D.07.4. Case Study Consolidation and Generalization of SECONOMICS Framework

The SECONOMICS project has produced a Toolkit for conducting security policy analysis
across critical infrastructure, allowing policy-makers to assess and optimize security
policies in a structured and evidence-based process and, therefore, make betterinformed
policy decisions or gain insight on what makes a current security policy work or
fail. In addition, the SECONOMICS Exploitation Model provides a good practice for the
introduction and use of the Toolkit by policy-makers.
The scientific models developed during the project were designed to include
socioeconomic aspects in the assessment of security policy-making such as the
acceptance of security measures, security in the media, the effects of the different
regulatory settings in security investments, security training incentives, and the
optimization of the security portfolio to protect against intelligent threats. Most of the
models have been integrated into the Toolkit, and their application to the case studies
have adequately led to a series of recommendations to policy-makers that are of general
interest, also outside of the project consortium.
The SECONOMICS Framework was developed as part of the project to address a series of
policy questions relevant across critical infrastructure protection:
· Comparison of the different policy and regulatory configurations (e.g., risk-based
vs rules based, centralized vs decentralized financing, customized vs uniform
regulation, subsidies, insurance as a tool of public policy) and identify which
approach is the better in what situations.
· Assessment of the security perception and debate in the society and what affects
the final results of security policies (e.g., the acceptance of security measures
and perception of threats, how the different actors shape the security debate,
and the tension between security and freedom and privacy). Provide
recommendations to European institutions to make this debate more interactive
and participative.
· Outline effective portfolios of security measures for different threats relevant
across critical infrastructure (e.g., unlawful access to critical systems,
cyberattacks, petty crime, networked infrastructures).
The SECONOMICS Framework and Toolkit have been developed following the Exploitation
Framework to support the Toolkit development and validate both the Scientific Models
and the Toolkit. This report focuses on the generalization of the SECONOMICS framework
to other critical infrastructure domains, such as Oil and Gas.

Case Study Consolidation and Generalization of SECONOMICS Framework