Driving Sustainability through Engineering Management and Systems Engineering

Despite the ongoing impact of the COVID-19 pandemic, the challenge of realizing sustainability across the triple bottom line of social, environmental, and economic development remains an urgent priority. If anything, it is now imperative that we work towards achieving the United Nations Sustainable Development Goals (SDGs). However, the global challenges are significant. Many of the societal challenges represent complex problems that require multifaceted solutions drawing on multidisciplinary approaches. Engineering management involves the management of people and projects related to technological or engineering systems—this includes project management, engineering economy, and technology management, as well as the management and leadership of teams. Systems engineering involves the design, integration, and management of complex systems over the full life cycle—this includes requirements capture, integrated system design, as well as modelling and simulation. In addition to the theoretical underpinnings of both disciplines, they also provide a range of tools and techniques that can be used to address technological and organisational complexity. The disciplines of engineering management and systems engineering are therefore ideally suited to help tackle both the challenges and opportunities associated with realising a sustainable future for all. This book provides new insights on how engineering management and systems engineering can be utilised as part of the journey towards sustainability. The book includes discussion of a broad range of different approaches to investigate sustainability through utilising quantitative, qualitative and conceptual methodologies. The book will be of interest to researchers and students focused on the field of sustainability as well as practitioners concerned with devising strategies for sustainable development

Driving Sustainability through Engineering Management and Systems Engineering

Despite the ongoing impact of the COVID-19 pandemic, the challenge of realizing sustainability across the triple bottom line of social, environmental, and economic development remains an urgent priority. If anything, it is now imperative that we work towards achieving the United Nations Sustainable Development Goals (SDGs). However, the global challenges are significant. Many of the societal challenges represent complex problems that require multifaceted solutions drawing on multidisciplinary approaches.Engineering management involves the management of people and projects related to technological or engineering systems—this includes project management, engineering economy and technology management, as well as the management and leadership of teams. Systems engineering involves the design, integration and management of complex systems over the full life cycle—this includes requirements capture and integrated system design, as well as modelling and simulation. In addition to the theoretical underpinnings of both disciplines, they also provide a range of tools and techniques that can be used to address technological and organisational complexity. The disciplines of engineering management and systems engineering are therefore ideally suited to help tackle both the challenges and the opportunities associated with realising a sustainable future for all.This book provides new insights on how engineering management and systems engineering can be utilised as part of the journey towards sustainability. The book includes a discussion of a broad range of different approaches to investigate sustainability through utilising quantitative, qualitative and conceptual methodologies. The book will be of interest to researchers and students focused on the field of sustainability as well as practitioners concerned with devising strategies for sustainable development

Human and National Security in Bahrain, Qatar and the United Arab Emirates - Should Climate Change Matter?

This PhD thesis examines the Gulf monarchies of Bahrain, Qatar and the United Arab Emirates as they strive to transform their political economies away from dependency on hydrocarbon revenues into more diverse sectors of economic activity. In particular, the research attempts to forecast the monarchies’ chances of achieving the transformation into principally private sector-led economies, while maintaining absolute rule and excluding those outside the circle of the ruling élites from political power or influence. The central research question guiding the study is ‘Human and National Security in Bahrain, Qatar and the United Arab Emirates – Should Climate Change Matter?’ The effects of climate change provide a useful lens through which to examine each of the states’ policies and actions as they attempt to cope with the physical degradation of an already water and heat-stressed environment, coupled with declining oil and gas revenues from the West as a result of international climate change agreements. The thesis applies a ten question research framework to each of the entities to produce individual case studies for comparison. The research finds that climate change is acknowledged as an issue by each of the states, but is not at the top of their list of priorities. Rather, measures to improve human security are aimed at maximising the economic productiveness of each country to make up the deficit caused by decreasing hydrocarbon revenues and enable the monarchies to maintain the high level of free and subsidised state services they currently provide to their populations. They believe the effective maintenance of services directly contributes to political stability which assures the continuance of their current system of governance where political power lies solely with the rulers and their close advisors. Essentially, the priority for each of the ruling families is not climate change, but regime survival, preferably in its current form

