International and national experience of the legislation of the Critical Infrastructure Protection Lt-Col. Balázs Bognár PhD Head of Department – Department for Critical Infrastructure Coordination Ministry of the Interior, National Directorate for Disaster Management National Inspectorate for Industrial Safety

The noun "security" stems from the Latin "securitas sine cura " ("securitas" or "securus", its two components are "sine=without", and "cura”= fear"). The most common approach of security is the status without threat or the absence of vulnerability. Security MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

The complexity of security Security in a wider sense is composed of social (legal), political (diplomacy), economic, environmental (transportation, logistics, ecological), military, cyber, financial, sanitary (epidemics), homeland (police, disaster management) security. MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

Prof. Ken Booth University of Wales What is security? Prof. Barry Buzan Department of International Relations, LSE Prof. R. B. J. Walker Keele University „Security is belonging to the competence of Ministry of Uncertain Things” „security is what we do” „security is the ability and opportunity of survival against risks, which are threatening existence” MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

5 Stages of transition of the security environment 23 October 1989: Proclamation of the Republic of Hungary June 1991: Withdrawal of the Soviet troops March 1999: Hungary’s accession to NATO May 2004: Hungary’s accession to the EU

Changes of challenges and risks affecting Hungary: „change of aproach!” 1989 I. Illegal migration Conflict in the Balkans II. Disasters Hazard of terrorism Organised crime Threats to critical infrastructures Breach of public order Energetic crises Epidemics

PROTECTION OF VITAL INFRASTRUCTURE ELEMENTS ( INFRASTRUCTURES)

Infrastructures in the everyday life Satisfying human needs Improving technologies Structuring services First forms of infrastructures (irrigation systems, road networks) INFRASTRUCTURE= social environment PROTECTION MODERN SOCIETYNETWORK-LIKE SYSTEMS VITAL NEEDSDEPENDENCE

History and state of play Római t ű zvész Szegedi árvíz Szök ő ár Szumátra New York 2001.Madrid London Bhopal 1984.Kolontár 2010.

United States of America – (cold war/nuclear attacks) United Kingdom (10 sectors, 39 subsectors) Germany – 1990 (Federal Office for Information Technology Security) NATO – 2002 (CEP Council) International outlook NEW YORK 2001 Madrid 2004 London 2005 EU – aftermath of terrorist attacks 9/11 → Action Plan against Terrorism Madrid 2004 → CIP Strategy London 2005 → acceleration of actions

Vulnerability of i nfrastru c t ures INTENTIONAL, MALEVOLENT ACTIONS terrorist attack, armed conflict NATURAL INCIDENTS flood and inland water, extreme weather TECHNOLOGICAL HAZARDS accident, human error, epidemic nationalist extremists climate change red sludge disaster

PREVENTIONPREPAREDNESSRESILIENCE OBJECTIVES  EU Program → without any experience or tradition  Consultation process → the way from terrorist attacks to the Directive  All-hazard approach, paying particular attention to terrorism  National and European infrastructures – subsidiary  Roles and responsibilities of owners/operators/users  Action plan C riti cal I nfrastru cture Protection – Directive

Liability of Member States – Hungary  The 1990’s – reinterpretation of security  1995 – reform of civil protection (new classification)  2000 – NDGDM – collection of data  June 2007– The „Green Paper” on the Hungarian Program  Government Decision Nr. 2080/2008. (VI. 30.) › Adoption of the „Green Paper” › Enactment of sectoral consultations › Elaboration of regulatory concept › Military preparation › Possibility of joining to CIWIN

Liability of Member States – Hungary  2008–2009 – sectoral consultations, questionnaires  May 2010 Balatonföldvár – international seminar  October 2010 Slovakia – regional discussion  4-5 November 2010 Bucharest – regional discussion  Government Decision 1249/2010. (XI. 19) on the governmental tasks › Responsibilities of the Minister of the Interior (coordination, EPCIP POC, international discussions) › Setting up a CIP Working Group › Designation of ECIs › European Commission – report › Consultation Forum

Liability of Member States – Hungary Composition of the CIP Inter-ministerial Working Group Ministry of Defence NDGDM Office for the Protection of Constitution National DG for Disaster Management Centre for Counter- terrorism National Headquarter for the Police Minister for the Interior National Office for Commercial Granting National Authority for Security National Office for Energy Minister for Administration and Justice Minister for National Defence National Authority for Traffic Minister for Economics

