Critical infrastructure and supply chain protection
Human security depends on several assets, including infrastructures. The term “critical infrastructure” emerged at the end of the 1990s. Before that, terms such as emergency supply, material and technical base of state, and emergency functions were in use. In the EU, critical infrastructures are those physical and information technology facilities, networks, services, and assets that, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or the effective functioning of governments in European Union (EU) countries. FOCUS highlights the close relationship between critical infrastructures and supply chains: how supply chains depend on transport infrastructures, energy supply, and information and communication technology (ICT); and how critical infrastructures depend on the performance of supply chains.
Critical infrastructure protection refers to preparedness and response to serious incidents that involve the critical infrastructure of a region or nation. More specifically, critical infrastructure protection as defined by the EU is the ability to prepare for, protect against, mitigate, respond to, and recover from critical infrastructure disruptions or destruction.
Supply chain security is a systematic and continuous process to enhance prevention, protection, preparedness, monitoring, detection, mitigation, response, and recover: Supply chain security management covers all processes, technologies, and resources exploited in a systematic way to fight against end-to-end supply chain crime. The primary goal is either to prevent a crime, to detect a crime, or to recover from a crime incident in the fastest possible timeframe. Single security measures typically fall into one of the following five categories: cargo, facility, human resources, information technology, and management systems. The typical supply chain crime includes theft, smuggling, counterfeiting, sabotage, blackmailing for financial gain, terrorism for destruction, and any type of fraud and corruption (the detailed crime definitions subject to national and international regulations). Explicit legal rules and regulations draw boundaries between illegal and legal activity, and criminalize undesired activities. This empowers legitimate private and public supply chain actors to take protective measures.
Table of Contents [-]
- 1 Recent developments
- 2 Challenges for security research
- 3 Top-3 challenges as identified in FOCUS horizon scanning
- 4 Full problem space report
- 5 Related scenarios
- 5.1 Reference scenario
- 5.2 Scenarios for "EU 2035" roles and futuristic missions
- 5.3 Scenarios for "Security Research 2035"
- 5.4 Expected key technologies in the scenario space of this Big Theme
- 5.5 Requirements for IT-based knowledge management in the scenario space
- 6 Common analytical framework matrix (CAFM)
Over the past decade, the EU has taken substantial steps to formulate integrated policies designed to enhance protection of European Critical Infrastructure (ECI) and reduce its vulnerability by a variety of threats, including terrorism, criminal activities, and natural disasters. The most significant advancement has been the introduction of a legislative framework named European Programme for Critical Infrastructure Protection (EPCIP). The development of the framework was originally initiated in response to threat of terrorist attacks, but EPCIP embraces an all-hazard approach that covers also natural disasters together with intentional man-made hazards. As a challenge for possible future EU roles, effective protection will need binding international and global rules, since all major infrastructures operate internationally or globally, and threats can originate from any place in the world. Voluntary action will not suffice.
Critical infrastructure and supply chain protection have centred on aspects like the massive impacts of disruptions and failures on society (such as loss of lives, public disturbances, and economic damages). Public and private partnerships and international cooperation are recognized as a prerequisite to realize the protection of both critical infrastructures and supply chains. The need for general risk assessments, awareness building and closing of gaps on the levels of organizations, technology, political strategies, and countermeasures has been highlighted. Yet there has not always been a realistic look into the mid-term future. This concerns development of threats, technological and structural risks, political responses, and new forms of cooperation between industry and governments. Possible future changes in technology, economic and social affairs as well as changes in values, ideologies, and beliefs that reform societies and risks are often not considered – providing an important challenge for foresight work.
Challenges for security research#
Policy developments call for support by well-focused EU-level research, which should include three main themes. First, detailed assessment of interdependencies in the European Critical Infrastructure system, with special attention to linkages between European Critical Infrastructure and infrastructure in third countries; second, a comprehensive catalogue of critical supplies for the European economy, along with factors that could disrupt supply of these materials to the EU; third, analyses of how the new mandate of the Lisbon Treaty together with enhanced dual-use capabilities of the EU could change the EU’s role, including the Union’s growing political power to protect its interests in third countries. In addition, the definition of European critical supplies requires more detailed research. As far as the cyber dimension is concerned, future research should address cyber attacks on commercial and state actor targets – and if dissuasion is possible and what are effective responses to such attacks – but also hacking and other actions from cyberactivist groups.
Top-3 challenges as identified in FOCUS horizon scanning#
- Interdependencies between European Critical Infrastructure and infrastructure in third countries
- So far undefined role of the EU to protect energy sourcing, raw material, and food supply from the third countries
- Criminal/terrorist use of the cyberspace to attack any sector of critical infrastructure
Full problem space report#
- Security as Societal Science: Critical infrastructure and supply chain research driven by societal factors
Scenarios for "EU 2035" roles and futuristic missions #
- Back to the future
- Strategic policy maker
- Comprehensive manager of critical infrastructure breakdown
- Digital homeland security provider
- European platform for critical infrastructure problem solving
- Information and society manager in case of critical infrastructure breakdown
- Insurance for supply
- Holistic stabilizer
Scenarios for "Security Research 2035"#
- “Stranger, bear word to the Spartans” – Research driven by societal factors
- “Security as a social science” – Research driven by political framework conditions
- “Tool time” – Research driven by limited budgets/finance-driven research
- “Technology to protect” – Technology-driven research
- “Not over my border” – Cross-border security incident response system research
- “Treading data” – Comprehensive risk assessment/management research
Expected key technologies in the scenario space of this Big Theme#
- Data protection technology
- IT security technology (relates both to improved conventional anti-virus technology and to new anti-cyber attack technology)
Requirements for IT-based knowledge management in the scenario space#
- Crowdsourced technology foresight and assessment
- Hosting of a dynamic model to describe interdependencies among critical infrastructures and supply chains
- Crowdsourcing of citizens’ perception of infringements of their fundamental rights by increased security of infrastructures and supply chains
- Knowledge management and knowledge integration
- Platform for crisis communication
- Platform to support crisis management (e.g., knowledge-based decision support)