Education, Research and Business Technologies: Proceedings of 21st International Conference on Informatics in Economy (IE 2022) 9811967547, 9789811967542

Table of contents :
Preface
Contents
About the Editors
Part I Cloud, Distributed and Parallel Computing, IoT, Mobile-Embedded and  Multimedia Solutions
1 Microservices as a Key Enabler of a Cloud Native Architecture
1.1 Preamble
1.2 The Concept
1.3 Principles
1.4 Reasons for Adopting Microservices
1.5 Why Now is Time for Adoption
1.6 Challenges and Limitations
1.7 SOA Versus Microservices
1.8 Use Cases and Conclusion
References
2 The Importance of Security and Safety in a Smart City
2.1 Introduction
2.2 The Evolution of Smart Cities
2.3 How Smart City Helps the Citizens
2.4 Security and Safety in a Smart City
2.5 What Follows in the Future in a Smart City
2.6 Conclusions
References
3 Cyber Range Technology Stack Review
3.1 Introduction
3.2 Cyber Range Systems Architecture
3.2.1 Architecture Levels and Technologies
3.2.2 Orchestration Versus Configuration Management
3.3 Cyber Range Scenario
3.3.1 Generic Scenario Overview
3.3.2 Scenario Infrastructure Deployment—Terraform and Ansible
3.4 Scenario Deployment—Practical Analysis
3.4.1 Scenario Description
3.4.2 Results and Remarks
3.5 Conclusions and Future Work
References
4 IoT Security Challenges for Smart Homes
4.1 Introduction
4.2 Literature Review
4.3 IoT Devices for Smart Homes
4.4 IoT and Smart Home Vulnerabilities and Counter-Measures
4.5 Conclusion and Future Work
References
5 An Overview of Security Issues in Smart Contracts on the Blockchain
5.1 Introduction
5.2 Ethereum Architecture
5.3 Security Considerations
5.4 Developing Smart Contracts
5.4.1 Attack Surface
5.4.2 Upgradability
5.4.3 Error Handling
5.4.4 Transaction Cost
5.5 Smart Contracts Patterns
5.5.1 Check-Effects-Interaction Pattern
5.5.2 Pull Over Push
5.5.3 Access Restriction
5.5.4 Emergency Stop
5.6 Testing Smart Contracts
5.7 Conclusions and Future Work
References
Part II E-society, Enterprise and Business Solutions, Smart Cities and Sustainable Communities, E-society, E-government and E-education
6 Agile Business Systems Development Paradigms—Technological and Human Resource Perspectives
6.1 Introduction
6.2 ICT industry—The Pillar of Economic and Social Development
6.3 Agility—Preference or Necessity from Technological and Human Resource Perspectives
6.4 The Evolutionary Dimension of Agility in SDLC: From Waterfall to DevOps
6.5 Business Perspectives
6.6 Conclusions
References
7 Identification of Qualitative Weak Signals Coming from Asset Management Working Practices to Feed Forward-Looking Investment Pension Funds Models
7.1 Context
7.2 Literature Review
7.3 Methodology
7.4 Synthesis of Results
7.4.1 Common “Investment Traits”
7.4.2 A Systematic Approach to Search Weak Signals
7.4.3 Market Personification
7.4.4 Weak Signals and Financial Crisis
7.4.5 Evolution of Operating Modes in Asset Management
7.4.6 Pension Funds: Weak Signals, Benchmarking, and Backward-Looking Information
7.5 Conclusion and Further Research
References
8 Digital Competences in the Public Sector—Challenges for Universities
8.1 Introduction
8.2 Digital Competencies in the Public Sector—Literature Review
8.3 Attitudes and Understandings About the Digitalization of Services in Bulgaria—Results of Research
8.4 Digital Competencies of Public Sector Staff—Challenges for Higher Education
8.5 Conclusion
References
9 Transport System in Bucharest
9.1 Introduction
9.2 An European Approach
9.3 Modern Systems for Traffic Optimization
9.4 Increasing Accessibility of Public Transport in Bucharest
9.5 Public Transport Analysis for Bucharest
9.6 Conclusions
References
10 General Characteristics of the Assisted E-Learning System in Computer Sciences
10.1 Introduction
10.2 Short Literature Review
10.2.1 Learning Using Computer Assisted System
10.2.2 Assessment Using Computer Assisted System
10.3 Gamification as a Characteristic of E-Learning Environment
10.4 Indicators for Performance Review
10.5 Conclusion and Future Work
References
11 E-learning in Romania: An Overview on Software Solutions from Private Initiatives
11.1 Introduction
11.2 Terminology in E-learning
11.3 Study of Romanian Private E-learning Software Solutions
11.3.1 Research Methodology
11.3.2 Analysis of the Solutions
11.4 Results
11.4.1 E-learning Platform Analysis
11.4.2 E-learning Solution Implementation
11.5 Conclusions
References
Part III Big Data Management, Processing and Analytics, Machine Learning Theory and Applications
12 Sustainable Communities with Smart Meters. A Statistical Measurement Model to Cope with Electricity Consumers’ Behavior
12.1 Introduction
12.2 Research Methodology
12.3 Results
12.4 Conclusion
References
13 The Role of Big Data Analytics in Increasing Competitiveness
13.1 Introduction
13.2 The Role of Big Data into Competitive Advantage
13.3 Competitiveness
13.4 Methodology
13.5 Results
13.6 Discussions
13.7 Conclusion
References
14 Blockchain and Smart Contracts for Voting in a University
14.1 Introduction
14.2 Main Smart Contract Platforms
14.3 Voting in Political Elections and Voting in Universities
14.4 Methods
14.5 Conclusions
References
15 Using Twitter Data and Lexicon-Based Sentiment Analysis to Study the Attitude Towards Cryptocurrency Market and Blockchain Technology
15.1 Introduction
15.2 Literature Review
15.3 Research Methodology
15.4 Results and Discussion
15.5 Conclusions
References
16 Applications that Use Recurrent Neural Networks and Their Impact on People’s Lives
16.1 Introduction
16.2 Recurring Neural Networks Applications
16.2.1 Google Translate
16.2.2 Medibot
16.3 Conclusions
References
17 Modeling the Prices Variation of Agricultural Products on the Stock Market Using Evolutionary Approach
17.1 Introduction
17.1.1 The Proposed Model
17.2 The Implemented Algorithm
17.2.1 The Origin of Data and the Chromosome Representation
17.2.2 The Result of Simulation
17.3 Conclusion
References
18 The Trends in Cybersecurity Maturity Models
18.1 Cyber Risk Management in Critical Infrastructures
18.1.1 An Overview of Past Research
18.2 Methods to Assess Cyber Security Maturity
18.2.1 Publicly Available Models
18.2.2 Capabilities Maturity Model and Capabilities Maturity Model Integration
18.2.3 Cybersecurity Capability Maturity Model
18.2.4 NIST Cybersecurity Framework
18.2.5 Cybersecurity Maturity Model Certification
18.2.6 ISO 27001
18.3 Proposed Model to Assess Cybersecurity Maturity
18.4 Analysis of Trends in Developing and Using Models
18.5 Conclusions and Recommendations
References
19 Oracle Machine Learning (OML) Features and a Classification Use Case with OML4SQL and AutoML
19.1 Introduction
19.2 Oracle Cloud Infrastructure (OCI) Account
19.2.1 What is Oracle Machine Learning (OML)?
19.2.2 OML Features
19.2.3 OML Notebooks
19.2.4 OML AutoML
19.2.5 OML for SQL (OML4SQL)
19.2.6 OML for Python (OML4Py)
19.3 Use Case with Oracle Machine Learning
19.3.1 Classification—OML for SQL (OML4SQL) Use Case
19.3.2 Classification with AutoML
19.4 Conclusions
References
20 Challenges to Democracy: Attitudes Towards the January 6 Events at the Capitol on Social Media
20.1 Introduction
20.2 Literature Review
20.2.1 Stance Analysis
20.2.2 Stance Analysis on Social Media
20.2.3 Related Work
20.3 Data and Methods
20.3.1 Data
20.3.2 Cleaning and Preprocessing
20.3.3 Sampling, Annotation, and Balancing
20.3.4 Representation
20.3.5 Classifier Evaluation
20.3.6 Classifiers Trained
20.3.7 Emotion Identification
20.4 Results
20.4.1 Stance Analysis
20.4.2 Emotion Analysis
20.5 Conclusion
References
21 Web-Based Machine Learning System for Assessing Consumer Behavior
21.1 Introduction
21.2 Supervised Machine Learning Classifiers
21.3 Research Framework and Methodology
21.4 Main Research Findings
21.4.1 Experimental Dataset
21.4.2 Machine Learning Classifiers—Hyperparameter Tuning
21.4.3 Model Evaluation
21.5 Conclusions and Further Research
References
Part IV Quantitative Economics
22 From Digital Economy to Global Economy—A Cybernetics Approach
22.1 Introduction
22.2 The Stage of Knowledge in the Field
22.3 Digitization, Digitalization and Digital Transformation
22.4 The Digital Economy and Digitalization of the Global Economy System
22.5 Case Study: Building and Defining the Global Economy as a Cybernetic System in the Digital Age
22.6 Conclusions
References
23 Models for Identifying Price Bubbles in the Financial Market: The Science of Buying Cryptocurrency
23.1 Introduction
23.2 Methodology and Theoretical Aspects
23.2.1 Exponential Curve Fitting Method (EXCF)
23.2.2 Dickey-Fuller Generalized Supremum Augmented Test (GSADF)
23.2.3 Value at Risk and Expected Shortfall
23.2.4 Portfolio Creation by Optimizing CVaR
23.3 Data Used
23.4 Results
23.4.1 Results of the EXCF Method
23.4.2 Results of the GSADF Method
23.4.3 Value at Risk and Expected Shortfall Analysis
23.4.4 Portfolio Obtained by Optimizing CVaR
23.5 Investment Strategies
23.5.1 Game Theory and Cybernetics Theory Analysis
23.6 Conclusion
Appendix
References
24 Metrics for Evaluating Classification Algorithms
24.1 Introduction
24.2 Metrics for Evaluating Classification Models
24.3 Analysis and Results
24.4 Conclusions
References
25 Big Data and Machine Learning for Different Industry Challenges
25.1 Introduction
25.2 Research Literature
25.2.1 Concept of Big Data
25.2.2 Concept of Machine Learning
25.3 Related Work
25.4 Case Study
25.4.1 Data Preparation and Visualization
25.4.2 Predictive Analysis
25.5 Conclusions and Future Work
References
26 Interchanging Java–Python Data with Applications in Machine Learning Solutions
26.1 Machine Learning in Java
26.2 Bonding Python and Java
26.2.1 Accessing Python from Java
26.2.2 Accessing Java from Python
26.3 Java–Python Data Exchange Communication
26.3.1 Process-Level Java–Python Communication via Pipeline
26.3.2 Java–Python Communication via TCP Sockets
26.3.3 Application Architecture
26.3.4 Case Study: Hierarchical Clustering
26.4 Conclusions
References
27 Perspectives of Cryptocurrency Price Prediction
27.1 Introduction
27.2 Techniques Applied in Cryptocurrency Price Prediction
27.3 Literature Perspectives
27.4 Conclusions
References
28 Credibilistic Valuation of Merger and Acquisition Targets with Fuzzy Real Options
28.1 Introduction
28.2 Preliminaries
28.3 Indicators of Trapezoidal Fuzzy Numbers
28.4 Indicators of Interval-Valued Fuzzy Numbers
28.5 Numerical Example: Valuing M&A Target Companies
28.6 Conclusions
References
29 A Study on the Systematic Importance of Major Banks in China
29.1 Introduction
29.2 Related Concepts and Literature Review
29.2.1 Related Concepts
29.2.2 Literature Review
29.2.3 Formula for Calculating a Bank's Systemic Importance Score
29.3 Assessment Results of Our Systemically Important Banks
29.3.1 Data Selection
29.3.2 Assessment Results of Our Systemically Important Banks
29.3.3 Analysis of Evaluation Results
29.4 Conclusions and Policy Recommendations
References
Author Index

Citation preview

Smart Innovation, Systems and Technologies 321

Cristian Ciurea Paul Pocatilu Florin Gheorghe Filip   Editors

Education, Research and Business Technologies Proceedings of 21st International Conference on Informatics in Economy (IE 2022)

123

Smart Innovation, Systems and Technologies Volume 321

Series Editors Robert J. Howlett, Bournemouth University and KES International, Shoreham-by-Sea, UK Lakhmi C. Jain, KES International, Shoreham-by-Sea, UK

The Smart Innovation, Systems and Technologies book series encompasses the topics of knowledge, intelligence, innovation and sustainability. The aim of the series is to make available a platform for the publication of books on all aspects of single and multi-disciplinary research on these themes in order to make the latest results available in a readily-accessible form. Volumes on interdisciplinary research combining two or more of these areas is particularly sought. The series covers systems and paradigms that employ knowledge and intelligence in a broad sense. Its scope is systems having embedded knowledge and intelligence, which may be applied to the solution of world problems in industry, the environment and the community. It also focusses on the knowledge-transfer methodologies and innovation strategies employed to make this happen effectively. The combination of intelligent systems tools and a broad range of applications introduces a need for a synergy of disciplines from science, technology, business and the humanities. The series will include conference proceedings, edited collections, monographs, handbooks, reference books, and other relevant types of book in areas of science and technology where smart systems and technologies can offer innovative solutions. High quality content is an essential feature for all book proposals accepted for the series. It is expected that editors of all accepted volumes will ensure that contributions are subjected to an appropriate level of reviewing process and adhere to KES quality principles. Indexed by SCOPUS, EI Compendex, INSPEC, WTI Frankfurt eG, zbMATH, Japanese Science and Technology Agency (JST), SCImago, DBLP. All books published in the series are submitted for consideration in Web of Science.

Cristian Ciurea · Paul Pocatilu · Florin Gheorghe Filip Editors

Education, Research and Business Technologies Proceedings of 21st International Conference on Informatics in Economy (IE 2022)

Editors Cristian Ciurea Bucharest University of Economic Studies Bucharest, Romania

Paul Pocatilu Bucharest University of Economic Studies Bucharest, Romania

Florin Gheorghe Filip Romanian Academy Bucharest, Romania

ISSN 2190-3018 ISSN 2190-3026 (electronic) Smart Innovation, Systems and Technologies ISBN 978-981-19-6754-2 ISBN 978-981-19-6755-9 (eBook) https://doi.org/10.1007/978-981-19-6755-9 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

Preface

The volume contains a selection of papers presented at the 21st International Conference on Informatics in Economy (IE 2022) entitled Education, Research and Business Technologies, which was held in Bucharest, Romania, in a hybrid format, on May 26th, 2022. The IE conference has a quite long tradition. Its first edition was organized in 1993 by the Bucharest University of Economic Studies (ASE) in collaboration with academics of the Institut National des Sciences Appliquées (INSA) de Lyon, France, as an event meant to stimulate the exchange of ideas and scientific results in the context of new evolutions in Romania. While, in the period 1993–2011, the conference has been initially organized in odd years since 2012, IE has become an annual event. The International Conference on Informatics in Economy was, in the early 90s, one of the first scientific events in this thematic domain ever held in Romania and, over years, has gained international scientific recognition. At the national level, it remains one of the most important scientific events that gather the entire Romanian Economic Informatics community. Many of the papers presented at the conference have been quality works and, consequently, the volumes of the 11th to 16th editions were indexed by ISI Thomson Reuters as ISI Proceedings. In 2021, Springer accepted to publish the proceedings The IE 2021 conference proceedings were published under the title Education, Research and Business Technologies in the book series, named Smart Innovation, Systems and Technologies, led by Profs. Robert Howlett and Lakhmi C. Jain. The 21st edition of the conference promoted research results in Business Informatics and related Computer Science topics such as: . . . . . .

Machine learning theory and applications; Data science, big data management, processing, and analytics; Smart cities and sustainable communities; IoT management and integration with utilities; Cloud, distributed and parallel, cloud and sky computing; Cybersecurity;

v

vi

. . . . .

Preface

Mobile-embedded and multimedia solutions; Platform economy; Quantitative economics; Enterprise and business solutions; E-Society, E-Government and E-Education

The programme included three keynote speeches and 37 regular papers grouped into five sections. Many papers reflected the international cooperation research works and were authored by researchers from 12 countries (Brazil, Bulgaria, China, Finland, Greece, Italy, Republic of Moldova, New Zeeland, Norway, Romania, Russia, and Switzerland). A number of 43 regular manuscripts were submitted for evaluation and 37 papers were accepted by the International Programme Committee. A number of 29 final versions of the accepted papers are included in the four parts of the volume: 1. Cloud, Distributed and Parallel Computing, IoT, Mobile-Embedded and Multimedia Solutions (five papers); 2. E-Society, Enterprise and Business Solutions, Smart Cities and Sustainable Communities, E-Society, E-Government and E-Education (six papers); 3. Big Data Management, Processing and Analytics, Machine Learning Theory and Applications (ten papers); 4. Quantitative Economics (eight papers). This volume can be useful for researchers, consultants, and postgraduate students in Computer science and design, Business informatics, Economics, and Management. The editors are grateful to Springer for accepting to publish the proceedings of IE conference in the Advances in Intelligent Systems and Computing series, and ensuring a high-quality technical version of the volume. Special thanks are due to Prof. J. Lakhmi C. Jain for permanent guidance, and the technical assistance of Maniarasan Gandhi from Springer in the book producing is also acknowledged. Bucharest, Romania June 2022

Cristian Ciurea Paul Pocatilu Florin Gheorghe Filip

Contents

Part I

Cloud, Distributed and Parallel Computing, IoT, Mobile-Embedded and Multimedia Solutions

1

Microservices as a Key Enabler of a Cloud Native Architecture . . . . Corneliu Barbulescu

3

2

The Importance of Security and Safety in a Smart City . . . . . . . . . . . Robert-Ionu¸t V˘at˘as¸oiu, R˘azvan-Alexandru Br˘atulescu, Sorina-Andreea Mitroi, Mari-Anais Sachian, Ana-Maria Tudor, and Andreea-Geanina Vintil˘a

11

3

Cyber Range Technology Stack Review . . . . . . . . . . . . . . . . . . . . . . . . . . Ionut, Lates, and C˘at˘alin Boja

25

4

IoT Security Challenges for Smart Homes . . . . . . . . . . . . . . . . . . . . . . . Nicolae-Gabriel Vasilescu, Paul Pocatilu, and Mihai Doinea

41

5

An Overview of Security Issues in Smart Contracts on the Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ojog Silviu

Part II

6

51

E-society, Enterprise and Business Solutions, Smart Cities and Sustainable Communities, E-society, E-government and E-education

Agile Business Systems Development Paradigms—Technological and Human Resource Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Marian Stoica, Bogdan Ghilic-Micu, Marinela Mircea, and Panagiotis Sinioros

67

vii

viii

7

8

9

Contents

Identification of Qualitative Weak Signals Coming from Asset Management Working Practices to Feed Forward-Looking Investment Pension Funds Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Emmanuel Fragnière, Pierre Fischer, Jahja Rrustemi, Nils Tuchschmid, and Olivier Guillot

81

Digital Competences in the Public Sector—Challenges for Universities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Margarita Bogdanova and Evelina Parashkevova-Velikova

93

Transport System in Bucharest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Vlad-Alexandru Mih˘ail˘a

10 General Characteristics of the Assisted E-Learning System in Computer Sciences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Madalina Pana and Alin Zamfiroiu 11 E-learning in Romania: An Overview on Software Solutions from Private Initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Andreea-Cristina Stroe Part III Big Data Management, Processing and Analytics, Machine Learning Theory and Applications 12 Sustainable Communities with Smart Meters. A Statistical Measurement Model to Cope with Electricity Consumers’ Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Simona-Vasilica Oprea, Adela Bâra, Jin Xiaolong, Qian Meng, and Lasse Berntzen 13 The Role of Big Data Analytics in Increasing Competitiveness . . . . . 161 Marian Pompiliu Cristescu, Raluca Andreea Neris, anu, Dumitru Alexandru Mara, Renate-Martina Polder, and Albert-Attila Keresztesi 14 Blockchain and Smart Contracts for Voting in a University . . . . . . . 177 Vlad Diaconita and Maria Georgiana Stoica 15 Using Twitter Data and Lexicon-Based Sentiment Analysis to Study the Attitude Towards Cryptocurrency Market and Blockchain Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Denisa Elena Bala and Stelian Stancu 16 Applications that Use Recurrent Neural Networks and Their Impact on People’s Lives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Ionu¸t-Alexandru Cîmpeanu 17 Modeling the Prices Variation of Agricultural Products on the Stock Market Using Evolutionary Approach . . . . . . . . . . . . . . . 209 Costin Radu Boldea and Bogdan Boldea

Contents

ix

18 The Trends in Cybersecurity Maturity Models . . . . . . . . . . . . . . . . . . . 217 Aurelian Buzdugan and Gheorghe C˘ap˘at, ân˘a 19 Oracle Machine Learning (OML) Features and a Classification Use Case with OML4SQL and AutoML . . . . . . . . . . . . . . . . . . . . . . . . . 229 Dimitrie-Daniel Pl˘acint˘a 20 Challenges to Democracy: Attitudes Towards the January 6 Events at the Capitol on Social Media . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Erik-Robert Kovacs and Liviu-Adrian Cotfas 21 Web-Based Machine Learning System for Assessing Consumer Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Denis-C˘at˘alin Arghir Part IV Quantitative Economics 22 From Digital Economy to Global Economy—A Cybernetics Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Ionut, Nica and Nora Chirit, a˘ 23 Models for Identifying Price Bubbles in the Financial Market: The Science of Buying Cryptocurrency . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Nicolae Sp˘ataru and S, tefan Ionescu 24 Metrics for Evaluating Classification Algorithms . . . . . . . . . . . . . . . . . 307 Mihaela Muntean and Florin-Daniel Militaru 25 Big Data and Machine Learning for Different Industry Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Andreea-Elena Ogrezeanu (Oprea), Georgiana St˘anescu (Nicolaie), Andreea-Maria Cop˘aceanu, and Andreea-Alexandra Cîrnaru 26 Interchanging Java–Python Data with Applications in Machine Learning Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 Titus Felix Furtun˘a, Claudiu Vint, e, and Cosmin Proscanu 27 Perspectives of Cryptocurrency Price Prediction . . . . . . . . . . . . . . . . . 343 Crina Anina Bejan, Dominic Bucerzan, and Mihaela Daciana Cr˘aciun 28 Credibilistic Valuation of Merger and Acquisition Targets with Fuzzy Real Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Jani Kinnunen and Irina Georgescu

x

Contents

29 A Study on the Systematic Importance of Major Banks in China . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Xinyue Du and Ying Ren Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

About the Editors

Cristian Ciurea is a professor at the Department of Economic Informatics and Cybernetics from Bucharest University of Economic Studies. He is also the head of the department. Cristian has graduated the Faculty of Economic Cybernetics, Statistics and Informatics from the Bucharest University of Economic Studies in 2007. He has a master’s degree in Informatics Project Management (2010) and a Ph.D. in Economic Informatics (2011) from the Bucharest University of Economic Studies. Cristian has a solid background in computer science and is interested in collaborative systems related issues. Other fields of interest include intelligent systems, software metrics, data structures, object-oriented programming, windows applications programming, mobile devices programming and testing process automation for software quality assurance. Paul Pocatilu graduated the Faculty of Cybernetics, Statistics and Economic Informatics in 1998. He achieved the Ph.D. in Economics in 2003 with thesis on Software Testing Cost Assessment Models. He has published as author and co-author over 45 articles in journals and over 40 articles on national and international conferences. He is the author and co-author of 10 books, (Mobile Devices Programming and Software Testing Costs are two of them). He is a professor at the Department of Economic Informatics and Cybernetics within the Bucharest University of Economic Studies, Bucharest. He teaches courses, seminars and laboratories on Mobile Devices Programming, Economic Informatics, Computer Programming and Project Quality Management to graduate and postgraduate students. His current research areas are software testing, software quality, project management and mobile application development. Florin Gheorghe Filip was born in 1947 in Bucharest, Romania. He graduated in Automation at Politehnica University of Bucharest in 1970 and received his Ph.D. degree from the same university in 1982. He was elected as a corresponding member of the Romanian Academy in 1991 and became a full member of the Academy in 1999. During 2000–2010, he was a vice president of the Romanian Academy (elected in 2000, re-elected in 2004 and 2006). In 2010, he was elected president xi

xii

About the Editors

of the Information Science and Technology section of the Academy (re-elected in 2015 and 2019). He was the managing director of National Institute for R&D in Informatics-ICI, Bucharest (1991–1997). He is an honorary member of the Romanian Academy of Technical Sciences and Academy of Sciences of Republic of Moldova. He was the chair of IFAC TC 5.4 (Large-scale Complex Systems) from 2002 to 2008. His main scientific interests include optimization and control of large-scale complex systems, decision support systems (DSS), technology management and foresight and IT applications in the cultural sector. He authored/co-authored over 350 papers published in international journals (IFAC J Automatica, IFAC J Control Engineering Practice, Annual Reviews in Control, Computers in Industry, LargeScale Systems, Technological and Economic Development of Economy and so on) and contributed to volumes printed by international publishing houses (Pergamon Press, Springer, Elsevier, Kluwer, Chapman and Hall and so on). He is also the author/co-author of 13 monographs (published in Romanian, English and French by Editura Tehnic˘a, Hermès-Lavoisier, Paris, J. Wiley and Sons, Springer) and the editor/co-editor of 30 volumes of contributions (published by Editura Academiei Române, Pergamon Press, North Holland, Elsevier, IEEE Computer Society and so on). He presented invited lectures in universities and research institutions and plenary papers at scientific conferences in Brazil, Chile, China, France, Germany, Lithuania, Poland, Portugal, Republic of Moldova, Romania, Spain, Sweden, Tunisia and UK.

Part I

Cloud, Distributed and Parallel Computing, IoT, Mobile-Embedded and Multimedia Solutions

Chapter 1

Microservices as a Key Enabler of a Cloud Native Architecture Corneliu Barbulescu

Abstract This article discusses Microservices and their key role in the adoption of Cloud Native application architectures. It starts by defining the Microservices concept, then identifies their key technical characteristics and business benefits they unlock, while proposing a parallel with 12-factor applications. Having these clarified, it answers “Why Now” is the time to adopt Microservice Architecture in terms of business imperatives per industry and technological readiness. Everything is put in context, including the evolution from SOA and what are the key differences between microservices and SOA. Having agreed on technical definition and characteristics, the current article also highlights what is driving businesses to invest in Microserviceled transformations. Likewise, we apply a critical and pragmatic angle on limitations and avoid “purist” adoption of this modern architectural style.

1.1 Preamble Certainly, today microservices as an architectural style for building modern applications are getting more traction in the IT industry as their benefits become increasingly popular, especially among the technical expert community. Still, the adoption of microservices is just at the beginning with considerable investment being required in technology stack, software development processes, and culture. Therefore, a clear and systematic understanding of the concept and benefits—especially from a business perspective—will help in unlocking the potential of dramatically accelerating time-to-value. This article will bring a practical perspective, resulting from Author’s experience with market-leading clients.

C. Barbulescu (B) IBM Corporation, 1 Orchard Rd Armonk (HQ), Armonk, NY, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_1

3

4

C. Barbulescu

1.2 The Concept A microservice is an application (also called mini application in the context) whose data and execution deployment units are organized for delivering certain business services. Therefore, every microservice encapsulates its own data, execution, and application runtime cohesively, enabling them to operate in a self-contained fashion while interoperating with other applications and/or microservices. For example, “Manage Clients” can be a microservice that encapsulates all required functionalities to create and maintain information about an enterprise client. If we parallel with traditional (monolithic) applications, we observe that a multitude of integrated microservices is required to deliver the full set of functionalities of the equivalent monolith. As a matter of consequence two major implications can be noticed: Microservices simplify great application development [4] while accelerating timeto-value for any business functionality. Multiple features can be developed “independently” in parallel allowing conditions for setting up independent, small development teams per microservice, which are free to choose their own development languages (polyglotism), frameworks, and runtimes [3, 6]. Microservices increase, on the other hand, substantially the integration complexity required to deliver a wide spectrum of business services across the enterprise, much more than in the traditional IT.

1.3 Principles The following characteristics, which can be translated into architectural principles, are exhibited by microservice applications: Componentization. This is a direct consequence of breaking down monolithic applications—combining a full spectrum of functionalities across enterprise domains— organizing application logic around business service and encapsulating related data and logic. Organized around Business Capabilities. This is a corollary of 1 and allows for easy recognition of the architectural style, even from application names or when mapping them to enterprise domain functions. Products not Projects. Teams working on such developments have rather a Product development culture, than a Project delivery one. Instead of being focused on delimited outcomes with an a priori set start and end date, these teams are continuously developing and delivering microservices as products having their own lifecycle, featuring specialized business capabilities. Smart endpoints and dumb pipes. This means that business logic resides exclusively within microservice applications, while integration components outside them focus only on the transport and conversion of messages.

1 Microservices as a Key Enabler of a Cloud Native Architecture

5

Decentralized Governance. This is a corollary of 1, underlining the aspect that microservices should be governed separately and integrable with distinct Governance frameworks across their customer base. Decentralized Data Management. Each microservice application ideally has its own data repository, hence calling for this decentralization requiring consolidated Data Management. Infrastructure Automation. It is common to couple microservices with Container infrastructure—based on technologies such as Docker and Kubernetes—each microservice running on its own container images that can be dynamically (de)provisioned. Design for failure. This refers particularly to the microservice deployment model, just like point 7 mentioned above. The best practice is to run microservices on Kubernetes clusters, as failing instances are automatically restarted or, in case of peak usage scenarios, new nodes are spined off to sustain the load. Evolutionary Design. This application architecture style, agile and discrete, enables much easier and faster changes in design: each component is very specialized with much smaller codebase. This also means that the development team is well-versed in the business requirements supported by the respective application [1] (Fig. 1.1).

Fig. 1.1 Monolith versus Microservice application [2]

6

C. Barbulescu

1.4 Reasons for Adopting Microservices Having said the above, what are the reasons for adopting microservices, bearing direct, positive business impact? Let us consider some critical ones: Scaling. This enables sustaining fluctuating user session volumes and applies to hardto-predict load scenarios, that could be related to unforeseen events, such as when launching a very successful product. This could generate a load on the web application that exceeds any planning. Therefore, microservices should be seen as a Cloud Native architecture key enabler. Elastic scalability, achievable by horizontal scaling, is one key characteristic of a microservice-based architecture and concerns the deployment model and infrastructure of such applications. This includes workload orchestration for allowing service instances to be restarted or be automatically moved to different server nodes that are in better “health” (e.g., more available CPU and memory). Agility. Faster iteration cycles accelerate time-to-value, a key performance indicator that is critical for businesses in highly competitive sectors, such as banking, where new products are launched several times per year. This is possible as each microservice is an atomic business service that can be designed and developed with a high degree of autonomy by its own team with its own Bounded Context (code and data). Resilience Reduced dependencies allow for microservices to run or fail independently and “fail fast”. Having their own resilience addressed by Kubernetes clusters— one cluster per service—even if the whole cluster fails, the rest of the microservices can continue to run, hence application remains available to its users.

1.5 Why Now is Time for Adoption Beyond pure conceptual discussion, microservice-based architecture needed a certain technology stack readiness, given by convergence of certain factors: – Internet/intranet/network maturity. This concerns the ubiquity of the Internet, coupled with the stateless nature of distributed programming protocols and styles like REST. – Lightweight runtimes (Node.js, WAS Liberty, etc.). More lightweight runtimes were required in conjunction with workload orchestration capability: if a service instance (pod) crashes, the orchestrator may restart it in minimal disruption conditions. This means very quick runtime startups, much quicker than those of JEE application servers. – Methods and Automation tools. Agile has emerged as a method and culture alongside DevOps [5] that instill automation and collaboration across teams and functions.

1 Microservices as a Key Enabler of a Cloud Native Architecture

7

– Lightweight protocols (RESTful APIs, lightweight messaging such as JSON). This further facilitates adoption by eliminating parsing overhead, as was the case with SOAP and XMEL. – Simplified infrastructure. OS virtualization (hypervisors), containerization (e.g., Docker), infrastructure as a service (IaaS), and workload virtualization (Kubernetes, Spark) simplify and bring increasingly instrumented infrastructure deployment. – Cloud Platform as a Service. This enables microservices for auto-scaling, workload management, SLA management, caching, and build management. – Alternative data persistence models that replace ACID always-consistent characteristics with Eventual consistency, which is a key microservice data characteristic. – Standardized code management (e.g., GitHub).

1.6 Challenges and Limitations Having said the above, should every application rearchitected to microservices? Going further, even supposing funding and sponsorship are not a problem, technologically speaking, can every existing component be broken down and replaced by microservices? One critical aspect to consider is if it is possible to manage without transactionality to the database. Indeed, core business applications cannot manage without transactional databases that meet ACID characteristics in the sense that these systems’ data should be always consistent. For example, consider a Core Banking application. It goes without saying these kinds of systems are not fit for microservices. In turn, an Internet Banking application can be a good case for such application architecture, because of rapidly evolving features and elastic scalability requirements—without always consistency constraints, which are deferred to the core banking system.

1.7 SOA Versus Microservices According to established understanding in the industry “SOA is about how to achieve integration often to aging complex back-end systems in order to expose services”. In this case, SOA is primarily a connectivity problem with little relationship to microservices architecture and certainly at a different scope [7] (Fig. 1.2). However, SOA, despite its broader intent, resulted mostly in interface-related technology (ESBs). Therefore, SOA application components encapsulate solely format-conversion and transport responsibilities. Microservices architecture is, on the other hand, more specific on how business service components should be implemented, and benefits from more real examples of frameworks and platforms in this area than SOA did at an equivalent time in its history.

8

C. Barbulescu

Fig. 1.2 SOA versus microservices

As a matter of consequence, a SOA taxonomy across a given enterprise will have elements of technical semantics (especially interfacing), whereas a microservices one will be made up of elements of business semantics.

1.8 Use Cases and Conclusion Figure 1.3 shows an overview of Enterprise IT Architecture layers, highlighting microservices as digital agility services. Digital Agility Services. Cloud Native (Microservices/APIs) helps to decouple the System of Engagements from the System of Records by exposing core functions in Fig. 1.3 The place of microservices on layers

1 Microservices as a Key Enabler of a Cloud Native Architecture

9

a highly scalable and available manner. This layer allows for introducing functionality that evolves rapidly and is embodied by microservices—typically REST—that orchestrate existing core logic from Systems of Records and are deployed each on their own container. Experience APIs. Helps optimize the integration platform and enables the development of interfaces with agility across multichannels such as Web, Mobile or IVR. The same API is leveraged by each channel user interface. Systems of Engagements. These applications provide User Interface across channels by leveraging the experience APIs. They evolve rapidly at a similar pace to the Digital Agility Services components. Systems of Records. These are systems of legacy IT that provides core Enterprise functionality that rarely change over time. System APIs expose respective services and make them available to the Digital layer above. Data decomposition through canonical data model definition helps optimize data stores and leverage cloud platforms. We notice from the overview in Fig. 1.3 that microservices are essentially enabling Digital Transformations in organizations that need to enable Agility and accelerate Time to Market, as well as the speed of innovations, for staying competitive in the market. Thus, they will rather extend the traditional IT landscape than replacing current capabilities—in terms of, both, technologies, and application architectures.

References 1. Fowler, M., Lewis, J.: Microservices article. https://martinfowler.com/articles/microservices. html, last accessed 2022/07/01 2. Newman, S.: Monolith to Microservices: Evolutionary Patterns to Transform Your Monolith, 150 p. O’Reilly Media, Inc, Sebastopol, CA, USA (2019), ISBN: 9781492047841 3. Fowler, M.: Refactoring, Addison-Wesley Professional, 448 p. Boston, USA, November 20, 2018, ISBN: 0134757599 4. Ivan, I., Nosca, G., Pârlog, O.: The optimization of the software quality cost using neural networks. The 4th International Symposium of Economic Informatics „Information Technology”, Bucharest, May 6–9, 1999, INFOREC Printing House, pp. 177–180 5. Farley, D., Humble, J.: Continuous Delivery, Addison-Wesley Professional, 512 p. Boston, USA, July 27, 2010, ISBN-10: 9780321601919, ISBN-13: 978-0321601919 6. Roberts, J.: The Modern Firm: Organizational Design for Performance and Growth (Clarendon Lectures in Management Studies), 1st edn, 318 p. Oxford University Press, United Kingdom, October 11, 2007, ISBN-10: 0198293755, ISBN-13: 0198293750 7. Hohpe, G., Woolf, B.: Enterprise Integration Patterns, Addison-Wesley Professional, 1st edn, 736 p. Boston, USA (October 10, 2003), ISBN-10: 9780321200686, ISBN-13: 978-0321200686 8. Sharma, S.: The DevOps Adoption Playbook: A Guide to Adopting DevOps in a Multi-Speed IT Enterprise, 1st edn, 416 p. Wiley, Hoboken, New Jersey, USA (February 20, 2017), ISBN-10: 9781119308744, ISBN-13: 978-1119308744

Chapter 2

The Importance of Security and Safety in a Smart City Robert-Ionu¸t V˘at˘as¸oiu , R˘azvan-Alexandru Br˘atulescu , Sorina-Andreea Mitroi , Mari-Anais Sachian , Ana-Maria Tudor , and Andreea-Geanina Vintil˘a Abstract The main purpose of this paper is to explain the role of recently developed smart cities in the security and safety of their citizens, and how they will evolve in the future in most cities around the world. Today, most cities around the world are trying to become so-called smart cities. In this paper, we aim to define the concept of a Smart City, how it has evolved, the security that these types of cities bring and the evolution that smart cities will have in the future. Mainly, the term “smart city” is defined as the use of technological solutions to improve the quality of life of the citizens of these cities and to promote sustainable development. “Smart city” will be the term that will soon develop the most and will be on everyone’s lips. Smart city implementation is frequently lauded as the answer to many urban difficulties, including transportation, waste management, and environmental protection. Security and crime prevention, on the other hand, are frequently overlooked.

