1 / 21

Pro svetovanje

Pro svetovanje. E UROPEAN CRITICAL INFRASTRUCTURE towards a definition. Renato Golob , mag. 1983. 1996. 2001. 2002. 2004. 2005. 2008. COMPANY. INFRASTRUCTURE. Telecommunication. DO WE HAVE TO SOLVE A PROBLEM ?. STATE, UNION (COMMUNITY). Health. INDIVIDUAL. Electricity. Transport.

angus
Download Presentation

Pro svetovanje

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Prosvetovanje EUROPEAN CRITICAL INFRASTRUCTURE towards a definition Renato Golob, mag. Belgrade, April 2013

  2. 1983 1996 2001 2002 2004 2005 2008 Belgrade, April 2013

  3. COMPANY INFRASTRUCTURE Telecommunication DO WE HAVE TO SOLVE A PROBLEM ? STATE, UNION (COMMUNITY) Health INDIVIDUAL Electricity Transport ... Information Food PRIMARY INTEREST OF EACH STATE LEGAL OBLIGATION UNIFIED RULES: METHODOLOGIES, STANDARDS, CRITERIA, CONTROL CENTRALISED COORDINATION MOTIVATION MECHANISMS Belgrade, April 2013

  4. CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM 1. Areas of Security 2. Establishing a Protection System 3. Risk Assessment – the indispensable condition Belgrade, April 2013

  5. The task, purpose or meaning of CI protection is considerably broader than the meaning of private security. Private security is just a part of CI protection system. CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – Areas of Security Private security: to prevent unauthorised persons from accessing the protected person or property and thus prevent a loss event (an event that would bring about harmful consequences). Critical infrastructure protection system: to prevent any event that might interrupt comprehensive functionality. Belgrade, April 2013

  6. Sector TRANSPORT SubS “road” SubS “railway” SubS “air” SubS “water” CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – establishing a Protection System Belgrade, April 2013

  7. VSS microlocation Belgrade, April 2013

  8. Threats Vulnerability Probability of the Incident Damage Consequences CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – the indispensable condition RISK ASSESSMENT Incident Vital Security Spots Microlocations Security Measures Belgrade, April 2013

  9. 1. CONCLUSIONS: European Critical Infrastructure must be protected. Critical infrastructure can only be protected using systemic solutions of security measures. Proper security measures can only be identified on the basis of analysing the results of a security risk assessment. Belgrade, April 2013

  10. Directive 2008/114/EC Actual questions: Disputed starting points: Article 3; based on what data, grounds or argumentations? Article 3; a single criterion for determining ECI – damage (harmful) consequences Article 7; which are the measures of ECI protection, that apply at the EU level? Article 5; ECI: assetsimportant persons, machines, devices, materials, processes ? Article 8; Maner of ensuring access? What are the existing best practices and methodologies? Which of them are available? Annex II; areas of security to be taken into account, considered and regulated Annex II: “ ... ECI OSP PROCEDURE 1. identification of important assets; 2. conducting a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact; and 3. identification, selection and prioritisation of counter-measures and procedures with a distinction between ...” Article 3; “...2. The cross-cutting criteria shall comprise the following: (a) casualties criterion (assessed in terms of the potential number offatalitiesor injuries); (b) economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; (c) public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life)....” Article 8; “... The Commission shall support, through the relevant Member State authority, the owners/operators of designated ECIs by providing access to available best practices and methodologies as well as support training and the exchange of information on new technical developments related to critical infrastructure protection... “ Article 5: “ ... 1. The operator security plan ("OSP") procedure shall identify the critical infrastructure assets of the ECI and which security solutions exist or are being implemented for their protection....” Article 3; “ ... The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI ...” Article 7; “ ... 3. Based on the reports referred to in paragraph 2, the Commission and the Member States shall assess on a sectoral basis whether further protection measures at Community level should be considered for ECIs...” Belgrade, April 2013

