FOCUS Conclusions for future security research
FOCUS is co-funded by the European Commission under the 7th Framework Programme, theme "security", call FP7-SEC-2010-1, work programme topic 6.3-2 "Fore sighting the contribution of security research to meet the future EU roles". The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 261633. This wiki reflects only the authors' views and the Union is not liable for any use that may be made of the information contained therein.
The Specific Programme Implementation of Horizon 2020, the successor of the EUs Seventh Framework Programme (FP7), sees future Security Research mainly in the “Inclusive, Innovative and Reflective Societies" and in the "Secure Societies" parts. The objective is to meet complex, interacting challenges in an innovative way and to link research to EU policy objectives. With its emphasis on foresight (not prediction) and the transversal, ethical and broader societal implications of its scenarios, the FOCUS project points to the emerging Horizon 2020 programme by supporting Security Research planning activities. However, the time frame of the FOCUS project is 2035, thus reaching beyond Horizon 2020. Therefore, FOCUS is not dedicated towards Horizon 2020 itself but to longer-term planning for Security Research that supports the anticipated future roles of the EU as a comprehensive security provider.
These conclusions are informed by the FOCUS project's idea of making a contribution to trans-disciplinary Security Research based on a sustainable output of Security Research projects in the last cycles of FP7, in Horizon 2020 and beyond. The conclusions should be seen in the context of the FOCUS roadmap proposal for the planning of "Security Research 2035.".
This is a dynamic document that will further elaborate and incorporate additional results from FOCUS foresight. A static document representing the conclusions on which was based the FOCUS roadmap proposal -- completed at the end of the project – can be found in Deliverable 8.3.
Scenario foresight results indicate that we may see sectoral confinements of the comprehensive approach by 2035, depending on the evolution of challenges. It may be that the concept of comprehensiveness guiding the “EU 2035” as a security actor will be centred on sectors such as for example critical infrastructure protection or public health, with multidisciplinary Security Research reduced to such sectors. A major conclusion therefore is that future European Security Research in the 2035 time-frame should by planned to contribute to the creation of a suitable concept of comprehensive security, thus leading to the security of individual Member States and the Union as a whole. Future Security Research should propose ways to manage specific factors, vulnerabilities, risks, and possibilities to common aims, which will contribute to the security and development of the EU as a Union.
FOCUS has shown that the planning of “Security Research 2035” will be driven by a variety of factors that apply across different themes and scenarios identified in the project. Top-10 drivers include the following:
1. Comprehensive (societal, economic, and institutional) resilience to crises and disasters;
2. Science and technology innovation;
3. Practical strength of the “European Security Model,” as advocated in the EU Internal Security Strategy (2010): addressing the causes of insecurity and not just the effects; prioritizing prevention and anticipation, and involving all sectors with a role to play in public protection;
4. Asymmetry of capabilities of Member States, the EU, and adversaries – including regionalization vs. globalization of security;
5. Convergence or divergence of security cultures;
6. Extent of information and intelligence sharing, and early warning capabilities – including policies for information exchange;
7. Decision-making tools based on joined-up situation analyses, including their use to secure public acceptance and support;
8. Changing national security capacities and levels of asymmetry (relative difference between the capacity of nations to influence security affairs);
9. Whole of community approach based on technological facilitation and empowerment;
10. Extent of dependency on technology, as well as of critical (inter)dependencies between technologies.
Giving those multiple forces that are expected to shape the path towards “Security Research 2035,” the thrust of the EU as a comprehensive security provider to its citizens will depend on the degree consistency and coherence of Security Research at national and European levels.
Consistent Security Research accumulates knowledge across disciplines, sectors, and cases, in order to identify the most important gaps and needs for the future implementation of security strategies.
Coherent Security Research is a cooperative intellectual effort at national and European levels to contribute to the definition and implementation of a common European security agenda, across different themes, funding lines, epistemic communities, and stakeholders.
Future Security Research should contribute to establish institutionalized relations between those actors involved in realizing societal security; and it should make a specific contribution to the knowledge pool of the implementing organization(s) and to the building of sustainable excellence of research and expertise, operational and effective beyond project lifetime.
External challenges to the security of the EU in the coming decades will be fraught with uncertainty, involving state and non-state actors that combine conventional and asymmetric methods. These challenges will encompass physical space, cyberspace and natural resources. High-intensity cyber threats attack against European critical infrastructures could easily generate a cascading effect on other infrastructures, with devastating consequences for society. While problems with the proliferation of weapons of mass destruction will persist, they may be superseded by threats from intelligent, unmanned devices designed for warfare and industrial espionage. These trends will increase conflict between global security and personal security, and the definition of the limits between privacy and public information.
In the light of these multiple challenges, Security Research should essentially include research into societal security. Among other goals, the results should provide advice to authorities for making the appropriate trade-offs between security and other valued societal objectives, while bearing in mind the deepening and widening of European integration as well as possible future Europeanization of security-relevant policies. Relations between EU security strategies and its long-term visions, such as the Digital Agenda, will also have to be addressed.
