On the European experience in critical infrastructure protection

Similar documents
PROTECTION OF CRITICAL INFRASTRUCTURE AND THE ROLE OF INVESTMENT POLICIES RELATING TO NATIONAL SECURITY. May 2008

Horizon 2020 Secure Societies

Horizon 2020 Secure Societies

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Critical Infrastructure Security and Resilience

Cyber Security Strategy for Germany

National Cyber Security Strategies

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

Public Private Partnerships and National Input to International Cyber Security

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District

1 FOCUS Foresight Security Scenarios

Scoping Paper for. Horizon 2020 Societal Challenge 'Secure Societies - protecting freedom and security of Europe and its citizens'

National Cyber Security Policy -2013

Honourable members of the National Parliaments of the EU member states and candidate countries,

JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. The EU's comprehensive approach to external conflict and crises

Cyber Security Strategy

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

OUTCOME OF PROCEEDINGS

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

Cyber security in an organization-transcending way

2 Gabi Siboni, 1 Senior Research Fellow and Director,

EU policy on Network and Information Security and Critical Information Infrastructure Protection

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Cyber Diplomacy A New Component of Foreign Policy 6

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

v. 03/03/2015 Page ii

Cyberspace Situational Awarness in National Security System

Lessons from Defending Cyberspace

Achieving Global Cyber Security Through Collaboration

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

CYBER SECURITY GUIDANCE

National Cyber Security Strategy

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

EU Cybersecurity: Ensuring Trust in the European Digital Economy

The Strategic Importance, Causes and Consequences of Terrorism

THE CRITICAL ROLE OF EDUCATION IN EVERY CYBER DEFENSE STRATEGY

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

2. Taking into account the developments in the next five years, which are the actions to be launched at the EU level?

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

The EU s approach to Cyber Security and Defence

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

The internet and digital technologies play an integral part

Common Threats and Vulnerabilities of Critical Infrastructures

Cybersecurity: Mission integration to protect your assets

European Organization for Security (EOS) - Description and Envisaged Activities for 2012

The Danish Cyber and Information Security Strategy

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

ITU National Cybersecurity/CIIP Self-Assessment Tool

CYBER SECURITY. Marcin Olender Head of Unit Information Society Department

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Critical Infrastructure Protection: Survey of World-Wide Activities. 1

An Overview of Large US Military Cybersecurity Organizations

HNOLOGY IN POLICING SECURITY & CYBERSPACE SITUATION

Cybersecurity Strategy of the Republic of Cyprus

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Good morning. It is my pleasure to be here today as we begin. this workshop on improving regional responses to transnational

Middle Class Economics: Cybersecurity Updated August 7, 2015

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

Draft Horizon 2020 Work Programme Secure societies Protecting freedom and security of Europe and its citizens

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

European Centre for Information Policy and Security (ECIPS) DO NOT COPY! PROPERTY OF ECIPS

The UK cyber security strategy: Landscape review. Cross-government

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

ESKISP Conduct security testing, under supervision

DEPARTMENT OF HOMELAND SECURITY

Comprehensive European Security Approaches: EU Security Programmes. Robert HAVAS EOS Chairman of the Board

NSS 2014 UK NATIONAL PROGRESS REPORT. March 2014

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Assessment Profile: Establishing Curricular Categories for Homeland Security Education

CyberSecurity Solutions. Delivering

Conclusions 26/27 June 2014 EUROPEA COUCIL 26/27 JUE 2014

The European Security Strategy Austrian Perspective

Cyber Security Recommendations October 29, 2002

El Camino College Homeland Security Spring 2016 Courses

Business Continuity and Risk Management

S. ll IN THE SENATE OF THE UNITED STATES

Information Security Standards in Critical Infrastructure Protection

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Transcription:

DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1

This presentation is about: Facts Observations Conclusions to read, understand and use the international experience

How we did get here? New York, sept. 2001 13228 - Established the Office of Homeland Security and the Homeland Security Council 13231 - Established the President s Critical Infrastructure Protection Board XX. CENTURY XX. CENTURY 1996 2001 2002 2004 2005 2008 XXI. CENTURY XXI. CENTURY 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13 First categorization of infrastructure s systems 13010 - The President s Commission on Critical Infrastructure Protection The Administration released its National Strategy on Homeland Security DCAF/CSDM 3

Increasingly global Highly concentrated European CI Complex the weakest component determines the overall level of security of the system/state Unbounded or at least trans-border Networked through ICT Private (>85%) and public, internationally owned, More quickly developing than security standards Depends on political and business decision-makers Vulnerability - an expanding phenomena

EU paradigm: "Secure Societies" in Specific mission areas Horizon 2020: Fighting crime and terrorism Strengthening security through border management Providing cyber security Increasing Europe s resilience to disasters (including critical infrastructure protection) Ensuring privacy in the Internet and enhancing the societal dimension CFSP related issues ( dual-use Civil focus)

