long-distance passenger rail or rail
freight), each facing very different threats, which requires risk-based security policies,
‘tailored to the specific context and security threats faced’ (CER, et. al., 2011; UITP, 2011).
13
The UITP is the International Association of Public Transport, an international network for public transport authorities and operators, policy decision-makers, scientific institutes and the public transport supply and service industry. 14
See also the Joint letter from CER, COLPOFER, EIM, ERFA, RAILPOL, UIC and UITP (7/4/2011), representing the public transport and rail industry in Europe, to Matthias Ruete, Director of the DG MOVE: http://www.uitp.org/mos/positionspapers/130-en.pdf
33
According to the stakeholders, the EU should first and foremost support and facilitate these
tailored security policies at the strategic level, while avoiding a ‘common European approach
and/or policy on security which would be binding for all public transport networks in the EU’:
‘standardisation on specific technical topics could be useful’, (…) e.g. standardisation for the
exchangeability of images from video surveillance systems, (…) ‘but the standardisation of
operational procedures is neither practical nor beneficial’ (UITP, 2011).
The EU’s Internal Security Strategy (COM 2010) 673: 8) argues ‘for a more active
European approach to the broad and complex area of land transport security, and in
particular to the security of passenger transport’ in urban transport, ‘local and regional rail
and high-speed rail, including related infrastructure’. In its white paper Roadmap to a Single
European Transport Area – Towards a competitive and resource efficient transport system
(COM(2011)144: 11), the Commission suggests that a European approach to land transport
security needs to be found ‘in those areas where EU action has an added value’. That
approach will require public transport to have appropriate security systems in place, with
common EU security standards for the high-speed rail network as one of the priorities to be
assessed in 2012, but the focus will be on ‘setting security outcomes, rather than
prescriptive security requirements for transport’ ((COM, 2011)790: 17).
5. Risk-based security policies: threats, vulnerabilities, and criticalities
Thus far, we found that there are distinct ways to define and gather information on
security threats in the EU, and each of these perspectives and methodologies has different
implications for the use and evaluation of SMTs in mass transportation sites15. The global
and European threat assessments we reviewed focus mainly on the nature of past unlawful
acts and the capability and intent offenders have shown to commit these acts. Depending on
the qualitity of the available information, they prove to be valuable tools that show how and
where security threats manifest themselves, who is involved, and what the trends are.
Global and European threat assessments alone, however, do not provide a methodology
that allows decision-makers to assess the implications of the documented threat trends to a
15
To argue that these approaches are distinct is not to suggest that in practice they do not intertwine or that they are incompatible. As is obvious from our policy review, the EU is exploring meaningful ways to integrate the use of threat and risk assessments and the use of mandatory standardisation or regulation.
34
particular site or context. Analysis of these implications is important for the evaluation of
SMTs.
Mandatory standardisation or regulation of mass transportation security implies a top-
down definition and proscription of security and the organization of security through
regulations and standards, often developed in light of high impact past events or attempts,
and implemented across a sector and or region (e.g. ban on liquids). Even when the
standards and regulations allow for derogations or alternative security policies, which they
do, there still is relatively little room for extensive tailored or situated decision-making about
the use of SMTs.
A most prominent trend in the EU, however, seems to be the use of risk assessments to
assess security risks. Although, at this point, there is no common (disclosed) and formalized
EU risk assessment approach for transport security in place, its growing importance for the
assessment of security issues (and thus for the assessment of SMTs) suggests that we need
to explore this issue further to understand what risk assessments are, what information they
require to assess risks, and what the implications are as to how security experts assess
security threats, possible targets and consequences. Our aim is not to provide an in detail
review of the wide-range of risk assessment techniques and typologies that exist. We focus
on a quantitative and a qualitative risk assessment application in mass transportation
settings to understand their basic principles and how they are applied in such contexts. As
such, we will be able to assess whether risk assessments can overcome some of the focal
issues and challenges we encountered thus far in assessing security threats.
35
5.1 A quantitative risk assessment model for airport security
Tamasi and Demichela (2011: 893) suggest that although there are various ways to
conduct a risk assessment, they always consist of three basic elements: a threat assessment,
a vulnerability assessment, and a criticality assessment16. In airport security, risk
assessments have to empasize ‘the level of the current risk, the possible consequences of
attacks, and the actions to be undertaken if the residual risk is superior to the tolerable
values’ (Tamasi and Demichela, 2011: 893)17. Quantitative risk assessments in airport sites
should focus on (i) assessing threats, i.e. detecting the presence of hostile groups in the
home territory; evaluating the threat level in the nation; and evaluating the threat level near
airports; (ii) assessing vulnerabilities, i.e. analysing the critical points and the functional
importance of airport systems and infrastructures; evaluating protection systems for every
critical airport infrastructure and evaluation of the accessibility and vulnerability levels; (iii)
assessing criticality, i.e. analysing the potential accidental scenarios consequent to the
success of the attacks on critical targets; analysing the costs for the re-establishment of the
critical targets; and evaluation of the missed indirect incomes because of their unavailability;
evaluation of the economic losses related to every accidental scenario (Tamasi and
Demichela, 2011: 893).
16
We adopt the work of Tamasi and Demichela (2011) as they provide a basic overview of risk assessment principles and apply this to airport contexts. We do not refer to the EU guidelines for risk assessments here, as these were first and foremost developed to assess natural hazards and disasters. Further developments in EU policymaking will show if these guidelines will apply to transport security, and how they will be applied to that end. 17
For a visualization of the risk assessment approach see: fig 1 (Tamasi and Demichela, 2011: 894).
