A comparative analysis of security risk management in Norwegian oil and gas and renewable energy companies.

With the recognised urgent need to combat climate change globally, the renewables industry has witnessed significant growth to meet ambitious net zero targets. This thesis aims to emphasize the importance of improving security risk governance to adapt to the evolving energy sector. The increasing adoption of renewable solutions and the expansion of renewable production presents a landscape characterized by uncertain and complex market dynamics. Additionally, these developments contribute to a more adverse threat environment driven by innovation in research and development (R&D), technology, and digitalization. Considering these advancements, criminal actors now have greater opportunity, motive, and increased capabilities, regardless of whether the company is focused on oil and gas, or renewable production. While damages to a renewables asset result in lower costs and less detrimental environmental impacts when compared to an offshore oil and gas asset, they can still have adverse implications on company values. Impacts to critical renewable assets have the potential to increase reliance on traditional fossil fuels, negatively impact local communities, and detrimentally impact company margins. Furthermore, due to market volatility and energy politics, nations aim to safeguard energy supply and reduce dependence on external sources. This is particularly relevant when considering the sanctions imposed on Russian oil and gas following the 2022 invasion of Ukraine. As a result, energy independence and energy security have become increasingly more critical. This thesis has identified with certainty that there is a significant lack of maturity within security risk governance in renewables companies. Therefore, by comparing how both the oil and gas, and renewables sector acknowledge security and therein approach security risk management, a platform is created to offer fit-for-purpose recommendations to the renewables sector. Furthermore, this thesis acknowledges the lower margin nature of renewable production and ultimately emphasises fostering a sustainable and dynamic security culture that allows industry to strategically expand into higher security threat environments. Key words: Renewable production, Security risk, Risk Governance, Security Risk Assessments, risk tolerabilit

Engage D5.6 Thematic challenge briefing notes (1st and 2nd releases)

Engage identified four thematic challenges to address research topics not contemporaneously (sufficiently) addressed by SESAR. This deliverable serves primarily as a record of the two sets of released thematic challenge briefing notes

Risk Management Framework 2.0

The quantification of risk has received a great deal of attention in recently published literature, and there is an opportunity for the DoD to take advantage of what information is currently available to fundamentally improve on current risk assessment and management processes. The critical elements absent in the current process are the objective assessment of likelihood as part of the whole risk scenario and a visual representation or acknowledgement of uncertainty. A proposed framework would incorporate selected elements of multiple theories and axiomatic approaches in order to: (1) simultaneously examine multiple objectives of the organization, (2) limit bias and subjectivity during the assessment process by converting subjective risk contributors into quantitative values using tools that measure the attack surface and adversarial effort, (3) present likelihood and impact as real-time objective variables that reflect the state of the organization and are grounded on sound mathematical and scientific principles, (4) aggregate and function organization-wide (strategic, operational, and tactical) with maximum transparency, (5) achieve greater representation of the real scenario and strive to model future scenarios, (6) adapt to the preferred granularity, dimensions, and discovery of the decision maker, and (7) improve the decision maker’s ability to select the most optimal alternative by reducing the decision to rational logic. The proposed solution is what I term Risk Management Framework 2.0 , and the expected results of this modernized framework are reduced complexity, improved optimization, and more effective management of risk within the organization. This study introduces a Decision Support System (DSS) concept to aid implementation, maximize transparency and cross-level communication, and keep members operating within the bounds of the proposed framework

Scenarios for the development of smart grids in the UK: literature review

Smart grids are expected to play a central role in any transition to a low-carbon energy future, and much research is currently underway on practically every area of smart grids. However, it is evident that even basic aspects such as theoretical and operational definitions, are yet to be agreed upon and be clearly defined. Some aspects (efficient management of supply, including intermittent supply, two-way communication between the producer and user of electricity, use of IT technology to respond to and manage demand, and ensuring safe and secure electricity distribution) are more commonly accepted than others (such as smart meters) in defining what comprises a smart grid. It is clear that smart grid developments enjoy political and financial support both at UK and EU levels, and from the majority of related industries. The reasons for this vary and include the hope that smart grids will facilitate the achievement of carbon reduction targets, create new employment opportunities, and reduce costs relevant to energy generation (fewer power stations) and distribution (fewer losses and better stability). However, smart grid development depends on additional factors, beyond the energy industry. These relate to issues of public acceptability of relevant technologies and associated risks (e.g. data safety, privacy, cyber security), pricing, competition, and regulation; implying the involvement of a wide range of players such as the industry, regulators and consumers. The above constitute a complex set of variables and actors, and interactions between them. In order to best explore ways of possible deployment of smart grids, the use of scenarios is most adequate, as they can incorporate several parameters and variables into a coherent storyline. Scenarios have been previously used in the context of smart grids, but have traditionally focused on factors such as economic growth or policy evolution. Important additional socio-technical aspects of smart grids emerge from the literature review in this report and therefore need to be incorporated in our scenarios. These can be grouped into four (interlinked) main categories: supply side aspects, demand side aspects, policy and regulation, and technical aspects.