Future Security Research should help identify and address – and not just note and implement – security-related challenges and requirements in both technological and non-technological aspects. In this vein, the planning of future Security Research, as supported by the FOCUS project, should consider which factors will drive evolution of the concept of security in the 2035 time frame. FOCUS foresight yielded the following ranked top 10 drivers for determining what security might mean a future "EU 2035", with the factors of resources and resilience being the two most important groups of drivers:
- Crises resulting from scarcity of resources (e.g. energy-caused stress and, most importantly, increasing scarcity of conventional oil; dependencies on supply chains);
- Societal resilience and preparedness: certain risks cannot be catered to or avoided, and societies must prepare for shocks and have the ability to recover;
- Changing borderlines between internal and external security, including the extent of relations with the world’s leading countries;
- Technological change, including new technologies that drive or change security needs;
- Mass migration flows, e.g. due to economic disparity, global conflicts, natural disasters, and climate change;
- International conflicts that involve cyber-techniques and/or competition for energy and other scarce resources;
- Diffusion of power within and among nation-states, marked by the rise of densely populated and economically powerful China and India, as well as the increased importance of energy-rich states and regions;
- Dependency on information and communication technology, and technology in general (with a focus on a cascading breakdown of connected systems);
- Demographic shifts with pressure on resources;
- Increased reliance on critical infrastructures which are vulnerable, have little spare capacity, operate at the edges of performance and loads and are critically dependent on other infrastructures.
The expansion of the EU’s direct involvement in security affairs in recent years suggests that in future it will act across the full range of the Petersberg tasks. The 2008 implementation review of the European Security Strategy (2003) stressed that the Union could deploy an unmatched repertory of instruments and activities to foster human security and deal with the underlying causes of insecurity and conflict. Based on this, the instruments in support of the EU’s global roles may include stronger justice and law enforcement capabilities; improved EU intelligence and early warning capabilities; financial instruments for influencing economic developments on a global scale; good governance and institution building in security sectors; or civil society-related and cultural instruments, including media, social networks, etc. Future Security Research should contribute to and build on those instruments.
By 2035, the EU will likely see an increase in the vulnerability of its citizens and infrastructure to higher risks. Unanticipated and systematically new disasters could result from technological advances – and not only from natural causes. Nevertheless, natural hazards with serious consequences on a regional level will massively shape the EU’s future roles as a comprehensive security provider. Such hazards could cause humanitarian crises of a scale that demands a wide spectrum of responses, particularly if they affect infrastructures and the social environment.
While technological advances will limit the consequences of most inadvertent events (natural disasters, accidents, etc.), new technological threats may appear where new technologies offer new means for creating harm or increase vulnerability. Similarly, the implementation of immature technologies could have unintentional or unforeseen consequences. Research using methodologies of scenario planning and impact assessment should ensure early identification of these potential disasters/consequences, along with methods for good governance of collaborative efforts in their management.
Emergency situations of wide-area impact can also be expected to produce a high number of secondary victims who suffer from psychological harm. Generally, disasters cause fear, mistrust, and strong disappointment. The state has the authority and responsibility to protect its citizens, but this may involve creating or "constructing" new threats and new enemies in public discourse (sometimes critically called “securitization”). On the other hand, citizens themselves can act as a cushion factor in emergency situations if they have the proper information and education, and if they work coordinately.
Critical infrastructure protection is the EU’s ability to prepare for, protect against, mitigate, respond to and recover from disruption or destruction of essential networks. It encompasses the whole crisis management cycle, including the protection of human lives. The EU and its 27 Member States have promulgated integrated policies to enhance the protection of European Critical Infrastructure (ECI) and reduce its vulnerability to threats. They also established a European Programme for Critical Infrastructure Protection (EPCIP) that embraces an all-hazard approach. Effective protection will need binding international and global rules since major infrastructures operate internationally or globally (a trend that will inevitably increase in the future), meaning threats can originate from any place in the world.
The challenges mentioned so far will strongly influence the evolution of the concept of security, as well as the capability-related and operational ingredients of the EU’s comprehensive approach.
The comprehensive approach of the future will continue to aim at overarching solutions with broad effects and based on complementarity of actors, while considering all available options and capabilities, including the normative end-state of the security of society as a whole. The comprehensive approach of the future will emphasize the joining up of EU and Member State capabilities and policies towards EU-level homeland security, including EU-level civil protection. Covering the internal-external security continuum, the future comprehensive approach will focus on a holistic nature of societal goals in order to increase the security of the EU and its citizenry.
Future Security Research should increasingly consider the societal impact of comprehensiveness. This will mean bringing together and applying various disciplines. Future Security Research should aim to mainstream terminology in order to improve linguistic interoperability between different communities of practice and of knowledge, provide a better connection of the disciplines involved, establish networked expertise to provide rapid decision support for end users, and contribute to continuous evaluation of strategies of national and European civil security strategies from both a scientific and a societal security point of view. This includes aspects such as increasing societal resilience and the creation of a “whole-of-community” system for mitigation, preparedness, response and recovery. As such, Security Research should act as a socialization vector that builds resilience clusters comprised of technology/capability, first responders and ordinary citizens wherever possible.