36
Fig. 1 Risk assessment approach in airports (Tamasi and Demichela, 2011: 893)
According to Tamasi and Demichela (2011: 893), risks can be quantified in terms of
the threat assessment, i.e. ‘the likelihood that a specific type of attack will be initiated
against a specific target (scenario)’, the vulnerability assessment, i.e. ‘the likelihood that
various safeguards against a scenario will fail’, and the criticality assessment, i.e. the
quantified ‘magnitude of the negative effects if the attack is successful’: [Threat (T) x
Vulnerability (V)] x Criticality (C). As such, the ultimate goal of conducting a risk assessment
is ‘to evaluate the risk associated to each critical element of the airport and the loss related
to the succes of the threats’ so that decisions about security investments can be considered
in light of risk impacts (Tamasi and Demichela, 2011: 893).
37
5.2 A qualitative risk assessment model for public transport security
In 2009, COUNTERACT18, a European research project coordinated by the
International Association of Public Transport (UITP), developed tools and guidelines to
improve security policies, in particular in the field of terrorism, of public transport
organizations. One of the objectives was to provide public transport organizations with
generic guidelines to assess security risks, and to that end a qualitative risk assessment
methodology was developed, tailored to the specific needs of the sector (Barr and Luyten
2010: 22-25; 2011). A qualitative risk assessment is based on expert opinion, not on
quantitative data sets, so it does not involve (or allow for) a calculation of measures of
likelihood, probability or impact. If quantitative data sets are used, they underpin the
qualitative expert assessment. Quantiative risk assessments are only as strong as the data
sets they are based on, just as qualitative risk assessments are dependent on the nature of
the experts and the quality of expertise. The preparation of the assessment and the
development of the different risk assessment steps should therefore be done in workshops
in which experts with relevant and qualitative expertise can participate.
The generic guidelines are straightforward and easy to use, and involve a step by step
process in which a matrix is filled out (see fig. 2). Experts have to select threats (top row) and
assets (left column). For each threat, the ‘probability of occurrence’ needs to be assessed,
ranging from very unlikely to very high (top of each square) and the ‘impact and severity’ of
each threat for each asset (bottom of each square), ranging from uncritical to disastrous.
Probability and impact and severity are not calculated or assessed in quantitative terms,
they require experts to reach a consensus about these notions in the preparatory phase of
the workshops.
18
Cluster Of User Networks in Transport and Energy Relating to Anti-terrorist ACTivities. More information about Counteract can be found at: http://www.uitp.org/eupolicy/projects-details.cfm?id=433. We review the qualitative methodology as it was published by Barr and Luyten (PTI, 2010).
38
Fig. 2 Qualitative riskassessment for public transport organizations (Barr and Luyten, 2010)
Finally, the ‘probability of occurrence’ and impact and severity are combined to
create risk categories (see fig. 3). Here too, the numbers and risk scores that are attributed
are used to better differentiate the risks so that a ranking of risks can be visualized.
39
Fig. 3 Risk categories (Barr and Luyten, 2010: 25)
5.3 Evaluation
Risk assessments have become an important tool to assess security threats in the EU.
Risk assessments are methodologies that are used to develop more evidence-based policies
and objectify decision-making in the field of mass transportation security. They allow
decision-makers to prioritize information and as such, they can support the assessment of
SMT investments. Although there are a wide variety of risk assessment methodologies
available and many of them are used in practice, the EU is making considerable efforts to
further develop, standardize and implement the risk assessment process in various fields.
Risk assessments are used in border management and the movement of goods, and
for crises and disaster management standardized ISO 31010 - based guidelines have been
developed to allow for a EU wide application. In aviation security, in its restricted doc. 8973,
the ICAO provides guidelines for risk and threat assessments to all its contracting States, and
we turned to the risk assessment process outlined by Tamasi and Demichela (2011), to
understand what the generic methodological principles of such risk assessments might be.
As our review of the EU policy debate showed that there seem to be distinct differences
between the approach of security threats in civil aviation and public transport, we also
reviewed the first generic qualitative risk assessment guidelines that were recently
developed for public transport organizations.
40
5.3.1 the framing of risk assessments
Though a valuable tool, in light of our findings, the use of risk assessments faces a
number of fundamental challenges. First, risk assessments seem to be overly focused on
terrorist threats against mass transport facilities. As such, security policies and SMTs are
often assessed in terms of attacker models. Decision-makers need to identify threats in
terms of the likelihood that an offender will initiate an attack against a target, they need to
assess vulnerabilities, i.e. weaknesses, critical points and the performance of the security
system, and they need to evaluate criticalities, i.e. assets, groups of people at risk,
significance of structures and so forth (Tamasi and Demichela, 2011: 893). Our review of
global and European threats, however, suggests that although some threats might in fact be
initiated against a mass transportation facility, or one of its assets, most of the security
threats are not. Smuggling timber, cash, drugs or stolen goods, trafficking human beings,
irregular migration, they are all issues that occur at an airport or mass transportation site, or
they are issues for which such sites are used, but none of them are explicitly aimed at mass
transportation facilities and its assets. In other words, conducting risk assessments to
understand the risk of security threats to a facility might seem sensible for counter terrorist
purposes, its focus differs significantly from assessments of the risk that a facility will be
used for unlawful acts.
