Skip to main content
SpringerLink
Log in

The European Programme for Critical Infrastructure Protection

  • Chapter
  • First Online:
Crisis Management in the European Union

Abstract

The terrorist attacks in Madrid 2004 and London 2005 drew attention to the risk of attacks against European critical infrastructure (ECI). In order to counter-act potential vulnerabilities, the European Council asked the European Commission to prepare an overall strategy and an action plan to improve the protection of ECI. As a result of this request, the Commission proposed the establishment of a European Programme for Critical Infrastructure Protection (EPCIP). The programme consists of three main parts: a Directive for the identification and designation of ECI, a financial programme and a Critical Infrastructure Warning Information Network (CIWIN).

This chapter starts off with a description of the background that accentuated the need for the establishment of a European cooperation on critical infrastructure protection (CIP).1 This introduction is followed by an account of how the overall identification procedure of ECI is supposed to work in practice and the obligations the Directive2 imposes on the owners/operators of designated ECI as well as relevant government authorities. Finally, CIWIN and the financial programme including the establishment of a European Reference Network for CIP (ERN–CIP) are presented. After this brief overview of the different components of the programme, the chapter is summed up with some concluding remarks on possible challenges the EU has to overcome in order to become an influential CIP-actor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Critical infrastructure protection and the internationally accepted shortening “CIP” will be used as synonyms in the chapter. In the same way, European critical infrastructure will be shortened to “ECI”.

  2. 2.

    When in this chapter reference is being made to “the Directive” this refers to the Council directive (2008/114/EC of 8 December 2008) on the identification and designation of European critical infrastructure and the assessment of the need to improve their protection.

  3. 3.

    Presidency conclusions of the European Council (17 and 18 June, 2004) [10679/2/04 REV 2].

  4. 4.

    Critical infrastructure protection in the fight against terrorism [13979/04].

  5. 5.

    Green paper on the European programme for critical infrastructure protection 14910/05.

  6. 6.

    Euractive critical infrastructure.

  7. 7.

    Eriksson and Barck-Holst (2005).

  8. 8.

    Ibid.

  9. 9.

    Larsson (2007, p. 9 and p. 24).

  10. 10.

    Jarlsvik and Castenfors (2004, p. 64).

  11. 11.

    Eriksson and Barck-Holst (2005, pp. 39–47).

  12. 12.

    Council Directive (2008/114/EC).

  13. 13.

    Quotation by former Commissioner for Justice, Freedom and Security, Franco Frattini. EurActive Critical Infrastructure.

  14. 14.

    Eleven sectors as presented in the first draft proposal for a Directive.

  15. 15.

    The identified subsectors in the energy sector are (1) electricity (infrastructures and facilities for generation and transmission of electricity in respect of supply electricity), (2) oil (oil production, refining, treatment, storage and transmission by pipelines) and (3) gas (gas production, refining, treatment, storage and transmission by pipelines, LNG terminals). In the transport sector the subsectors are (1) road transport, (2) rail transport, (3) air transport and (4) inland waterways transport and ocean and short-sea shipping and ports. Important to notice is, however, that the list of ECI sectors does not commit Member States with an obligation to designate an ECI in each sector.

  16. 16.

    The section is based on an investigation ordered by the European Commission, (DG-JLS) performed by Unisys Belgium, with CIVI.POL as a subcontractor. See UNISYS (2007). In the study the EU Member States were asked to explain their national concept and understanding of “critical infrastructure”, its national legal and/or policy basis, the sectors included in national plans for the protection of such critical infrastructures and the composition and basic operating principles of the countries' CIP community. See also Wenger and Mauer (2006) International CIIP Handbook 2006 where an inventory of 20 national and 6 international critical information infrastructure protection policies are made, as well as Lindström (2008a) where four EU-Member States CIP-work is highlighted.

  17. 17.

    UNISYS (2007).

  18. 18.

    Ibid.

  19. 19.

    Ibid. p. 21.

  20. 20.

    See UNISYS (2007) table 2 pp. 25–26 for an overview of coordinating bodies and legislative/policy basis for CIP in 25 of the EU Member States.

