Page 120 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 120
SECTION II: CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION
Policy from 2016 (which replaced the security strategy of 2003), the term and concept of
critical infrastructure was significantly emphasized in the need to strengthen the resilience
of infrastructure and to invest in its further development and its protection in various areas,
including in the cyber domain (European External Action Service, 2016).
The review of strategic documents is followed by an overview of the development of the
regulatory framework.
In June 2004, the European Council requested that the European Commission begin develop-
ing a comprehensive normative framework for critical infrastructure protection in the Euro-
pean Union. Based on this request, the European Commission first drafted a Communication
from the Commission to the Council and the European Parliament: Critical Infrastructure
Protection in the fight against terrorism, which outlines what Europe should do to prevent ter-
rorist attacks on critical infrastructure, improve emergency preparedness, increase resilience
and develop the ability to respond to attacks (European Commission, 2004). The document
initiated intensive work by the bodies of the EU, in cooperation with the Member States and
individual experts, to develop the EU’s regulatory framework and identity in the field of criti-
cal infrastructure. The following year the European Commission drafted a Green Paper on
a European Programme for Critical Infrastructure Protection, which suggested solutions for
setting up critical infrastructure protection programmes and the creation of a Critical Infra-
structure Warning Information Network (CIWIN) (European Commission, 2005). The next
input to the Commission came from the Justice and Home Affairs Council of the Council of
the European Union, which in December 2005 requested the drafting of a proposal European
Programme for Critical Infrastructure Protection. In line with this request, the following year
the Commission developed and published the said Programme, which considered all threats
to critical infrastructure, with terrorism remaining a primary focus and concern (European
2
Commission, 2006).
Reviewing the document in question, in 2007 the Council of the European Union concluded
that the ultimate responsibility for managing critical infrastructure protection solutions rests
with the Member States, within their national borders (Council of the European Union, 2008).
That same year, the Council passed a Decision establishing for the period 2007 to 2013, as
part of General Programme on Security and Safeguarding Liberties, the Specific Programme
‘Prevention, Preparedness and Consequence Management of Terrorism and other Security
related risks’. The programme recognizes a number of security risks. It focuses on supporting
Member States’ efforts to prevent terrorist attacks and to prepare for the protection of people
and critical infrastructure from the risks of terrorist attacks (Council of the European Union,
2007). In 2008, the Council issued a key document in the field of critical infrastructure pro-
tection in the EU, Council Directive 2008/114/EC of 8 December 2008 on the identification
and designation of European critical infrastructure and the assessment of the need to improve
their protection (hereinafter: Council Directive 2008/114/EC), which lays out the EU’s inter-
est in the comprehensive protection of critical infrastructure against all risks and threats at
the Member State level and the EU as a whole, instead of the primary focus on the threat of
terrorism (Council of the European Union, 2008).
2 In 2013, the document was updated and replaced by a new document from the European Commission called
Commission staff Working Document on a new approach to the European Programme for Critical Infra-
structure Protection: Making European Critical Infrastructure more secure, while the purpose and objectives
remained the same.
120