This distinction, or the issue of focus of risk assessments, matters profoundly for the
evaluation of SMTs, even in the field of terrorism. If we assess the risk of terrorism to a mass
transportation site, the usefulness of SMTs will be evaluated differently than when SMTs are
expected to detect and deny access to terrorists that simply use the facility to gain access to
a country or region to commit terrorist acts. The former poses a risk to the facility, whereas
the latter poses a risk to the location the terrorist attempts to gain access to. If we conduct a
risk assessment in which we simply assess threats to a facility, many of the threats we have
reviewed will not be selected or will not be perceived as a priority risk to the facility. The
Dutch nodal orientation perspective, with its focus on monitoring flows and securing access
and exit points, was sensitive to this issue, and highlighted the importance of developing risk
assessments to make unlawful acts within flows transparent or detect irregularities in the
movement of flows. SMTs are then used and evaluated in terms of their potential to detect
security risks, make transparent unlawful acts, from a process-oriented perspective.
41
Before risk assessments can be used, decision-makers thus need to reflect on what
these tools are for, and as the nodal orientation perspective suggested this requires a debate
about the nature of security threats. Do we assess the risk that drugs are transported across
borders, do we intend to assess drug transactions and drug abuse in airports and public
transport sites, or do we want to assess the risk of drugs to the facility and its assets? If the
challenge of multiple focal security issues is to be resolved in terms of multiple risk
assessments, e.g. for border management and facility risk assessment, this poses challenges
to priority-setting and evaluation of SMT investments in mass transportation facilities.
Multiple risk assessments conducted for different purposes and by different actors will
significantly complicate any overall evaluation of SMTs in light of security risks at mass
transportation facilities. The Dutch nodal orientation perspective suggested that this issue
could be resolved in terms of cooperation and coordination schemes, but at the same time
indicated that this often is an underdeveloped feature of mass transportation security.
5.3.2 Multi-layered and multi-stakeholder decision-making
Decision-making about SMTs should be objectified and evidence-based, and when
rigorously used, risk assessments offer to do just that, but their outcome can point to the
need to set priorities and make decisions that can not always be made. Based on a risk
assessment, local airport security management might find that liquids are not a priority risk
at their site. Yet, EU policy-making at this point does not allow a particular airport facility to
lift the ban on liquids. The debate about mandatory standardization and regulation versus a
more prominent focus on local and tailored security policies (supra) suggests that decisions
about the use of SMTs are made at multiple levels, and this raises the issue which decision-
makers need to be informed about what kinds of security threats and at what level risk
assessments need to be conducted and for what purpose.
5.3.3 Qualitative data and the problem of incomplete knowledge
Most challenging, however, seems the risk assessment methodology itself. Risk
assessments, both qualitative or quantitative, are only as good as the information on which
they are based. They are valuable tools if the threats decision-makers have identified are
42
actually the threats that need to be considered. When we reviewed the global and EU threat
assessments, we found that the available data is rather limited, often out-of-date and
frequently conflicting, rendering quantitative estimates, in particular, imprecise (cf TOCTA,
2010: v, supra). If decision-makers intend to develop quantitative risk assessments for
evidence-based decision making about SMTs, in particular in the fields that were identified
in SIAM, they would have to gather data that allows them to assess the likelihood that a
terrorist attack, an organized crime attack, a cyber crime attack, a deliberate act of fraud or
corruption, and a deliberate breach of immigration laws will be initiated against a target in
an airport or mass transportation context and/or that these sites will be used for such
purposes. In light of the methodological limitations of the current EU and global threat
assessments such data is not available. Based on the available knowledge that is provided by
the threat assessments, we cannot calculate probabilities or quantify the likelihood that a
specific attack will be initiated against a specific target. We can thus not use traditional risk
assessments to determine what will most likely happen or what the most likely scenario will
be. Targets cannot be assessed in this manner.
As such, the use of what-if scenarios to assess possible or probable targets (e.g. Cole
and Kuhlman, 2010) does not solve that issue. The selection and consideration of scenarios
that might happen, both in qualitative and quantitative risk assessments, do not allow
decision-makers to set priorities and make evidence-based evaluations of SMT proposals. If
decision-makers were to find that the SMT constellation at a mass transportation site
performs poorly in light of what-if scenarios, they will inevitably find weaknesses that should
be resolved or SMTs that can be optimized. If used excessively, what-if scenarios will
inevitably lead to the finding that much more SMT investments need to be made in light of
the wide range of issues that are currently not considered. It then remains unclear on what
grounds SMT investments would need to be made and how decision-makers might strike the
balance with other SMT related concerns.
One might argue that the limitations we encountered are inherent to open-source
threat assessments, and that much more detailed and up-to-date information can be found
in undisclosed sources that might be available to the security expert community. Still the
security threats we face are adaptive and flexible and their covert nature makes it hard to
assess capabilities, intent and time of occurrence. One might attempt to resolve this in terms
of adaptive risk assessment models or by frequently conducting risk assessments, but such
43
models too are dependent on the availability of timely disseminated and qualitative
intelligence. For instance, the UK Joint Terrorism Analysis Centre (JTAC)19 communicates
terrorist threat levels that are based on available intelligence about very specific developing
threats in addition to assessments of the level and nature of current terrorist activity, events
in other countries and previous attacks, and for the threat level to remain relevant and up-
to-date, assessments of timescale are crucial.
