Presentation is loading. Please wait.

Presentation is loading. Please wait.

Belgrade, April 20131 Pro svetovanje EUROPEAN CRITICAL INFRASTRUCTURE towards a definition Renato Golob, mag.

Similar presentations


Presentation on theme: "Belgrade, April 20131 Pro svetovanje EUROPEAN CRITICAL INFRASTRUCTURE towards a definition Renato Golob, mag."— Presentation transcript:

1 Belgrade, April 20131 Pro svetovanje EUROPEAN CRITICAL INFRASTRUCTURE towards a definition Renato Golob, mag.

2 Belgrade, April 20132 1983 199620012002200420052008

3 3 INFRASTRUCTURE Telecommunication Information Food Transport Health Electricity... INDIVIDUAL COMPANY STATE, UNION (COMMUNITY) DO WE HAVE TO SOLVE A PROBLEM ? PRIMARY INTEREST OF EACH STATE LEGAL OBLIGATION UNIFIED RULES: METHODOLOGIES, STANDARDS, CRITERIA, CONTROL CENTRALISED COORDINATION MOTIVATION MECHANISMS

4 Belgrade, April 20134 CRITICAL INFRASTRUCTURE: 1. Areas of Security 2. Establishing a Protection System 3. Risk Assessment – the indispensable condition PROTECTION SYSTEM

5 Belgrade, April 20135 CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – Areas of Security Private security Private security: to prevent unauthorised persons from accessing the protected person or property and thus prevent a loss event (an event that would bring about harmful consequences). Critical infrastructure protection system Critical infrastructure protection system: to prevent any event that might interrupt comprehensive functionality. The task, purpose or meaning of CI protection is considerably broader than the meaning of private security. Private security is just a part of CI protection system.

6 Belgrade, April 20136 Sector TRANSPORT SubS “road” SubS “railway” SubS “air” SubS “water” CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – establishing a Protection System

7 Belgrade, April 20137 VSS microlocation

8 Belgrade, April 20138 Incident Vital Security Spots Microlocations Security Measures RISK ASSESSMENT ThreatsVulnerability Probability of the IncidentDamage Consequences CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – the indispensable condition

9 Belgrade, April 20139 1. CONCLUSIONS: European Critical Infrastructure must be protected. Critical infrastructure can only be protected using systemic solutions of security measures. Proper security measures can only be identified on the basis of analysing the results of a security risk assessment.

10 Belgrade, April 201310 Directive 2008/114/EC Actual questions:Disputed starting points: Article 3; “... The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI...” Article 3; based on what data, grounds or argumentations? Article 7; which are the measures of ECI protection, that apply at the EU level? Article 7; “... 3. Based on the reports referred to in paragraph 2, the Commission and the Member States shall assess on a sectoral basis whether further protection measures at Community level should be considered for ECIs...” Article 8; Maner of ensuring access? What are the existing best practices and methodologies? Which of them are available? Article 8; “... The Commission shall support, through the relevant Member State authority, the owners/operators of designated ECIs by providing access to available best practices and methodologies as well as support training and the exchange of information on new technical developments related to critical infrastructure protection... “ Article 3; a single criterion for determining ECI – damage (harmful) consequences Article 3; “...2. The cross-cutting criteria shall comprise the following: (a) casualties criterion (assessed in terms of the potential number of fatalities or injuries); (b) economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; (c) public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life)....” Article 5; ECI: assets important persons, machines, devices, materials, processes ? Article 5: “... 1. The operator security plan ("OSP") procedure shall identify the critical infrastructure assets of the ECI and which security solutions exist or are being implemented for their protection....” Annex II; areas of security to be taken into account, considered and regulated Annex II: “... ECI OSP PROCEDURE 1. identification of important assets; 2. conducting a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact; and 3. identification, selection and prioritisation of counter-measures and procedures with a distinction between...”

