Home » Critical Infrastructures Protection

Category Archives: Critical Infrastructures Protection

See “FBI, Interpol Host Critical Infrastructure Symposium”

“FBI Director James Comey was in Miami yesterday July 7, where he spoke at the opening of the four-day International Law Enforcement Critical Infrastructure Symposium. The event, co-hosted by the FBI’s Weapons of Mass Destruction Directorate and Interpol, has drawn senior law enforcement officials from more than 90 countries to explore and share best practices for managing WMD and counterterrorism threats targeted against critical infrastructure and to identify common approaches to protect infrastructure and key resources.

Also participating in the symposium are domestic first responders, corporate security officers, and other U.S. federal partners.

“Today, critical infrastructure is all encompassing,” said Director Comey. “It is everything to our country and our world—our dams, our bridges, our highways, our networks,” he added, explaining that the threats we face to our interconnected systems—such as bioterrorism, agroterrorism, and sabotage—are as diverse as our infrastructure itself.

Comey cited examples of threats to infrastructure, to include the armed assault last April on a California power station, the 2008 attack in Mumbai in which gunmen opened fire at a number of locations, and last year’s deadly shootings at a Kenyan shopping mall. He also noted the ninth anniversary of the July 7, 2013 strikes by terrorists who bombed the London Underground and a double-decker bus in a series of coordinated suicide attacks.

“We know these threats are real,” Comey told the audience. “We must together figure out ways to protect our infrastructure, to work together to strengthen our response to a terrorist attack, a tragic accident, or a natural disaster.”

While touching on topics ranging from terrorism, cyber, and WMD threats to training, partnerships, and intelligence, Comey’s theme throughout underscored the importance of open communication and information sharing with our partners in the U.S. and abroad.

Interpol, as an international police organization, is an important partner on which the Bureau relies heavily to help combat threats of all types. The FBI, through its liaison with Interpol, is able to leverage 190 member countries to address challenges around the globe—a very important ability in a constantly evolving global threat environment.

Comey also highlighted the work of the FBI’s WMD Directorate, each FBI field office’s WMD coordinator, and of the agency’s two regional WMD assistant legal attachés in Tbilisi and Singapore. “They integrate our counterterrorism, intelligence, counter-intelligence, scientific, and technological components and provide timely analysis of the threat and response,” Comey said. “The goal is to shrink the world to respond to the threat.”

The symposium provides the opportunity for participants to help work toward that goal. Through networking and discussions on how to coordinate and cooperate on critical infrastructure preparedness and protection efforts, attendees will strengthen existing partnerships and develop new ones. By rallying the international community around defeating a common threat, our collective chances of success increase.

Director Comey said that the US’s greatest weapon in this fight is unity, which is developed through intelligence sharing and interagency cooperation. “It is built on the idea that standing together, we are smarter and stronger than when we are standing alone,” he said. “Because no one person—no FBI agent, no police officer, no agency, and no country—can prevent or respond to an attack on critical infrastructure alone.””

http://www.fbi.gov/news/stories/2014/july/fbi-interpol-host-critical-infrastructure-symposium/fbi-interpol-host-critical-infrastructure-symposium?utm_campaign=email-Immediate&utm_medium=email&utm_source=fbi-top-stories&utm_content=334495

Collect Open Data is hacking?

M-am oprit la un articol publicat pe defenseone.com, zilele acestea: “The Military Is Already Using Facebook to Track Your Mood”, scris de Patrick Tucker.

As spune doar ca directorul DIA afirma ceva destul de diferit: acesta nu este un experiment, ci o practica – prelucrarea datelor publice. În cazul în care cineva nu-și vrea datele cu caracter personal prelucrate, el sau ea nu ar trebui să posteze pe internet! Acest lucru este, desigur, valabil si pentru LinkedIn, sau alte rețele de socializare: nu este nevoie de hacking a site-ului pentru colectarea datelor.

Bogăția de date Open Source este enorma și a explodat odată cu creșterea internetului. Dar chiar și înainte agențiile, s-au folosit de mulțimea de date Open Source. Cine nu a auzit de dumbfounding? De asemenea, sursele deschise de date sunt actualizate în mod frecvent printr-un singur “Search”.

Interesant:

“Critics have targeted a recent study on how emotions spread on the popular social network site Facebook, complaining that some 600,000 Facebook users did not know that they were taking part in an experiment. Somewhat more disturbing, the researchers deliberately manipulated users’ feelings to measure an effect called emotional contagion.

Defense One recently caught up with Lt. Gen. Michael Flynn, the director of the Defense Intelligence Agency who said the U.S. military has “completely revamped” the way it collects intelligence around the existence of large, openly available data sources and especially social media like Facebook. “The information that we’re able to extract form social media — it’s giving us insights that frankly we never had before,” he said.

In other words, the head of one of the biggest U.S. military intelligence agencies needs you on Facebook.

“Just over a decade ago, when I was a senior intelligence officer, I spent most of my time in the world of ‘ints’ — signals intelligence imagery, human intelligence — and used just a little bit of open-source information to enrich the assessments that we made. Fast forward to 2014 and the explosion of the information environment in just the last few years alone. Open-source now is a place I spend most of my time. The open world of information provides us most of what we need and the ‘ints’ of old, they enrich the assessments that we’re able to make from open-source information.”

http://cdn.defenseone.com/defenseone/interstitial.html?v=2.1.1&rf=http%3A%2F%2Fwww.defenseone.com%2Ftechnology%2F2014%2F07%2Fmilitary-already-using-facebook-track-moods%2F87793%2F

Fracking Europe

The availability of American shale gas and if and when it happens a settlement of the Iranian nuclear issue, of the Israeli-Palestinian conflict and Turkey’s (the most convenient point of transit) entry into the EU would of course change the situation, but the prospect of supplies of American shale gas is the only one to be almost immediate. Observers are also closely following progress in talks for an association agreement between Ukraine (another major point of transit) and the EU. Yes, there is a question of costs, but the infrastructure could have been developed, not to replace Russian gas, but to avoid Gasprom to be build a quasi-monopoly.

US shale gas will be transported to Europe by gas tankers, a technology that was developed long ago and allowed Algeria to sell large quantities of LNG to the US and France, which is also used by Qatar. Though some countries like France have prohibited shale gas and oil exploration, their companies, like GDF Suez of France (GDF Suez is Europe’s largest LNG importer and the world’s third-largest seller of LNG with a portfolio of 16m tones a year), are busy exploring for shale gas in the US and have already prepared plans for the port infrastructure in France and at least another European country. The US is expected by the International Energy Agency to be the world’s largest natural gas exporter by 2020 (and the largest oil exporter too), though it expects these exports to plateau soon after.

“The US is poised to overtake Russia as the world’s largest producer of oil and natural gas this year, a startling shift that is reshaping energy markets and eroding the clout of traditional petroleum-rich nations”, wrote The Wall Street Journal on Oct. 2, 2013.

Shale-rock formations of oil and natural gas have fueled a comeback for the US that was unimaginable a decade ago. Russia meanwhile has struggled to maintain its energy output and has yet to embrace the technologies such as hydraulic fracturing that have boosted US reserves.

The US ascendance comes as Russia has struggled to maintain its energy output and has yet to embrace technologies such as hydraulic fracturing that have boosted American reserves.

In May, 2013 the Department of Energy authorized the Freeport LNG project in Texas to export to countries that do not have a trade agreement with the US, including Japan and the members of the EU. It was the first such approval to be granted for two years and only the second ever.

Twenty-six proposed US LNG plants have applied to the Department of Energy for export permits, but only one – Cheniere Energy’s Sabine Pass development in Louisiana – had been granted permission to sell to countries that do not have a trade agreement with the US. The US energy department said it would work through the remaining applications in order. Japan is already the world’s largest importer of LNG, and the crippling of its nuclear industry by the 2011 meltdown at Fukushima Daiichi atomic power station has only increased its demand.

Freeport has signed deals to sell its gas to Osaka Gas and Chubu Electric of Japan, and BP of the UK. The export project is owned by a consortium including Osaka Gas and Michael Smith, Freeport’s founder and chief executive. Separately, Japanese and European companies said they would invest billions of dollars in another proposed gas export project, the $10bn Cameron LNG plant in Louisiana. Mitsui, Mitsubishi and Nippon Yusen of Japan, and GDF Suez of France which had already agreed to buy LNG from Cameron, will offer construction financing in return for equity stakes totaling 49.8 per cent.

In June, 2013 representatives from the Azerbaijan-based consortium, Shah Deniz II, approved the Trans-Adriatic Pipeline (TAP) over the U.S.-backed Nabucco West proposal. The 870-kilometer TAP will connect with the previously approved Trans-Anatolian pipeline (TANAP), crossing Greece, Albania, and the Adriatic Sea to deliver 10 billion cubic meters (extendable to 20 billion cubic meters) of Azerbaijani natural gas to Italy, and subsequently, other countries in the European Union. In light of American and European policy goals to diversify the sources of natural gas to Europe, TANAP and TAP must be seen as successes.

Europe’s and other countries’ dependence on Russian gas are about to be reduced, though there is no doubt the Gasprom will remain a major player.

Poland could also become an important producer of shale gas without running afoul of EU environmental legislation.
To answer questions about costs: they are quite high, but thanks to shale gas world natural gas prices have gone down and some countries could be priced out. Natural gas prices have started stopping being linked to oil prices, and US gas export gas could go down by another 35 percent within 4 year, but the price differential will certainly be absorbed by infrastructure investments though part of those will be met by governments (roads, etc) when needed. Countries like France which has been importing LNG for 40 years (from Algeria) have an advantage in this respect, though they will have to expand and overhaul their facilities.

The US lags far behind Europe in terms of LNG use, but European LNG prices are still aligned with oil there – which is of course in the interest of Qatar, Russia, Algeria, etc, as long term oil prices can only rise (even though they might go down temporarily as a result of the economic slowdown in Europe, China, India, etc).

One wouldn’t bet so much on shale gas developments in Europe, at least in the short term, as environmental concerns are an impediment. Europe should accelerate the diversification of her natural gas sources towards US, Canadian and even when available Ukrainian and Polish shale gas, LNG from Qatar and Algeria, perhaps more from Norway, etc., but that won’t be achieved overnight even with the new sense of urgency – the crisis in Ukraine. The share of natural gas in the manufacturing industry’s energy purchases is significantly higher in Europe than in the US. Algeria has significant traditional LNG supplier to certain south European countries. Algeria has been exporting LNG to Europe for decades but exports to the US floundered after a dispute on prices. The latest good news is that Algeria’s probable natural gas reserves have almost doubled since the beginning of this year. Ukraine herself has a potential major shale gas producer.

While a country like France is adamantly opposed to fracking – even shale oil and gas exploration is banned – nuclear power electricity plays a larger role than in any other country in the world, with the nuclear power industry providing over 80 percent of the country’s total electricity consumption. Last but not least, reversing the flow of gas from Germany and other countries to Ukraine is easier said than done, as the pipelines and their compression stations have not been designed for a reversal of the flow – but it is of course possible.

On the issue of dependence on Russian gas, everyone knows that the US won’t be able to export LNG from shale gas in large quantities before 2016.

The internet crime and its cost to society

There is not such thing as privacy anymore. There is no privacy on the Internet for sure! Privacy on Internet is just a notion that was introduced to keep the “political correct” appearance. The loss of self-identity into the masses led to the need of being noticed and discovered. Therefore, there are new generations that feel they need to share, follow, show, talk, say their existence. In the past we knew that privacy means safety, today the need to be heard or to be seen is bigger than the self preservation one.

More international bodies centralizing information on cyber crime is not probably a useful idea, while exchanging best practises, views and intelligence is always useful, not only between governmental bodies but with private bodies as well. There is no perfect method to evaluate the cost of cyber crime. I do believe in international cooperation and am not opposed to such bodies as clearing houses for intelligence that need to be shared. But certainly a state body is not going to share its technologies with a number of states who spy on its country: the technology to intercept communications between criminal organizations or to defeat hackers is the same as that which allow interception of foreign government communications and security against foreign state-sponsored hackers. As to “lawful interception” of communications, does everybody agree on that? No country will ever recognize as lawful intercepts made by another country. Part of those roles are already assumed at least in theory by Interpol, NATO and other civilian and military regional organizations. NATO remains weak on the issue and its capabilities need to be augmented. I am not sure new international bodies will not simply add a new layer of bureaucracy. Agencies are most often cooperating on ad hoc basis with other national agencies and probably don’t need an international body to further this cooperation. Such international bodies would also increase the likeliness of leaks.

I have a question: is the individuals’ pursuit of happiness the governments’ job?