The issue of adaptation, timescale and the ability to act on up-to-date intelligence
again poses challenges for the evaluation of SMT investments. How to invest in SMTs in light
of adaptive and flexible threats of which our knowledge is inevitably incomplete and which
have the potential to unfold within a short time-scale? How to evaluate SMT proposals to
tackle security threats that take much longer to plan and unfold and of which the outcome is
uncertain? The 2006 liquid bomb plot in the UK, for instance, was not prevented based on
quantitative risk assessments of terrorist threats, but on intelligence gathering and timely
intervention through a cooperative effort by British and American authorities. In the wake of
this plot far-reaching restrictions on liquids were put into place, not just for passenger
believed to constitute a security risk, but for passengers altogether. The EU ban on liquids
will not be lifted, the idea that liquids pose a threat remains, but new detection and
screening technology will be implemented to secure access points in airports. The liquid
bomb plot raises the issue that aviation security was obtained through an effective
performance of law enforcement and the intelligence community, not in terms of effective
airport security policies. We already addressed the question whether such incidents should
prompt policymakers to react in terms of mandatory standardization and regulation or
whether they should support situated and tailored security policies in which risk
assessments take a prominent place. However, if we acknowledge that qualitative
intelligence is important to many of the security threats we face, and if we acknowledge that
such intelligence can not be obtained by mass transportation management but should first
and foremost be the outcome of effective law enforcement and intelligence gathering, the
evaluation of SMT investments should also include an assessment of the performance of the
law enforcement and intelligence community and a debate about its role in providing mass
transportation security.
19
https://www.mi5.gov.uk/output/joint-terrorism-analysis-centre.html
44
5.3.4 Evidence-based policy-making and risk assessments
Risk assessments are used to improve evidence-based decision-making and priority-
setting, and although valuable if rigorously applied, we have identified a number of issues
that, if remained unresolved, potentially challenge the ability of such methodologies to
provide meaningful information for decision-makers, the problem of incomplete knowledge
being the most critical one. Can we use risk assessments when the knowledge we have is
incomplete or contestable? The issue of evidence-based policymaking in the face of
incomplete knowledge is important to many policy fields. Stirling (2007: 310) suggests that
the use of risk assessments for evidence-based policy-making requires conditions in which
knowledge of possible hazards, possibilities or outcomes and their respective probabilities is
complete or uncontested (e.g. known epidemics, floods, or engineering failures). When
there is uncertainty, ambiguity, or ignorance about either outcomes or probabilities,
traditional reductive techniques of risk assessment do not apply (Stirling, 2007: 310). In such
conditions, decision-makers should turn to other tools that can support the decision-making
process (see fig. 4).
Uncertainty is a condition which allows us to ‘characterize possible outcomes, but the
available information or analytical models do not present a definitive basis for assigning
probabilities’, e.g. complex, non-linear, open systems, so that ‘attempts to assert a single
aggregated picture of risk are neither rational nor ‘science-based’ (Stirling, 2007: 310).
Ambiguity refers to the opposite: we can assign probabilities but it is difficult to
describe possible outcomes. These conditions emerge when for instance framings of an
issue, questions, assumptions or methods are contested, when experts disagree, or in
matters of behaviour, trust and compliance interest, language, meaning ethics and equity
(Stirling, 2007: 310).
Ignorance refers to fields where hazards, possibilities, outcomes are unknown so that
it is impossible to (fully) assign probabilities and describe outcomes (e.g. when decision-
makers encounter unanticipated effects, unexpected conditions, gaps, surprises, unknowns
or new phenomena (Stirling, 2007: 310).
45
Fig. 4 Methodological responses to incertitude (Stirling, 2007: 312)
Stirling shows that although we might not be able to meet the standards of complete
knowledge needed to conduct traditional quantitative risk assessments, depending on the
knowledge we have, our ability to describe hazards, possibilities, outcomes and their
probabilities, we can turn to other methodologies to support decision-making. These
conditions are ‘neither discrete nor mutually exclusive and typically occur together in varying
degrees in the real world’ (Stirling, 2007: 309), nor is it possible to assign the different
security threats we reviewed to one particular condition. What is important, however, for
the purpose of this task, is that, in light of the various challenges we identified, we further
explore methodologies that do allow decision-makers to use information about relevant
emerging and developing threats for the evaluation of SMTs. Methodologies that proscribe
what SMT investments need to be made to prevent security threats are unavailable. Security
experts might not be able to predict what will happen, calculate probabilities or conduct
traditional probabilistic risk assessments, but decision-makers can be made aware of
relevant threats. To raise awareness about security threats is distinct from merely providing
decision-makers with information. Evaluations of SMTs that are made in light of security
threats, face the problem of framing, multi-layered decision-making, and incomplete or even
conflicting knowledge about security threats, so what is needed in such a landscape is a
methodology that prompts decision-makers not only to consider the available threat
46
information, but to reflect on how that information applies to their mass transportation
setting. Stakeholders and security experts involved in the development of the security
policies in a mass transportation site need to be aware of how relevant and documented
trends identified in existing threat assessments apply to their setting, and this also implies
that they need a methodology that allows them to obtain an informed consensus about
what constitutes ‘security’ or a ‘security threat’ in their setting. We believe that such
methodologies can be found in the field of scenario studies.
6. Scenario thinking
Schwartz and Ogilvy (2004: 2) define scenarios as
‘narratives of alternative environments in which today’s decisions may be played out.
They are not predictions, nor are they strategies. Instead they are more like
hypotheses of different futures specifically designed to highlight the risks and
opportunities involved in specific strategic issues’.