  21. 21.

    Ibid.

  22. 22.

    Ibid.

  23. 23.

    UNISYS (2007).

  24. 24.

    The identification procedure is described in Article 3 and Annex III to Council directive (2008/114/EC).

  25. 25.

    The non-binding guidelines will be updated as and when the need arises, based on experience gained through the implementation of the Directive and the reviews to be undertaken.

  26. 26.

    Lindström (2008b).

  27. 27.

    Article 2(a) in Council directive (2008/114/EC).

  28. 28.

    Article 2(b) in Council directive (2008/114/EC).

  29. 29.

    The casualty criterion is assessed in terms of the potential number of dead or wounded people. See Article 3:2 in Council directive (2008/114/EC).

  30. 30.

    The economic criterion is assessed in terms of the significance of economic loss and/or degradation of GDP; including potential environmental effects. See Article 3:2 in Council directive (2008/114/EC).

  31. 31.

    Public effects are assessed taking into account the number of people impacted (including how severe and how long they are impacted). This is further assessed in terms of physical suffering, the impact on public confidence and disruption of daily life; including the loss of essential services. Public effect shall in each of these three effect categories be measured on a severity scale using three categories that express the magnitude of the impact ranging from low to medium to high. See Article 3:2 in Council directive (2008/114/EC).

  32. 32.

    Non-Binding Guidelines for the application of the Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, Brussels, 31 October 2008 [14808/08] p. 15.

  33. 33.

    See Lindström (2008b).

  34. 34.

    Interview DG JLS 9 July 2008 in Lindström (2008b).

  35. 35.

    See Lindström (2008b).

  36. 36.

    The minimum requirement of an Operator Security Plan is set out in Annex II in Council Directive (2008/114/EC).

  37. 37.

    Annex II in the non-binding guidelines document lists existing Community measures which fulfil the demands for an appointed SLO and an established OSP (this list may also be amended).

  38. 38.

    See Article 7:1 in Council Directive (2008/114/EC).

  39. 39.

    See Article 6 in Council Directive (2008/114/EC).

  40. 40.

    See Article 8 in Council directive (2008/114/EC).

  41. 41.

    See Article 5 (OSP), 6 (SLO) and 10 (contact points) in Council directive (2008/114/EC).

  42. 42.

    See Article 4:1; Article 4:2; Article 4:5; Article 4:3; and Article 4:4 in Council Directive (2008/114/EC).

  43. 43.

    See Article 10 in Council Directive (2008/114/EC).

  44. 44.

    Lindström (2008b).

  45. 45.

    See Article 5:3 and Article 6:3 in Council Directive (2008/114/EC). No timeframe has been set up for the appointment of a SLO but it is assumed that the designation of the SLO is carried out as quickly as possible since the SLO is considered a pre-requisite for discussions on the availability and creation of the Operator Security Plan (OSP), and a SLO should thus be established in time to deliver the OSP. See Article 5 (OSP) and 6 (SLO) in Council Directive (2008/114/EC).

  46. 46.

    See Article 3.2, Article 4.4 and Article 7.2 in Council directive (2008/114/EC).

  47. 47.

    Lindström (2008b).

  48. 48.

    Lindström (2008b).

  49. 49.

    Although the establishment of the CIWIN will be set up through a separate Council decision it shall be considered as part of EPCIP.

  50. 50.

    The USA has a similar system CWIN, operational since 2003. See Euractiv Critical Infrastructure.

  51. 51.

    Ibid.

  52. 52.

    Ibid.

  53. 53.

    Most of the fixed areas are cross-European which users from all 27 member states have access to. The organisation of the Member State area (and the area for the Commission) is left exclusively to the users of the respective Member State/Commission.

  54. 54.

    Lindström (2008b).

  55. 55.

    Proposal for a Council decision on a critical infrastructure warning information network (CIWIN). Non-paper. Brussels, 26 June 2008.

  56. 56.

    Ibid.

  57. 57.

    Ibid.

  58. 58.

    Council Decision No 2007/124/EC, Euratom.

  59. 59.

