Non-Binding Guidelines for the application of the Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection

Inhoudsopgave van deze pagina:

Tekst
Originele weergave

Meer informatie

1. Tekst

COUNCIL OF THE EUROPEAN UNION

Interinstitutional File: 2006/0276 (CNS)

Brussels, 31 October 2008

14808

LIMITE

PROCIV 151 JAI 575 COTER 63 ENER 362 TRANS 355 TELECOM 166 ATO 87 ECOFIN 451 ENV 736 SAN 239 CHIMIE 57 RECH 317 DENLEG 137 RELEX 810

COVER NOTE

From : To :

Subject :

General Secretariat Delegations

Non-Binding Guidelines for the application of the Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection

1.

On 5-6 June 2008, the Justice and Home Affairs Council reached by unanimity a political agreement on the proposal for a Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection (document 9403/08¹).

In the meantime the lawyer-linguists have finalized their document (document 10934/08).

14808/08

DGH4

CF/kv 1

LIMITE EN

2.

The Justice and Home Affairs Council also agreed that the Commission and the Member States should prepare guidelines for the application of the cross-cutting and sectoral criteria and approximate thresholds to be used to identify European Critical Infrastructure before the legal act was formally adopted.
3.

In the meantime, the Commission and Member States have prepared and reached an informal consensus within the framework of the European Critical Infrastructure Protection Contract Points, appointed by Member States, on the non-binding guidelines for application of the Council Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection set out in the annex to the present cover note².
4.

The intention is to have these guidelines noted by the Permanent Representatives Committee before the adoption of the Directive.

² The sectoral criteria of the energy and transport sectors have been omitted in the present

version. These criteria, which were classified, are set out in document 15060/08 RESTREINT UE.

14808/08 CF/kv 2

^DGH4 LIMITE EN

ANNEX

Non-Binding Guidelines

For application of the Council Directive on the identification and

designation of European Critical Infrastructure and the assessment

of the need to improve their protection

Revision	Date
0	01/06/08
0.5	18/06/08
0.6	23/06/08
0.7	16/07/08
0.8	12/09/08
0.8.5	23/09/08
0.9	02/10/08
1.0	15/10/08

Description of change

Creation

First draft sent out

First draft corrected and reedited, distributed to first workshop

Second draft integrating comments from first workshop

Draft sent before 2^nd workshop on guidelines

Prepared after the 2^nd workshop on guidelines, awaiting for the final text of the Directive

Prepared to reflect the changes of version CS/2008/10934 of the Directive

Final version integrating comments from CIP contact point meeting 6/10/08

When these guidelines make implicitly or explicitly reference to ‘the Directive’ this reference is to council document CS/2008/10934, (also indicated as 10934/08)

3 of 46

Table of contents

1 Introduction

1.1 Background

1.2 Objective

1.3 Structure

1.4 Updating of the guidelines

2 Timeline

3 The procedures of Identification and Designation of European Critical

Infrastructure (Articles 3 and 4)

3.1 The identification procedure

3.2 The Designation procedure

3.3 Detailed explanation of the Identification and Designation procedures

3.4 Aspects for scenario construction in the Identification and Designation

procedures

4 Sectoral criteria

4.1 Introduction

4.2 Sectoral Criteria in the Energy Sector

4.3 Sectoral Criteria in the Transport Sector

5 Cross-Cutting Criteria

5.1 Introduction

5.2 Casualties Criteria

5.3 Economic Effects Criteria

5.4 Public Effects Criteria

6 Commission support for European Critical Infrastructure (Article 8)

8 8 9 9 10 11

15 15 17 18

23 26 26 27 27 28 28 28 31 36 44

Annexes

Annex 1: Annex 2:

44 Flowchart .... 44 Existing Community measures for SLO and OSP or equivalent .... 46

4 of 46

List of Figures

Figure 1 – Timeline of actions indicating deadlines for Member States .................... 14

Figure 2 – Representation of the 4-step identification procedure ............................... 15

Figure 3 – Casualties criteria – Fatalities .................................................................... 29

Figure 4 – Casualties criteria – Injuries ...................................................................... 29

Figure 5 – Issues for the application of the casualties criteria .................................... 30

Figure 6 – Cross cutting criteria on economic effect .................................................. 31

Figure 7 – Issues for the application of the economic criteria .................................... 35

Figure 8 – CCC on public effects (physical suffering) ............................................... 37

Figure 9 – CCC on public effects (disruption of daily life) ........................................ 38

Figure 10 – CCC on public effects (public confidence) .............................................. 39

Figure 11 – Severity as a function of impact duration ................................................ 40

5 of 46

Glossary and Acronyms

1.1.1. Critical Infrastructure:

“means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.”

1.1.2. European Critical Infrastructure or ECI:

“means critical infrastructure located in Member States the disruption or destruction of which would have a significant impact on at least two Member States. The significance of the impact shall be assessed in terms of cross-cutting criteria. This includes effects resulting from cross-sector dependencies on other types of infrastructure.”

1.1.3. European Critical Infrastructure owners/operators:

“means those entities responsible for investments or day-to-day operation and investment in a particular asset, system or part thereof designated as a European Critical Infrastructure under this Directive.”

1.1.4. Risk analysis:

“means consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure.”

1.1.5. Sensitive Critical Infrastructure Protection related Information:

“means facts about a critical infrastructure, which if disclosed could be used to plan and act with a view to causing disruption or destruction of critical infrastructure installations.”

1.1.6. Protection:

“means all activities aimed at ensuring the functionality, continuity and integrity of critical infrastructures in order to deter, mitigate and neutralise a threat, risk or vulnerability.”

1.1.7. Loss of Service:

The expression ‘loss of service’ is used in this document to mean unacceptable degradation below the service level expected to be provided by the infrastructure.

6 of 46

Acronym	Full name
AMS	Affected Member State: a Member State which is potentially affected by the loss of service originating from an infrastructure located in another Member State
CCC	Cross-Cutting Criteria
CI	Critical Infrastructure
CIP	Critical Infrastructure Protection
ECI	European Critical Infrastructure
EPCIP	European Programme on CIP
GDP	Gross Domestic Product
ICT	Information and Communication Technology
MS	Member State
OMS	Originating Member State: a Member State on whose territory the infrastructure is located.
OSP	Operator Security Plan
PE	Public Effect
SLO	Security Liaison Officer

7 of 46

1 Introduction

Background

In June 2004, the European Council asked the European Commission to prepare an

overall strategy to protect European critical infrastructures. In response, in October

2004, the Commission adopted a Communication on Critical Infrastructure Protection

(CIP) in the Fight against Terrorism. The Communication put forward suggestions on

what would enhance European prevention, preparedness and response to terrorist

attacks involving Critical Infrastructures (CI). After a comprehensive preparatory

phase, which included the organization of seminars, the publication of a Green Paper

and discussions with both public and private stakeholders, these suggestions were

transformed into a package of policy measures referred to as the European

Programme for Critical Infrastructure Protection (EPCIP), that was adopted by the

Commission in December 2006.

