The European Programme for Critical Infrastructure Protection (EPCIP) includes:
- A Directive of the Council on the identification and designation of ECI and the assessment of the need to improve their protection. The proposed Directive establishes a procedure for the identification and designation of CI, and a common approach to the assessment of the needs to improve the protection of such infrastructure;
- measures designed to facilitate the implementation of EPCIP including an EPCIP Action Plan, the Critical Infrastructure Warning Information Network (CIWIN), the use of expert groups at and the identification and analysis of interdependencies, and;
- support for member states concerning National Critical Infrastructures (NCI);
- accompanying financial measures and in particular the proposed EU programme on "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" for the period 2007-2013, which will provide funding opportunities for CIP-related measures having a potential for EU transferability.
Because of the private ownership of major elements of critical infrastructure any security and control measures will (almost by definition) require the involvement of both private and public interests. National authorities will often have sole competence in the area. There is, however, often a level of transnational interdependence involved, which makes it clear that the EU should also play a certain co-ordinating role.
In sectors such as aviation and maritime security, inspection services have been created within the European Commission to check the implementation of security legislation by member states. Further initiatives are in progress with the creation of the European Network and Information Security Agency (ENISA) for communication security.
The European Programme for Critical Infrastructure Protection, EPCIP, demands that the Commission produces an annual communication to take stock of progress made and challenges ahead. This will integrate the various analyses and measures across the different sectors of the economy. Member-state governments would continue to develop and maintain databases of significant critical infrastructure on a national basis and would be responsible for developing, validating and auditing relevant plans to ensure continuity of services in case of an attack under their jurisdictions.
In the course of 2005 the Commission created a Critical Infrastructure Warning Information Network (CIWIN), which brings together member-state CIP specialists to assist the Commission in drawing up a programmes to facilitate exchange of information on shared threats and vulnerabilities and appropriate counter-measures and strategies. The USA has a similar system known as Critical infrastructure Warning Information Network (CWIN), operational since 2003.
Security of Aircraft in the Future European Environment (the SAFEE project) was begun in 2004 with the aim of improving security on commercial aircraft. It addresses classic hijacking situations, September 11-type scenarios and futuristic scenarios involving electronic jamming and hacking of computer systems. Sub-projects will address technical issues such as onboard-threat detection, threat assessment and response management plus flight protection.
The maritime sector:
TheInternational Ship and Port Facility Security, ISPS code, was introduced in July 2004. It requires ports and vessels to show that they have put adequate security systems in place - and vessels to show that they have been calling only at certified ports. The purpose of the code is to provide a standardised, consistent framework for evaluating risk.
The EU has set up a task force to explore what its 25 member states are doing to combat cyber-threats against critical infrastructure. As part of the EU's Critical Information Infrastructure Research Coordination, CI2RCO project, announced in April 2005, the task force aims to identify research groups and programmes focused on IT security in critical infrastructures, such as telecommunications networks and power grids. The scope of the cooperation goes beyond the EU; the task force also wants to include USA, Canada, Australia and Russia.