    Regarding the energy sector and the action grants to be awarded the programme stipulate that it deals with both transnational and national projects such as “restoration of externally disrupted power generation plants; assessment and mitigation of risks for disabling of control centres vital for the security and restoration of large power systems” and “studies on interdependencies between EU ICT infrastructures and electricity generation and transmission systems”.Within the transport sector it deals with “training of Member States’ actors involved in high risk transport of hazardous materials and goods” and “evaluation of best practices and exchange of experiences”.

  60. 60.

    The programme prevention, preparedness and consequence management of terrorism and other security related risks amount to 12.7 million euro. Important to notice is that this programme does not apply to matters that are covered by other financial instruments in particular by the rapid response and preparedness instrument for major emergencies (now renamed to civil protection financial instrument) and by the research activities in the areas of security and space in the 7th RTD framework programme.

  61. 61.

    Annual work programme 2007 – prevention, preparedness and consequence managemet of terrosim and other security related risks.

  62. 62.

    Ibid.

  63. 63.

    The European Commissions internal working paper: European Reference Network for Critical Infrastructure Protection (June 2008).

  64. 64.

    Ibid.

  65. 65.

    Ibid.

  66. 66.

    Ibid.

  67. 67.

    Commission Report (2006), Results of the EPCIP Green Paper consultation Responses of the Member States. Official responses were not received from Greece, Italy and Malta.

  68. 68.

    Seven Member States (Cyprus, Spain, Lithuania, Latvia, Luxembourg, Portugal and Slovakia) expressed their support for some sort of legislative approach, seven were against (Denmark, Germany, Finland, France, the Netherlands, Sweden and the United Kingdom) and eight did not offer a clear opinion. Some of the Member States were of the opinion that parts of the common framework could be obligatory (the views varied however concerning exactly which parts of the framework that could be obligatory). Also some Member States were of the opinion that the framework could be voluntary at first and become obligatory once it is tested and well established. See Commission Report 2006, Results of the EPCIP Green Paper consultation responses of the Member States.

  69. 69.

    Ibid.

  70. 70.

    Eriksson and Barck-Holst (2005, p. 10).

  71. 71.

    Interview, DG JLS, 9 July 2008 in Lindström (2008b).

  72. 72.

    European Commission Glossary Gold plating.

  73. 73.

    Lindström (2008b).

  74. 74.

    The energy and transport sub-sectors are identified in Annex I of the Council directive (2008/114/EC).

  75. 75.

    Lindström (2008b).

  76. 76.

    During the negotiations on the Directive some Member States have emphasised that nuclear facilities should be considered as ECI and should be included during the scheduled review of the Directive in three years' time.

  77. 77.

    Report on the Implementation of the European Security Strategy: Providing Security in a Changing World. Brussels, 11 December 2008 (S407/08).

References

  • A secure Europe in a better world – European security strategy. Document proposed by Javier Solana and adopted by the Heads of State and Government at the European Council, Brussels, 12 December 2003

    Google Scholar 

  • Annual Work Programme (2009) Prevention, preparedness and consequence management of terrorism and other security related risks. http://ec.europa.eu/justice_home/funding/cips/doc/awp_cips_2009_en.pdf, accessed 19 Jan 2009

  • Commission Report Results of the EPCIP Green Paper consultation responses of the member states. JLS/D1/PR/vdb D(2006) 4675, Brussels, 14 March 2006

    Google Scholar 

  • Communication from the Commission to the Council and the European parliament, Critical infrastructure protection in the fight against terrorism. Brussels, 20 October 2004. 702 Final

    Google Scholar 

  • Council Directive (2008/114/EC of 8 December 2008) The identification and designation of European critical infrastructure and the assessment of the need to improve their protection. http://www.infrastrutturecritiche.it/aiic/images/DocArticoli/directive%20epcip%20en_12_01 _2009.pdf, accessed 2 Feb 2009

  • Eriksson P, Barck-Holst S (2005) Politik för skydd av kritisk infrastruktur i EU och Sverige – en jämförande analys. English edition: Politics for critical infrastructure protection in the EU and Sweden – a comparative analysis. Swedish Defence Research Agency, Stockholm