A key element of EPCIP is the proposal of a new Directive on the “identification and

designation of European Critical Infrastructures and the assessment of the need to

improve their protection”. Under this Directive, such European Critical

Infrastructures (ECIs) should be identified and designated by means of a common

procedure and the evaluation of security requirements for such infrastructures should

be done under a common minimum approach.

The Directive defines critical infrastructure as “an asset, system or part thereof …

which is essential for the maintenance of vital societal functions, health, safety,

security, economic or social well-being of people, and the disruption or destruction of

which would have a significant impact in a Member State as a result of the failure to

maintain those functions.”

In other words, critical infrastructure provides services which are essential for our

society. Degradation or total loss of such services, because the physical underlying

system is disrupted or destroyed, may result in a significant impact on society.

Criticality is therefore directly connected to a notion of service, or more precisely, to

the potential effects that a loss of such a service would create. This notion of service

is important because it limits the infrastructures that will fall under the scope of the

Directive.

The Directive also defines ECI as “critical infrastructure located in the Member

8 of 46

States the disruption or destruction of which would have a significant impact on at least two Member States” In other words, it is the transboundary nature of the impact of the loss of service of a CI that makes it an ECI. If the impact remains national, then the associated CI will never be designated as ECI.

For the purposes of implementing the Directive, only the Energy and Transport sectors are used. This will be reviewed after three years, to assess its impact and the possible need to include other sectors within its scope - inter alia the Information and Communication Technology (ICT) sector.

Objective

The objective of this document is to provide guidance to assist Member States with the application of the Directive on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. As stated in Article 3(2)

“The use of such guidelines will be optional for the Member States” This document contains sectoral criteria for the Energy and Transport sectors, Cross-Cutting Criteria (CCC) with indicative thresholds and examples of common methodological practices which may be of assistance in the application of the criteria. A timeline indicating key milestones in the implementation of the Directive is also given.

Structure

The document provides in Section 2 an overall description of the timeline as defined

by the Directive. Section 3 describes the identification and designation procedures of

ECI and a detailed flowchart for such activities. Section 4 contains the sectoral criteria

and Section 5 the cross-cutting criteria. Annex 1 is a flowchart depicting the

identification and designation procedure. Annex 2 provides a list of existing measures

for SLO and OSP or equivalent.

The text of the Directive is quoted in italics within the document in order to make a

clear distinction between the text of the Directive and those sections that form the

guidelines.

9 of 46

Updating of the guidelines

These guidelines will be updated as and when the need arises, based on experience gained through the implementation of the Directive and the reviews to be undertaken. The necessary impetus to update these guidelines can be given by the nominated ECI Protection Contact Points or the Commission. The updating of the document will be done by the relevant Directorates General of the Commission, (e.g. DG JLS, DG JRC) together with the Member States.

10 of 46

Timeline

Article 13 states that, “This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.” Therefore this date will be taken as the zero point on the timeline chart, see figure 1. Two years after this date, the measures necessary to implement the Directive must be completed, as per Article 12: “Member States shall take the necessary measures to comply with this Directive at the latest two years after its entry into force.” The identification and designation of ECI is covered under Article 4(6) and its footnote: “The process of identifying and designating ECI pursuant to Articles 3 and this Article shall be completed by … and reviewed on a regular basis.” This means that the first identification and designation of ECI to be carried out by Member States, must be completed within two years. This will be reviewed on a regular basis and other ECIs may be designated as a result. From the moment of ECI designation, several actions need to be taken.

A Security Liaison Officer (SLO) has to be designated if one does not already exist. Article 6(3) “If a Member State finds that a Security Liaison Officer or equivalent does not exist in relation to a designated ECI, it shall ensure by any measures deemed appropriate, that such a Security Liaison Officer or equivalent is designated.” Although no timeframe for this appointment is given in the Directive, it is assumed that the designation of the SLO is carried out as quickly as possible. The SLO is considered a pre-requisite for discussions on the availability and creation of the Operator Security Plan (OSP), and a SLO should thus be established in time to deliver the OSP within its specified timeframe of one year.

An OSP needs to be established, if one does not already exist for the designated infrastructure. Article 5(3), “If a Member State finds that such an OSP or equivalent has not been prepared, it shall ensure by any measures deemed appropriate, that the OSP or equivalent is prepared.” The OSP has to be in place within one year of designation and reviewed on a regular basis.

In parallel to the OSP, a threat assessment needs to be performed under Article 7(1), “Each Member State shall conduct a threat assessment in relation to ECI sub-sectors within one year following the designation of critical infrastructure on its territory as ECI within those sub-sectors.”

The timeline chart indicates the maximum time allowed to perform these tasks.

Designation of an ECI can take place at any time within the first two years following

the Directives entry into force; the actual date to complete the OSP and threat

OJ: Two years after the entry into force of this Directive.

11 of 46

assessment may vary, but will always be no more that one year following designation.

12 of 46

The Directive requires Member States to compile three types of report to submit to the Commission.

1.

Every 12 months the number of infrastructures per sector for which discussions

were held concerning the CCC thresholds must be reported to the Commission. See Article 3(2), “The precise thresholds applicable to the cross-cutting criteria shall be determined on a case-by-case basis by the Member States concerned by a particular critical infrastructure. Each Member State shall inform the Commission on an annual basis of the number of infrastructures per sector for which discussions were held concerning the cross-cutting criteria thresholds.”

2.

Member States shall inform the Commission as to the number of designated

ECI per sector and of the number of Member States dependent on each designated ECI. See Article 4(4), “The Member State on whose territory a designated ECI is located shall inform the Commission on an annual basis of the number of designated ECIs per sector and of the number of Member States dependent on each designated ECI.” If no ECI is designated, then no report is to be provided to the Commission.

3.

The final report required under Article 7(2) states that, “Each Member State

shall report every two years to the Commission generic data on a summary basis on the types of risks, threats and vulnerabilities encountered per ECI sector in which an ECI has been designated pursuant to Article 4 and is located on its territory.”