R.-I. V˘at˘as¸oiu (B) · R.-A. Br˘atulescu (B) · S.-A. Mitroi (B) · M.-A. Sachian (B) · A.-M. Tudor (B) · A.-G. Vintil˘a Beia Consult International, Str Peroni, 16, Bucharest, Romania e-mail: [email protected] R.-A. Br˘atulescu e-mail: [email protected] S.-A. Mitroi e-mail: [email protected] M.-A. Sachian e-mail: [email protected] A.-M. Tudor e-mail: [email protected] A.-G. Vintil˘a e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_2

11

12

R.-I. V˘at˘as¸oiu et al.

2.1 Introduction Cities or regions each develop differently. In recent years, technological advancements have propelled them forward. At the same time, there are negative effects that can change the course of the Earth. These problems may be severe for the ecosystem in the near future, for example, air pollution, global warming and so on. All these changes lead to the finding of innovative solutions to improve sustainability. In order to correctly describe the concept of a Smart City, we need to answer a few questions that are basic in this situation, namely: what is the purpose of this concept? and what makes the city “smart”? At the first question, we can say that they aim to make today’s cities into smart cities and lead to lasting development in the future. For the second question, several attempts were made to give an exact description, but no main one was established [1]. According to [2, 3], the term “smart city”, refers to the use of technology-based solutions, has a role in increasing the residents’ quality of life and ensuring their long-term development. A city is considered to be smart when social, environmental and economic development factors are balanced [3]. According to [4] and [5], the designers who “make” smart cities use mobile cloud computing, electronic objects, sensors, networks and machine learning technologies for all the components of such a city to blend together, cooperate and interact with the network architecture. Research conducted by the MIT Media Lab found that in the future, smart cities will account for approximately 90% of the global population, with energy consumption increasing significantly each year [6]. From the very beginning, the idea behind the term smart city was to use innovation in the development of technology.

2.2 The Evolution of Smart Cities In the late 1990s and early 2000s, e-governance initiatives and collaboration between technology companies and governments in Europe and the United States gave birth to the smart-city concept. Cities such as Barcelona and Amsterdam, which are widely looked up as examples of best practices, have implemented “smart city” policies [7]. The “smart city” term has various definitions within the IS (Information Systems) research [4]. Still, the one that we’ve found to be the most representative is the following: A smart city is a place where investments in citizens, social capital and traditional and modern ICT (Information and Communication Technology) infrastructure support sustainable economic growth, with logical management of natural resources, through concerned and directly participatory governance. However, the terms “smart city” and “digital city” aren’t well-specified, and their differences aren’t well established either. Cities are described as smart and digital in various ways, although these terms have diverse connotations. The absence of explicit and transparent definitions of the “smart” and “digital” city makes it challenging to maintain a strategy for urban development and monitor performance and outcomes [8]. There

2 The Importance of Security and Safety in a Smart City

13

are several distinctions between a “smart city” and a “digital city” initiative. They represent two urban strategies aimed at enhancing people’s quality of life, but they employ various technologies and tools and address different locations and citizen interests. As a result, a city can implement both a smart and a digital strategy or a combination of the two [9]. Based on the United Nations (UN) estimations, the global population will grow by 32% between 2015 and 2050, from 7.2 to 9.7 billion people. According to the latest estimates, approximately 60% of the planet’s population will live in towns by 2030, with a significant expansion in Asia, Africa and Latin America [10]. By 2050, the UN estimates that 6.5 billion people will be living in cities [4]. Smart cities’ evolution has started during the last decade, and it seems to be in continuous growth. We can confirm that we live in a different era, from intelligent traffic lights and energy-saving street lighting poles to electric vehicle renting and person surveillance and identification systems. A city can be transformed into a smart city through various technological improvements. Organizational aspects, strategies that involve the citizens and entrepreneurship spirit represent only a few of the domains which can lead a city to success [11]. Integrated smart-city initiatives attempt to connect cities’ physical space with their economic and social spheres to improve ICT-related urban transitions. More innovative cities initiatives should consider, as well as rural ones, urban (rural) sustainability approaches. To move forward into the adoption of a smart-city lifestyle, guidelines that meet urban sustainability priorities need to be developed, decided and imposed. If the authorities do not prioritize these green initiatives [12], the emissions level will continue growing, and the Green Deal Agreement [13] will fail. As expected, evolutions of smart cities are taking place at different scales, depending on the automatic and intelligent systems that exist (or don’t) in these societies [14]. Modern technologies can be introduced in any city in various domains such as healthcare, education, transport, water, energy, communication, security and safety and citizen services. These sectors could benefit from the advancements in the Urban IoTs (Internet of Things) [15]. For these technological improvements to occur, a few human ones should already exist. To make improvements, city halls need funds, but unfortunately, this is not everything they need. Strategies, information sharing and the desire to make a better life for the citizens are the primary “weapons” that need to be understood before proceeding to the actual implementation phase. IoT technology plays a vital role in the evolution of smart cities. Considering a global geographical analysis of the evolution of smart cities [9], it was observed that Asia is the continent where there is the highest number of Smart/Digital Cities (49%), and Europe comes next with 36%. North America and Oceania, Africa and Middle/South America occupy the 3rd and 4th place with 9% and 3, 2 and 1% digitalized cities, respectively (see Fig. 2.1). New York and Tokyo were the world’s first megacities (with populations exceeding 10 million in 1970); these cities possessed the adequate resources and infrastructure to meet the requirements of their inhabitants. In 2014, there were 28 megacities, three times as many as in 1990, and the total is anticipated to increase to

14

R.-I. V˘at˘as¸oiu et al.

Fig. 2.1 Geo-location of smart/digital cities: a geographic analysis (per continent). Source Agha (2016). A Stakeholder Based Assessment of Developing Country Challenges and Solutions in Smart Mobility within the Smart City Framework: A Case of Lahore. University of Cambridge: Cambridge, UK

41 by 2030. Sixteen of the 28 megacities are in Asia, four in Latin America, three each in Africa and Europe, and two in the United States of America (USA). While the urban population in the European Union (EU) accounted for 72% of the overall population, in 2015, it is expected to rise to 80% by 2050 [10]. Smart city efforts have been launched in Busan (South Korea), Chicago (United States), Santander (Spain), and Milton Keynes (United Kingdom) [4]. The adoption of urban e-governance in the early to mid-2000s was a predecessor to the Indian smart city. Both ULBs (urban local bodies) and technology institutions encouraged the integration of increasingly ubiquitous ICTs into governance delivery practices, particularly in the public sector’s use of online or ICT-assisted solutions to improve information and service delivery, accountability, citizen participation and transparency. In India, the concept was based on an elite-led techno-managerial method to urban-led growth, with capital accumulation and the strengthening of political and economic power for elites at the forefront [7]. A study based on smart cities in India [16] gives an empirical analysis of the critical factors that affect the implementation of Artificial Intelligence (AI) in the area. Table 2.1 provides a summary of all the factors that have been identified. They’ve concluded that IoT and AI technologies need to be successfully combined to achieve information system success.

2 The Importance of Security and Safety in a Smart City Table 2.1 Essential factors and their acronyms

15

Name

Acronym

Perceived Information Quality Perceived System Quality Perceived Service Quality Perceived Intention of Use Perceived User Satisfaction Actual Usage of IoT Perceived Net Benefit

PIQ PSQ PESQ PIU PUS AUI PNB

In a smart city, traditional infrastructures are merged with ICT. Cities are becoming smarter not only in terms of how we can automate routine functions for individual citizens, housing developments and transportation infrastructure, but also in terms of how we can control, understand, examine and organize the city in real time to enhance effectiveness, equity and quality of life of the local community [17]. For these cities to exist, a new understanding of urban problems is needed, urban technologies should be locally integrated, and the communication between citizens and the authorities should be more efficient. For this to happen, new forms of urban governance and organization should arise, and plans to resolve and prevent critical problems (regarding transport, energy efficiency, etc.) should be made in advance [17]. More and more people around the globe use digital information sources, access online services and communicate via online channels daily [12]. But are they completely trusting of these emerging technologies? Do people take full advantage of the digitalization process? For example, in a smart city, people could use a mobile application for time organizational purposes, to better organize their schedule and avoid urban agglomerations, which will offer them more time spent with their friends or family members. Basic parking spaces are now transformed into modern smart parking lots [18], which help users find a free parking spot by providing them with the means of checking their availability and even booking a parking slot in advance. To fully implement a smart parking system (SPS), several design aspects (soft and hard design factors) should be considered. Emerging technologies in SPSs, e.g., V2X (Vehicle to everything) and UAVs (Unmanned Aerial Vehicles), could improve the already applied intelligent parking practices [19]. After this first example of how technology has evolved, the remaining question is about smart citizens. This term refers to social and human capital that are motivated to learn and participate in the co-creation of a better public life. Many studies on smart cities concentrate on citizens’ acceptance of smart city-related technology and their interaction with government services. The majority of the writings in this category were published between 2015 and 2018. Prior to 2012, only a few articles focused on smart persons’ social communications [4].

16

R.-I. V˘at˘as¸oiu et al.

A deep concern that people started to raise awareness over once the cities began to evolve is the energy efficiency, waste management, air and water quality, and green spaces [4], which all could be easily included in the climate area. One of the scopes of an intelligent city plan infrastructure should constantly evaluate how the future technological changes of that municipality would impact the environment. When the smart-city evolution era reaches its peak, urban life on all continents should be more pleasant, inclusive, greener and cleaner [9].

2.3 How Smart City Helps the Citizens The way technology has been optimized offers tremendous help to any citizen in creating an easier life; smart cities have been more popular than ever because they provide new solutions (see Fig. 2.2) in: . Smart Mobility Refers to the area of a Smart City that represents mobility, broadly defined, and includes the traditional transportation of people and things and the digital distribution of information. The Smart Mobility area’s primary purpose is to integrate all of the city’s resources, including people, goods and information. The main advantages it offers to citizens today are: reducing mobility costs and traffic congestion, reducing air and noise pollution, increasing safety and improving mobility [20]. . Smart Health The main benefit of electronic deployment in this area is the use of the Internet for the rapid transmission of medical information, such as digital medical records Fig. 2.2 Smart city components

2 The Importance of Security and Safety in a Smart City

17

or electronic health records. All this information helps prevent medical errors and improve the performance of medical staff and the efficiency of the medical act. . Smart Government Smart Government is a term that is frequently used to describe operations that invest in emerging technology and employ creative tactics to make government structures and governance infrastructures more flexible and secure. Smart Government is directly involved in sustainability and resilience, considering the ecological impacts of growth and development, enhancing the quality of life for future generations, and efficiently recovering and responding to their citizens in emergency and disaster scenarios [21]. . Smart Energy It is one of the most important topics in the future of smart cities. The main problems we face in terms of optimizing and providing smart grids can be solved through this concept of Smart Energy. The first aspect that it pursues is related to Renewable Energy, which is considered an essential resource in climate change and resource depletion, with citizens being its primary beneficiaries. . Smart Home Sensors, monitors, interfaces, appliances and devices that are networked together to enable automation and localized and remote management of the domestic environment comprise smart home technologies (SHTs). Heating and hot water systems (boilers, radiators), curtains, lighting, garage doors, windows, refrigerators, TVs and washing machines are examples of controllable appliances and equipment. Sensors and monitors detect environmental elements such as temperature, light, mobility and humidity. Software on computing devices (smartphones, tablets, laptops and PCs) or dedicated hardware interfaces provide control functions [22]. The potential benefits of SHTs are saving energy, money and time while also making domestic life more effortless. . Smart Agriculture IoT allows a variety of applications in the digital agricultural area, including soil and plant monitoring, crop growth monitoring and selection, precision agriculture, irrigation analysis, temperature and humidity monitoring and control systems, and food supply chain monitoring. There are many advantages of using IoT in the agriculture sector, some of the ones that citizens will enjoy are: the cost of production will be reduced, it will contribute to the Food Safety Mission’s success, it will increase the efficiency of agricultural inputs such as soil, water, fertilizers and pesticides [23]. . Smart Retail Smart retail solutions, also known as smart retail technologies, are a new breed of software and hardware specifically intended for retail online. These techniques can be used by online retailers and physical store chains to give customers a faster, more efficient, and safe buying experience. They also assist shops in meeting customers’ increasing demands.

18

R.-I. V˘at˘as¸oiu et al.

Urbanization and the sudden influx of people in cities have increased the number of challenges cities face. Thus, all these upcoming smart city solutions are expected to deliver sustainable prosperity to citizens living in these municipalities.

2.4 Security and Safety in a Smart City With the technological advancement of smart cities, there is a growing need for reliable security methods to ensure the protection of data, resources, assets and citizens that make up these cities. In a smart city, each component that goes into it is closely linked to the others, helping the city to function better. However, this is negative because once you get to one of the components, it is very easy to get to the others, making life easy for attackers. A smart city must be able to protect secret information from attackers, prevent unauthorized access to confidential data and have methods to annihilate these attacks. There are several types of such attacks: leakage of confidential data, confidentiality and availability problems with data storage. In the paper [24], some of these types of attacks in a smart city and their associated challenges are presented. Vulnerabilities in a Smart City As mentioned before, smart cities have a multitude of interacting components, which can lead to many vulnerabilities. Some of these components and their vulnerabilities are: 1. Smart Grids Smart grids are electricity grids in which it is possible for suppliers to communicate with users to achieve energy savings and price reductions. They face several threats, including theft, cyberattacks, natural disasters, etc. In the case of an attack like this, there is a risk of blackouts and failures in the smart grid’s IT infrastructure. A possible failure of the IT system can lead to cascading failures as smart grids are connected to each other, leading to chaos in the energy market and even endangering human life [25]. 2. Smart Buildings Smart buildings have in their structure devices capable of automatically controlling several building functions, for example: lighting, alarms, closing and opening windows, heating and cooling. According to the paper [26], the most used protocols in smart buildings are BACnet, KNX and Lon. These protocols, on the other hand, were not created with security in mind, as many of them lack basic protection elements. Implementing these elements is very costly, both technically and financially. 3. IoT Sensors IoT sensors are used for smart, fast and efficient data collection. They can have many functions, from their use in agriculture to the smart home. In the paper [27], Dimitris

2 The Importance of Security and Safety in a Smart City

19

Geneiatakis et al. present the security and privacy issues of these devices. The main problems identified are: . Eavesdropping This attack is based on the use of different tools to capture the traffic generated between the components that make up the IoT structure. Through this attack, the attacker can find out the IP address and operating system on which the smart home runs. . Impersonation Through this attack, the adversary can gain control of specific IoT devices within the smart city and can thus make decisions acting on behalf of a legitimate user. An attacker will require the user credentials in order to accomplish this, so it is important to maintain security measures so that these credentials cannot be detected. . Denial-of-Service (DoS) Using various techniques, attackers could cause a DoS either at the central hub or at the IoT sensors that make up the smart grid. Once the IP of the hub is known, it is very easy for an attacker to launch a DoS or Distributed DoS (DoSS) attack by sending IP requests to it. . Software Exploitation Malware can affect both IoT sensors and the services they produce. Currently, IoT devices carry lightweight versions of already known operating systems, making them more vulnerable. Malicious software can get into these devices by buying devices from unsafe sources, installing operating systems from other than the official place and installing applications without security checks. S4ALLCITIES Project The S4AllCities (S4AC) project aims to increase the resilience of infrastructures, services and IoT in smart cities. For this, S4AC will use advanced technological solutions in a framework that unifies physical and cyber security while being marketoriented. To achieve this, 3 use cases will be present: 1. Protection of the crowd as well as the city’s infrastructure, buildings and central park. This pilot will be carried out in Trikala and Greece, and is based on two main objectives: – Public transport infrastructure by bus; – The city park which hosts all the activities during the Christmas period. 2. Protecting people when large crowds gather in the city centre or on the metro. This pilot will be deployed in Bilbao and Spain, and will be based on:

20

R.-I. V˘at˘as¸oiu et al.

– Detecting people with unusual behaviour in crowds; – Directing people to a place where they can be safe. – Early detection and prevention of cyberattacks to protect confidential information. 3. Evacuation of a football stadium. This pilot will take place in the city of Pilsen in the Czech Republic. The scenario will be based on how the authorities would handle a crisis situation: – A terrorist attack; – An ammonium gas leak near the Pilsner Urquell brewery [28].

2.5 What Follows in the Future in a Smart City Globally, more and more aspects of people’s daily routines have been delegated to machines as part of emerging global technology. This trend appears to continue its growth into the future as reliance on smart machines increases [29]. Industry and government agencies consider deploying autonomous systems throughout society, especially autonomous vehicles operating in urban environments. So the new trends will change everything from the way cars are driven to the type of fuel they use. The aim is for vehicles to become autonomous and communicate and cooperate, making it effortless for drivers. Profound changes in mobility are expected in the long term. In addition, urban areas are expected to evolve, aiming for all cities to become smart cities where vehicles will be in close connection and continuous communication with the urban infrastructure [30]. Intelligent city projects are gaining popularity nowadays, and several countries and cities such as Madrid, Manchester, Barcelona, Amsterdam and Singapore are currently planning their smart- city architectures. Furthermore, some authorities will develop various smart-city testbeds to simulate and evaluate the proposed solutions [31]. Besides IoT sensors like parking sensors, a future technology that presents a lot of interest is blockchain. While everything around us is in constant need of change, blockchain technology can help in providing transparent city management, maintain data integrity, facilitate decision-making between individuals, as well as organizations (e.g., national and local government, hospitals, universities and companies), and encourage the development of a democratized smart city. In smart cities, there are many aspects where blockchain technology can come to light, such as supply chain management, smart grid, smart healthcare, smart transport or financial systems and data centre networks. When it comes to the healthcare area, blockchain might be a useful idea due to the fact that usually, a healthcare network owns a series of hospitals that are managed by a central entity. Such centrally controlled healthcare networks are managed under a single point of failure. Furthermore, with the world’s rapidly urbanizing population, satisfying citizen demand is challenging for traditional health systems. This contradiction between limited resources and increasing demand leads to the need for sustainable, efficient and intelligent healthcare. So, for this issue,

2 The Importance of Security and Safety in a Smart City

21

the best fit would be blockchain because it ensures the required level of centralization, which will strengthen its security. But a complete smart healthcare environment requires smart hospitals, smart ambulances and the possibility for every patient to wear a wearable device. In order to accomplish an effective treatment, sharing realtime data about a patient’s condition is needed because it will help doctors make decisions even from remote locations. Another advantage of using blockchain technology in this area is that patients would access their medical information more quickly and easily [32]. The progress of IoT, big data analytics and machine learning has made the vision of a smart city a tangible reality. As we know, the purpose behind a smart city is to provide efficient solutions to its citizens, using advanced technologies and data analytics collected by sensors. Several promising future directions lie in implementing both machine learning and deep learning algorithms in smart cities. One possible future direction of research could be transfer learning. In this method, training and testing delivery is modified or transferred from one platform to another. Another technology that researchers could focus on in the future of smart cities is integrating semantic methods into applications in order to enhance user-device interaction. Yet another possible area of improvement is the integration of speech recognition technologies for natural language processing into smart devices. In the process of creating such smart devices, the key point is to understand that we mustn’t end up creating infrastructures where applications are created only with delays not integrating with each other [33]. Different studies such as [34], predict that future scientific research will focus on topics such as 5G networks, IoT methods and artificial neural networks with a view to helping build a good understanding of the technological elements of smart cities and their infrastructure. One more expanding future direction addresses how technology can be used to make green infrastructure a reality. Moreover, several studies show that e-governance improvement will be in the spotlight with the help of information and communication technology, which will contribute to building awareness on building and maintaining smart infrastructure.

2.6 Conclusions The article tackles various challenges regarding the Smart-City Sector and envisions futuristic solutions to nowadays problems surfaced by the emerging technologies in the field. In our paper, we demonstrated the most novel discoveries in Smart City. We described the innovative project S4ALLCITIES that has the job of solving and bringing in addition to the issues regarding Cyber Security, the Smart Grid, IoT Sensors deployment and interoperability between them. For future work, we envision an improved sustainable, secure and easy comprehensive platform that will be developed for Smart Cities. In the context of Urban Systems, the S4AC project may in the future increase the infrastructure of cities, services and IoT in them, using advanced technologies that combine physical and cyber security.

22

R.-I. V˘at˘as¸oiu et al.

Acknowledgements This paper was partially supported by UEFISCDI Romania and MCI through Eureka ITEA projects PARFAIT and SOLOMON and funded in part by European Union’s Horizon 2020 research and innovation program under grant agreements No. 872698 (HUBCAP) and No. 883522 (S4AllCities).

References 1. Lacinák, M., Ristvej, J.: Smart city, safety and security. Procedia Eng. 192, 522–527 (2017) 2. Chourabi, H., Nam, T., Walker, S., Gil-Garcia, J.R., Mellouli, S., Nahon, K., Pardo, T.A., Scholl, H.J.: Understanding smart city Initiatives: An Integrative and Comprehensive Theoretical Framework. In: Proceedings of the 45th Hawaii International Conference on System Sciences, pp. 2289–2297 (2012) 3. Ismagilova, E., et al.: Security, privacy and risks within smart cities: literature review and development of a smart city interaction framework. Inf. Syst. Front. 1–22 (2020) 4. Ismagilova, E., Hughes, L., Dwivedi, Y.K., Raman, K.R.: Smart cities: Advances in research— an information systems perspective. Int. J. Inf. Manag. 47, 88–100 (2019) 5. Singh, P.,Dwivedi, Y.K., Kahlon, K.S., Sawhney, R. S., Alalwan, A.A., Rana, N.P.: Smart monitoring and controlling of government policies using social media and cloud computing. Inf. Syst. Front. 1–23 (2019). https://doi.org/10.1007/s10796-019-09916-y 6. Bawa, M., Caganova, D., Szilva, I., Spirkova, D.: Importance of internet of things and big data in building smart city and what would be its challenges. In: Smart City 360, pp. 605–616. Springer, Cham (2016) 7. Hoelscher, K.: The evolution of the smart cities agenda in India. Int. Area Stud. Rev. 19(1), 28–44 (2016) 8. Dameri, R.P., Cocchia, A.: Smart city and digital city: twenty years of terminology evolution. In: X Conference of the Italian Chapter of AIS, ITAIS (2013) 9. Cocchia A.: Smart and Digital City: A Systematic Literature Review. In: Dameri, R., RosenthalSabroux, C. (eds.) Smart City. Progress in IS. Springer, Cham (2014) 10. Eremia, M., Toma, L., Sanduleac, M.: The smart city concept in the 21st century. Procedia Eng. 181, 12–19 (2017). ISSN 1877-7058. https://doi.org/10.1016/j.proeng.2017.02.357. 11. Schiavone, F., et al.: The strategic, organizational, and entrepreneurial evolution of smart cities. Int. Entrep. Manag. J. 16(4), 1155–1165 (2020) 12. Casini, M.: Green technology for smart cities. IOP conference series: earth and environmental science, vol. 83, no. 1. IOP Publishing (2017) 13. Kemfert, C.: Green deal for Europe: more climate protection and fewer fossil fuel wars. Intereconomics 54(6), 353–358 (2019) 14. Veselov, G., et al.: Applications of artificial intelligence in evolution of smart cities and societies. Informatica 45, 5 (2021) 15. Krishnan, S., Golden, J.E., Harold R.Y.: Smart cities & IoT: evolution of applications, architectures & technologies, present scenarios & future dream. In: Internet of Things and Big Data Analytics for Smart Generation. Springer, Cham, pp. 135–151 (2019) 16. Sheshadri, C., Kar, A.K., Gupta, M.P.: Success of IoT in smart cities of India: an empirical analysis. Gov. Inf. Q. 35(3), 349–361 (2018) 17. Batty, M., et al.: Smart cities of the future. Eur. Phys. J. Spec. Top. 214(1), 481–518 (2012) 18. Abhirup, K., Rishi Anand, R. IoT based smart parking system. In: 2016 International Conference on Internet of Things and Applications (IOTA). IEEE (2016) 19. Fadi, A.-T., Malekloo, A.: Smart parking in IoT-enabled cities: a survey. Sustain. Cities Soc. 49, 101608 (2019) 20. Orlowski, A., Romanowska, P.: Smart cities concept: smart mobility indicator. Cybernetics and Systems, pp. 1–13 (2019)

2 The Importance of Security and Safety in a Smart City

23

21. Pereira, G.V., Parycek, P., Falco, E., Kleinhans, R., Chun, S.A., Adam, N.R., Noveck, B.: Smart governance in the context of smart cities: a literature review. Information Polity (2018) 22. Wilson, C., Hargreaves, T., Hauxwell-Baldwin, R.: Benefits and risks of smart home technologies (2017) 23. Lakhwani, K., Gianey, H., Agarwal, N., Gupta, S.: Development of IoT for smart agriculture a review. Emerging Trends in Expert Applications and Security (2018) 24. Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., Shen, X.S.: Security and privacy in smart city applications: challenges and solutions. IEEE Commun. Mag. 55(1), 122–129 (2017) 25. Otuoze, A.O., Mustafa, M.W., Larik, R.M.: Smart grids security challenges: classification by sources of threats. J. Electr. Syst. Inf. Technol. 5(3), 468–483 (2018) 26. Ciholas, P., Lennie, A., Sadigova, P., Such, J.M.: The security of smart buildings: a systematic literature review. arXiv preprint arXiv:1901.05837 (2019) 27. Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G., Baldini, G.: Security and privacy issues for an IoT based smart home. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1292–1297. IEEE (2017) 28. Smart Spaces Safety and Security for All Cities. Available online: https://www.s4allcities.eu/. Accessed on 15 February 2022. 29. Kuru, K.: Planning the future of smart cities with swarms of fully autonomous unmanned aerial vehicles using a novel framework. IEEE Access 9, 6571–6595 (2021) 30. Lanza, J., Sánchez, L., Muñoz, L., Galache, J.A., Sotres, P., Santana, J.R., Gutiérrez, V.: Largescale mobile sensing enabled internet-of-things testbed for smart city services. Int. J. Distrib. Sens. Netw. 11(8), 785061 (2015). https://doi.org/10.1155/2015/785061 31. Bhushan, B., Khamparia, A., Sagayam, K.M., Sharma, S.K., Ahad, M.A., Debnath, N.C.: Blockchain for smart cities: a review of architectures, integration trends and future research directions. Sustain. Cities Soc. 61, 102360 (2020) 32. Bhattacharya, S., Somayaji, S.R.K., Gadekallu, T.R., Alazab, M., Maddikunta, P.K.R.: A review on deep learning for future smart cities. Internet Technol. Lett. (2020). https://doi.org/10.1002/ itl2.187 33. Kasznar, A.P.P., Hammad, A.W., Najjar, M., Linhares Qualharini, E., Figueiredo, K., Soares, C.A.P., Yun, G.Y.: Multiple dimensions of smart cities’ infrastructure: a review. Buildings 11(2), 2075–5309 (2021) 34. Medina-Tapia, M., Robusté, F.: Exploring paradigm shift impacts in urban mobility: autonomous vehicles and smart cities. Transp. Res. Procedia 33, 203–210 (2018)

Chapter 3

Cyber Range Technology Stack Review Ionut, Lates, and C˘at˘alin Boja

Abstract Recent studies on cybersecurity threats have revealed the complexity of the situation, both in terms of quantity, as the number of targeted IT/OT infrastructures, and in terms of the techniques and technologies used to carry out modern cyberattacks. In this context, Cyber Range systems can tilt the scales in favor of cybersecurity prevention and preparedness. A cyber range is designed to simulate real-world circumstances for detecting and responding to simulated assaults, as well as allowing practitioners to test new technologies for the purpose of improving the existing cybersecurity platforms. A Cyber Range system is meant to be an overly complex system, composed of multiple independent modules configured and managed through a primary component. Existing known Cyber Range implementations use different technologies and deployment/management techniques. Considering these facts, a Cyber Range technology stack review may significantly contribute to the design and implementation improvement. The lack of CR implementation standardization causes a significant problem in terms of knowledge sharing between different cybersecurity entities: companies, government institutions, research teams, etc. Detailed analysis of the technologies used in this area may lead to a standardization of the CR implementation and thus to a beneficial knowledge sharing system. One of the most important modules of a CR system is the virtualization component, which makes it possible to simulate/emulate the virtual infrastructures used in cybersecurity scenarios development. As a first step, this paper presents the results of an in-depth analysis of the virtualization technologies used in the implementation of Cyber Range systems.

I. Lates, · C. Boja (B) Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] I. Lates, e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_3

25

26

I. Lates, and C. Boja

3.1 Introduction Cyber Ranges (CR) are virtual network simulation environments that can include aspects such as simulated devices, simulated traffic, and more. The purpose is to provide stakeholders with practical cyber skills without affecting production. It is critical that the platform be able to simulate realistic circumstances that are closer to reality. As a result, architectural decisions must be made: emulation or simulation (or hybrid), public/private/hybrid cloud as support infrastructure, hybrid (real/virtual) connection of operational technologies, etc. To ensure the practicality of such a cybersecurity platform, important decisions must be considered from a technological perspective [1, 2]. Organizations are dealing with the continuance of cyberattacks as well as the emergence of new risks in the domain of IT security. At the same time, they are not well-prepared to predict events and respond appropriately. Organizations continue to invest a lot in staff training because it is the most difficult problem. The Cyber Ranges, computer simulation environments dedicated not only to technology experimentation, but also to hands-on training of workers, provide a proper response to this problem [1, 3, 4]. A CR is a virtual network simulation environment that can include elements such as real or simulated devices, virtual machines, software, webpages, simulated traffic, and so on. This environment can be used by security professionals who want to gain hands-on experience and insights into system design and real-time cyberattack defense. These systems’ goal is to simulate/emulate real-world attack scenarios in large-scale, complicated scenarios. An ideal cyber range should provide a configurable environment that allows for fast customization, emulate or simulate the actual network infrastructure with high fidelity and performance, provide a featured environment where teams and/or individuals can take part in an exercise, collect data throughout the exercise, and provide performance metrics and assessment for the participating teams [5]. The simulation used in CRs allows participants to practice skills in a safe and controlled environment, with scenarios that may be adjusted to reflect attacks that teams have faced in the past or fear will face in the future. They can also be random attacks or represent the constantly changing nature of contemporary threats. More recently, CRs have begun to include cyber systems based on operational technology (OT) as well as the Internet of Things systems (IoT), in addition to traditional IT (information technology) [6]. Industry, universities, research centers, and national security organizations around the world have established various cyber ranges to fill the gap for more specialized tools in Cyber Security training. The capabilities of those Cyber Ranges range from virtualized Internet-type infrastructures to single server laboratory-based test beds. A survey of the literature on cyber ranges and security testbeds, covering scenarios, functions, tools, and architectures, was done by Yamin et al. in [7] and has been used as a reference point by this research.

3 Cyber Range Technology Stack Review

27

3.2 Cyber Range Systems Architecture 3.2.1 Architecture Levels and Technologies Cyber Range scenario deployments were previously manual, time-consuming, and error-prone. They also couldn’t keep up with the ever-changing training and testing requirements. In a simulation/emulation environment, technological advancements have considerably improved the entire process of asset deployment and configuration. Almost every scenario can now benefit from automation. However, automation of deployment and configuration is still not achievable in some specific circumstances involving special techniques and technologies [8]. The architecture of cyber range systems is complex and can be divided into multiple subcomponents. To be able to achieve a functional target infrastructure, starting from available raw resources, each architectural level relies on different interoperable technologies. The architectural model of a cyber range system can be described as composed of five/six main layers: underlying infrastructure, virtualization, containerization, orchestration, configuration management, and the target infrastructure. There can be five or six layers depending on the virtualization model used for the implementation: hypervisor virtualization only, or a hybrid model—both virtualization and containerization technologies. Standalone containers cannot be used because they need a host to run, either a physical machine or a virtual one (cyber range infrastructures using physical host machines are deprecated) [6, 9, 10]. Figure 3.1 presents the layers of a cyber range system architecture, mentioning the most important technologies that can be used at each level. Underlying infrastructure is the basic level of the infrastructure. All other components are designed, implemented, and configured using this component as a base. There are three possible implementations, depending on the CR system usage field and conditions [11]: – private cloud infrastructure—implies the existence of a cloud that is configured using only the developer’s (company, public organization, etc.) own physical infrastructure (resources that can be isolated—if necessary—without access to or from the Internet); this model can be described as a “new generation data center”. – public cloud infrastructure—CR infrastructure is developed using resources hosted by third parties (companies that supply cloud computing services—Infrastructure as a Service); any service provider that supplies remote deployment and configuration of a virtual infrastructure is eligible. – hybrid infrastructure—the CR system is developed using both private and public cloud infrastructure; this type of infrastructure can offer both privacy (offered by a private cloud) and extended scalability and portability (offered by a public cloud implementation). Technologies available at this architectural level may be classified into two main categories: private cloud technologies and public cloud infrastructure providers. In

28

I. Lates, and C. Boja

Fig. 3.1 Cyber range systems architecture-layered representation and specific technologies. Source Author’s own representation

the Cyber Range field, private cloud implementations are based on hardware components consisting of servers and network devices that are configured to provide proprietary Infrastructure as a Service. On the other hand, public cloud services are continuously increasing in complexity and performance. The most well-known cloud service providers are Amazon AWS, Google Cloud, and Microsoft Azure. Existing scientific articles show these technologies as offering the best support for virtual network deployment in different areas and for various levels of complexity. Virtualization layer consists of a suite of technologies offering features used to configure virtual machines as part of the CR’s main infrastructure. There are two main categories: virtualization and hypervisor [10, 11]. – Virtualization is software that allows multiple operating systems to run simultaneously on a single machine. CPU virtualization, memory virtualization, device, and I/O virtualization are all types of virtualizations. It is implemented in current system components, resulting in increased efficiency and performance. Overall, performance increases because of technologies that can balance resources. – The hypervisor is a piece of software, hardware, or firmware that enables virtualization. It simply sets up virtualization layers that segregate CPUs, RAM, and all other physical resources from the virtual computers that are deployed. Native hypervisor and Hosted hypervisor are two types of hypervisors. It is used to assign CPU, memory, storage, and network resources to each VM to execute guest OS and applications. Virtualization techniques are classified into many distinct categories, including desktop virtualization, hardware virtualization, memory virtualization, network virtualization, software, and so on [12]. There are a few key terms that should be

3 Cyber Range Technology Stack Review

29

stated. A virtual machine (VM) is used to stand for the virtual environment, and it is controlled by a hypervisor, or Virtual Machine Monitor, virtualization control software (VMM). The software that runs on the VM in question is known as guesthosting software, and the virtual machine operating system is known as the guest operating system (OS). A host machine is a physical computer on which virtualization is used, and the hostOS (host operating system) is the operating system installed on the host machine. The most common type of virtualization is hardware virtualization, which requires the deployment of a hypervisor, a software layer that functions as an interface between the operating system and the hardware. Type-1 and type-2 hypervisors are known. The type-1 hypervisor runs on the hardware, while the type-2 hypervisor runs inside the operating system. There are multiple virtualization technologies available and suitable for cyber range infrastructures deployment [7]. From the perspective of using a private cloud, virtualization technologies need to provide more complex mechanisms through which virtual infrastructures can be orchestrated and managed. These mechanisms are simplified when using a public cloud service: the entire process of implementing and configuring virtual components is done through an API (in most cases) that takes instructions processed by the internal mechanisms of the cloud computing solution. According to the above classification, there are different Type-1 and Type-2 hypervisor technologies, Fig. 3.2. The most known and tested technologies for Type-1 hypervisors are VMware ESXI, Microsoft Hyper-V, Citrix XenServer, and RedHat Enterprise Virtualization. All these instruments also provide mechanisms for infrastructure orchestration and configuration. On the other hand, for Type-2 hypervisor technologies, the most well-known instruments are VirtualBox, VMware Workstation Player (Pro), VMware Fusion, and QEMU. Containerization, as opposed to virtual machines, provides lightweight virtualization by creating software containers as application packages from separate images, which uses fewer resources and takes less time to deploy. A software container is a virtualization mechanism for storing packed, ready-to-deploy components of applications, enabling more interoperable and portable application creation, testing, and deployment on the cloud. Containers are easier to develop and migrate than virtual

Fig. 3.2 Hypervisor Type-1 and Type-2. Source Author’s own representation

30

I. Lates, and C. Boja

machines (VMs), and they use less system resources (memory and disk space), allowing more applications to be deployed in the cloud. There are various advantages of using software containers as part of simulation execution. To begin with, containers enable all software components required for a simulation exercise to be pre-packaged before use. The pre-packaged container delivers all the required software libraries, files, and configurations, saving simulation time and effort. Second, containers prevent containerized software from gaining access to parts of the computer system outside of the container, enhancing computer security and limiting privilege levels. Containerized software cannot affect the execution of other software because of this level of protection. If a software part crashes or locks up a system, for example, the malfunctioning container can be stopped and resumed without halting other containers‘ software. The main technologies responsible for containerization are Docker, Kubernetes, LXC, Containerd, and Vagrant. A study regarding containerization technologies may be part of the future work developed in the context of the current paper. Orchestration refers to the automated deployment and maintenance methods for a computer system that includes both hardware (typically virtualized) and software. In terms of how abstract or concrete the service specifications are, many techniques for orchestration exist. Some languages are used to communicate with network devices, virtual machines, software packages, and so on. More abstract entities, such as VNFs and links, are handled in other cases (e.g., in ETSI standards). Regardless of the level at which specifications are produced, we refer to the systems being coordinated as services. Through a service specification, the service operator handles the specification and maintenance of a service. Because they are virtualized abstractions of network resources, network slices can also be considered services. We shall use the term service for generality in this study, although it will still apply to network slices. Technologies in the spectrum of orchestrators will be detailed in the next section. Configuration Management (provisioning, as used by DevOps) is the process of setting up machines or virtual hosts and installing necessary libraries or services. Configuration management (CM) is a system engineering process for setting up and maintaining a product’s performance, functional, and physical properties in conjunction with the product’s requirements, design, and operational data. The goal of configuration management is to ensure infrastructure consistency. Configuration management tools are designed to install and manage software on existing servers, while orchestration tools are designed to provision servers and leave the configuration to other tools. Most configuration management solutions can do some provisioning, and most orchestration tools can do some configuration management, thus these two categories aren’t mutually exclusive. Technologies treating configuration management problems will be detailed in the next section. Target infrastructure is the highest architectural level and stands for the actual infrastructure on which the scenario can run and can be managed. In addition to the infrastructure elements that are strictly related to the configured scenario, at this level, there are also the infrastructure elements through which network services can be simulated/emulated, and behaviors or events that could normally exist in an infrastructure can be simulated network within a company or institution. The composition

3 Cyber Range Technology Stack Review

31

of this level includes virtual machines, network equipment, management applications and tools, network monitoring tools, IDS and IPS systems, SIEM systems, CTF or e-learning activity management platforms, etc. Referring to the technologies used on each level of the Cyber Range architecture, there are multiple recommended instruments that can offer a stable, reliable, and flexible implementation of a CR system [7]. Mainly, in terms of virtualization, the software design of most cyber range systems is based on the use of a hypervisor solution. A bundle of software that provides a straightforward method to handle virtual machines ensures the orchestration of all these technologies. The links between the virtual machines described in the CR form a network topology. These are linkages at the second level of the network stack. The actual Ethernet connectors available on the servers enable the platform’s hybrid capabilities. The sole restriction on such a platform is the number of virtual machines that may be created on a single server. As a result, there may be as many servers as the scenario needs. A master is in charge of orchestrating a group of nodes on the platform. Virtual machines combined with containers provide an extra layer of software control and security for clusters and cloud-based systems, as well as increased software robustness. Introducing virtualization to a cluster has the primary benefit of allowing the computer system to execute applications on practically any popular operating system. This resilience enables the clustered system to execute more applications and solve more issues than those created specifically for the cluster’s installed operating system. A Linux-based cluster, for example, may schedule and execute applications created for Microsoft Windows, Unix, and other Linux distributions using virtualization. Virtual machines may also pre-package a simulation exercise’s software components, be interrupted and resumed without affecting other physical and virtual computers, and constrain software to exist solely within its virtual operating system, which is the second benefit of virtualization.