  11. non obligatory (optional) There is no subject within European Commission with the competences to deal with European critical infrastructure protection. Directive 2008/114/EC – European Commission´s competences: Article 3/1: “may assist ”, “may draw the attention” Article 3/2: “shall develop .. shall be optional” + Article 4/2: “may participate” no competences, wihout authorization Article 7/4: “may be developed” Article 7/2: “may be developed” Article 7/2: “Each Member State shall report every two years to the Commission generic data on a summary basis on the types of risks, threats and vulnerabilities encountered per ECI sector in which an ECI has been designated pursuant to Article 4 and is located on its territory. A common template for these reports may be developed by the Commission in cooperation with the Member States.” Article 3/1: “The Commission may assist Member States at their request to identify potential ECIs.The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI.” Article 4/2: “Each Member State on whose territory a potential ECI is located shall engage in bilateral and/or multilateral discussions with the other Member States which may be significantly affected by the potential ECI. The Commission may participate in these discussions but shall not have access to detailed information which would allow for the unequivocal identification of a particular infrastructure.” impossible to protect European Critical Infrastructure Article 3/2: “The Commission together with the Member States shall develop guidelines for the application of the cross-cutting and sectoral criteria and approximate thresholds to be used to identify ECIs. The criteria shall be classified. The use of such guidelines shall be optional for the Member States.” Article 7/4.: “Common methodological guidelines for carrying out risk analyses in respect of ECIs may be developed by the Commission in cooperation with the Member States. The use of such guidelines shall be optional for the Member States.” Belgrade, April 2013

  12. 2. CONCLUSIONS: European Critical Infrastructure does not exist. OR European Critical Infrastructure protection system does not exist. OR The protection of ECI is the responsibility of Member States. But that is not possible. Belgrade, April 2013

  13. It is up to each individual State to determine: - which complexes (premises) should form ECI (by drawing up a proposal for coordination (harmonization) with the neighbour States), - the level of European critical infrastructure protection system, - supervisory (control) system. The security of all states depends on the attitude of each individual state towards the issue of ECI protection. No state can guarantee the security of its citizen or property because decisions about this are adopted in other Member States. Belgrade, April 2013

  14. ? supervisory system ? ? standards used ? ? level of qualification and ability ? Centre for European Policy Studies:»Protecting critical infrastructure in the EU, CEPS Task Force Report«, 2010, Brussels: Levels of identification, levels of protection and relationships between national authorities and proprietors of European Critical Infrastructure vary from one member state to another. While there are individual cases of cooperation between member states, there is no common concept. Different states use different risk assessment methodologies. EU Level, ECI: thete is no system of cooperation and coordination. Belgrade, April 2013

  15. 3. CONCLUSIONS: However, the Directive is of significant value and important. This is the first time, that European Union has officially referred to and pointed out the existence of European critical infrastructure and the need to dedicate considerable attention to protecting it. Belgrade, April 2013

  16. ECI shall be identified and determined by EC. Centralized coordination. Owners: have to ensure the functionality of protection systems. BASIC / INITIAL CONCEPT Unified rules for all member states. The obligation has to be determined by law. System of motivation. FUTURE: Does ECI exist? Does EU want to establish a system for its protection? Treaty on the Functioning of the European Union Belgrade, April 2013

  17. TASKS TO BE DONE: European Commission: - ECI Agency. ECI Agency: - ECI identification, - ECI categorization, - uniform (common) rules (methodologies, criteria, standards, ...), - supervisory system, - ... Owners: - risk assessment, - security measures, - operator security plan, - ECI protection system. Belgrade, April 2013

  18. detailed project proposal: “ ECI Protection System” - preparing, - confirmation, - realization. ECI Agency coordination Member States data European Commission Directorates External expert´s Groups (practice, experience) Development & Research Institutions research, analysis Belgrade, April 2013

  19. 4. CONCLUSIONS: EU has two possibilities: Directive 2008/114/EC: there is no ECI member states are entirely responsible for the protection of their CI ECI Protection System: member states are entirely responsible for the protection of their CI centralized coordination of the ECI protection system, that has been defined and determined by law or the relevant legal act Belgrade, April 2013