“Global Energy Security Conference- The Way Forward” in May 2014

Europe’s leaders have been completely preoccupied by the economic crisis and its political and social consequences. Surprisingly, Germany has become the cautionary tale as its trailblazing emphasis on renewables has driven electricity prices up and placed an uncomfortably heavy subsidy burden on Europe’s largest economy, where the current subsidy scheme is estimated to cost businesses and consumers $32 billion per year. Barring major technological breakthroughs or a markedly improved economic outlook for Europe, widespread and economically sound renewable energy seems to be off the table for the time being. The fact that emission targets were not cut underscores that the majority of European countries will remain politically committed to relatively low emission levels. EU members will delay the implementation of renewables but will also continue to move away from high-polluting, coal-fired power plants – favoring the middle ground offered by natural gas and, to a lesser degree, clean coal technology for power generation, particularly because of the relatively low costs for both commodities.

The reality is that Europe will be hard-pressed to find cost-effective alternatives to natural gas from Russia, the world’s largest producer and the only consistent supplier of cost-competitive, high volumes of the commodity in the region. The European Union will place a greater emphasis on its collective bargaining and enforcement power to negotiate lower prices from Russia across the board for all of its members, and the development of liquefied natural gas import facilities will continue apace with the expectation that global liquefied natural gas prices will drop by the next decade. But as the economic crisis continues to blight Europe and the low energy price lobby grows stronger on the Continent, political leaders in Europe will focus on cost-effective solutions.

Again there are cost-effective new suppliers coming. The first category will be shale gas, which according to calculations made by Total, GDF-Suez and the EU, will be cheaper, despite transportation costs, than current Russian prices. As to Algeria, which has been an LNG exporter to Europe since I believe 1968, using the first modern methane tankers (at one time Algeria exported more LNG to the US than to Europe), her proven resources seemed to be dwindling, but recent major discoveries should boost the country’s exports. And of course there is Qatar. The idea is not to kick out Russia as a major supplier, but to cut EU dependency on Russian gas, and to introduce much more price competition, forcing Russian prices down. Note that Poland and the UK could become large shale gas producers, even though initially most imports will come from the US. Both the US Department of Energy and the International Energy Agency expect the US to become a net oil and natural gas exporter by 2020, certainly the world’s largest oil producer and arguably the largest LNG producer, and the world’s largest exporter of oil and gas by 2022. At the same time production is expected to plateau after a time and it is possible that the US will again become a net importer later, though in smaller quantities. CNAS believes unconventional energy production will continue to shape the world energy map.

“The future of global economic growth in the coming decade relies significantly on changes related to energy security as the global energy demand continues to grow. According to the World energy outlook, with the United States moving steadily towards meeting almost all of its energy needs, the BRIC economies (especially India and China) and the EU present the major catalysts of global energy demand growth. Russia and Brazil are other major consumers of energy but they tend to satisfy their consumptions through their domestic resources.

Due to the impact of many factors related to geopolitics, market factors and polices on the global energy market, there were both continuity and changes in some trends related to the global energy market in recent years:

While energy import continues to increase for most major importers, The USA energy import bill has decreased by 40% in the last 5 years due the shale gas boom. While demand for coal is decreasing for the OECD countries it is still increasing for India and China. The exploitation of shale gas resources in EU can create a trend of decreasing EU bill of energy sources import.

Brent crude oil has sustained a high average price of above $110 since 2011. The interim agreement with Iran on its nuclear programme will definitely lower the risks of oil export disruption passing the Strait of Hormuz, the narrow artery through which 40% of global sea-borne oil exports pass. However, The instability in Iraq and Libya, the Syrian conflict, struggle in the Southern part of Yemen; all these factor are.

Disrupting the production of oil and will have impact on the supply of oil to the global market. It will remain to see how the geopolitical situation in the wider middle east and the north Africa will impact the oil price.

Electricity price differentials are also large, with industrial consumers in Japan, Europe and China paying on average more than twice as much for electricity as their counterparts in the United States. Energy costs can be vital to the competitiveness of energy-intensive industries. These industries- including chemicals, primary aluminium- account globally for 20% of industrial value added, 25% of industrial employment and 70% of industrial energy use ( International Energy agency). Demand for these products, in the emerging economies, drives the growth in energy demand.

Despite the fact the share of fossils fuels is expected to decrease in the medium range it will continue to have biggest share in filling the global energy demand .Clean energy sources (Renewable and Nuclear) will carry on their growth in the global energy demand. But there is still a distinct disparity between different parts of the world in their energy mixes.

Energy Efficiency can help dealing with high energy costs for the major consumer. Renewable, nuclear power and unconventional gas can help achieving energy efficiency. Although the trend of global energy demand is clear, there are many scenarios regarding the sources of supply and efficiency policies for the major consumers.

Energy for the Most Vulnerable:

For the second time, the Global Energy Security Conference will address the challenge of energy security for the most vulnerable. In 2011, nearly 1.3 billion people worldwide lacked access to electricity and more than 2.6 billion relied on the traditional use of biomass for cooking. Over 95% were located in Asia and sub-Saharan Africa.

Through the annual Global Energy Security Conference, we aim to contribute to the same programme by bringing forward creative projects from different parts of the world aimed at supporting countries suffering from deficiencies in their energy security.

With partners from the corporate world, international organisations, NGOs, and research institutions participating, the programme is aiming to support the implementation of energy projects for populations with limited, to no access to multiple energy options.

The Conference provides platforms for these kinds of projects to be presented to government officials and to potential partners for their implementations.

The Conference

This conference is a gathering of Global stakeholders involved the global energy security to address these issues to have an insight into the various scenarios that transform the energy landscape of our world. The Conference will bring together some of the world’s most relevant thought leaders from business, government, international organisations, NGOs, media and civil society. During the two day Conference, participants will engage in sessions that will explore new and existing energy trends, challenges and creative solutions to address one the world’s most topical and challenging issues:

  • Threats to energy supply and routes of supply coming from many sources.
  • Policy areas for energy efficiency?
  • Investment in infrastructure required ensuring the global supply?
  • The impact of geopolitics in the Middle-East and North Africa, the future relations between Russia and European Union for gas exports.
  • What are alternative ways to respond to energy supply disruption? How efficient are they?
  • The economics of alternative sources of energy for different economies : renewable energy and nuclear energy.
  • Will energy producers disagreeing agendas and interests impact investments
  • Opportunities across the globe?
  • What is the effect of energy diplomacy, and what are its real motivations and long-term sustainability?
  • Assess the achievements of the global environment agenda so far, the promises of alternative and renewable energies and will study the critical issue of nuclear security.
  • Innovation solutions to tackle issues related energy access for the most vulnerable population of the world?

Objectives:

  • Develop policy recommendations based on multi-stakeholder consultations at a global level.
  • Provide a platform for sharing knowledge and expertise amongst experts from across the globe.
  • Provide a platform for presenting innovative projects from different part of the world to contribute to global energy security.
  • Boosting private public partnership in implementing new conceptual projects for the most vulnerable countries in terms of energy security.”

The conference’s programme can be dowloaded form here:http://www.gdforum.org/pdfs%20to%20download/Global%20Energy%20Security%20Conference%20Programme-%20January%202014.pdf

Energy and EU

Various countries have been over some time trying to harness tidal energy, but with little success until now. The biggest project until 2011 was the French “Usine Marémotrice de la France” inaugurated in 1966 by Charles De Gaulle and which never produced more than 240 megawatts at a uncompetitive cost. In August 2011 however the ROK inaugurated the slightly more powerful Sihwa Lake tidal power plant which produces 254 MW. Recently British companies have demonstrated pilot devices that are much smaller but more efficient.

There is controversy over the EU’s ocean energy action plan, which allegedly will put a lot of public money in the pockets of the likes of Alstom, EDF, E-on, DCNS and Scottish Development International. This type of controversy is often attached to EU-financed projects, such as the very costly Galileo satellite positioning system which has yet to become operational.

In the matter of energy the EU Commission is evolving towards nonbinding European regulations, in part because national policies are too divergent. This is a defeat for the various Green parties. The latter were also defeated in France which is putting again the emphasis on nuclear energy, which accounts for over 80 percent of electricity production, at the expense of renewable energy plans which are being shelved. Germany, after her decision to phase down its nuclear power plants, not being able to rely principally on renewable energy sources in the foreseeable future, is increasingly buying nuclear-produced energy from France (as Switzerland, a country that has bilateral agreements with the EU and is slowly moving towards membership). Barring major technological breakthroughs or a markedly improved economic outlook for Europe, widespread and economically sound renewable energy seems to be off the table for the time being.

It is likely however that European dependence on Russian gas will significantly decrease as a result of shale gas imports from the US but also local production in Poland and the UK. This is the reverse of what’s happening with nuclear energy, with Germany shunning it but buying nuclear-origin electricity from France: the latter has imposed a total ban on shale oil and gas exploration and exploitation on her territory, but as encouraged French companies like Suez to invest in shale gas exploitation in the US and Total in the UK, and will import that gas which should be significantly cheaper, in spite of sea transportation costs, than Russian gas until the latter will be lowered. Natural gas is a lesser pollutant than oil: in his state of the union speech two days ago, president Obama has announced incentives to switch from coal and oil to natural gas, although its automotive use will stay in lmy view limited.

Challenges in Finding Alternative Supplies – EU commissioner for Climate Action Connie Hedegaard in Brussels on Jan. 22.

With the European Union battling a crippling economic crisis, Europe’s high energy and electricity costs have become politically and financially untenable and have sapped support for costly, environmentally friendly policies in many member countries. Reflecting this situation, the European Commission in mid-January unveiled its new energy and environment strategy through 2030, which softened Brussels’ longstanding push for the development of renewable energy sources while maintaining binding targets for carbon emissions. However, the impact of this particular EU policy change will be limited, particularly compared with the broader trends that govern energy markets in Europe.

Early drafts of the policy cited statistics showing that average industrial electricity prices in the European Union are more than double those in the United States, while industrial natural gas prices reach up to four times that figure. However, they remain competitive compared to Taiwan, South Korea and Japan. The comparative advantage gap between Europe and the United States, its main industrial competitor in the developed world, has been steadily growing because the United States has benefited from a domestic energy production revival in the past few years, engendering relatively industry-friendly government policies that have kept costs for industrial energy consumers low.

Industry leaders in the European Union hoped that the target for greenhouse gas emission reductions would be tempered, but the commission kept the binding goal on the higher end, at 40 percent lower greenhouse gas emissions compared to 1990. Beyond renewables and emissions, the commission’s new non-binding policies on shale gas development essentially give carte blanche to its members to regulate this new industry as they see fit – a move the United Kingdom lobbied for heavily.

The largest change in the commission’s paper indicates that renewable energy targets for 2030 will not be binding on a nation-to-nation basis but on an EU-wide basis. This provision makes direct enforcement much more difficult by relying on a nebulous concept of “harmonization” for countries to move away from fossil fuel energy generation. The push for renewable energy has its roots in the years of financial security before the crisis, when the main threat in the energy sphere was Europe’s dependence on Russian imports and the popular demand for cleaner energy production. In less than 10 years, EU member states more than doubled the share of renewable energy in their total energy mix.

The picture began to shift dramatically after 2008. Europe’s leaders have been completely preoccupied by the economic crisis and its political and social consequences. Surprisingly, Germany has become the cautionary tale as its trailblazing emphasis on renewables has driven electricity prices up and placed an uncomfortably heavy subsidy burden on Europe’s largest economy, where the current subsidy scheme is estimated to cost businesses and consumers $32 billion per year. Barring major technological breakthroughs or a markedly improved economic outlook for Europe, widespread and economically sound renewable energy seems to be off the table for the time being.

The consequences of the commission’s policy shift, which will still need to be approved by EU members, should not be overstated. The fact that emission targets were not cut underscores that the majority of European countries will remain politically committed to relatively low emission levels. EU members will delay the implementation of renewables but will also continue to move away from high-polluting, coal-fired power plants — favoring the middle ground offered by natural gas and, to a lesser degree, clean coal technology for power generation, particularly because of the relatively low costs for both commodities.

The internal readjustment of self-inflicted high energy and electricity cost premiums due to renewable subsidies may help halt the European Union’s decline in competitive advantage, but it will be nowhere near enough to get the struggling European economy back on its feet. Europe’s longstanding high industrial electricity and energy costs are primarily driven by broader questions of imports sourcing and pricing – which will become the focus of European policy at the national and supranational level as the Continent’s leadership faces escalating political pressure due to Europe’s stagnating growth and high unemployment.

Within this context, Europe’s energy future will depend on the evolution of some key trends, domestic and international, which Stratfor has followed for several years. In this analysis, we will focus nearly exclusively on natural gas, given the global and relatively transparent nature of crude oil trading and the overwhelming importance of natural gas to Europe, since it accounts for well over a quarter of the total energy consumption on the Continent.

Indigenous reserves of conventional natural gas (and oil) are slated to continue declining in Europe, despite Norway’s limited but notable success in periodically finding replacement reserves. Much attention has been directed at Europe’s attempts to replicate the United States’ success in unconventional natural gas production. The European Commission report included a weak first attempt at an EU-wide strategy for shale development, a mostly irrelevant provision since the obstacles to unconventional natural gas production have mainly been unique to each country. We expect bureaucratic red tape and strong opposing interest groups (some rumored to be connected with Moscow) to continue delaying progress in Central Europe – as has clearly been the case so far in Poland and Romania. Concurrently, we are also extremely pessimistic on a reversal of social opposition to shale gas production in continental Western Europe -pressure that has not abated in either France or Germany.