3.2.2 Orchestration Versus Configuration Management There are several applications for service automation, which has resulted in the development of numerous technologies in recent years [13]. Configuration management refers to software that allows you to apply the configuration to the existing physical or virtual resources (e.g., servers, VMs, network and storage devices, applications, etc.). These tools may also make it possible to keep track of configured resources. Orchestration is commonly done by tools that take a declarative description of resources and figure out the best way to deploy them, usually on a cloud infrastructure [14]. While orchestration may be done outside of cloud environments, these technologies have grown in popularity and utility due to their ability to orchestrate virtual resources including VMs, block storage, and apps. Procedural processes may be included in orchestration systems to be run on (virtual) resources after deployment. Despite this classification, several tools may be used across multiple categories.

32

I. Lates, and C. Boja

Some configuration management tools may also deploy additional resources (for example, establish new cloud servers—in fact, this example might be called a cloud environment setup). Orchestration tools can also conduct configuration management activities, such as pushing configuration to newly formed resources. Both types of tools include languages that allow service operators to communicate service requirements (usually via a DSL). Although the nomenclature may differ, the notion remains the same: actions, responses, recipes, functions, plans, scripts, and operations. Infrastructure-as-code (IaC) refers to both configuration management and orchestration software. This technique treats service definition as a separate code artifact that should be stored in a repository and updated in tandem with the codebase. Developers (or DevOps teams) then utilize IaC tools to make changes as needed, which is sometimes done as part of continuous integration pipelines. This gives code deployments predictability, reversibility, and auditability. Chef, Puppet, Ansible, and SaltStack are all “configuration management” solutions, which implies they’re for installing and managing software on existing servers. CloudFormation and Terraform are “orchestration tools,” which means they’re meant to supply servers without the need for other tools to configure them. Most configuration management solutions can perform some provisioning, and most orchestration tools can do some configuration management, thus these two categories aren’t mutually exclusive. However, because of the emphasis on configuration management and orchestration, some of the tools will be better suited to certain jobs. Using Docker or Packer, the great majority of the configuration management requirements are already met. Docker and Packer may be used to produce images, containers or virtual machine images that already have all the software the server needs to be installed and configured. To provide multiple servers, an orchestration tool like Terraform is usually a better fit than a configuration management tool [9, 10]. From the status predictability perspective, All Chef, Puppet, Ansible, and SaltStack provide a changeable infrastructure model. Instructing Chef to install an updated version of Apache2, for instance, it will update the software on current servers and make the modifications in place. As more updates are applied, each server accumulates its own unique history of modifications. This often results in configuration drift, in which one server becomes somewhat different from the others, resulting in minor configuration issues that are difficult to identify and almost hard to recreate. Using Terraform to deploy machine images built with Docker or Packer, every “change” is a deployment of a new server, much like in functional programming, every “change” to a variable returns a new variable. To deploy an updated version of Apache2, for example, you would construct a new image with the updated version of Apache2 already installed using Packer or Docker, deploy that image across a group of completely new servers, and then undeploy the old servers. This method decreases the chances of configuration drift errors, makes it easy to identify what software is running on a server, and allows you to deploy any earlier version of the program at any time. There is another different approach, from the procedural perspective. Concretely, Chef and Ansible promote a procedural approach, in which you write code that describes how to achieve a goal step by step. Terraform, CloudFormation, SaltStack,

3 Cyber Range Technology Stack Review

33

Fig. 3.3 A comparison of the most popular IAC tools. Source https://www.ibm.com/cloud/blog/ chef-ansible-puppet-terraform [15]

and Puppet all support a declarative approach, in which you write code that defines your intended end state, and the IAC tool figures out how to get there. There are many studies dealing with the subject of orchestration and configuration management tools. The results of these studies offer enough information to be able to decide which set of instruments must be used according to current requirements. One of these studies [15], summarizes the most important features of the most common technologies, described in Fig. 3.3. Terraform and Ansible is two separate tools with their own goals, but the fact that they can be used to tackle common problems and complement one another makes them even more popular [14]. Terraform provides for infrastructure provisioning while Ansible installs apps and ensures the intended state is applied. Flexibility is usually a major aspect when choosing a toolset for a project. The environment may still be on-premises in certain circumstances, but there may be a desire to migrate the infrastructure to the cloud in the long run. Terraform’s many suppliers provide it with the ability to shift to the cloud with ease. In the majority of scenarios and circumstances, various operating systems such as Windows and Linux are used. These are administered by specialist personnel in a typical atmosphere [15]. In the majority of scenarios and circumstances, various operating systems such as Windows and Linux are used. These are administered by specialist personnel in a typical atmosphere. Linux is quietly infiltrating the Windows world, and increased services are migrating to Linux. Because Ansible can manage both Windows and Linux, it’s the right choice for automating both. Finally, regardless of the cloud provider or operating system, both Terraform and Ansible allow the freedom to manage infrastructure and applications from a coding viewpoint. Technically, the infrastructure deployed using Terraform can be easily configured through Ansible. Terraform can execute directly an Ansible playbook by using the

34

I. Lates, and C. Boja

local-exec provisioner. This integration outlines the usability of the toolset and is the result of multiple tests performed within both Terraform and Ansible projects.

3.3 Cyber Range Scenario 3.3.1 Generic Scenario Overview Cyber security is the main area of application of cyber range systems. Whether it is training, simulations or teaching knowledge, cyber range systems allow the configuration of the infrastructure necessary for the development of scenarios that serve the basic activities (simulation/training/teaching). The development of activities within the configured scenarios involves two major components: the human component and the technical component, as described in Fig. 3.4, [8]. The human component is composed of instructors (or activity managers) with tasks in configuring, monitoring, and coordinating activities during the script, on the one hand, and the players (users who actively participate in the script) on the other. The technical component is the one that provides all the infrastructure elements, software elements, and all the mechanisms through which the scenario moderators can manage all the activities carried out within a scenario, from the creation of the network elements (servers, workstations, switches, etc..) and until the activities are monitored and the results are collected.

Fig. 3.4 Cyber range scenario—generic overview. Source [8]

3 Cyber Range Technology Stack Review

35

3.3.2 Scenario Infrastructure Deployment—Terraform and Ansible Following the analysis of orchestration and configuration management technologies, presented in earlier sections as a result of research in the field, it can be concluded that high performance can be achieved by combining orchestration and configuration management technologies. Studies conducted so far on technologies in this field [7, 13, 16], show that some of the most suitable solutions are Terraform, for orchestration, and Ansible, for configuration management. Using these two technologies to serve the same Cyber Range system, the entire flow can be achieved: from the infrastructure automated deployment to ready-to-use scenario infrastructure (all software and hardware components are installed and configured as specified in the scenario description). Starting from the scenario specifications, the goal is to deliver a fully working IT infrastructure. Any time the scenario parameters are changed, the system is performing the same deployment and configuration cycle, Fig. 3.5: – the infrastructure details are extracted from the scenario specifications, – the extracted information is compared to the current state of the infrastructure, – if there are any changes, the infrastructure is updated (elements are created or removed, according to the list of the new specifications), – the configuration specifications of each infrastructure element are extracted and compared to the existing configuration state, – if there are any configuration changes, the reconfiguration is performed, and the target infrastructure becomes “Ready”. The mechanism is implemented based on the working flow of Terraform and Ansible technologies.

Fig. 3.5 Cyber range scenario—main implementation steps. Source Author’s own representation

36

I. Lates, and C. Boja

3.4 Scenario Deployment—Practical Analysis 3.4.1 Scenario Description To confirm the theoretical elements presented in the previous sections, a working environment has been implemented to allow the orchestration and configuration of an infrastructure for a simple cybersecurity attack/defense scenario. The work environment consisted of the following hardware and software resources: – two hardware servers running VMware ESXI, – a VMware VCenter instance, managing the two ESXI instances, – an Ubuntu VM running Terraform and Ansible. The test scenario infrastructure is composed of: – a web server running Ubuntu Server 20.04.4 operating system, Apache2 web server application, and PHP; Apache2 will serve a vulnerable php application, – a database server running Ubuntu Server 20.04.4 operating system with MySQL as database server application, – three virtual machines used by the users playing the attacker’s role—Kali Linux 2022.1 configured with all the applications necessary to perform penetration testing activities, – a virtual switch connecting all the network virtual assets. Figure 3.6 illustrates the above-described infrastructure. For an increased level of complexity, it is considered that the current scenario requires the deployment of three instances of the infrastructure, for three different teams. In the end, the scenario target infrastructure will be composed of 6 servers (3 web and 3 database servers), 9 Kali Linux virtual machines, and a virtual switch configured with 3 isolated port groups (to ensure the isolation of the groups playing the scenario).

3.4.2 Results and Remarks To perform the test, the necessary mechanisms were implemented to orchestrate and configure all virtual network assets so that the target infrastructure fully follows the specifications developed for the current scenario. The practical testing was carried out in two stages, as follows: – in the first phase, the deployment of a single instance of the network described in the previous section was tested, as in Fig. 3.6; – the second phase involved changing the mechanism so that the target network holds three instances of the network described in the previous section, Fig. 3.6,

3 Cyber Range Technology Stack Review

37

Fig. 3.6 Scenario target infrastructure. Source Author’s own representation

all three virtual networks being isolated from each other—condition achieved by configuring a virtual switch with three separate group ports. For both phases, an attempt was made to use a single technology for both orchestration and configuration management. In theory, this can be done because Terraform and Ansible offer functionality for both types of actions, but in practice, things have shown that for complex scenarios it is much more difficult to achieve the same performance using a single technology for orchestration and configuration management. Thus, the two technologies consolidate the outstanding role for which they were developed. Using Ansible as a unique technology, the mechanisms supplied are limited in terms of creating complex elements of virtual infrastructure. The current scenario has shown a lack of mechanisms to create a virtual switch or port group, necessary to create VLANs. With VCenter as a provider, Ansible can handle already created elements when it comes to network components or VCenter resource organization components, such as folders, resource pools, etc., but cannot create new ones. On the other hand, using Terraform as a unique technology makes it exceedingly difficult to configure a virtual machine to run a specific version of the application

38

I. Lates, and C. Boja

Fig. 3.7 VCenter tasks performed to deploy de infrastructure. Source Author’s own representation

or to prepare and configure an application that is part of a scenario (e.g., vulnerable web application). The solution to this would be to implement bash/PowerShell scripts and run them on the created machines. This solution is not practical because configuration management cannot be performed if the installation and configuration were performed by running commands/scripts directly on the deployed virtual machines—without an existing mechanism to manage the state before and after commands execution. Figure 3.7 presents the tasks performed by VCenter, commanded by Terraform, to deploy the requested infrastructure. Once created, the infrastructure elements are taken over by Ansible and are configured according to the specifications of the current scenario.

3.5 Conclusions and Future Work The implementation of Cyber Range systems involves the pooling of multiple technologies responsible for different components of the system. Each architectural level of a Cyber Range system requires the use of different technologies. At the same time, at each architectural level, there are multiple technologies through which comparable results can be obtained. The use of some technologies to the detriment of others is a decision that can be made following rigorous practical tests. The main components of a Cyber Range are based on three key elements: virtualization, in all identified and detailed forms, orchestration, and configuration management.

3 Cyber Range Technology Stack Review

39

Virtualization components play the role of provider for orchestration technologies. At the same time, orchestrators can be considered providers of configuration management technologies because the infrastructure created is delivered to the configuration management component to install, configure and put “ready” each deployed component. Regarding the practical testing, the environment used highlights the fact that one of the problems that could occur in the case of deploying a complex network would be a long time required to clone virtual machines. Indeed, performance varies greatly with the technical specifications of the infrastructure. In this sense, it is necessary that some of the following practical tests focus on obtaining the best possible time for the deployment of virtual machines. Tests will be performed both with other technologies in the private cloud and using different own cloud solutions. Combining the study of existing literature with practical testing, the conclusion is that superior performance can be achieved if different technologies are used for orchestration and configuration management. The bottom line is that Terraform can be used with Ansible to successfully implement a Cyber Range system. With Terraform as an orchestrator and Ansible as a configuration manager, a Cyber Range system can be successfully implemented and can host any scenario involving installing specific components, copying and configuring applications, and launching processes/services so that each virtual component is complete, according to the scenario. As future work, this work can be continued by performing tests using different Terraform providers, both in the private cloud area and in the public cloud, to find the advantages and disadvantages of each technology. Also, tests with multiple technologies can be performed for each architectural level presented as part of the architectural structure of Cyber Range systems.

References 1. Online: European Cyber Security Organization. (2020). WG5 PAPER Understanding Cyber Ranges: From Hype to Reality. Retrieved from https://www.ecs-org.eu/documents/uploads/ understanding-cyber-ranges-from-hype-to-reality.pdf, 02 2022 2. Online: NIST—National Initiative for Cybersecurity Education. (2019). Guidance Document for the Use Cases, Features, and Types of Cyber Ranges in Cybersecurity Education, Certification and Training. Retrieved from from https://www.nist.gov/document/cyber-range-guide, 02 2022 3. Karjalainen, M., Kokkonen, T.: Comprehensive cyber arena; the next generation cyber range. In: IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 11–16 (2020) - c, B.S., Timˇcenko, V.V.: Performance Comparison of the type-2 4. Vojnak, D.T., Ðordevi´ hypervisor VirtualBox and VMWare Workstation. 2019 27th Telecommunications Forum (TELFOR). https://doi.org/10.1109/TELFOR48224.2019.8971213 5. Pham, C., Tang, D., CyRIS: A Cyber Range Instantiation System for Facilitating Security Training. ACM (2016). ISBN 978-1-4503-4815-7/16/12, 12

40

I. Lates, and C. Boja

6. Muhammad, M.Y., Basel, K., Vasileios, G.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. (2019). https://doi.org/10.1016/j.cose.2019. 101636 7. Yamin, M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Comput. Secur. 88, 101636, 10 (2019). https://doi.org/10.1016/j.cose. 2019.101636 8. Cyber-MAR Consortium 2019–2022, Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain. https://doi.org/10.3030/ 833389. https://www.cyber-mar.eu/wp-content/uploads/2020/06/Cyber-MAR_D2.1_State-ofthe-art-Cyber-range-technologies-analysis_v1.0.pdf 9. Leitner, M., Frank, M., Hotwagner, H.: AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research. In: EICC 2020: Proceedings of the European Interdisciplinary Cybersecurity Conference. https://doi.org/10.1145/3424954.3424959 10. Bica, I., Unc, R.L., T, urcanu, S, .: Virtualization and Automation for Cybersecurity Training and Experimentation. In: Maimut, D., Oprina, A.G., Sauveron, D. (eds.) Innovative Security Solutions for Information Technology and Communications. SecITC 2020. Lecture Notes in Computer Science, vol. 12596. Springer, Cham (2021). https://doi.org/10.1007/978-3-03069255-1_15 11. Priyadarshini, I.: Features and architecture of the modern cyber range: A qualitative analysis and survey. https://www.researchgate.net/publication/327835952_Features_and_Architecture_of_ The_Modern_Cyber_Range_A_Qualitative_Analysis_and_Survey, Sept 2018 12. Rodríguez-Haro, F., Freitag, F., Navarro, L., Hernánchez-Sánchez, E., Farías-Mendoza, N., Guerrero-Ibáñez, J.A., González-Potes, A.: A summary of virtualization techniques. Procedia Technol. 3(2012), 267–272 (2012). https://doi.org/10.1016/j.protcy.2012.03.029 13. Wurster, M., Breitenbücher, U., Falkenthal, M. et al.: The essential deployment metamodel: a systematic review of deployment automation technologies. SICS Softw.-Inensiv. Cyber-Phys. Syst. 35, 63–75 (2020). https://doi.org/10.1007/s00450-019-00412-x 14. Wurster, M., Breitenbücher, U., Brogi, A., Diez, F., Leymann, F., Soldani, J., Wild, K.: Automating the deployment of distributed applications by combining multiple deployment technologies. In CLOSER, pp. 178–189 (2021) 15. https://www.ibm.com/cloud/blog/chef-ansible-puppet-terraform 16. Elochukwu, U., Farah, M.A., Hindy, H., Brosset, D., Kavallieros, D.: A review of cyber-ranges and test-beds: current and future trends. Sensors 20, 7148(24) (2020)

Chapter 4

IoT Security Challenges for Smart Homes Nicolae-Gabriel Vasilescu, Paul Pocatilu, and Mihai Doinea

Abstract Nowadays, the emphasis is more and more on modernizing and ensuring the standard of living by using intelligent IoT systems integrated with smart homes. These have some security breaches that can become vulnerable in the event of external attacks. Identifying these issues in advance increases people’s confidence in using smart systems and moving from a mechanized to an automated way of life. Testing and finding solutions to prevent various types of attacks is a topic of interest today with a number of tools available to validate whether a home system is secure or not. This paper reviews smart home applications, focusing on security aspects related to IoT devices.

4.1 Introduction In recent years, more and more people are looking to improve their daily lives by using smart systems that automate and facilitate certain daily activities or that lead to the modernization of the quality of family life in smart homes built more and more nowadays by admirers of IoT-based technologies. There is a wide range of devices that are used for different types of household activities, developed in recent years that are very intelligent, even reaching the level of copying human behavior in certain areas. In this sense, researchers started from the primary inquiry stages where they analyzed how these devices can help people and automate certain activities and came to various implementations of prototypes that have largely reached the market to differentiate themselves from each other by technical, design or other characteristics. N.-G. Vasilescu (B) · P. Pocatilu · M. Doinea Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] P. Pocatilu e-mail: [email protected] M. Doinea e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_4

41

42

N.-G. Vasilescu et al.

The problem that arises in the case of these smart homes increasingly common in society is the security of devices and technologies that are used, how they can be improved and protected against attacks, encrypting sensitive information, establishing security principles to operate them and other elements related to the protection of data and personal life in front of pursuers of any type of security level. Out of the multitude of smart objects, many of them have problems exposing breaches that make the applications or devices used by people vulnerable to even very simple attacks, which do not include the experience of launching them against those who use them or any type of mandatory training before. There are organizations specialized in finding security breaches for IoT devices used indoors or outside homes to check if sensitive data is easily accessible and whether there is a high degree of security, connectivity between devices and problems that may occur at the network level. It is very important for users of these necessary and used items at home to know their security, use them based on appropriate security standards and principles, and emphasize the protection of personal data and personal life. The paper is structured as follows. The next section presents a detailed literature review related to the paper’s topic. Section 4.3 describes the IoT devices used in smart-home applications. Section 4.4 deals with the vulnerabilities of IoT devices and several countermeasures. The paper ends with conclusions and future work.

4.2 Literature Review There are many security breaches that occur in devices that are based on IoT used at home and it is extremely useful to see how they can influence the attack on data or breach of privacy by connecting from the outside to various sensors or applications used. As shown in [1], connecting smart home objects to the Internet must comply with the new security provisions, but also ensure the confidentiality and integrity of the data. An essential aspect of modern technology is biometrics, which comes with a number of security issues. The use of appropriate identifiers is essential to enhance this industry. Alternative multi-factor authentication can be used. All users should be made aware of what social engineering is and how easily people can expose keywords or other issues that make attacks easy for the attacker to manage. The use of insecure Wi-Fi network connections also leads to the exposure of connection data, and the security of the network being compromised. Users need to be aware of the possibility of losing control of those smart devices. Secure communication channels, such as virtual private networks (VPN) are indicated to limit internet traffic only to authorized persons. Regular backups and encryption of sensitive data increase the security of these objects.

4 IoT Security Challenges for Smart Homes

43

Authentication mechanisms must be trusted, such as fingerprint authentication which is unique at the individual level, thus increasing the complexity so as to to create blockages in this login step in case of attacks. From [2] it appears that devices connected to each other in smart homes face individual security and privacy issues, but other security issues may arise when they communicate with each other, such as: encrypting data transport from one application to another and CPU limitation on connected bits. Given what is discussed in [3], the home router plays an important role because it is the central component of the network and applies the rules of network filtering. It acts dynamically on anomalies that can occur through all processes, the threats being detected when creating connections to the router. From [4] it appears that there are 4 major areas in terms of the distribution of smart objects in a home: entertainment, security, energy and healthcare. Entertainment brings a high degree of comfort and convenience to those who live there, energy applications help manage the volume of consumption, medical applications are used to ensure adequate health, and security applications provide control, monitoring and prevention of threats. As mentioned in [5], Z-Waze IoT-based devices are currently used to monitor some activities at home, to increase comfort, and to save battery power. These devices also have vulnerabilities identified by researchers through penetration tests, and reverse engineering. As the authors point out in [6], the risks to data privacy and the fact that devices become insecure are amplified by recent Mirai DDOS attacks, in which there are bots that continuously execute certain commands to find sensitive information of those who live in smart homes and who expose their data in this way. According to [7], the emphasis on security can bring a competitive advantage over other manufacturers that do not pay this attention. Dealing with security issues should be done from the design phase of devices used in smart homes, thus reducing the costs that may arise in the next stages. Investigations when certain tests or scenarios are not met also lead to increased security. As it turns out from [8], with a very high probability, from a distance there is the potential for security breaches, the smart devices at home present real risks in the face of such attacks. Thus, the tendency to violate the confidentiality of data is pointed out, sometimes even through their own fault. At this level, attacks with the influence of digital forensics can occur. As [9] shows, an attacker can infiltrate quite easily through applications that manipulate smartphones. Unbeknownst to residents, these applications search for vulnerable IoT devices inside, transmit this data to an external application to modify the firewall from the outside, and thus the device is directly attacked. It turns out that home routers are a weak shield against Internet attacks and it is necessary to increase the security of IoT devices. According to [10], in a smart home, there are several security concerns: low in terms of device interconnection, insecure web interfaces, inadequate services and network problems, inefficient authentication and authorization, privacy and data

44

N.-G. Vasilescu et al.

integrity issues. The three main concerns are integrity, confidentiality and data availability. If one of the three is violated, we can talk about instability at the level of the smart home system. In [11] is shown that cyberattacks on smart devices inside the home, in addition to the financial damage caused, also leave their mark on the mentally affected people by violating their privacy and finding sensitive information. As shown in [12], one problem is the intrusion into the home of strangers that mimics certain characteristics of the occupants, such as voice, behavior, or access to some authorization information on objects inside. This leads to the need for intelligent detection of all people entering and leaving the home. According to [13], security must deal with avoiding breaches that lead to access to confidential data, defining the parties that have access to data and ensuring user privacy. There are several common threats to the smart home and its inhabitants [14, 15]: eavesdropping if the attacker gains access to the victim’s router and has access to all data in the house; software exploitation due to lack of basic security measures such as changing default passwords; impersonation when the attacker tries to use the victim’s identity; denial of service when the attacker sends many requests to the router or corrupt messages that the devices cannot process; ransomware in which criminals gain access to victims’ devices and encrypt stored information.

4.3 IoT Devices for Smart Homes A smart home is made up of devices, communication channels and services. Devices generally have several parts. The sensors measure the physical properties of the environment, they can be wearable (for example, bracelets) and non-wearable (for example, cameras). In this sense, video cameras together with microphones are considered the most sensors that violate privacy. The actuators deal with turning on or off the lights, triggering alarms, or operating windows. The gateway is the access point to the house and allows the owner to monitor and connect for managing applications. Smart objects are a set of sensors connected to the home internet. Communication channels are either home-level or network-level, such as Wi-Fi. RFID, and NFC are also used to monitor the data traffic of those living in that home. Services are cloud-hosted applications that are responsible for managing devices with decision automation. They are usually run from your personal smartphone. The smart home can generally contain sensitive data, videos, pictures, and devices such as cameras or microphones can be activated anytime and anywhere, allowing the interceptor to identify information inside. All these problems lead to the need to ensure the security of personal data. Device issues can occur, such as limited resources if the battery is empty, a weak processor, or other such issues that make it more difficult to apply more complex algorithms such as RSA. In smart homes, application-level consent is harder to do because IoT-based devices don’t have a mouse or keyboard.

4 IoT Security Challenges for Smart Homes

45

Interconnection difficulties may occur at the communication channel level because different protocols may be used. Additionally, a device can use its own protocol and a standard one to communicate with the cloud. All this added to weak hardware components can lead to the inefficiency of encryption algorithms. At the service level, if there is a need for a remote restart, there may be some inconveniences if there is no good remote connection, and in the case of components that have not changed for long periods of time, physical problems may occur. As we find in [16], devices based on IoT technology are divided into several categories. The main identifying devices are: IoT security solutions that block threats and scan smart devices to identify existing vulnerabilities; voice controllers that help control the house, but also create lists, listen to music and other features; indoor or outdoor video cameras for monitoring; smart thermostats that announce when devices are threatened by high or low temperatures; coffee makers; smart alarm; smart lock. Figure 4.1 shows an example of smart home devices shown in a home automation system (Domoticz). As shown in [17] the most popular 5 devices based on IoT technology currently on the market and quite popular are: door locks that allow their use from anywhere, being necessary due to crimes such as burglary and theft, common nowadays; heating systems, which help to optimize the required level of heat, thus highlighting huge energy bills, but also ensuring a high degree of comfort by setting the degree of heat before the worker arrives home; intelligent gardening machines, such as robotic lawn mowers, remotely controlled to handle automatically and remotely controlled tasks that are used to be done manually in the garden; video ringtones that allow notification when someone is in front of the house and even allow that person to enter inside; personal assistants like Alexa offered by Amazon [18] to control the activities carried out inside the houses.

Fig. 4.1 Example of a Smart Home management system (Domoticz)

46

N.-G. Vasilescu et al.

As we can see in [19], a smart home must include 5 categories of devices based on IoT technology: sensor bands that can be applied to any object in the house and deal with reporting the state of the doors, windows, water network or other household objects; smart locks with security features, easy to access remotely and integrated with the most popular virtual assistants; power consumption telemetry to monitor electricity consumption, the user to have access to sockets, to calculate costs in realtime, wireless power and connectivity through which you can charge hundreds of different sensors and devices, and you can connect smart objects; surfaces with solar energy that collect energy from the sun and transform it into useful energy for homes, surfaces that can replace roofs, doors, windows. In [20] are listed several categories based on smart devices that are currently on the market: . home security through a variety of sensors, lights, alarms and IoT-connected cameras to provide security; . activity trackers identified by the devices for monitoring and indicating indicators regarding the health status of the inhabitants in real time such as oxygen level, blood pressure, movement; . industrial safety and security devices located in restricted areas to detect criminals or leaks of hazardous chemicals, repairing them before the problem escalates; . augmented reality glasses featuring 3D animations or videos with real life scenes; . motion detection that can avoid catastrophes by detecting vibrations in buildings, identifying anomalies. The most popular IoT devices of 2021, according to [20] are: Google Home Voice Controller which offers voice services such as alarms, lights, thermostats; Amazon Echo Plus Voice provides answers to phone calls, timer setting, weather, and more; August Doorbell Cam that allows answering at the door from any remote location; August Smart Lock that manages the doors from any remote location; Foobot that accurately measures indoor pollution.

4.4 IoT and Smart Home Vulnerabilities and Counter-Measures Smart home security is a challenging issue because of the complexity and heterogeneous characteristic of such systems. The lack of interoperability standards makes this problem even more convoluted. Considering an IoT architecture consisting of IoT devices, a backend, and possibly a client application, then security aspects should be addressed at each one of these levels. The communication between each of those components is an important process that might expose sensitive data through the interfaces that are used. For this reason, an IoT architecture must have a gateway that manages all these IoT devices and applications with provisioning capabilities.

4 IoT Security Challenges for Smart Homes

47

Smart home devices are very different in terms of functionality, usability, access, operation mode and other user important characteristics. Because they are so many types of IoT devices relying on sensors, [21] like: key locks, security cameras, audio TV systems, blinds, thermostats, kitchen appliances, lighting systems, garden irrigation and we can even include automotive also, this diversity implies heterogenous ways of operation and communication. For all these devices to be safe and operate without security concerns a set of best practices must be imposed outlined by the next items: . secure communication channels no matter what types of protocols and standards are used, such as: TCP/IP, ZigBee, Z-wave, KNX/EHS; . a unified point of entry based on secure credentials and permission roles; . not exposing smart devices directly into the Internet network; . mode of operation should be maintained as much as possible in read-only state whenever possible and if not, restricted access should be enforced; . after implementation of such a smart-home architecture security penetration tests must be conducted to discover possible uncovered vulnerabilities. The following software and hardware components in an IoT architecture for smart home environment must be present so that any security issues will be avoided: . an internet gateway—it is mandatory to have a secure entry into the smart home network so that all devices be protected against unauthorized access and data theft; the gateway should be able to expose access to Internet users based on registered and authorized membership; . a provisioning mechanism—to enroll users into the smart home network and to manage their credentials accordingly to the smart home restrictions is a tedious task, especially if some needs to configure the user for all existing devices; for this purpose, shell scripts or batch files with configuration tasks can be created in order to make everything automated; moreover accounts provisioning should be made as such so that users can use biometric data or other secure standards like Fast Identity Online, FIDO solutions [22]. The authentication mechanism used by the smart-home gateway infrastructure is a key component to the entire architecture. Authentication schemes based on passwords tend to be hard to implement as they suppose password management for each one of the smart-devices present. Password less authentication mechanisms that rely on biometric data are gaining momentum but they should not be used as the only de facto scheme. Biometric authentication systems are probabilistic systems thus being necessary to be used in a two-factor authentication scheme. FIDO2 authentication is a new gold standard that enforces better security to web browsers and combines Public Key Cryptography with a second factor authentication that delivers something that is known only by the user that must be previously enrolled/registered into the system. Such platforms that support FIDO authentication will use a key pair generated by the client, registering the public key with the online service.

48

N.-G. Vasilescu et al.

Smart-home Login Gateway • Send chanllenge to the client

FIDO client • user chooses authentication option

Authenticator • Signing the challenge

FIDO client • Sending the signed challenge to the Gateway

Fig. 4.2 FIDO2 integration in a smart-home IoT infrastructure

Next diagram, Fig. 4.2, presents how the FIDO mechanism can be integrated into a smart-home IoT infrastructure. The process is relying on PKI infrastructure that uniquely binds a key pair with a registered user. After enrollment into the system user can authenticate himself by signing the challenge sent by the smart-home gateway with his own private key. Then the signed challenge will be sent back to the gateway which will be able to validate the signature based on the user’s public key that was previously registered. The signing process is made after a second factor authentication will successfully acknowledge something that only the user knows. The challenges that a smart home configuration will need to overpass are mostly related to the unauthorized access that non-registered users can benefit of. Constant software and firmware updates of such devices and close monitoring of access logs may prevent malicious users from benefitting of the possible unseen and unhandled vulnerabilities.

4.5 Conclusion and Future Work Periodic maintenance and checking of the condition of the sensors brings an important contribution to the whole process of operation of the systems used in homes and the detection of possible problems is treated responsibly considering that there may be degradation in the next period affecting the entire circuit. Having a high degree of security at the level of smart homes, daily activities become more pleasant, moving to the automation of physical processes.

References 1. Ali, B., Awad, A.: Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18(3), 1–17 (2018) 2. Jacobsson, A., Davidsson, P.: Towards a model of privacy and security for smart homes. IEEE 2nd World Forum on Internet of Things (2015) 3. Serror, M., Henze, M., Hack, S., Schuba, M., Wehrle, K.: Towards in-network security for smart homes. In: Proceedings of the 13th International Conference on Availability, Reliability and Security—ARES (2018)

4 IoT Security Challenges for Smart Homes

49

4. Bugeja, J., Jacobsson, A., Davidsson, P.: On privacy and security challenges in smart connected homes. In: 2016 European Intelligence and Security Informatics Conference (EISIC), pp. 172– 175 (2016) 5. Nkuba, C.K., Kim, S., Dietrich, S., Lee, H.: Riding the IoT wave with VFuzz: discovering security flaws in smart homes. IEEE 1775–1789 (2021) 6. Zeng, E., Mare, S., Roesner, F.: End user security and privacy concerns with smart homes. Proceedings of the Thirteenth Symposium on Usable Privacy and Security, pp. 65–80 (2017) 7. Lindsay, G., Woods, B., Corman, J.: Smart homes and the Internet of Things. Brent Scowcroft Center on International Security, pp. 1–12 (2016) 8. Plachkinova, M., Vo, A., Alluhaidan, A.: Emerging trends in smart home security, privacy, and digital forensics. AMCIS 2016 Proceedings (2016) 9. Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks—WiSec, vol. 16, pp. 195–200 (2016) 10. Erfani, S., Ahmadi, M., Chen, L.: The Internet of Things for smart homes: An example. In: 2017 8th Annual Industrial Automation and Electromechanical Engineering Conference (IEMECON), pp. 153–158 (2017) 11. Park, M., Oh, H., Lee, K.: Security risk measurement for information leakage in IoT-based smart homes from a situational awareness perspective. Sensors 1–24 (2019) 12. Heartfield, R., Loukas, G., Bezemskij, A., Panaousis, E.: Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning. IEEE Trans. Inf. Forensics Secur. 1720–1735 (2020) 13. Mocrii, D., Chen, Y., Musilek, P.: IoT-based smart homes: a review of system architecture. Internet Things, 81–98 (2018) 14. Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G., Baldini, G.: Security and privacy issues for an IoT based smart home. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (2017) 15. Lundgren, M., Padyab, A.: Security and privacy of smart homes: issues and solutions. Internet Things (2021) 16. Overview of the Most Popular Smart Home Devices. Accessed from IoTLineup.com: http:// iotlineup.com/, 8 May 2022 17. Lanner Electronics Canada Ltd.: 5 Examples of IoT Devices in Your Next Smart Home. Accessed from Lanner https://www.lanner-america.com/blog/5-examples-iot-devices-nextsmart-home/, 8 May 2022 18. Amazon.: My Personal Assistant. Accessed from Amazon https://www.amazon.com/MaestroPersonal-Assistants-My-Assistant/dp/B07HK8927X, 8 May 2022 19. Digiteum.: Smart Homes: Guide to Home Automation Using IoT (Internet of Things). Accessed from Digiteum https://www.digiteum.com/iot-smart-home-automation/, 8 May 2022 20. Duggal, N.: What Are IoT Devices: Definition, Types, and 5 Most Popular Ones for 2022. Accessed from Simplilearn: https://www.simplilearn.com/iot-devices-article, 8 May 2022 21. Nemec Zlatolas, L., Feher, N., Hölbl, M.: Security perception of IoT devices in smart homes. J. Cybersecur. Priv. 2, 65–74 (2022). https://doi.org/10.3390/jcp2010005 22. White paper: Multidevice FIDO credentials, Accessed from https://fidoalliance.org/whitepaper-multi-device-fido-credentials/, 17 March 2022

Chapter 5

An Overview of Security Issues in Smart Contracts on the Blockchain Ojog Silviu

Abstract Blockchain technology is a factor of disruption for the current state of the internet, and it has the potential to solve many of its security, centralization, and trust issues. The second generation of blockchain appeared in 2013, with the launch of Ethereum and introduced smart contracts, as a way of building applications on top of the blockchain. Nevertheless, smart contracts raise particular security challenges due to their immutability, attack surface, and economic implications. This paper aims to present the most common security vulnerabilities and possible exploits in smart contracts and the best practices for combating them.

