Self-driving cars, drones, the Internet of Things; these are just a few of the technologies that could have a significant impact on our lives in the coming years. But this also means that we must carefully weigh the risks against the potential benefits. University of Twente Professor of Risk Management for High-Tech Systems Mariëlle Stoelinga, has been awarded an ERC Consolidator Grant by the European Research Council that will allow her to develop a new and superior model for making improved and integrated assessments that take both safety and security risks into account.
Historically separate areas of expertise
The primary goal of Stoelinga’s research, which the European contribution will help her achieve, is to integrate historically separate areas of expertise: safety (malfunctions due to unintended accidents) on the one hand, and security (malfunctions due to malicious attacks by hackers) on the other hand.
On the surface, safety and security would appear to go hand in hand. However Mariëlle has noted that these areas are sometimes handled in contradictory ways. “Taking safety measures sometimes even leads to new security risks elsewhere and vice versa. A very practical example is creating an emergency exit. Emergency exits are vital as a means of escaping dangerous situations such as fires, but could also provide relatively easy access for those with ill intent.”
Bringing together safety and security
“Bringing these areas of expertise closer together is therefore incredibly important”, according to Mariëlle. This will be by no means easy: there is a lot of work to be done. “Different methods are used, there are different ways of working and the terminology is not always aligned either. Statistics play a large role in determining the approach to safety, whereas the approach to security measures is more dynamic and business considerations play a far greater role. And safety risks are often easily quantifiable based on historical malfunction data, but for security that is far more challenging, with decisions often being based on expert opinions.”
The rise of new technologies emphasises a greater need for a more integrated approach. Mariëlle Stoelinga is developing a model that supports the decision-making process. “In this process, I am trying to get a more fundamental idea of the interactions between safety and security. I approach both based on mathematical game theory, in which the attacker is up against security specialists. This helps in developing fundamental algorithms as a defence strategy.”
Theoretical exercise
The project, entitled CAESAR (Integrating Safety and Cyber Security through Stochastic Model Checking), emphasizes the development of a new theory. “This comes with a theoretical substantiation for the many initiatives that involve the business community. This is necessary because a new theoretical basis will allow us to take new steps”, says Mariëlle in reference to at least one recent project for which she received a multi-million euro contribution from the Dutch Research Council. This project is a collaboration between the University of Twente and other knowledge institutions to better predict malfunctions to infrastructure and production resources and improve maintenance scheduling.
Third time’s a charm
Obtaining the ERC Consolidator Grant, the medium of the three grants awarded by the ERC, turned out to be no easy feat. “It’s a matter of perseverance and doing what you believe in”, says Mariëlle, who saw two previous attempts at obtaining the European contribution fail. “I took in the feedback on those proposals, and I have to say it’s very satisfying that I have now succeeded in writing a winning proposal.”
The ERC received 2,453 research proposals this time, out of which approximately 12% will be funded. Thirty-one percent of grants were awarded to female applicants. This new round of grants should create some 2,000 jobs for postdoctoral fellows, PhD students and other staff working in the grantees' research team.
Mariëlle Stoelinga has been employed by the University of Twente since 2004 and was appointed Professor of Risk Management for High-Tech Systems at the beginning of 2018. She also works for Radboud University, as Professor of Software Science.