The second developing trend to keep watching is the growing integration of European natural gas markets through EU-level policy and physical interconnection. A more integrated and clearly regulated pan-European market helps avoid major import price discrepancies between member states and, in the future, will give the bloc major negotiating leverage against Moscow when it comes to negotiating contracts with its largest consumer market — resulting in broadly lower average prices in the medium to long term. While Russia will attempt to diversify its customer base by expanding its energy exports to East Asia, existing field and infrastructure logistics will ensure that Moscow will remain deeply beholden to the European market.

A third dynamic that will have an influence on the energy sector in Europe will be the development of natural gas sources beyond Russia and Europe proper — a key imperative for policymakers who see the strategic danger of replacing declining indigenous production with more Russian imports to meet the expected stable demand.

Due to several factors – the low availability of investment capital in recession-stricken Europe, the strength of Russia’s competing South Stream pipeline project, Moscow’s strong leverage in Turkmenistan and the political risk still associated with Iran – we do not see a high-volume pipeline route from the natural gas-rich Eastern Caspian to Europe emerging in the next few decades. The only project that will materialize, the Trans-Adriatic Pipeline, will be limited in volume and geographic range.

We also do not expect North Africa to significantly ramp up natural gas exports to Europe in the medium to long term for two reasons. First, domestic consumption in North Africa is rising steadily, limiting the availability of natural gas for expanded exports. This trend is compounded by years of lagging production. While Algeria is moving toward a gradual opening of its significant conventional and unconventional natural gas reserves to foreign investors, the country is experiencing its own political transition and will proceed cautiously given how critical energy revenues are for managing the complex balance of power in Algiers. Egypt and Libya, the region’s other natural gas exporters, are likely to remain mired in political instability that will make production and export increases unlikely over the next decade.

Shipments of liquefied natural gas from around the world provide a coherent alternative for Europe in terms of supply stability and diversification, but it remains a toss-up price-wise. Buoyed by rapidly growing demand, the East Asian natural gas market is likely to continue commanding high prices in the short to medium term on the spot market, even as large Australian and North American projects come online in the second half of the decade, with East African projects joining the fray after 2020. In the medium to long term, the picture becomes more complicated as large volumes of liquefied natural gas will create more homogeneous (but not necessarily lower) prices for the commodity around the world.

Finally, another trend is the decline of nuclear power. Following the Fukushima Daiichi nuclear power plant disaster, a host of countries in continental Europe (with the notable exception of France) completely shut down their nuclear power programs. Despite a tepid resurgence, it remains unlikely that nuclear power will become a much more significant chunk of the European energy mix. The main barrier for large-scale development of nuclear energy in Europe, even outside of Germany, will continue to be the high upfront costs that are economically untenable when compared to relatively low fossil fuel costs.

Ultimately, the reality is that Europe will be hard-pressed to find cost-effective alternatives to natural gas from Russia, the world’s largest producer and the only consistent supplier of cost-competitive, high volumes of the commodity in the region. The European Union will place a greater emphasis on its collective bargaining and enforcement power to negotiate lower prices from Russia across the board for all of its members, and the development of liquefied natural gas import facilities will continue apace with the expectation that global liquefied natural gas prices will drop by the next decade. But as the economic crisis continues to blight Europe and the low energy price lobby grows stronger on the Continent, political leaders in Europe will focus on cost-effective solutions – even if they have to concede some of their current policies that make sense on a strategic level, in particular the construction of expensive diversification projects.

The European Union’s open, safe and secure cyberspace.

Without a doubt, cyber-security is the policy-issue of the hour. The cyber-attacks on Estonia in 2007; the discovery of Stuxnet, the industry-sabotaging super worm in 2010; many instances of cyberespionage, culminating in the Snowden revelations this year; and the growing sophistication of cybercriminals as clear by their impressive scams have all joined to give the impression that cyber-attacks are becoming more frequent, more organised, more costly, and altogether more dangerous. We are now at a point in world history where any political power with global aspirations needs to partake in the cyber-game. As a result, any security strategy needs to consider cyber-issues today. Any global power needs both these, internal cyber-resilience and external cyber-power. Whether EU is a global power or not we can debate. As I see it, a European strategy has to be developed on a lot more than a union of interests.

There are a variety of bodies working in the field of cyber-security, such as the European Network and Information Security Agency (ENISA), the European Public–Private Partnership for Resilience (EP3R), the Computer Emergency Response Team (CERT) for EU institutions, or the EU Cybercrime Centre within Europol. There are measures to ensure ‘Network and Information Security’ (NIS) to support Critical (Information) Infrastructure Protection (CIP or CIIP). Measures intended to combat cyber-attacks of all sorts, including large-scale ones, have a focus on cyber-crime activities. There is a potential focus on military aspects of cyber-security also. But are these approaches enough to make sure the necessary level of cyber-resilience in Europe?

The EU’s data protection watchdog

Chancellor Angela Merkel’s new grand coalition is in disagreement over the implementation in Germany of the EU’s Data Retention Directive, decided years ago in the wake of the terrorist attacks in London and Madrid. (EurActiv.de reports.)

The European Commission is coming under pressure to explain why it believes no suitable candidates have emerged to replace the European Data Protection Supervisor (EDPS) – the EU’s data protection watchdog – and his deputy, when the pair’s term of office expires on 16 January.

EU anti-terror law puts the German coalition to the test.

The European Data Protection Supervisor has been most ineffective, and this probably explains why the Commission is not in a hurry to appoint a new one. The fact of the matter is that in the field of intelligence EU institutionalized cooperation with the US is most limited. EU national intelligence services have each their own agreements, formalized or not, with US agencies and for the moment at least will keep it that way. If one considers that with the exception of a few areas where there is consensus, there is no EU foreign policy as such but national policies, how could there be a EU common security policy? The country that has by far the closest links with the US is the UK and they will want to keep it that way as they reap many benefits from it. If the UK has its own signals intelligence agency, GCHQ, arguably the best after the NSA, Germany hasn’t and the work is distributed with several agencies, essentially the BND and the BFV. Restricting the data that is communicated to the US could backfire.

Cooperation between US and French intelligence has greatly improved and this concerns also signals intelligence. Both the US and France recognize the need to cooperate in Africa and the Sahel in particular, as the US has the technical means (not only in signals intelligence, see surveillance drones, etc) and France a better knowledge of the situation on the ground. France’s military interventions benefit from US logistical support. This is a complete reversal of the situation as France was possibly the most reluctant among European countries to cooperation with the US.

Italy is no problem except that domestic policies tend to interfere as exemplified in the Sheikh Omar case which affected Italian intelligence. Cooperation with Spain is excellent, so is that with Scandinavian and East European countries. None of these want new restrictions on data exchanges with the US: the problem is rather in the European Parliament where grandstanding is for some MEPs a way of life.

EU’s CO2 drop

Indeed the EU aims at creating a single, competitive European market for electricity. Despite some drawbacks, nuclear provides secure, long-term, zero-emissions power. Thus, a number of countries continue to pursue new nuclear plants as part of their generating mix.

At present, most new construction is concentrated in China, Russia and India. China, which started work on two new reactors in September 2013, aims to have 40 gigawatts of nuclear capacity by 2020.

Global electricity demand increased 3.4% per year and is expected to continue growing at around 2.5% per year until 2030, in line with expected global GDP growth, population increases and industrialisation.

As demand grows, the fuel mix for power generation continues to diversify. Coal and gas still dominate, but oil’s share is gradually declining and the renewables share (including hydro) is increasing. Stock must be taken, however. For example, Britain is an island and electric power cannot be transported as such from outside the UK.

But there is competition, including price competition, like from foreign firms established in the UK, eg EDF of France, but they are not involved in nuclear power.

Even Germany seems to be having second thoughts about ditching nuclear power, and France won’t do it (and can’t afford it). Germany’s place in the past few years has been rather hypocritical: shunning nuclear power but importing nuclear-generated electric power from France. France, where the uptake of renewable energies is anything but massive. Plans to use more wind energy have been scaled down and tax relief for equiping houses with solar panels have been rescinded. Stealthily the Socialist government is preparing to rehabilitate older nuclear power plants (80 percent of France’s electricity consumption comes from nuclear plants, and they export some to Switzerland and Germany), in spite of the opposition of the Green party which is for the moment at least in government. Nuclear energy production of course has a very small carbon footprint. Hybrid power cars have modest sales because of their cost and electric cars are almost absent. Buses have been partly replaced in certain cities by hybrid ones and tramways have replaced part of the buses in other, but the effect on overall CO2 emissions is still modest.

Contrary to widespread belief, including at the EC, the massive uptake of renewable energies since 2005 has had a greater impact in the reduction of CO2 emissions than the economic slowdown. Meeting in Belgrade (24 October 2013), the energy ministers of the Energy Community, adopted a list of 35 energy projects of regional importance, mirroring a recent EU effort. It looks like shale gas companies will have to comply a new reglementations package from EC.

Other EU countries have already done so, such as the UK and France. The schemes are proving expensive and nopt so effective. It will be interesting to see what Germany does, with a new SPD vice-chancellor in charge of “energy transition”.

Ahead of the EU Climate Package to be announced on 22 Jan, the Commission has released during the Christmas break, an update on the trends to 2050 on energy, transport and green house gas emissions. It looks like Europe’s plan to curb down the GHG emissions will only reach half of the first targeted cut. Note though that the findings are based on a business as usual scenario.

The European Union’s support scheme, which has been in place since 2012, was once deemed too generous by the European Commission. In June 2013, the leftist government decided to hold off paying some of the subsidies for several years, a delay which applies to all producers.

The Romanian Wind Association complained to the Commission over the subsidy delays. Czech CEZ, which operates Europe’s largest land-based wind farm in Romania, complained that retroactively changing the rules conflicted with basic EU principles. It brought droves of foreign investors to Romania, particularly to wind energy, including Czech CEZ, Italy’s Enel or Energias de Portugal.

Elsewhere in the EU, Germany, Britain and Spain have also cut incentives for renewable energy.

Various countries have been over quite some time trying to harness tidal energy, but with little success until now. The biggest project until 2011 was the French “Usine Marémotrice de la France” inaugurated in 1966 by Charles De Gaulle and which never produced more than 240 megawatts at a uncompetitive cost. In August 2011 however the ROK inaugurated the slightly more powerful Sihwa Lake tidal power plant which produces 254 MW.

Recently British companies have demonstrated pilot devices that are much smaller but more efficient.

Romania will cut its support scheme for new wind, solar and small hydro renewable energy projects from January, a government decree said on 17th of December, to avoid overcompensating producers and curb price increases for industry and homes. The incentives give developers green certificates for each megawatt generated and force power suppliers and large users to buy them based on an annual quota set by the energy regulator. Green energy investors gain once by selling certificates and again when they sell their electricity. Under the new government bill, wind energy will get 1.5 certificates per megawatt until 2017 and 0.75 certificates onwards, from a previous 2 and 1 certificates, respectively. Support for solar projects was halved to three certificates per megawatt, while small hydro power plants will get 2.7 certificates per megawatt instead of 3.

There is controversy over the EU’s ocean energy action plan, which allegedly will put a lot of public money in the pockets of the likes of Alstom, EDF, E-on, DCNS and Scottish Development International. This type of controversy is often attached to EU-financed projects, such as the very costly Galileo satellite positioning system which has yet to become operational.

The Internet is under surveillance.

The Internet is under surveillance, that is a fact and no news.

“US confirms that it gathers online data overseas”, said Charlie Savage, Edward Wyatt and Peter Baker in The new York Times, a few days ago. “One of the primary issues of contention was whether consumers would be able to opt out of all tracking, or just not be served advertisements based on tracking. Some browsers, such as Apple’s Safari, automatically block a type of code known as “third-party cookies, which are often placed by companies that advertise on the site being visited. Other browsers such as Mozilla’s Firefox are also experimenting with that idea. But such settings won’t prevent users from receiving cookies directly from the primary sites they visit or services they use. Google assigns a unique PREF cookie anytime someone’s browser makes a connection to any of the company’s Web properties or services. This can occur when consumers directly use Google services such as Search or Maps, or when they visit Web sites that contain embedded “widgets” for the company’s social media platform Google Plus. That cookie contains a code that allows Google to uniquely track users to “personalize ads” and measure how they use other Google products. Given the widespread use of Google services and widgets, most Web users are likely to have a Google PREF cookie even if they’ve never visited a Google property directly. That PREF cookie is specifically mentioned in an internal NSA slide, which reference the NSA using Google PREFID, their shorthand for the unique numeric identifier contained within Google’s PREF cookie. Special Source Operations (SSO) is an NSA division that works with private companies to scoop up data as it flows over the Internet’s backbone and from technology companies’ own systems. The slide indicates that SSO was sharing information containing “logins, cookies, and Google PREFID” with another NSA division called Tailored Access Operations, which engages in offensive hacking operations. SSO also shares the information with the British intelligence agency GCHQ. “This shows a link between the sort of tracking that’s done by Web sites for analytics and advertising and NSA exploitation activities,” says Ed Felten, a computer scientist at Princeton University. “By allowing themselves to be tracked for analytic or advertising at least some users are making themselves more vulnerable to exploitation.”