5.1 Introduction Blockchain systems are tightly coupled with the financial sector. Bitcoin has emerged as a decentralized payment technology after the 2008 financial crash. Ethereum [4] is the second largest blockchain in terms of both market capitalization and user adoption after Bitcoin. Launched in 2015, it is primarily referred to as a smart contract platform. One of the key innovations Ethereum proposed over Bitcoin is the ability to perform calculus in a loop and build smart contracts. Smart contracts were first defined in 1996 by Nick Szabo [7] as “a set of promises, specified in digital form, including protocols within which the parties perform on these promises”. Contrary to the nomenclature, smart contracts do not behave as traditional contracts, in the sense that contracts do not mention the involved parties, nor the consequences, and they cannot be adjusted or reinforced. Smart contracts are immutable code, deployed on the blockchain. The paradigm behind smart contracts is highly powerful, as it enables users to create rules for any type of transaction [6]. The use cases exceed the financial sector [9]. Many of the traditional business contracts have the potential to be algorithmically encoded and enforced. Moreover, large enterprise application often relies on large, multi-layer redundant architecture, in order to ensure security. O. Silviu (B) Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_5

51

52

O. Silviu

Nevertheless, without standards, best practices, and risk mitigation, smart contracts on blockchain may inhibit its adaptation and disruption potential. Blockchain actors must be provided with security and fault handling and recovery capabilities, in order to mitigate the risks.

5.2 Ethereum Architecture The Ethereum blockchain is a public distributed ledger, that relies on the proof of work consensus algorithm for validating transactions. There are efforts to move to a proof of stake consensus algorithm, also known as Ethereum 2.0, in order to speed up transaction times and reduce transaction costs. The Ethereum network is composed of nodes. Nodes broadcast information such as pending transactions and newly created blocks to each other. Every node has roughly the same type of information, at any given time, as any other node. Miners are special kinds of nodes that compete with each other in forming new blocks of transaction. They run highly intensive computations on their hardware, in order to validate and execute transactions and create new blocks for the chain. The computations logic is executed within an Ethereum client. The entire logic is executed in the EVM (Ethereum Virtual Machine) [3]. There are several implementations of Ethereum clients, catering to several different needs. Applications built on top of the blockchain, also known as DAPPs (Decentralized Applications), communicate with Ethereum clients through the JSON-RPC protocol. One of the most popular libraries for Ethereum communication is web3.js. The library enables communication with a local or a remote node and creates RPC call, similar to REST API call. Ethereum is a neutral environment. Anyone can register as a node, interact with smart contracts, and start a transaction. A transaction is a data that records a segue between two states. The blockchain can be seen as a ledger of transactions. There are two types of ledgers: transaction ledgers or balance ledgers. In other words, they can record transactions or they can record the current balance state after transactions. Bitcoin is a transaction ledger, while Ethereum is a balance ledger. A transaction is a cryptographically signed instruction. Ethereum uses Elliptic Curve Digital Signature Algorithm (ECDSA) for signing transactions. The private key has 256 bits (64 hex/32 bytes). The public key is 512 bits long, obtained through ECDSA. There are two types of accounts on the Ethereum blockchain [12]: Externally Owned Account (EAO) and Contract Account (CA). A Contract Account contains the opcode, which is run by the EVM, while the EAO does not contain it. There are a couple of key differences in terms of the ability to interact with these two types of accounts. Anyone can view the interaction with the code of a CA on a blockchain once deployed on the blockchain. Certain features may be restricted for interaction, but they are visible. A EAO is controlled by an external actor through private keys. A smart contract receives inputs through transactions. Transactions provide input to smart contracts, and they are run on the EVM. A transaction can be initiated only

5 An Overview of Security Issues in Smart Contracts on the Blockchain

53

by an externally owned account, but it can be forwarded by a contract account. A transaction takes place when a new contract is deployed on the blockchain or when transferring tokens between two externally owned accounts, or from one externally owned account to a contract account. Transactions are atomic, meaning they cannot be divided or interrupted. Their effects can only take two outcomes, as in completed or reverted due to execution error. They are executed sequentially, but their order cannot be predicted. All transactions are subject to a processing fee. Miners can choose the order of execution by choosing and embedding the most profitable transaction in the block first. In Ethereum, transactions and messages are different, although they work together. A message can be triggered by a transfer transaction or by the EVM. In the latter case, when a contract account changes state, it can send an event notifying the Externally owned account, or it can use the message in order to invoke the execution of another contract. Ethereum is public, anyone can read all the data. Once deployed, the code is immutable. Therefore, a bug without a contingency plan is exposed forever. Decentralized applications or DAPPs in short are applications that are built on top of the blockchain [5]. DAPPs are composed of a front-end component, a smart contract, user wallets for storing keys, and a way of interacting with the blockchain. Frontend-wise they can be a website, mobile or desktop applications. DAPPs use deployed smart contracts to store funds or data and interact with the blockchain. They deploy their own smart contracts because they can control them better. Smart contracts have an ownership directive, meaning that whoever owns that contract has privileges. Owners can choose certain functionalities or change the state of the contract.

5.3 Security Considerations Historically, security exploits of blockchain have resulted in drains of large funds [2]. Hence, the cost of failure could be extremely high. The attack surface on Ethereum and other blockchains is significantly large than traditional server-side architectures. Smart contracts are immutable. They cannot be changed after deployment; hence bug fixing is approached differently. Attacks on smart contracts are performed transactionally. A smart contract attack implies changes in its state. An attack does not differ much from a normal transaction. An attack could be performed through one or more transactions. Smart contracts are open to being interacted with. Contracts can respond to other contracts with subsidiary calls to other contracts, but they cannot inject more gas or do anything different from what they were programmed (Fig. 5.1). Commonly, an attack is triggered from an externally owned account sending one or more transactions that call functions on victim contracts trying to exploit vulnerabilities. In Ethereum, only EOAs can initiate a transaction. An EOA does

54

O. Silviu

Fig. 5.1 A smart contract attack

not contain blockchain code as CA, thus business logic must be implemented only through CA. If the vulnerable contract is not accessible in a direct manner, the attacker will send transactions to another CA that will perform external calls to the victim contract. The attacker contract can be deployed by the attacker himself or by a different entity. The EOA that initiates the transaction must provide enough gas for the chain of contract calls, otherwise, the whole transaction chain will revert. Smart contracts reside within a larger ecosystem. Therefore, exploits may exceed the smart contract layer. A flow in the business logic, a secret key can be compromised, a bug in the wallet can affect the application, or a vulnerability in the Ethereum protocol can be discovered and employed. Other factors to consider in terms of smart contract interaction are timestamp manipulation and transaction front running. Timestamps are used when transactions are inserted in each block. Timestamps are very useful for placing events in large timeframes. They can be a vulnerability when used as a random source (“block.timestamp”). Transactions front running: Transactions are not instantly inserted in blocks. The attacker can track the pool of transactions and can send a certain transaction before the original one. Another important factor to consider when is the social aspect. Smart contracts can be used to borrow crypto funds and swap crypto currencies [8]. Smart contracts can be used to manipulate a part of the market. Several times, the borrowed crypto has been used to manipulate the price of a small cryptocurrency. Price volatility was then used for quick profits.

5 An Overview of Security Issues in Smart Contracts on the Blockchain

55

Social must also be considered for signature reuse. This can be harmful if the signer’s intention was to approve a transaction once.

5.4 Developing Smart Contracts The most popular language for developing smart contracts is Solidity. Other solutions are Serpent or Vyper, but they are mostly experimental. Smart contracts behave very much like object-oriented classes in strongly typed languages. They possess functions, state variables, function modifiers, events, enumeration, and error handling. Smart contracts can be inherited and referenced by other smart contracts. Smart contracts can own tokens and initiate their own transactions by calling specific functions. Some of the functions may only be available for the owner of the contract. The owner is the entity that deployed the smart contract on the blockchain and possesses its private key. In addition, the smart contract has an owner, the entity performing the deployment of the smart contract. The owner can have special access privileges. It is generally a good practice to restrict access to certain functions only to the owner. Any smart contract may receive funds. The transfer can be achieved by transferring the token to a special kind of function, marked as payable. One can choose to specify a function to be called on a certain smart contract. If the function is not specified, or the function called on the smart contract does not exist, the fallback function is called. The fallback function, is a special function on smart contracts, with no arguments.

5.4.1 Attack Surface A smart contract attack implies changes in its state. An attack does not differ much from a normal transaction. An attack could be performed through one or more transactions. Sometimes the victim contract is not made aware of the changes. An attack is perpetrated from outside the blockchain. An attacker writes code that will reach an Ethereum node, sending one or more transactions that call functions on victim contracts trying to exploit or expose vulnerabilities. Occasionally the vulnerable contract may not be accessible in a direct manner, the attacker will send transactions to an external contract that will perform external calls to the victim contract. The attacker contract can be deployed by the attacker himself or by a different entity. The chain of calls between contracts must be provided with enough gas by the externally owned account that initiated the transaction, otherwise, the whole transaction chain will revert. Only externally owned accounts can initiate a transaction. Contracts can respond to other contracts with subsidiary calls to other contracts, but they cannot inject more gas or do anything different from what they were programmed.

56

O. Silviu

5.4.2 Upgradability In software systems, upgradability is needed to add functionality and fix errors. The immutable nature of smart contracts has great business disruption potential, but it comes with several technical challenges. Simple upgradability implies replacing the whole contract by deploying an entirely new smart contract and interacting with the new one. Since external users may interact with the vulnerable contract, transferring to a new contract is synonymous with changing the address to the new contract. Hence, all users interacting with the smart contract need to shift the new address of the contract. Nevertheless, relying on the user for self-patching is a poor design choice. Historically, the same approach has been in any information system. Less tech-savvy users are unaware of the required fixes and upgrades and may be still vulnerable. A commonly accepted solution by the blockchain community is the usage of a proxy contract for interaction. The first contract, the proxy contract will redirect the functionality to a second functional contract. The proxy contract stores in memory the address of the contract holding the functionality logic, to which he is delegating calls. In case the second contract needs to be upgraded, the address of the interacting contract must be changed. It is utterly important that the function holding the must restrict the access for address upgradability to only the smart contract owner. Otherwise, any other party can change the pointing address to a malicious contract (Fig. 5.2). Secondly, deploying a new contract may imply losing existing stored data on the contract. The purpose of upgradability solutions is to fix business logic vulnerabilities and preserve the data stored within the contract. When delegating calls to a second contract, the contract must also be able to store and share data across themselves. The data must be stored on the proxy contract, to avoid losing it altogether on upgrade. The functional smart contract must write data to the proxy contract. Therefore, they must share a similar memory structure, otherwise, there is the risk of writing data into a slot of the memory used by a function. The storage contract is used as a layout pattern. Both the functional contract and the storage contract will inherit from the same contract and have the exact state variables. The proxy contract can have all these requests without risking having its variables overwritten by another variable (Fig. 5.3).

5.4.3 Error Handling Solidity offers two mechanisms in terms of error handling. The first method is the require check. It is used to validate input, validate responses from external contracts, and validate state conditions. In case the validation require fails, state changes are reverted and the remaining gas is sent back to the transaction initiator.

5 An Overview of Security Issues in Smart Contracts on the Blockchain

57

Fig. 5.2 Smart contract upgrade process

The second error-handling mechanism is the assert check. It should be used for conditions that never happen. In case it happens, assert will revert all the transactions and consume all the remaining gas. Assert is used for overflow checks, for invariance and validate those changes made to state variables have happened. Assert is usually placed at the end of the function and checks a certain invariant. An invariant is a condition that is true at a certain time in computer execution. They are extremely important because they can tell us if there is an error. If the invariant is not true, the code is not following the logic of the contract.

5.4.4 Transaction Cost Operations on the blockchain are performed only through smart contract, and they come with a cost of transaction. A particular problem, the halting problem, occurs when the program runs in an infinite loop. In some cases, it is difficult to understand just by looking at the compile code if a program will run infinitely. The solution

58

O. Silviu

Fig. 5.3 Ethereum storage contract inheritance

the Ethereum whitepaper proposed is to charge a fee for computing data on the blockchain. Every operation on the blockchain, such as saving a variable on the blockchain, has a different associated cost to it, called gas fee. The gas fee ensures malicious or badly formatted software do not run forever putting pressure on the network. For example, adding two numbers costs 3 gas units (Fig. 5.4). Every initiated transaction must specify an estimate of the amount of gas it will spend. The gas price is the limit imposed by the transaction creator. It represents the highest price per unit he is willing to pay. The gas price is recorded in the header of a transaction.

5 An Overview of Security Issues in Smart Contracts on the Blockchain

59

Fig. 5.4 Ethereum transaction cost

The gas limit is the limit on the number of gas units, also imposed by a transaction creator. The gas limit is dependent on the complexity of the smart contract algorithm. Every operation has a certain gas requirement. If the gas limit is set too low to finish a transaction, the transaction fails and gets aborted. The gas limit is a design choice, a protection mechanism to address infinite loops. The transaction fee represents the total cost of computations in a transaction. It is the product between the total gas cost and gas price. The total gas amount, the transaction is willing to pay may be higher than the actual paid prices. The unused gas, namely the difference between the total submitted gas and the actual cost is submitted back to the transaction originator. The order of the transaction is not guaranteed in the blockchain. Miners have financial incentive for creating blocks. They are able to choose the transactions that are most profitable to them. The higher the gas price, the bigger the reward of the miner is. If a transaction is submitted with a low gas price, it may take longer to be added into a new block. Nevertheless, transaction with very high gas price is generally more complex. They involve a large number of steps. It may take longer to mine and create blocks. Miners find themselves in a time-bound competition to create blocks. They need to make a tradeoff in terms of finding the most lucrative transactions to mine. Solidity provides 3 different ways of sending Ether in the form of “transfer”, “send”, and “call” methods. Both “send” and “call” are low-level functions. Low level functions have slightly lower gas cost, but they bypass security checks and do not propagate errors. A Boolean value is returned indicating whether the call has succeeded. If the result is not checked, a critical error can occur without notice. In the “transfer” method, the transfer will raise an error and the whole transaction will revert to its previous state. Making use of low-level functions is discouraged in the Solidity docs, as they require a higher level of expertise. Nevertheless, choosing “transfer” over low-level functions is not always a simple choice. The Ethereum Network has been faced with numerous times very high fees. The methods “send” and “transfer” will forward a hardcoded value of 2300 gas Units [3]. In theory, it is enough to dispatch an event. The intent of the limitation is to retrain

60

O. Silviu

what the recipient contract could execute. The limitation turned to be problematic as it was implemented with the misconception that the gas cost of the EVM operation don’t change. The method “call” will forward all the gas remaining from the original transaction. Unlike the counterparts, the “call” method is prone to reentrancy attack. It enables the calling contract to execute the fallback function, with unlimited gas. Therefore, it can call again a function on the contract. Security patterns such as Check-EffectsInteraction discussed below need to be implemented. The call function, although dangerous, it does serve a purpose. It does require to have trust in the contract you are calling to.

5.5 Smart Contracts Patterns 5.5.1 Check-Effects-Interaction Pattern The Check-Effect-Interaction pattern [10] is especially useful against a known attack in the blockchain Ethereum world, known as the reentrancy attack. The reentrancy attack was behind one of the main hacks in blockchain history, the Maker DAO attack [2], which led to Ethereum splitting in Ethereum and Ethereum Classic. The attacker tries several times, abusively, to send funds from a smart contract. When a contract transfers funds to a second contract, on the receiving contract, a fallback function is executed. In the Maker DAO attack, the attack used the fallback function to recall the initial function. It reentered the attack function. Reentrancy attack can be prevented using the same mechanism of preventing race conditions. The check-effects-interactions is geared toward reducing attack surface and limit the control an outside entity can exhibit on the contract. The pattern imposes the checks and validation to be execute first in the functions. For example, only continue with the execution of the function if the balance of the user or if the user has the required permissions to call the function. After the verification, the effects, changes of the state, can occur. For example, the changes of the balance or storage of new items. Any interaction with another user or another contract, such as transfer or event notification, needs to be performed last. The check-effects-interactions intents to execute operations in a specific over in a smart contract function. Any change in the order of instruction execution may insert unintended vulnerabilities.

5 An Overview of Security Issues in Smart Contracts on the Blockchain

61

5.5.2 Pull Over Push The pull over push pattern [10] handles the token transfer from a smart contract to the user. In “push” approach, funds are sent to the user without them interacting directly, while “pull” refers to letting users pull out the funds themselves. The “pull” approach is the preferred method, although it is more complex and it requires the user to do more interactions. It reduces the probability of running out of gas and the responsibility of providing the gas is passed on to the user.

5.5.3 Access Restriction All smart contract on the public blockchain could interact with external sources, hence all external calls must be treated as untrusted. Whenever a value is transferred to someone, that may be an external call to a contract that has called your contract. That function call may not come from a person you send ether, but it may be a contract. Therefore, interacting with an external contract is inevitable. Solidity offers 4 data access modifiers: public, private, internal, and external for functions and variables. With the public modifier, any data or function is accessible for call, read, and write. External is intended for outside invocation, and it restrict the access of current contract. Internal is meant for current contract and the inherited contracts, while private is only restricted for access within the contract. Nevertheless, while accessing a certain variable within a contract is not possible, reading data can be performed by reading the bytecode stored on the blockchain. It is generally considered a good practice to refrain from storing sensitive data on the public blockchain, as it may be subject to disclosure.

5.5.4 Emergency Stop In case, a smart contract encounters a zero-day vulnerability, the easiest fix is to restrict the access to entire contract or limit the access to certain functionalities. It is a damage control measure to limit the funds from being drained out of the contract. The implementation allows the owner of the contract to pause the contract and gain time to implement a proper patching strategy. The pattern can be implemented with a function modifier. A function modifier checks a Boolean value, acting as a switch, before running the function logic. The Boolean value should only be tuned on and off only by the user. Compute time on the EVM requires units called gas. The emergency stop comes with an increase cost in gas consumption as every function call is passed to the modifier.

62

O. Silviu

5.6 Testing Smart Contracts Testing smart contracts before main net deployment is highly important. Testing can be performed locally, forking the main net blockchain on a local computer or server. One tool for such an operation is Ganache [1]. The forked blockchain can be used to deploy contracts without paying fees. Ganache is a local private test blockchain. It is a fast mean for testing smart contracts. Auto-mining is enabled by default. The operations are performed instantly without the average waiting time. In Ganache, a block is immediately mined as soon as a transaction is created. In Ethereum, the average mining of the block is 14 s. Test networks are close to the live main network. The Ropsten test net uses the proof of work consensus algorithm. Miners on the Ropsten, receive an incentive in the form of ether for their mining efforts. Rinkeby uses a proof of authority consensus algorithm. In Rinkeby, new blocks are added about every 15 s, which is very similar to the mainnet.

5.7 Conclusions and Future Work Blockchain is a new and evolving technology. New bugs and security risks are constantly discovered. We should expect constant changes in the security landscape. Smart contracts security is a particular important piece of the blockchain puzzle as they handle creation, storage, and distribution valuable assets. A vulnerability can result in the total drain of funds. Smart contracts are immutable, public, and fully open for interaction. A new approach on security is needed. Developers must consider it and adversary environment and must prepare accordingly. Blockchain has the potential to disrupt many of the online industries and business models [11]. Smart contracts are the building blocks for the trust layer blockchain, which is expected to be created over the internet. In order to accelerate the technology adoption, the blockchain research community must continue to provide clear models for creating, securing, error handling, and interacting with smart contract. Mass adoption will most probably be reached when many of the low-level interaction with smart contract and blockchain will be abstracted.

References 1. Araoz, M., Brener, D., Giordano, F., Palladino, S., Paivinen, T., Gozzi, A., Zeoli, F.: Zeppelin Os: An open-source, decentralized platform of tools and services on top of the EVM to develop and manage smart contract applications securely (2017). https://openzeppelin.com/assets/zep pelin_os_whitepaper.pdf 2. Biggest DeFi Hacks of 2020 Report. https://hacken.io/researches-and-investigations/biggestdefi-hacks-of-2020-report/ 3. Ethereum Yellow Paper: A secure decentralized generalized transaction ledger

5 An Overview of Security Issues in Smart Contracts on the Blockchain

63

4. Ethereum Whitepaper: A Next-Generation Smart Contract and Decentralized Application Platform. https://ethereum.org/en/whitepaper/ 5. Harvey, C.R. et al: DeFi and the Future of Finance. Wiley (2021) 6. IBM: What are smart contracts on blockchain?. https://www.ibm.com/topics/smart-contracts 7. Nick Szabo: Smart Contracts: Building Blocks for Digital Markets (1996). http://www.trueva luemetrics.org/DBpdfs/BlockChain/Nick-Szabo-Smart-Contracts-Building-Blocks-for-Dig ital-Markets-1996-14591.pdf 8. Silviu, O.: The emerging world of decentralized finance. Informatica Economica 25(4), 43–52 (2022).https://revistaie.ase.ro/content/100/05%20-%20ojog.pdf 9. Smart Contracts: 12 Use Cases for Business and Beyond (2016)—Chamber of Digital 1Commerce. https://digitalchamber.org/wp-content/uploads/2018/02/Smart-Contra cts-12-Use-Cases-for-Business-and-Beyond_Chamber-of-Digital-Commerce.pdf 2 10. Solidity Security Patterns. https://github.com/fravoll/solidity-patterns/ 11. Tapscott, D., Tapscott, A.: Blockchain revolution: how the technology behind: bitcoin is changing money, business, and the world, Portfolio (2018) 12. Wu, X.B., Zou, Z., Song, D.: Learn Ethereum: build your own decentralized applications with Ethereum and smart contracts (2019)

Part II

E-society, Enterprise and Business Solutions, Smart Cities and Sustainable Communities, E-society, E-government and E-education

Chapter 6

Agile Business Systems Development Paradigms—Technological and Human Resource Perspectives Marian Stoica , Bogdan Ghilic-Micu , Marinela Mircea , and Panagiotis Sinioros Abstract Today’s society is significantly contaminated in all its dimensions by the technological revolution of recent decades. Technology, in one form or another, has penetrated all corners of human existence and directly contributes to spectacular metamorphoses in individual-behavioral, professional, and societal aspects. Going through higher stages of development and dangerously approaching the maximum limit of evolution, society today experiences the emotions of an organization based almost exclusively on information and knowledge. Information has regained the status of an indispensable factor for business, and knowledge is the natural result of the logical processing of this information. Business prospects have stimulated the economy to invest heavily in information gathering, transmission, and processing infrastructure. This has led to an intensification of research in the field of information technology and telecommunications, further increasing the impact of technology on human society. Thus, a significant attribute of contemporary society is the development of scientific interface disciplines, which seeks an answer to the increasing complexity of economic and social realities, which requires interactive and multidisciplinary approaches. The importance of the information dimension of the business is no longer as vehemently challenged as it was 20–30 years ago, and the development of agile business information systems has long been just a fad. Agility thus becomes a sine qua non of economic success. Coupled with technology, it translates into flexibility of methods, techniques, and tools embedded in software products dedicated to modern business. In a realistic approach, the adaptability offered by M. Stoica (B) · B. Ghilic-Micu · M. Mircea Bucharest University of Economic Studies, Romana Place 6, Bucharest, Romania e-mail: [email protected] B. Ghilic-Micu e-mail: [email protected] M. Mircea e-mail: [email protected] P. Sinioros Department of Electrical Engineering, University of West Attica, Agiou Spiridonos 28, Egaleo 122 43, Athens, Greece e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_6

67

68

M. Stoica et al.

agility must be met throughout the systems development lifecycle, regardless of the methodology approached—constructive or ameliorative. In this paper, the authors propose an analysis of how the individual is impacted by information and communication technology in the context of modern business, given that human resources and technology are the main “culprits” for the evolution of today’s society, in general. The technological dimension of the business is approached from the systems development lifecycle perspective and the main agile paradigms for the development of business information systems.

6.1 Introduction In the last 20 years, mankind has experienced spectacular demographic developments, on the background of a decreasing growth rate, however, from 2% in 1970 (3,682 billion), 1.3% in 2000 (6,114 billion) to 1% in 2020 (7,762 billion) [1]. Known as a demographic explosion, the phenomenon of accelerated population growth has led us so far to a global community of almost 8 billion people (see Fig. 6.1) [2]. Applying the legality of cyber systems, for example, we can say that, perceived systemically, the evolution of a society is directly proportional to the disturbances to which that company is subjected and inversely proportional to the restrictions/constraints applied to it [3]. Consequently, we can consider the increase of over 1.6 billion people in the last two decades that it is due to the disturbances that have affected the society in which we live (note that the pandemic period generated by the health crisis, which was the generator of an atypical behavior of the members of society is avoided—this will be analyzed in future researches). Thus, the starting point of the present research may be the identification of those disturbing factors that stimulated the manifestation of the principle of the necessary variety (formulated by W. Ross Ashby in his famous 1956 work An Introduction to Cybernetics [4]) in the case of the modern societal system, in terms of the increasing number of inhabitants. Without accessing an exhaustive-analytical approach to the phenomenon, we can formulate a sustainable working hypothesis, built on the fundamental role of human resource in shaping and evolving a society in general. From the role of a simple factor of production, interpreted in the traditional management along with the natural and financial resources, the human resource has experienced in recent years significant transformations in the way of involvement and exploitation in economic processes and phenomena. Thus, from a relatively primitive form of raw labor specific to the early industrial society, today we are witnessing increasingly selective exploitation of this resource. In modern society, the emphasis is increasingly placed on the exploitation of the abilities of the individual and on his ability to adapt to increasingly diverse flexions of the economic environment and lucrative conditions. This aspect can be expressed by the dimension of the agility of the human resource in an increasingly technological socio-economic context. Modern man is confused today with technological man, constituting the point of convergence of agile human resource and information and communication

6 Agile Business Systems Development Paradigms—Technological …

69

Fig. 6.1 World population growth

technology (ICT). The impact of ICT on society is an implacable one, which affects all existential spheres not only through assistance, but, moreover, through the transformation of the way of working, the way of relaxing, the way of communicating, and the way of existing in general. In other words, human resources and technology are the main disruptive factors to blame for the evolution of modern society. They can be added through functionally dependent chains with various qualitative dimensions expressed in attributes such as adaptability, interoperability, sustainability, reliability or scalability. This context governed by a strong technological aura is characterized by significant fluctuations in the political, social, economic, and environmental conditions to which the individual and business must have the agility capabilities necessary for adaptation. Agility thus becomes the sine-qua-non condition of economic success. Coupled to technology, it translates into flexibility of the methods, techniques, and tools incorporated into the software products dedicated to the modern business. In a realistic approach, the adaptive capacity offered by agility must be satisfied throughout the system development life cycle (SDLC), regardless of the methodology approached—constructive or ameliorative. Viewed in the mirror, the developments in the economic capacities offered by both human resources and technology follow roughly identical trajectories, manifested at totally different scales. This fractal perspective of the evolution of the two resources is primarily explainable by the technological explosion of the late 1990s, triggered by the launch of the World Wide Web and the implacable emergence of the global

70

M. Stoica et al.

Fig. 6.2 Agile methodologies evolution for SDLC

Internet network. The fractal paradigm makes its presence felt in the trajectory of the two resources of today’s modern business. In the case of ICT, there is a replication of the fractal model as the ratio between the technology in general and its agile dimension, expressed in terms of specific models for the life cycle of information systems development (see Fig. 6.2). In this context, we can say that the life cycle of agile development of information systems for business provides structure to the challenges of transition, from the beginning to the end of project development. At the same time, for clarification, the software development lifecycle is a systematic approach applied by the software development industry to design, develop, and test software at a high-quality level.

6.2 ICT industry—The Pillar of Economic and Social Development We are witnessing today real technological revolutions with significant impact on the life of the individual and on society. The transformations that human society is undergoing today are no different, as a sphere, from those of the past. What distinguishes them is the speed of propagation and the pace at which they travel great distances, being adopted by almost all countries of the world. The new economic current of globalization has accelerated the transformation, with companies seeing in the idea of transnational and cross-border new possibilities for development through new markets, cheaper or more skilled workforce, and more accessible raw materials. Business prospects have stimulated companies to invest a lot in the infrastructure of collecting and transmitting information, which has led to an intensification of research activity in the field of informatics and telecommunications, further increasing the impact of technologies on human society. Nowadays, more than ever, the challenges imposed by the knowledge society, the global economic crisis, and the frequent changes taking place in the business environment and, implicitly, in the labor market, require as necessary a reliable protocol of the Internet, which is aligned with the new requirements and challenges, as well as with the future directions of development specific to an era of technology. Such a reliable protocol for the internet has almost been identified in blockchain technology and must be used to build infrastructures that allow the individual to acquire professional ICT skills and develop agile systems and businesses.

6 Agile Business Systems Development Paradigms—Technological …

71

Despite all the shortcomings generated lately by the pandemic and post-pandemic restrictions, the military crisis in Eastern Europe or other elements generating undesirable effects, the impact of the ICT software and services industry in the global economy remains a significant one. For example, in Romania, which is not necessarily one of the world’s leading states in the field, on an obvious trend of drastic population decline in the coming years (see Fig. 6.3) [2], this impact currently amounts to 13.6 billion of euros, and the share in GDP is 6.2%. This information emerges from the data of a market study presented by the Employers’ Association of the Software and Services Industry (ANIS) and reported by the Agerpres news agency [5]. According to research funded by ANIS and conducted by Roland Berger, out of a total of 13.6 billion euros, 8.8 billion euros’ direct impact represents the gross operating surplus, personnel taxes and expenses, 2.6 billion euros’ indirect impact represents economic transactions with Romanian suppliers of enterprises in the industry, while 2.2 billion euros’ induced impact represents wages spent on the national economy by employees supported directly and indirectly. The analysis presented shows that the software and services industry is growing three times faster than the economy. Thus, if in the last five years analyzed (2015–2020), Romania’s economic growth was 6%, and the ICT industry registered a jump of 17% [5]. In terms of human resources, the ANIS study highlights that approximately 270,000 employees are supported in total by software and services industry, respectively, all employees who exist, on average, at the level of two counties in Romania. More specifically, there are 135,000 employees in companies with main activity in

Fig. 6.3 The trend of the evolution of the Romanian population until 2100

72

M. Stoica et al.

ICT software and services (direct impact), over 73,000 employees supported along the Chain of Romanian suppliers of enterprises in the industry (indirect impact), and more than 65,000 employees supported by salaries spent in the national economy (induced impact) [5]. The industry also has the fastest rate of employee growth in the last five years, with an annual performance of about 10,000 people. However, the study reports that there is still a significant shortage of specialists in the ICT market with almost 10,000/year. As we said, the information and knowledge society is also based on a resource that has become a priority in the proper conduct of current affairs: information. This does not mean that there was no information or knowledge in industrial society, but only that the technological explosion in recent years has made information a strategic resource, a neo-factor of production. The speed with which knowledge is renewed and the fact that its volume has an exponential growth have made knowledge a component of the modern economy and a basic organizational principle in the new society. Knowledge has become the most important factor of production in the modern economy. It is the basis of the exercise of power, generates productivity increases, and ensures business competitiveness. Since an economy can be defined by the type of activities in which the majority of its workers are involved, we can now speak of an informational economy, of knowledge, in the same way that they talked about the industrial economy or the agrarian economy. At the same time, by putting together technology and the human resource as the main contributors to the evolution of society, it should be noted another very important aspect—the qualitative dimension of the respective society. The quality of society, in general, can be assessed in the light of numerous indicators, without there being a de facto standard on this issue (see ISO standards). In other words, the qualitative dimension of society is most often a subjective matter, characteristic of entities emitting or commentators of some evaluations. But, going back to technology and the individual, the quality of a society can be expressed through the prism of its treasure trove of knowledge—the societal/global treasure trove of knowledge, which, in the ICT ecosystem in which we live, cannot be any different (and it would be good to do so), than a predominantly digital one. Or, the societal treasure trove of knowledge is nothing more than a gathering in the mathematical sense of national treasures of knowledge. And the digitized dimension of a national treasure trove of knowledge can take us to the cognitive frontier of what literature calls digital national wealth. From this perspective, digital national wealth is a conglomeration of files that virtually form a whole, whose components are the subject of hits in order to solve individual or group requirements [6].

6 Agile Business Systems Development Paradigms—Technological …

73

6.3 Agility—Preference or Necessity from Technological and Human Resource Perspectives In order to become agile, the organization must continuously control the dynamics of the evolution of its own business processes, human resources, and information system. Business agility can be achieved through the agility of human resources, the agility of business processes, and the agility of information technology [7]. The agility of human resource can be achieved through an organizational culture that provides an intensive workforce based on business and technological knowledge in all areas of the business. The organizational culture must allow a rapid adaptation of the workforce to the permanent changes in the business environment. Achieving agility depends on the ability of the human resource and the autonomy of the working groups. They allow global adjustment to micro-changes in the organization’s adaptation to the requirements of the business environment. The agility of business processes can be achieved through the management of business processes provided by the information systems of the organization. The principle behind the agile organization regarding business processes is to provide the best solution for achieving the mission of the organization. This involves the continuous modeling, simplification, and reconfiguration of processes. It also involves the ability to respond effectively to changes in the business environment by taking advantage of ICT and SOA (Service Oriented Architecture) services. In addition, the combined use of BPM (Business Process Management) and SOA facilitates a new phase in the development of flexible business processes called service-oriented business processes. The agility of information technology mainly addresses technological architecture and infrastructure through SOA. Technological agility is currently a wide area of research, as ICT creates the most problems in achieving agility. Moreover, integration into the enterprise is the least mature category of capabilities, and for many companies, it remains a goal to be achieved and not a reality. SOA can be seen as a paradigm for solving integration problems at the application level. SOA provides agility by encapsulating application logic into services. Services can be easily and quickly combined with business rules and analytical services to provide new functionality and business agility. The principle behind the agile organization with regard to the use of information technology is the systematic anticipation of the rational use of emerging technologies. In this regard, Digital.ai Software Inc. published, in 2022, the 15th State of Agile Report—A Look into the Global State of Enterprise Agile in 2021, which provides key insights from the largest annual survey of the level of use of agile techniques and practices. According to [8], the top 5 positions of the most popular agile planning and delivery tools currently use include: Kanban Board, Task board, Spreadsheet, Agile Project Management Tool, and Bug Tracker. In Romania, as a perspective for the coming years, ANIS estimates that if the current situation is maintained, the ICT industry can contribute to GDP with an added gross value of 17.4 billion euros in 2025, but the amount may increase to

74

M. Stoica et al.

e20.4 billion “if measures are put in place to continuously improve competitiveness”. On the other hand, there may also be a decrease of 15.7 billion euros if there is a steep deterioration in competitiveness. Thus, measures to strengthen competitiveness include: maintaining tax exemptions, introducing additional measures to encourage industry, and stimulating innovation. Otherwise, there will be a deceleration of competitiveness if the tax exemptions are eliminated and Romania becomes uncompetitive in the region and the growth rate will decrease. In addition to maintaining the current facilities, industry representatives present three types of measures needed to strengthen the competitiveness of the ICT industry in the region: . encouraging research and innovation; . attracting, keeping, and stimulating specialists; . workforce training (ICT education). For the first direction, the representatives propose that measures the application of the deductions already existing for the research and development activity, the increase of the deductibility percentage, and the projects through which certified patents are created to be considered as research and development projects, without other bureaucratic formalities [5].

6.4 The Evolutionary Dimension of Agility in SDLC: From Waterfall to DevOps It hasn’t even reached the pinnacle of the information society and people are wondering: what’s next after this? Specialized studies establish as a reference point for the global information society for the next 20–30 years. The problem is what technologies will be discovered and what will follow after these years. A first starting point could be so-called calm technologies. Another starting point could be invisible technologies, power-mind technologies and, why not, biotechnologies (mechanical, informatics, magnetic, etc.) or eco-technologies [9]. To all questions, futurologists will have to find a credible answer. If the evolution of society is analyzed through the prism of the classical trident data–information–knowledge, then it will be possible to discuss the technologies of knowledge and the intelligent society. The present stage of human development can be defined as a new type of society, in a permanent transformation, which develops on the basis of the production of informational values, unlike the previous types of society whose driving force was mainly the production of material values. Starting from these, it can be predicted that the next wave could start around 2035–2040 and will be called the stage of intelligence and knowledge. This stage will place the center of attention on the exploitation of information in order to achieve the desired level of intelligence for any entity. It will be the period when the capacities of the human brain will be reached to some extent when the concept of bio-techno-system will be generalized, that is, hybrid systems

6 Agile Business Systems Development Paradigms—Technological …

75

between biological systems and technical systems. That will indeed be the era of the technological man. This is the cognitive-technological context in which we find ourselves and in which technology no longer creates prosperity, just as it does not destroy privacy either. However, in this digital age, technology can be found in all spheres of human existence, at the heart of all things good or bad. It is she who gives individuals opportunities to cherish and violate each other’s rights in new and ever-deepening manners [10]. In the context of the new way of working [11], it should be emphasized, once again, the very important role played by trust in the teleworker-employer relationship (The Romanian Law regulating the teleworking activity adopted in 2018—Law 81/2018—makes no reference to this aspect of trust, the teleworking activity being based exclusively on the agreement of will between the parties). In the context of the digital age in which we live, security breaches in information systems and vulnerabilities of commonly used ICT solutions (e-mail, social networks, professional networks, etc.) implacably affect trust. The agile approach is no longer a fad, being in the current context one of the proven solutions for achieving economic performance. The software dimension of the information systems knows special extensibility in an agile context, often leading to an overlap of the informational component over the informational one at the business level (a long desideratum expressed by the systems analysts). This aspect comes bundled with specific philosophies, methodologies, models, techniques, and software development tools, analyzed by the authors in [12], and which are invoked in what the specialized industry calls SDLC. Thus, the development templates contain various processes or methodologies, selected for the development of the project according to its goals and objectives. Software development models help to improve the quality of the software as well as the development process in general. There are several models of the software development lifecycle that have been used to achieve different goals required at a given time. Both literature and practice recognize the Waterfall model (Winston W. Royce, 1970) as the starting point in what we generically call the History of Agile Developments. Waterfall underlies the subsequent models associated with the system development lifecycle, followed by the V (Verification and Validation) model, then the Incremental model, followed by RAP (Rapid Application Development—1991), the Iterative model, and then the Spiral model based on risk analysis. From this perspective, SDLC becomes a framework that describes the activities carried out at each stage of the software development process. SDLC consists of a detailed plan or roadmap, which outlines how the development, maintenance, and replacement of the specific software will be carried out. This term is also known as a software development process and is conditioned by the initial decision regarding the start of the actual process of developing the respective software product. The international standard for SDLC is ISO/IEC 12,207, which aims to define all the activities necessary for the development and maintenance of the software. The most prodigious period regarding the development of agile models specific to SDLC precedes February 2001—the publication of Agile Manifesto, covering a so-called “golden decade” of Agile approaches. Thus, between 1990 and 2001, we

76

M. Stoica et al.

witness the publication of agile SDLC models, many of which later became methodologies, such as SCRUM, ASD (Jim Highsmith, Sam Bayer—Adaptive Software Development), FDD (Jeff De Luca—Feature Driven Development), DSDM (DSDM Consortium—Dynamic System Development Method), Crystal Clear (Alistair Cockburn—1996), XP (eXtreme Programming—Kent Beck, Ward Cunningham, Ron Jeffries), etc. Due to the growing importance given by the business environment to the time factor, in recent years, the ICT industry has experienced new (mostly hybrid) approaches to agile paradigms for business systems development (see Fig. 6.2). In order to shorten the SDLC duration as much as possible, specific “tools” generically called DevOps have been developed. They are mainly aimed at continuous integration, continuous delivery, software architecture, data analytics, systems security, continuous quality assurance, continuous testing, etc. This has created a market or a specialized secondary segment of the Agile ICT industry, and the best performing of these tools in terms of usability are Atlassian Jira, Digital.ai Agility (formerly VersionOne), Azure DevOps, Broadcom Rally (CA Agile Central), respectively, Trello [8]. Increasing the speed of delivery of software products, improving quality, reducing risks, improving customer satisfaction or reducing technological costs are all prerequisites for the further development of this segment of the ICT market. Another emerging concept for the new ICT market is the Value Stream Management—VSM, defined by [8] as an ensemble of individuals, processes, and technology that maps, optimizes, visualizes, measures, and governs the value flow of the business, using channels for the delivery of executable software, starting from the idea of the product to its development and, subsequently, its production.

