Navigation path: European Commission > Information Society

POLICIES :: NIS :: Activities

Critical Information Infrastructure Protection

NEW Commission Communication on Critical Information Infrastructure Protection – "Achievements and next steps: towards global cyber-security" - COM(2011) 163 - Press release IP/11/395

NEW European principles and guidelines for the resilience and stability of the Internet developed in the context of the European Forum for Member States

EU initiative on Critical Information Infrastructure Protection - CIIP

The EU initiative on CIIP aims to strengthen the security and resilience of vital Information and Communication Technology (ICT) infrastructures by stimulating and supporting the development of a high level of preparedness, security and resilience capabilities both at national and European level.

The Commission set out a CIIP Action Plan in its Communication on Critical information Infrastructure Protection – ‘Protecting Europe from large scale cyber-attacks and cyber-disruptions: enhancing preparedness, security and resilience’ - COM(2009) 149 adopted on 30 March 2009.

The CIIP action plan is built on five pillars: preparedness and prevention, detection and response, mitigation and recovery, international cooperation and criteria for European Critical Infrastructures in the field of ICT. It sets out the work to be done under each pillar by the Commission, the Member States and/or industry, with the support of the European Network and Information Security Agency (ENISA). This approach was broadly endorsed by the Council Resolution of 18 December 2009 on a collaborative European approach to Network and Information Security (2009/C 321/01).

The planned activities complement the European Programme for Critical Infrastructure Protection (EPCIP), which is a separate but related Commission activity. A key element of EPCIP is the Council Directive on the identification and designation of European Critical Infrastructures, which explicitly states that the ICT sector is a part of critical infrastructures which will need to be specifically addressed.

The proposed actions complement existing measures in the area of police and judicial cooperation to prevent, fight and prosecute criminal and terrorist activities targeting CIIs. These proposals are also reflected in the EU research efforts in the field of network and information security and are in line with the international initiatives in this area.

Achievements and next steps: towards global cyber-security

On 31 March 2011, the Commission adopted a Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection – "Achievements and next steps: towards global cyber-security" - COM(2011) 163 (EN, DE, FR). The Communication takes stock of the results achieved since the adoption of the CIIP action plan in 2009. It describes the next steps planned for each action at both European and international level. It focuses on the global dimension of the challenges and the importance of boosting cooperation among Member States and the private sector at national, European and international level, in order to address global interdependencies.

To achieve an enhanced level of awareness and preparedness throughout the EU, the Commission proposes the following set of actions:

• Preparedness and prevention: including the European Forum for Member States (EFMS) to share information and good policy practices; the European Public-Private Partnership for Resilience (EP3R); baseline of capabilities and services for national/governmental Computer Emergency Response Teams;

• Detection and response development and deployment of a European Information Sharing and Alert System, reaching out to citizens and SMEs and being based on national and private sector information and alert sharing systems.

• Mitigation and recovery including the development by Member States of national contingency plans and the organization of regular exercises for large scale networks security incident response and disaster recovery; Pan-European exercises on large-scale network security incidents; reinforced cooperation between national/governmental Computer Emergency Response Teams.

• International and EU wide cooperation including European principles and guidelines for the resilience and stability of the Internet developed in the context of the European Forum for Member States; Global exercises on recovery and mitigation of large scale Internet incidents.

• Criteria for the ICT sector including the development of ICT sector specific criteria to identify European critical infrastructures in the ICT sector.

Links:

Communication "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience", COM (2009)149:

• 2009 Communication on CIIP
• Citizens summaries

                                 

• Impact Assessment Summary accompanying the adoption of the 2009 CIIP Action Plan
• Impact Assessment part 1 - part 2 - part 3
• Press release and MEMO accompanying the adoption of the 2009 CIIP Action Plan
• CIIP - Preparatory activities
• CIIP - Implementation activities

 

Return to Home page

Last updated: 29.06.2011

Home | News | Calendar | Library | RSS | XML | Search | Contact | Help