I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.6.6 Intervention<br />
The evolution of CI and corresponding risks will partially aff ect response forces. In the case of physical CI,<br />
response forces and their linkages mostly exist already. In the case of ICT, intervention forces are rudimentary at<br />
best and security relies on soft- and hardware barriers. The limits of these «static» lines of defence are evident and<br />
necessitate new solutions which warrant both basic as well as applied research into these counter-hacking/-spoofi ng<br />
strategies, methodologies and instruments.<br />
2.6.7 Education and Training<br />
Given the importance of trust for CI security and operations and the knowledge that trust is generated by transparency and<br />
understanding, preventive education and response training should expand not only to security experts and CI<br />
operators, but also to customers and the public at large (for crisis situation training, see WG4 chapter). The theoretical<br />
and practical consequences of empowering <strong>European</strong> citizens as security stakeholders need foundation level as well as<br />
detailed, programmatic research.<br />
2.6.8 Societal Embeddedness<br />
Critical infrastructures, perhaps more so than any other infrastructure, are vulnerable to insider threats, namely from<br />
personnel and third party individuals with access rights to certain key components that have radicalised and intend to use<br />
their know-how for adverse eff ects. We therefore need more knowledge about radicalisation processes, how to<br />
detect them and how to prevent resulting security breaches.<br />
2.7 Conclusions<br />
Security in the future remains a careful and very specifi c act of balancing prevention, protection and reaction/mitigation. In<br />
some cases, prevention and protection must be emphasised since the consequences of failure would be too dire to accept.<br />
In other cases, where prevention and protection are too diffi cult to implement, the emphasis must be on reactive mitigation<br />
of eff ects, that is, service must be delivered. In both cases, <strong>European</strong> critical infrastructures 1 that cross international borders<br />
need a higher level of resilience. If <strong>ESRIF</strong> advocates a «Culture of Resilience» that is understood to be comprehensive, then this<br />
is the result of realism and pragmatism: Crises will occur. Terrorists will exist and strike. Europe will experience fl oods, storms,<br />
droughts and epidemics.<br />
If the work of <strong>ESRIF</strong> WG2 «Security of Critical Infrastructure» were to be broken down into a few words for national governments,<br />
they would be «prepare yourselves to ensure that nothing can completely put your system out of service». This is why WG2<br />
strongly advocates the concept of resilience: That despite changes in assumptions, measures put in place will be eff ective<br />
(e.g. what helps against bioterrorist release of agents can very well help against a natural pandemic), power and water will<br />
be running to an acceptable standard (e.g. water will be potable), and basic communication will work eff ectively. Societal<br />
resilience is heavily dependent upon certain vital consumables and services being in place, and this is the contribution of WG2<br />
«Security of Critical Infrastructures» to the endorsed concept of «societal resilience».<br />
In the fi nal analysis the security of critical infrastructure requires as full an appreciation of the potential impact of “negative<br />
externalities” as possible. Whether these are deliberate or accidentally generated, strategies, while ideally aiming to prevent<br />
the impacts, must also focus on mitigating the eff ects.<br />
1 <strong>European</strong> critical infrastructure or ‘ECI’ refers to critical infrastructure located in Member States the disruption or<br />
destruction of which would have a signifi cant impact on at least two Member States. The signifi cance of the impact shall<br />
be assessed in terms of cross-cutting criteria. This includes eff ects resulting from cross-sector dependencies on other<br />
types of infrastructure. EU COM(2008)114<br />
87