Key European CIP Principles Sectorbysector approach Proportionality risk assessmentproportional measures Subsidiarity countries first, EU support Complementarity build on existing measures Stakeholder Cooperation Confidentiality

Threat perception on CIP Who is threatening + What is threatened = Protection State actors Natural & man-made hazards War Economy & public wealth National security Crime, espionage Terror Non-state actors

Definition European Commission NATO Germany The Netherlands The United Kingdom An asset, system or part thereof located in member states that is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact on a member state as a result of the failure to maintain those functions. Critical Infrastructure is those facilities, services and information systems which are so vital to nations that their incapacity or destruction would have a debilitating impact on national security, national economy, public health and safety and the effective functioning of the government. Critical infrastructures are organisations and physical structures and facilities of such vital importance to a nation s society and economy the community that their failure or degradation would result in sustained supply shortage, significant disruptions to public safety and security, or other dramatic consequences. Critical infrastructure refers to products, services and the accompanying processes that, in the event of disruption or failure, could cause major social disturbance. This could be in the form of tremendous casualties and severe economic damage The Critical National Infrastructure comprises of those assets, services and system that support the economic, political and social life of the UK whose importance is such that loss could: 1) cause large-scale loss of life; 2) have a serious impact on national economy; 3) have other grave social consequences for the community; or 4) be of immediate concern to the national government

EU goes to Horizon 2020 The EU Internal Security Strategy in Action (2010) Towards a stronger European disaster response: the role of civil protection and humanitarian assistance,(2010) The EU Action Plan on combating terrorism The Security Industry Policy Action Plan (2012) Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace COM (2013) The EU Strategy towards the Eradication of Trafficking in Human Beings 2012 2016 European Programme for Critical Infrastructure Protection (2006) Civilian Headline Goal (2008)

Sectorial coverage of CIP Sector Netherlands UK Germany EU Energy x x x x ICT x x x x Finance x x x x Health care x x x x Food x x x x Water x x x x Transport x x x x Safety x Emergency med. x Government&PA x x x x Chemicals x x Defence industry x Others Judicial Media & culture Space and research facilities

Largest number of CI sectors: USA 1. Agriculture and food 2. Energy 3. Public Health 4. Emergency Services 5. Government 6. Defense Industrial Base 7. Information & Telecommunications (Cyber) 8. Water Supply Systems 9. Transportation 10. Banking and Finance 11. Chemicals and Hazardous Materials 12. Postal 13. Ports and Shipping

Information sharing Intelligence community Send and receive real time collaboration Private sector Central CIP agency - Fused info - Situational awareness - Co-ordination State CI agencies Regional and local authorities

CIP planning (different approach different results Scenarios Context ( Alternative futures ) Situational Modeling and simulations Data fusion: People and their institutions, Nations and international relations, Earth and its resources, Technologies and their exploration Capabilities based planning Sectorial, but Integrated

Organisational models USA Department of Homeland Security Canada - ( Total defence ) Office of Critical Infrastructure Protection and Emergency Preparedness UK state: National Infrastructure Security Co-ordination Centre; pub./pra.: Information Assurance Advisory Council Netherlands state: strategy, laws, innovations; private: Electronic, Commerce, Platform Netherlands Switzerland state: political-military function (FDD,CP&S), no central body, no integration of private sector Sweden ( Total defence ) state: Swedish Emergency Management Agency + Technical competence Centre + CovCERT; private: fully integrated into SEMA Finland ( Total defence ) National Emergency Supply Agency Germany MoI leads through Office of Civil Protection and Disaster assistance, Federal Office for Information Security, Police, FI Technical

Observations on European CIP policy Complicating environment, difficult solutions Government (economy first), business (national and foreign) and society (liberal) are increasingly dependent on infrastructure Critical infrastructures are increasingly dependent on each other; urbanisation and re-industry will further complicate Our knowledge of the causes of failure or attack to infrastructure is still limited Complicated security context Disaster management, Terrorism, Climate change, National, Homeland, Societal, security, Peace, Crisis, War, International EU member states still have fragmented CIP policies (highest interest in USA, Switzerland, Netherlands & Sweden; growing in Germany, France,)

Functionality Loss in Functionality (Vulnerability) Robustness The way ahead: protection through resilience Event Resilience is high if A is small A Recovery Time t event t recovery

Conclusions on CIP policy The need to protect critical infrastructure is real, and potentially determines a trade-off between (short-term) efficiency and (longterm) resilience and sustainability. The key foundations of a CIP policy are a widely communicated vision and a forwardlooking strategy, coupled with strong political commitment.

CIP policy recommendations CIP policy should be: 1. An application of a more holistic all-hazards approach and focused on long-term resilience; 2. Based on unified taxonomy, metrics and risk management; 3. Centralised in a limited number of bodies; 4. Inclusive of the cyber-dimension; 5. Sector specific; 6. Build sector-by-sector 7. Internationally bounded.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information