Elsewhere we argued that the use of scenarios remains a much debated issue,
primarily because of the conceptual and methodological diversity, as well as the ambiguity
that exists about the concrete effects scenarios might have on successful strategic planning
(Vander Beken and Verfaillie, 2010: 195). Yet, they have been applied in many fields and
have proven to be valuable in the context of corporate strategy building, catalysing change
and action, stimulating collaborative learning and creating a shared vision and increased
alignment around strategic direction (Scearce and Fulton 2004, Bradfield et al. 2005, see also
Verfaillie and Vander Beken 2008a, 2008b).
Most important, however, as Schwartz and Ogilvy point out, is that although many
scenario methodologies exist, and although they can serve many different purposes, they
are never predictions. They never depict what the future will be like or how events will play
out, nor do they replace information gathering methodologies and crime intelligence
applications that support concrete criminal investigations. Scenarios are most often used to
create a common vision and a shared understanding of a strategic issue. They intend to
surface and question decisionmakers (strategic) assumptions, and to make them aware of
47
issues or perspectives on issues they don’t consider, or don’t consider to be important, and
they intend to show what the consequences might be if these issues are left unattended20.
Scenarios thus invite decisionmakers to be reflexive about the strategic issues at hand, and
throughout the review we have found this to be a crucial issue for the evaluation of SMTs. In
its final report, the 9/11 Commission concluded that improving decision-making in security
policies in terms of foresight is not about finding an expert who can imagine that planes
might be used for terrorist purposes. It is about improving the quality of decision making.
This requires decision makers to make informed decisions, include information from multiple
perspectives, so that tunnel vision and rigidity in decision making can be avoided (e.g. a one-
sided focus on terrorism or decision-making in terms of mere political assumptions).
In mass transportation security scenarios can help decision-makers (i) comprehend
the complex geo strategic environment in which they operate (e.g. transnational flows),
facilitate a larger vision of objectives, and assess existing and alternative SMT strategies; (ii)
understand security threats or unlawful acts, as scenario studies will prompt them to make
use of threat and risk assessments about terrorism, organised crime, cyber crime, white-
collar crime, and irregular migration; (iii) surface and challenge their assumptions, and the
assumptions made by the different stakeholders about security threats and the ways in
which security threats can be mitigated, so that a common vision about security at their site
can be obtained.
It is beyond the purpose of this review to develop a scenario methodology that can
be used in mass transportation sites for the evaluation of SMTs21. We will outline some of
the basic tools that are easy to use so that the principles of scenario studies become clear.
We will do so based on the work of Scearce and Fulton (2004: 39-45).
20
As such, one might argue that the qualitative risk assessment methodology developed in counteract might serve a similar purpose, or has the potential to do so. As participants of this risk assessment exercise are invited to assess, actively discuss and reflect on threats, assets, the probability of occurrence of threats and their impact and severity, the counteract methodology will inevitably surface decisionmakers (strategic) assumptions, and might make them aware of issues or perspectives on issues they don’t consider, or don’t consider to be important, and it will show them what the consequences might be if particular threats are left unattended. 21
Based on this review we did, however, develop guidelines for the scenario building exercises in deliverable 6.3. To that end we suggested that the counteract methodology be used as a common framework for the further construction and selection of scenarios.
48
6.1 Scenario exercises
One of the basic and frequently used scenario exercises is the scenario matrix, which
consists of a number of methodological steps (Schwartz, 1997; Ringland, 2002). The amount
of steps might differ, but the basic process remains identical all together. Scearce and Fulton
(2004: 24-34) describe a 5-step process that requires participants (decision-makers) (i) to
identify a focal issue (what are the scenarios about), a time-frame, and ensure the input
from multiple perspectives; (ii) explore the dynamics that shape the focal issue; (iii)
synthesise and combine the driving forces (‘critical uncertainties’ and ‘predetermined
elements’) that were identified to create scenarios; (iv) situate and imagine the focal issue in
the scenarios; (v) monitor.
Scearce and Fulton (2004: 39-40) suggest that decision-makers might not have the
time or resources to conduct scenario exercises along the lines of this basic process and
therefore they outline alternatives, each of them, however, reflect the basic idea of scenario
thinking, that is to think long term, to introduce outside perspectives, and to challenge
assumptions.
A first alternative is to ‘articulate the official future’. This exercise implies ‘the explicit
articulation of a set of commonly held beliefs about the future external environment that an
organization implicitly expects to unfold’ (Scearce and Fulton, 2004: 41). For mass
transportation security this would require scenario developers to surface assumptions about
how, for instance, organized crime threats are unfolding in the EU. When the assumptions
have been surfaced, the official future is tested against the actual environment (e.g.
information about organized crime trends that can be found in the global or EU organized
crime threat assessments) and the mass transportation security strategy. What is thus
considered in this exercise is whether the official future, the assumptions of security
management, are aligned with how shifts in the environment are actually unfolding, and
whether the official future is aligned with the organization’s strategy and actions (Scearce
and Fulton, 2004: 42).
A second alternative, and very similar to the official future exercise is to test existing
strategies by focussing on stable trends in the environment (Scearce and Fulton, 2004: 41).
In other words, the question here is whether decision-makers have strategies in place in
49
which stable trends are being considered (e.g. do mass transport security policies take the
trends into account that are identified in the available threat and risk assessments?).
