Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi

More documents

Recommendations

Info

CRITICAL INFRASTRUCTURE PROTECTION IN THE BALTIC SEA REGION failures, attacks or accidents above a defined minimum level of services and aim at minimising the recovery time and damage. CIIP should therefore be viewed as a cross-sector phenomenon rather than being limited to specific sectors. CIIP should be closely coordinated with Critical Infrastructure Protection from a holistic perspective.” (Commission 2005b) While ICT/CII can be vulnerable in a multitude of ways, as will be discussed in detail in Chapter III, in most connections when CII is discussed, it is connected to cyber attacks (see Wilson 2006), supposing that there are assailants attacking from a distance through virtual channels. The object of these cyber attacks is not necessarily CII but any CI. In several EU documents dealing with terrorism this perspective is raised. The issue becomes that of the consequences of this type of attack in terms of severity, such as loss of life. One Commission document states that the consequence of an attack on the industrial control systems of critical infrastructures could vary widely: “It is commonly assumed that a successful cyber attack would cause few, if any, casualties, but might result in loss of vital infrastructure service. For example, a successful cyber-attack on the public telephone switching might deprive customers of telephone service while technicians reset and repair the switching network. An attack on a chemical or liquid natural gas facility’s control systems might lead to more widespread loss of lives as well as significant physical damage.”(Commission 2004, p.3) Terrorism or all-hazards approach? The United States, NATO and EU approaches on CIP are clearly dominated by and closely connected to the threat of terrorism. In the CIP debates in the United States, the view that “We face a determined, intelligent enemy who seeks to cause us maximum harm” and therefore one should focus on worst-case analysis (Brown et al. 2006, p. 16), is clearly hegemonic. But, by way of refinement, it is useful to emphasise the different phases in the development of the CIP concept from this perspective. If one looks at the developments of the CIP in the United States, the emphasis early on was on deliberate threats (PCCIP 1996; cf. Abele-Wigert and Dunn 2006, pp. 26-27). It is true that the so-called all-hazards approach was accepted in United States’ emergency management planning as a ‘second priority’ (Guide for All-Hazards Emergency Operations Planning 1996) and the PCCIP in a way accepts the relevance of this approach by stating that “Each of the infrastructures is vulnerable in varying degrees to natural disasters, component failures, human negligence, and willful human misconduct” (PCCIP 1997, p. 27). However, the report states that “While poor design, accidents and natural disasters may threaten our infrastructures, we focused primarily on hostile attempts to damage, misuse, or otherwise subvert them.” (PCCIP 1997, p. 31) Naturally, after 9/11 the emphasis on deliberate attacks was hugely reinforced. The event gave reason to develop the “National Strategy for Homeland Security” (NSHS 2002), which defined three main strategic goals: to prevent terrorist attacks within the United States, reduce America’s vulnerability to 28 NORDREGIO REPORT 2007:5
CHAPTER I: INTRODUCTION terrorism, and to minimize the damage and recover from attacks that may occur. Moreover, the main vulnerabilities and threats were now defined as chemical, biological, radiological, and nuclear weapons – i.e. physical rather than cyber attacks. This approach was later developed into the “National Strategy for the Physical Protection of Critical Infrastructures and Key Assets” (NSPPCI/KA 2003) 22 . But cyber threats were not forgotten either, as the “National Strategy to Secure Cyberspace” (NSSC 2003) was developed simultaneously. These strategies were clearly dominated by a threat picture connected to terrorism. The partial come-back of the all-hazards approach in the United States CIP strategy (or CI/KY protection) came only after Hurricane Katrina in 2005 shifted the focus somewhat away from the one-sided emphasis on terrorism. In fact, after this disaster it became popular to make all-hazards comparative vulnerability analyses of threats against CI, which clearly showed that large-scale natural catastrophes, especially hurricanes, take place relatively often in the United States causing a lot of more losses than terrorism (cf. Parfomak 2005, p. 11). Thus in the current strategy of the United States formulated in 2006 the allhazards approach is back, although the threat of terrorism still dominates: “In addition to addressing CI/KR protection related to terrorist threats, the NIPP [National Infrastructure Protection Plan] also describes activities relevant to CI/KR protection and preparedness in an allhazards context” (NIPP 2006, p. 11). The reference points are the “direct impacts, disruptions, and cascading effects of natural disasters (e.g., Hurricanes Katrina and Rita, the Northridge earthquake, etc.) and manmade incidents (e.g., the Three Mile Island Nuclear Power Plant accident or the Exxon Valdez oil spill) on the Nation’s CI/KR” (NIPP 2006, p. 11). Also NATO’s focus in CIP is on “ways to assist nations in improving their preparedness for the protection of civilian populations from terrorist attacks against critical infrastructure” (Abele-Wigert and Dunn 2006, p. 363). If we look at the threat pictures of the European Union, it seems clear that terrorism, especially the Madrid 2004 bomb attacks, was the catalyst for launching the EPCIP in the first place. That is why in the Commission the development and coordination of the EPCIP became located in the DG Justice, Freedom and Security, which takes care of police affairs, terrorism and the like, instead of, say, the DG Environment/Civil Protection Unit. However, when in November 2005 the Commission published the “Green Paper on a European Programme for Critical Infrastructure Protection” to be discussed by the stakeholders in the Member States, it gave three options concerning the threats: an all-hazards approach for everything; an all-hazards approach with a terrorism priority; a terrorism hazards approach (Commission 2005b, p. 3). If one then looks at the Commission’s “Proposal for a Directive of the Council on the identification and designation of European Critical Infrastructure and the Assessment of the Need to Improve their Protection” (Commission 2006a) 22 For an analytic review, cf. Moteff and Parfumak (2004). NORDREGIO REPORT 2007:5 29
Page 1:
Towards a Baltic Sea Region Strateg
Page 4 and 5:
Nordregio Report 2007:5 ISSN 1403-2
Page 6 and 7:
5.4 Impacts caused by terrorism, na
Page 8 and 9:
CRITICAL INFRASTRUCTURE PROTECTION
Page 11 and 12:
PREFACE PREFACE With the Commission
Page 13:
PREFACE The study includes tens of
Page 16 and 17: CRITICAL INFRASTRUCTURE PROTECTION
Page 39: CHAPTER I: INTRODUCTION CHAPTER I:
Page 95 and 96: CHAPTER II: ELECTRICITY 2 ELECTRIC
Page 97 and 98: CHAPTER II: ELECTRICITY electricity
Page 99 and 100: CHAPTER II: ELECTRICITY Recent clim
Page 101 and 102: CHAPTER II: ELECTRICITY Figure II
Page 103 and 104: CHAPTER II: ELECTRICITY possibiliti
Page 105 and 106: CHAPTER II: ELECTRICITY continental
Page 107 and 108: CHAPTER II: ELECTRICITY Indirect Im
Page 109 and 110: CHAPTER II: ELECTRICITY fire depart
Page 111 and 112: CHAPTER II: ELECTRICITY • Local c
Page 113 and 114: CHAPTER II: ELECTRICITY these, syst
Page 115 and 116: CHAPTER II: ELECTRICITY • long in
Page 117 and 118:
CHAPTER II: ELECTRICITY • The net
Page 119:
CHAPTER II: ELECTRICITY centres etc
Page 123 and 124:
CHAPTER III: INFORMATION AND COMMUN
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177:
Page 181 and 182:
CHAPTER IV: OIL TRANSPORTATION AND
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
CHAPTER IV: OIL TRANSPORTATION ANDM
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203:
CHAPTER V: GAS CHAPTER V: GAS Sven
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 225:
CHAPTER VI: WATER CHAPTER VI: WATER
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276:
show all

Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi

Create successful ePaper yourself

Delete template?

Save as template?