Critical Infrastructure Protection in the EU

Over the past few years, the attention of policymakers and industry players towards the protection of critical infrastructure has grown remarkably. In the era of networks, citizens and businesses have become increasingly dependent on a large set of infrastructures encompassing energy networks, the banking sector, telecommunications, the Internet etc. In the US, a national programme to protect critical infrastructure was launched in 1998, under the Clinton administration, and was confirmed and updated under the Bush administration in 2003. At EU level, the European Council of June 2004 called on the European Commission to prepare an overall strategy to protect critical infrastructure (CI). The Commission adopted on 20 October 2004 a Communication on Critical Infrastructure Protection (CIP) in the Fight against Terrorism which put forward suggestions on what would enhance European prevention, preparedness and response to terrorist attacks
involving Critical Infrastructures.
As the European society becomes more interconnected and advanced, its dependence on critical infrastructure is inevitably heightened. Despite its increasing importance, many European businesses and citizens still seem to underestimate the risks to which critical infrastructures are exposed. In addition to this, many businesses feel they cannot justify the private return on investment associated with increasing security. Accordingly, there is often an underprocurement of protection of critical infrastructures by businesses in the EU. The future PPP on critical infrastructure protection is meant to establish a dialogue that is as informative as possible, while recognizing the need for firms to protect their intellectual property. The structure and functioning of this PPP are however still to be defined with precision.
Against this background, considering the challenges faced by firms and government in protecting critical infrastructures, and the need to establish a functional and effective PPP, CEPS proposes to launch a new “Task Force on Critical Infrastructure Protection”. The purpose of this Task Force will be to discuss the challenges and opportunities that will arise from a future PPP, as well as how a PPP could operate at the European level between firms and government, and whether the current institutional setting at the EU level is appropriate. In addition to discussing CIP in the EU, the task force will offer a venue to examine CIP from a transatlantic perspective to explore potential synergies and avenues for collaboration, also within the Transatlantic Economic Council (TEC). The CEPS Task Force aims at providing policymakers and field practitioners with an updated and independent view of current developments on CIP (with an emphasis on CIIP) and PPP, while at the same time representing in an objective way the needs and problems identified by industry players and authoritative scholars in the field. This CEPS Task Force on critical infrastructure protection will seek to provide a unique forum for cooperation between public and private players, as testified by the success of our first seminar in this field, held in May 2009, which saw the participation of representatives from the European Commission, ENISA and several industry players. Please find more detailed information, proposed topics to be addressed and the preliminary time schedule in the prospectus below.

Chair:
Bernard Haemmerli, Vice-President Information Security Society Switzerland (ISSS)

Rapporteur:
Andrea Renda, Senior Research Fellow, CEPS

Meetings:
1st meeting: 3 November 2009
2nd meeting: 12 January 2010
3rd meeting: 26 February 2010
4th meeting: 23 March 2010
5th meeting: 3 June 2010

Task Force Report published, available for free download here.

Prospectus of the Task Force (incl. Registration Form)