A third alternative is to discuss scenario implications (Scearce and Fulton, 2004: 43).
In these kinds of exercises, participants draw on scenarios that already exist, and they use
them to explore the implications for their organization and its strategies. As such, decision
makers can be made aware of strategic issues at hand without having to draft scenario’s
themselves.
7. Conclusion
In this paper, we have presented a literature review of current scientific research and
the analysis of security threats. We first provided an in-depth review of authoritative
transnational and European threat assessments to assess what is currently known about
organized crime, cybercrime, white-collar crime, illegal migration, and terrorism, and we
evaluated the strengths and weaknesses of these reports. We then further explored these
findings, and the conceptual and methodological challenges they raised, and focused on
current scientific research about policing mass transportation sites to better understand
how decision-makers and security experts intend to provide security and assess threats in
such sites. We found that decision-makers try to come to grips with the management of
security in an age of networks and flows. The policing of networks and flows requires
information and the creation of intelligence so that security experts can develop proactive
strategies to tackle security threats. With our review of nodal policing, and the Dutch nodal
orientation perspective in particular, we found that policing mass transportation sites is
perceived in terms of monitoring flows, securing access and exit point, developing
cooperation and coordination schemes among a variety of security stakeholders, and
organizing information gathering and information management to allow for proactive
security strategies.
The literature review of trends in policing prompted us to explore what
methodologies exist for the assessment of threats in airports and mass transportation sites,
and to that end we reviewed the EU policy debate about transport security. This debate
shows that there are distinct ways to be proactive, to define and gather information about
security threats and organize transport security in the EU. There are European threat
50
assessments, there is mandatory standardisation or regulation of mass transportation
security and there are risk assessments, and each of these perspectives and methodologies
has different implications for the use and evaluation of SMTs in mass transportation sites.
In light of the growing importance of risk assessment methodologies to assess
security risks in the EU, we decided to elaborate on this issue to understand what risk
assessments are, what information they require to assess risks, and what the implications
are as to how security experts assess security threats, possible targets and consequences. As
there currently is no common (disclosed) and formalized EU risk assessment approach for
transport security in place, we chose not to provide an in detail review of the wide-range of
risk assessment techniques and typologies that exist in theory, but focused on a recent
quantitative and a qualitative risk assessment application in mass transportation settings to
understand the basic principles of such tools and how they are applied in such contexts.
This review showed that the use of risk assessments for mass transport security
purposes faces a number of fundamental challenges, i.e. the problem of framing, multi-
layered decision-making, and incomplete or even conflicting knowledge about security
threats. With Stirling, we argued that these challenges should not prompt decision-makers
to abandon informed decision-making, as there are many alternative tools available that can
support decision-making. We concluded that the assessment of security threats to inform
SMT evaluations can benefit from scenario studies, not so much to help decision-makers
prepare for what might happen or to make them more resilient to surprise, but to improve
the quality of decision-making. This review suggests that to increase the reflexivity of SMT
assessments (DOW, 11) is to surface and challenge decision-makers assumptions about
security threats and the use of SMTs to tackle those threats, to encourage informed long-
term thinking about security threats and to support the creation of a common vision and a
shared understanding of ‘security’, and to introduce a sound knowledgebase, outside
perspectives, threat assessments and intelligence, to that end. In this way, scenario studies
can contribute to a process-oriented and reflexive evaluation of SMTs.
51
Bibliography
ACIE/AEA (2011) Joint Briefing. Aviation Security: 10 Years on from 9/11. Available from:
http://files.aea.be/news/joint_ACI_AEA.pdf [Accessed 25 February 2012]
Anderson, B. (2010) ‘Preemption, precaution, preparedness: Anticipatory action and future
geographies’, Progress in Human Geography, 34 (6): 777-798.
Bailey, D. and Shearing, C. (1996) ‘The Future of Policing’, Law and Society Review, 30 (3):
585-606.
Barr, L. and Luyten, D. (2010) ‘Conducting Risk Assessments in PT Networks – Guidelines for
Operators’, Public Transport International, 60 (1): 22-27.
Bekkers, V.J.J.M., Van Sluis, A. and Siep, P.A. (2006) De nodale oriëntatie van de Nederlandse
politie: over criminaliteitsbestrijding in de netwerksamenleving. Bouwstenen voor een
beleidstheorie. Rotterdam: Center for Public Innovation.
Boyle, P. and Haggerty, K. (2009) ‘Spectacular Security: Mega-Events and the Security
Complex’, International Political Sociology, 3, 257-274.
Bradfield, R., et al. (2005) ‘The origins and evolution of scenario techniques in long range
business planning’, Futures, 37 (8), 795-812.
Brodeur, J.-P. (2010) The Policing Web. Oxford: Oxford University Press
Chermack, T.J. (2007) ‘Disciplined imagination: building scenarios and building theories’,
Futures, 39 (1), 1-15.
Cope, N. (2004) ‘Intelligence led policing or policing led intelligence? Integrating volume
crime analysis into policing’, British Journal of Criminology, 44 (2), 188-203.
52
Cole, M. and Kuhlman, A. (2010) ‘Preparing Today’s Airport Security for Future Threats – A
Comprehensive Scenario-Based Approach’, Security in Futures – Security in Change,
1-10.