It was quite obvious that NSA would use these tools which were, so to speak, already there, so this isn’t much of a revelation. As the article says, “the NSA’s use of cookies isn’t a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion.” Modern browsers have a “do not track” option that isn’t limited to the blocking of third-party cookies and location identification nowadays requires specific user consent. Lately most US websites and others ask your permission to use cookies. The normal, no paranoid user in a democratic country will be content with blocking third-party cookies. Rejecting site cookies and access to location (in particular in these times of ubiquitous wifi and mobile devices) makes user experience far more cumbersome. Isn’t it still too much advertising to one’s taste? Probably, but that’s the way many sites and services are financed which otherwise wouldn’t be free or wouldn’t exist at all.

Today, France’s 2014 National Defense Authorization Law Passed by Parliament. France’s lower house of parliament, the National Assembly, passed yesterday by 164 votes for to 146 votes against, the government’s 2014 National Defense Authorization Law. The Senate had already approved the bill. A major point of contention which accounts for the close vote which wasn’t entirely along party lines was article 13 of the bill which allows wiretapping (interception of voice and data communications through fixed or mobile lines including wifi, etc) at home and abroad on suspicions of terrorism or espionage without a judicial warrant but on the mere approval of a “qualified person” at the Interior ministry.

This goes far beyond what is allowed in the US, which did not stop president Hollande when he protested at NSA activities. The French in particular protested that NSA had been said by Edgar Snowden to collect metadata on billions of French phone calls, but it later emerged that this data had been handed over by French intelligence to NSA. Some members of the French Parliament are toying with the idea of applying for a review of the law by the French constitutional court.

Why we need a sound Do-Not–Track standard for privacy online

This really is privacy and data protection week! In Brussels there is the “Computers, Privacy & Data Protection” conference and the Commission is soon adopting its proposal for a reform of the European Data Protection legal framework.

First a bit of background: what is “do not track”, and why is it so important? You might be familiar with the EU’s e-Privacy directive. It was amended in 2009 and was to be implemented in national law by May last year. Some have termed it the “Cookie directive”. But in reality it goes beyond cookies, it’s a directive to protect us against all kinds of malware and spyware, to ensure the confidentiality of your electronic communications, and to outlaw automated unsolicited marketing phone calls and spam without the consent of the receiver. The part which relates to cookies – Article 5(3) – means that providers need to obtain your consent to place or access cookies or other information on your computer or smartphone unless it is strictly necessary for a service you have already asked for. So if you log in to a web service, the cookie that remembers that you are logged in is fine – and indeed this makes our lives a whole lot easier online. But a cookie that is used to build a profile of what you are doing online is less OK: it might mean that your web surfing over time (searches, web pages visited, the content viewed, etc.) is tracked, for example in order to match ads against your interests as determined from the profile. The use of such cookies requires your consent. Applying this in practice is not easy.

Not all Member States have yet transposed the e-Privacy directive into national laws, despite the May 2011 deadline to do so. And while some of the national authorities responsible for enforcing the rules have already provided guidance, others haven’t. So there are different interpretations, sometimes, or even confusion about what the rules mean and how to comply with them. How can we address this problem? The industry has set up a self-regulatory initiative on online behavioral advertising.

Enter do-not-track (DNT). A global DNT standard would describe the technical details of a “signal” that users can send, to providers, via their online equipment, including their web browser. The signal indicates their preferences regarding tracking. For example, if I wanted to help advertisers send me more relevant ads I would signal that being tracked is OK with me. On the other side the standard would also set out how providers need to react to the signal, i.e. make clear what DNT users will expect to happen. This would help businesses because they could read the signal and thus know whether they have the users’ consent or not. Current browser settings don’t allow for this – as they do not systematically communicate to the provider what the user has decided. That’s like just throwing junk mail in the bin – when what you should be doing is letting the sender know that you don’t want any more. But the important thing is that it makes it clear and simple for companies to comply with the law – and to send a straightforward signal to users that their company is compliant and trustworthy. Plus, it makes it easy for consumers to let providers know what they want – and take control over what gets known and recorded about them by others online. Even better, once the standard is out there, tool makers can dream up new ways to make the use of DNT yet more simple, easy and intuitive to understand, e.g. in a web browser or on your phone. There could also be new certification schemes that make it easier for companies to differentiate themselves and for users to deal with those that respect their privacy preferences.

Including video at:

http://ec.europa.eu/commission_2010-2014/kroes/en/node/170

It’s time to get serious about cyber-crime

What if a European country suddenly lost access to email, online media, government websites and home banking?  This isn’t the plot from a Hollywood film, but was the reality for the population of Estonia when their country was hit by a wave of cyber-attacks back in 2007.

An act of cyber-crime in one place could be quickly felt thousands of miles away.

Gaps still exist among European countries, in terms of planning and preparedness for acts of cyber-crime.  Only a small number of Member States have adopted national cyber-security strategies or carried out national cyber-incident exercises.  National capabilities, such as setting-up Computer Emergency Response Teams, are essential for Europe to be able to co-operate in the event of a serious incident, yet progress in building these capabilities is uneven. The European Commission is actively supporting Member States in this process, together with the European Network and Information Security Agency (ENISA).

It is now ten years since the Council of Europe Convention on Cybercrime was opened for signature in Budapest. It is still not ratified by all European countries.

See at:

http://ec.europa.eu/commission_2010-2014/kroes/en/blog/cybercrime

The clear role of public authorities in cloud computing

I’ve spoken a couple of times this week about cloud computing, so it’s a good time to blog about how the cloud is growing in importance in ICT strategy and spending. In fact, I think the Cloud is critical to Europe’s growth, and essential for making the best internet available to all. I explained this to a big audience (other speakers included Carl BildtAlec Ross, and Julius Genachowski of the US FCC) held by the Aspen Institute’s International Digital Economy Accords project.

Getting the cloud right will mean the Internet can continue to be a generator of innovation, growth and freedom. If we get it wrong our infrastructure will fail to meet our appetite for access to data and our fragile digital economy could be knocked about badly. First, the legal framework. This clearly has an international dimension and it concerns for example data protection and privacy, clear rules for the allocation of jurisdiction, responsibility and liability, and consumer protection. Everyone needs clear rights here. Second, technical and commercial fundamentals. More research and the EU playing a stronger role in the technical standardisation of Application Programming Interfaces (APIs) and data formats to enhance interoperability and competition between cloud providers and so on. International standardisation efforts will also have a huge impact on cloud computing; The EU can play a big role here – building on, for example, the SIENA initiativeThird, the market. Scaling up pilot projects and pushing the public sector to really make use of the potential of cloud computing as Vivek Kundra is doing in the US.

The next step will be online consultations launched in late April and a live consultative process culminating on 23 May in Brussels. The Internet has grown to be wonderful and useful because it has not suffered from undue regulation. But an internet without rules can also hold back users and investors if they lack confidence. Freedom of expression; the protection of privacy and personal data; net neutrality and the preservation of an open Internet; these and other issues are fundamentally public policy issues. Who will be liable if something goes wrong in the cloud and data is lost or compromised? Which rules and which jurisdiction will apply? These are not questions that “codes of conduct” on their own can answer in a satisfactory way.

See at:

http://ec.europa.eu/commission_2010-2014/kroes/en/comment/5333

Publications on CIP

Publications on CIP

In this section you will find a selection of 2012 and 2013 publications.

Publications can also be searched via the JRC’s Publications Repository and the EU Bookshop.

Monographs with JRC editorship (3):

Article contribution to a monograph (1):

  • Other Causes of Escalation
    Cozzani V, Krausmann E, Reniers G. Other Causes of Escalation. In: Cozzani V, Reniers G, editors. Domino Effects in the Process Industries – Modeling, Prevention and Managing. Oxford (UK): Elsevier; 2013. p. 154-174. JRC81882

Article contribution to a peer-reviewed periodical listed in the ISI Science Citation Index Expanded and/or Social Science Citation Index (10):

Article contribution to other peer-reviewed periodicals (1):

Article contribution to other periodicals (5):

Scientific and Policy Reports (18):

  • Critical Energy Infrastructure Protection – Assessment Results Communication
    Vamanu B, Masera M. Critical Energy Infrastructure Protection – Assessment Results Communication. EUR 25950. Luxembourg (Luxembourg): Publications Office of the European Union; 2012. JRC64054
  • Resilience analysis of systems of systems: a systemic approach
    Filippini R. Resilience analysis of systems of systems: a systemic approach. European Commission; 2012. JRC67527
  • RAPID-N: Rapid Natech Risk Assessment Tool – User Manual – Version 1.0
    Girgin S. RAPID-N: Rapid Natech Risk Assessment Tool – User Manual – Version 1.0. EUR 25164 EN. Luxembourg (Luxembourg): Publications Office of the European Union; 2012. JRC68247
  • Objective-driven exploration of cyber-security exercises
    Perez Garcia A, Siaterlis C. Objective-driven exploration of cyber-security exercises . Ispra (Italy): European Commission, Joint Research Centre; 2012. JRC68629
  • Financial critical infrastructure protection and Directive 2008/114/EC: an assessment on the sectoral criteria.
    Jonkeren O, Giannopoulos G. Financial critical infrastructure protection and Directive 2008/114/EC: an assessment on the sectoral criteria.. European Union; 2012. JRC70561
  • Cyber-physical test beds: A cost analysis of capital and operating expenditure
    Genge B, Siaterlis C. Cyber-physical test beds: A cost analysis of capital and operating expenditure. European Commission; 2012. JRC71479
  • Interdependencies and Resilience assessment methodology for CI
    Giannopoulos G, Filippini R. Interdependencies and Resilience assessment methodology for CI. European Commission; 2012. JRC75761
  • A Taxonomy for Incidents in Communication Systems
    Ferigato C, Gligorijevic S. A Taxonomy for Incidents in Communication Systems. EUR 25568 EN. Luxembourg (Luxembourg): Publications Office of the European Union; 2012. JRC76516
  • A novel approach for the real-time simulation of cyber-physical systems
    Genge B, Siaterlis C. A novel approach for the real-time simulation of cyber-physical systems. Ispra (Italy): European Commission, Joint Research Centre; 2012. JRC77710
  • JRC support to the 2nd Pan-European cyber-security exercise, CyberEurope 2012
    Benoist T, Siaterlis C, Perez Garcia A. JRC support to the 2nd Pan-European cyber-security exercise, CyberEurope 2012. Ispra (Italy): European Commission – Joint Research Centre – IPSC; 2012. JRC78214
  • Towards the combined use of distributed experimental resources for the study of the Power Grid and ICT systems interdependencies
    Genge B, Siaterlis C. Towards the combined use of distributed experimental resources for the study of the Power Grid and ICT systems interdependencies. Publications Office of the European Union; 2012. JRC78221
  • Public Alert – Effective Public Warning Communication and Dissemination
    Hohenadel M, Gligorijevic S. Public Alert – Effective Public Warning Communication and Dissemination. European Commission; 2012. JRC78250
  • Development of the Critical Infrastructure Risk and Resilience Platform: The CIR2
    Lana F, Giannopoulos G. Development of the Critical Infrastructure Risk and Resilience Platform: The CIR2. European Commission; 2012. JRC78271
  • Structural analysis of critical infrastructure networks
    Giannopoulos G, Azzini I. Structural analysis of critical infrastructure networks. European Commission; 2012. JRC78274
  • Alternative approaches for cyber-security exercises
    Siaterlis C, Benoist T, Karopoulos G, Perez-Garcia A. Alternative approaches for cyber-security exercises. Joint Research Centre; 2012. JRC78295
  • Overview of Disaster Risks that the EU faces: Internal assessment based on JRC databases
    Annunziato A, Vernaccini L, Thielen Del Pozo J, Salamon P, San-Miguel-Ayanz J, Camia A, Vogt J, Krausmann E, Wood M, Guagnini E, Giannopoulos G, Pursiainen C, Gattinesi P, authors De Groeve T, editor. Overview of Disaster Risks that the EU faces: Internal assessment based on JRC databases. EUR 25822. Luxembourg (Luxembourg): Publications Office of the European Union; 2013. JRC79415
  • The AMICI framework for the security study of cyber-physical systems
    Genge B, Siaterlis C. The AMICI framework for the security study of cyber-physical systems. Ispra (Italy): European Commission, JRC; 2013. JRC80704
  • Enhancing EXITO for simulation-driven training and exercises of human actors in Critical Infrastructures
    Genge B, Soupionis I, Siaterlis C. Enhancing EXITO for simulation-driven training and exercises of human actors in Critical Infrastructures. Ispra (Italy): Joint Research Centre; 2013. JRC85007

JRC Technical Reports (12):