    Google Scholar 

  • EurActive Critical infrastructure. http://www.euractiv.com/en/security/critical-infrastructure/article-140597, accessed 31 Jan 2009

  • European Commission Glossary Gold plating http://ec.europa.eu/governance/better_regulation/glossary_en.htm. Accessed 1 Feb 2009

  • European Commission Green paper on a European program for critical infrastructure protection. COM (2005) 576 final

    Google Scholar 

  • European Commissions Internal Working Paper Guidelines for implementation of the Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection

    Google Scholar 

  • European Commissions Internal Working Paper (2008) European reference network for critical infrastructure protection

    Google Scholar 

  • European Commission Joint Research Centre Checklist for supporting identification and protection of European critical infrastructure. Institute for the Protection and Security of the Citizen Traceability and vulnerability assessment

    Google Scholar 

  • Fritzon Å, Ljungkvist K, Boin A, Rhinard M (2007) Protecting Europe's critical infrastructure: problems and prospects. J Contingencies Crisis Manage, 15(1)

    Google Scholar 

  • Larsson P (2007) Europeanized National Emergency Preparedness: Opportunities and Challenges for Sweden’s Emergency Preparedness. Swedish edition: Från hemvävd till invävd krisberedskap: möjligheter och utmaningar vid en europeiserad svensk krisberedskap. Stockholm: Swedish Defence Research Agency.

    Google Scholar 

  • Lindström M (2008a) A review of four EU member states views on the European programme for critical infrastructure protection. Swedish edition: En granskning av fyra EU-länders syn på det europeiska programmet för skydd av kritisk infrastruktur. The Swedish Emergency Management Agency

    Google Scholar 

  • Lindström M (2008b) National consequences of the European programme for critical infrastructure protection. Swedish edition: Nationella konsekvenser av det europeiska programmet för skydd av kritisk infrastruktur. The Swedish Emergency Management Agency, Dnr. 283/2008

    Google Scholar 

  • Prevention, preparedness and consequence management of terrorism and other security related risks 2007–2013. Call for proposals action grants 2009. http://ec.europa.eu/justice_home/funding/cips/doc/call_2009_action_grants.pdf, accessed 19 Jan 2009

  • Proposal for the sectoral criteria to make a first selection of potential European critical infrastructure within a sector. [7252/1/08 REV 1]. Brussels, 7 March 2008

    Google Scholar 

  • Proposal for a Council decision on a critical infrastructure warning information network (CIWIN). Non-paper. Brussels, 26 June 2008

    Google Scholar 

  • Report on the implementation of the European security strategy: providing security in a changing world. Brussels, 11 December 2008 (S407/08).

    Google Scholar 

  • UNISYS (2007) Study on the establishment of the critical infrastructure warning information network (CIWIN). Interim report. Approved version. Contract Number: JLS/D1/2006/02 ABAC Number: 30-CE-0080088/00-03

    Google Scholar 

  • UNISYS (2008a) CIWIN prototype user manual for the CIWIN executive: study on the establishment of the critical infrastructure warning information network (CIWIN)

    Google Scholar 

  • UNISYS (2008b) CIWIN prototype user manual for the CIWIN executive

    Google Scholar 

  • Wenger A, Mauer V (2006) International CIIP handbook 2006. An inventory of 20 national and 6 international critical information infrastructure protection policies, vol I and II. Center for Security Studies. ETH, Zürich

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Swedish Defence Research Agency, Gullfossgatan 6, SE-16490, Stockholm, Sweden

    Stefan Olsson

Authors
  1. Madelene Lindström
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Olsson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefan Olsson .

Editor information

Editors and Affiliations

  1. Swedish National Defence Research Agency, Gullfossgatan 6, Stockholm, 164 90, Sweden

    Stefan Olsson

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Berlin Heidelberg

About this chapter

Cite this chapter

Lindström, M., Olsson, S. (2009). The European Programme for Critical Infrastructure Protection. In: Olsson, S. (eds) Crisis Management in the European Union. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00697-5_3

Download citation

Publish with us

Policies and ethics

Search

Navigation