Commission Regulation (EC) No 272/2009 of 2 April 2009 supplementing the common basic
standards on civil aviation security laid down in the Annex to Regulation (EC) No
300/2008 of the European Parliament and of the Council. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 1254/2009 of 18 December 2009 setting criteria to allow
Member States to derogate from the common basic standards on civil aviation
security and to adopt alternative security measures. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 18/2010 of 8 January 2010 amending Regulation (EC) No
300/2008 of the European Parliament and of the Council as far as specifications for
national quality control programmes in the field of civil aviation security are
concerned. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 72/2010 of 26 January 2010 laying down procedures for
conducting Commission inspections in the field of aviation security. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25 February
2012]
Commission Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures
for the implementation of the common basic standards on aviation security.
Available from: http://ec.europa.eu/transport/air/security/legislation_en.htm
[Accessed 25 February 2012]
53
Commission Implementing Regulation (EU) No 1087/2011 of 27 October 2011 amending
Regulation (EU) No 185/2010 laying down detailed measures for the implementation
of the common basic standards on aviation security in respect of explosive detection
systems. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25
February 2012]
Commission Implementing Regulation (EU) No 1147/2011 of 11 November 2011 amending
Regulation (EU) No 185/2010 implementing the common basic standards on civil
aviation security as regards the use of security scanners at EU airports. Available
from: http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 25
February 2012]
Commission Implementing Regulation (EU) No 173/2012 of 29 February 2012 amending
Regulation (EU) No 185/2010 as regards clarification and simplification of certain
specific aviation security measures. Available from:
http://ec.europa.eu/transport/air/security/legislation_en.htm [Accessed 5 March
2012]
Crawford, A., (2007) ’Networked Governance and the Post-Regulatory State?: Steering,
Rowing and Anchoring the Provision of Policing and Security’, Theoretical
Criminology, 10(4), 449-79.
Ericson, R. and Haggerty, K. (1997) Policing the Risk Society. Oxford: Clarendon Press.
European Commission (2010) Working Staff Paper about Risk Assessment and Mapping
Guidelines for Disaster Management, SEC(2010)1626. Available from:
http://ec.europa.eu/echo/files/about/COMM_PDF_SEC_2010_1626_F_staff_working
_document_en.pdf [Accessed 25 February 2012]
54
European Commission (2010) The EU Internal Security Strategy in Action: five steps towards
a more secure Europe, COM(2010)673. Available from:
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/internal_security_
strategy_in_action_en.pdf [Accessed 25 February 2012]
European Commission (2011) First Annual Report on the implementation of the EU Internal
Security Strategy, COM(2011)790. Available from: http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2011:0790:FIN:EN:PDF [Accessed
25 February 2012]
European Commission (2011) Roadmap to a Single European Transport Area – Towards a
competitive and resource efficient transport system, COM(2011)144. Available from:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2011:0144:FIN:EN:pdf
[Accessed 25 February 2012]
Europol (2011). OCTA. EU organised crime threat assessment 2011. Available from:
http://www.europol.europa.eu/ [Accessed 25 January 2012].
Europol (2011) iOCTA. Internet facilitated organised crime threat assessment 2011. Available
from: http://www.europol.europa.eu/ [Accessed 25 January 2012]
Europol (2011) TE-SAT 2011: EU Terrorism Situation and Trend Report. Available from:
http://www.europol.europa.eu/ [Accessed 25 January 2012]
FATF/OECD (2010). Global Money Laundering and Terrorist Financing Threat Assessment.
Available from: http://www.fatf-gafi.org/dataoecd/48/10/45724350.pdf [Accessed
25 January 2012]
FATF/OECD (2012) The FATF Recommendations. International Standards on combating
Money Laundering and the financing of terrorism and proliferation. Available from:
http://www.fatf-gafi.org/dataoecd/49/29/49684543.pdf [Accessed 25 January 2012]
55
Garland, D. (2001) The Culture of Control. Crime and social order in contemporary society.
Oxford: Oxford University Press.
Heaton, R., (2000) ‘The prospects for intelligence-led policing: some historical and
quantitative considerations’, Policing and Society, 9 (4), 337-356.
Hoogenboom, B. (2009) ‘Dingen veranderen en blijven gelijk’, Justitiële Verkenningen, 39 (1),
63-77.
ICAO (2006) Annex 17 to the Convention on International Civil Aviation. Security:
Safeguarding International Civil Aviation against acts of unlawful interference,
http://www.captainpilot.com/files/SECURITY/an17_cons%5B1%5D.pdf. [Accessed 25
January 2012]
ICAO (2011) European States Agree on Comprehensive Aviation Security Strategy. Available
from: http://www.icao.int/Newsroom/Pages/European-States-Agree-on-
Comprehensive-Aviation-Security-Strategy.aspx [Accessed 25 January 2012]
ICAO (2012) Doc 8973 — Restricted — Aviation Security Manual. Available from:
http://www2.icao.int/EN/AVSEC/SFP/Pages/SecurityManual.aspx [Accessed 25
January 2012]
Jones, T. and Newburn, T (2002) ‘The Transformation of Policing? Understanding current
trends in policing systems’, British Journal of Criminology, 42, (1): 129 – 146.
Loader, I. (2000) Plural policing and democratic governance, Social Legal Studies, 9: 324
Loader, I. and Sparks, R. (2002) ‘Contemporary landscapes of crime, order and control.
Governance, risk, and globalization’. In M. Maguire, R. Morgan & R. Reiner (Eds.) The
Oxford Handbook of Criminology - (3rd ed.). Oxford: Clarendon Press: 81-111
56
Maguire, M. (2000) ‘Policing by risks and targets: some dimensions and implications of
intelligence-led crime control’, Policing and Society, 9 (4), 315-336.