Maintaining Information Dominance in Complex Environments

There are many risks to the U.S. Army’s command and control (C2) operations and to its intelligence and information warfare (IW) capabilities. The challenges include: significant uncertainty; sudden unexpected events; high noise and clutter levels in intelligence pictures; basic and complex deceptions exercised through a variety of channels; the actions of hidden malign actors; and novel forms of attack on U.S. and allied command, control, communications, computers, information/intelligence, surveillance, targeting acquisition, and reconnaissance (C4ISTAR) systems. If the U.S. Army is to secure and maintain information dominance in all environments, it must exploit complexity and uncertainty in the battlespace and not simply seek to overcome it. Innovation requires that new ideas are considered, and that old ideas should be robustly challenged. To achieve and maintain information dominance, the U.S. Army will also require a significant injection of innovation, a robust and resilient C2 and intelligence capability, novel technologies and an accelerated information operations capability development program that is broad, deep, sustained and well-coordinated. Furthermore, once information dominance is achieved, maintaining it will demand continuous change and development.https://press.armywarcollege.edu/monographs/1390/thumbnail.jp

The Politics of Uncertainty

"Why is uncertainty so important to politics today? To explore the underlying reasons, issues and challenges, this book’s chapters address finance and banking, insurance, technology regulation and critical infrastructures, as well as climate change, infectious disease responses, natural disasters, migration, crime and security and spirituality and religion. The book argues that uncertainties must be understood as complex constructions of knowledge, materiality, experience, embodiment and practice. Examining in particular how uncertainties are experienced in contexts of marginalisation and precarity, this book shows how sustainability and development are not just technical issues, but depend on deeply political values and choices. What burgeoning uncertainties require lies less in escalating efforts at control, but more in a new – more collective, mutualistic and convivial – politics of responsibility and care. If hopes of much-needed progressive transformation are to be realised, then currently-blinkered understandings of uncertainty need to be met with renewed democratic struggle. Written in an accessible style and illustrated by multiple case studies from across the world, this book will appeal to a wide cross-disciplinary audience in fields ranging from economics to law to science studies to sociology to anthropology and geography, as well as professionals working in risk management, disaster risk reduction, emergencies and wider public policy fields.

A Quantitative Research Study on Probability Risk Assessments in Critical Infrastructure and Homeland Security

This dissertation encompassed quantitative research on probabilistic risk assessment (PRA) elements in homeland security and the impact on critical infrastructure and key resources. There are 16 crucial infrastructure sectors in homeland security that represent assets, system networks, virtual and physical environments, roads and bridges, transportation, and air travel. The design included the Bayes theorem, a process used in PRAs when determining potential or probable events, causes, outcomes, and risks. The goal is to mitigate the effects of domestic terrorism and natural and man-made disasters, respond to events related to critical infrastructure that can impact the United States, and help protect and secure natural gas pipelines and electrical grid systems. This study provides data from current risk assessment trends in PRAs that can be applied and designed in elements of homeland security and the criminal justice system to help protect critical infrastructures. The dissertation will highlight the aspects of the U.S. Department of Homeland Security National Infrastructure Protection Plan (NIPP). In addition, this framework was employed to examine the criminal justice triangle, explore crime problems and emergency preparedness solutions to protect critical infrastructures, and analyze data relevant to risk assessment procedures for each critical infrastructure identified. Finally, the study addressed the drivers and gaps in research related to protecting and securing natural gas pipelines and electrical grid systems

Operational Decision Making under Uncertainty: Inferential, Sequential, and Adversarial Approaches

Modern security threats are characterized by a stochastic, dynamic, partially observable, and ambiguous operational environment. This dissertation addresses such complex security threats using operations research techniques for decision making under uncertainty in operations planning, analysis, and assessment. First, this research develops a new method for robust queue inference with partially observable, stochastic arrival and departure times, motivated by cybersecurity and terrorism applications. In the dynamic setting, this work develops a new variant of Markov decision processes and an algorithm for robust information collection in dynamic, partially observable and ambiguous environments, with an application to a cybersecurity detection problem. In the adversarial setting, this work presents a new application of counterfactual regret minimization and robust optimization to a multi-domain cyber and air defense problem in a partially observable environment

Managing Epistemic Uncertainties in the Underlying Models of Safety Assessment for Safety-Critical Systems

When conducting safety assessment for safety-critical systems, epistemic uncertainty is an ever-present challenge when reasoning about the safety concerns and causal relationships related to hazards. Uncertainty around this causation thus needs to be managed well. Unfortunately, existing safety assessment tends to ignore unknown uncertainties, and stakeholders rarely track known uncertainties well through the system lifecycle. In this thesis, an approach is described for managing epistemic uncertainties about the system and safety causal models that are applied in a safety assessment. First, the principles that define the requirements for the approach are introduced. Next, these principles are used to construct three distinct steps that constitute an approach to manage such uncertainties. These three steps involve identifying, documenting and tracking the uncertainties throughout the system lifecycle so as to enable intervention to address the uncertainties. The approach is evaluated by integrating it with two existing safety assessment techniques, one using models from a system viewpoint and the other with models from a component viewpoint. This approach is also evaluated through peer reviews, semi-structured interviews with practitioners, and by review against requirements derived from the principles. Based on the evaluation results, it is plausible that our approach can provide a feasible and systematic way to manage epistemic uncertainties in safety assessment for safety-critical systems