The Protection of Critical Infrastructures

08.10.2014

Europe has R&D capacities but many of the global leaders providing innovative ICT products are located outside the EU. There has been a tendency for Europe to become more dependent on security solutions and products developed outside its frontiers but there is a growing uneasiness about such dependency especially after the allegations against the NSA. This raises several questions regarding the European will and capacity to strengthen ICT research and innovation and develop its own ICT products and solutions. 

Moreover, it is key to ensure that hardware and software components used for European critical infrastructures are trustworthy, secure and guarantee the protection of personal data. Data protection is a core issue of the security of critical infrastructures. However, if security measures are generally perceived as enhancing data protection, they can also be seen as being harmful for privacy especially when it comes to implementing phone-tapping, deep-packet inspection on the Internet and surveillance of personal data. In economic terms, security concerns have to be addressed in order to enhance European users’ trust in IT services. 

However, if security objectives are being fixed by policy-makers, the implementation mainly relies on infrastructures providers. This raises the question of the involvement of the private sector in European policy-making and definition of standards, and also the question of the cost of security. Providers have to implement security measures and standards but one of their concerns is to pay the lowest cost for security and to remain competitive.
This multi-level approach of security is also visible when it comes to the issue of liability. It is questionable whether the policy-makers, the providers or the users are responsible in case of security breach. In this context, the role of the insurance market could be useful for the provision of valuable information such as the nature and extent of certain risks, the consequences that can derive in financial and economic terms from given behaviour by businesses or public authorities, and the remedies that can prove more effective in reducing the negative impact of given occurrences. It would help assessing the risks, quantifying it and categorizing it.

On another level, vulnerabilities in the protection of critical infrastructures opening the door to physical cyber-attacks and provoking massive damages directly affect the defence and military sector. As much of critical infrastructures are provided by private actors, the defence sector depends on commercial infrastructure to support its normal operations. In this context, an increased cooperation is needed between the EU, Member States and NATO in order to identify available critical assets and infrastructures. 


It is notably of major importance to assess the potential impact of the loss or compromise of infrastructure service on military operations and to develop tailored solutions for the defence sector. The protection of critical infrastructure in the military sector thus relies on cyber security solutions but also on the development of cyber defence capabilities that are specifically aimed at defending the EU against external threats.

* For more information about eSRT events:
Sinan Müller-Karpe
+32 27 33 33 35
info@security-round-table.eu