Maguire, M. and John, T., (2006) ‘Intelligence led policing, managerialism and community
engagement: competing priorities and the role of the National Intelligence Model in
the UK’, Policing and Society, 16 (1), 67-85.
Marks, P.K., Van Sluis, A. and Bekkers, V.J.J.M. (2012) ‘Surveillance in nodal security. In E. van
den Herrewegen, G. van de Walle and N. Zuravski (Eds.), COSS-LISS boek. Den Haag:
Boom.
McAffee Labs (2011). 2012 Threats Predictions. Available from:
http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
[Accessed 25 January 2012]
National Commission on Terrorist Attacks upon the United States (2004) The 9-11
Commission. Final Report of the National Commission on Terrorist Attacks Upon the
United States. Executive Summary. US Printing Office, Washington, DC. Available
from: www.gpoaccess.gov/911/pdf/execsummary.pdf
National Counter Terrorism Center (2011). 2010 Report on Terrorism. Available from:
http://www.nctc.gov/witsbanner/docs/2010_report_on_terrorism.pdf [Accessed 25
January 2012]
Poole Jr, R. W. (2009) ‘The case for risk-based aviation security policy’, World Customs
Journal, 3(2): 3-16.
Ratcliffe, J.H., 2008. Intelligence-led policing. Cullompton: Willan.
Ratcliffe, J.H. and Guidetti, R., (2008) ‘State police investigative structure and the adoption of
intelligence-led policing’, Policing: An International Journal of Police Strategies and
Management, 31 (1), 109-128.
57
Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March
2008 on common rules in the field of civil aviation security and repealing Regulation
(EC) No 2320/2002. Available from:
http://ec.europa.eu/transport/air/security/legislation _en.htm [Accessed 25 February
2012]
Scearce, D. and Fulton, K., (2004). What if? The art of scenario thinking for nonprofits Global
Business Network. Available from:
http://www.gbn.com/ArticleDisplayServlet.srv?aid_32655 [Accessed 25 February
2012]
Shearing, C.D, (2005). ‘Nodal security’, Police Quarterly, 8, (1), 57-63.
Schwartz, P. and Ogilvy, J., (2004) Plotting your scenarios. An introduction to the art and
process of scenario planning. Global Business Network. Available from:
http://www.gbn.com/consulting/article_details.php?id_24 [Accessed 25 February
2012]
Stirling, A. (2007) ‘Risk, precaution and science: towards a more constructive policy debate’,
European Molecular Biology Organization Reports, 8 (4), 309-315.
Symantec Corp. (2011). Global Internet Security Threat Report, Vol. XVI. Available from:
http://www.symantec.com/threatreport/ [Accessed 5 January 2012]
Tamasi, G. and Demichela, M. (2011) ‘Risk assessment techniques for civil aviation security’,
Reliability engineering and system safety, 96, 892-899
Tombs, S. and White D. (2001) ‘White collar crime’, In: E. McLaughlin and J. Muncie The Sage
Dictionary of Criminology. London: Sage Publications, 319-320.
58
UNOCD (2011) The role of organized crime in the smuggling of migrants from West Africa to
the European Union. Available from: http://www.unodc.org/documents/human-
trafficking/Migrant-Smuggling/Report_SOM_West_Africa_EU.pdf [Accessed 25
January 2012]
UNODC (2010) Transnational organized crime threat assessment – TOCTA. Available from:
http://www.unodc.org/documents/data-and-analysis/tocta/ [Accessed 5 January
2012]
Vander Beken, T. (2004) ‘Risky business a risk-based methodology to measure organized
crime’, Crime, Law and Social Change, 41 (5), 471-516.
Van Duyne, P.C. and Vander Beken, T. (2009) ‘The incantations of the EU organised crime
policy making’, Crime, Law and Social Change, 51 (2), 261-281.
Van Sluis, A and Bekkers, V. (2009) ‘De ontknoping van de nodale oriëntatie. Op zoek naar
randvoorwaarden en kritische factoren’, Justitiële Verkenningen, 39 (1), 78-92
Van Sluis, A., Marks, P.K. and Bekkers, V.J.J.M. (2011) ‘Nodal policing in the Netherlands
Strategic and normative considerations on an evolving practice’. Policing: A Journal of
Police and Practice, 5 (4): 365-371.
Verfaillie, K. and Vander Beken, T. (2008a). ‘Interesting times: European criminal markets in
2015’, Futures, 40 (5), 438-450.
Verfaillie, K. and Vander Beken, T. (2008b) ‘Proactive policing and the assessment of
organized crime’, Policing: An International Journal of Police Strategies &
Management, 31 (4), 534-552.
Verfaillie, K., Vander Beken, T. and Defruytier, M. (2006) ‘Thinking about future and long-
term assessments. A methodological study’, In: T. Vander Beken, ed. European
organised crime scenarios for 2015. Antwerp-Apeldoorn: Maklu Publishers.
59
Wood, J. (2006) ‘Research and innovation in the field of security: a nodal governance view’
pp. 217-240 in J. Wood & B. Dupont, Democracy, Society and the Governance of
Security, Cambridge: Cambridge University Press.
Wood, J., and Shearing, C.D. (2007) Imagining security. Cullompton, Willan Publishing.
Zedner, L. (2007) Pre-Crime and Post-Criminology?, Theoretical Criminology, 11 (2): 261-281.