Title: A European Programme for Critical Infrastructure Protection EPCIP
1A European Programme for Critical
Infrastructure ProtectionEPCIP
Magnus OVILIUSHead of Sector Preparedness and
Crisis ManagementEuropean Commission, DG
Justice, Freedom and Security
2Europe Showing Country Neighbours in a CIP Energy
perspective
From Joint Research Centre (2006)
3EU, Russia, CIS - oil and gas key supply routes
From R. Pride (2005)
4A system of system Critical Infrastructure
interdependencies
Adapted from J.P. Peerenboom (2004)
5From S.M. Rinaldi (2004)
6 Countering threats from terrorism is a priority,
but the programme encompass an all hazards
approach (i.e. terrorist attacks and natural
disasters alike) Protection measures should be
Affordable Sustainable Reliable and
Proportionate
.
Support for Member States concerning National
Critical Infrastructures (NCI)
Measures designed to facilitate the
implementation of EPCIP
Proposal for a Directive concerning European
Critical Infrastructure (ECI)
Accompanying financial measures
Contingency planning
External dimension
- EPCIP Action Plan
- Critical Infrastructure Warning Information
Network (CIWIN) - CIP expert groups
- CIP information sharing
- identification and analysis of interdependencies
EU programme "Prevention, Preparedness and
Consequence Management of Terrorism and other
Security Related Risks" for the period 2007-2013
A procedure for the identification and
designation of ECI A common approach to the
assessment of the needs to improve the protection
of such infrastructures
7Sector- by-sector Approach EPCIP will be
implemented following an agreed list of CIP
sectors
Proportionality Measures will only be proposed
where a need has been identified following an
analysis of existing security gaps and will be
proportionate to the level of risk and type of
threat involved.
Subsidiarity Taking due account of existing
Community competences, the Commission will focus
on ECI. The Commission may, where requested
provide support to Member States concerning NCI.
Complementarity The Commission will avoid
duplicating existing efforts, where these have
proven to be effective in protecting critical
infrastructure. EPCIP will complement and build
on existing sectoral measures.
Confidentiality Both at EU level and MS level,
Critical Infrastructure Protection Information
(CIPI) will be classified and access granted only
on a need-to-know basis. Information sharing
regarding CI will take place in an environment of
trust and security
Stakeholder Cooperation All relevant
stakeholders will, as far as possible, be
involved in the development and implementation of
EPCIP. This will include the owners/operators of
critical infrastructures designated as ECI as
well as public authorities and other relevant
bodies.
8An EU level mechanism is required in order to
serve as the strategic coordination and
cooperation platform capable of taking forward
work on the general aspects of EPCIP and sector
specific actions.
A CIP Contact Group has been created.
The CIP Contact Group bring together the CIP
Contact Points from all EU Member States and is
chaired by the Commission.
Each EU Member State has appointed a CIP Contact
Point to coordinate CIP issues with other EU
Member States, and the Commission
The appointment of a CIP Contact Point does not
preclude other authorities in the EU Member
State from being involved in CIP issues.
9EPCIP Action Plan
Workstream 1 Deals with the strategic aspects of
EPCIP and the development of measures
horizontally applicable to all Critical
Infrastructure Protection (CIP) work.
Workstream 2 will deal with European Critical
Infrastructure implemented at a sectoral level.
Workstream 3 will support the Member States in
their activities concerning National Critical
Infrastructures
Designation of ECI
National CIP Programmes
Operator Security plans
The EPCIP Action Plan will be implemented taking
into account sector specificities and involving,
as appropriate, relevant stakeholders.
10The CIP stakeholder dialogue
Assist in identifying vulnerabilities,
interdependencies and sectoral best practices
Facilitating CIP information-sharing, training
and building trust
Assist in the development of measures to reduce
and/or eliminate significant vulnerabilities and
the development of performance metrics
Develop and promote business cases to
demonstrate to sector peers the value of
participation in infrastructure protection plans
and initiatives
Provide sector-specific expertise and advice on
subjects such as research and development.
A Call for the expression of interest to become
member of CIP Expert Groups has been published
at http//ec.europa.eu/justice_home . The
applications should be sent to the following
address JLS-EPCIP_at_ec.europa.eu .
11What is critical infrastructure
12Scope of the Directive
Establishes a common procedure concerning
3. A risk analysis of the need to improve the
protection of ECI
2. The designation of European Critical
Infrastructure
1. The identification of European Critical
Infrastructure
- ECI critical infrastructure assets the
disruption or destruction of which would
significantly affect - two or more Member States, or
- a single Member State if the critical
infrastructure asset is located in another
Member State. - This includes effects resulting from cross-sector
dependencies on other types of infrastructure.
13(No Transcript)
14DEFINING WHAT IS OF EU SIGNIFICANCE
15Identification of ECI
- The proposed Directive requires each Member State
to apply criteria amongst sectors followed by the
application of cross-cutting criteria, in order
to identify those infrastructures which may be
designated as European Critical
- CROSS-CUTTING CRITERIA
- are characterized by their horizontal application
to all critical infrastructure sectors - Shall also take into account the availability of
alternatives and the duration of
disruption/recovery - developed based on the severity of the following
effects
- SECTORAL CRITERIA
- Will be adopted for priority sectors
- Shall take into account the characteristics of
individual critical infrastructure sectors - their development will involve, as appropriate,
relevant stakeholders
16Identification of ECI
An Infrastructure under investigation as a
potential ECI
Step 1
Are the Sectorial Criteria met?
Step 2
Is the Infrastructure critical?
Step 3
Is there a trans-boundary impact?
Sanity check
Step 4
Are the Cross-Cutting criteria met?
If accepted by the relevant EU Member State, the
CI is designated as an ECI
17Improving protectionObligations on ECI
- Two basic obligations for CI owners/operators
designated as ECI
To establish and update an Operator Security Plan
(OSP)
To designate a Security Liaison Officer (LSO)
18Improving protection
Operator Security Plan (OSP)
It is up to each Member State to select the
appropriate form and methods in order to achieve
the requirement of having an OSP for each ECI as
set out in the directive.
Security Liaison Officer (SLO)
19FUNDING SECURITY POLICY SUPPORT MEASURES
The Programme "Prevention, Preparedness and
Consequence Management of Terrorism and other
Security related Risks provides financial support
( 140 million) for the period 2007-2013. The
financial support is aimed at three main areas
Countering threats from terrorism is a priority,
but the programme encompass an all hazards
approach (i.e. terrorist attacks and natural
disasters alike).
20ACTIONS ELIGIBLE FOR FUNDING (no hardware or
equipment)
With regard to prevention and preparedness, the
Programme aims at
With regard to consequence management the
Programme aims at
21ELIGIBILITY CRITERIA
The maximum rate of co-financing by the
Commission is 70 of the total eligible costs of
the project. To be eligible, grant applications
must meet in particular the following criteria
22Thank You !