Europe moves ahead on critical infrastructure protection

The Justice and Home Affairs Council of the European Commission has reached political agreement on a Commission proposal for a Directive on the identification and designation of European critical infrastructure (ECI) and the assessment of the need to improve its protection. The Directive is expected to come into force before the end of 2008.

The Directive establishes the procedure for the identification and designation of European critical infrastructure (ECI) and a common approach to risk assessment and protection strategies for such infrastructure.

ECI will be defined as ‘critical infrastructure located in EU Member States the disruption or destruction of which would have a significant impact on at least two Member States of the EU’. The Directive concentrates on the energy and transport sector and will be reviewed after three years, to assess its impact and the need to include other sectors within its scope. The information and communication technology (ICT) sector is expected to be added in at this stage.

Each designated ECI will have to have an Operator Security Plan (OSP) covering the identification of important assets, a risk analysis based on major threat scenarios and the vulnerability of each asset, and the identification, selection and prioritisation of counter-measures and procedures.

A Security Liaison officer will function as the point of contact for security issues between the ECI owner/operator and the relevant Member State authority.

Every two years, each Member State will forward to the Commission information on threats and risks encountered in each ECI sector. On the basis of those reports, the Commission and the Member States will examine whether further protection measures at the EU level should be considered.

•Date: 10th June 2008• Region: Europe/UK •Type: Article •Topic: BC general
Rate this article or make a comment - click here