11 Belgrade, April 201311 Directive 2008/114/EC – European Commission´s competences: There is no subject within European Commission with the competences to deal with European critical infrastructure protection. Article 3/1: “The Commission may assist Member States at their request to identify potential ECIs. The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI.” Article 3/1: “may assist ”, “may draw the attention” Article 3/2: “shall develop.. shall be optional” Article 3/2: “ The Commission together with the Member States shall develop guidelines for the application of the cross-cutting and sectoral criteria and approximate thresholds to be used to identify ECIs. The criteria shall be classified. The use of such guidelines shall be optional for the Member States.” Article 4/2: “may participate” Article 4/2: “Each Member State on whose territory a potential ECI is located shall engage in bilateral and/or multilateral discussions with the other Member States which may be significantly affected by the potential ECI. The Commission may participate in these discussions but shall not have access to detailed information which would allow for the unequivocal identification of a particular infrastructure.” Article 7/4: “may be developed” Article 7/4.: “Common methodological guidelines for carrying out risk analyses in respect of ECIs may be developed by the Commission in cooperation with the Member States. The use of such guidelines shall be optional for the Member States.” Article 7/2: “may be developed” Article 7/2: “Each Member State shall report every two years to the Commission generic data on a summary basis on the types of risks, threats and vulnerabilities encountered per ECI sector in which an ECI has been designated pursuant to Article 4 and is located on its territory. A common template for these reports may be developed by the Commission in cooperation with the Member States.” non obligatory (optional) no competences, wihout authorization impossible to protect European Critical Infrastructure +

12 Belgrade, April 201312 2. CONCLUSIONS: European Critical Infrastructure does not exist. European Critical Infrastructure protection system does not exist. The protection of ECI is the responsibility of Member States. But that is not possible. OR

13 Belgrade, April 201313 It is up to each individual State to determine: - which complexes (premises) should form ECI (by drawing up a proposal for coordination (harmonization) with the neighbour States), - the level of European critical infrastructure protection system, - supervisory (control) system. The security of all states depends on the attitude of each individual state towards the issue of ECI protection. No state can guarantee the security of its citizen or property because decisions about this are adopted in other Member States.

14 Belgrade, April 201314 ? standards used ? ? level of qualification and ability ? ? supervisory system ? Centre for European Policy Studies:»Protecting critical infrastructure in the EU, CEPS Task Force Report«, 2010, Brussels: Levels of identificationlevels of protection Levels of identification, levels of protection and relationships between national authorities and proprietors of European Critical Infrastructure vary from one member state to another. While there are individual cases of cooperation between member states, there is no common concept. Different states use different risk assessment methodologies. EU Level, ECI: thete is no system of cooperation and coordination.

15 Belgrade, April 201315 3. CONCLUSIONS: However, the Directive is of significant value and important. This is the first time, that European Union has officially referred to and pointed out the existence of European critical infrastructure and the need to dedicate considerable attention to protecting it.

16 Belgrade, April 201316 FUTURE: Does ECI exist? Does EU want to establish a system for its protection? BASIC / INITIAL CONCEPT identifieddetermined by EC ECI shall be identified and determined by EC. Centralized coordination Centralized coordination. to ensure the functionality Owners: have to ensure the functionality of protection systems. Unified rules Unified rules for all member states. determined by law The obligation has to be determined by law. System of motivation System of motivation. Treaty on the Functioning of the European Union

17 Belgrade, April 201317 TASKS TO BE DONE: European Commission: - ECI Agency. ECI Agency: - ECI identification, - ECI categorization, - uniform (common) rules (methodologies, criteria, standards,...), - supervisory system, -... Owners: - risk assessment, - security measures, - operator security plan, - ECI protection system.

18 Belgrade, April 201318 detailed project proposal: “ ECI Protection System” - preparing, - confirmation, - realization. European Commission Directorates Member States data Development & Research Institutions research, analysis External expert ´ s Groups (practice, experience) ECI Agency coordination

19 Belgrade, April 201319 4. CONCLUSIONS: EU has two possibilities: Directive 2008/114/EC: there is no ECI member states are entirely responsible for the protection of their CI ECI Protection System: centralized coordination of the ECI protection system, that has been defined and determined by law or the relevant legal act member states are entirely responsible for the protection of their CI

