Risk assessment methodologies for critical infrastructure protection. Part II: A new approach

This report describes a risk assessment process for Critical Infrastructures (CI) based on the staff working document from DG ECHO namely “Risk Assessment and Mapping Guidelines for Disaster Management” and DG HOME “on a new approach to the European Programme for Critical Infrastructure Protection Making European Critical Infrastructures more secure”. As a result of the DG ECHO staff working document, several Member States (MS) have provided overview of risks where the risk of “loss of critical infrastructure” has been identified as a man made risk. However, we consider that there is a lot of room for improvement in this process mainly because Critical Infrastructures are not yet one more risk at MS level but CIs in their turn are subject to the risks that have been identified my MS. In the present report we identify this gap and we provide a methodology that is based on a different approach with respect to the CI risks.JRC.G.5-Security technology assessmen

European Reference Network for Critical Infrastructure Protection: ERNCIP Handbook 2017 edition Version 1.0

The ERNCIP network has been established to improve the protection of critical infrastructures in the EU. The European Reference Network for Critical Infrastructure Protection (ERNCIP) therefore works in close cooperation with all types of CIP stakeholders, focusing particularly on the technical protective security solutions. This handbook aims to assist the dissemination of the activities and results of ERNCIP. It is intended that the document will be updated and issued by the ERNCIP Office in spring each year. The information provided will be up to date as of the end of the previous calendar year, i.e. in this case as at 31 December 2016. The report summarises the achievements of all the ERNCIP Thematic Groups, providing a convenient way to access information on any specific theme of interest covered by ERNCIP. The report also describes current thematic group activities, to allow subject-matter experts and critical infrastructure operators to identify ongoing areas of research they might be interested in assisting. This report is publicly available via the ERNCIP web site, and is distributed to all ERNCIP Group of EU CIP Experts for onward dissemination within their Member State.JRC.E.2-Technology Innovation in Securit

Advanced services for critical infrastructures protection

In this paper an overview of the first results of FP7 CIPRNet project is presented. Particularly, we demonstrate CIPRNet services for critical infrastructure protection (CIP) stakeholders. The role of the proposed services is to support decisions in the CIP domain. Moreover, those services are expected to serve as the underpinnings for the European Infrastructures Simulation and Analysis Centre (EISAC) which, similarly to the US NISAC, should provide operational services on CIP, for the benefits of CI operators, stakeholders and the Public Authorities committed to CIP

A Risk based Maintenance (RBM) Interval Decision Making Model to Support Life Extension of Subsea Oil and Gas Facilities

A substantial number of production facilities in the subsea oil and gas industry are approaching their anticipated service life and thus, require to undergo a life extension program. In effect, the volume of maintenance activities to be undertaken on facilities in the subsea fields is growing rapidly. The current inspection and maintenance decision-making approaches to support life extension of subsea oil and gas facilities are mainly based on subjective experience and judgement of inspectors and engineers which may be inconsistent, inaccurate and unreliable. Therefore, it is of great interest for asset managers to propose sound approaches for maintenance of subsea facilities operating beyond their original design life. In this study, a quantitative risk-based maintenance (RBM) interval decision-making model is presented to minimize cost as well as the overall risk associated with life extension. The model provides an effective tool for maintenance planning of subsea equipment during the extended phase of operation by considering the probability of failure and the consequences associated with failures of the equipment. The likelihood of failure is modelled using Weibull distribution due to its inherent flexibility, and the failure parameters are determined using physical equipment data by means of maximum likelihood estimation (MLE) method. On the other hand, the economic consequences of failure is calculated by considering asset loss, production loss, human health loss and maintenance cost. The proposed framework is applied to a case study involving a subsea flowline and the results are discussed and evaluated

Security and defence research in the European Union: a landscape review

This landscape report describes the state of play of the European Union’s policies and activities in security and defence and the EU-funded research aimed at supporting them, with an exclusive focus on intentional harm. It is organised around several thematic building blocks under the umbrella of the three core priorities defined in the European agenda on security. The report reviews the current main risks and threats but also those that may emerge within the next 5 years, the policy and operational means developed to combat them, the main active stakeholders and the EU legislation in force. In this context, a short history of EU research on security and defence is presented, followed by an inventory of relevant research and development projects funded under the Horizon 2020 framework programme during the period 2014-2018. The specific contributions of the Joint Research Centre to security research are also highlighted. Finally, future avenues for security and defence research and development are discussed. Please note that the executive summary of this landscape report has been published simultaneously as a companion document.JRC.E.7-Knowledge for Security and Migratio

Recommendations for National Risk Assessment for Disaster Risk Management in EU

Decision No 1313/2013/EU on a Union Civil Protection Mechanism (UCPM) calls Participating States to develop risk assessments periodically and make the summary of their National Risk Assessment (NRA) available to the European Commission as a way to prevent disaster risk in Europe. In order to facilitate countries on this task, the European Commission developed the Guidelines on risk assessment and mapping. In spite of these, the summaries received have revealed several challenges related to the process and the content of the assessments. The current report aims to provide scientific support to the UCPM participant countries in their development of NRA, explaining why and how a risk assessment could be carried out, how the results of this could be used for Disaster Risk Management planning and in general, how science can help civil protection authorities and staff from ministries and agencies engaged in NRA activities. The report is the result of the collaborative effort of the Disaster Risk Management Knowledge Centre team and nine Joint Research Centre expert groups which provided their insight on tools and methods for specific risk assessment related to certain hazards and assets: drought, earthquakes, floods, terrorist attacks, biological disasters, critical infrastructures, chemical accidents, nuclear accidents and Natech accidents. The current document would be improved by a next version that would include scientific guidance on other risks and the collaboration of potential users.JRC.E.1-Disaster Risk Managemen

Information Security Education – Towards a Cybersecure Society: 11th IFIP WG 11.8 World Conference, WISE 11, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings

International audienceBook Front Matter of AICT 53

Information Security Education. Education in Proactive Information Security: 12th IFIP WG 11.8 World Conference, WISE 12, Lisbon, Portugal, June 25–27, 2019, Proceedings

International audienceBook Front Matter of AICT 55

CIPedia©: a Critical Infrastructure Protection and Resilience resource

CIPedia© (www.cipedia.eu) is a Wiki-based body of common knowledge for the wide international community of critical infrastructure (CI) protection and resilience stakeholders such as policy makers, researchers, governmental agencies, emergency management organizations, CI operators, and even the public.JRC.G.5-Security technology assessmen

Who cares what it means? Practical reasons for using the word resilience with critical infrastructure operators

Resilience: a highly debated term, with what seems to be an endless amount of slightly varied definitions depending on the sector, domain, or researcher who is addressing the topic, mainly boils down to rebounding after a crisis. For critical infrastructure (CI), the EU-funded H2020 IMPROVER project uses the following definition: “the ability of a CI system exposed to hazards to resist, absorb, accommodate to and recover from the effects of a hazard in a timely and efficient manner, for the preservation and restoration of essential societal services.” However, through six interactive workshops with infrastructure operators organized by the IMPROVER project, what has become apparent is that the definition of resilience isn’t what matters; what does matter is the way resilience changes the outlook of operators. Indeed, resilience is an optimistic approach when compared to current risk management practices, allowing operators to be actors in responding to crisis as opposed to simply being subjects exposed to risks. While many aspects of resilience are also found in risk management, the ability to learn how to respond to unexpected events appears to empower operators. Furthermore, the change in perspective from risk to resilience better deals with another change critical infrastructure operators are going through: from protecting assets from hazards to being able to continuously provide a minimum level of essential services to the public.JRC.E.2-Technology Innovation in Securit