6.5 Business Perspectives We are living in a new era, in which computer networks and communication systems have become a habit of daily life for a large part of the population. The possibility of expanding the use of the Internet is stimulated by the substantial development of various applications such as e-commerce, distance learning, electronic press, digital libraries, and virtual communities. The emergence of these applications creates speculation about the social changes generated by the widespread use of the Internet. The technological revolution in terms of information and communications has had a strong impact on society and the global economy, bringing to the fore fundamental changes in production and distribution models, commercial conditions, employment, and daily life. Since the beginning of the millennium, the world economy has been in a process of transition from a predominantly industrial society to an information society, defined by a new set of rules that lead to the emergence of what is called the new economy. Identifying the rules governing the new society, as well as the consequences that structure the managerial relations, is a necessary condition in assessing the interest

6 Agile Business Systems Development Paradigms—Technological …

77

in the new forms of work and specific activity. Schematically, the industrial society is based on energy and raw materials, and the post-industrial one is on the convergence of information, its processing, and on telecommunications. These structural changes were soon to manifest themselves at the managerial level, with implications regarding the management methods and the management of human resources. Thus, traditional management knows new valences, adapting on the fly to the new conditions of the labor market and of the way of doing business [13]. The functional framework and the premises for the managerial revolution, as well as the transition to the information society, are dictated by the aggressive dynamics of the new economy, in which digital technologies make it easier and cheaper to access, process, store and transmit information. The huge volume of information available creates opportunities to exploit them by a better substantiation of the managerial decision, thus leading to the creation of new products and services, by transforming some activities and increasing the number of jobs. The new economy is transforming digital information into economic and social value, creating new industries, changing existing ones, and profoundly affecting the lives of citizens. The role of managers within the organization changes, with a horizontal and vertical integration of decisionmakers taking place. We are witnessing the increasing imposition of group decisionmaking, which increases the need for communication and increases the degree of dispersion of the elements involved in the decision-making process. Today, information translated into a universal language (computerized/digitized) must be regarded as a strategic raw material, fundamental to economic and social development. The digitized information in the form of sounds, static or animated images, but also in the form of tactile, olfactory or gustatory sensations invades our daily life and structures the ensemble of production processes. The originality and potential of the information society are expressed through the intensive use of the universal language, and the transformations produced constitute the power of the post-industrial revolution. The information processed with the help of software products, expert systems, and artificial intelligence responds to increasingly complex needs, with real-time results: the need for simulation, research, reliability, and quality, but also the need for machine translation, voice recognition, etc. Coupled with computer networks, digitized information circulates in real time from one end of the planet to the other. It turns out to be a limited resource only cognitively and temporally, compressible syntactically and semantically, with a higher level of transportability. Thus, convergence between the different types of digitized information processed and telecommunication networks transform and revolutionize not only production processes, but also research and innovation methods, work organization, and consumer habits. Virtual (intangible) activities benefit, as a direct result of convergence, from the opportunities specific to nomadism: production costs facilitate competition and the workforce internationalizes [13]. Economic globalization on the one hand, but also the direct effects of lucrative experiments during the pandemic period, may signify a new international division of labor, with teleworking and teleworkers becoming a normal mode of production. Particular attention must be paid to this new mode of production, especially as it applies to an increasing number of activities that occupy a strategic place

78

M. Stoica et al.

in the creation of added value at the global level. And amid the increasingly frequent economic, health, political, etc. crises, the teleworker will also position itself on the leading places of a not too distant social status-quo [14]. On this socio-economic background, the ICT market and industry continue to test and experiment with new working frameworks and new methodologies. The most notable are DevOps tools and agile solutions, which are now widely adopted by many of the main ICT service providers. They aim to implement extensive organizational culture training and reengineering programs to adopt best practices to support innovation and early delivery in the application services space. Now, more than ever, organizations are looking for solutions to streamline and optimize technology, with business applications being a significant component of it. The business application market segment is highly competitive and complex. As a result, a concerted move in the ICT provider community for rethinking partnership strategies can be anticipated. Thus, supplier ecosystems need to deepen to adapt to the level of experience and flexibility that modern organizations expect [15].

6.6 Conclusions The development of the information society does not exclude the emergence of problems related, first of all, to the adaptation of the individual and the community, in general, to the conditions of the new economy. A faster adaptation can be built on the basis of increasing the individual’s trust in the organization and society while acquiring the necessary skills to access information and its effective use. Technological evolution is the origin of an information society based on the socio-temporal independence of human activity, offering multiple economic, social, and cultural possibilities, the anticipation of which may be, under certain conditions, a problem. The use of teamwork software through computer networks (groupware) engages not only people with specialized training. Network work, supported by the use of e-mail, voicemail, Internet, and intranet, will immediately become the method closest to the requirements of the management of economic organizations and to the requirements of public services in local and central administration. In most cases, networking indisputably improves the quality of the goods and services offered, allowing quick access to a large number of commercial and public services, which must be present in the immediate vicinity of home, if not at home. One of the issues raised in general, when it comes to teleworking, concerns the location and relocation of activities that can transcend the boundaries of the physical office, leading equally to competitiveness and comfort. Virtual activities, booming and constantly improving, must not be idealized or utopian, because the effect of the growth and diversification of jobs cannot be the same, for geographical areas and degrees of development of different societies. In the period of quantitative and qualitative mutations and major transformation of production processes, adapting the possibilities offered by ICT to the required qualified work offer cannot be an instantaneous process. Phenomena of non-adaptation to the

6 Agile Business Systems Development Paradigms—Technological …

79

environment may occur to the same extent as failure to adapt to ICT, leading, not in a few cases, to delays or even to the rejection of the new technology. In whatever scenario we position ourselves, the main idea emerges from the functional symbiosis of the two aspects dealt with in this research: technology and the human factor. In addition, the agile approach accepted and assimilated in both camps is, for the time being, a path to success. On the technological line, Agile and DevOps are gaining and will gain more and more ground, becoming the main approach or rule for modern businesses. The life cycle of the development of information systems related to these businesses will overlap the rules and processes specific to the business itself. The development of business applications, under the technological spectrum of cloud or fog computing, artificial intelligence, Internet-of-Things, VR and AR will increasingly turn to design components. Economically regarding the evolution of society, we will find ourselves in a continuous struggle with price dynamics against the background of older or newer crises and we will at the same time witness the development of new consumption models that, why not? some of them may even be “Agile”.

References 1. World Bank.: United Nations Population Division. World Population Prospects: 2019 Revision. https://data.worldbank.org/indicator/SP.POP.TOTL. Accessed 04 Jan 2022 (2020) 2. Roser, M.: Future Population Growth. https://ourworldindata.org/future-population-growth (2019). Accessed 09 Feb 2022 3. Stoica, M., Bodea, C.N., Ghilic-Micu, B., Mircea, M.: Managementul sistemelor informat, ionale. Bucharest, ASE Bucharest (2012) 4. Heylighen, F.: Principia Cybernetica Web, the Association for the Foundations of Science, Language and Cognition (AFOS) http://pespmc1.vub.ac.be/ASHBBOOK.html (2003). Accessed 04 Jan 2022 5. CECCAR Business Magazine.: Analize s, i sinteze: ANIS: Industria de software s, i servicii IT are o pondere de 6,2% în PIB https://www.ceccarbusinessmagazine.ro/anis-industria-de-sof tware-si-servicii-it-are-o-pondere-de-62-in-pib-a9072/ (2022). Accessed 01 March 2022 6. Ivan, I., Zamfiroiu, A., Matei, G., Luca, N.: Avut, ia nat, ional˘a digital. Bucharest, Editura ASE (2020) 7. Ghilic-Micu, B., Stoica, M., Marinela, M.: Collaborative environment and agile development. Informatica Economic˘a 18(2/2014), 32–41 (2014) 8. Digital.ai Software Inc. 15th Annual State of Agile Report. Digital.ai. https://digital.ai/res ource-center/analyst-reports/state-of-agile-report (2022). Accessed 10 Feb 2022 9. Stoica, M., Mircea, M., Ghilic-Micu, B., Uscatu, C.: From a smart education environment to an eco-school through Fog&Cloud computing in IoT context. Informatica Economic˘a 22(4/2018), 5–14 (2018) 10. Tapscot, D., Tapscot, A.: Blockchain Revolution. Bucharest, Act and Politon (2017) 11. Ghilic-Micu, B., Stoica, M.: A redefinition of telework through cloud computing—Telework 2.0. Bull. Taras Shevchenko Natl. Univ. Kyiv 46(188), 16–21 (2016) 12. Stoica, M., Ghilic-Micu, B., Mircea, M., Uscatu, C.: Analyzing agile development—from waterfall style to Scrumban. Informatica Economic˘a 20(4/2016), 5–14 (2016) 13. Ghilic-Micu, B., Stoica, M.: eActivit˘a¸tile în societatea informa¸tional˘a. Bucharest, Ed. Economic˘a (2002)

80

M. Stoica et al.

14. Stoica, M., Ghilic-Micu, B., Mircea, M.: The telework paradigm in the IoE ecosystem—a model for the teleworker residence choice in context of digital economy and society. J. Econ. Comput. Econ. Cybern. Stud. Res. 55(3/2021), 263–278 (2021) 15. O’Donoghue, O., Snowdon, J., Gabriel, M.: HFS Top 10: Agile Software Development. https://www.hfsresearch.com/research/hfs-top-10-agile-software-development-2020/ (2020). Accessed 09 Feb 2022

Chapter 7

Identification of Qualitative Weak Signals Coming from Asset Management Working Practices to Feed Forward-Looking Investment Pension Funds Models Emmanuel Fragnière, Pierre Fischer, Jahja Rrustemi, Nils Tuchschmid, and Olivier Guillot Abstract Because of their overreliance on benchmark tracking, pension funds in Switzerland tend to take a passive and short-term approach to portfolio investment and management. This leads to mismatched and sterile strategy styles in relation to their mandate’s perspective and needs. Pension funds have a long-term perspective which nevertheless could benefit from more adaptive approaches (for example, in seeking to temper the negative effects of the paradigm shift to near-zero interest rates which has plagued performance for several years now). In this study, we aim to explore and understand alternative approaches used by successful market participants. The inductive methodology used is a qualitative survey based on the collection of narratives through semi-structured interviews. We conducted 9 semi-structured interviews with experts in the field to explore this question and develop research proposals. Then a synthesis is made based on a categorization by theme. Thanks to this synthesis, research hypotheses are generated and compared with the scientific literature. The key findings are that talented finance professionals look for weak signals that herald change and they can exploit them successfully. We aim to see if there are benefits to incorporating qualitative weak signals into a forward-looking risk management tool to better hedge the portfolios of pension funds that typically rely on more backward-looking approaches. The objective of this research is, therefore, to apply the concepts of cybernetics to the case of a business investment portfolio solution. These results will be introduced in further research in our quantitative and digitized forward-looking portfolio management models.

E. Fragnière (B) · J. Rrustemi · N. Tuchschmid University of Applied Sciences Western Switzerland (HES-SO), Delémont, Switzerland e-mail: [email protected] P. Fischer · O. Guillot Grammont Finance, Financial Engineering and Trading, Lutry, Switzerland © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_7

81

82

E. Fragnière et al.

7.1 Context In Switzerland, there are approximately 1,600 pension funds managing a total of CHF 900 billion in assets. Swiss pension funds are facing many challenges and difficulties today. Just to mention a few: the aging of the population, the pressure on cost and performance (negative or ultra-low interest rates and about 1/3 of investments are in Bonds), digitalization, as well as the necessity of integrating sustainability issues. Unlike these huge societal shifts, asset management techniques, including those used by pension funds, are still managed in backward looking manner. By this we mean that the past is used to extrapolate into and manage the future. One must ask if it is reasonable to manage pension funds in this way knowing that all these challenges are a result of structural shifts, sometimes even paradigm shifts. Why not manage pension funds based on forward-looking methods instead of a backward-looking method? With a forward-looking approach, the logic of investment is completely reversed. In backward-looking investment methodologies, the asset manager will work with an allocation that is fixed for long periods in the hope that there maybe some chance of equaling or beating the performance of a market benchmark. On the other hand, with forward-looking methods, we must constantly rework the investment portfolio with regards to the allocation mix but also by considering elements that herald change, called weak signals. These forward-looking approaches come from the cybernetics notions of feedforward control where typically the disturbance is anticipated or predicted, whereas in the case of feedback control, the feedback element comes from the system output. These weak signals can come from quantitative market data or, as we have done here, from ethnographic studies and are then more behavioral. Indeed, in this research, our objective was to investigate, through a qualitative survey, how investment professionals sometimes use unique and sometimes are common approaches when implementing investment strategies. This field study has led to the identification of operational shortcomings caused using benchmarks by pension funds in Switzerland when evaluating portfolio performance. We have found that the standardization effect and the limited approach of benchmarking have led to several important operational weaknesses. The issues we examined are that the benchmark does not necessarily reflect the specific needs of the customer. Tracking the benchmark forces a selection of assets because they are included in the benchmark, regardless of their actual quality as an investment and regardless of their pertinence to the investor’s profile. Consequently, tracking the benchmark forces asset selection which may not be adapted to the situation. This precludes other strategies that would normally require the creative skills of the asset manager. As a result, we posit that this will lead to difficulties in attracting and retaining creative talent over the longer term and bringing innovation to the asset management industry. This should also mean that their strategy styles are not adapted to their mandates anymore. We also note in passing our opinion that the pervasive use of benchmark tracking has led to the increased use of index tracking ETFs which have the advantage of lower costs to the investors for the same strategy. This has been at the expense of active asset management.

7 Identification of Qualitative Weak Signals Coming from Asset …

83

Consequently, we want to understand why these financial actors, while being aware of these shortcomings, do not change their approach to long-term investments by continuing to rely on backward-looking methods when they could use behavioral weak signals to help their clients benefit from more forward-looking ones. We have conducted 9 semi-directed interviews to address this question and come up with research propositions. The main findings are that the most talented pension fund managers are looking for weak signals announcing changes though not followed by any efficiency since the rest of their profession ignored those signals. This paper is organized as follows. In Sect. 7.2, we present a brief literature review related to the notion of risk taking by the financial profession. In Sect. 7.3, we explain the methodology that has been used to conduct this research. In Sect. 7.4, we summarized the main results of the transcript’s synthesis. In Sect. 7.5, we conclude and provide directions for further research.

7.2 Literature Review When allocating capital to risk assets, investors in pension finds continue to rely on well-established normative criterion as Portfolio Theory (PT) or some of its extensions such as Global Minimum Variance Portfolio (GMV) [1] or, more recently, Risk Parity (RP). One could argue that these criteria compete with each other. They somehow, all of them, assume that there is enough “symmetry” in the return distribution of risk assets to justify the use of volatility as an objective risk measure that should be controlled or at best minimized. Obviously, any normative criterion has weaknesses and PT is not an exception. However, the implicit assumption that return distributions are symmetric (or more precisely, that they belong at least to the family of elliptic distributions) becomes unsustainable when non-linear derivatives such as options are included [2]. Sound alternatives to traditional allocation criteria have emerged over the past years but they still have a way to go to become “plain vanilla” solutions. Nonetheless, they are very well suited to managing the risks of equity portfolios made of both underlying themselves and their derivatives. Yet, adding derivatives is one thing, adding the right ones is another. The ability to find predictive factors, under the form of weak signals, in option prices and to use them to build equity portfolios is a key component of success [3]. Finally, to properly assess how risky an investment is, the use of forward-looking risk measures (e.g., by including tail risks [4]) that are imbedded in option prices is more appropriate [5]. In forward-looking investment models, the difference is that the logic of decision planning is grounded on an open loop control logic and not closed loop (backward looking) as it is the case for most PT models. In an open loop setting, we need external anticipative information that are called weak signals. Pension funds usually have a very conservative approach to investing and thus tend to rely on backward-looking approaches. They are typically not used to this logic of forward-looking methods of investment, and therefore, in this literature review we

84

E. Fragnière et al.

explain, based on scientific papers, what the meaning of weak signals is and what are those that could be useful in a quantitative model, in particular the weak signals based on the grounded theory (or qualitative survey) which, to our knowledge, represents the originality of this research. In his seminal article on weak signals [6], Ansoff explains that proactive planning is essential for the sustainability of a company. Furthermore, Ansoff argues that with the right information, the treatment of discontinuities can be predicted through various forecasting techniques. In turn, factual information can be translated into actions and plans in the strategic planning process of any organization. The real difficulty lies in getting the relevant and accurate data at the right time. Even so, data and strategic planning can only be useful if two other conditions are met. First, the information must be available in sufficient time to allow the company to respond in a correct and thoughtful manner. Second, the forecast must be as complete and comprehensive as possible. Ansoff concludes his article by arguing that weak signals can be a way to gather the necessary information in time to react. The problem with weak signals is that the term is not clearly defined, which makes it impractical despite its popularity in management science. But in any case, in order to make the connection with cybernetics [7] and to know which signals are important and which are just interferences, the signals need to be amplified, as is known in other fields such as electronics. Regardless of the field, the goal of signal amplification is always the same: to amplify weak signals that contain a lot of noise in order to detect the overall trend. This is exactly the goal of our predictive financial investment models: to identify qualitatively weak signals originating from the organizational processes used by the asset managers who typically manage these portfolios. In order to achieve its goals, the system needs to be managed in different ways. In fact, internal or external factors can disrupt the whole system. In order for the system to achieve its goals, the effects of disturbances must be controlled in three ways: buffering, feedback and feedforward. In buffering, the system is passive and absorbs the disturbance. In contrast, feedback control “compensates for errors or deviations from the goal after they occur” [7]. Feedforward control, like feedback, requires action to eliminate the effects of disturbances. However, unlike feedback control, feedforward control eliminates disturbances before they affect the system. To predict the problem, it is necessary to know how the disturbance will affect the system. Regardless of the domain, the goal is the same: to change the system before it is affected by the disturbance. To do this correctly, it is important to know how the system may be affected by the disturbance. The feedback control (Fig. 7.1), in the most common strategy, measures the output and compares it with the required value. The feedforward control (Fig. 7.2) takes into account perturbations by measuring them and applies control action accordingly [8]. All this methodology and application to an industrial case was applied in a previous paper [9]. In this study, we apply the Ansoff weak signal approach to the particular case of pension fund investments (see Fig. 7.3).

7 Identification of Qualitative Weak Signals Coming from Asset …

85

Fig. 7.1 Feedback control, adapted from Hopgood [8]

Fig. 7.2 Feedforward control, adapted from Hopgood [8]

Fig. 7.3 Feedforward control based on “à la Ansoff weak signal” [9], adapted from Hopgood [8]

7.3 Methodology The chosen research strategy is based on a qualitative survey. The objective herein is to describe and explain the social context of the respondents as they describe it. This is an appropriate strategy for the management field if one is seeking information about a particular context, to better understand and interpret it from the perspective of those involved [10]. An inductive approach was, therefore, deemed most appropriate for this research. Our research approach is based on a qualitative survey. We have conducted nine semi-directed interviews with different kinds of profiles all involved in the investment decision process (asset managers, traders, academics…) during the year 2021. All interviews have been transcribed and we have used a classical discourse analysis to produce the synthesis of results. Based on the latter, we have produced three research propositions that were discussed in detail and compared to the scientific literature review.

86

E. Fragnière et al.

The open-ended responses were subsequently exposed to a thematic discourse analysis. This triangulation, as a qualitative research strategy, aims to test validity through the convergence of information from different sources [11]. The main questions of the interview guide, are as follows: 1. 2. 3.

Tell me about a typical trading day in chronological order. What do you particularly like and dislike about this typical day? How do you come up with new ideas in your forward-looking trading thoughts? How do you organize yourself? 4. When forming your opinion about the market, do you consider the sentiment shared by the profession about the markets? 5. What are the dynamics and factors that are responsible for the development of market sentiment? 6. Do you think that market participants, without being insiders, sometimes manage to see warning signs before the event that triggers the move? 7. Why do you think that since the 1987 crisis, in all of the following crises, the market recovered its losses relatively quickly before continuing to rise? 8. Can you identify a few types of warning signs? 9. How would you currently position yourself in your market and why? And in the following markets? Stocks? Interest rates? Precious metals? Commodities? Real estate? Bitcoin and other cryptocurrencies? Other? 10. Do you see a potential for market manipulation through social networks? 11. What will the trading and investment environment look like in the near future? What will be its logic?

7.4 Synthesis of Results 7.4.1 Common “Investment Traits” The interviewees present us with very contrasting approaches to investing, often based on very different beliefs. However, there is one common trait among all these investment professionals. All of them work very thoroughly and above all follow their approaches in a very systematic and rigorous way. We also see that all these approaches are often based on strong belief systems that are apparently never questioned. In fact, we do not see any agnostics or even ecumenism, i.e., mixing different approaches. There is also almost always the notion of pleasure in making these investments. There are bonuses and a kind of competition, but the notion of pleasure always comes first. An example of these systematic approaches applied by the investors we interviewed is the following. When things are going well in the markets (e.g., bullish), one should think about what is not going well, and therefore, be as countercyclical as possible. The goal is to look for information on what market analysts are not paying attention to.

7 Identification of Qualitative Weak Signals Coming from Asset …

87

7.4.2 A Systematic Approach to Search Weak Signals We see here in the framework of this operating mode, that weak market signals will be sought outside the mainstream information flows. We thus find this paradox of a systematic and rigorous method to find weak signal information that, and it seems that this is a generalized belief among our respondents, is hidden. One could take up here the image of the gold digger who all day long with his sieve filters the sand of a place in the river in a systematic way to hope to extract a nugget. Rigor is of course required, but so is a proven know-how. “Always looking for the things that others have not already identified.”

7.4.3 Market Personification Another interesting point that came out of the interviews is that in a classic investment scheme, financial analysts look for information, analyze it, and propose, buy, and sell recommendations. Then the asset managers manage their portfolio based on the reports provided by the analysts. Surprisingly, one of our respondents tells us that he is not so much interested in the analyst’s predictive ability but rather in the analyst’s thoughts that he may not have thought of himself, thus increasing his knowledge base and his exploration scenarios. As we refer to weak signals, we must also consider the whole rationale behind the weak signal as well as its heralding dimension of a new social phenomenon. Thus, by analyzing our interviews, we can see that a weak signal can refer to an opportunity to buy or sell a financial vehicle but also to what is also called a turning point involving a change of paradigm in the investment patterns. For example, one point that was discussed at length with our respondents is that bitcoin (or more generally cryptocurrencies) represents a turning point today in the sense that from now on it must be integrated into investment strategies because it is assumed that in the future it will be fully integrated into our financial systems including by our regulators. One point that seems to be recurrent in the synthesis of the interviews is that the market is seen as a belief system. Indeed, in all the transcripts we find terms that give a kind of profile of the market’s characteristics. It is described as a wild beast with its own whims, mood swings, and even exaggerations. To refer to classical finance, which is typically based on axioms of rationality, the market itself is clearly associated with great subjectivity. One could even push the reasoning that the market is a divine figure that is rather feared. Mr. Market is bipolar, neurotic, has mood swings. It is thus important to keep this in mind but at the same time to be able to stay detached. Discipline!

The psychological dimension, therefore, whatever the methods applied, qualitative or quantitative, must remain in focus. Thus, in a recurring manner, the respondents indicated that the market tends to exaggerate, whether up or down, which

88

E. Fragnière et al.

would demonstrate a hyper-emotional character. The market also tends to consider only good or bad news. We thus observe a phenomenon analogous to the tides with the ebb and flow and thus a highly polarized cyclical phenomenon that is also called volatility.

7.4.4 Weak Signals and Financial Crisis One of the questions we asked was about the possibility of a new financial crisis like the one we experienced in 2007/2008. Here again, most respondents believe that the banking system has reached such a level of resilience that they do not believe in the possibility of a new crash. Even if the rationale for this differs from one profile to the next, in the end it is still a shared feeling. One of our interviewees, who produces financial risk management systems tells us that there has been significant change in this area. IT and digital tools are very powerful and very user friendly.

7.4.5 Evolution of Operating Modes in Asset Management Before, we used to produce figures often based on complex calculations. The evolution of financial applications has made it very easy and often free to obtain financial information and calculations. As a result, we are now moving more towards financial education. This is where the added value for the investor will be found. There has been a change in posture. So, for this respondent, it is no longer sufficient to unearth the weak signal, but one needs to also allow the user of its financial risk software to be able to conduct this discovery process by himself to find the right weak signals. As far as market exaggeration, high frequency trading and automatic stop losses are concerned, they certainly play an important role. In particular on momentum strategies which consist in buying an asset, often at a high price, which the investor believes will continue to benefit from price appreciation (with the necessity not to enter too high and not to exit too late of course). There is also a lively discussion in the investment industry regarding the merits of passive versus active management. This academic debate is of course not over. It is, however, sure that the extensive use of benchmarking has introduced a more passive approach to investment. Furthermore, because of their lower fee structures, ETFs have democratized and have been a catalyst in the increased use of passive management. But for our respondents, who turned out to all be convinced active managers, this evolution leaves a bitter taste. The advantages they perceive to this more artisan approach risks being lost. And in the search for weak signals, the fewer the managers there are that get to the bottom of things, the less effective search for weak signals will be.

7 Identification of Qualitative Weak Signals Coming from Asset …

89

In fact, all our interviewees indicated that easily more than 80% of their work time consists of searching for information, sorting it, and analyzing it. The rest of the time is only dedicated to decision making. It is true that times are changing. AI is more and more used in finance to find patterns. And we can rightly ask ourselves if all this disciplined work on research and data analysis serves any purpose. Here again the answer is not clear-cut. In terms of data collection, there is a growing distinction between “thin data” (big data) and “thick data” (from qualitative interviews). “Thick data” is becoming more and more popular because it corresponds to “contextualized” data. “Thin data”, on the other hand, is decontextualized and generic. We believe that when looking for anticipated weak signals, it is very important to consider the investment context in a “thick data” approach [12]. Megatrends are also mentioned here. They are linked to the notion of a turning point, i.e., a tipping point where the contextual evolution will be completely different in the future. We can ask ourselves, for example, if crypto currencies represent a real turning point. In any case, this is what came out in two of our interviews with the younger interviewees. For them, it is obvious that investing in cryptos as well as in ETFs really represents a challenge today, with extreme volatilities. Young people want to make returns very quickly. For them, there is no moral issue in investing in cryptos. A megatrend is that millennials are much more socially responsible and connected than previous generations. These young people often go to blogs such as reddit. This is a new logic that is well known under the term viral marketing. These financial blogs are fed by what we can call influencers. Elon Musk is typically one of these influencers. They manage to move the market very quickly. Now these platforms like reddit seem to be manipulated by big banks like Goldman Sachs to practice “pump and dump” investment techniques (I don’t think the big institutional would want to be seen to pump and dump but they definitely want to influence the market). Our respondents also indicated that they are tired of the evolution of these influencers, who are losing their authenticity and spontaneity. The room for maneuver of the asset manager is dramatically reduced due the overreliance of the industry on market benchmarking (passive investment) and thus doesn’t enable the asset manager to explore nonmainstream investment potentials.

As seen in the context of this paper, in the anticipation of market crisis, it means the asset manager cannot use his/her talent to find an alternative investment path to mitigate such crisis. It kills creativity. This means that it prevents the asset manager from exploring nontraditional investment strategies. This also presents issues in talent management. How does one attract young people to the asset management industry in and environment that kills creativity? What we see also in the literature is that marketing benchmarking performance criterion, even if everybody is aware of its flaws, is practically not avoidable. However, this favors asset managers that are not inclined to try nonmainstream investment strategies. In our interviews, this issue is often raised by our respondents even if the question was not explicitly asked. Particularly we see that in almost

90

E. Fragnière et al.

each interview there is a motivation for looking at new anticipative strategies that are non-traditional. And this often creates frustration to the point that some “in order to keep their freedom, would never again work in a bank” (Int. 2 with a senior asset manager). Younger traders would never imagine accepting too many constraints on their freedom (Int 3. with young asset manager).

7.4.6 Pension Funds: Weak Signals, Benchmarking, and Backward-Looking Information Pension funds normally have long-term objectives, but our respondents believe that in practice they operate with short-term strategies like many other investment funds. Our respondents believe that this can be explained to be their objective to track a benchmark. Our interviewees also believe that benchmark tracking kills the creativity that these asset managers possess. Benchmarking protects the asset manager from criticism because the investment’s performance never deviates much from the benchmark which is usually a representative of the broader market. However, the result of this is a very standardized and sterile investment approach. We have seen that independent respondents were very much in favor of exploiting weak signals and having a more forward-looking approach than what is practiced in banks (benchmark tracking asset management methods with backward-looking risk management methods). One point revealed by one of the respondents is that innovations have mostly been made because an employee of the client company spearheaded the exploration of new ways of investing and, therefore, without this freedom in a pension fund, which is typically very conservative, it is almost impossible to innovate and adapt the investment to the needs of the investor.

7.5 Conclusion and Further Research Pension fund investments tend to be based on benchmarking and backward-looking approaches. Considering the many structural challenges our society is facing today, we believe it is relevant to complement backward-looking approaches with forwardlooking investment models. In parallel to the quantitative models we are developing, we have also conducted a qualitative field survey to identify weak signals of structural change affecting future investment strategies. What we have learned is that it is difficult to automate the identification of these weak signals and that an approach based on a qualitative survey, as we could develop in this research, shows to be an efficient and relevant method. Moreover, we have seen that for the identified set of weak signals, the codification of some of them into usable quantitative models is nearly impossible due to the complexity of the observed phenomenon. For instance, that is the case with the weak signal grounded on the notion of “market exaggeration”.

7 Identification of Qualitative Weak Signals Coming from Asset …

91

Furthermore, as these weak signals could be short lived, it is also important to conduct such qualitative investigation on a regular basis. The approach we have developed here to collect weak signals through a qualitative survey will be used to feed our quantitative models and thus enable us to explore future investment opportunities in a more forward-looking manner.

References 1. Kempf, A., Memmel, C.: Estimating the global minimum variance portfolio. Schmalenbach Bus. Rev. 58(4), 332–348 (2006) 2. Ortobelli, S., Rachev, S.T., Stoyanov, S., Fabozzi, F.J., Biglova, A.: The proper use of risk measures in portfolio theory. Int. J. Theor. Appl. Financ. 8(08), 1107–1133 (2005) 3. Liu, X., Margaritis, D., Wang, P.: Stock market volatility and equity returns: evidence from a two-state Markov-switching model with regressors. J. Empir. Financ. 19(4), 483–496 (2012) 4. Huggenberger, M., Zhang, C., Zhou, T.: Forward-looking tail risk measures. Available at SSRN 2909808 (2018) 5. Kempf, A., Korn, O., Saßning, S.: Portfolio optimization using forward-looking information. Rev. Financ. 19(1), 467–490 (2015) 6. Ansoff, H.I.: Managing strategic surprise by response to weak signals. Calif. Manag. Rev. 18(2), 21–33 (1975) 7. Wiener, N.: Cybernetics. Sci. Am. 179(5), 14–19 (1948) 8. Hopgood, A.A.: Intelligent Systems for Engineers and Scientists, 2nd edn. CRC Press, Boca Raton (2001) 9. Glassey-Previdoli, D., Metz J.-C., Fragnière, E.: An “à la Ansoff weak signal” feedforward control for pharmaceutical distribution: a pilot study on standard operating procedure for managing customer complaints. In: 7th International Conference on Industrial Technology and Management (ICITM), Oxford, pp. 130–135. IEEE, New York (2018) 10. Saunders, M., Lewis, P., Thornhill, A.: Research Methods for Business Students. Pearson Education, London (2009) 11. Nancy Carter, R.N., Bryant-Lukosius, D., Alba DiCenso, R.N.: The use of triangulation in qualitative research. Oncol. Nurs. Forum 41(5), 545 (2014) 12. Madsbjerg, C.: Sensemaking: The Power of the Humanities in the Age of the Algorithm. Hachette UK (2017)

Chapter 8

Digital Competences in the Public Sector—Challenges for Universities Margarita Bogdanova

and Evelina Parashkevova-Velikova

Abstract The purpose of the paper is to identify the key competencies in the public sector in the digital age and to analyze the main challenges facing higher education in the process of training students and practitioners. The issues of the necessary competencies are addressed in a broad framework of interaction between different stakeholders in the process of transition to e-government. The methodology includes: a review of secondary sources—strategic and regulatory documents related to digital transformation in the country, scientific publications on digital transformation, comparative studies of practices of different countries, etc.; interviews with representatives of leading institutions—Institute of Public Administration and State Agency for e-Government; observations of the work of administrations in the public sector in the study of the Index of Administrative Capacity in Bulgaria; questionnaire survey of students’ attitudes (N = 118) for distance learning through digital means. Among the conclusions drawn is the need for broad stakeholder involvement (the government in cooperation with universities, the private sector, and the administrations themselves) in determining the necessary digital competencies; creativity and flexible approach in developing curricula in higher education; non-formal learning to complement the formal ones provided by universities.

8.1 Introduction The modernization of public administration and work processes has been a topic that has been the focus of attention not only of scientists but also of the general public for decades. In recent years, the emphasis has been mainly on the digital transformation of the public sector. It is associated with the intensive processes of

M. Bogdanova (B) · E. Parashkevova-Velikova (B) Tsenov” Academy of Economics, 5250 Em. Chakarov 2, Svishtov, Bulgaria e-mail: [email protected] E. Parashkevova-Velikova e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_8

93

94

M. Bogdanova and E. Parashkevova-Velikova

systemic restructuring of the economy, institutions, and society, due to the application of ICT [1]. The digital transformation of the public sector is associated with three groups of factors: (1) leadership, civic engagement and participation, transparency and openness; (2) incentives, knowledge, and experience; (3) regulation, educational reforms, and digital employment [2]. Together, they form the environment for building effective e-government and the transformation of conventional into digital administration. The human factor is key in this process. Digital competencies as a paradigm in the overall personnel management process are relatively new and, perhaps, unknown in detail. It is based on the widespread penetration of digital innovations and ongoing policies to digitize socio-economic relations [3]. Bulgaria strives to create a secure operating and well-functioning environment for the effective and efficient application of digital technologies in support of digital transformation. [4, 5]. The goal is to reach the average European values of the Digital Economy and Society Index (DESI) by 2030 [6]. In the ranking of this index, Bulgaria traditionally holds the last place. Particular attention is paid to the human factor, which is a key player in the digitalization process. In addition to specific professional skills in a specific field of application, the digital transformation of the economy requires digital competencies to ensure the transition from conventional to digital functioning. This implies the creation of an environment that constantly stimulates the acquisition and improvement of digital skills, the application of innovative methods of teaching, lifelong learning. The purpose of this paper is to identify the key competencies in the public sector in the digital age and to analyze the main challenges facing higher education in the process of training students and practitioners in Bulgaria. The issues of the necessary competencies are addressed in a broad framework of interaction between different stakeholders in the process of transition to e-government. The research methodology includes a review of secondary sources—strategic and regulatory documents related to digital transformation in the country, scientific publications on digital transformation, comparative studies of practices of different states, etc.; interviews with representatives of leading institutions—Institute of Public Administration and State Agency for e-Government; observations of the work of administrations in the public sector in the study of the Index of Administrative Capacity in Bulgaria; questionnaire survey of students’ attitudes (N = 118) for distance learning through digital means.