As an all-of-society enterprise, future Security Research must reach beyond traditional end-user satisfaction to a wider perspective: It should anticipate and meet societal requirements and stimulate future demand, thus helping set its own benchmarks instead of just meeting pre-set end-user benchmarks.
The evolution of the EU’s internal structure will be driven by external challenges and internal pressure to forge collective policies in order to maintain the EU’s institutional coherence and deliver effective, consistent responses to major external challenges. Some of the EU’s vulnerabilities stem from the fact that European strategies sometimes do not sufficiently plan for the resources needed to implement them and do not fully support the organizational effort needed to create awareness and increase resilience. Interaction between cyber and physical systems on resilience issues should also be addressed. Future Security Research should involve a track dedicated to quick response mechanisms for managing social stress resulting from interruption of supplies.
The future concept of security as well as of Security Research will be informed by the European Security Model as outlined in the EU Internal Security Strategy (2010). This includes how to address the causes of insecurity and not just their effects, with priority going to prevention across sectors (political, economic, social, etc.). Future Security Research should particularly address new social media technologies and contribute to better ways of connecting to the public and civil society audiences, while enabling policymakers to communicate to the latter on civil emergency. Future Security Research should also address how information affects the perception of citizens’ about EU homeland security, and how this, in turn, influences how citizens exercise their individual responsibilities.
As its next step, the European Security Model should include the concept of education or preparation of citizens. It should not only provide information, but define how this can be used by citizens to influence security.
Future EU Security Research should broadly reflect the evolving common European security agenda in order to address emerging gaps and needs for further implementation of security strategies. To this end, future Security Research should include an emphasis on the advancement and integration of approaches to foresight, with special consideration of disruptors from normative (desired) end-states. This should examine what the rest of the world (and not just Europe) will look like in this vision of the future.
Based on this broad scope, future Security Research should develop multi-disciplinary scenarios of maximum credible natural events. These scenarios could help identify the maximum possible damage from a combination of primary (destruction by shockwave), secondary (e.g. fires) or tertiary (e.g. supply chain damage, loss of production) effects for a given region, nation, or the EU as a whole.
Future Security Research should also focus on implementation strategies in addition to security models at policy level, by taking into account indicators for measuring the effectiveness of the comprehensive approach. Security Research should contribute to the development and implementation of norms and standards for civil protection that support the EU as a collective civil protection actor and a related concept of security. Security Research should moreover provide scenarios that help establish informed and defensible capability targets.
For an effective European homeland security system to emerge, future Security Research should address organizational issues such as integration of national and international agencies.
Future Security Research should thus meet the challenge of developing a new concept of (civil) security from research, rather than deriving the latter from events, technologies or existing policies.
Taking the field of critical infrastructure protection as an example, well-focused EU-level research should first provide a detailed assessment of the interdependencies in the European Critical Infrastructure (ECI) system, with special attention going to dependencies on critical infrastructure in third countries. Second, it should compile a comprehensive catalogue of critical supplies for the European economy, along with factors that could disrupt supply. Third, future Security Research should conduct analyses of how the Lisbon Treaty’s new mandate, together with enhanced civilian and dual-use capabilities, could change the Union’s security role. This would reflect the increasing political interest in protecting energy sourcing, raw materials, and food supply from third countries. In addition, the definition of European critical supplies would require more detailed research.
Future Security Research should emphasize and help promote the principle of societal/citizen ownership (which views citizens as the final/ultimate end-users). This will be of increasing importance for the ethical and factual acceptability by the public of its results.
Future Security Research should clearly address the risks of creating an uneven distribution of security across society, for example by technologies that only add to the security of the wealthy or security solutions that may even harm certain parts of society. Security Research should focus more strongly on public perceptions and on citizen security cultures, including new social media research to gain indicators for those concepts.
Future Security Research tracks should also include critical thinking (as opposed to a predominant end-user requirements approach) on past and existing concepts and how they may develop in the future. Security Research should be aware of the fact that research may be skewed away from the priority needs of the EU in that technology development is driven, via developer input, by perceived market demands. Also, mechanisms such as public consultation should be explored to increase transparency about the aims of Security Research and the potential use of technologies developed under its aegis.
Creating a common security culture that addresses the causes of insecurity and not just its effects and which focuses on prevention across all sectors (political, economic, social, and ethics) is a major challenge to informed policymaking. Future Security Research should take into account that to shape citizen security cultures means addressing fears of technology, fears of privacy confinements, fears of technological overuse, and other concerns linked to traditional Security Research.
At the same time, Security Research should be more consequent in seeing citizens as the end-users of security. Future Security Research planning will have to acknowledge the need to demonstrate some immediate benefits for all citizens. In addition, future Security Research should explore new scenarios for preparedness (including preparedness as a change of organizational thinking or attitudes and how to measure preparedness against its goal to foster secure societies.
With an emphasis on the societal dimension of security, FOCUS proposes the following guidelines for future Security Research: