Pro
Download
1 / 21

Pro svetovanje - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Pro svetovanje. E UROPEAN CRITICAL INFRASTRUCTURE towards a definition. Renato Golob , mag. 1983. 1996. 2001. 2002. 2004. 2005. 2008. COMPANY. INFRASTRUCTURE. Telecommunication. DO WE HAVE TO SOLVE A PROBLEM ?. STATE, UNION (COMMUNITY). Health. INDIVIDUAL. Electricity. Transport.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Pro svetovanje' - angus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Prosvetovanje

EUROPEAN CRITICAL INFRASTRUCTURE

towards a definition

Renato Golob, mag.

Belgrade, April 2013


1983

1996

2001

2002

2004

2005

2008

Belgrade, April 2013


COMPANY

INFRASTRUCTURE

Telecommunication

DO WE HAVE TO SOLVE A PROBLEM ?

STATE, UNION (COMMUNITY)

Health

INDIVIDUAL

Electricity

Transport

...

Information

Food

PRIMARY INTEREST OF EACH STATE

LEGAL OBLIGATION

UNIFIED RULES: METHODOLOGIES, STANDARDS, CRITERIA, CONTROL

CENTRALISED COORDINATION

MOTIVATION MECHANISMS

Belgrade, April 2013


CRITICAL INFRASTRUCTURE:

PROTECTION SYSTEM

1. Areas of Security

2. Establishing a Protection System

3. Risk Assessment – the indispensable condition

Belgrade, April 2013


The task, purpose or meaning of CI protection is considerably broader than the meaning of private security.

Private security is just a part of CI protection system.

CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – Areas of Security

Private security: to prevent unauthorised persons from accessing the protected person or property and thus prevent a loss event (an event that would bring about harmful consequences).

Critical infrastructure protection system: to prevent any event that might interrupt comprehensive functionality.

Belgrade, April 2013


Sector TRANSPORT considerably broader than the meaning of private security.

SubS “road”

SubS “railway”

SubS “air”

SubS “water”

CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – establishing a Protection System

Belgrade, April 2013


VSS considerably broader than the meaning of private security.

microlocation

Belgrade, April 2013


Threats considerably broader than the meaning of private security.

Vulnerability

Probability of the Incident

Damage Consequences

CRITICAL INFRASTRUCTURE: PROTECTION SYSTEM – the indispensable condition

RISK ASSESSMENT

Incident

Vital Security Spots

Microlocations

Security Measures

Belgrade, April 2013


1. CONCLUSIONS: considerably broader than the meaning of private security.

European Critical Infrastructure must be protected.

Critical infrastructure can only be protected using systemic solutions of security measures.

Proper security measures can only be identified on the basis of analysing the results of a security risk assessment.

Belgrade, April 2013


Directive 2008/114/EC considerably broader than the meaning of private security.

Actual questions:

Disputed starting points:

Article 3; based on what data, grounds or argumentations?

Article 3; a single criterion for determining ECI – damage (harmful) consequences

Article 7; which are the measures of ECI protection, that apply at the EU level?

Article 5; ECI: assetsimportant persons, machines, devices, materials, processes ?

Article 8; Maner of ensuring access? What are the existing best practices and methodologies? Which of them are available?

Annex II; areas of security to be taken into account, considered and regulated

Annex II: “ ... ECI OSP PROCEDURE

1. identification of important assets;

2. conducting a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact; and

3. identification, selection and prioritisation of counter-measures and procedures with a distinction between ...”

Article 3; “...2. The cross-cutting criteria shall comprise the following:

(a) casualties criterion (assessed in terms of the potential number offatalitiesor injuries);

(b) economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services;

(c) public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life)....”

Article 8; “... The Commission shall support, through the relevant Member State authority, the owners/operators of designated ECIs by providing access to available best practices and methodologies as well as support training and the exchange of information on new technical developments related to critical infrastructure protection... “

Article 5: “ ... 1. The operator security plan ("OSP") procedure shall identify the critical infrastructure assets of the ECI and which security solutions exist or are being implemented for their protection....”

Article 3; “ ... The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI ...”

Article 7; “ ... 3. Based on the reports referred to in paragraph 2, the Commission and the Member States shall assess on a sectoral basis whether further protection measures at Community level should be considered for ECIs...”

Belgrade, April 2013


non obligatory (optional) considerably broader than the meaning of private security.

There is no subject within European Commission with the competences to deal with European critical infrastructure protection.

Directive 2008/114/EC – European Commission´s competences:

Article 3/1: “may assist ”, “may draw the attention”

Article 3/2: “shall develop .. shall be optional”

+

Article 4/2: “may participate”

no competences, wihout authorization

Article 7/4: “may be developed”

Article 7/2: “may be developed”

Article 7/2:

“Each Member State shall report every two years to the Commission generic data on a summary basis on the types of risks, threats and vulnerabilities encountered per ECI sector in which an ECI has been designated pursuant to Article 4 and is located on its territory.