8.2 Digital Competencies in the Public Sector—Literature Review Digital competence, perceived as a key competence, implies skills for free, reasonable, critical, and responsible use of digital technologies both in the workplace and in public and private life. This supposes both readiness for perception and learning

8 Digital Competences in the Public Sector—Challenges for Universities

95

based on technological progress and a high degree of understanding of the received information, recognition of fake news, adequate and reasonable dissemination and management of data and information, and adequate preparation of digital content in compliance with applicable legislation in the field of intellectual, copyright and related rights, cybersecurity, as well as critical thinking and problem-solving. This wide range of skills and knowledge is subject to two main interventions [7]: (1) Building knowledge, skills, and competencies for expert application and development of digital technologies in the workplace; (2) Development of skills for critical analysis, safe, responsible, and ethical information management. The level of digital knowledge and skills of the staff largely determines the pace of digitization and the effectiveness of the transition from analog to digital public administration [8]. The concept of digital intelligence coefficient [9] is being developed, which accumulates social, emotional, and cognitive skills for coping in a digital environment. Digitalization is defined as a destructive innovation. It changes work processes and imposes new requirements for the performance of work tasks. At the same time, various soft skills that enable employees to overcome the challenges arising from digitalization are becoming increasingly important [10]. There are different views on the necessary digital competencies, in general, and in the public sector in particular. They have evolved in recent years due to the accelerated digital transformation of socio-economic relations. A number of researchers have emphasized the need for more digital competencies in the context of the growing importance of ICT for all spheres of society since the beginning of the twenty-first century [11]. Over the last 10 years, due to continuous technological progress, this process has accelerated at an increasing rate. A survey conducted in 2015 defines five categories of competencies that employees should have. These are technical, socio-technical, organizational, managerial, and political-administrative competencies [12]. Technical competencies are closely related to technologies and systems. Socio-technical includes skills to work with ensuring integration and connection between individual technical systems and employees. Organizational competencies are related to the integration of technology and workflows. Management competencies include typical business and management skills, such as project management, change management, financial management, planning, etc. Political–administrative competencies include skills for integration of e-government with the current regulatory and strategic framework. These five sets of competencies outline the complex and interdisciplinary nature of digitalization of public sector processes and the need for a wide range of competencies that go far beyond the list of basic or specialized IT knowledge. A large-scale survey of 700 public sector experts in more than 20 European countries, conducted in 2016, outlines the applicability of certain groups of competencies. [13]. Once again, the interdisciplinarity of the necessary skills is at the forefront, and among the serious problems is the shortage of soft skills in the sector. The thesis is that a detailed analysis of the public services and public policies provided and implemented through information and communication technologies is needed, with

96

M. Bogdanova and E. Parashkevova-Velikova

an emphasis on in-depth knowledge of organizational processes, regulations, and management dimensions of work processes [14]. Various organizations also contribute to the definition of digital competencies in the public sector. The OECD is developing the Digital Government Toolkit, which formulates 12 competencies divided into three pillars. Each OECD member country has the opportunity to develop digital governance tools by adhering to one or more of these 12 principles. [15] Canada [16], New Zealand [17], and other countries are developing long-term policies and strategies for digitalization based on a holistic approach [18], integrated participation, and in-depth views on technological change and its impact on all areas. The most impressive is the example of Estonia [19], which, starting from scratch, manages to become one of the best digitally developed countries in the world [20]. The Joint Research Center (JRC) of the European Commission published in 2015 Digital Competences Framework, which includes 5 groups of citizens’ digital competencies: information processing, communication, content creation, security, and problem-solving. They are listed in three levels of proficiency in a self-assessment matrix: basic, independent, and free [21]. In 2017 Digital Competences 2.0 [22] was published. It contains eight proficiency levels and examples of use and is designed to build capacity for the digital transformation of education and learning and the changing requirements for skills and competencies. Digital competencies 2.0 is recommended for training public administration employees in Bulgaria [23]. A new process for revision of the framework was initiated in January 2021, and the new version is expected to be published in 2022 [24]. Experts from Harvard Kennedy School [25] identify 8 groups of competencies as fundamentally new and not yet studied by current and future civil servants. They are related to: . Ability to assess the users’ needs for public services. This implies that the employee is able to assess, analyze needs, and is able to effectively cooperate with specialists in the process of identifying these needs, and at the end of this process, he/she can design, test, and make effective decisions. At first glance, this competence does not seem to be new, as it is widely used in the analog world [26]. It is standard practice in business planning and marketing. However, this is not so popular in the public sector, because the administration is not always user-oriented. Only after the introduction of the new public management did a study of consumer needs begin as part of the so-called consumer-oriented design of public services, which are based on user experience [27]. However, since the Covid-19 pandemic, many sectors have urgently switched to remote services (where possible) without prior preparation [28]. Limited communication with consumers, which in analog services is still an opportunity for feedback and monitoring customer satisfaction, further reduces access to primary information for public sector employees and decreases the ability to innovate services. For this reason, the study of consumer needs in the digital age must be presented as a specific competence in public administrations to be taught in higher education in a whole new context [29].

8 Digital Competences in the Public Sector—Challenges for Universities

97

. Risk management in work processes—related to the skills for adequate identification and assessment of reactions to potential risks, especially those arising from the digitalization of processes. The problem of data security (cybersecurity) is one of the most pressing in the information society. There are hundreds of examples of data leaks. They are subject to exchange and unauthorized use, which endangers the security of people and organizations. It is, therefore, necessary for public sector employees to understand the philosophy and basic processes related to data security and, if necessary, to be able to inform relevant experts, consult and receive assistance in order to effectively manage the risk of data leakage. . Interpretation and implementation of different approaches to the implementation of work processes—employees are able to combine traditional skills for public service with modern, digital skills. They effectively work or lead multidisciplinary teams and multiply good practices. In today’s world, providing high-level public services requires many skills that one employee rarely has. To this end, he/she must be able to identify the necessary skills and know what people to invite in order to complete the expertise in the case. This requires a broad culture and knowledge of many areas, although not at the expert level. But it also requires knowledge of “organizational challenges” [25], i.e., bureaucratic conditions that would hinder the search for people with new skills, especially when they are outside the organizations. Combining different specialists in a multidisciplinary team is a challenge in itself. It requires non-standard thinking, combined with a broad administrative culture, to anticipate the risks of team failure. . Flexibility and improvement—requires employees to understand the importance of iteration and quick feedback and to be able to create a work environment in which they can constantly learn and seek improvement. The application of the agile principle of project management, where the iterative approach and quick feedback from customers are key, is flourishing today. It originated in the IT sector, but quickly entered all areas. Agility in the public sector during the digital age means that employees must be able to build small elements (prototypes) of public services and test them before moving on to the next stage (iteration) of service delivery. The agile approach is challenging, as it comes into sharp conflict with traditional attitudes and processes of detailed and continuous planning. Flexibility means ending the practice of prior assumptions and working only on the basis of consumer-approved ideas and views on public services. This is a particularly valuable skill in developing public policies that target large-scale public spending. The iterative approach of gradual policy-making and continuous learning lessons allows evidence-based decisions to be made, i.e., tested by consumers and policy stakeholders. . Change management—This digital competence requires employees to be able to identify opportunities to improve government operations, service delivery, or

98

M. Bogdanova and E. Parashkevova-Velikova

policymaking and to be able to overcome existing structural and institutional barriers to change. Processes in the public sector are evolving and some of them are digitizing faster than others. This mismatch in the speed of innovation can lead to conflicts, for example between IT and the legal department. The lag in the so-called non-digital systems and processes can be an obstacle to rapid digitalization and create cases that require current competence. In addition, employees who have a visionary view of which departments are drastically lagging behind must also have persuasive skills to bring the system into harmony. . Shared management. Employees should know and apply a number of techniques and tools to make management more open, collaborative, and responsible. Digital tools provide new opportunities to persuade the audience, to inform it, to increase the participation of citizens and stakeholders, and to involve them in decision-making processes. . Data analysis in the management process—in particular, this competence refers to employees’ understanding of how to use data to inform decisions, design and manage services and create public value inside and outside government. In practice, new sources of data are constantly emerging, in new forms and far larger volumes, which require additional skills for processing and use. Some of them need to be combined in a multidisciplinary context, such as urban planning, which requires a compilation of multiple sectors analyses and their integration. . Prognostic thinking in support of digitalization—is related to understanding the current and evolving potential of digital technologies, where employees must be able to assess how technology can be used to improve public performance. Today, the number of technologies we have at our disposal in everyday life and at work is increasing. This abundance of ways of doing things also requires the competence to choose the appropriate technology that gives the desired result at a low price.

8.3 Attitudes and Understandings About the Digitalization of Services in Bulgaria—Results of Research In Bulgaria, there are contradictory and unclear understandings of the scope of digitalization and the steps in the process of transformation. A team from D. A. Tsenov Academy of Economics with the participation of the authors of this paper monitored the development of the administrative capacity of public sector organizations, incl. in terms of digitalization, in a long-term study (2017–2021). 110 to 180 representatives of central and local administrations take part in it every year. According to 2020 data, only 26% of the respondents believe that e-government in their organization

8 Digital Competences in the Public Sector—Challenges for Universities

99

is in line with government-defined guidelines; that staff, customers, suppliers, and business partners are actively involved in shaping a continuously improved vision, and that there are mechanisms for measuring the results of the e-government. The rest are of the opinion that e-government is being implemented in part, with “limited efforts being made to align and consolidate EU strategic plans and policies”. At the same time, in another part of the survey, 32% of the respondents answered that a comprehensive integrated e-government system has been built in their organizations. These results show a rather distorted self-assessment of the degree of digitalization in the public sector—both for internal and customer-oriented processes. A possible explanation is the lack of a common, recognizable vision for digitalization, and hence for the new responsibilities of the administration and the necessary competencies for their implementation [30]. These conclusions are confirmed by representatives of leading organizations involved in digitalization in Bulgaria—Institute of Public Administration and State Agency for e-Government. A survey was conducted among 118 students in Management and Economics, who traditionally hold various positions in the public administration in Bulgaria and who in practice implement the concepts and policies for e-government. The survey was conducted in the period from 10th of January until 15th of February 2022. The chosen method was an electronic questionnaire with 18 closed and semiclosed questions. Students from different programs from the three forms of education participated—full-time, part-time, and distance learning. At the time of the study, all were in distance (remote) learning due to Covid 19 restrictions. In Bulgaria, remote learning in universities was applied for several months in the last two academic years. The random sample includes 19% of distance learning students, 53% full-time, and 28% part-time, which corresponds to the structure of the students at the university. 60% of the respondents are women and 40% are men. Some of the questions were asked to students in a similar study during the same time period in 2021, which is why a comparison of the answers is presented here. The results of both studies show that: . The lack of live contact with other students (57%) continues to be the biggest problem for students. Next are problems related to learning—difficult communication with teachers, and lack of understanding of some of the tasks in a distance environment (Indicated by 30% of respondents). . However, distance learning is still preferred due to its greater flexibility, low cost, and time savings (over 60% of respondents) . Respondents assess the improvement of their skills in the learning process through remote forms, with over 46% reporting that in 2022 they are doing better than in 2021. . Teachers’ grades are even higher. Over 62% of respondents say that educators are doing better in digital teaching than in the previous year. There are no differences in responses between men and women, as well as between different forms of training. The results of the study show that students from the Academy of Economics are beginning to accept digital means of communication, even if imposed due to force

100

M. Bogdanova and E. Parashkevova-Velikova

majeure. However, this applies to the skills of learners and trainers to use digital tools, but not to the content of curricula, which have not yet been updated to include the digital transformation of professions.

8.4 Digital Competencies of Public Sector Staff—Challenges for Higher Education Creating digital literacy is a long and complex process that requires focused and continuous effort. This implies that learners must be involved in adequate preparation at each stage of their education, and the aim is not only continuous accumulation and improvement of knowledge and skills but also the acquisition of new ones in view of the dynamics of innovation. Based on the concept of digital literacy, a framework for digital competence related to digital transformation at three levels is formed [31]. Adapting the framework to the public sector in Bulgaria, the levels should cover: 1. Existence of digital competence for basic work processes. It covers basic knowledge, skills, and attitudes related to the implementation and organization of important basic work processes that affect the work of the general administration. It does not create added value and has no direct participation in the provision of public services, but ensures the work of the specialized administration. Such include, for example, accounting, human resources management, public procurement, etc. This level of digital competence implies basic and widespread and applicable skills that can be mastered at different levels of expertise, ranging from basic skills to more specialized ones. 2. Application of digital competence in specialized work processes. This includes specific knowledge, skills, and attitudes related to the implementation and organization of key work processes. It is the specialized administration that is engaged in providing public services for citizens and businesses. This level of digital competence presupposes the presence of specific professional skills—for example, in spatial planning, vertical planning, property management, investment design, and planning, etc. 3. Comprehensive digital transformation requires an adequate organizational environment and culture. This level of digitalization implies a high degree of digitalization of all work processes in the administration, and the organizational environment stimulates innovation and encourages creativity, strives for continuous improvement, and stimulates significant change at the individual or organizational level. Here, we are talking about the digital culture of the individual and the organization. In the higher education system, and in particular, in the training of students who will work in the public sector, it is necessary to make organizational and structural changes, both in terms of the content of the teaching material and the approaches and techniques of teaching.

8 Digital Competences in the Public Sector—Challenges for Universities

101

The dynamics of the penetration of IT in all aspects of public life poses new challenges to both public sector organizations and training institutions. Numerous studies and analyses of the degree of digitalization of the sector and the degree of development of the e-government show that Bulgaria lags significantly behind in these processes. And this is not just about the application of digital technologies. The problems have rather an expert and organizational aspect. In practice, the lack of a comprehensive concept for the development of e-government in Bulgaria, despite the many strategic documents back in time, is a significant problem that is multiplying in different directions. One of them is the training of specialists who need to integrate into e-government and ensure the flow of work processes. It turns out that the lack of an integrated approach to the digitalization of the public and the introduction of e-government is a significant problem for the training of adequate staff. Most of the processes in the public sector in Bulgaria are implemented in an analogous way, which requires staff to have specific organizational skills, knowledge of regulatory and strategic framework in detail, skills for gathering information and its consolidation, and more. They need these skills to be able to carry out their tasks in a traditional environment characterized by a low degree of digitalization and automation. At the same time, the digitalization of work processes and the introduction of the e-government place completely new demands on the skills and competencies of staff. This is related to the management of large volumes of information, its storage, retrieval, and processing, proper interpretation and guidance, etc. And since digitalization is seen as a destructive innovation, it becomes clear that personnel who work in an analog environment and those who prepare in such conditions cannot be able to perform the same type of work in a new way, i.e., they are unprepared for the digital transformation of the public sector. The training of the staff needs to be relevant both to the degree of digitalization of the processes in the public sector and to the tendencies in this direction. The lack of an overall vision for the development of e-government in Bulgaria poses the dilemma of whether to train staff who have competencies in relation to the current state of the sector or to prepare them in the future, relying on skills and competencies for which it is not clear whether they will be applicable. There is a risk that students’ excessive digital competence will collide with the low digital intelligence of organizations. At the same time, the universities themselves face a number of challenges in order to be able to lay the foundation for the formation of the above 8 digital competencies. The demand for specialists with complex skills will grow steadily in the digital transformation. From this point of view, it will be important to train staff with both technical and managerial, as well as socio-technical and political-administrative competencies. Building them is a long and complicated process. The emphasis in the educational system is to prepare staff with developed knowledge and skills, which can flow directly into the work processes and fit into them quickly. These skills, however, are mostly technical. The other necessary skills are mainly “soft skills” that are acquired in education in subjects that fall within the scope of economics and management, which, however, are not a priority of public policy in Bulgaria. The lack of support at the central level for teaching in these

102

M. Bogdanova and E. Parashkevova-Velikova

areas affects the opportunities for the development of teachers themselves, as well as the limited introduction of innovations and technologies in teaching, the traditional conduct of lectures and seminars, with conventional approaches and teaching methods, which in today’s digital society makes it inefficient. The problem at this stage is not clearly distinguishable, but as it became clear above, the education system prepares specialists for the public sector, which is not modernized and is far from the stage of complete digital transformation. However, this cannot go on indefinitely. Citizens, businesses, and the environment as a whole will set new requirements that the public sector will have to meet. The answer will be difficult due to the lack of well-trained and experienced staff. The education system, in turn, will have to react quickly, which will lead to a risk of lowering quality. Lifelong learning in its various forms is a good tool for maintaining and developing competencies, but not for their formation and initial development, especially in the public sector. Higher education must play a fundamental role in the process of forming these competencies. In order to achieve this, it is necessary to invest priority funds for capacity development in universities to train staff with hybrid knowledge and complex skills and competencies that will play a key role in the effectiveness of the future innovative digital public administration.

8.5 Conclusion Digital transformation has great potential for economic growth. However, this is not possible without the creation of adequate human, scientific, organizational, and institutional capacity based on digital skills and appropriate organizational culture and legal environment that promotes their development. This poses challenges to education at all levels, but we believe that it is especially true for higher education. Digitalization leads to several key challenges: between science and practice (universities and public organizations); between analog and digital public service delivery (current and future trends); between the expectations of students and their future employers. In addition, there may be contradictions that are indirectly important: between business and the public sector; between citizens and the public sector; between public organizations themselves, some of which are better prepared for transformation than others. All these imbalances require the joint efforts of the participants in the social processes—the government, the universities, the private sector, and the administrations themselves. This is a matter of strategic importance for the whole society and the development of non-integrated detached policies leads to partial, ineffective solutions. Higher education institutions should be extremely flexible in developing their curricula, not only for formal but also for non-formal learning. Vocational training centers and non-governmental organizations providing educational services should play an important role and complement each other with universities, extending the scope of training to citizens as users of digital public services.

8 Digital Competences in the Public Sector—Challenges for Universities

103

Acknowledgements The paper is part of activities under project KP-06-H45/ 1 “Digitalization and digital competencies—trends and innovative practices in higher education and the labor market”, funded by the Research Fund of the Ministry of Education and Science in Bulgaria.

References 1. Nicolescu, O., Nicolescu, C.: Relationships between digital/digitalized economy. In: Proceedings of the 13th International Management Conference “Management Strategies for High Performance”, pp. 457–465. Bucharest, Romania (2019). https://sites.google.com/site/ 2. Tham, J.: Critical factors for creating a successful digital public administration. SSRN (2018).https://doi.org/10.2139/ssrn.3296207 3. Ilomaki, L., Kantosalo, A., Lakkala, M.: What is digital competence? Linked portal (2011). http://linked.eun.org/web/guest/in-depth3 4. Council of Ministers of the Republic of Bulgaria: Natsionalen strategicheski dokument „Tsifrova transformatsiya na B˘ulgariya za perioda 2020–2030 g. (National Strategic Document “Digital Transformation of Bulgaria for the period 2020–2030”). Sofia (2020) 5. Council of Ministers of the Republic of Bulgaria: Natsionalna programa za razvitie BULGARIYA 2030 (National Development Program BULGARIA 2030) (2020) 6. European Commission: Digital Economy and Society Index (DESI). Shaping Europe’s digital future (2021). https://digital-strategy.ec.europa.eu/en/policies/desi-bulgaria 7. Hunnius, S., Schuppan, T.: Competency requirements for transformational E-government. In: Proceedings of HICSS (2013) 8. Uhl, A., Gollenia, L.: Digital enterprise transformation: a business-driven approach to leveraging innovative IT (2016) 9. Horrigan, J.: The meaning of digital readiness (2016). https://www.pewresearch.org/internet/ 2016/09/20/the-meaning-of-digital-readiness/ 10. Seufert, S., Meier, C.: From eLearning to digital transformation. A framework and implications for L&D. Int. J. Adv. Corp. Learn. 9(2), 27–33 (2016) 11. Sambamurthy, V., Bharadwaj, A., Grover, V.: Shaping agility through digital options: reconceptualizing the role of information technology in contemporary firms. MIS Q. 27(2), 237–263 (2003) 12. Hunnius, S., Paulowitsch, B., Schuppan, T.: Does E-government education meet competency requirements? An analysis of the German University system from international perspective. In: Ot S.R., Bui T.X. (eds.) 48th Hawaii International Conference on System Sciences (HICSS), pp. 2116–2123. IEEE, Piscataway (2015) 13. Ogonek, N., Gorbacheva, E., Räckers, M., Becker, J., Krimmer, R., Broucker, B., Crompvoets, J.: Towards efficient EGovernment: identifying important competencies for EGovernment in European public administrations. In: Scholl H. (ed.) Electronic Government and Electronic Participation: Joint Proceedings of Ongoing Research. Ph.D. papers, posters and Workshops of IFIP EGOV and ePart 2016, Innovation and the Public Sector, pp. 155–162. IOS Press (2016) 14. Picazo-Vela, S., Gutiérrez-Martínez, I., Duhamel, F., Luna, D.E., Luna-Reyes, L.F.: Value of inter-organizational collaboration in digital government projects. Publ. Manag. Rev. 20(5), 691–708 (2018) 15. OECD: Digital Government Toolkit (2014). https://www.oecd.org/governance/digital-govern ment/toolkit/12principles/ 16. Jones, P.: The futures of Canadian governance: foresight competencies for public administration in the digital era (2017).https://doi.org/10.1111/capa.12241 17. Digital Skills for Our Digital Future 2021 (2021). https://nztech.org.nz/reports/digital-skillsfor-our-digital-future/

104

M. Bogdanova and E. Parashkevova-Velikova

18. Simmonds, H., Gazley, A., Kaartemo, V., Renton, M., Hooper, V.: Mechanisms of service ecosystem emergence: exploring the case of public sector digital transformation. J. Bus. Res. 137, 100–115 (2021). https://doi.org/10.1016/j.jbusres.2021.08.008, ISSN 0148-2963 19. Tssonev, I., et al.: Preotkrivane na publichnite uslugi za 21 vek. Sravnitelen analiz na elektronnite reformi v Estoniya, B˘ulgariya i Rum˘uniya (Rediscovering public services for the 21st century. Comparative analysis of e-reforms in Estonia, Bulgaria and Romania) (2016). https://www.freiheit.org/sites/default/files/2021-01/re-designing-public-services-forthe-21st-century_bg_0.pdf 20. E-Estonia Story (n.d.). https://e-estonia.com/story/ 21. Digital Competences - Matrix for self-assessment (n.d.). https://www.navet.government.bg/ bg/media/dc_-_bg.pdf 22. The digital Competence Framework for Citizens: DigCom 2.1 (n.d.). https://apo.org.au/sites/ default/files/resource-files/2017-05/apo-nid221736.pdf 23. IPA: Ramka za digitalni kompetentnosti (Digital competences framework) (n.d.). https://www. ipa.government.bg/bg/ramka-za-digitalni-kompetentnosti 24. Varbanova, T.: Modeli za otsenka na digitalnata kompetentnost (Digital competence assessment models). Institute of Public Administration (2021) 25. Teaching public service in the digital age: Harvard Kennedy School (2021). https://www.tea chingpublicservice.digital/en/competencies 26. Andronic, R.-L., Andronic, A.-O., Doval, E., Lep˘adatu, I., Negulescu, O., R˘aulea, C.: Romanian employers’ perception of distance education. Procedia – Soc. Behav. Sci. 46, 2307–2311 (2012). https://doi.org/10.1016/j.sbspro.2012.05.476 27. Maas, F., Wolf, S., Hohm, A., Hurtienne, J.: Citizen needs – to be considered: requirements for local civic participation tools. I-COM 20(2), 141–159 (2021). https://doi.org/10.1515/icom2021-0013 28. Zahariev, A., Prodanov, S., Radulova, A., Zaharieva, G., Pavlova-Banova, M., Angelov, P., Ismailov, T., Aleksandrova, A., Marinova, K.: The bank insolvency: from Lehman brothers to Covid-19 (international remarks and national peculiarities). Econ. Soc. Dev. 58, 44–59 (2020). https://www.bit.ly/30CGFLz 29. Schenk, B., Dolata, M.: Facilitating digital transformation through education: a case study in the public administration. In: Proceedings of the 53rd Hawaii International Conference on System Sciences (2020). https://scholarspace.manoa.hawaii.edu/ 30. Bogdanova, M., Parashkevova, E.: (Digitalni predizvikatelstva pred rabotnite protsesi v publichniya sektor v Bulgariya (Digital challenges to the work processes in the public sector in Bulgaria). In: International Scientific Conference “Strategic Planning and Marketing in the Digital World”. UNWE, Sofia (2021) 31. Martin, A., Grudziecki, J.: DigEuLit: concepts and tools for digital literacy development. Innov. Teach. Learn. Inf. Comput. Sci. 5(4), 249–267 (2006). https://doi.org/10.11120/ital.2006.050 40249

Chapter 9

Transport System in Bucharest Vlad-Alexandru Mih˘ail˘a

Abstract Smart mobility is one of the 6 domains that define a smart city. Traffic is a global problem that some large cities in Europe have managed to resolved and meet the criteria that classify them as smart cities. Bucharest still has a lot to learn from other European cities, in terms of how the transport takes place inside the city. With the help of data on public transport and the level of satisfaction we can better understand where Bucharest ranks in terms of smart mobility.

9.1 Introduction Smart city concept represents a multitude of domains that work together in order to improve the citizen’s life. This concept is formed by: Smart Mobility, Smart Environment, Smart Governance, Smart Living, Smart economy and Smart Citizen. In our society, transport is a vital segment, the segment that moves a lot of other industries and people. Without transport, we are parallelized in a world full of modern technology. Even if technology could do a lot of things including saving lives, we have to admit that things in transport are still primitive and the development of the industries that are involved is difficult because most of the time it also involves the development of infrastructure. Being such an important economical fact, through his accessibility and the dependent connections with other systems, we are not surprised to realize that it is one of the bigger world polluters. In order to have a proper vision about this huge term defined by transport, we have to realize that we are talking about railway transport, road, air, naval transport and most important nowadays, transport inside big cities (public transport or personal). All of this type of transport has its own rules and all of them need to be monitored for a better tomorrow. Intelligent transport systems are not referring to only one purpose or meaning. The term refers to every technology, platform, application, monitoring system, database, or even algorithm whose purpose is to improve transport systems. In the past years, more Romanian V.-A. Mih˘ail˘a (B) Department of Economic Informatics and Cybernetics, Bucharest University of Economic Studies, Romana Square 6, 010374 Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_9

105

106

V.-A. Mih˘ail˘a

cities want to align with European standards and became smart cities. Unfortunately, this forced urbanization came with a price, Bucharest is suffocated. There are cars everywhere, buildings, shops. Traffic is a great patience test and public transport is a big lottery. We had a few infrastructure projects meant to make traffic more supportable in some key zones. The difficult part is about traffic in the old part of the city where we have a lot of buildings, most of them extremely old and which without a proper foundation can’t sustain a passage or another subway route. Instead of trying to build a new passage every time an intersection is blocked or overhanded, we can try to manage the traffic using intelligent systems such as smart lights or even try to separate the flux in more secondary arteries. We can definitely improve public transport systems and attract more people to use them. More about Bucharest and its traffic problem along with some solutions and analyses will be presented next, traffic being one of the important factor when we think about smart city and sustainable.

9.2 An European Approach Once urban development has appeared in most cities, there has been a new challenge in terms of traffic. In simple words, it is all about being forced to resort to intelligent traffic management solutions to the detriment of building new arteries or passages to streamline traffic. Currently, 50% of the world’s population lives in cities and by 2050 this number is expected to increase to somewhere around 70%. The concept of smart city is widespread in many major European cities. In order to be able to improve the traffic conditions in Bucharest and to increase what the concept of smart mobility means, we can analyze the way these cities solved the problem of traffic jams and improved the experience of the citizens with public transport. At the level of the European Union, it was decided to intervene on the legislation on BITS (Bicycle Intelligent Transport Systems), (Matteo Candelari [1]) and to promote them as a subcategory of the transport sector. It is a long-awaited news for bicycle users, as much as smart cycling has already been successfully implemented in some provinces and cities. Bicycle users are waiting for the infrastructure to know a global development. At this time, the authorities are also focused on environmental problems, Europe produced 7% from global greenhouse gas emissions. This percent includes all the human activity, not, especially the transport domain. If we discuss about transport, it is responsible for 25% of global carbon dioxide emissions. 90% of European citizens who lived in cities are constantly exposed to a higher level of pollution. One of the worst effects is the increase of asthma in the number of children. Also, the suspended particles from air reduce life expectancy by 8 months. More about intelligent transport system solutions already existing in different European countries will be presented below using data from Zhen [2]. Krakow, one of the oldest and second-largest cities in Poland, has learned over time on how to focus on citizen satisfaction through the implementation of intelligent transport systems. At the end of 2015, the first bus station with two touch screens

9 Transport System in Bucharest

107

was inaugurated in this city. Each screen has a precise purpose. This device was supplied by a local manufacturer (Novamedia Innovision). On one of the screens are displayed information on passenger dynamics but also information about air quality and weather forecasts, while on the second exists the possibility of interaction with a virtual map in which the passenger can find information of public interest such as the location of medical units and multiple points of interest in the city. PlayStation enthusiasts can enjoy a virtual gaming environment while traveling by tapping an icon on one of the tablets. Prague is one of the most developed European cities in terms of public transport. It is notable for its relatively low costs prices and the developed infrastructure that includes a variety of means of transport. Thanks to this well-developed system, the city is in the top 10 with the highest satisfaction of citizens in terms of public transport. Starting in 2017, Prague began to actively fight pollution by not allowing cars under Euro 4 access in the central area. Since 2009, Prague has enjoyed several Park & Ride points. Another European city that has big plans for development is Riga. Its purpose is to develop a low-carbon, energy-efficient urban economy. A first step towards achieving this goal is the use of electric vehicles in over 50% of local public transport. Another example worth following is Ljubljana, which has made large investments to improve its bus fleet with green ones. These buses are CNG, and this system manages to reduce by up to 20% of fuel consumption, being quieter and reducing CO2 emissions. The city hall has also resorted to various tactics such as facilitating public transport, cyclists, and pedestrians on various arteries to discourage citizens from using personal transport. At the same time, bicycle rental systems have been implemented. These actions have been successful, with the number of public transport users increasing considerably. In Estonia’s capital, Tallinn, public transport has been free since 2013. It is now available free throughout the country, which has a positive effect on population growth and economic activity. With the highest population density, Luxembourg has implemented in 2020 free public transport between trains, trams, and buses. It is too early to comment on the outcome, but the project is perceived as a success.

9.3 Modern Systems for Traffic Optimization As a city’s population grows, the number of cars increases proportionally. This will certainly affect the traffic dynamics leading to traffic jams. Intelligent transport systems are coming to solve the traffic problems, these being a vital solution for decongesting the surface traffic, engaging the people to participate in the traffic safety, but also for optimizing the already available resources such as public transport, bicycle tracks, or parking lots. There are several smart systems that can help improve traffic, avoid accidents but also increase the attractiveness of public transport.

108

V.-A. Mih˘ail˘a

According to Hikvison [3] and Altimate [4], one of these systems is the Intersection Violation System. This system consists of a camera that detects drivers passing the red light, blocking the intersection and creating traffic jams. The camera has an all-in-one structure, with video footage, radar, but also flash for detecting vehicles at night. The system uses inductive loops in asphalt, two rows for each lane. When a car tries to pass the red light, the camera takes two pictures that capture the back of the car so that, during the night, the driver is not blinded by the flash. The first picture is taken immediately after the vehicle passes over the inductive loops in the road, and the second is taken after an interval predetermined by the authorities. This system helps both the authorities to sanction undisciplined drivers but also to streamline traffic. Another system is the automatic traffic incident detection system. This system is necessary to warn other road users in advance about possible incidents, including pedestrians on the road, illegally parked cars, objects falling on the road, repairs, or congestion. The system allows the collection of data on the type of vehicle, the flow of cars, the speed of travel on each lane, and the size of traffic jams. In this way, it can be used to manage traffic with the help of traffic warnings, both on roads with a high risk of accidents, and for areas with low visibility or often congestion. One of the simplest intelligent parking management systems is the system present at the entrance to all shopping centers, the barrier system that has an integrated camera which helps with the identification of the vehicles. The system counts the number of vehicles inside the parking lot, for each level, announcing the drivers of the number of parking spaces available at that time. Automatically, to determine the value of the payment, the system will remember the time when the vehicle entered the parking lot. When the driver wants to pay the ticket, the system will calculate the payment amount according to the default rate and the number of hours spent in the parking. At the exit, the registration number of the vehicle will be scanned again and if the tax has been paid, the barrier will open and the driver will be able to leave the parking. Other intelligent systems already encountered are the payment of certain tolls in advance, cars no longer have to stop at toll booths, this being done before starting the trip, the system verifying this by scanning the registration number. In addition to tolls, alternatives have begun to appear to the classic payment of the ticket for public transport (payment can be made by sending a message stating the vehicle code or by some applications). Increasingly appreciated and sought after are systems that promise a reduction in fuel consumption and thus the elimination of less carbon dioxide. These systems have begun to be integrated for both public and personal transport vehicles at reasonable prices. At the moment, there is intense discussion about the transition to full-electric cars in all branches of transport. This is necessary to reduce pollution but involves a complete overhaul of the infrastructure. Another necessity for passengers who want to travel by public transport would be the implementation of a system of video surveillance and passenger information, thus helping to reduce acts of vandalism and conflicts in the public transport. Currently, the public transport runs according to a certain schedule, which is not respected in case of unfavorable traffic conditions, heavy traffic, or during peak hours. The reduction of these delays is also influenced

9 Transport System in Bucharest

109

by the areas transited along the route, the number of lanes and also by their condition. The punctuality of public transport is the first factor that leads to their use by citizens to the detriment of personal vehicles. In buses, trams, trolleybuses can be placed with surveillance cameras for passenger safety. Both in the stations and in the means of public transport there can be information panels providing information on not only the time when the next vehicle will arrive, but also the line number.

9.4 Increasing Accessibility of Public Transport in Bucharest Since 2015, the Bucharest City Hall has made several partnerships with RATB, and through the financing of the Vodafone Foundation [5], the Connecting for Good program was born. Smart public transport was the first pilot project to make public transport accessible to visually impaired people in Romania. It is based on the use of smartphones and the latest complementary technologies as tools for urban accessibility. During the two years in which it took place, over 1000 special devices (iBeacon) were installed in buses and trolleybuses belonging to the RATB fleet. This solution was designed as a personal assistant, in the context of surface transport, which gives independence to people with visual disabilities who want to use it. The developed mobile application also has a GPS module that aims to inform the user about the next station and the available connections. The application can be downloaded from both iOS and Android platforms. In order to make the connection between the mobile phone and iBeacon, it was necessary to develop another mobile application. Through this project, over 1000 people from Bucharest were helped. Nearly in the middle of 2019, the annual FOCUS Bucharest Conference [6] took place, which is in its second edition. The theme of the debate was "Transport infrastructure: smart challenges and solutions", the purpose of which was to facilitate dialogue between the private sector and public authorities on current issues facing the capital. This topic was not chosen by chance, the transport infrastructure being one of the main factors of economic competitiveness at a national or regional level. Along with the economic growth, it is normal to see an increase in the needs regarding the transport network, the multiplication of the cars but also of the population putting pressure on the already existing infrastructure. As we have all noticed, in Bucharest, the fluidization of surface traffic is more and more problematic, and in order to be able to solve it, a new vision of the urban transport model would be necessary. During this conference, a number of solutions were recalled, some of them were based on the construction of passages and underground car parks using new technologies that could reduce costs by up to 30% and halve the execution time. Trenchless technologies (without open digging) or the use of intelligent systems such as GIS (geographic information system) have not been forgotten. At that time,

110

V.-A. Mih˘ail˘a

Bucharest wished to purchase 100 modern trams, 100 electric buses, 130 hybrid buses but also 180 electric buses for the Ilfov area, including charging stations.