13 of 46

Figure 1 – Timeline of actions indicating deadlines for Member States

14 of 46

The procedures of Identification and Designation of European Critical Infrastructure (Articles 3 and 4)

The identification procedure

The Directive sets out the procedure to be followed for the identification of ECI. This

procedure is described in Article 3 and Annex III to the Directive:

As stated in Article 3(1), “each Member State shall identify the potential ECI which

both satisfy the cross-cutting and sectoral criteria and meet the definitions set out in

Article 2(a) and 2(b).”

Article 3 of the Directive should be read together with Annex III to Annex I (of the

same Directive) which sets out the procedure to be followed in the identification of

ECI:

“Article 3 requires each Member State to identify the critical infrastructures which may be designated as an ECI. This procedure shall be implemented by each Member State through the following series of consecutive steps.

A potential ECI which does not satisfy the requirements of one of the following sequential steps is considered to be "non-ECI" and is excluded from the procedure. A potential ECI which does satisfy the requirements shall be subjected to the next steps of this procedure.”

The procedure that is set out by the Directive comprises of four consecutive steps.

“Each Member State shall apply the sectoral criteria in order to

make a first selection of critical infrastructures within a sector.” Are the Sectoral Criteria met?

“Each Member State shall apply the definition of critical

infrastructure pursuant to Article 2(a)”

Is the Infrastructure Critical according to Article 2(a)?

“Each Member State shall apply the transboundary element of

the definition of ECI pursuant to Article 2(b)”

Does the infrastructure have a significant transboundary impact

on other Member States?

“Each Member State shall apply the cross-cutting criteria to the

Step 3 Step 4

remaining potential ECIs.”

Are the Cross-Cutting criteria met?

Figure 2 – Representation of the 4-step identification procedure

15 of 46

The procedure may be entered at any point, as long as they are all completed. The steps are the following (see Annex III of the Directive):

Step 1:

“Each Member State shall apply the sectoral criteria in order to make a first selection of critical infrastructures within a sector.”

For the purposes of implementing the Directive, these sectoral criteria will relate only

to Energy and Transport sectors. The sectoral criteria can be found in section 4 of

these guidelines.

As a result of this step only infrastructures providing essential services are considered.

1.1.8. Step 2:

“Each Member State shall apply the definition of critical infrastructure pursuant to Article 2(a) to the potential ECI identified under step 1.

The significance of the impact will be determined either by using national methods for identifying critical infrastructures or with reference to the cross-cutting criteria, at an appropriate national level. For infrastructure providing an essential service, the availability of alternatives, and the duration of disruption/recovery will be taken into account.”

This step provides a check to see if the infrastructure satisfies the definition of critical

infrastructure, as defined by the Directive and whether the loss of service from that

infrastructure would have a significant impact.

As a result of this step, only infrastructures which are perceived by the Originating

Member State (OMS) as critical are considered.

For the purpose of the Directive:

“ ‘critical infrastructure’ means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.”

A flexible approach is used in terms of determining whether or not an impact is

significant, as either national thresholds or the Cross-Cutting Criteria may be used in

this respect.

Step 3:

“Each Member State shall apply the transboundary element of the definition of ECI pursuant to Article 2(b) to the potential ECI that has passed the first two steps of this procedure. A potential ECI which does satisfy the definition will follow the next step of the procedure. For infrastructure providing an

16 of 46

essential service, the availability of alternatives, and the duration of disruption/recovery will be taken into account.”

This step provides a check to see if the disruption or destruction of the infrastructure

would have a significant transboundary impact on other Member States.

Step 4:

“Each Member State shall apply the cross-cutting criteria to the remaining potential ECIs. The cross-cutting criteria shall take into account: the severity of impact; and, for infrastructure providing an essential service, the availability of alternatives; and the duration of disruption/recovery. A potential ECI which does not satisfy the cross-cutting criteria will not be considered to be potential ECI.”

Section 0 gives indicative thresholds for the cross-cutting criteria, although the precise

thresholds to be used shall be established on a case-by-case basis between the

involved Member States.

With this step, only infrastructures which are perceived jointly by the OMS and

Affected Member State (AMS) as critical will be considered.

CCC provides a check that ensures that only infrastructures with similar associated

potential transboundary impacts, or in other words, with similar criticality, are

considered for ECI designation. Three types of effect are considered by the Directive,

namely casualty, economic and public. These are further explained in section 5.

The Designation procedure

Article 4 states a number of rights and obligations of an OMS.

1.1.9. Obligations:

•

It shall inform the other Member States which may be significantly affected by a potential ECI, about its identity and the reasons for designating it as a potential ECI (Article 4(1)).
•

It shall engage in discussions with Member States that may be affected by this potential ECI (Article 4(2)).
•

It shall designate this infrastructure following agreement with Member States that may be affected by this potential ECI (Article 4(3)). The acceptance of the Member States on whose territory the ECI is located shall be required.
•

It shall inform the Commission annually about the number of infrastructures that are designated as ECI (Article 4(4)).

It shall inform the owner/operator regarding this designation (Article 4(5)).

•

It shall complete the identification procedure within two years of the entry into force of this Directive.

17 of 46

•

It shall review the designation on a regular basis.

1.1.10. Rights:

•

Its agreement is required for designation

1.1.11. The article also gives rights to potentially affected Member States (MS).

•

Article 4(2):

“A Member State that has reason to believe that it may be significantly affected by the potential ECI, but has not been identified as such by the Member State on whose territory the potential ECI is located, may inform the Commission about its wish to be engaged in bilateral and/or multilateral discussions on this issue. The Commission shall without delay communicate this wish to the Member State on whose territory the potential ECI is located and endeavour to facilitate agreement between the parties.”

•

Article 4(2) thus also obliges the Commission to take action if a Member State considers it may be potentially affected.
•

The agreement of the affected MS on designation is also required. (Article 4(3))

Detailed explanation of the Identification and Designation procedures

This section introduces a flowchart that describes and explains the identification and

designation procedures of a single infrastructure as well as all post designation

activities. See annex 1 for a reproduction of the flowchart. The flowchart follows the

Directive as closely as possible. It describes all steps and processes explicitly

mentioned in the Directive, as well as those which are implicit, but required in

practice.

The flowchart depicts a common procedure; a MS can enter the flowchart at any

point, as long as Annex III to the Directive is met.

The actual workflow to be undertaken by Member States is more complex than

described here. For instance no assumptions are made about actors or processes

beyond the level of the Member States and the Commission. Several iterations may be

required to complete some parts of the procedure.