  20. Literature and sources: 1.CEPS (Centre for European policy studies), 2010: Protecting critical infrastructure in the European Union, Brussels. 2. European Commission, 2005: Green Paper on a European Programme for Critical Infrastructure Protection, Brussels. 3. European Commission, 2012; On the review of the European Programme for critical infrastructure protection (EPCIP), SWD(2012) 190 final,Brussels, 4. European Council, 2009: The Stockholm Programme – An open and secure Europe serving and protecting citizens, Official Journal of the European Union,C 115/1, 5. European Council, 2011:The EU Internal Security Strategy in Action: Five steps towards a more secure Europe,COM(2010) 673 final, 6. Koubatis, A, Schonberger J.Y., 2005: Risk Management of Complex Critical Systems. International Journal of Critical Infrastructures, br. 1 / 2,3. 7. Michel-Kerjan, E., 2003: New Challenges in Critical Infrastructures: A US Perspective, Journal of Contingencies and Crisis Management, br. 11 / 3, John Wiley & Sons, Inc., New York. 8.Nozick, L., Turnquist, M, 2005: Assessing the Performance if Interdependent Infrastructures and 5. Optimising Investments, International Journal of Critical Infrastructures, br. 1 / 2,3. 9. Prezelj, I., 2008; Definicija in zaščita kritične infrastrukture Republike Slovenije, Fakulteta za družbene vede, Obramboslovni raziskovalni center, Ljubljana. 10. Svet Evropske skupnosti, 2008: Direktiva o ugotavljanju in določanju evropske kritične infrastrukture ter o oceni potrebe za izboljšanje njenega varovanja, Bruselj, Photo 1, slide 5: http://www.google.si/imgres?imgurl=http://www.borutgorenjak.com/UserFiles/Image/dogodki/balon14.jpg&imgrefurl=http://www.borutgorenjak.com/ objava.aspx?id%3D38&h=307&w=460&sz=111&tbnid=mi1g-zkFK7bpZM:&tbnh=90&tbnw=135&prev=/search%3Fq%3Dletali%25C5%25A1%25C4%258 De%2Bmaribor%2Bfoto%2Bphoto%26tbm%3Disch%26tbo%3Du&zoom=1&q=letali%C5%A1%C4%8De+maribor+foto+photo&usg=__E1ZlZZGtOFpVEg3bX_o9zv X1nc=&docid=rigH9cqeA8xhjM&hl=en&sa=X&ei=yML1UOfiHo6RhQfdtYDQAg&ved=0CDsQ9QEwBQ&dur=9359 Photo 2, slide 5: http://www.google.si/imgres?imgurl=http://mw2.google.com/mwpanoramio/photos/medium/57570669.jpg&imgrefurl =http://www.panoramio.com/photo/57570669&h=332&w=500&sz=33&tbnid=1AqHaIyHe-ilDM:&tbnh=90&tbnw=136&prev=/search%3Fq%3Dtunel%2 Btrojane%2Bfoto%2Bphoto%26tbm%3Disch%26tbo%3Du&zoom=1&q=tunel+trojane+foto+photo&usg=__ybIwPGycmS7jVTC2NHGyez267D8=&docid=bt8U1qVg3 oDAM&itg=1&hl=en&sa=X&ei=HLL1UPO_GNS1hAfCzID4Bw&ved=0CEkQ9QEwCQ&dur=11000 Photo 1, slide 6:http://www.google.si/imgres?imgurl=http://www.planetware.com/i/map/TR/troy-ground-plan-map.jpg&imgrefurl=http://www.planetware.com/map/troy ground-plan-map-tr-troy2.htm&h=737&w=700&sz=288&tbnid=L2XS3OTkdSJtfM:&tbnh=85&tbnw=81&prev=/search%3Fq%3Dground%2Bplan%2Bphoto %26tbm%3Disch%26tbo%3Du&zoom=1&q=ground+plan+photo&usg=__y60MSOffP4_Vz8doe_llVKrj94Q=&docid=wzvkNEd4YTQAQM&sa=X&ei=A9v2UMSXL4 ZhQe58YHwAg&ved=0CC4Q9QEwAQ&dur=110 Photo 2, slide 6:http://www.google.si/imgres?imgurl=http://www.museum.ky/dsn/wwwmuseumky/Content/Images/ground-floor.jpg&imgrefurl=http://www.museum.ky /116/Museum-Maps.htm&h=318&w=499&sz=65&tbnid=QdLBOuipIARJRM:&tbnh=76&tbnw=119&prev=/search%3Fq%3Dground%2Bplan%2Bphoto%2B museum%26tbm%3Disch%26tbo%3Du&zoom=1&q=ground+plan+photo+museum&usg=__nk1UZKlYIv9B2gi3ibLyYLjtiRE=&docid=tCTX4CzHmg7UDM&sa=X&e Odv2UJepKZO3hAfW34DoBQ&ved=0CDQQ9QEwAw&dur=5656 Belgrade, April 2013

  21. Thank you for your attention. Renato Golob, mag. Pro svetovanje d.o.o. pro.svetovanje@s5.net 00 386 41 767 237 Belgrade, April 2013

More Related