9.5 Public Transport Analysis for Bucharest If we talk about the intelligent traffic management systems in Bucharest, according to Bucharest City Hall—Department of Road Transport and Traffic Systematization [7], we are talking about the unitary dependences of 3 subsystems, namely, the Urban Traffic Control Subsystem (UTC), the Public Transport Management Subsystem (PTM), the Camcorder Subsystem with closed-circuit for traffic surveillance (CCTV). In addition, other subsystems can be added at any time. The UTC subsystem is of the UTOPIA type and allows the adaptation of traffic lights according to real-time traffic flows. The Public Transport Management (PTM) [8] subsystem is designed to give priority to public transport when vehicles approach certain intersections. This is done by changing the color of the traffic light as this helps reduce delays and meet traffic schedules [9]. One of the software systems used to manage traffic management is UTOPIA (Urban Traffic Control by Integrated Automation), according to reference [10]. This software has proven to be effective in improving traffic conditions through its ability to adapt in real-time and to implement strategies for managing traffic flows in crowded urban areas. UTOPIA manages to reduce congestion by assigning selective priority at traffic light intersections. In this way, the blockages caused by the queues are also reduced. The system takes into account both the traffic at the intersection itself and the nearby one. This software is open to future improvements through the possibility of extending the functionalities. In order to do its job, several steps are performed at the system level. After data acquisition, real-time adaptation takes place at the area level and integration with other systems. The control strategy can be changed at any time by the operator. The maximum performance of the system is visible in areas where there are unexpected variations in traffic during the day. If initially the implementation of intelligent systems was designed for the N-S axis, now we want to modernize as many areas as possible. Currently, Bucharest has a Park & Ride parking lot located in the Straulesti area. Unfortunately, it is not used at its true value, although the fees charged are extremely low, and the parking lot is close to the subway. For the year 2020, Metro Media Transilvania [11] made a relevant research in terms of the satisfaction index of public transport users. As we expected there are more opinions, but in this case, I think the most alarming thing is that the percent of “quite dissatisfied” (19%) and “quite satisfied” (21%) are almost equal. The “satisfied” is 48% which is almost half of the respondents. In this case, we need to identify the thing that makes the “quite” zone so mirroring, and what exactly is the difference between those three. We need to consider the fact that there are multiple routes in the city and multiple “problematic” sections, sections which are most of the time

9 Transport System in Bucharest

111

the host of traffic jams, or more passengers than others. Another important thing is about the frequency of public transport. Bucharest has an average of 3 points out of 5, but 41% are “satisfied” and 24% are “quite satisfied”. In this case, the percent of “very dissatisfied” is higher than “very satisfied”. If we take a look at the routes, we have 33% “satisfied”, 39% “quite satisfied” and 12% “very satisfied”. It is normal to have destinations for which several means of transport need to be changed but it seems that in Bucharest it is quite simple to do that. 18% are “very satisfied”, 38% are “quite satisfied” and 30% are “satisfied”. People are also contained by the schedule (5 AM–11:30 PM) and the payment methods (we have the possibility to pay online, through SMS, and also the classic way). From this analysis we observed that the routes are good, the change is facile, the payment methods are modern, but we have to work about the frequency of some buses, the compliance with the circulation program (especially when the bus is supposed to arrive in one specific station), and most important things are about the easy access to information, where citizens need to find out the easy schedule, the station where their bus is at some times, and if the bus is crowded or not. With the support received from the Intercommunity Development Association for Public Transport Bucharest Ilfov (TPBI) [11] and with all the public information from STB [12], we analyzed current data on several lines run by trams, trolleybus, and buses. We will analyze the differences produced at different time intervals during the week but also in relation to the weekend. We will consider as the peak time the interval between 7–10, 13–15 and 17–19. To perform this analysis, we will focus on the central trend, expressed in this case by the modified arithmetic mean of the values. The modified arithmetic mean represents the result obtained after excluding the extreme values (5%). For some of the routes, we also made arithmetic averages on intervals, in order to be able to compare and establish with greater accuracy the time differences between peak and normal hours. The arithmetic mean is based on summing all the values and dividing them by the total number of variables. We also considered the analysis of the median value, but there is a risk that this will not be significant for the analysis. The median value would be calculated by sorting the existing values in ascending order and choosing the value in the middle position. Another analysis would have been the one for calculating the module, the value that appears with the highest frequency. We considered that this analysis is not necessary because the analyzed data are hours, minutes and seconds, and in our case many of the values are close, but at the same time different. In this analysis, for some routes we also calculated the standard deviation, as a value that represents the deviation of the values from the average. To calculate this value we used the arithmetic mean already calculated. The standard deviation represents the ratio of the sum of the squares of the difference between the mean and the value, relative to the number of records. In some analyses, we also calculated the dispersion domain. This is calculated by the difference between the maximum value of the data set and the minimum value. The disadvantage of this method is that it is based only on extreme values. This is the disadvantage from the point of view of statistical analysis, but, in the view of the citizens, this is most likely an important

112

V.-A. Mih˘ail˘a

Fig. 9.1 Half-ride average during on a week for line 1

decision criterion regarding the choice of a certain means of transport at a certain time. The first line in question is tram line 1. It includes 30 stations and runs between Banu Manu Blvd. and Romprim. It is one of the most important transport lines in Bucharest, connecting the south of the capital (Popesti-Leordeni) to the NW, passing through the eastern part. This line runs non-stop. On most of the routes, the tram benefits from its own line, which the vehicles do not have access to. For this reason, the fluctuations during the day are not major regardless of the peak hours. During the day a journey with this means of transport lasts on average 55 min, with small exceptions the maximum value being one hour and three minutes. On weekends the average is about 53 min, and there are very rare situations in which the duration of the race is one hour (Fig. 9.1). Line 3 is also a tram line, which runs for only 12 stops between Mezes and Piata Presei. The operating hours are between 4:45 and 22:40. As can be seen in the figure below there are no major fluctuations during the week in terms of race duration, the average duration being about 21 min. On this route, there are no significant differences between the average duration during the week and the weekend. The average duration for the weekend is 19 min. Slight increases can be observed during peak hours but nothing significant (Fig. 9.2). An important trolleybus line is line 69, on the Valea Argesului—Baicului section, totaling 27 stations. From the chart below you can see a significant increase during the week, in the morning, compared to the weekend. No major fluctuations are observed during the weekend, the times being approximately the same regardless of the time, except for the morning interval. During the week the maximum value in terms of the duration of a race is reached in the interval 17–18, and during the rest of the day the values aim to differ by a margin of ±5 min (Fig. 9.3). Line 76 crosses the distance between Resita Square and Unirii Square. This section has 16 stations and operates between 4:30 and 22:40. Regarding the data during the week, the maximum point is between 8 and 9 h, the duration of the race reaching is 42 min, the increase starting from 6 o’clock progressively and constantly. After

9 Transport System in Bucharest

113

Fig. 9.2 Half-ride average during on a week for line 3

Fig. 9.3 Half-ride average during on a week for line 69

exceeding the morning time interval, small variations can be noticed during the day, but nothing significant. During the weekend the values are mostly quite linear, the maximum being recorded at 1 pm, the duration being only 4 min longer than the average (Fig. 9.4). Talking about the bus lines, we stop on line 106 that connects the Lujerului area with an area outside the city, the Cartier Rosu neighborhood. This section has 15 stations and is used to make the connection between Chiajna commune and the metro lines or the 41 tram. What is interesting about this line is the fact that both during the week and on the weekend the return values are higher than the tour values, the values are relatively constant, the difference in peak hours being 2–3 min, and the difference between the week and weekend being only a few minutes (Fig. 9.5).

114

V.-A. Mih˘ail˘a

Fig. 9.4 Half-ride average during on a week for line 76

Fig. 9.5 Half-ride average during on a week for line 106

An important bus line is line 282, which includes 32 stops on the section Basarab Station—Fundeni Road. The opening hours begin at 4:50 a.m. and end at 11 p.m. During the week the maximum value is recorded in the interval 18–19 when the duration of the race reaches an hour and a half compared to the average of the day one hour and five minutes. Except for peak hours, the rest of the intervals are relatively constant. Regarding the values recorded during the weekend, the maximum duration is reached between 13 and 14 h and has a value of 54 min, during the rest of the day the values have small differences from one hour to another (Fig. 9.6).

9.6 Conclusions It is easy to understand that the dynamics of interurban transport is an important factor in a smart city, this being both a main factor of pollution and a factor that determines the level of satisfaction of citizens.

9 Transport System in Bucharest

115

Fig. 9.6 Half-ride average during on a week for line 282

Considering both the surface and the underground infrastructure, Bucharest rises to the European standards in terms of the variety of means of public transport and the multitude of routes on which they run. Considering the previously analyzed survey which shows that, in general, Bucharest residents are satisfied with what public transport can offer, but also on analyzing data regarding the duration of the races, we can say that although there is place for improvement satisfactory, the duration of the ride is a reasonable one even at peak hours. The relatively small difference between the duration of the races at peak hours and the rest of the hours, the relatively short time between stations, but also the differences between the values during the week compared to the weekends make Bucharest’s overland transport an important segment of this city’s economy. Despite the obvious improvements in the condition of public transport, the routes of operation are well thought out and the duration of the journey could in many cases be close to that of the journey made by personal car. Bucharest residents should be informed about this data because they are a decisive factor in choosing the means of transport. It is probably more about the convenience of choosing to ride by car at the expense of public transport because in recent years investments have been made to purchase new, modern and even electric means of transport. As expected in a European capital, surface public transport serves multiple categories of passengers that is essential for the proper development of the economic activity. Most of the time the population uses their own means of transport only for the comfort they offer. During the Covid-19 pandemic, many of those who had the opportunity to use other means of transportation (personal car, taxi, ride-sharing) chose to travel mostly with them for an extra sense of safety. In recent years, intense work has been done to modernize public transport in Bucharest. Many tram lines have been fenced off to eliminate vehicle traffic and provide faster travel for passengers. The tram lines were followed by various bus and trolleybus lines to which lane 1 was attached on some arteries. If we are talking about the development of surface transport, we must also talk about the underground one. In 2020, a long-awaited new subway line was opened for the people of Bucharest. Modernization works were carried out on the already existing lines by enlarging

116

V.-A. Mih˘ail˘a

the platforms and purchasing new, bigger linings. Although there is still place for improvement, the direction of public transport in Bucharest is favorable. In terms of intelligent transport systems and those for traffic management, Bucharest still has some work to do because at present these systems are not integrated at their true value. I am confident that Bucharest will focus on the development of technical infrastructure and will understand the need to integrate it into the current development context of modern technologies to streamline traffic but especially to reduce pollution and became more focused in terms of smart mobility.

References 1. Intelligent transport systems in the European Union: a new start? https://northsearegion.eu/ bits/news/intelligent-transport-systems-in-the-european-union-a-new-start/. Accessed 20 Dec 2021 2. Zhen, S.: Free public transportation: why we need it, and examples from Korean and European cities (2021), https://sustainablemobility.iclei.org/free-public-transportation/?gclid=Cj0KCQ iAzfuNBhCGARIsAD1nu--Ofj0hXjB11UbjbuxaEOjgstwM8XYcnGpigSwSaIhvpF143S2 xTsQaAqvxEALw_wcB. Accessed 27 Dec 2021 3. Hikvision. https://www.hikvision.com/en/. Accessed 12 Dec 2021 4. Altimate. https://www.altimate.ro/. Accessed 12 Dec 2021 5. Smart Public Transport. https://www.asociatiatandem.ro/smart-public-transport/. Accessed 27 Dec 2021 6. Focus Bucharest: Intelligent solutions for the transport infrastructure in Bucharest. https://rom aniansmartcity.ro/infrastructura-de-transport-bucuresti-conferinta-focus/. Accessed 20 Dec 2021 7. PRIMARIA MUNICIPIULUI BUCURESTI DIRECTIA DE TRANSPORTURI DRUMURI SI SISTEMATIZAREA CIRCULATIEI. https://smartcitiesofromania.ro/wp-content/uploads/ 2017/02/2015-11.pdf. Accessed 04 Jan 2022 8. ELSOL. https://elsol.ro/projects/BTMS. Accessed 02 Feb 2021 9. Severin, M.: Sistemul de Management al Traficului din Bucures, ti se extinde (2018), https:// www.ziuacargo.ro/articole/sistemul-de-management-al-traficului-din-bucuresti-se-extinde147800.html/. Accessed 12 Dec 2021 10. Echipamente de Analiza A Fluxului de Trafic. https://www.scribd.com/doc/51361719/Echipa mente-de-Analiza-a-Fluxului-de-Trafic. Accessed 02 Feb 2022 11. TPBI Homepage. https://tpbi.ro/. Accessed 10 Jan 2022 12. STB. https://www.stbsa.ro/index. Accessed 04 Jan 2022 13. Perallos, A.: Intelligent Transport Systems. Wiley Academic (2015) 14. Intelligent Transport Systems group prioritises in-vehicle speed limit information and harmonised user interfaces. https://etsc.eu/intelligent-transport-systems-group-prioritises-invehicle-speed-limit-information-and-harmonised-user-interfaces/. Accessed 20 Dec 2021 15. ETSC. https://etsc.eu/tag/intelligent-transport-systems-its/. Accessed 20 Dec 2021

Chapter 10

General Characteristics of the Assisted E-Learning System in Computer Sciences Madalina Pana

and Alin Zamfiroiu

Abstract Taking into consideration all the restrictions applied worldwide due to the Covid-19 pandemic in the recent couple of years, it is completely understandable why the educational system as well had to adapt and move all its activities online. Even though this kind of approach has turned out to have many advantages, there are certainly still things that could be improved and explored. The main objective of this paper is to highlight the importance and benefits of online learning tools which could assist students during their educational process, even under normal circumstances. Hence, we will analyse the characteristics of the current eLearning applications and what each one proposes for the automation of computer-assisted learning using the computer science field.

10.1 Introduction Any teacher may notice in each group of students that there are several people who, at the end of the school year, do not gather their notions on programming over learning by heart [1]. However, it has also been observed over time that students who only memorize programming subjects are able to reproduce a piece of code or even the entire solution they have learned without trying to practice the implementation and adapt it to different scenarios [2]. Because of this, it can be very difficult at times for a teacher to quantify the real progress that each person is making. When using the classical methods during evaluation, the teacher ought to centralize all responses from students, correct them and, in the end, provide the results to his/her students. However, if a teacher wants to analyse the progress of M. Pana (B) · A. Zamfiroiu Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] A. Zamfiroiu e-mail: [email protected] A. Zamfiroiu National Institute for Research and Development in Informatics, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_10

117

118

M. Pana and A. Zamfiroiu

his/her students in a semester or during the entire university year, he/she would have to centralize all tests from all students and create individual sheets for each student with his/her results. Such procedures are obviously very difficult and time consuming, especially when the teacher has hundreds of students just for one year. For smaller groups could become more manageable, but for big groups certainly it is almost impossible. One of the key roles a professor has is to determine the methods of learning of his/her students, then structure the course and build the teaching technique based on this result. Overall, any application for online studying uses resources such as audio, text, video, even chat discussions, and of course, assessment tools [3]. It is important to underline that most of these applications do not have, as an included feature, a method of evaluation of its user’s style of learning and a way of adapting to it, just like a professor does [4]. Having this kind of analysis implemented in an application is not necessarily complex and it would turn out to be a huge benefit for students, as well as for professors, who would immediately and easily have access to this kind of data. Needless to say, especially over the last few years, it has been proven multiple times that computer assisted learning has definitely a positive impact on students’ abilities to learn and acquire knowledge, no matter if the subject of study is chemistry, social science, gaming etc. [5]. In the following chapters, types of computerized learning and methods of testing the students’ programming skills are presented.

10.2 Short Literature Review The main role of CALSs (Computer Assisted Learning Systems) is to optimize the learner’s route through a content field based on their own personality, cognitive characteristics, and evaluated level of preparation and readiness.

10.2.1 Learning Using Computer Assisted System Some of the most used types of software in the teaching area are the following [6]: – Drill and practice: this type of software is specialized in providing immediate feedback to students when they are working on solving problems, to help them learn new content or review some already reviewed information in a faster and more efficient way. Another important characteristic is related to the reminders which are sent regularly, to keep the students engaged until they reach a higher, better level of their knowledge on that specific subject. – Tutorial: in comparison to the first category, the advantage of the tutorial software is that it provides concepts and, at the same time, gives students the possibility to

10 General Characteristics of the Assisted E-Learning System in Computer …

– –

–

–

119

practice and exercise during a tutorial. Thus, the sessions can be very interactive, and students can get personalized instructions based on situations which occur often. Problem solving: similar to the first category, the concept implemented refers to the fact that you can learn directly by working on specific problems [7]. Simulation and virtualization: for IT-related subjects in particular, this method suits very well and brings a huge contribution to the improvement of the students’ learning experiences within the respective study fields. These simulations started to be used more and more frequently in different areas through VR (virtual reality), by placing the student directly in a situation extremely similar to the one from the evaluation. This method is a perfect example of a concrete application of computer use in the learning environment, bringing an important positive impact in this regard [8]. Games software: most of the game softwares are used to create a softer competition between users [9]. Gamification aims to motivate users to achieve goals, by implementing game mechanisms and proper design. Educating the user either directly or indirectly through quizzes is the most common way of gamification. Transforming the learning process into a simpler, more interesting one is the main advantage. Gamification often uses methods such as rewarding users or creating player rankings to provide additional motivation. This indirect way of learning can be more attractive than the classic, more direct methods, the educational part being masked by the other aspects of the applications. Discovery: this platform focuses on triggering students’ curiosity, by learning and acquiring information step by step, but also to keep them engaged into discovering interesting new information related to that specific topic. Another important thing to mention is that it highlights the progress the student makes through their learning journey.

In the following content of this paper, the studying process in a computer assisted learning system is presented, together with the actors involved. The roles of each of these actors are also explained in detail.

10.2.1.1

Process

The chosen process may vary from one application to another, but the basic idea remains the same and we can present these steps that are contained in an activity diagram of an existing eLearning system, by using the following schema (Fig. 10.1). The professor is inserting his/her pedagogical resources and the system uses these resources by applying different instructions [10]. Whenever a new student starts using the application, the system associates a learning profile based on certain indicators and uses personalized instructions for its learning techniques.

120

M. Pana and A. Zamfiroiu

Fig. 10.1 eLearning workflow diagram. Source Author’s representation of eLearning workflow

10.2.1.2

Actors

There are multiple actors who could be involved during this process [11]. For example, we could have an execution actor that establishes the optimal pedagogical resources to teach the course and a supervisor actor, who should focus on collecting the information. The execution actor analyses the information received from the supervisor actor, validates the indicators, and decides how to adapt to the current situation. On the other hand, the supervisor actor is simpler because it only collects the data and it is passing the information to the other actor. In this paper for example [12], the actors are configured by following the InteRRaP concept, which is an extension of the RATMAN model. As explained in this paper, [13], the idea of this model was to structure the knowledge base according to the complexity of the information contained. However, because InteRRaP has a hybrid

10 General Characteristics of the Assisted E-Learning System in Computer …

121

architecture, it uses the behaviour to extract the patterns and it will apply them to rational planning.

10.2.2 Assessment Using Computer Assisted System As already mentioned above, during the last few years, the interest in various CALs (Computer Assisted Learning System) has increased and now many schools are using online assessments, because it provides flexibility, availability, and objectivity of the results [14]. Regarding testing, there are two types of computerized tests: semiautomatic and fully automatic systems. The difference between these categories is that, for the semi-automatic type, it is necessary for the grading procedure to be established by the professor. On the other hand, the fully automatic assessment system cannot evaluate the student at an abstract level as, for example, the meaningfulness of variables [15]. PAT (Programming Adaptive Testing) is a fully automatic assessment system that can be classified as an adaptive learning system because of the principle on which PAT is based, choosing the questions depending on the students’ level without any intervention of the professor [16]. For example, a test can contain 30 questions from various chapters of the exam material, each question having a different level of difficulty. The system will start the test by choosing a lower/medium difficulty question and, if the student responds correctly to the current question, then the difficulty will be increased, otherwise, the difficulty will be reduced, so that the system can choose the next user-appropriate question. In the end, there are numerous ways of defining the overall level of the student by counting how many questions he answered correctly and how many were wrong, taking into consideration the level of the questions as well. In this paper [17], PAT classification was applied, and used techniques to determine the programming skill level of each student. The results for 73 students indicate that only 18% have high programming skills, 27% have a moderate level, and 55% of them have a low level. Thus, PAT is a solution for an assessment to be adapted to the student’s programming skills and gives a clear classification of the students in real-time.

10.3 Gamification as a Characteristic of E-Learning Environment The notion of gamification is more and more widespread in various fields of research in recent years, both academic and business-oriented. The simplistic approach to the subject is that gamification would be intended only for children’s games. But modern research on gamification shows that it is considered a branch of gaming science, which has positive economic, social, and health effects. Moreover, researchers are

122

M. Pana and A. Zamfiroiu

looking at how organizational goals can be achieved by designing strategies that use the science of gamification as well as games. The core of gamification involves the implementation of elements, techniques, and game methodologies in contexts of the reality around us. This approach is used in various fields of activity such as marketing, education, management, in the development of human resources in organizations and others. At the heart of gamification science is a complex framework with four concepts that communicate with each other, namely: game elements or predictors, objectives or criteria, individual changes in each process or mediators, and the context provided by human resources or moderators. For example, a game element such as the countdown (predictor) in a quiz created by a teacher (moderator) induces the user’s motivation and concentration (behavioural mediator) to achieve the best possible score (goal) being pressed by counter-clockwise time (psychological mediator). Or when we notice certain products on the shelf that offer us bonus points on the loyalty card (predictor), the instinct is to pay extra attention to those products and consider more their purchase (behavioural mediator) because we are looking for investments that bring us as many benefits in the future, as a result of which we feel rewarded (psychological mediators) and finally increase the chances to buy those products (the goal). Thus, gamification aims to use concepts from the science of the game to change human behaviour in specific ways. In the world of games there are many elements that can activate these triggers of motivation and we can see them best in video games, which often cause addiction because our brain is stimulated by the desire to win, the desire not to lose, the reward, and owning them, visualizing progress, the freedom to express one’s imagination, to premeditate events. Specifically, the most common elements of gamification are points, badges or badges, progress bars, countdowns, quizzes, rankings, prizes, and competitions. Their use in contexts that are not related to games, can make the work process fruitful, keeping the quality of seriousness in achieving a goal and at the same time interactive and fun. This modern learning paradigm is taken into account by both academics and companies because the productivity of beneficiaries increases considerably, and productivity is a desideratum in a capitalist world. Game elements such as points strengthen the sentimental achievement of a student. They are earned as they progress in training. In turn, this fuels their desire to get more. Also in the scoring area are the badges. They are an object or visual proof that attest to the student’s achievements, effort, progress and involvement. The progress bar is another tool to measure how far the student has come in the learning program. At the same time, it provides the impetus they may need to complete the desired actions in the training. Everything that the students accumulate in the awards category, makes them proud of their achievements and keeps them motivated to continue the training process and to accumulate more earnings. Quizzes or tests are gamification elements that can be used to generate immediate feedback. A quiz content creation tool can develop a way to test students’ knowledge and provide feedback to help them deepen areas they do not master. Additionally, to create positive pressure on quiz participants, countdown is recommended, which poses a threat of losing points if they fail to finish on time. Then, a leader board

10 General Characteristics of the Assisted E-Learning System in Computer …

123

contains the results of everyone in the learning community and has the ability to motivate each individual to reach the top. It is a natural desire to be the best. We are also motivated not to drop from the leading places in the ranking because we do not like to lose in general. Moreover, visualizing our achievements compared to others helps both to become aware of the level of personal knowledge at that time and the level of the study group. Thus, the gamified elements have different purposes that work towards the same goal, namely to provide a pleasant, motivating and interactive learning environment.

10.4 Indicators for Performance Review There are four types of learning style: active/practical, theoretical, pragmatic, and reflective [18]. An active leaner can be considered the opposite of a theoretical leaner, as the active learner will always prefer to do and experience new things, thus learn by trial and error, while the theoretical learner will want to understand first the concepts and theories and only afterwards see how they can be applied. The reflective learner wants to take time to observe what he/she learnt and analyse in depth the concepts and their meaning, while the pragmatic learner will always focus in understanding how to put theory in practice, in the real world. This is for one certain important indicator that we will be focusing on. We will take into consideration that there are different types of learning styles and depending on how quickly the student completes the subject, we can conclude whether that type of learning suits him/her and change it during practice. Thus, for all these four categories of learning models we have different examples, like for active learning (game software, situation simulations, problem solving etc.) and theoretical ones (books, short courses, video tutorials etc.). The second indicator that we will analyse is the time spent by the student to understand a part of the tutorial or a section of a book/course. Our focus will be to use the eye-movement [19] to see how much time the students read on the course section. Another indicator is to check how many times a student comes back to a previous course section. This thing is important because it shows us if the eLearning method suits the learning profile of the student, or if he/she needs to practice more on a specific subject. The last indicator that we will analyse is the progress that the student has when he/she is taking tests. It is important for the student not only to complete the subject matter, but also to understand all the pieces of information without going any further. This can be seen in the grades of the tests that will be given, so in the end, the system should suggest which parts of the course should the student review again, if necessary.

124

M. Pana and A. Zamfiroiu

10.5 Conclusion and Future Work In this paper, our motivation was to analyse the existing CALs application and to extract their main characteristics Most published literature have shown that the teaching process can adapt itself based on the learning profile of each person. Thus, we have proven that there are a variety of ways of making automated applications for programming learning. But despite all of them, we want to implement an assisted eLearning system which provides personalized information using interactive activities in a creative content. It is important to understand that the best result can only be obtained when having a lot of pedagogical resources covering multiple scenarios, in different formats as text, audio/video etc. and for each resource, we need to have exercises, case studies and so forth. Moreover, if we load huge amount of data for all these resources, we need to be sure that we have the best performance for our system [20]. In conclusion, there is a lot of potential within this educational field, thus for future work, we shall continue to investigate how we can improve the educational system using computer technology.

References 1. McCracken, M., Almstrum, V., Diaz, D., Guzdial, M., Hagan, D., Ben-David Kolikant, Y., Laxer, C., Thomas, L., Utting, I., Wilusz, T.: A multi-national, multi-institutional study of assessment of programming skills of first-year CS students. ACM SIGCSE Bull., 125–180 (2001) 2. Woit, D., Mason, D.: Effectiveness of online assessment. ACM SIGCSE Bull., 137–141 (2003) 3. Mtebe, J. R., Raisamo, R. A.: Model for assessing learning management system success in higher education in sub-saharan countries (2014). https://www.researchgate.net/publication/ 286947507_A_Model_for_Assessing_Learning_Management_System_Success_in_Higher_ Education_in_Sub-Saharan_Countries 4. Bruce Joyce, M. W.: Models of Teaching. s.l.: Pearson (1999) 5. Director, D. L. B.: Computer assisted education. In: Theory Into Practice. s.l.:s.n., pp. 173–178 (2009) 6. Sharma, R.: Computer assisted learning—a study. Int. J. Adv. Res. Educ. Technol. (IJARET) 4(2) (2017) 7. Anon.: Exploring students’ cognitive and affective states during problem solving through multimodal data: Lessons learned from a programming activity. J. Comput. Assist. Learn., pp 1–20 (2021) 8. Meka Srivani, A. M.: Computer-assisted education. Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol. 6(6), 231–235 (2020) 9. Cuervo-Cely, K. D., Restrepo-Calle, F., Ramírez-Echeverry, J. J.: Effect of gamification on the motivation of computer programming students. J. Inf. Technol. Educ.: Res. 21, 1–23 (2022) 10. Gloria Yi-Ming Kao, C.-A. R., 2022. Designing and evaluating a high interactive augmented reality system for programming learning. Computers in Human Behavior, Volume 132. 11. C. Buiu, M. A., 2000. C. Buiu, Mihaela Albu. Agenti software inteligenti (Intelligent software agents). s.l.:ICPE. 12. Moise, G., 2007. A Software System for Online Learning Applied in the Field of Computer Science. International Journal of Computers, Communications & Control (IJCCC).

10 General Characteristics of the Assisted E-Learning System in Computer …

125

13. Müller, J. P.: The design of intelligent agents: a layered approach. In: Lecture Notes in Computer Science (LNCS), vol. 1177. s.l.:s.n (1996) 14. Ala-Mutka, K.: A survey of automated assessment approaches for programming assignments. Comput. Sci. Educ., 83–102 (2005) 15. Suleman, H.: Automatic marking with Sakai. In: Proceedings of the 2008 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries: Riding the Wave of Technology. s.l.:s.n., pp. 229–236 (2008) 16. Lee, V. C. S., Yu, Y. T., Tang, C. M., Wong, T. L., Poon, C. K.: ViDA: A virtual debugging advisor for supporting learning in computer programming courses. J. Comput. Assist. Learn. 34(3), 243–258 (2017) 17. Dimitra I. Chatzopoulou, A. A. E.: Adaptive assessment of student’s knowledge in programming courses. J. Comput. Assist. Learn., 258–269 (2010) 18. Antelm-Lanzat, A. M., Gil, A. J., Cacheiro-González, M. L., Pérez-Navío, E., Fonseca-Pedrero, E.: Learning Styles and Vocational Guidance in Secondary Education. Educ. Sci.: Theory Pract. 20, 1–15 (2020) 19. Wang, X., Zhao, X., Zhang, Y.: Deep-learning-based reading eye-movement analysis for aiding biometric recognition. Neurocomputing 444, 390–398 (2021) 20. Crow, T., Andrew Luxton-Reilly, A., Wuensche, B., Authors Info & Claims: Intelligent tutoring systems for programming education: a systematic review. s.l., In: Proceedings of the 20th Australasian Computing Education Conference (2018)

Chapter 11

E-learning in Romania: An Overview on Software Solutions from Private Initiatives Andreea-Cristina Stroe

Abstract The purpose of this paper is to present an overview on the software solutions that contribute to the development of the e-learning in the Romanian undergraduate education system. This research relies on a study of the solutions provided by the Romanian private companies that dominate the market of the e-learning platforms. The software providers considered for the paper include SIVECO, Ascendia S.A,. Timsoft or InsideMedia. The platforms will be analyzed in terms of functionalities and characteristics. After the analysis, a series of common features will be identified, as well as the benefits and the drawbacks of each of the solutions. Based on the results, a profile of an adequate e-learning platform for the Romanian undergraduate education system will be drawn. Overall, this paper contributes to the literature by identifying the existing and already integrated e-learning software solutions in the system at the present moment. Moreover, a comparison between them will be provided, leaving room for future directions the field of e-learning platforms in Romania can benefit from.

11.1 Introduction E-learning or educational technology [1] is the concept the literature defines as learning with the help of the Internet [2]. It represents the pioneer approach in which technology was introduced in the educational act so that people’s skills will be developed more easily and more rapidly [1]. The computer is the main electronic device [3] that mediates the relationship between the content and the learner, so this type of learning is based mostly on web-based and computer-based applications [2]. The complexity of e-learning is unquestionable since it offers a way of digital collaboration between students and teachers [2], as well as access to a multitude of digital content. A comprehensive definition of e-learning is offered by the Commission of the European Communities, in its report from 2001, where e-learning is “the use of A.-C. Stroe (B) Bucharest University of Economic Studies, 010374 Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_11

127

128

A.-C. Stroe

new multimedia technologies and the Internet to improve the quality of learning by facilitating access to resources and services as well as remote exchanges and collaboration” [4] An important aspect of e-learning is reiterated in this definition: the remote access to education learners gain through this approach. Romania started to manifest interest in introducing e-learning in the education system in the late 1990s [5]. After the fall of the communist regime in December 1989, new perspectives were brought by the new political and social environment. The modernization of the education system began with its decentralization immediately after the revolution [6, 7]. Consequently, Romania’s alignment to the European methodology in terms of education norms was initiated [7], creating the necessary premises for our country’s integration in the European Union [7]. This movement included implementation of e-learning initiatives, as stated in the Action Plan of the Commission of the European Communities from 2001 [4]. This new educational approach firstly emerged in the university education system, through the Virtual University Paradigm [5]. It was introduced in 1999 [5] in the main university campuses in Romania [5] and consisted in a Java-based application used as an educational software [5]. Henceforth, e-learning software systems began to gain more and more visibility in the education system. They are better implemented in the university system, with the majority of Romanian universities benefiting from their own e-learning platform [8], whereas the undergraduate education system has not been so fortunate. Until the moment of writing this research, the Romanian government did not provide a national e-learning platform that could be introduced in all the primary, secondary and high schools from Romania [9]. Nevertheless, the private sector manifested a bigger interest into improving this direction of the Romanian education system. Therefore, numerous private stakeholders produced their own e-learning solutions targeting the primary and the secondary education system [10]. The e-learning market is dominated by the company SIVECO [10], which has been a long and trustful partner of the Ministry of Education in the process of digitalization of the system. Other companies with remarkable results in the field of e-learning are Ascendia S.A. [10], Inside-Media, Timsoft and Softwin [8]. Each one of these software providers developed and successfully integrated solutions that contributed to the modernization of the Romanian undergraduate education system. The possibility of introducing e-learning in the education system (whether it was the undergraduate or the university one) was facilitated by the infrastructure. Throughout time, The Ministry of Education, in collaboration with private stakeholders, equipped a huge number of schools with computers [11]. Moreover, Romania ranked the 10th position out of 28th in the European Union in terms of broadband connectivity in 2021 [12], which created a suitable environment for integration of technology in the education act. Nonetheless, the system faced slow deployment of the solutions [5] due to two factors: rigid curriculum and teachers’ reluctance [5]. This produced a significant gap between our country and other state members of the European Union in terms of e-learning platforms integration [13]. The primary focus of this paper is to identify the e-learning solutions that the main software providers developed throughout the years and undertake a deep analysis

11 E-learning in Romania: An Overview on Software Solutions …

129

of each of them. Each solution will be examined in terms of characteristics and functionalities. Moreover, this study also attempts to answer the question: which are the main characteristics an e-learning solution needs to have in order to be integrated in the Romanian undergraduate education system?

11.2 Terminology in E-learning Since the paradigm of e-learning is so complex, a series of concepts, more often encountered in the form of acronyms, needs to be clarified for a complete understanding of the used software solutions. The first one to mention is CBT or Computerbased training [14]. As the name indicates, this concept is very easy to be described: courses that are delivered through a computer. This type of learning is among the first digital forms of asynchronous learning, oriented towards a self-paced approach in which the learner had the control over the process of learning [14]. It represented the starting point in terms of e-learning [15], which, originally had the goal to eliminate the educator as the direct intermediator between the student and the content [15]. At the beginning, they were delivered though CD-ROMs [14], but once the Internet began to emerge in the society, a sub-type of CBT appeared: WBT. It stands for Webbased training [16] and its definition is clear: a teaching method delivered by the aid of the Internet [8] and intranets [16]. Other synonyms that refer to the same concept are Web-based Learning (WBL), Web-based Instruction (WBI) or Internet-based Training (IBT) [16]. The tasks that can be included in WBT are not limited to using materials that are available online, but the whole learning process can be performed over the Internet. This signifies that, besides sending the materials (that take the form of multimedia resources) via electronic means, the teaching, the evaluation, and the feedback sessions can also be conducted through Web mechanisms [16]. This was an important step towards distance education, enabling access to education to a larger population and eliminating the restrictions of time and place [16]. CBT and WBT represent the base for another important notion that should be clarified, the e-learning platform. Some popular examples in the market of e-learning platforms include Blackboard, Moodle or Sakai [17], but literature claims this concept as a problematic one since there has not been provided a clear definition or a set of defined characteristics that one should use when classifying a software solution as an e-learning platform [17]. Throughout time, several definitions have been provided [17], but an attempt to a complete and comprehensive one was made in 2010. Michael Piotrowki, in his study, defined the e-learning platform as “a system which provides integrated support for the six activities—creation, organization, delivery, communication, collaboration, and assessment—in an educational context” [17]. To go even further, one needs to emphasize that this system is composed of hardware, operating system and specific applications [18] in order to build up the e-learning platform.

130

A.-C. Stroe

So, from this definition, one can orient towards a generic approach [17], in which all the activities from the educational act are treated equally important. Nevertheless, there are some terms that point towards more particularimplementations, concentrating on the management part of the teaching act [17]. This terminology includes notions as learning management system (LMS), virtual learning environment (VLE), learning content management system (LCMS), learning support system (LSS), technology-enhanced learning environment (TELE) or managed learningenvironment (MLE) [17]. The most encountered are LMS and VLE, so they will be analyzed more thoroughly as follows. LMS or Learning management system [19] can also be referred to as CMI (which stands for Computer Managed Instruction [8]). The name itself summarizes its purpose as being a tool used for course management. It helps to organize the course [8], track the progress of students [19], as well as of the content provided [19]. So, the LMS is a facilitator of the education act that helps both the teacher (in the process of providing educational content in multimedia format, but also during the evaluation) and the student (that can access the content more easily and can provide feedback for the course) [19]. Nevertheless, a drawback of a LMS can be teachers’ reluctance to adapt to the course content or to a more online-oriented approach [19]. The Virtual learning environment or the VLE [20] can be viewed as a complex system that comprises features which allow the use of information, but which creates a social space for active collaboration between actors (students and teachers alike) [21]. Even though the VLE and the LMS might seem, at first glance, the same concept, there is a slight difference between the two. The VLE and the LMS might have the same functionalities, but their educational approaches belong to different educational paradigm [22]. LMS focuses more on a behaviorist perspective, where the learner has intensive training in order to acquire even more sets of skills that they can further use [22]. VLE, on the contrary, is aligned more towards a constructivist paradigm [22], where the main goal is to acquire knowledge through experience and collaboration. So, the main concept that differentiates the VLE from LMS is collaboration. Although literature formulated a complex terminology to try to encapsulate all the concepts related to the systems used for the teaching act in the e-learning paradigm, a conclusion can be drawn. Regardless of the name, they all refer to the same: an electronic mediator between a learner and the learning content that can be used in a self-paced rhythm.

11.3 Study of Romanian Private E-learning Software Solutions Private stakeholders have always been interested in the progress of digitalization of the Romanian education system. Thus, they provided a series of e-learning platforms to be integrated in the educational act. This study focuses on providing an overview on the solutions provided by the Romanian companies that dominates the market of

11 E-learning in Romania: An Overview on Software Solutions …

131

Romanian e-learning. Each of the following sections explain the steps undertaken in the present approach.

11.3.1 Research Methodology This study provides a comprehensive approach that analyses the software solutions provided by private stakeholders in terms of e-learning. For each solution, its characteristics and functionalities will be featured, as well as the structure and the learning objectives met via its content. The selection of the solutions was based on the software provider. Five main Romanian providers with a long history in the production of e-learning solutions were chosen: SIVECO, Ascendia S.A., Timsoft, InsideMedia and Softwin. For each private stakeholder, one or two solutions will be studied. The choice of the number is based essentially on how many e-learning solutions the company has developed over the years. In case the provider has multiple e-learning softwares, there will be a limitation of a maximum of two solutions, those being the most used in the undergraduate education system. Table 11.1 from below shows a complete list of the e-learning software solutions that will be analyzed in the present research paper. The analysis of each of the solutions from Table 11.1 will lead to the identification of a set of e-learning characteristics specific to each of the solution. Each solution will provide some characteristics that will be unique to the solution or shared by more solutions from the analysis. The number of the identified characteristics will not exceed the number of 15 most common and important characteristics of an elearning platform. Afterwards, all the discovered characteristics (whether common for all the solutions or not) will be gathered and used for a thorough comparison between the six solutions.

11.3.2 Analysis of the Solutions A. SIVECO—AeL SIVECO is the Romanian company that dominates the e-learning market from our country [10]. It has been a long and trustful partner of the Romanian Ministry of Table 11.1 Private stakeholder and their studied solutions

Siveco

AeL

Ascendia S.A.