  • Network and Information Security laboratory infrastructure requirements
    Siaterlis C, Perez Garcia A. Network and Information Security laboratory infrastructure requirements. Publications Office of the European Union; 2012. JRC68618
  • Memorandum on the results of the sixth Workshop on the Implementation and Application of the Directive 2008/114/EC
    Giannopoulos G, Schimmer M. Memorandum on the results of the sixth Workshop on the Implementation and Application of the Directive 2008/114/EC. EUR 25232 EN. Luxembourg (Luxembourg): Publications Office of the European Union; 2012. JRC68759
  • ASTRA Plus User Manual
    Matuzas V, Contini S. ASTRA Plus User Manual. EUR 25259 EN. Luxembourg (Luxembourg): Publications Office of the European Union; 2012. JRC69424
  • Summary Report of the ‘Core Functionalities’ phase of the ERNCIP Project
    Ward D, Kourti N. Summary Report of the `Core Functionalities` phase of the ERNCIP Project. Ispra (Italy): European Commission, Joint Research Centre; 2012. JRC69636
  • A model of distributed key generation for industrial control systems
    Kilin\C C G, Nai-Fovino I, Ferigato C, Koltuksuz A. A model of distributed key generation for industrial control systems. Ispra (Italy): European Commission, Joint Research Centre; 2012. JRC69663
  • Current Status of the ERNCIP Project Thematic Areas work – Annex 2
    Ward D, Kourti N. Current Status of the ERNCIP Project Thematic Areas work – Annex 2. European Commission; 2012. JRC70039
  • Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art
    Giannopoulos G, Filippini R, Schimmer M. Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art. EUR 25286 EN. Luxembourg (Luxembourg): Publications Office of the European Union; 2012. JRC70046
  • First report on ontologies, taxonomies and thesauri for critical infrastructures protection
    Ferigato C, Cantarella S, Owusu E. First report on ontologies, taxonomies and thesauri for critical infrastructures protection. European Commission; 2012. JRC70128
  • Technical guidelines for preparing and executing cyber-exercises using EXITO
    Perez Garcia A, Siaterlis C, Benoist T. Technical guidelines for preparing and executing cyber-exercises using EXITO. European Commission; 2012. JRC73562
  • Experimental capabilities of the Network and Information Security laboratory (NISlab) in 2012
    Siaterlis C, Genge B, Perez-Garcia A. Experimental capabilities of the Network and Information Security laboratory (NISlab) in 2012. Joint Research Centre; 2012. JRC76858
  • Initial report on CIP thesuarus – Description of a method and preliminary stages of its completion
    Cantarella S. Initial report on CIP thesuarus – Description of a method and preliminary stages of its completion. Ispra (Italy): European Commission, Joint Research Centre; 2012. JRC78143
  • Analysis of Pipeline Accidents Induced by Natural Hazards – Intermediate Report
    Girgin S, Krausmann E. Analysis of Pipeline Accidents Induced by Natural Hazards – Intermediate Report. Ispra (Italy): European Commission, Joint Research Centre; 2013. JRC83267

Article contribution to conference proceedings published in other periodicals (1):

  • Enabling the Experimental Exploration of Operating Procedures in Critical Infrastructures
    Siaterlis C, Genge B, Hohenadel M, Del Pra M. Enabling the Experimental Exploration of Operating Procedures in Critical Infrastructures. In: Sixth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection; 19 March 2012; Fort McNair (Washington (DC (USA). IFIP ADVANCES IN INFORMATION AND COMMUNICATION TECHNOLOGY 390; 2012. p. 217-233. JRC68329

Scientific paper presented at a conference and published in a book of conference proceedings (with editorship) (4):

 

European Commission – Institute for Energy and Transport

European Commission – Institute for Energy and Transport

The Energy Security Unit developed and maintains for the European Commission policy-making services a web-based tool for visualisation and analysis of critical gas and electricity infrastructures. The Smart Electricity Systems Action is responsible for the electricity part. The tool, consisting of map-based applications and advanced power/flow modelling software, is operational since January 2011 under restricted access conditions.

The tool allows the visualisation of single or cascading contingencies in several scenarios and use-cases. Customised dynamic representation of the failure effects is implemented, providing geographical, numerical and graphical information in an interactive environment. Selected users can consult outputs of different analyses, which are delivered either as predefined layers or as dynamic responses to queries, in order to evaluate critical conditions for the energy networks.

An added value of this tool is the visual representation of both gas and electricity systems in case of failure or disruption caused by various events. Extensive models have been built both for the electricity and the gas system, with the ambition to cover in the next future the whole European territory. This allows a global view at European level and paves the way for combining the gas and electricity models.

Through this tool, detailed nodal analyses have been performed to classify the criticality of the gas and electricity system’s components. Special attention is paid to transborder interconnections and to simulating events that are out of the range of normal operation. The tool also enables the user to test the performance of newly built infrastructures.

 

European Commission on PIC

European Commission on PIC

Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of the EU and the well-being of its citizens.

Reducing the vulnerabilities of critical infrastructure and increasing their resilience is one of the major objectives of the EU. An adequate level of protection must be ensured and the detrimental effects of disruptions on the society and citizens must be limited as far as possible.

The European Programme for Critical Infrastructure Protection (EPCIP)  sets the overall framework for activities aimed at improving the protection of critical infrastructure in Europe – across all EU States and in all relevant sectors of economic activity. The threats to which the programme aims to respond are not only confined to terrorism, but also include criminal activities, natural disasters and other causes of accidents. In short, it seeks to provide an all-hazards cross-sectoral approach. The EPCIP is supported by regular exchanges of information between EU States in the frame of the CIP Contact Points meetings.

A key pillar of this programme is the 2008 Directive on European Critical Infrastructures . It establishes a procedure for identifying and designating European Critical Infrastructures (ECI) and a common approach for assessing the need to improve their protection. The Directive has a sectoral scope, applying only to the energy and transport sectors.

The Directive also requires owners/operators of designated ECI to prepare Operator Security Plans (advanced business continuity plans) and nominate Security Liaison Officers (linking the owner/operator with the national authority responsible for critical infrastructure protection).

FUNDING:

The Commission has funded over 100 diverse projects under the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks programme (CIPS), during the 2007-2012 period. The programme is designed to protect citizens and critical infrastructures from terrorist attacks and other security incidents by fostering prevention and preparedness, namely by improving the protection of critical infrastructures and addressing crisis management. The key objective is to support CIP policy priorities by providing expert knowledge and a scientific basis for a better understanding of criticalities and interdependencies at all levels.

LINKING RESOURCES:

The Commission has developed a Critical Infrastructure Warning Information Network (CIWIN), providing an internet based multi-level system for exchanging critical infrastructure protection ideas, studies and good practices. The CIWIN portal, which has been up and running since mid-January 2013, also serves as a repository for CIP related information. This initiative seeks to raise awareness and contribute to the protection of critical infrastructure in Europe.

European Reference Network for Critical Infrastructure Protection (ERN-CIP) has also been created by the Commission to ‘foster the emergence of innovative, qualified, efficient and competitive security solutions, through networking of European experimental capabilities’. It aims to link together existing European laboratories and facilities, in order to carry out critical infrastructure-related security experiments and test new technology, such as detection equipment.

REVIEW:

Taking into account the developments since the adoption of the 2006 EPCIP Communication, an updated approach to the EU CIP policy has become necessary. Moreover, Article 11 of the Directive 2008/114/EC on the identification and designation of European Critical Infrastructures refers to a specific review process of the Directive. Therefore, a comprehensive review has been conducted in close cooperation with the Member States and stakeholders during 2012. The preliminary results of this review have been summarised in a Commission Staff Working Document pdf - 2 MB [2 MB] . Based on the results of this review and considering other elements of the current programme, the Commission adopted a 2013 Staff Working Document on a new approach to the European Programme for Critical Infrastructure Protection pdf - 128 KB [128 KB] . It sets out a revised and more practical implementation of activities under the three main work streams – prevention, preparedness and response. The new approach aims at building common tools and a common approach in the EU to critical infrastructure protection and resilience, taking better account of interdependencies.

 

EPCIP

There is an European Programme for Critical Infrastructure Protection (EPCIP).
It says that reducing the vulnerabilities of critical infrastructure and increasing their resilience is one of the major objectives of the EU. An adequate level of protection must be ensured and the detrimental effects of disruptions on the society and citizens must be limited as far as possible.
The European Programme for Critical Infrastructure Protection (EPCIP) sets the overall framework for activities for improving the protection of critical infrastructure in Europe – across all EU States and in all relevant sectors of economic activity. The threats to which the programme aims to respond are not only confined to terrorism, but also include criminal activities, natural disasters and other causes of accidents. In short, it seeks to offer an all-hazards cross-sectoral approach. The EPCIP is supported by regular exchanges of information between EU States in the frame of the ECIP Contact Points meetings.
A key pillar of this programme is the 2008 Directive on European Critical Infrastructures . It establishes a procedure for identifying and designating European Critical Infrastructures (ECI) and a common approach for assessing the need to improve their protection. The Directive has a sectoral scope, applying only to the energy and transport sectors.
The Directive also requires owners/operators of designated ECI to prepare Operator Security Plans (advanced business continuity plans) and nominate Security Liaison Officers (linking the owner/operator with the national authority responsible for critical infrastructure protection).
The Commission has funded over 100 diverse projects under the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks programme (CIPS), during the 2007-2012 period. The programme is designed to protect citizens and critical infrastructures from terrorist attacks and other security incidents by fostering prevention and preparedness, namely by improving the protection of critical infrastructures and addressing crisis management. The key objective is to support CIP policy priorities by providing expert knowledge and a scientific basis for a better understanding of criticality and interdependencies at all levels.
The Commission has developed a Critical Infrastructure Warning Information Network (CIWIN), providing an internet based multi-level system for exchanging critical infrastructure protection ideas, studies and good practices. The CIWIN portal, which has been up and running since mid-January 2013, also serves as a repository for CIP related information. This initiative seeks to raise awareness and contribute to the protection of critical infrastructure in Europe.
A European Reference Network for Critical Infrastructure Protection (ERN-CIP) has also been created by the Commission to ‘foster the emergence of innovative, qualified, efficient and competitive security solutions, through networking of European experimental capabilities’. It aims to link together existing European laboratories and facilities, in order to carry out critical infrastructure-related security experiments and test new technology, such as detection equipment. Taking into account the developments since the adoption of the 2006 EPCIP Communication, an updated approach to the EU CIP policy has become necessary. Moreover, Article 11 of the Directive 2008/114/EC on the identification and designation of European Critical Infrastructures refers to a specific review process of the Directive. A “comprehensive review” has been conducted in close cooperation with the Member States and stakeholders during 2012. The preliminary results of this review have been summarised in a Commission Staff Working Document. Based on the results of this review and considering other elements of the current programme, the Commission adopted a 2013 Staff Working Document on a new approach to the European Programme for Critical Infrastructure Protection It sets out a revised and more practical implementation of activities under the three main work streams – prevention, preparedness and response. The new approach aims at building common tools and a common approach in the EU to critical infrastructure protection and resilience, taking better account of interdependencies.

 

A comparative pre-study on CIP in the World

Lately, our life has become more and more dependent from a number of infrastructure assets, from physical assets – such as roads and electricity networks – to network systems –  financial or internet. We are developing many activities taking into account the advantages generated by the existence of these infrastructures: the trust in critical infrastructures allows us to take action in a way more economical and more efficient. This means that the disruption of some infrastructure can substantially damage our economy and can conduct to natural disasters and human life loss.

Critical Infrastructures (CI), such as telecommunications, power supply and transport, fulfill essential functions in a modern state. If any failure occurs in these vital services or if essential elements of infrastructure should break down, the impact could spread to other sectors as well, because of their interdependencies. In today’s networked world, it is possible for serious damage to extend beyond national frontiers and harm other states as well. Infrastructures’ protection has, therefore, become a global challenge that needs to be addressed. Today no state can close its eyes to the need for continual review and improvement of infrastructures’ protection. However, the definitions of critical infrastructures in different countries are as diverse as the concepts of the infrastructure’s protection are, because it may be possible to find some common structural elements between countries: the measures taken so far, the functions performed by the responsible organizations and the degree of protection achieved.

There are 2 universal statements that can be made about the protection of critical infrastructures all over the world: it is simply not possible to achieve 100% security of critical infrastructures in any country and there is no single idea way of tackling the problem. But although in every country the approaches adopted are heterogeneous, nevertheless three main categories can be identified.

The first of these is Critical Information Infrastructure Protection (CIP) approach. Content-wise, this refers exclusively to the security and protection of the IT connections and IT solutions within and between the individual infrastructure sectors. Protection of the physical components is ensured in a separate organizational framework. Functions and competencies relating to critical infrastructures’ protection (CIP) are divided between different state bodies. Moreover, an attempt is made to integrate the private sector at all levels of CIP.

The second approach entails both the protection of critical IT infrastructures and the physical protection of critical infrastructures. Physical protection is part of the national civil defense model and the central co-ordination and strategy organs are simultaneously centers of competence in IT security, civil defense and disaster control. There is no clear separation between the individual components. This approach is recently called the All Hazards approach.