20 Belgrade, April 201320 Literature and sources: 1. CEPS (Centre for European policy studies), 2010: Protecting critical infrastructure in the European Union, Brussels. 2. European Commission, 2005: Green Paper on a European Programme for Critical Infrastructure Protection, Brussels. 3. European Commission, 2012; On the review of the European Programme for critical infrastructure protection (EPCIP), SWD(2012) 190 final,Brussels, 4. European Council, 2009: The Stockholm Programme – An open and secure Europe serving and protecting citizens, Official Journal of the European Union,C 115/1, 5. European Council, 2011: The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, COM(2010) 673 final, 6. Koubatis, A, Schonberger J.Y., 2005: Risk Management of Complex Critical Systems. International Journal of Critical Infrastructures, br. 1 / 2,3. 7. Michel-Kerjan, E., 2003: New Challenges in Critical Infrastructures: A US Perspective, Journal of Contingencies and Crisis Management, br. 11 / 3, John Wiley & Sons, Inc., New York. 8. Nozick, L., Turnquist, M, 2005: Assessing the Performance if Interdependent Infrastructures and 5. Optimising Investments, International Journal of Critical Infrastructures, br. 1 / 2,3. 9. Prezelj, I., 2008; Definicija in zaščita kritične infrastrukture Republike Slovenije, Fakulteta za družbene vede, Obramboslovni raziskovalni center, Ljubljana. 10. Svet Evropske skupnosti, 2008: Direktiva o ugotavljanju in določanju evropske kritične infrastrukture ter o oceni potrebe za izboljšanje njenega varovanja, Bruselj, Photo 1, slide 5: http://www.google.si/imgres?imgurl=http://www.borutgorenjak.com/UserFiles/Image/dogodki/balon14.jpg&imgrefurl=http://www.borutgorenjak.com/ objava.aspx?id%3D38&h=307&w=460&sz=111&tbnid=mi1g-zkFK7bpZM:&tbnh=90&tbnw=135&prev=/search%3Fq%3Dletali%25C5%25A1%25C4%258 De%2Bmaribor%2Bfoto%2Bphoto%26tbm%3Disch%26tbo%3Du&zoom=1&q=letali%C5%A1%C4%8De+maribor+foto+photo&usg=__E1ZlZZGtOFpVEg3bX_o9zv X1nc=&docid=rigH9cqeA8xhjM&hl=en&sa=X&ei=yML1UOfiHo6RhQfdtYDQAg&ved=0CDsQ9QEwBQ&dur=9359 Photo 2, slide 5: http://www.google.si/imgres?imgurl=http://mw2.google.com/mwpanoramio/photos/medium/57570669.jpg&imgrefurl =http://www.panoramio.com/photo/57570669&h=332&w=500&sz=33&tbnid=1AqHaIyHe-ilDM:&tbnh=90&tbnw=136&prev=/search%3Fq%3Dtunel%2 Btrojane%2Bfoto%2Bphoto%26tbm%3Disch%26tbo%3Du&zoom=1&q=tunel+trojane+foto+photo&usg=__ybIwPGycmS7jVTC2NHGyez267D8=&docid=bt8U1qVg3 oDAM&itg=1&hl=en&sa=X&ei=HLL1UPO_GNS1hAfCzID4Bw&ved=0CEkQ9QEwCQ&dur=11000 Photo 1, slide 6:http://www.google.si/imgres?imgurl=http://www.planetware.com/i/map/TR/troy-ground-plan-map.jpg&imgrefurl=http://www.planetware.com/map/troy ground-plan-map-tr-troy2.htm&h=737&w=700&sz=288&tbnid=L2XS3OTkdSJtfM:&tbnh=85&tbnw=81&prev=/search%3Fq%3Dground%2Bplan%2Bphoto %26tbm%3Disch%26tbo%3Du&zoom=1&q=ground+plan+photo&usg=__y60MSOffP4_Vz8doe_llVKrj94Q=&docid=wzvkNEd4YTQAQM&sa=X&ei=A9v2UMSXL4 ZhQe58YHwAg&ved=0CC4Q9QEwAQ&dur=110 Photo 2, slide 6:http://www.google.si/imgres?imgurl=http://www.museum.ky/dsn/wwwmuseumky/Content/Images/ground-floor.jpg&imgrefurl=http://www.museum.ky /116/Museum-Maps.htm&h=318&w=499&sz=65&tbnid=QdLBOuipIARJRM:&tbnh=76&tbnw=119&prev=/search%3Fq%3Dground%2Bplan%2Bphoto%2B museum%26tbm%3Disch%26tbo%3Du&zoom=1&q=ground+plan+photo+museum&usg=__nk1UZKlYIv9B2gi3ibLyYLjtiRE=&docid=tCTX4CzHmg7UDM&sa=X&e Odv2UJepKZO3hAfW34DoBQ&ved=0CDQQ9QEwAw&dur=5656

21 Belgrade, April 201321 Renato Golob, mag. Pro svetovanje d.o.o. pro.svetovanje@s5.net 00 386 41 767 237 Thank you for your attention.


Download ppt "Belgrade, April 20131 Pro svetovanje EUROPEAN CRITICAL INFRASTRUCTURE towards a definition Renato Golob, mag."

Similar presentations


Ads by Google