Strategic or critical infrastructures, a way to interfere in Europe: state of play and recommendations
Critical Infrastructures (CIs) provide vital economic and social functions to European Union (EU) citizens. However, they are challenged by a diverse range of threats, not only natural and accidental but also intentional. CIs’ increasing reliance on technological advancements adds another element of complexity and vulnerability. Whilst their protection to date has been regulated by Directive 2008/114/EC, its scope of application has proved to be inadequate against an evolving landscape of security threats. Consequently, it is currently under revision. A careful analysis of CIs’ status in the EU, covering the challenges to their functioning and measures in place for their safeguard, is therefore necessary to provide recommendations for the adoption of further instruments so as to equip CIs with increased protection and resilience.
Study requested by the European Parliament’s Special Committee on Foreign Interference in all Democratic Processes in the European Union, including Disinformation (INGE).
-
Details
Brussels, European Parliament, July 2021, 53 p. -
ISBN/ISSN/DOI:
978-92-846-8183-9, 978-92-846-8182-2 (pdf); 10.2861/179721, 10.2861/221461 (pdf)
1. Introduction
1.1. Objective and scope of the study
1.2. Methodology: approach, sources, actors
2. Definitions and possible expansion of the criteria
2.1 Definitions and terminology: analysis of the criteria that define an ECI
2.2 A tentative comparative analysis of CI definitions in MS and possible expansion of the categorisation: identifying other vital, interdependent and cross-border services
2.3 A look at soft targets: a special category of CIs
2.3.1 Religious infrastructures as soft targets: terrorism and foreign interference
3. The status of CIs facing present and future threats
3.1 Threats evolution and state of the art
3.2 Conventional and CBRN threats: physical damage to CIs
3.3 Advancing technology and cyber threats: their role and impact on the interdependence and connection of CIs
3.4 EU dependence on foreign technologies
3.5 Other forms of interference: a focus on hybrid threats
4. Chinese and Russian presence and/or interference in CIs
4.1 Chinese Foreign Direct Investments (FDIs)
4.2 Chinese interference through education and cultural infrastructures
4.3 Russian and Chinese cyber-attacks
5. An unprecedented challenge to CIs: the COVID-19 pandemic
6. Analysis of the approaches and initiatives in place to face the security threats
6.1 The Proposal for a Directive on the resilience of critical entities and other relevant EU documents: in depth analysis based on the Inception Impact Assessment
6.2 EU Cybersecurity Strategy and the proposal for a revised Directive on Security of Network and Information Systems (NIS 2 Directive)
6.3 Overview of the main EU initiatives and lessons learned from extra EU partners
6.4 Current existing approaches for the resilience of CIs: security by design and personnel training
6.5 The importance of public-private cooperation
7. Conclusions: recommendations to the local, national and EU actors and institutions
7.1 Recommendations to the European Commission on the further elaboration and implementation of legal measures for the protection and resilience of CIs
7.2 Recommendations to the European Commission and other bodies on the adoption of CI security measures
7.3 Implications and recommendations for the European Parliament
7.4 Recommendations to the European Parliament on civil society-centered measures for the protection and resilience of CIs
References