Liability of Member States – Hungary ACTIVITY OF THE WORKING GROUP  30 November 2010 – inaugural meeting: tasks with deadlines › elaboration of criteria for designation of ECI › proposals for potential ECIs  8 December 2010 – adoption of statutes and working program  (15,22,29) December 2010 – January 2011 – discussion, clarification, adoption of cross-cutting and sectoral criteria of ECIs  10 January 2011 – draft report for the European Commission  20 January 2011 – adoption of the draft on the cross-cutting criteria of National Critical Infrastructures (NCI), report to the European Commission after Governmental approval  11 February 2011 – discussion of NCI sectoral criteria (completed by the National Ministry for Development (NMfD)in March 2011)  since April – 2011 NMfD – CIP Consultation Forum

Critical Infrastructure Protection CRITICAL INFRASTRUCTURES Definition: An asset, system or part of thereof which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.  Interdependence  Cyber security  Operation  Cascade effect  The weakest link & part- whole concept

Present of the National Program New Act on Disaster Management and its decrees – Responsibility of the Ministry of the Interior (MoI NDGDM) Visible and tangible change of attitude Dynamic development – became a priority area Significant scientific actions and tender possibilities in the field of CIP

-19- Tasks given by the Head of the National Directorate General for Disaster Management (NDGDM): 1.Identifying the potential critical infrastructure elements; 2.Keeping critical infrastructures under authoritative control.

-20- Amendments in the legislation The Fundamental Law of Hungary Strategy of National Security/ Strategy of National Military Security Disaster Management Act Government Decree on Disaster Management Act Ordinance (s) of the Minister of Interior Order (s) of the Head of NDGDM Act on Critical Infrastructure Government Decree on Critical Infrastructure Legislations of different sectors MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

-21- The Fundamental Law of Hungary Law and Order in extraordinary cases ( article): 5/ emergency situation „Disaster Threatening Situation” In case of disaster threatening situation the Director General – in accordance with the approved emergency response plan which was approved by minister of the interior - acts immediately in order to protect the critical infrastructures. Emergency situation The emergency situation is a situation, which is defined in the 53. article of the Fundamental Law, and which could be occurred in the following cases: cd) Such an operational failures of a given critical infrastructures which cause problems in the basic supply of the population during several days or affected more counties.

-22- CIP Events 2011  January 2011 – preparation of the EU reports  February 2011 –NCI sectorial criteria  March 2011 – CIP POC pre/meeting  April 2011 – KIIV IT meeting  May 2011 – EU EXTRAH Project  June 2011 – II. EU-USA CIP conference  July 2011 – ECI assessment  August 2011– Working out of the regulations  September 2011– CIP WG meeting  October 2011 – NATO CPG / NATO CMX11  November 2011– Regional CIP  December 2011 –NATO CC11/cyber incidents MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

-23- Tasks of CIP in 2012– Legislation  1 st January, – 62/2011. Ordinance of the Minister of Interior  4 th January – CIP proposal (Minister of Interior)  20 th January 2012 – Proposal (Government)  25 th January 2012 – Order of Head of NDGDM  February-May – executive legislation, institutions, identification/designation processes, establishment for the horizontal impact assessment  2012– Act on CIP  2012– legislation of sectors  Government Decree on CIP MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

-24- International activity March 2012, Brussels, CIP POC Meeting (EPCIP review) 24-26, April 2012, Ispra, EPCIP Workshop May 2012, Brussels, III. EU-USA-Canada CIP Expert Conference MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

-25- Horizontal Criteria / Analytical methods 1.Loses, 2.Economical effect, 3.Social effect, 4.Political effect, 5.Environmental effect, 6.and Security.

-26- CIPSectors

CIP Identified elements by sector Total: elements ENERGY IT TRANSPORT WATER FOOD HELATH LOW AND GOVERNMENT

Main element of the legislation  Explanatory Provisions  Designation of the national and European critical infrastructures  Common rules for the national and European critical infrastructures  Registration  Operational Security Plan, security officer  Controls  Special rules for the energy sector  Closing provisions, authorization MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

-29- Monitoring Control Coordination Registration Network Safety CIP CERT MINISTRY OF THE INTERIOR NATIONAL DIRECTORATE GENERAL FOR DISASTER MANAGEMENT

-30- Cooperative authorities and organizations - Constitution Protection Office -National Protective Service -National Security Authority -National Police Department -Police Department of Budapest -Counter Terrorism Centre -National Taxation Authority -National Media and Info Communications Authority - Hungarian Energy Office -Hungarian Atomic Energy Authority -National Emergency Service -National Transport Authority -Transportation Safety Bureau -Government Offices at Budapest and in the Regions Based on the Ordinance of the Minister of Interior no 62/2011. The Police, the Hungarian Prison Service, the Constitution Protection Office, the National Security, the Counter Terrorism Centre are co-operating according to the coordination of NDGDM: a)in the shaping of the horizontal criteria system, b)in the process of identification, c)giving data to the above mentioned.

-31- Simpler legislation

-32- Thank you very much for your kind attention! Tel: +36(1) Fax: +36(1) GSM: +36(20)