Abstract
This chapter has more practical view on the steps covered by the Member States to fully implement and apply the Directive in their national CIP frameworks. The comparison of the different approaches will give an in-depth perspective on how the MS have dealt, with such a complex European wide topic, at national level. Lack of shared understanding (the Directive falls on 28 different Member States that have different state of development—industrialized vs. emerging countries—and view of the CI environment), the consequent inhomogeneous approach to a shared problem, gives a patchy snapshot on European security and will also be discussed through the relation and comparison of statistical data in view to gain awareness on the State of Play of the CIP in the EU after the implementation of the Directive.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Directive 114/08/EC, in the article 12, sets an implementation deadline: “Member States shall take the necessary measures to comply with this Directive by 12 January 2011. They shall forthwith inform the Commission thereof and communicate the text of those measures and their correlation with this Directive. When they are adopted by Member States, these measures shall contain a reference to this Directive or shall be accompanied by such reference on the occasion of their official publication. The methods of making such reference shall be laid down by Member States”.
- 2.
A large number of Member States, whose names appear between those that implemented the Directive after the deadline, have notified the “notice of implementation” on time while the effective entry into force of the measure might have taken place later.
- 3.
These measures have been recently superseded by the “Instruction Generale Interministerielle relative a la Securite des Activites d’importance Vitale N°6600/SGDSN/PSE/PSN du 7 janvier 2014”.
- 4.
The disposition regarding “how the plan” should be drafted (article 12), is another example of the similarities between the French Decree and the European Directive: “Art. 12. – Pour l’application des dispositions du présent chapitre, le Premier ministre, après avis de la commission mentionnée à l’article 8, fixe par arrêtés : (1o) La méthode d’analyse et de gestion du risqué; (2o) La méthode à suivre pour déterminer, par secteur d’activités d’importance vitale, les scénarios de menace et leur hiérarchisation selon le type ou le niveau de menace envisagé; (3o) Les plans types des plans de sécurité d’opérateurs d’importance vitale, des plans particuliers de protection et des plans de protection externe. Les arrêtés prévus à l’article 11 et au présent article sont protégés dans les conditions prévues par le décret du 17 juillet 1998 susvisé. Ils sont notifiés à chaque opérateur d’importance vitale intéressé ainsi qu’à toutes les autorités administratives qui ont à en connaître”.
- 5.
The full list of National Execution Measures in response to the promulgation of the Directive 114/08/EC are available on the Eur Lex website: http://eur-lex.europa.eu/search.html?type=advanced&qid=1398009695225&or0=DN%3D72008L0114*,DN-old%3D72008L0114* (01.12.2013).
- 6.
Is the case of MSs like Italy, Luxemburg and Malta. Italy, among the others, does not have a national law for CIP as the security measures are mainly developed by the Security Services: DIS (Dipartimento delle informazioni per la sicurezza) and CISR (Comitato Interministeriale per la Sicurezza della Repubblica).
- 7.
Between the offices involved in the national forum for CIP, particularly important are the roles of the Centre for the Protection of National Infrastructures (CPNI), the National Infrastructure Security Coordination Centre (NISCC), the National Technical Authority for Information Assurance (CESG), and the National Counter Terrorism Security Office (NaCTSO) and the Counter Terrorism Security Advisor (CTSA) network.
- 8.
CPNI provides protective security advice that cover physical security, personnel security and cyber security/information assurance. The Centre has also drafted the list of recognized sectors of national critical infrastructures: communications, emergency services, energy, financial services, food, government, health, transport and water. http://www.cpni.gov.uk/about/cni/ (27.12.2013).
- 9.
The provision of preparing and updating an Operator Security Plan already existed in the UK CIP framework, where the infrastructure owners are already collaborating with the Government to assure adequate protection to National CIs.
- 10.
Government’s Emergency Ordnance nr. 98/2010 was approved and modified by the Law n. 18 of March 11, 2011.
- 11.
The framework has been recently further strengthened with the adoption of the methodological norms for the preparation and review of the Operators Security Plans (Romanian Prime Minister Decision n. 166 of March 19, 2013) and with the amendment of the Romanian Register for Classification of Occupations with the inclusion of the position of “Security Liaison Officer for National CI/European CI” (Common Order of Ministry of Labor and the National Institute of Statistics of November 13, 2013, n. 2176/931). These two measures have further defined the important measures related to the Operator Security Plan and have highlighted the minimum competencies and qualification that a security expert has to obtain to be nominated Security Liaison Officer.
- 12.
This is one of the most controversial points, as it seems that the Directive identifies too few sectors in comparison to those that are usually identified at national level. At the same time, considering the initial difficulties encountered in the application, it can be said that these sectors appear to be enough for a “first step”.
- 13.
The profiles of the infrastructure designed as ECI, according to the provision of the Directive, are considered as sensitive data and for these reasons are unknown. However, the number of the ECI designated up to November 2012 seems to be around 14.
- 14.
On this specific point, doubts have been raised whether the Directive has really contributed to improve the protection of CIs. The fact that the Directive does not introduce any new benchmark for the security has discouraged many MS for taking further action before understanding how the Directive has to be reviewed.
References
Civil Contingencies Act 2007. Gibraltar Gazette No. 3849 of 12 May, 2011. http://www.gibraltarlaws.gov.gi/articles/2007-14o.pdf. 01.09.2013
Décret no 2006-212 du 23 février 2006 relatif à la sécurité des activités d’importance vitale. http://www.legifrance.gouv.fr/affichTexte.do;jsessionid=019328350F2E068C952970D8D1604791.tpdjo17v_2?cidTexte=JORFTEXT000000634536&categorieLien=id. 01.09.2013
Romanian Government Emergency Ordnance nr. 98/2010. http://lege5.ro/Gratuit/geztqmzxhe/ordonanta-de-urgenta-nr-98-2010-privind-identificarea-desemnarea-si-protectia-infrastructurilor-critice/1. 01.09.2013
Romanian Intelligence Service (SRI) “Critical Infrastructure Protection”, Centre for Security Culture, 2010. http://www.sri.ro/upload/Brosura%20IC%20ENG.pdf. 01.09.2013
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Lazari, A. (2014). State of Play of CIP in the EU After the Directive 114/08. In: European Critical Infrastructure Protection. Springer, Cham. https://doi.org/10.1007/978-3-319-07497-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-07497-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07496-2
Online ISBN: 978-3-319-07497-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)