Both approaches attempt to integrate both state and private players into the national organizational model, but co-operation between the public and private sectors, at the strategic planning level, is often totally absent or else only of a rudimentary nature.

The third approach is a special case, as the only instance of this is the Chinese model. Here there is no co-operation between the public and private sectors. The model serves less to protect the national critical infrastructures than to keep the system of government and the organs that represent the interests of the state.

One of the yardsticks against which one can test the approaches of different countries is the question of whether a national, compelling strategy for critical infrastructure protection exists or not. At this point I would say that it exists only in the US’s and is totally absent in all other countries.

In this context, I refer to the absence of clear definitions about what needs to be achieved in national critical infrastructure protection. Functions and competencies are seldom clearly delineated and localized. The fact that most countries are not carrying out any independent, national threat analysis is viewed as another shortcoming. In the American perception of the threat, a definition is adopted without change and other authors attribute to the US a pioneering role in almost every area of CIP. All the other states are in fact trying to match their approaches to those of the USA, without adequately taking country-specific differences into consideration. Often in these countries the only analysis undertaken is of dependencies and interdependencies; asset analysis programmes are otherwise confined solely to the public sector.

The inclusion of the private sector is imperative. I EU, approx. 90% of the national critical infrastructures are actually in the hands of private sector. Moreover, the companies in the private sector are best placed to assess what systems and subsystems within their own business or sector need special protection. There is a need of greater co-operation due to the importance of strategic controlling, i.e. the merging together of the elements involved in critical infrastructure protection. Countries that have adopted the All Hazards approach are viewed as being particular week as regards to the co-operation with the private sector.

Another aspect relevant to consideration of private sector is the degree of the organization and co-operation. Whereas, in the USA, this is relatively well established, thanks to the information Sharing Analysis Centers (ISACs), such organizational forms are almost absent in other countries or, they are copied with minimal tailoring to country-specific circumstances. However, specialists underline to the difficulties of the establishment and efficiency of ISACs.

The fundamental questions on the division of competencies and functions and of information, co-operation and reporting procedures have not been yet adequately clarified. Particularly in countries that have adopted this CIP approach, overlaps are often found along with inadequate delineation of areas of responsibility.

The transparency of the national system for the protection of a state’s own critical infrastructure is viewed as vitally. It is essential to the attainment of adequate critical infrastructures’ protection that proper awareness of the problem is created at all levels of the industry, state and society. When it comes to information campaigns, the USA and the Netherlands are the clear leaders. In countries that have adopted the All Hazards approach, the most significant shortcomings result from the prominent role played by the national ministry of defense. Every country is only at an elementary stage as regards to the protection of their critical infrastructures; there is a massive need for action here. It is especially important that national critical infrastructures’ protection should not be confined to the public sector and it should not stop at the national frontiers either. International co-operation to date has been of only a rudimentary nature and must be stepped up as a matter of urgency.

The US has made a lot of progress, relatively speaking, as regards to a strategic architecture for critical infrastructures and their protection. Access to resources has been almost unfettered since 11 September, and many organizations in the US are concerned with critical infrastructures. In the meantime, the aim of achieving all-embracing critical infrastructure protection has been set aside.

The Department of Homeland Security (DHS) is bow coordinating all the US government’s critical infrastructure protection initiatives at governmental level and has incorporated a number of governmental agencies. This should help to unify responsibilities in the US in the CIP area and thus avoid situation where similar programmes are initiated by more than one agency. Co-operation with the private sector is working, and the idea of creating ISACs originated in the US. The American system can now be described as transparent.

I the UK, until the end of the 1990s, the critical infrastructures protection was not a concern at the highest level. In the last few years functions and competencies on the protection of national critical infrastructure have been transferred to existing organisations; there is no strategic overall concept. The critical organs are the National Infrastructure Security coordination Centre (NISCC) on the state side and the Information Assurance Advisory Council (IAAC), a public-private forum. Parallels with the USA must not be overlooked. The question of greatest responsibility has not been yet clarified in the UK. Moreover, neither in the public nor in the private sector is there any programme for examining the criticality of each system. Bringing together those with responsibilities for CIP (CESG, MI5, the police, the Ministry of Defense) in the NISCC’s management board means that an organ exists for the exchange of information which can then be merged into national overall picture by NISCC. Since the establishment of The Government Liaison Panel in 2001, the private sector has been integrated into the national structure. Nevertheless, most programmes are still geared up towards the public sector. The British model can only be viewed as transparent up to a point. There is a total absence of any virtual information campaigns.

The protection of critical infrastructures comes under Information Operations within NATO and since 1997 it has been the responsibility of a working party whose members are military staff. With a view to the security of the CTI infrastructures of NATO, the NATO Consultation, Command and Control Agency (NC3A) has published important studies on its work in the field of security. These studies are concerned with encryption technologies and PKI concepts, firewalls and the flagging of penetration.

Building on the goals and requirements of the eEurope Action Plan 2002, the European Council of Barcelona asked the Commission to develop a further action plan that would improve the security of ICT infrastructures and push forward services such as e-government, e-learning, e-business and e-health. With a view to ensuring a secure information structure, the EU has already introduced a wide-ranging strategy that is based on eEurope 2002, notifications about the security of IT networks, computer criminality and present and future directives on the protection of the personal sphere in the area of electronic communication.

I Russia, as yet there is no real competent central coordination mechanism in place for the area of national critical infrastructures. In addition to the Russian Security Council, two other government agencies are concerned with the subject of IT security: the Federal Security Service (FSB) and the Federal Agency for Government Communications and Intelligence (FAPSI). In the private sector, a few initiatives have taken place but these are not very effective.

The Chinese approach is involved in the protection of critical infrastructures  and it should be viewed as trying to reconcile the internal security endeavors of the state with the necessity of economic modernization, with regard to information technology. The Chinese regime views the country’s CI assets more in terms of being threatened from outside.

The action Plan on Building Infrastructures to Counter Hackers and Other Cyber-Threats, published in January 2000, constituted the foundation stone for the coordinated protection of critical infrastructures in Japan. As a central document, the Special Plan on Fighting Cyber terrorism against CI defines the Japanese approach to the protection of CI. The central coordinating point for critical infrastructure protection in Japan is the Cabinet Secretariat.

In Germany, the critical infrastructures protection working party are the Federal Ministries. The system was set up by the time of the report of the American President’s Commission for CIP (PCCIP) in 1997, under the leadership of the Federal Ministry of the Interior (BMI). Since then the protection of CI has gained in importance. Various campaigns, such as security on the Internet and the setting up of special commissions are intended to increase awareness of the protection of critical infrastructures. The Federal Office for Information Security has a coordinating function here, as well as making available suitable security technologies and solutions.

The CERTs are playing an increasingly important role in the protection of critical infrastructure as a result of their preventive measures against IT security vulnerabilities and the capability of responding to threats to outsiders. Since the spring of 2010, the United States and Russia, followed by other six countries, have attempted to negotiate a treaty on Internet security and the restriction of the military use of the Internet.

Any concept of cyber security must include the protection of vital infrastructure(electricity, gas, fuel, transport, telecommunications, emergency networks, etc.),which depend almost entirely on control and communication systems. A cyber weapon can be designed or used anywhere, by anyone, with or without a motive, such as a hacker, political or religious extremist, terrorist, discontented ex-employee, competitor, conflict state, ‘madman’,etc. A cyber weapon leaves very little time for anticipation, prevention, detection or reaction due to the electronic speed of action conferred by its vectors, namely the IT architectures and data transmission networks.

The fragility of energy infrastructures and the possibility of cascading failures due to such problems with control systems hardware or software, is another concern. Most developed countries depend upon three distinct grids to distribute energy from where it is generated to where it is consumed: the electric grid, a natural gas pipeline network, and a network of pipelines for distribution of petroleum and petroleum products. The flow of materials through these grids or networks is controlled via generators, switches, valves, compressors, oxidizing stations, and pumps that utilize various types of SCADA devices and software. Because most companies use the same computers and networks to control internal operations and for contacting with the outside world, the control systems are vulnerable to any intruder who can penetrate a company’s firewall (or to unintentional intrusions). In addition, many systems have multiple wireless points of access that an intruder can exploit. Insider and third-party engineer access is also always a concern.

 

Cyber-Defence an Risk Analysis terms

The risk analysis process is operated with a variety of terms such as threat, impact, risk, vulnerability, environmental risk, security risk, etc.

The threat is the possibility of accidental or deliberate compromising of the security of an ICS, the loss of C&I&D electronically or by affecting the functions that give authenticity and non-repudiation of information.

Identifying threats means developing an inventory, if possible, of all hazard provided. It is very important not to be overlooked any threats, so it is important to use checklists exhaustive.

The risk analysis is an assessment of the risks that can affect an entity.

The security risk is the likelihood that an inherent vulnerability of a system or communication to be exploited for various forms of threats, leading to system compromise.

Vulnerability means a weakness in the design and implementation of security communications systems or security measures which could be exploited accidentally or intentionally by a threat to the system.

Effect security risk represents the compromising of security goals as: loss of privacy (unauthorized user access to information), loss of integrity (information has been the subject of unauthorized modifications and / or removal ), or loss of availability (information becomes partially or completely unavailable to authorized users the system). First step in risk assessment is to find the resources that need to be protected and their evaluation in terms of importance and value. The identification methods are the most varied, from typical risk checklists and ending with brainstorming. For the resources identified risk exposure can be calculated simply as the product of chance and risk impact. The impact can be expressed in cost or in accordance with a scale of importance.

Exposure = Probability x Impact

Expression impact costs (money) is useful when planning proactive security measures, but not enough for a decision to invest in security measures amounts greater than the impact associated with the resource .

After identifying and prioritizing risks based on exposure there needs to be made ​​security plans. These include proactive measures for reducing exposure to risks. In some cases, however, cannot be implemented proactive measures or the costs of implementing such measures exceed the impact. In this cases, plans are made reactive, measures are aimed at reducing the impact of the risk of surprise. The avoidance in information will be one of the dominant trends of the coming years. Information is mastering real powerful means.

Although cyber war started long ago, disastrous effects not yet appeared. Limiting their further minor losses can be achieved only by maintaining a proactive attitude, oriented to the development of defensive measures at the same intensity as that of the developing methods of attack.

“US should embrace its energy superpower status”

Have you read “US should embrace its energy superpower status”, by Mark J. Perry of the Investor’s Business Daily.

“Once considered a source of vulnerability to America’s superpower status, oil and gas production has now become the very foundation of the country’s economic strength. This remarkable transformation was not the product of smart government policy and foresight, but rather the determination and ingenuity of risk-takers like the legendary Texas oilman George Mitchell, who first cracked the shale gas code, and “petro-entrepreneur” Harold Hamm, who jump-started oil production from the Bakken shale in North Dakota. This surge in oil and natural gas production was an unexpected economic gift when the country, in the midst of the Great Recession, needed it most. Washington can’t claim credit for the shale boom, but does have the opportunity to craft policies that will make the most of it.”

How the Protection of Critical Infrastructures differ

American utility companies are responsible for running approximately 5,800 power plants and about 450,000 high-voltage transmission lines, controlled by various devices which have been put into place over the past decades. Some of the utility companies which oversee the power grid reportedly use “antique computer protocols” which are “probably” safe from cyber hackers,” The New York Times reported.

The Times said experts call the power grid the nation’s “glass jaw.” Even the military gets 99 percent of its power the same way everyday citizens get it – from commercially run companies.

“If an adversary lands a knockout blow, [experts] fear, it could black out vast areas of the continent for weeks; interrupt supplies of water, gasoline, diesel fuel and fresh food; shut down communications; and create disruptions of a scale that was only hinted at by Hurricane Sandy and the attacks of Sept. 11,” The Times said.

Former Federal Energy Regulatory Commission chairman Curt Hebert stated that if the nation fails at electricity, “we’re going to fail miserably” at everything else. Hebert also noted that during prior power grid drills, the scenario assumed the system would be up and running again relatively quickly after an attack. This drill will assume it’s out much longer.

If the power grid fails, a lack of electricity and food delivery are only the first wave of troubles facing the American people. Police could face major problems with civil unrest. Of course, there also would not be any electric heating or cooling, which easily could lead to many deaths depending on the season.

A 2012 report by the National Academy of Science said terrorists could cripple the nation by damaging or destroying hard-to-replace components, some of which aren’t even made in the United States.

“Of particular concern are giant custom-built transformers that increase the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers,” The Times said in a summary of the report. “… Replacing them can take many months.”

Said Clark W. Gellings, a researcher at the Electric Power Research Institute, “I don’t think we pay quite enough attention to the technology fixes that would allow us to make the power system more resilient.”

For the first time in history the U.S. has now a military command with homeland security tasks, the Northern Command (USNORTHCOM), wich was established on Oct. 1, 2002 to provide command and control of Department of Defense (DOD) homeland defense efforts and to coordinate defense support of civil authorities.