Three actors are considered:

•

OMS (Originating Member State).
•

AMS (Affected Member State).
•

The European Commission. In the flowchart the role and responsibility of the actors are indicated by colour

18 of 46

coding:

•

light blue boxes for the OMS,
•

green boxes for the AMS,
•

dark blue boxes for the Commission,
•

purple for joint activities by the Commission and Member States,
•

orange boxes indicate that the OMS and AMS have shared responsibility and collaborate, possibly facilitated by the Commission.

There are two types of connecting arrows:

•

red arrows indicate flows which are directly connecting all processes described in the Directive and are therefore required by the Directive;
•

blue arrows connect processes that are not explicit in the Directive, but which are required to make the explicit processes possible.

The flowchart uses common symbols:

•

ovals for start and end points,
•

rectangles for processing steps,
•

diamonds for decisions, and
•

rectangles with a wavy bottom for a document. Documents can be either real documents such this guidelines document, or may be simple data records. The documents shall have an appropriate level of classification.

There exist three possible points to initiate the identification and designation

procedures, these are at the top of the flowchart, identified as IP1, IP2 and IP3.

Initiation Point 1: Initiation by the OMS as set out by the Directive in Articles 3 and

4.

The common initiator is the Member State on whose territory the infrastructure is

located.

The sectoral criteria would normally have been consulted, enabling a pre-selection of

infrastructures to undergo the procedure. In some (sub-)sectors, the sectoral criteria

indicate directly for which infrastructures the identification procedure should be

initiated. A further explanation regarding the different kinds of sectoral criteria is

given in section 0.

Initiation Point 2: The second route corresponds to Article 3(1) of the Directive

which gives the Commission the possibility to initiate the procedure:

“The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructures which may be deemed to satisfy the requirements for designation as an ECI.”

19 of 46

Initiation Point 3: The third route is initiated by a Member State on whose territory

the infrastructure is not located, but which has reason to believe that it may be

significantly affected by a loss of service, as set out by Article 4(2).

The second and third initiation points are further explained at the end of this section.

The identification and designation procedure is however the same in all subsequent

steps.

Entry into procedure: Though an infrastructure may enter the procedure via any of

the three initiation points, the normal route will be initiation by the OMS.

Optionally, the OMS can assess whether the infrastructure has been considered before

and whether there is a need to reconsider its status by repeating the identification

procedure. This situation may occur when the designation (or non-designation) of an

infrastructure is reviewed after a number of years, or when the procedure is started by

the Commission or a potential AMS.

Step 1: The assessment against the sectoral criteria is the first official identification

step. The applicable criteria given in section 4 of this document are applied by the

OMS. If the OMS considers that these are met, the assessment proceeds to step 2.

Otherwise the infrastructure is regarded as non-ECI.

Step 2: When the infrastructure has passed the first step, the OMS shall assess

whether it is critical infrastructure pursuant to the definition as given in article 2(a) of

the Directive:

“‘critical infrastructure’ means an asset, system or part thereof located in the EU Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions”

The infrastructure is considered to be critical according to the national criteria used

internally by the OMS. Alternatively, the OMS may assess criticality using a version

of the CCC adapted in such a way that they become appropriate for use at national

level. This is described as follows by the Directive in Annex III:

“The significance of the impact will be determined either by using national methods for identifying critical infrastructures or with reference to the cross-cutting criteria, at an appropriate national level. For infrastructure providing an essential service, the availability of alternatives, and the duration of disruption/recovery will be taken into account.”

If the infrastructure is found to be critical, by using one of these approaches, the OMS

proceeds to the third step. Otherwise it is not considered ECI.

20 of 46

Step 3: The third step considers whether the infrastructure has a transboundary nature. The assessment should be done pursuant to the definition in Article 2(b):

“‘European Critical Infrastructure’ or ‘ECI’ means critical infrastructure located in the EU Member States the disruption or destruction of which would have a significant impact on at least two Member States of the EU;”

The third step is intended as a check on whether the infrastructure can actually affect

one or more Member States outside of the territory of the OMS significantly, and

which Member States they are. This step does not require contact with the AMS but

may benefit from it. Determining the significance of the impact using the CCC is

done as part of the fourth step, since fully evaluating these requires contact with the

AMS. To produce a first estimate of the potential significance, the OMS may apply

the CCC, or use another means of estimation, for instance when assessment appears

not possible without contact. In this step, determining the possibility of transboundary

consequences is more important than determining the significance of these.

Following confirmation of the potential European Criticality of this infrastructure, the

OMS shall proceed to step 4. If loss of service of this infrastructure cannot cause

transboundary consequences, the infrastructure will again not be considered ECI.

Engagement with AMS: Though a first estimate can be made of whether the

consequences of service loss of an infrastructure meet the CCC, the nature of the CCC

does not allow a complete evaluation by the OMS. Involvement of the AMS is

required. The Directive does not define a procedure for this; a possible route is via the

CIP contact points of the potential AMS. The legal basis for informing the AMS is

described in article 4(1):

“Each Member State shall inform the other Member States which may be significantly affected by a potential ECI about its identity and the reasons for designating it as a potential ECI.”

Whilst the infrastructure has not yet been strictly identified as critical at this stage, the

potential AMS are known as a result of step 3, which has been completed before

engagement. The AMS would normally be expected to accept this engagement. If it

does not accept engagement however, it would be left out from the possible bilateral

or multilateral discussion process concerning the potential ECI.

Step 4: The fourth step involves collaboration between the AMS and OMS, though

how this should occur is left to the MS involved. It will use the CCC as given in this

document to finally identify ECI.

In order to minimize the level of work required, the most relevant of the three CCC,

21 of 46

i.e. the one expected the most likely to be met is selected first. Subsequently the MS will determine the precise thresholds for these criteria, based on the actual nature of this infrastructure and of the consequences that would occur following its loss of service. The OMS shall inform the Commission, on an annual basis of the number of infrastructures per sector for which discussions were held concerning the CCC (Article 3(2)).

The procedure continues by drawing up the ‘reasonable worst case scenario’, see section 0. When the predicted outcome meets the selected CCC, it is identified, but not yet designated as ECI, and the procedure proceeds to the next step. If it is not identified as such, the remaining CCC may be applied as well, if relevant. As in all previous steps, if none of the CCC are met, the infrastructure is considered non-ECI. Identification: If one of the CCC is met, then the infrastructure is identified as potential ECI. The parties involved proceed to the final bi- or multi- lateral discussions on the actual designation. The Commission may participate in these discussions, following invitation from the concerned Member States, without being informed about the specific nature of the infrastructure (Article 4(2)). These discussions provide the participating MS with the opportunity to reach agreement on designation, but also to verify the need for designation. Furthermore there is opportunity to re-evaluate previous work on the criteria with different actors or at different national levels. Then, if all parties agree they proceed to designation. Designation: Designation can only occur if the OMS agrees. If the OMS does not agree, the infrastructure is considered non-ECI even though it has been identified as such (Article 4(3)). In other words the OMS has the right to veto designation. Post designation activities: When the infrastructure is designated as ECI, the OMS shall inform the AMS (Article 4(4)). The OMS shall also communicate the designation to the operator of the infrastructure (Article 4(5)) for further implementation of articles 5 and 6. Additionally, the OMS shall have some mechanism in place to communicate the number of designated infrastructures annually to the Commission.

The OMS has to assess whether an OSP or equivalent exists for the ECI. If an OSP or equivalent exists then no further action needs to take place, except a regular review of it. If an OSP or equivalent does not exist, then the following actions need to be carried out, in line with Annex II of the Directive describing the OSP procedure. The important assets of the infrastructure need to be identified and a risk analysis based on

22 of 46

major threat scenarios needs to be performed. Once completed, then the potential counter measures against such threats need to be identified. A non-exhaustive list of measures, principles and guidelines applicable in some sectors, compliance with which may satisfy the OSP requirements of this Directive is given in Annex 2.

Entry via initiation points 2 and 3: The entry of an infrastructure into the procedure can also occur following suggestion by the Commission (initiation point 2) or an AMS (initiation point 3).

Regarding initiation point 3, a potential AMS that has reason to believe that it may be significantly affected by a loss of service, supplied from another Member State, can request that the infrastructure that provides the service undergoes the procedure to identify and subsequently designate the infrastructure. If this has not yet been identified as such by the OMS, the AMS has two possibilities to enter it into the procedure. It may approach the Member State concerned directly or may inform the Commission regarding its wish. The Commission shall communicate this wish without delay to the OMS. Only the route via the Commission is set out by the Directive, but there would be nothing hindering the AMS to contact the OMS directly. Article 4(2):

It is expected that the AMS has already checked whether the loss of the service

concerned would indeed be likely to meet the CCC on its territory. The Directive

however does not require this. The OMS may be required to identify the infrastructure

or infrastructures that provide this service. If more than one infrastructure is identified

then each of these will have to undergo the procedure. As before designation can only

occur if the OMS agrees.

Aspects for scenario construction in the Identification and Designation procedures

This section describes key aspects that should be considered in building scenarios for

applying criteria for the identification and designation of ECIs. No attempt is made to

23 of 46

prescribe the use of a certain method. The Member States themselves are responsible for implementing a methodology that works within their national context. The scenario building process is essential for the evaluation of CCC.

4.

Loss of Service. Central to the objectives of the Directive is the need to protect

European Society against the disruption or destruction of critical infrastructure. More precisely, it strives to protect an infrastructure “which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being, and the disruption or destruction of which would have a significant impact in a MS as a result of the failure to maintain those functions”. In other words, if an infrastructure provides a service that maintains vital societal functions, it may merit protection, depending on the significance of the potential loss or degradation of the service that the infrastructure is expected to provide. The expression ‘loss of service’ is used in this document to mean unacceptable degradation below the service level expected to be provided by the infrastructure.

5.

Ex-ante analysis. The evaluation of the criteria requires ex-ante analysis, or

before the event, as opposed to ex-post or after the event.

During ex-ante analysis an all hazards approach as prescribed by the Directive shall be followed. In other words the consequences of all relevant natural hazards, terrorist acts, deliberate or non-deliberate man made accidents that could possibly lead to a loss of service should be considered during the ex-ante analysis.

6.

Reasonable Worst-Case scenarios. A reasonable worst case scenario is the

basis on which the consequences are calculated for evaluating the criteria. In the context of the Directive the assessment should concentrate on national and transboundary effects. Worst case scenarios are the most unfavourable ones, leading to the worst expected outcome out of all possible scenarios.

Reasonable worst case scenarios are those scenarios that can possibly happen and are feasible on the basis of existing knowledge.

7.

Duration of event and escalation. A failure that occurs during the day and is

restored the next morning may have few consequences. It may take more than a week for certain industries to run out of stock following disruption of supply. Based on the events that can occur following the loss of service, a reasonable escalation scenario should be established as part of the worst case estimation, taking time into account. The duration of the loss of service and development of escalating events need to be evaluated.

8.

Availability of alternatives. Closely related to event duration are potentially

existing redundancies, storage capacity and other means that would mitigate or delay the impact. These shall be taken into account. For example, if a pipe-line fails and can be repaired in three days whilst end-user storage lasts for four days, the adverse consequences of the pipe-line failure will not be considered critical. Similarly, fuel for emergency power generation might only last for a day, causing escalation (e.g. hospitals without power) when a black-out could reasonably last longer then a day.

24 of 46

9.

Cascading effects. It is important and requested by the Directive to take into

consideration cross-sector dependencies and possible cascading effects upon other infrastructures leading to more severe impacts. To be effective, the ex-ante evaluation of the effects of an initial loss of service will have to balance the efforts put into the modelling of the consequences and the uncertainties that this modelling brings. In other words, the Member State should only take into account those events that can reasonably be expected to follow from a loss of service, and of which the magnitude in that case can be reasonably forecasted.

10.

Misuse and “weaponisation”. For the Energy and Transport sectors misuse and weaponisation shall not be considered.
11.

System granularity and designation of critical components. The Directive does not fully define what an infrastructure actually is. It says: “an asset, system, or part thereof”. An infrastructure can be analyzed as a system at a high level, for instance the national or even European transportation system, which includes among other modalities railway transport. At the lowest system level the individual pieces of metal, plastic, nuts and bolts that make up a railway are found. At some intermediate level, which should be defined in the scope of the assessment by the concerned Member State, the analysis of criticality must take place; at a possibly lower level the components are identified that shall be designated as ECI.

The sectoral criteria provide the first guidance on defining the scope, though experts may need to clarify this. The following additional guidance can be given: The criticality of infrastructure should be determined at a level at which potentially significant consequences may be suffered by the end users of the infrastructure and at a level that the operators concerned can be identified.

12.

Existing protection measures. The existence of protection measures that harden an infrastructure should not preclude it as a potential CI during the identification procedure. Typical examples of such measures include fencing, security gates, computer firewalls, fire protection, flood barriers, and other forms of hardening the infrastructure against disruption or destruction by attacks or natural events. In other words, an infrastructure should not be excluded as CI solely on the grounds that it is adequately hardened; the existence of such measures is irrelevant during the procedure. It should be noted however that in case the infrastructure is designated as ECI, such measures shall be considered in the context of the OSP.

25 of 46

Sectoral criteria

Introduction

Sectoral criteria are technical or functional criteria that should help identify at the start

of the identification procedure the infrastructures that could potentially become

critical. These criteria however do not consider the potential impact of disruption or

destruction of the infrastructure on society, but just its nature.

As stated in Article 3(3), “the sectors to be used for the purposes of implementing this

Directive shall be the energy and transport sectors. The sub-sectors are identified in

Annex I.” Furthermore, article 3(3) of the Directive states:

“If deemed appropriate and in conjunction with the review of this Directive as laid down in Article 11, subsequent sectors to be used for the purpose of implementing this Directive may be identified. Priority shall be given to the ICT sector.”

Thus far four different kinds of sectoral criteria are used. The distinction between

these determines how an infrastructure is firstly identified, and this affects the start of

the identification procedure discussed in section 3.3.

Sectoral criteria either:

13.

Prescribe specific properties. For example dimensions, capacities, and distances which an infrastructure should have in order for the criteria to be met; this is the most traditional form of a criteria.

Thresholds for the specific properties may be decided by the concerned Member States.

For instance the criteria may set out a minimum capacity and minimum distance it should have from similar infrastructures. Or it might specify a pipeline diameter as could be the case in oil and gas transmission.

In general a Member State will work within the sectors to identify all infrastructures that meet the properties set out by the criteria. In some cases a list of such infrastructures may already exist, and therefore the first step of the identification procedure has essentially been completed. Otherwise, it should be carried out as indicated in the flowchart in Annex 2.

14.

Identify networks of which the ‘key elements’ must be determined. Identification of these key elements needs to take place by analysing the system as a whole and identifying those elements that can potentially cause large disruptions of the system, which could lead to significant losses in Member States. If these losses are indeed significant within the context of the Directive, the element (more precisely its parts) shall enter the designation procedure.

26 of 46

15.

Name a specific infrastructure asset directly. In this case the identification procedure immediately proceeds to step 2.
16.

Allow an MS to identify an asset directly. There may be cases where no sectoral criteria exist, but nevertheless a potential ECI may be identified taking into account particular situations. The identification procedure will follow the flowchart from step 2.

Sectoral Criteria in the Energy Sector

This section of the guidelines is classified and is omitted in the present version of the document.

Sectoral Criteria in the Transport Sector

This section of the guidelines is classified and is omitted in the present version of the document.

27 of 46

Cross-Cutting Criteria

Introduction

Cross-cutting criteria consist of three families of criteria, namely casualties criteria,

economic effects criteria and public effects criteria Article 3 (2):

“ (a) casualties criterion (assessed in terms of the potential number of fatalities or injuries);

(b) economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);

(c) public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).”

As stated in Article 3(2), “the cross-cutting criteria thresholds shall be based on the

severity of the impact of the disruption or destruction of a particular infrastructure.

The precise thresholds applicable to the cross-cutting criteria shall be determined on

a case-by-case basis by the Member States concerned by a particular critical

infrastructure.”

As the Directive states that the precise thresholds to be used in the identification and

designation shall be determined on a case-by-case basis by the concerned Member

States, the thresholds that are put forward in these guidelines are indicative only. They

are meant to reflect when an impact could start to become significant. Member States

may use these indicative thresholds to determine the threshold they will use for the

assessment of the transboundary impact.

It is sufficient that one of the cross-cutting criteria is met to satisfy Step 4 of the identification procedure.

Casualties Criteria 1.1.12. Definitions

•

A casualty is either a fatality or an injured person.
•

An injured person is defined as a person requiring more than 24 hours of hospitalization.

28 of 46

There is no limit given on a maximum time following the event that causes the disruption or destruction of the infrastructure during which the fatalities should occur.

All fatalities or injured persons related to loss of service shall be counted. 1.1.13. The criteria

1.1.14. When does an effect in terms of fatalities start to become significant in a Member State for the purpose of the Directive?

•

If the potential number of fatalities, in a Member State, associated with the loss of service of a given infrastructure, is above a threshold that shall be determined by this Member State, on a case-by-case basis, then the effect in this Member State, in terms of fatalities, may be considered significant.
•

At least two Member States need to be significantly impacted by the loss of service, in order for the given infrastructure to meet the cross-cutting criteria on casualties.
•

The agreed threshold shall be determined by the concerned Member States.

In the absence of an agreed threshold, then a significant impact would be fatalities amounting to several hundreds.

Figure 3 – Casualties criteria – Fatalities

1.1.15. When does an effect in terms of injuries start to become significant in a Member State for the purpose of the Directive?

•

If the potential number of injuries, in a Member State, associated with the loss of service of a given infrastructure, is above a threshold that shall be determined by this Member State, on a case-by-case basis, then the effect in this Member State, in terms of injuries, may be significant.
•

At least two Member States need to be significantly impacted by the loss of service, in order for the given infrastructure to meet the cross-cutting criteria on casualties.
•

The agreed threshold shall be determined by the concerned Member States.

In the absence of an agreed threshold, then a significant impact would be injuries amounting to several thousands.

Figure 4 – Casualties criteria – Injuries

29 of 46

1.1.16. Guidelines for the application of the casualties criteria

In the assessment of casualties the precise number is not required, only an order of magnitude.

1.1.17. Estimation of the exposed population

Estimations can be derived from statistics on the use of a service among a population, on the number of customers provided by the operator, on the population living in the area where the service is delivered, etc.

•

How many people are using the service and are impacted by the loss of service?
•

How many people are using other services that are dependent on the service that is lost?
•

Are there sensitive structures where people could suffer more from the service disruption (e.g. hospitals, retirement houses, schools, etc.)?
•

Within these exposed populations, are there sensitive groups? (Sensitive groups are typically people over 65, children, disabled people, etc. They are considered as more vulnerable to the loss of service)

1.1.18. Evaluation of the vulnerability of the population exposed

This may be done for instance on the basis of lessons learnt taken from past events, where relevant or using existing vulnerability functions when they exist on the basis of expert judgment. This vulnerability assessment should take into account the duration of the service’s disruption.

•

Is the service disruption more susceptible to causing fatalities or injuries?
•

Are there similar events that in the past caused casualties? In which proportion?
•

Are there already existing vulnerability functions that are used at national level to assess casualties in case of a service’s disruption?

1.1.19. Assessment of the coping capacities and alternatives

•

What is the level of coping capacities of the population (stocks of food, water, alternative resources for heating, etc.)?
•

Are the rescue services prepared to face this kind of service disruption?

Figure 5 – Issues for the application of the casualties criteria

30 of 46

Economic Effects Criteria

1.1.20. Definitions

•

Economic losses are those losses related to the loss of service.

1.1.21. Main assumptions

•

This calculation should take into account whether alternatives or temporary solutions may be found, including the additional costs these incur.
•

The environmental impact and related costs should be included in the calculation of the economic impact.
•

Cascading effects should be counted where it can be demonstrated that they can be reasonably calculated.
•

Restoration costs shall be considered on a sectoral basis. For the Energy and Transport sectors, restoration costs shall not be considered.

The criteria

1.1.22. When does an effect in terms of economic loss start to become significant in a Member State for the purpose of the Directive?

Two phase approach:

17.

In the first phase, an internal assessment of economic significance shall take place. This assessment shall be carried out by the Member State, with the aim of assessing whether the potential economic loss, in this Member State, associated with the loss of service of a given infrastructure, is above the indicative threshold of 500 Million Euros or 0.5% of the GDP (Gross Domestic Product) of this Member State.
18.

In the second phase, an assessment shall take place with the aim of assessing whether the aggregate economic loss in all affected Member States, including, where applicable, in the originating Member State, exceeds an approximate aggregate threshold of 1bn Euros.

In the specific situation of having only two Member States affected, one of which being the originating Member State, the approximate aggregate threshold mentioned above may be adjusted to take into account the national thresholds applicable in the originating Member State.

Figure 6 – Cross cutting criteria on economic effect

1.1.23. Economic losses due to loss of service

The starting point for the assessment is that a loss of service will lead to a loss of

31 of 46

production of services and goods. This loss and its effect incurred in the supply chain constitute the total size and extent of economic damage.

The economic criteria is evaluated based on the impact of infrastructure failure on the dynamics of national economies (macro perspective), rather than on individual actors (micro perspective). In other words, a distinction is made between losses to private actors (often called private or financial losses) and losses to society as a whole (often called social or economic losses). Within the context of evaluating the economic criteria private losses shall not be taken into account, since these losses do not necessarily affect the economy as a whole.

Private losses do not necessarily affect the GDP. For instance, suppose that a farm in a given year loses its production due to a given cause (whether it be man-made, natural, etc.). The loss to the farmer equals the value of that year’s production. The (net) loss to the nation however depends on the availability of alternatives. If other farmers do not lose their crop and can substitute the demand the loss to the national economy would be negligible. If however such alternatives do not exist within the Member State, crops must be imported; this incurs a national loss, equal to the value of the imports, which does affect the GDP.

The assessment should consider the impact of the loss of service on the national economy of a Member State taking into account possible alternatives and the substitution of goods and services as well as taking into account the duration of the loss.

1.1.24. Environmental Impact

For the purpose of this Directive environmental impact is limited to the loss of land

and displacement of people.

•

Loss of land For the purposes of this Directive, the economic value of land is determined by the possible contribution of the use of this land to the national income of a Member State.
•

Displaced people For the purpose of the Directive, the economic effect of the displacement of people has to be assessed on the basis of the cost incurred by the Member State to relocate the displaced persons (such as shelter, transport, food etc) and

32 of 46

its impact on the national economy.

1.1.25. Possible assessment methods

A suitable calculation method is input-output analysis. This method has the

advantages that it automatically excludes private losses, includes cascading economic effects, and uses current data.

In short, an input-output model is a description of the dependencies that exist within an economy amongst all its sectors of activities. An input-output model explains, for example, how the output of the oil and gas sector is used within other sectors such as, industry, agriculture, etc. What is important to note is that there is a direct link between the input-output table and the national accounts. This makes it possible to express the consequences of a disruption in one sector and its rippling effect to the rest of the economy and eventually on the GDP. The required data for building input-output models is available from Eurostat.

Another source of information may be cost benefit analysis prepared when the infrastructure was in its planning phase.

33 of 46

1.1.26. Issues for the application of the economic criteria

1.1.27. Economic losses include

•

Loss of production which represents a real impact on the national economy.
•

Environmental impact which represents a real impact on the national economy.

1.1.28. Key issues for assessing economic losses in a scenario

The impact of a disruption is assessed in terms of how business is interrupted for the

duration of the disruption. The following questions provide further guidance in the

assessment of the infrastructure.

Impact

•

How is the infrastructure used in the production process?
•

What would be the scale of the disruption if the infrastructure fails? (local/regional/national)
•

How long will it take before the service is restored, once it has been lost?
•

What is the number of end users being affected in the category agriculture?
•

What is the number of end users being affected in the category households?
•

What is the number of end users being affected in the category industrial producers?
•

What is the number of end users being affected in the category service sector?
•

What is the normal income received by the previously mentioned categories for a period with a length equal to the duration of the loss of service?

Alternatives

Alternatives are a key issue in assessing the net effect of a disruption in infrastructure.

Currently no standard methods exist, however a few rules of thumb or key questions

can be identified:

•

In the affected area, is there any specialized industry?
•

In the affected area is there any unique installation, for which no alternatives exist, that would be interrupted in its normal business in case of a disruption in one of the infrastructures?
•

Do sufficient producers exist which can replace the lost production within the geographic limits of the area of interest?
•

Is there any cost associated with transferring production and/or using these alternatives?

Net-impact

34 of 46

•

When taking into account the issues mentioned under the section “alternatives” above, how much of the lost production under the section “impact” can be made up for in un-affected areas?

1.1.29. Assessing cascading effects

Cascading effects may constitute a significant part of the loss incurred due to a

disruption in critical infrastructure. The following provides indications on when to

pay special attention to cascading effects.

•

Long duration of disruption
•

Event affecting significant proportion of the area (region, Member State) of interest

Impacts on highly concentrated and specialized industry or services

•

Nodal points in networks (communications, transport, energy, information) are affected.

Figure 7 – Issues for the application of the economic criteria

35 of 46

Public Effects Criteria

1.1.30. Main assumptions

For the purpose of the Directive public effects are characterized by:

o Number of people impacted

o Severity of the impact

o Duration of the impact Public effect is expressed in three separate categories, on which the actual sub criteria is based:

o Physical suffering

o Impact on public confidence

o Disruption of daily life

Only if the criteria Physical Suffering or Impact on Public Confidence are not met shall the Disruption of Daily Life be considered.

•

Public effect shall in each of these three effect categories be measured on a severity scale using three categories that express the magnitude of the impact.

o Low

o Medium

o High

36 of 46

1.1.31. The criteria

1.1.32. When does an effect in terms of “physical suffering” start to become significant in a Member State for the purpose of the Directive?

•

If, in a Member State, as a result of the loss of service of a given infrastructure, the number of people affected with a level of severity equal to or above “Medium” is above the indicative threshold of 250.000 people, then the effect in that Member State starts to become significant.
•

Two Member States need to be significantly impacted by the loss of service, using the rule above, in order for the given infrastructure to meet the cross-cutting criteria on public effect.

Effect of the loss of service is

Severity
High	Significant
Medium	Significant
Low	Less significant	Total

250 000

Population

population

Figure 8 – CCC on public effects (physical suffering)

37 of 46

1.1.33. When does an effect in terms of “disruption of daily life” start to significant in a Member State for the purpose of the Directive?

become

•

If, in a Member State, as a result of the loss of service of a given infrastructure, the number of people affected with a level of severity equal to or above “Medium” is above the indicative threshold of 250.000 people, then the effect in that Member State starts to become significant.
•

Two Member States need to be significantly impacted by the loss of service, using the rule above, in order for the given infrastructure to meet the cross-cutting criteria on public effect.

Effect of the loss of service is

Severity
High	Significant
Medium	Significant
Low	Less significant	Total

250 000

Population

population

Figure 9 – CCC on public effects (disruption of daily life)

38 of 46

1.1.34. When does an effect in terms of “public confidence” start to become significant in a Member State for the purpose of the Directive?

•

If, in a Member State, as a result of the loss of service of a given infrastructure, the number of people affected with a level of severity equal to or above “Medium” is equal or above an indicative threshold equivalent to a total number of people living in a region of the Member State, then the effect in that Member State starts to become significant.
•

Two Member States need to be significantly impacted by the loss of service, using the rule above, in order for the given infrastructure to meet the cross-cutting criteria on public effect.

Effect of the loss of service is

Severity
High	Significant
Medium	Significant
Low	Less significant	Total

Regional

Population

population

Figure 10 – CCC on public effects (public confidence)

39 of 46

1.1.35. Possible assessment methods

The ex-ante assessment relies mainly on expert judgement. With regards to the proposed criteria, the following steps could be followed to assess public effects:

•

Estimation of the number of people potentially affected
•

Assessment of the severity of the impact
•

Final assessment of the public effects on the basis of the number of people impacted and the severity of the impact

1.1.36. Assessment of the severity of the impact

It must be kept in mind that the duration of the disruption contributes to the increase of severity. The assessment must reflect the severity of impact for the entire period of disruption, i.e. the effects that are assessed are the effects as they are when the service is about to be restored.

Restoration of the service

time

Figure 11 – Severity as a function of impact duration

40 of 46

1.1.37. Assessment of physical suffering

•

Number of people affected: the estimation of the number of people potentially affected refers to the end-users using the service of the infrastructure under consideration.
•

Characterizing the severity: the physical suffering refers to the effects that can threaten the physical integrity of the population exposed.

Possible effects to consider	Low	Medium	High
Effects on health and sanitary conditions
Lack of water
Lack of food
Lack of heating and energy
Lack of housing and lodging
Other deprivation and hardship
Loss of personal security

Severity levels

Low: inconvenient or irritating effect on the individual, but short-term and not leading to significant health consequences or loss of life

Medium: significant effect on the individual leading to substantial health consequence or loss of life

High: strong effect on the individual leading to severe health consequences or loss of life

41 of 46

1.1.38. Assessment of the Disruption of daily life

•

Number of people affected: the estimation of the number of people potentially affected refers to the end-users using the service of the infrastructure under consideration.
•

Characterizing the severity: the disruption of daily life refers to significant changes in the routine activities of the population characterized in the table below.

Possible effects to consider	Low	Medium	High
Infringement of freedom of travel
Impossibility of leaving accommodation / attending school / going to work
Inability to assemble
Inability to communicate No access to information resources Separation from social network / family
Loss of purchasing power / income / employment
Unavailability of payment systems

Severity levels

o Low (inconvenient): irritating for the individual but not disruptive for his/her daily routine

o Medium (disruptive): for a limited period of time, the individual is not able to continue his/her daily routine

o High (dysfunctional): the individual is no longer able to continue his/her daily routine

42 of 46

1.1.39. Assessment of Public confidence:

•

Number of people affected: the estimation of the number of people potentially affected refers to the entire population of a Member State.
•

Characterising the severity: this category refers to the impact a disruption of a service can have on the confidence of the public in the capacities of their government to guarantee the delivery of essential services. The loss of confidence can be expressed through demonstrations, rioting, and changes in the behavioural patterns of a Member State.

Possible effects to consider	Low	Medium	High
Possibility of rioting
Possibility of stocking up
Possibility of change of behavioural patterns (e.g. fear, panic)

Severity levels

o Low: inconvenient or irritating effect but short-term o Medium: substantial effect but temporary in nature o High : strong effect for an extended duration

43 of 46

Commission support for European Critical Infrastructure (Article 8)

As stated in Article 8, “The Commission shall support, through the relevant Member State authority, the owners/operators of designated ECIs by providing access to available best practices and methodologies as well as support training and the exchange of information on new technical developments related to critical infrastructure protection”.

Annexes

Annex 1: Flowchart

The flowchart is introduced in section 3.3 of this document and is reproduced on the next page in a single A3 format.

44 of 46

Annex 2: Existing Community measures for SLO and OSP or equivalent

Indicative list of measures, principles or guidelines referred to in Article 5(5) and Article 6(5) respectively include:

•

Directive 2005/65/EC of the European Parliament and of the Council of 26 October 2005 on enhancing port security
•

Regulation (EC) No 725/2004 of the EP and of the Council of 31 March 2004 on enhancing ship and port facility security
•

Regulation (EC) No 2320/2002 of the European Parliament and the Council of 16 December 2002 establishing common rules in the field of civil aviation security; and its implementing regulations
•

Regulation (EC) No 300/2008 of the EP and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002
•

Regulation (EC) No 2096/2005 of 20 December 2005 laying down common requirements for the provision of air navigation services
•

Regulation (EC) No 550/2004 of the EP and of the Council of 10 March 2004 on the provision of air navigation services in the single European sky
•

Regulation (EC) No 1315/2007 of 8 November 2007 on safety oversight in air traffic management and amending Regulation (EC) No 2096/2005

These measures may be applicable specifically to OSP or to SLO or to both. This list may

be amended.

46 of 46

2. Originele weergave

Open document als PDF

Non-Binding Guidelines for the application of the Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection - Hoofdinhoud

Inhoudsopgave van deze pagina:

Delen

1.

Tekst

2.

Originele weergave

3.

Meer informatie

Zoeken:

Laatste nieuws:

publicatiedatum	31-10-2008
kenmerk	14808/08