Maps of Lessons Learnt in Requirements Engineering

Both researchers and practitioners have emphasized the importance of learning from past experiences and its consequential impact on project time, cost, and quality. However, from the survey we conducted of requirements engineering (RE) practitioners, over 70\% of the respondents stated that they seldom use RE lessons in the RE process, though 85\% of these would use such lessons if readily available. Our observation, however, is that RE lessons are scattered, mainly implicitly, in the literature and practice, which obviously, does not help the situation. We, therefore, present ``maps” of RE lessons which would highlight weak (dark) and strong (bright) areas of RE (and hence RE theories). Such maps would thus be: (a) a driver for research to ``light up” the darker areas of RE and (b) a guide for practice to benefit from the brighter areas. To achieve this goal, we populated the maps with over 200 RE lessons elicited from literature and practice using a systematic literature review and survey. The results show that approximately 80\% of the elicited lessons are implicit and that approximately 70\% of the lessons deal with the elicitation, analysis, and specification RE phases only. The RE Lesson Maps, elicited lessons, and the results from populating the maps provide novel scientific groundings for lessons learnt in RE as this topic has not yet been systematically studied in the field

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

Evolving Bitcoin Custody

The broad topic of this thesis is the design and analysis of Bitcoin custody systems. Both the technology and threat landscape are evolving constantly. Therefore, custody systems, defence strategies, and risk models should be adaptive too. We introduce Bitcoin custody by describing the different types, design principles, phases and functions of custody systems. We review the technology stack of these systems and focus on the fundamentals; key-management and privacy. We present a perspective we call the systems view. It is an attempt to capture the full complexity of a custody system, including technology, people, and processes. We review existing custody systems and standards. We explore Bitcoin covenants. This is a mechanism to enforce constraints on transaction sequences. Although previous work has proposed how to construct and apply Bitcoin covenants, these require modifying the consensus rules of Bitcoin, a notoriously difficult task. We introduce the first detailed exposition and security analysis of a deleted-key covenant protocol, which is compatible with current consensus rules. We demonstrate a range of security models for deleted-key covenants which seem practical, in particular, when applied in autonomous (user-controlled) custody systems. We conclude with a comparative analysis with previous proposals. Covenants are often proclaimed to be an important primitive for custody systems, but no complete design has been proposed to validate that claim. To address this, we propose an autonomous custody system called Ajolote which uses deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a model of its state dynamics, a privacy analysis, and a risk model. We propose a threat model for custody systems which captures a realistic attacker for a system with offline devices and user-verification. We perform ceremony analysis to construct the risk model.Comment: PhD thesi

Responsible AI : the praxis of AI and data protection management : negotiating innovation and FAT principles

The increasing deployment of Artificial Intelligence applications has sparked a debate on its possible uses and potential problems, and many questions on the protection of personal data have emerged. The General Data Protection Regulation (GDPR) imposed new requirements for organisations handling personal data, and the implications for organisations managing AI technologies are particularly significant. Whereas much research focuses on algorithmic biases and the development of AI, this research explores other important concerns arising from the uses of personal data during the introduction of AI, which impact on individuals and organisations. It investigates innovation in different organisational contexts and how people perceive, understand and apply AI, data protection and FAT principles (fairness, accountability and transparency).Drawing on responsible research and innovation (RRI) and Feenberg’s critical theory of technology, the research investigates the praxis of AI and GDPR management within UK organisations, examining the interplay between AI, data protection and FAT principles.The methodology comprises a multi method approach, employing a survey of experts and dual case studies of organisations implementing responsible AI projects. This research investigates organisational practices and people's agency, providing in-depth analysis of values, power dynamics, experience, understanding, perceptions, and difficulties of various stakeholders (leaders, senior managers, data protection and ML experts) in their specific contexts, all of which shapes and constructs this ambivalent technology.The research indicates that GDPR is often misinterpreted, there is limited understanding of AI and its specific risks, and there are diverse perceptions of the relevance of FAT principles. Discussion on ethics is usually focused on data and activities conducted prior to the implementation of new AI systems. Internal processes and personal data created by AI are generally unconcerned by discourse on responsible innovation. External partners raise special concerns around compliance and unethical practices.This research critically reflects upon these flaws, identifies rarely discussed problems that obstruct responsible innovation and defines areas for innovation. Explaining how roles, positionality and personal experiences can impact management decisions regarding AI implementation, the research proposes an approach to AI innovation studies that foregrounds the active role of people in shaping technology. These insights are systematised in the creation of a critical AI and data protection management model aimed at supporting organisations to understand and address specific challenges, risks, and benefits in their responsible management. The research thereby offers leaders and senior managers important instruments for increasing awareness and control while using AI to process personal data. Highlighting the multilevel and multidisciplinary aspects of AI management, unveiling the complexities around ML predictions and decision-making, and showing innovative potentials residing within the GDPR, this further contributes important insights to business and management studies and to interdisciplinary debates on AI, data protection, and organisational ethics