A common template for these reports may be developed by the Commission in cooperation with the Member States.”

Article 3/1:

“The Commission may assist Member States at their request to identify potential ECIs.The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI.”

Article 4/2:

“Each Member State on whose territory a potential ECI is located shall engage in bilateral and/or multilateral discussions with the other Member States which may be significantly affected by the potential ECI. The Commission may participate in these discussions but shall not have access to detailed information which would allow for the unequivocal identification of a particular infrastructure.”

impossible to protect European Critical Infrastructure

Article 3/2:

“The Commission together with the Member States shall develop guidelines for the application of the cross-cutting and sectoral criteria and approximate thresholds to be used to identify ECIs. The criteria shall be classified. The use of such guidelines shall be optional for the Member States.”

Article 7/4.:

“Common methodological guidelines for carrying out risk analyses in respect of ECIs may be developed by the Commission in cooperation with the Member States. The use of such guidelines shall be optional for the Member States.”

Belgrade, April 2013


2. CONCLUSIONS: considerably broader than the meaning of private security.

European Critical Infrastructure does not exist.

OR

European Critical Infrastructure protection system does not exist.

OR

The protection of ECI is the responsibility of Member States. But that is not possible.

Belgrade, April 2013


It is up to each individual State to determine: considerably broader than the meaning of private security.

- which complexes (premises) should form ECI (by drawing up a proposal for coordination (harmonization) with the neighbour States),

- the level of European critical infrastructure protection system,

- supervisory (control) system.

The security of all states depends on the attitude of each individual state towards the issue of ECI protection.

No state can guarantee the security of its citizen or property because decisions about this are adopted in other Member States.

Belgrade, April 2013


? considerably broader than the meaning of private security. supervisory system ?

? standards used ?

? level of qualification and ability ?

Centre for European Policy Studies:»Protecting critical infrastructure in the EU, CEPS Task Force Report«, 2010, Brussels:

Levels of identification, levels of protection and relationships between national authorities and proprietors of European Critical Infrastructure vary from one member state to another.

While there are individual cases of cooperation between member states, there is no common concept.

Different states use different risk assessment methodologies.

EU Level, ECI: thete is no system of cooperation and coordination.

Belgrade, April 2013


3. CONCLUSIONS: considerably broader than the meaning of private security.

However, the Directive is of significant value and important. This is the first time, that European Union has officially referred to and pointed out the existence of European critical infrastructure and the need to dedicate considerable attention to protecting it.

Belgrade, April 2013


ECI shall be considerably broader than the meaning of private security. identified and determined by EC.

Centralized coordination.

Owners: have to ensure the functionality of protection systems.

BASIC / INITIAL CONCEPT

Unified rules for all member states.

The obligation has to be determined by law.

System of motivation.

FUTURE:

Does ECI exist?

Does EU want to establish a system for its protection?

Treaty on the Functioning of the European Union

Belgrade, April 2013


TASKS TO BE DONE: considerably broader than the meaning of private security.

European Commission:

- ECI Agency.

ECI Agency:

- ECI identification,

- ECI categorization,

- uniform (common) rules (methodologies, criteria, standards, ...),

- supervisory system,

- ...

Owners:

- risk assessment,

- security measures,

- operator security plan,

- ECI protection system.

Belgrade, April 2013


detailed project proposal: “ ECI Protection System” considerably broader than the meaning of private security.

- preparing,

- confirmation,

- realization.

ECI Agency

coordination

Member States

data

European Commission

Directorates

External expert´s Groups

(practice, experience)

Development & Research Institutions

research, analysis

Belgrade, April 2013


4. CONCLUSIONS: considerably broader than the meaning of private security.

EU has two possibilities:

Directive 2008/114/EC:

there is no ECI

member states are entirely responsible for the protection of their CI

ECI Protection System:

member states are entirely responsible for the protection of their CI

centralized coordination of the ECI protection system, that has been defined and determined by law or the relevant legal act

Belgrade, April 2013


Literature and sources: considerably broader than the meaning of private security.

1.CEPS (Centre for European policy studies), 2010: Protecting critical infrastructure in the European Union, Brussels.

2. European Commission, 2005: Green Paper on a European Programme for Critical Infrastructure Protection, Brussels.

3. European Commission, 2012; On the review of the European Programme for critical infrastructure protection (EPCIP), SWD(2012) 190

final,Brussels,

4. European Council, 2009: The Stockholm Programme – An open and secure Europe serving and protecting citizens, Official Journal of the European

Union,C 115/1,

5. European Council, 2011:The EU Internal Security Strategy in Action: Five steps towards a more secure Europe,COM(2010) 673 final,

6. Koubatis, A, Schonberger J.Y., 2005: Risk Management of Complex Critical Systems. International Journal of Critical Infrastructures,

br. 1 / 2,3.

