EU: New "Directive on the Identification and Designation of European Critical Infrastructure

On the 23rd of December 2008, the European Union published on the "Official Journal" the new "Directive on the Identification and Designation of European Critical Infrastructure (ECI) and the assessment of the need to improve their protection" - COUNCIL DIRECTIVE 2008/114/EC. 

The directive is available on Eur-Lex.

EU Information Sharing Legislation Proposal - CIWIN (Critical Infrastructure Warning Information Network)

On the European Parliament Web Site is now available the proposal for an European Legislation on Information Sharing. 

The document can be accessed here. 

This legislation proposal is part of the European Program for Critical Infrastructure Protection (EPCIP) and its aim is to support the Critical Infrastructure Warning Information Network (CIWIN), a prototype developed by the European Commission in 2007. 

The security of energy, water, telecommunications and other vital European infrastructures is set to be strengthened by a new international project no

The pan-European 'Design of an Interoperable European federated Simulation network for critical Infrastructures' (DIESIS) project will develop advanced computer modelling and simulations to find and test points of vulnerability in these infrastructures, and develop ways to address them.
Europe's critical infrastructures, such as transport systems, gas lines, electricity supplies and communications, are becoming increasingly interdependent.

This makes understanding the complex relationships between them important because a breakdown in one can spark severe disruptions across many others, potentially affecting millions of people.

These failures can also spread quickly across many different countries, as happened in November 2006 when 13 countries including France, Italy, Germany, Portugal and Morocco lost electricity supplies after a high-voltage power line in Germany was temporarily shut without proper preparations.
Similarly, in 2002 Cyclone Ilse caused 12 billion euros of damage after flooding disrupted electricity, water supplies and waste water systems across regions of Germany, Austria and the Czech Republic.
Unravelling the complex interactions and interdependencies of cross-European infrastructures demands highly developed simulation tools. While simulators currently exist for certain infrastructures, none are capable of simulating the interaction of multiple interdependent systems. This severely limits how effectively nations can prepare for and respond to threats to their infrastructures ranging from natural disasters and IT failures to human error and acts of terrorism.
DIESIS aims to tackle this by developing advanced computer models and simulators that can test the robustness of these interdependent infrastructures, identifying weak spots where a failure in one could begin a catastrophic domino effect.
Professor Erol Gelenbe of Imperial College London's Department of Electrical and Electronic Engineering, one of the leaders of DIESIS, explains:
"Systems have weak spots and when they go down the costs and impact on people's lives are huge. These are highly complicated systems in their own right, so understanding the many ways in which they interrelate requires extremely complex modelling. Our aim is to come up with a simulation facility for constant study that can find weaknesses in systems and address them."
The project will also tackle smaller failures, which may go largely unnoticed but are nevertheless costly. Professor Gelenbe adds:
"If the internet system in Westminster is down for an hour because it has been attacked by hackers it won't make the headlines but it's very expensive for government and business. Those kinds of attacks happen very frequently. This project will help to make our entire critical infrastructure much more secure."
DIESIS is funded by 1.5 million euros over two years by the European Union under the Seventh Framework Programme. It will carry out the initial work that will pave the way for the establishment of a European Infrastructures Simulation and Analysis Centre.
The project sees Imperial College London working with large European public sector research organisations, including the Fraunhofer-Institute for Intelligent Analysis and Information Systems, Germany, Consorzio Campano di Ricerca per l'Informatica e l'Automazione Industriale, Italy, Ente per le Nuove Tecnologie, l'Energia e l'Ambiente, Italy, and the Netherlands Organisation for Applied Scientific Research.
More information on DIESIS is available at http://www.diesis-eu.org/

EU: USB flash drives 'pose real security threat' ENISA

USB flash drives 'pose real security threat'USB flash drives are being used to breach enterprise network security and install malicious code on corporate IT systems, a technology body has claimed. According to the European Network and Information Security Agency (ENISA), organisations allowing the unfettered use of such devices could be losing between 65,000 euros (£51,000) and 1.6 million euros (£1.3 million) for every security violation that is made. The agency, which shares best practices for minimising the risk of uncontrolled use of personal storage devices, also warned that as many as 90 per cent of the USB drives purchased by businesses last year were not encrypted or stored in secure locations. Andrea Pirotti, executive director of the ENISA, said: "The cost of a USB flash drive may be insignificant but the value of the data it might contain can be priceless. ENISA strongly encourages companies with highly regulated or sensitive data to better manage the use of 'plug-and-play' devices."

CIP Report - new International Issue

On this month CIP report, published by George Mason University School of Law, you find an article I wrote on Protecting the Critical Infrastructure in Europe.
You can access the report on the GMU CIP website: http://cipp.gmu.edu
Or directly here

EU Council reached an agreement on European Critical Infrastructure

The Council reached a political agreement on a directive on the identification and designation ofEuropean Critical Infrastructure (ECI) and the assessment of the need to improve their protection(9403/08).The directive establishes the necessary procedure for the identification and designation of ECI and acommon approach to the assessment of the needs to improve the protection of such infrastructure inorder to contribute to the protection of people. The directive concentrates on the energy andtransport sector and will be reviewed after three years, in order to assess its impact and the need toinclude other sectors within its scope, such as the Information and Communication Technology(ICT) sector.

The communication is available here
The press release is available here
The latest version of the Directive, following the discussion of the 11th of April 2008, is available here

"Cyberwarfare and Critical Information Infrastructure Protection (CIIP)" - dinner at the EU Parliament

On Tuesday, 27 May 2008, in the Private Salons of the European Parliament in Brussels, the European Internet Foundation has organized a Dinner to discuss "Cyberwarfare and Critical Information Infrastructure Protection (CIIP). The agenda of the event is available here.

I have been invited to talk about the Impact of CIIP incidents on end users and their role in CIIP. You can find my speech here.

Cyber Terrorism Threat Growing, EU Agency Says

The threat of cyber terrorism is growing, the European Network and Information Security Agency has warned. ENISA urged more European Union investments in security to avoid a "digital 9/11." Andrea Pirotti, executive director of ENISA, urged the EU to require reporting on security breaches and more cooperation among member states.

The European Union has a long way to go in safeguarding Internet businesses, according to the European Network and Information Security Agency. ENISA cited the possibility of a "digital 9/11."

Eurocommissioner Jacques Barrot confirmed to DG JLS

Jacques Barrot (FR) will be the new Commissioner at the Head of the Directorate General Justice (DG JLS), Liberty and Security after Frattini resignations.

The European Program for Critical Infrastructure Protection (EPCIP) is coordinated and funded by DG JLS.

News:
Italy names new commissioner: "Italy’s Prime Minister Silvio Berlusconi has nominated Antonio Tajani to be the country’s new member of the European Commission’s college of commissioners.
Tajani was tapped on 8 May, the same day that his predecessor, Franco Frattini, resigned from the Commission to take up a post as Italy’s foreign minister.
Frattini’s portfolio of justice, freedom and security has been given to Commissioner Jacques Barrot, a Frenchman, who was given the portfolio when Frattini took a leave of absence from the Commission, on 14 March, to campaign in the recent Italian elections.
Tajani will be entrusted with the Commission’s transport policy portfolio, a brief that Barrot currently holds in addition to the justice portfolio.
Commission President José Manuel Barroso promptly accepted Tajani’s nomination.
However, before he can formally take up his duties, the new commissioner will have to face a public hearing in front of the European Parliament’s transport committee, after which MEPs will indicate whether they believe Tajani is suitably qualified for his new role. The European Parliament does not, however, have the power to veto his appointment.
Tajani is a member of the European Parliament, and previously worked as a journalist and spokesperson for Berlusconi."