USNORTHCOM’s AOR includes air, land and sea approaches and encompasses the continental United States, Alaska, Canada, Mexico and the surrounding water out to approximately 500 nautical miles. It also includes the Gulf of Mexico, the Straits of Florida, portions of the Caribbean region to include The Bahamas, Puerto Rico, and the U.S. Virgin Islands. The commander of USNORTHCOM is responsible for theater security cooperation with Canada, Mexico, and The Bahamas.

“USNORTHCOM consolidates under a single unified command existing missions that were previously executed by other DOD organizations. This provides unity of command, which is critical to mission accomplishment.

“USNORTHCOM plans, organizes and executes homeland defense and civil support missions, but has few permanently assigned forces. The command is assigned forces whenever necessary to execute missions, as ordered by the president or secretary of defense.
“The commander of USNORTHCOM also commands the North American Aerospace Defense Command (NORAD), a bi-national command responsible for aerospace warning, aerospace control, and maritime warning for Canada, Alaska and the continental United States.

“USNORTHCOM’s civil support mission includes domestic disaster relief operations that occur during fires, hurricanes, floods and earthquakes. Support also includes counter-drug operations and managing the consequences of a terrorist event employing a weapon of mass destruction. The command provides assistance to a Primary Agency when tasked by DOD. Per the Posse Comitatus Act, military forces can provide civil support, but cannot become directly involved in law enforcement.

“In providing civil support, USNORTHCOM generally operates through established Joint Task Forces subordinate to the command. An emergency must exceed the capabilities of local, state and federal agencies before USNORTHCOM becomes involved. In most cases, support will be limited, localized and specific. When the scope of the disaster is reduced to the point that the Primary Agency can again assume full control and management without military assistance, USNORTHCOM will exit, leaving the on-scene experts to finish the job.”

Most but not all EU member states are in NATO, while some non-EU European countries are. But as far as I know NATO has only very modest critical infrastructure protection responsibilities.

European critical infrastructure is often shared, for instance as regards electrical power. France is selling electricty to Germany but also to non-EU Switzerland. This goes through power lines. The shutting down of a French nuclear plant for whatever reason (France gets 80 percent of her electricity from nuclear power, a world record) may result in power cutoff in Germany, for instance. The French state electricity company EDF operates electrical power plants in other countries such as the UK. All this requires that critical infrastructure protection is largely an pan-European task.

EU vs. USA on CIP

The US is not part of an economic and political union as EU member states are (NAFTA is what it name says: a free trade area). But the US does not rely solely on its own capabilities including in the protection of critical infrastructure. For instance the US electrical power grid is shared with Canada, which participates in its protection.

A difference between aspects of the US and EU critical infrastructure is that in Europe it is most often state-owned, which makes the state even more responsible for its protection.

If one takes electric power, probbaly the most critical civilian infrastructure, the US model is based on private, regional utilities. There are 3,200 utilities that make up the U.S. electrical grid, the largest machine in the world. These power companies sell $400 billion worth of electricity a year, mostly derived from burning fossil fuels in centralized stations and distributed over 2.7 million miles of power lines. Regulators set rates; utilities get guaranteed returns; investors get sure-thing dividends. It’s a model that hasn’t changed much since Thomas Edison invented the light bulb. And some believe it is doomed to obsolescence. Homeland security must coordinate with those private utilities to protect the infrastructure from various potential types of attack, from 9/11-type ones to cyberattacks.

An electrical grid joint drill simulation is being planned in the United States, Canada and Mexico. Thousands of utility workers, FBI agents, anti-terrorism experts, governmental agencies, and more than 150 private businesses are involved in the November 2013 power grid drill. One aspect it focuses on is an EMP (electromagnetic pulse attack), however unlikely it may seem now.

The downed power grid simulation will reportedly focus on both physical and cyber attacks. The antiquated electrical system in the United States has been one of the most neglected pieces of integral infrastructure.

The EMP Commission, created by Congress, released a report in 2008 calling for increased planning and testing, and a stockpiling of needed repair items.

The SHIELD Act, which is stalled in Congress, is the first serious piece of legislation in many years to attempt to address the vulnerabilities of the power grid in. As previously reported by Off The Grid News, a recent American Society of Civil Engineers (ASCE) report gave the power grid a “D+” when grading various pieces of infrastructure and public services in the United States.

The disaster drill is being described as a crisis practice unlike anything the real power grid has ever experienced. The GridEX II drill Nov. 13-14 focused primarily on how governments will react if the electrical grid fails and, for instance, the food supply chain collapses.

Legislaţie europeană (si altele) pentru PIC

  1. Decizia Cadru [COM 2001] nr. 521 final din 15.09.2001 a Consiliului Europei privind definirea terorismului, Bruxel, Belgia, 2001.
  2. Hotărârea comună a Consiliului Europei nr. 2001/792/EC EURATOM privind „Sistemul comun de comunicaţii şi informare de urgenţă“, Bruxel, Belgia, 2001.
  3. Hotărârea Consiliului Europei 2001/722/EEC din 23 octombrie 2001 privind stabilirea unui Mecanism Comunitar care să faciliteze întărirea cooperării în cadrul intervenţiilor de asistenţă de protecţie civilă, Bruxel, Belgia, 2001.
  4. Hotărârea Consiliului Europei 2001/792/EEC din 28 februarie 2002 privind reîntărirea cooperării în domeniul antrenării în protecţia civilă, Bruxel, Belgia, 2002.
  5. Informare a Comisiei Europene către Consiliul Europei şi Parlamentul European COM (2004)702 final privind protecţia infrastructurii critice în lupta împotriva terorismului, Bruxel, Belgia, 2004.
  6. Înţelegerile Uniunii Europene din 01.12.2005 privind coordonarea crizelor şi urgenţelor, Bruxel, Belgia, 2005.
  7. Green Paper on a European Programme for Critical Infrastructure Protection, COM (2005) 576 final.
  8. Programul european COM (2006)786 final privind protecţia infrastructurii critice a Comunităţii Europene, Bruxel/The European Program for Critical Infrastructure Protection, COM (2006)786 final.
  9. „Protecting Critical Infrastructures – Risk and Crisis Management“ – A guide for companies and government authorities, Federal Ministry of Interior, Germany, 2007.
  10. EU Energy Policy Data, Brussels, 10.01.2007.
  11. Ghidul pentru Programul european privind protecţia infrastructurii critice al Comunităţii Europene, Bruxel, Belgia, 2007.
  12. Rezoluţie legislativă a Parlamentului European P6_TA(2007)0325 privind Identificarea, Clasarea şi Protectia Infrastructurilor Critice Europene, Bruxel, Belgia, 10.07.2007.
  13. European Commission: Principles of multi risk assessment – Interaction amongst natural and man induced risks, FP6 SSA project, Contract 511264.
  14. Directiva 2008/114/CE a Consiliului din 8 decembrie 2008 privind identificarea şi desemnarea infrastructurilor critice europene şi evaluarea necesităţii de îmbunătăţire a protecţiei acestora.
  15. European Commission: Critical Analysis if the current practices and methodologies in Risk Assessment including Hazard Identification and Risk Mapping used in a representative sample of Member States, ENV.A.3/ETU/2009/007r.
  16. „Protecting Critical Infrastructure in the EU“/CEPS Task Force Report, Centre for European Policy Studies, Brussels, 2010.
  17. IRASMOS: Integral Risk management of rapid of extremely rapid mass movements, D52, Technical report, FP 7 project.
  18. ISO 31010: Risk management – Risk assessment techniques.
  19. ISO Guide 73: Risk management – Vocabulary.
  20. JRC IPSC: Risk Mapping in the New Member States – A summary of general practices for mapping hazards, Vulnerability and Risk.
  21. Non‑Paper by France, Germany, Netherlands, Portugal, Slovenia, Spain and the United Kingdom: National Risk Assessment.
  22. SCENARIO: Inside Risk: A Strategy For Sustainable Risk Mitigation, Editors: Claudio Margottini and Scira Menoni, September 2010, FP 6 project.

Legislaţia naţională pentru Protecția Infrastructurilor Critice (PIC)

  1. Legea nr. 51/1991 privind siguranţa naţională a României.
  2. Strategia de securitate naţională din 1991 – „Concepţia privind securitatea naţională a României“ – şi cea din 1994 intitulată „Concepţia integrată privind securitatea naţională a României“.
  3. H.G. nr. 1088 din 09.11.2000 – Regulamentului de apărare împotriva incendiilor în masă.
  4. Legea nr. 415 / 27 iunie 2002 privind organizarea şi funcţionarea Consiliului Suprem de Apărare a Ţării.
  5. Legea nr. 182 din 12 aprilie 2002 privind protecţia informaţiilor clasificate.
  6. H.G. nr. 585 din 13 iunie 2002 pentru aprobarea Standardelor naţionale de protective a informaţiilor clasificate în România.
  7. Constituţia României, 1991, modificată şi completată prin Legea de revizuire a Constituţiei României nr. 429 / 2003, în Monitorul Oficial al României, 29 octombrie 2003.
  8. Strategia de valorificare a surselor regenerabile de energie, H.G. nr. 1535/ 2003.
  9.  Legea nr. 333 din 22 iulie 2003, privind paza obiectivelor, bunurilor valorilor şi protecţia persoanelor.
  10. Legea nr. 484 din 18 noiembrie 2003 privind aprobarea OUG 80/2003 şi a Codului internaţional pentru securitatea navelor şi facilitaţilor portuare (Codul ISPS).
  11. Legea nr. 535/25 noiembrie 2004 privind prevenirea şi combaterea terorismului
  12. Ordinul Ministrului Economiei nr. 660/2004 – Ghidului de identificarea elementelor de infrastructura critică din economie.
  13. Ordonanţa de urgenţă a Guvernului nr. 21 din 15.04.2004 privind Sistemul Naţional de Management al Situaţiilor de Urgenţă.
  14. H.G. nr. 1491 din 09.09.2004 – Regulamentului cadru privind structura organizatorică, atribuţiile, funcţionarea şi dotarea comitetelor şi centrelor operative pentru situaţii de urgenţă.
  15. H.G. nr. 2288 din 09.12.2004 – Aprobarea repartizării principalelor funcţii de sprijin pe care le asigură ministerele, celelalte autorităţi publice centrale şi organizaţiile neguvernamentale privind prevenirea şi gestionarea situaţiilor de urgenţă.
  16. Legea nr. 481 din 08.11.2004 privind protecţia civilă.
  17. H.G. nr. 1854/2005 pentru aprobarea Strategiei naţionale de management al riscului la inundaţii.
  18. Codul Aerian al României, consolidat cu Legea nr. 399/2005.
  19. H.G. nr. 547 din 09.06.2005Strategiei naţionale de protecţie civilă.
  20. H.G. nr. 642 din 29.06.2005 – Criteriile de clasificare a unităţilor administrativ‑teritoriale, instituţiilor publice şi operatorilor economici din punct de vedere al protecţiei civile, în funcţie de tipurile de riscuri specifice.
  21. H.G. nr. 1222 din 13.10.2005 – Principiile evacuării în situaţii de conflict armat.
  22. Ordinul nr. 660 din noiembrie 2005 al ministrului economiei şi comerţului privind aprobarea Ghidului de identificare a elementelor de infrastructură critică în economie.
  23. Planul Naţional de Dezvoltare 2007‑2013, 2005.
  24. Strategia post‑aderare 2007‑2013, 2006.
  25. Legea nr. 319/2006 a securităţii şi sănătăţii în muncă.
  26. Legea nr. 307 din 12.07.2006 privind apărarea împotriva incendiilor.
  27. Legea nr. 212/24 mai 2006 privind modificarea şi completarea Legii nr. 481/2004 privind protecţia civilă.
  28. H.G. nr. 1489 din 09.09.2004 – Organizarea şi funcţionarea Comitetului Naţional pentru Situaţii de Urgenţă, modificată şi completată prin H.G. nr. 386 din 22.03.2006
  29. H.G. nr. 1040 din 09.08.2006 – Planului naţional de asigurare cu resurse umane, materiale şi financiare pentru gestionarea situaţiilor de urgenţă.
  30. Ordinul Ministrului Economiei nr. 671/2006: privind înfiinţarea „Grupului de Lucru pentru Protecția Infrastructurii Critice din domeniul Energiei Electrice“.
  31. Ordin MAI nr. 1474/12 octombrie 2006 privind Regulamentul de planificare, organizare, pregătire şi desfăşurare a activităţii de prevenire a situaţiilor de urgenţă.
  32. Cadrul Strategic Naţional de Referinţă 2007‑2013.
  33. Strategia de Securitate Naţională a României2007.
  34. Strategia energetică a României pentru perioada 2007‑2020, Monitorul Oficial al României, partea I, nr. 781/19.XI.2007.
  35. Ordinului nr. 290/31.05.2007 al Ministrului Transporturilor, pentru introducerea măsurilor de consolidarea securităţii portuare în fața ameninţării atentatelor la adresa securităţii.
  36. H.G. nr. 537 din 06.06.2007 – Contravenţiilor la normele de apărare împotriva incendiilor.
  37. H.G. nr. 969 din 22 august 2007 – Organizarea, desfăşurarea şi conducerea pregătirii pentru apărare a persoanelor cu atribuţii de conducere în domeniul administraţiei publice, la nivel central şi local.
  38. Ordin MAI nr. 483 din 19 mai 2008 privind organizarea şi desfăşurarea programelor de pregătire a specialiştilor compartimentelor pentru prevenire din serviciile voluntare pentru situaţii de urgenţă.
  39. H.G. nr. 762/2008 pentru aprobarea Strategiei naţionale de prevenire a situaţiilor de urgenţă.
  40. Strategia naţională de comunicare şi informare publică pentru situaţii de urgenţă – H.G. nr. 548 din 06.06.2008.
  41. Carta Albă a Guvernului. Armata României 2010: reformă şi integrare euro‑atlantică.
  42. H.G. nr. 1.110 din 3 noiembrie 2010 privind componenta, atribuțiile si modul de organizare ale Grupului de lucru interinstituțional pentru protecția infrastructurilor critice
  43. H.G. nr. 1154 din 16.11.2011 pentru aprobarea pragurilor critice aferente criteriilor intersectoriale ce stau la baza identificării potențialelor infrastructuri critice naționale si privind aprobarea Metodologiei pentru aplicarea pragurilor critice aferente criteriilor intersectoriale si stabilirea nivelului de criticitate.
  44. H.G. nr. 718/13.07.2011, pentru aprobarea Strategiei naționale privind protecţia infrastructurilor critice, Monitorul Oficial, partea I, nr.555/4 din 04. 08.2011.
  45. O.U.G. nr. 98 din 03.11.2010 privind identificarea, desemnarea şi protecţia infrastructurilor critice – Aprobata prin Legea nr 18 din 11.03.2011.
  46. H.G. nr. 1110/2011 Hotărâre privind componenţa, atribuţiile şi modul de organizare ale Grupului de lucru interinstituţional pentru protecţia infrastructurilor critice.
  47. Decizia nr. 53 din 02.05.2011 privind aprobarea componentei Grupului de lucru interinstitutional pentru protectia infrastructurilor critice, precum si a Regulamentului de organizare si functionare a acestuia
  48. H.G. nr.1198/2012 privind desemnarea infrastructurilor critice naţionale.
  49. Decizia 43 din 22.02.2012 privind aprobarea Planului de acțiune pentru implementarea, monitorizarea si evaluarea obiectivelor Strategiei naționale privind protectia infrastructurilor critice
  50. Decizia 35 din 15.02.2012 privind aprobarea Calendarului principalelor activități pe anul 2012 ale Grupului de lucru interinstitutional pentru protecția infrastructurilor critice
  51. Decizia nr. 166/2013 privind aprobarea Normele metodologice pentru realizarea / echivalarea / revizuirea planurilor de securitate ale proprietarilor / operatorilor / administratorilor de infrastructura critica națională / europeana, a structurii-cadru a planului de securitate al proprietarului / operatorului / administratorului deținător de infrastructura critica națională / europeana si a atribuțiilor ofițerului de legătură pentru securitate din cadrul compartimentului specializat desemnat la nivelul autorităților publice responsabile si la nivelul proprietarului / operatorului / administratorului de infrastructura critica națională / europeana
  52. Decizia nr. 165/2013 privind aprobarea Calendarului principalelor activitati ale Grupului de lucru interinstitutional privind protecția infrastructurilor critice
  53. H.G. nr. 271/2013 pentru aprobarea Strategiei de securitate ciberneticăRomâniei şi a Planului de acţiune la nivel naţional privind implementarea 