7. Michel-Kerjan, E., 2003: New Challenges in Critical Infrastructures: A US Perspective, Journal of Contingencies and Crisis Management,

br. 11 / 3, John Wiley & Sons, Inc., New York.

8.Nozick, L., Turnquist, M, 2005: Assessing the Performance if Interdependent Infrastructures and 5. Optimising Investments, International

Journal of Critical Infrastructures, br. 1 / 2,3.

9. Prezelj, I., 2008; Definicija in zaščita kritične infrastrukture Republike Slovenije, Fakulteta za družbene vede, Obramboslovni

raziskovalni center, Ljubljana.

10. Svet Evropske skupnosti, 2008: Direktiva o ugotavljanju in določanju evropske kritične infrastrukture ter o oceni potrebe za izboljšanje

njenega varovanja, Bruselj,

Photo 1, slide 5: http://www.google.si/imgres?imgurl=http://www.borutgorenjak.com/UserFiles/Image/dogodki/balon14.jpg&imgrefurl=http://www.borutgorenjak.com/

objava.aspx?id%3D38&h=307&w=460&sz=111&tbnid=mi1g-zkFK7bpZM:&tbnh=90&tbnw=135&prev=/search%3Fq%3Dletali%25C5%25A1%25C4%258

De%2Bmaribor%2Bfoto%2Bphoto%26tbm%3Disch%26tbo%3Du&zoom=1&q=letali%C5%A1%C4%8De+maribor+foto+photo&usg=__E1ZlZZGtOFpVEg3bX_o9zv

X1nc=&docid=rigH9cqeA8xhjM&hl=en&sa=X&ei=yML1UOfiHo6RhQfdtYDQAg&ved=0CDsQ9QEwBQ&dur=9359

Photo 2, slide 5: http://www.google.si/imgres?imgurl=http://mw2.google.com/mwpanoramio/photos/medium/57570669.jpg&imgrefurl

=http://www.panoramio.com/photo/57570669&h=332&w=500&sz=33&tbnid=1AqHaIyHe-ilDM:&tbnh=90&tbnw=136&prev=/search%3Fq%3Dtunel%2

Btrojane%2Bfoto%2Bphoto%26tbm%3Disch%26tbo%3Du&zoom=1&q=tunel+trojane+foto+photo&usg=__ybIwPGycmS7jVTC2NHGyez267D8=&docid=bt8U1qVg3

oDAM&itg=1&hl=en&sa=X&ei=HLL1UPO_GNS1hAfCzID4Bw&ved=0CEkQ9QEwCQ&dur=11000

Photo 1, slide 6:http://www.google.si/imgres?imgurl=http://www.planetware.com/i/map/TR/troy-ground-plan-map.jpg&imgrefurl=http://www.planetware.com/map/troy

ground-plan-map-tr-troy2.htm&h=737&w=700&sz=288&tbnid=L2XS3OTkdSJtfM:&tbnh=85&tbnw=81&prev=/search%3Fq%3Dground%2Bplan%2Bphoto

%26tbm%3Disch%26tbo%3Du&zoom=1&q=ground+plan+photo&usg=__y60MSOffP4_Vz8doe_llVKrj94Q=&docid=wzvkNEd4YTQAQM&sa=X&ei=A9v2UMSXL4

ZhQe58YHwAg&ved=0CC4Q9QEwAQ&dur=110

Photo 2, slide 6:http://www.google.si/imgres?imgurl=http://www.museum.ky/dsn/wwwmuseumky/Content/Images/ground-floor.jpg&imgrefurl=http://www.museum.ky

/116/Museum-Maps.htm&h=318&w=499&sz=65&tbnid=QdLBOuipIARJRM:&tbnh=76&tbnw=119&prev=/search%3Fq%3Dground%2Bplan%2Bphoto%2B

museum%26tbm%3Disch%26tbo%3Du&zoom=1&q=ground+plan+photo+museum&usg=__nk1UZKlYIv9B2gi3ibLyYLjtiRE=&docid=tCTX4CzHmg7UDM&sa=X&e

Odv2UJepKZO3hAfW34DoBQ&ved=0CDQQ9QEwAw&dur=5656

Belgrade, April 2013


Thank you for your attention considerably broader than the meaning of private security. .

Renato Golob, mag.

Pro svetovanje d.o.o.

[email protected]

00 386 41 767 237

Belgrade, April 2013


ad