EduTeca—The Seasons

InsideMedia

Academia Online

Timesoft

eLearnTs, eTestTs

Softwin

ExamenulTau.ro

132

A.-C. Stroe

Education throughout the time, collaborating at the SEI project (2001–2008) [23]. SIVECO gained its recognition in the international market as well, and is present in Cyprus, Azerbaidjan, and Moldova [24]. The most important e-learning solution provided by SIVECO is the AeL platform. It offers an enterprise version (AeL Enterprise) that targets business environment and an academic version (AeL Academic). The following analysis will focus on AeL Academic since it is the e-learning platform that aims to be used as a complementary instrument to the regular educational act [25]. AeL Academic is a complex e-learning platform that incorporates all the activities of and around the educational act: teaching, learning, assessing, administrating both the processes and the content and recording the results [24]. An advantage is that the platform can be used by all the actors of the educational act (teachers, students, but also parents) [24]. The structure of the platform is very complex, being composed of several components that facilitate the learning process. The most important parts are the virtual class, the evaluation component, AeL eContent, a library of educational content dedicated to the asynchronous learning [25], ASM (AeL School Manager), the forums and the reports [25]. The virtual class is the facilitator for the synchronous learning process [25]. The content can be accessed from anywhere—this representing an important aspect of the e-learning paradigm. The teacher has the purpose to administrate and conduct the educational act, deciding the content the lesson will include and the order in which the topics will be presented to the students [25]. So, the AeL Academic reinforces the role of the teacher in the e-learning paradigm as the one who facilitates access to learning resources rather than a direct and only source of information. They can offer guidance to learners via discussion forums provided as well by the learning platform [25]. Over the time, AeL has proved its importance in the evaluation process through the evaluation component. The platform enables the possibility of conducting online and offline tests, both developed by the teacher or for self-evaluation [25]. The types of questions covered in the tests are diverse, open questions or multiple-choice exercises being just two examples [25]. An important aspect of managing the evaluation is the possibility to randomize the questions in a quiz [25]. ASM is an important part of the AeL platform that converts the AeL in a LSM by excellence. It is composed of six menus that have submenus for administrating the information from the database regarding the schedule, the class, the students, the teachers, the educational unit, and several statistics at class level [25]. Therefore, the AeL platform not only provides a mechanism to administrate the learning content and data about the learning process (such as the covered topics or pupils’ results), but also enables a high-level management at the unit level, comprising the most crucial information in a single place. The benefits of AeL are unquestionable. The easiness that it brings to the management of the learning process, the quality content and the flexibility furnished by the virtual classes makes AeL a collaboration tool that follows the characteristics of the e-learning paradigm. Moreover, the fact that over 7 million educational institutes [25]

11 E-learning in Romania: An Overview on Software Solutions …

133

have already successfully integrated the platform into the educational act confirms its value. B. Ascendia S.A.—EduTeca—The Seasons Another Romanian company with a long history in the field of e-learning is Ascendia S.A. They proposed a proprietary CBT solution called EduTeca—The Seasons, developed for kindergarten children [26]. It is composed of 8 CDs, 2 per each season, with the purpose of creating interactive games for children to learn important concepts about nature, the flora, the fauna and activities specific to each season, as well as basic mathematical concepts [26]. The idea of learning through gamification is brought into attention by this solution, an appropriate approach if considering the age of the target audience. The structure of each CD is very easy. The information is organized on chapters and each chapter has several educational modules [26]. The educational modules can be divided into three categories: “expository animation, experiments and interactive games” [26]. The activities in these modules include puzzles, drag and drop tasks or mazes [26], adequate tasks for children between the age of three and five years old. The structure seems accessible and sufficiently simple to be used in order to meet the objectives. The solutions’ goals are to provide an interactive environment for cultivating creativity, develop children’s imagination and dexterity [26]. An important functionality of this solution is the virtual teacher [26]. On one side, this can be considered a key feature considering the age of the learner. Kindergarten children need supervision and guidance into the learning process, as well as encouragement. The permanent presence of the virtual teacher accustoms the child to the idea that the learning process includes constructive feedback upon which one needs to evolve. On the other side, the presence of the virtual teacher, in the form of a fairy [26], increases the gamification score of the solution. This CBT is the first and foremost proof that the e-learning platforms are not limited by the age of the learners as kindergarten children can be taught elementary concepts about the world in an attractive and stimulating way. Nevertheless, they might need some help accessing the e-content, as, in the case of the solution developed by Ascendia, they need to insert the CD and to start the application, so the learners are not completely independent. Moreover, since this is a proprietary solution, extra costs will be needed to acquire the software. This can be a noteworthy drawback since the money resources are limited for kindergartens in Romania even in the big cities. In addition, the disadvantaged communities from our country can hardly benefit from a similar solution due to the lack of money and infrastructure resources. C. Inside Media—Academia Online Academia Online (http://www.academiaonline.ro/) is another example of e-learning platform developed by InsideMedia [27]. It is designed for more mature learners, offering courses aimed more towards majoring a certain topic. The required minimum age of the learner is 14 years old [27]. Nonetheless, there are courses designed for people who have already graduated to a certain education level (for instance the target audience is represented only by students who have at least graduated

134

A.-C. Stroe

from high school) [27]. The age limitation can be seen both as an advantage and a disadvantage. The benefit is that the course is designed for a specific audience that can fully understand the concepts that are presented. But the platform cannot be integrated in all levels of the undergraduate education system (students from primary and secondary school cannot benefit from this platform). The course offer is rich. There are three types of courses a learner can access: free, paid and approved by the Ministry of Labor and Social Protection [27]. The fields of expertise the learner can major in are entrepreneurship, personal development, information technology and communication, foreign languages, education and others [27]. Even if the palette is so large, the learner can choose only from the available courses at the registration time. The user can check the course offer by accessing the Course section. Moreover, the user cannot register to multiple courses simultaneously [27]. The structure of the courses is similar to some extent. Each course has a tutor and is composed of three parts: resources, online module and evaluation [27]. Completing a course leads to gaining a certificate, but the learner receives it for a fee [27]. Nevertheless, the length of the course is different, each having its own number of modules based on the topics that are to be covered. The learner chooses the frequency of the learning process: once or twice a week [27]. This is a strong advantage, the pace of the learning process being imposed by the student and not by the tutor. The tutor is only the mediator, the one who provides the learning materials and the feedback as the result of the evaluation. So, this e-learning platform designs the courses so that they cover all the stages of the learning process: teaching (done by the tutor who provides the resources), strengthening knowledge (via some homework the learner needs to provide) and the evaluation (which is continuous, made by the tutor, but the platform also covers self-evaluation [28]). The e-learning platform can be accessed via Internet. The Web interface is not very attractive, but it is very simple to use. A benefit is represented by the fact that, before registering on the platform, the user can read some guides that cover all the necessary steps of utilization of the platform: registering to a course, accessing a course, how the learner should do the necessary payments if any. However, in order to have access to the courses on the Academia Online platform, a learner needs to create an account based on some personal data (such as the birthday, the address). A drawback of this approach is that there might be people reluctant to share personal data to an online e-learning platform. Nonetheless, the resources needed for enrolling to the courses are minimal. One needs only a computer and Internet connection and can access the course from everywhere and at any time. Based on the structure and the offer, this platform seems to be an appropriate choice for people who want to enhance knowledge, but have limited time. The minimal resources (basically, the learner needs only a computer and Internet connection) makes it ideal for people who travel most of the time. So, this platform seems to be addressed more to adults rather than to pupils, but it can successfully be integrated for high school learners for strengthening knowledge in some domains (for instance foreign languages or information technology and communication). These courses can become successful extra learning resources.

11 E-learning in Romania: An Overview on Software Solutions …

135

D. Timsoft—eLearnTS, eTestTS The company Timsoft has another strategy in terms of e-learning platforms: separating the stages of the learning process. Thus, they provide two solutions: eLearnTS [29], a VLE that includes the online courses and learning communities, and eTestTS [30], designed for the evaluation part of the educational process. Both are proprietary solutions, so the needed resources extend to extra costs for acquisition. The two will be analyzed separately as follows. eLearnTS is available both in Romanian and in English language [29] and can be configured for online courses based on learners’ needs and educational level [29]. It has the form of a virtual online class, where the participants ar e the teacher (referred to as the facilitator), the learners and other guests (that can be part of the training act or only observers) [29]. The integration of the visitors is a great benefit of the eLearnTS platform since it encourages flexibility, a key characteristic of the e-learning paradigm. Moreover, the collaboration is an important aspect of this solution, as a result of its development as a VLE. The facilitator has essentially an administrative role, managing several components of the course [29]. He is in charge of the syllabus, so planning the whole activity of the course (deadlines, activities the learners should complete) [29]. This can be regarded as a drawback of the solution since the pace of the learning process is imposed by the facilitator and not by the learners, as indicated in the e-learning paradigm. He is also the person who provides the theoretical resources, as well as the feedback to every activity, organizes the groups of learners, creates the conferences delivered in the learning process and offers guidance to the learners [29]. Therefore, the facilitator depicts partially the role of the teacher in the e-learning paradigm: a mediator and a content provider that offers guidance and feedback along the education act. Even though the pace is established by the facilitator, he leaves behind the idea that the teacher is the one who owns the knowledge, but rather the one who makes available some resources that the learner can use at his disposal. The role of the learners is not changed. They conduct regular learner’s activities such as accessing course resources, participating in conferences, sending homework, receiving feedback etc., [29]. They can interact with the facilitator or the facilitators (the platform allows the possibility to have multiple facilitators for a single course [29]) in a synchronous (via live chats) or asynchronous way (through forums and conferences) [29]. Nonetheless, the evaluation part of the education act is not integrated in the eLearnTS, but in the eTestTS [30], another solution is developed by Timsoft. It offers the possibility to create training modules (aiming to help students deepen the acquired knowledge), questionnaires and tests [30]. The questionnaires allow a multitude of types of questions (true/false questions, single and multiple choice, questions with multimedia content) [30]. This represents a real benefit of the platform, since the evaluation can cover different aspects in a diverse and interactive way. Moreover, the questionnaire allows the user to customize the color and the size of the text [30], thus creating an environment that can be adjusted based on the student’s needs and preferences. The tests can be intermediary or summative, but attached to a module

136

A.-C. Stroe

[30]. Therefore, the eTestTS platform covers all the aspects of the evaluation process, even the self-evaluation by providing the opportunity for the learner to generate their own tests. This separation, however, can be considered rather a disadvantage for multiple reasons. Firstly, the facilitator has the option to give learners feedback through the eLearnTS solution, but the course evaluation is conducted through eTestTS. So, the facilitator’s work is encumbered since there are two different places that host the resources for the same course. Secondly, for the learners receiving information for the same course from two different sources can be confusing. In addition, the fact that two platforms are needed increases the necessary resources in terms of money for acquisition and the number of servers needed to host the platforms. E. Softwin—ExamenulTau.ro A Romanian e-learning platform dedicated exclusively to pupils is ExamenulTau.ro, an Intuitext branded product, developed by the company Softwin [31]. The target audience of this software solution is formed by the K7 and K8 pupils and has the role of an additional resource in the training process for the National Evaluation exam [31]. The content is straightforward and is consisted in the curriculum for the Romanian Language and Literature and Mathematics disciplines, covering all the topics addressed during the secondary school years [31]. The platform is structured in three big sections: Training, Profile and Advice [31], each having dedicated subsections. The training section covers all the necessary tools for organizing, conducting the learning process and evaluation. Through the Planning subsection, the platform suggests a learning calendar for the learner, each exam topic being assigned to a dedicated period [31]. In order to persevere in the training process, the learner has access to theoretical resources that cover all the necessary topics for the exam. The resources are very well structured and easy to be used through the platform in the subsection Content Chapters [31]. Another subsection is represented by the simulation exercises, through which the learner can access exam papers that imitate exactly the structure and the content of the original exam [31]. A last subsection provides evaluation tests structured by each topic included in the exam [31]. The learners can monitor their progress by the Profile section, which offers a subsection that includes personalized grade reports based on the study chapters covered by the learner. These reports also offer learning recommendations that redirect the learner to the theoretical resources that cover the topic of the test. The platform also provides a section in which experts advice students on how to approach an exam and how to deal with the overwhelming emotions that might appear before an important exam [31]. This section is a real advantage since the psychological aspect of taking the first crucial exam of a pupil’s life is, most of the time, ignored even by the actors of the educational act. In addition, being an e-learning platform, it promotes the collaboration via the live chat. In case of need of addition resources or advice, a learner can access the chat and get in touch with one of the 15 specialists that developed the platform [31]. Even though this software solution might seem a limitative one, since the target audience is strictly dedicated to K7 and K8 pupils, one may extend its use to all the

11 E-learning in Romania: An Overview on Software Solutions …

137

secondary school pupils. Since the platform offers theoretical resources to all the exam topics, they are covered throughout the entire secondary school cycle, so K5 and K6 students can also benefit from the platform.

11.4 Results 11.4.1 E-learning Platform Analysis The analysis conducted over the six e-learning platforms developed by Romanian private stakeholders led to a series of conclusions. The main characteristics that are present in the software solutions analyzed in the previous sections were gathered in Table 11.2. 15 characteristics of the Romanian e-learning platform have been identified, but there is no solution that gathers all 15. Nevertheless, according to Table 11.2, the solutions offered by the Romanian private stakeholders are considerably complex. They successfully meet the criteria from the definition of the e-learning platform and create a collaborative learning environment. So, they can unquestionably be used as alternative tools in the present Romanian education system. A clearer image of the distribution of the characteristics of the Romanian elearning platforms can be consulted in the table from Fig. 11.1. Each characteristic is identified by the number allocated in Table 11.2. There is a maximum of 6 occurrences and a characteristic that can have since only 6 solutions has been analyzed. Based on the number of occurrences, the importance of the characteristic can be evaluated. There is only one characteristic that meets the maximum number, the availability of a simple user interface or a structure that is present in the case of all solutions. Therefore, a huge interest has been manifested into designing a user-friendly solution, that is easy and well-structured so that the learning process is eased. There are two characteristics that met the threshold of 5 occurrences: providing a facilitator/virtual teacher, and the possibility of asynchronous learning. These highlight the defining features of the e-learning. Firstly, the fact that the learner is not constraint to a certain place and time to learn was among the most valuable benefits e-learning came with. Nevertheless, there is still a need of a facilitator in order to mediate the educational act, an aspect understood by the Romanian stakeholders. Other aspects the providers focused on including in their solutions are incorporating all the activities of the educational act (teaching, knowledge building, evaluation), offering a rich course offer, as well as the possibility to customize the content. The fact that the educational act is not fractured into different pieces, but treated as a whole, as a process with multiple steps, all incorporated in the same solution is extremely beneficial for the learner. All the parts of the learning act are equally important and customizing the content according to the needs of the learners and represents a key-point each e-learning platform should have.

138

A.-C. Stroe

Table 11.2 Characteristics of Romanian e-learning platforms No. Characteristics

AeL EduTeca—The Academia eLearnTS eTestTS ExmenulTau.ro Seasons Online

1

It incorporates all v the activities of the educational act (teaching knowledge building evaluation)

x

v

v

x

v

2

It can be used by all the actors in the educational act (teachers, students, parents)

v

x

x

x

x

v

3

It provides virtual v classes

x

x

v

v

x

4

It provides a facilitator/virtual teacher that administrates and conducts the educational act

v

v

v

v

v

x

5

It offers the possibility of online or/and offline tests with different types of questions

v

x

x

x

x

x

6

It offers additional administrative tools for unrelated to the educational act

v

x

x

x

x

x

7

It has restrictive target audience

x

v

v

x

x

v

8

It promotes gamification of the educational act

x

v

x

x

x

x

9

It offers rich course offer

v

x

v

v

v

x

10

It offers the possibility of learning content customization

x

x

v

x

x

v

(continued)

11 E-learning in Romania: An Overview on Software Solutions …

139

Table 11.2 (continued) No. Characteristics

AeL EduTeca—The Academia eLearnTS eTestTS ExmenulTau.ro Seasons Online

11

It is an open-source platform

x

x

v

x

x

v

12

It offers the possibility of asynchronous learning

v

v

v

v

x

v

13

It offers the possibility of synchronous learning

v

x

x

v

x

x

14

It has a simple v user interface/structure

v

v

v

v

v

15

It needs special x resources (besides Internet connection and a computer)

x

x

v

v

x

Fig. 11.1 Distribution of characteristics of e-learning platforms

Less interest has been manifested for the gamification of the educational act. There is a single solution (EduTeca—The Seasons) that focused on this aspect. The others treated the learning process more rigorously. An explanation for this can be the target audience. Most of the e-learning platforms target more mature learners, who are more accustomed to the traditional way of learning. Learning through games is a technique that is more appropriate for kindergarten and primary school pupils, this being confirmed by the target audience of the learners of The Seasons. Another characteristic that has only one occurrence is the presence of an administrative tool for aspects that are not related to the educational act. The only platform that offers this feature is the AeL, via the ASM. This can be an acceptable approach,

140

A.-C. Stroe

since an e-learning platform should be more focused on the learning process and all the steps it implies (teaching, building knowledge, evaluating, providing feedback) rather than providing information about the educational unit.

11.4.2 E-learning Solution Implementation Considering the results from the previous section, the study proposes a number of characteristics a possible e-learning platform should have. There is no doubt that the e-learning platform should have an easy and userfriendly interface that will definitely ease the whole interaction with the online tool. Moreover, the content should be structured in an intuitive way. The role of the teacher has changed in the paradigm of e-learning. He is no longer the owner of the knowledge, since data is accessible anytime and anywhere, but a facilitator of the whole learning and evaluating process. The teacher is the one who provides access to a large number of resources, mediates their usage and provides constant feedback to the tasks. The need of a tutor to guide them throughout the entire learning process should not be dismissed while developing an e-learning platform. Another key aspect is the collaborative approach. Most of the software solutions embrace the constructivist paradigm in which just acquiring skills is not sufficient. The process of developing new capabilities should be encapsulated in a collaboration of the parties and the ideal environment for such learning experience is provided by virtual classes. This new strategy, however, is suitable for more aged learners that can operate by themselves the software solutions. The collaborative way does not seem appropriate for kindergarten children as they need more assistance during the learning process. Therefore, the feature of virtual classes is a keypoint, but should be adapted according to the learners’ age. The majority of the solutions include all the steps of the educational process in a single software solution, but there are stakeholders like Timsoft that chose to separate the steps in different e-learning platforms. From an operability point of view, this approach seems counter-productive, the actors of the educational act being forced to operate with two sources on the same content. Therefore, a future e-learning platform should incorporate the teaching, the knowledge building and the evaluation. All the stages should be treated equally important. Thus, a future e-learning software solution should encapsulate all the above benefits. Besides them, the facilitator’s possibility to customize the content based on different aspects (such as students’ level of expertise, profile, interests and age) should be a priority. Moreover, the focus on real-life situations, especially in the case of more practical subjects (such as physics, chemistry or biology) should also be taken into consideration. The integration of the administrative part seems necessary. Integrating this in the structure of the application should be beneficial, the facilitator having evidence of the students, of the resources and of the evolution of the learning process through the reports generated by the application. Nevertheless, an approach similar to the AeL’s

11 E-learning in Romania: An Overview on Software Solutions …

141

ASM seems detrimental because of the amount of information that the platform has to manage. One last point a possible future e-learning solution for the Romanian undergraduate education system should consider is to be open-source. All the analyzed solutions included some costs (whether acquisition costs being proprietary solutions or paid courses available on the platform). Since the Romanian education system is already underfunded, supplementary costs decelerate the process of digitalization.

11.5 Conclusions Once the communist regime fell as a result of the 1989 Revolution, important changes occurred in the Romanian education system. Romania had to adopt the European values in terms of education [7] and e-learning paradigm has begun to gain more and more importance. The private sector has always manifested interest into developing e-learning solutions, Romania beneficiates from a big number of companies with tradition in the education sector. So, over the years, it provided numerous e-learning solutions that can successfully be integrated in the Romanian education system. They did not neglect any learner category, their target audience including from kindergarten children to university students. This paper firstly offered to its readers a comprehensive overview on five elearning platforms developed by Romanian companies. The choice of the solutions was made based on the importance of the company in the market of e-learning. The five selected companies were SIVECO, Ascendia S.A, InsideMedia, Timsoft and Softwin. The study analyzed one solution from each of the five companies, exception being Timsoft, for which two e-learning platforms were chosen. The reason was the separation this company made in terms of the steps of the learning process. This research paper provided a perspective on the way each application is structured, the features it offers, as well as its benefits and drawbacks. Then, a brief comparison between them was made with the focus on the main strong points identified in the case of each solution. Based on these results, some suggestions for an e-learning platform that can be successfully integrated in the Romanian undergraduate education system were made. This can be a valuable contribution to the literature, providing future directions that should be considered both for the private stakeholders and for the government in the case of developing a new e-learning solution.

References 1. Wikipedia “Educational technology”, https://en.wikipedia.org/wiki/Educational_technology. Last accessed April 2022 2. Nedeva, V., Dimova, E.: Some advantages of e-learning in English language training. Trakia Journal of Sciences 8(3), 21–28 (2010)

142

A.-C. Stroe

3. Liu, G.-Z., Hwang, G.J.: A key step to understanding paradigm shifts in e-learning: towards context-aware ubiquitous learning. Br. J. Edu. Technol. 41(2), E1–E9 (2010) 4. Commission of the European Communities, “The eLearning Action Plan”, https://eur-lex.eur opa.eu/LexUriServ/LexUriServ.do?uri=COM:2001:0172:FIN:EN:PDF. Last accessed April 2022 5. Goldbach, I.-R., Hamza-Lup, F.: Survey on e-learning implementation in Eastern-Europe Spotlight on Romania. In: Proceedings of the 9th International Conference on Mobile, Hybrid, and Online Learning (2017) 6. Popescu, A.-C.: The decentralisation of the school system in post-communist Romania. J. Educ. Adm. Hist. 42(3), 315–336 (2010) 7. Marga, A.: Reform of education in Romania in the 1990s: a retrospective. High. Educ. Eur. 27(1–2), 123–135 (2002) 8. Lupu-Dima, L., Edelhauser E., Ionic˘a, A.: E-learning platforms in Romanian higher education. Ann. Univ. Petros, ani, Econ. 10(1), 137–148 (2010) 9. Hosszu, A., Rughinis, C.: Digital divides in education. An analysis of the Romanian public discourse on distance and online education during the COVID-19 Pandemic. Sociol. Româneasc˘a 18(2), 11–39 (2020) 10. Edelhauser, E., Lupu-Dima L.: Is Romania prepared for elearning during the COVID-19 pandemic? Sustainability 12(13), 11–39 (2020) 11. Istrate, O.: eLearning in Romania: the State of the Art. eLearning Papers 5 (2007) 12. European Commission, TDigital Economy and Society Index (DESI) 2021, https://digital-str ategy.ec.europa.eu/en/policies/desi. Last accessed April 2022 13. Preda, A.-M., Crisan, D.A., Stanica, L., Altar Samuel, A.-N.: Implementing E-learning in the Romanian educational system—a priority in the context of Eu Integration. Res. Pap. Econ. 2(1), 179–193 (2008) 14. Bedwell, W.-L., Salas, E.: Computer-based training: capitalizing on lessons learned. Int. J. Train. Dev. 14(3), 239–249 (2010) 15. Stoyanov, S., Ganchev, I., Popchev, I., O’Droma, M.: From CBT to E-learning. J. Inf. Technol. Control. 3(4), 2–10 (2005) 16. Barron, A.: Designing web-based training. Br. J. Educ. Technol. 29(4), 355–370 (1998) 17. Piotrowski, M.: What is an E-learning platform? In: Learning Management System Technologies and Software Solutions for Online Teaching: Tools and Applications, pp. 20–36. Information Science Reference, New York (2010) 18. Vieyra, G.-Q., Gonzalez, L.-F.-M.: Platforms for online learning: a product specification. Eur. J. Soc. Sci. Educ. Res. 5(3), 112–120 (2020) 19. Wikipedia “Learning management system”, https://en.wikipedia.org/wiki/Learning_manage ment_system. Last accessed April 2022 20. Wikipedia “Virtual learning environment”, https://en.wikipedia.org/wiki/Virtual_learning_e nvironment. Last accessed April 2022 21. Dillenbourg, P., Schneider, D., Synteta, P.: Virtual learning environments. In: In 3rd Hellenic Conference Information Communication Technologies in Education (2002) 22. Pinner, R.: eLearning Industry, What is the difference between an LMS and a VLE? https://ele arningindustry.com/difference-between-lms-and-vle. Last accessed April 2022 23. Holotescu, C., Grosseck, G., Andone D.: “Report on ICT in education in Romania” in learning management system. In: Comparative Analysis of ICT in Education Between China and Central and Eastern European Countries, pp. 303–323. Springer (2020) 24. Morcov, S., Pintelin, L., Kusters, R.-J.: Challenges of implementing a large-scale elearning and collaboration platform—the Dias project, Cyprus. In: Lever-Aging Technology for Learning, Proceedings of the 8th International Scientific Conference” eLearning and Software for Education” (2012) 25. SIMAVI—Software Imagination Vision, “AeL Educational”, http://www.emanual.ro/index. php/articles/c3112/en. Last accessed April 2022 26. Ascendia, S.A.: “EduTeca-The Seasons”, https://www.ascendia.ro/elearning-en/eduteca-sea sons. Last accessed April 2022

11 E-learning in Romania: An Overview on Software Solutions …

143

27. InsideMedia, “Academia Online”, http://www.academiaonline.ro/. Last accessed April 2022 28. V˘atuiu, T., Popeang˘a, V.-N.: The e-learning benefits in the Romanian business environment. MPRA 19265 (2009) 29. Timsoft SRL, “eLearnTS”, http://www.timsoft.ro/index.php?pagina=produselearn. Last accessed April 2022 30. Timsoft SRL, “eTestTS”, http://www.timsoft.ro/index.php?pagina=etest. Last accessed April 2022 31. Intuitext, “ExamenulTau.ro”, https://www.examenultau.ro/. Last accessed April 2022

Part III

Big Data Management, Processing and Analytics, Machine Learning Theory and Applications

Chapter 12

Sustainable Communities with Smart Meters. A Statistical Measurement Model to Cope with Electricity Consumers’ Behavior Simona-Vasilica Oprea, Adela Bâra, Jin Xiaolong, Qian Meng, and Lasse Berntzen Abstract The mentality of electricity consumers is one of the most important entities that needs to be addressed when coping with balancing issues in operating the power systems. Consumers are used to being completely passive and just plugging in their appliances. Still, recently these things have changed as significant progress of Information and Communication Technologies (ICTs) and Internet of Things (IoT) gain momentum. In this paper, we propose a statistical measurement model using covariance structure, specifically a first-order Confirmatory Factor Analyses (CFA), to identify the factors that might contribute to the change of attitude. Furthermore, this research identifies latent constructs and indicates which observed variables load on or measure each latent construct. For simulation, two real complex data sets of questionnaires created by the Irish Commission for Energy Regulation (CER) are analyzed, demonstrating the influence of some exogenous variables on the items of the questionnaires. The results reveal a relevant relationship between the socialeconomic and behavioral factors and observed variables. Furthermore, the models provide an excellent fit to data as measured by the performance indicators.

12.1 Introduction The implementation of Demand Response (DR) programs is sensitive to the consumers’ perception and mentality, referring to a couple of factors that are not always directly measured by surveys or questionnaires. The Confirmatory Factor S.-V. Oprea (B) · A. Bâra Department of Economic Informatics and Cybernetics, Bucharest University of Economic Studies, no. 6 Pia¸ta Roman˘a, 010374 Bucharest, Romania e-mail: [email protected] J. Xiaolong Key Laboratory of Smart Grid of Ministry of Education, Tianjin University, Tianjin 300072, China Q. Meng · L. Berntzen School of Business, University of South-Eastern Norway, 3184 Borre, Norway © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 321, https://doi.org/10.1007/978-981-19-6755-9_12

147

148

S.-V. Oprea et al.

Analysis (CFA) is a statistical instrument that allows testing hypotheses sustained by theory. It requires a good knowledge of the field to identify the latent factors and group the observed variables by those latent factors. Numerous studies use CFA in investigations related to consumers’ awareness, behavior, education, psychology, economy, etc., in social science research to analyze questionnaire data and extract valuable insights that are not easy to measure otherwise [1–5]. 308 observations taken from the respondents in Macau were analyzed using CFA and Structural Equation Modelling (SEM) to show that environmental concerns and financial benefits are the factors that influence the perception of Full Electric Vehicles (EV) and the intention to purchase FEV. It reveals that perception of economic benefit is one of the key factors influencing the adoption of full electric vehicles [6]. Furthermore, authors in [7] analyzed the responses of 246 electricity consumers from Pakistan using CFA and SEM to measure the consumer awareness towards electricity conservation of residential consumers in developing countries. It measures the influence of some factors such as beliefs, attitudes, intentions on energy conservation, showing that awareness [8], perceived value, resistance to change, and benefits are predictors of behavioral changes towards energy conservation measures. For this investigation, we extract observed variables from two complex and extensive questionnaires that targeted the Irish electricity consumers during pre-trial and post-trial installing smart metering systems. Their consumption and opinions were monitored. The data sets can be accessed by request (https://www.ucd.ie/issda/data/ commissionforenergyregulationcer/) from CER that initiated a project aiming to evaluate the performance of a couple of DR programs using smart metering systems (SMS) and test the opportunity to install more SMS. It consists of two of the world’s largest and most comprehensive trials that target both residential consumers and small and medium enterprises. Two 143-item and 243-item questionnaires were launched to residential electricity consumers subjected to a pre-, and post-trial SMS implementation carried out by the Irish CER to test the electricity consumers’ behavior. The questions accounted for numerous latent factors such as demographics (sex, age, education, employment status), attitude, expectation, relation with supplier, perceived impact of own actions, pro-environmental measures, appliances heating usage, and perceived implementation of the DR programs. In this paper, our research is focused on the residential consumers’ answers to the questionnaires that accounted for 4,232 items (pre-trial) and 3,423 items (post-trial). Thus, our study uses the Irish residential consumers’ real-life experiences. Our purpose is to test the structure of the factors underlying the questionnaires data sets. Thus, we empirically test the theory that describes the structure of the factors that underlies the two data sets [9, 10]. Furthermore, this study verifies whether the measurement model created with CFA displays an acceptable fit to data and shows how to modify it to be even better.

12 Sustainable Communities with Smart Meters. A Statistical …

149

12.2 Research Methodology This paper’s research methodology involves processing the large data sets for CFA. First, we split the questions of each questionnaire into significant groups that reveal specific traits of the electricity consumers and their consumption. The pre-trial questionnaire consists of 4,232 observations and 143 questions grouped by seven variables summing up data about q1 Demographics, q2 Positive attitude, q3 Negative attitude, q4 Measures, q5 Expectations q6 Relation with supplier, and q7 Appliances. These variables are further grouped by two latent factors: social-economic and behavioral factors. On the other hand, the post-trail questionnaire has 3,423 observations and 234 questions that are grouped by nine variables summing up data about q1 DR program, q2 Demographics, q3 Positive attitude, q4 Negative attitude, q5 Heating, q6 Measures, q7 Positive perception on price-based DR implementation, q8 Negative perception on price-based DR implementation and q9 perception on incentive-based DR. Each observed variable is influenced by one latent factor and a measurement error. For CFA, the CALIS procedure from SAS is implemented using the lineqs statement to write the influences mentioned above as linear equations. Similar results can be obtained with the factor statement equivalent to lineqs. In the lineqs statement, we define a set of linear equations for each observed variable qi . It is equal with the factor loading pi multiplied by the latent factor Fk plus measurement error or residual term ei . qi = pi × Fk + ei , ∀i ∈ 1, n, ∀k ∈ 1, m

(12.1)

where i is the number of observed variables and k is the number of latent factors. Using variance and cov statements, we define variances and covariances calculated by the CALIS procedure. Variances for latent factors are set to 1, whereas they are allowed to covary, and the covariance is defined in the cov statement. The Pathdiagram statement enables us to display the CFA diagram along with the main performance indicators. When using factor statement, the relationships are written as: Fc ===> q1 . . . q j

(12.2)

where j is the number of variables that load on a particular latent factor Fc . We set residual robust and modification of the CALIS procedure. As we summed up the answers for a series of questions, the problem with the missing value disappeared, but outliers still exist and lower the performance indicators of the model. They are printed out with plots = caseresid option of the CALIS procedure. Thus, residual robustness is an option for outliers’ treatment that does not simply erase or remove some outliers, leading to the masking effect. It is an alternative way to handle outliers that are down-weighted simultaneously with the estimation. The observations are iteratively reweighted based on the updated parameter estimates. The Modification option is also important as it may provide meaningful suggestions to improve the model.

150

S.-V. Oprea et al.

12.3 Results The numerous items of the pre-trial questionnaire were aggregated into seven observed variables: q1 for demographics, q2 for positive attitude, q3 for negative attitude, q4 for measures, q5 for expectations, q6 for relation with supplier q7 for appliances. Two latent factors are considered: F1 as the social-economic factor and F2 as the behavioral factor. Variables q1, q4, q6, and q7 from the pre-trial questionnaire load on the social-economic factor (F1), whereas q2, q3, and q5 load on the behavioral factor (F2). The CALIS procedure from SAS is implemented for the pre-trial questionnaire data set as in Table 12.1. Lineqs statement is considered to define the variables as linear equations. Each observed variable is influenced by its latent factor and measurement error. Nine variables are extracted from the post-trial questionnaire: q1 for DR program, q2 for Demographics, q3 for Positive attitude, q4 for Negative attitude, q5 for Heating, q6 for Measures, q7 for Positive perception on price-based DR implementation, q8 for Negative perception on price-based DR implementation, q9 for perception on incentive-based DR. The same two latent factors are considered: F1 as the socialeconomic factor and F2 as the behavioral factor. Variables q2, q5, q6 from the posttrial questionnaire load on the social-economic factor (F1), whereas q1, q3, q4, q7-q9 load on the behavioral factor (F2). Also, the CALIS procedure is implemented for the post-trial questionnaire data set as in Table 12.2 using lineqs statement to define the nine variables. The results related to the modeling information and variables are presented in Table 12.3 and Table 12.4. The mean value and standard deviation for the observed variables are shown in Table 12.5. The factor loadings for pre-trial and post-trial questionnaires are presented in Tables 12.6 and 12.7. In each case, one-factor loading is not statistically significant, p4 for pre-trial questionnaire for which t value is outside the limits (that is smaller than 2.58) and p2 for post-trial questionnaire for which t value is 1.289 that, is also less than 2.58. Table 12.1 CALIS implementation for pre-trial questionnaire data preq7factor; infile'/home/so/preq7factor.csv' dsd; input id $ q1-q7; run; proc calis modification residual robust; lineqs q1 = p1 F1 + e1, q2 = p2 F2 + e2, q3 = p3 F2 + e3, q4 = p4 F1 + e4, q5 = p5 F2 + e5, q6 = p6 F1 + e6, q7 = p7 F1 + e7;

variance e1-e7 = vare1-vare7, F1 = 1, F2 = 1; cov F1 F2 = covF1F2; var q1-q7; pathdiagram diagram = standard scale = 0.75 EXOGCOVARIANCE label=[F1="Social_economic" F2="Behavioural"] dh = 1000 dw = 1000 textsizemin = 10; run;

12 Sustainable Communities with Smart Meters. A Statistical …

151

Table 12.2 CALIS implementation for post-trial questionnaire data post9factor; infile '/home/so/post9factor.csv' dsd; input id $ q1 q2 q3 q4 q5 q6 q7 q8 q9; run; proc calis modification residual robust; lineqs q1 = p1 F2 + e1, q2 = p2 F1 + e2, q3 = p3 F2 + e3, q4 = p4 F2 + e4, q5 = p5 F1 + e5, q6 = p6 F1 + e6, q7 = p7 F2 + e7, q8 = p8 F2 + e8,

q9 = p9 F2 + e9; variance e1-e9 = vare1-vare9, F1=1, F2 = 1; cov F1 F2 = covF1F2; var q1-q9; pathdiagram diagram = standard scale = 0.75 EXOGCOVARIANCE label=[F1="Social_economic" F2="Behavioural"] dh = 1000 dw = 1000 textsizemin = 10; run;

Table 12.3 Modeling information Modeling info for pre-trial questionnaire

Modeling info for post-trial questionnaire

Modeling Information

Modeling Information

Robust maximum likelihood estimation

Robust maximum likelihood estimation

Data set

WORK.PREQ7FACTOR

Data Set

WORK.POST9FACTOR

N records read

4232

N records read

3423

N records used

4232

N records used

3423

N Obs

4232

N Obs

3423

Model type

LINEQS

Model type

LINEQS

Analysis

Means and covariances

Analysis

Means and covariances

Table 12.4 Variables information Variables for pre-trial questionnaire

Variables for post-trial questionnaire

Variables in the model

Variables in the model

Number of endogenous variables = 7

Number of endogenous variables = 9

Number of exogenous variables = 9

Number of exogenous variables = 11

Endogenous Manifest q1 q2 q3 q4 q5 q6 q7 Endogenous Manifest q1 q2 q3 q4 q5 q6 q7 q8 q9 Latent

Latent Exogenous

Exogenous

Manifest

Manifest

Latent

F1 F2

Latent

F1 F2

Error

e1 e2 e3 e4 e5 e6 e7

Error

e1 e2 e3 e4 e5 e6 e7 e8 e9

152

S.-V. Oprea et al.

Table 12.5 Simple statistics for the two data sets Simple statistics Simple statistics for pre-trial questionnaire Mean

Variable

Std Dev

Simple statistics for post-trial questionnaire Variable

Mean

Std Dev

q1

45.91966

6.49056

q1

8.53754

3.22219

q2

16.78474

3.06561

q2

20.61846

7.10923

q3

23.94849

6.01536

q3

16.0894

5.63135

q4

13.99669

2.05743

q4

25.89833

5.57182

q5

15.60562

3.16985

q5

23.71458

3.84094

q6

18.40052

4.01145

q6

3.43003

4.67816

q7

50.69565

11.09745

q7

70.04061

41.94054

q8

17.14607

19.24341

Table 12.6 Factor loadings for the pre-trial questionnaire data set Standardized Effects in Linear Equations for pre-trial questionnaire Variable

Predictor

Parameter

q1

F1

p1

Estimate 0.40652

0.03209

Standard error

t Value

q2

F2

p2

2.97743

0.02871

103.7