    Sistemului naţional de securitate cibernetică

EU’s need a “cohesion policy on security of energy supply” and a “community solidarity mechanism in general.”

The fact that the security of critical infrastructure has an economic dimension and the security of critical infrastructure is directly proportional to the financial investment in overall security system, as critical infrastructure insecurity is directly related to poverty, things are already obvious. Without strong economic performance and sustainable long term, there can be no truly safe, prosperity and stability of critical infrastructure, as economy and finances have a direct impact on the potential for critical infrastructure security, just as it contributes to the national security ensures the smooth functioning of the economy. At national level, the State as the guardian of the population has the responsibility to manage as effectively as economic factors favoring or affect safety by maximizing the positive and mitigate or, if possible, even eradicate the negative.

The most developed countries of the world seem to adapt to this new configuration of international security environment. In recent years, security has become a central objective of a priority for governments and public courts and the economy.

A strong, efficient, competitive and dynamic economy in terms of growth and adapt to integration and globalization is an important pillar of national security, ensuring the conditions for economic and social security, namely infrastructure (especially critical) that support it. Between economic and political or safety factors determinism is reversible, meaning that one can cause major fractures in the other.

The current priority of the EU and NATO energy security and transport routes, with active proposals and measures to be built in these areas.

Romania is a transit country, also with special responsibilities for the security of energy transportation routes, free movement of persons, cargo and on all transport corridors to the west, north, east and southern Europe.

An exponent of the binomial revealing monopoly / dependence is the relationships established now in the energy sector between the Russian Federation and many EU countries. Russian Federation is the sole supplier of natural gas for most of them. Difficulties in finding other suppliers ( those from the Caspian basin and Central Asia, for example ) and the slow development of technologies capable of addressing large-scale renewable energy indicate medium and long term (at least for a horizon for 15, 20 years, until the years 2025 – 2030 ), maintaining hydrocarbons among the most used energy resources and the increased the EU’s energy dependence on Russian provider, determines the fundamental nature of Russian relations with the countries of Eastern and EU and prevent the adoption of a Community policy unit or consistent relations with Moscow. This situation not only increase the vulnerability of European countries and encourage the Kremlin tactics that determine both the price and flow of energy supplies to the European market but the nature of bilateral relations between these countries.

The transition from a unipolar world based on U.S. leadership toward multipolarity, in which power is distributed more entities and non-state actors, seems to have reached a point of no return.

When talking about the relationship between Russia and the EU, both actors characterized as complex. This complexity comes not so much from a busy bilateral agenda, as from the difficulties the parties have on agreeing upon issues under discussion.

Human rights, power supplies, missile defense, commercial disputes and the Kremlin ‘s ambitions to keep control of both the Russian society and in what they call the “near abroad” are subject to negotiations that seem to have no end and poisons traditional European – Russia relations, undermining confidence building between the parties.

Security of energy supplies is an issue until recently located in the main plane of Europe – Russia relations and remain in the uncertainty, both in terms of mutual guarantees and settlement of disputes and in matters that may arise.

In the short term, the nuclear issue will be the cornerstone of European Russia discussions and disagreements will be very difficult to hide behind diplomatic statements. Energy security will continue to be a concern, but the approach in this area will be limited to the prevalence of military elements, both in discussion economy and economy relationship.

So far the prospects of deepening European Russian relations are commercially and perhaps about energy. In other areas, the developments will follow the limitations of the American- Russian relation, tensioning Europe, due to the EU’s inability to build military security without Washington’s help. In the medium term is expected to reach a fair agreement on economic issues.

The war in Iraq has drastically influenced the oil market, as although it was hoped to fall, the effect was the opposite. Today, it is expected that a possible war in Iran oil could lead to over $ 100 / barrel. Iran’s predictability should be a matter of thinking and seriously considered.

Overall, substantive problem remains: countries dependent on Russian or Iranian oil, they need a “cohesion policy on security of energy supply” and a “community solidarity mechanism in general.”

 

De ce un Blog despre Protecția Infrastructurilor Critice.

Prin acest blog încerc să aduc la cunostinta celor preocupaţi de securitatea infrastructurilor critice, un ansamblu coerent de exemple, concepte şi idei care pot arhitectura, la rându-le, utile dezvoltări complementare.

Voi aborda o altfel perspectivă asupra infrastructurilor critice naționale, şi anume cea care pleacă de la influența acestora asupra dezvoltării socio-economice, deoarece consider oportună dezvoltarea unei noi abordări care corelează elementul economie cu cel al globalizării şi cu cel al protecției infrastructurilor critice. Astfel, primul element de noutate al blogului meu  constă tocmai în aceea că în analiza relaţiei dintre protecția infrastructurilor critice și globalizare este luată în calcul o nouă variabilă, respectiv dezvoltarea socio-economică. Blogul meu va corela rezultatele unor cercetări independente, dar şi interdisciplinare pe care le-am întreprins sau le voi întreprinde, singura sau in parteneriat, pe componenta protecției și securității infrastructurilor critice; pe componenta resurselor economice strategice şi, respectiv, pe componenta gestiunii riscurilor de securitate la adresa infrastructurilor critice naționale.

Problematica securităţii infrastructurilor critice, privită în contextul geopolitic şi geostrategic al procesului de globalizare, împreună cu noua tipologie de riscuri, suscită un interes major și din ce în ce mai acut, atât din partea teoreticienilor şi analiştilor preocupaţi de aceste aspecte, cât şi din partea decidenţilor politici. În acest sens, putem afirma că literatura de specialitate care tratează problematica menţionată ia amploare.

Mai mult, a devenit aproape o constantă prezenţa acestor teme în forumul dezbaterilor organizate în cadrul conferinţelor şi sesiunilor de comunicări ştiinţifice, al simpozioanelor, întâlnirilor de lucru tematice, manifestări care prilejuiesc reconsiderări substanţiale în fondul conceptual, dar şi acţional.

Din perspectiva invocată, menţionez teme precum: protecția infrastructurilor critice în spațiul euroatlantic; amenințări, vulnerabilități și riscuri la adresa IC; importanța strategică a infrastructurii critice naționale; securitatea naţională în noul context geopolitic; protecţia infrastructurilor critice – direcţie prioritară în activitatea Serviciului Român de Informaţii; rolul infrastructurilor critice în planul asigurării stării de securitate; atacurile cibernetice; interdependențele IC; protecţia infrastructurilor critice; managementul securităţii la nivelul deţinătorilor şi al operatorilor; infrastructurile critice şi analiza de risc a noilor ameninţări asimetrice; promovarea conceptului de infrastructuri critice la nivelul societăţii civile; importanţa protejării infrastructurilor critice; securitate energetica; interdependente intre securitatea energetica si cea cybernetica, etc..

Cel de al doilea element de noutate al acestui blog constă în radiografierea structurii de management a protecției infrastructurilor critice naționale și propunerea înființării unui departament/minister/autoritate de gestiune a riscurilor la adresa infrastructurilor critice în subordinea/coordonarea directă a Primului Ministru, in condițiile in care, in acest moment -2013, nu există un organism care să gestioneze centralizat şi specific, informaţiile şi decizia în caz de pericol la adresa securităţii infrastructurilor critice, iar acesta ar trebui înfiinţat. Caracteristicile mediului de securitate internaţional actual, coroborate cu opţiunile naţionale politico-economice, ar trebui să determine Guvernul României să reconsidere problematica gestionării protecției infrastructurilor critice, din perspectiva necesităţilor şi intereselor economice și de securitate, naţionale.

Blogul meu corelează rezultatele unor cercetări laborioase pe care am întreprins-o pe două direcții: direcția evenimentelor care au dus la dezvoltarea legislației și a unor strategii și proceduri de acțiune pentru securitatea infrastructurilor critice și, respectiv, direcția actelor normative și a măsurilor de PIC în mai multe țări ale UE, SUA și în România.

De asemenea, blogul propune fotografierea unor aspecte legate de faptul că viaţa noastră a devenit din ce în ce mai dependentă de un număr de elemente de infrastructură, ajungând de la bunuri fizice – cum ar fi drumuri sau reţele de electricitate – la medii de reţele – cum ar fi serviciile financiare sau internetul. Desfăşurăm multe activităţi şi ne satisfacem multe din nevoile de bază cu ajutorul acestor tipuri de infrastructură, în condițiile în care încrederea în infrastructuri ne permite să acţionăm într‑un mod mai economic şi mai eficient. Elaborând această ipoteză, voi arăta cum perturbarea sau distrugerea unei infrastructuri critice poate dăuna în mod substanţial economiilor noastre şi poate conduce la dezastre naturale şi pierderi de vieţi omenești. În plus faţă de aceste principii, configuraţia mediului internaţional de securitate ridică încă o problemă majoră – aceea că statele percep în moduri diferite sursele de insecuritate. Relaţiile dintre statele unei regiuni nu mai sunt exclusiv expresia problemelor locale, ci sunt direct influenţate de relaţiile acestor ţări cu marii actori.

Securitatea internă priveşte, deopotrivă, siguranţa cetăţeanului şi securitatea publică, securitatea frontierelor, a energiei, a transporturilor şi a sistemelor de aprovizionare cu resurse vitale şi protecţia infrastructurii critice, per ansamblu.

EU on CIP

Four possible vectors:

Vector 1: general exchanges of good practice on topics applicable to entire EU

Vector 2: external cooperation concerning designated ECI

Vector 3: external cooperation concerning infrastructure in a third country which if disrupted would have an effect on the EU

Vector 4: raising critical infrastructure capacity in priority countries and regions

Follow

Get every new post delivered to your Inbox.

Join 1,250 other followers

%d bloggers like this: