Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CRITICAL INFRASTRUCTURE PROTECTION IN THE BALTIC SEA REGION<br />
threats to the nation’s critical <strong>in</strong>frastructures; recommend a comprehensive<br />
national policy and implementation plan for protect<strong>in</strong>g critical <strong>in</strong>frastructures;<br />
determ<strong>in</strong>e legal and policy issues raised by proposals to <strong>in</strong>crease protections; and<br />
propose statutory and regulatory changes necessary to effect recommendations.<br />
The PCCIP concluded <strong>in</strong> 1997 that advanced societies rely heavily upon critical<br />
<strong>in</strong>frastructures, which are susceptible to physical disruptions and to new virtual<br />
threats. The security, economy, way of life, and perhaps even the survival of the<br />
<strong>in</strong>dustrialized world are dependent on the comb<strong>in</strong>ation of electrical energy,<br />
communications and computers. These recommendations led to “Presidential<br />
Decision Directive 63” on <strong>Critical</strong> Infrastructure Protection <strong>in</strong> 1998, which<br />
established l<strong>in</strong>es of responsibility with<strong>in</strong> the federal government for protect<strong>in</strong>g<br />
each of the <strong>in</strong>frastructure elements and for formulat<strong>in</strong>g an R&D strategy for<br />
improv<strong>in</strong>g the surety of the <strong>in</strong>frastructure. Some other events, such as ‘Y2K’ added<br />
to the perceived importance to develop a national CIP strategy. (PCCIP 1997; PDD<br />
1998; see also Abele-Wigert and Dunn 2006, pp. 26-27; Moteff 2003; Hagelstam<br />
2005; Fritzon et al. 2007, p. 31)<br />
Naturally, the 9/11 attacks <strong>in</strong> the United States considerably re<strong>in</strong>forced these<br />
CIP efforts. The Department of Homeland Security (DHS) was established and <strong>in</strong><br />
2003 President George W. Bush released the “Homeland Security Presidential<br />
Directive/HSPD-7” that established a national policy for federal departments and<br />
agencies to identify and prioritise CI and key resources (KR) and protect them<br />
from terrorist attack. The follow<strong>in</strong>g year the White House released two<br />
presidential national strategies: the “National <strong>Strategy</strong> to Cyber Security” (NSCS<br />
2003) and the “National <strong>Strategy</strong> for Physical Protection of <strong>Critical</strong> Infrastructure<br />
and Key Assets” (NSPPCI/KA 2003). These were follow-up documents to the<br />
“National <strong>Strategy</strong> for Homeland Security” (NSHS 2002), which was released <strong>in</strong><br />
July 2002 as a reaction to the 9/11. In 2006 the DHS released a new “National<br />
Infrastructure Protection Plan” (NIPP 2006) to outl<strong>in</strong>e roles and responsibilities<br />
for speci<strong>fi</strong>c government and local agencies, and the private sector. (Abele-Wigert<br />
and Dunn 2006, pp. 315-319)<br />
The emergence of the EPCIP<br />
The orig<strong>in</strong>s of the EPCIP are similarly clearly connected to the threat of terrorism.<br />
The wider European CIP debate started <strong>in</strong> the aftermath of 9/11, followed by much<br />
more rapid development especially after the 2004 Madrid tra<strong>in</strong> bombs and the<br />
London bomb attacks <strong>in</strong> 2005. True, there can be found CIP-related EU<br />
documents, legislation and pre-legislative proposals already before the issue of<br />
terrorism had become the priority, especially <strong>in</strong> the <strong>fi</strong>eld of Information and<br />
Communication Technology (ICT). 4<br />
However, the Madrid tra<strong>in</strong> bomb<strong>in</strong>g led the European Council to ask the<br />
Commission to prepare an overall strategy to protect CI. The Commission<br />
consequently adopted <strong>in</strong> October 2004 a Communication “<strong>Critical</strong> Infrastructure<br />
Protection <strong>in</strong> the Fight Aga<strong>in</strong>st Terrorism” (Commission 2004), which made<br />
4 These <strong>in</strong>clude, <strong>in</strong>ter alia, the Commission Communication “Creat<strong>in</strong>g a Safer Information Society<br />
by Improv<strong>in</strong>g the Security of Information Infrastructures and Combat<strong>in</strong>g Computer-related Crime”<br />
(Commission 2000), which reflects the grow<strong>in</strong>g <strong>in</strong>terest <strong>in</strong> cyber security issues <strong>in</strong> particular.<br />
4 NORDREGIO REPORT 2007:5