The Confederation of European Security Services (CoESS) acts as the voice of the private security industry which provides a wide range of services, both for private and public clients, including nuclear plants, airports, and many other Critical Infrastructure (CI) facilities. For example, about 60 per cent of all security services in European airports today is being outsourced to the private sector. Based on best practices and efficient public‐private cooperation, CoESS wishes to see the security and protection of CI optimised through an explicit recognition of the complexity of the issue, involving public and private actors.
Hence, CoESS highly welcomes the European Commission’s initiative to evaluate the 2008 European Critical Infrastructure Protection Directive, plans to ensure better protection of CI by means of common Operator Security Plans (OSP), and next steps mentioned in the roadmap. Since many years CoESS has been proactive in this matter, by contributing to meetings and publishing documents, such as its White Paper and Guidelines on Critical Infrastructure Security and Protection. It is currently developing a CEN standard for suppliers of private security services to CI. CoESS also recently published a study on Transport Security, covering many different aspects of CIP in the aviation, maritime and land transport sector.
CoESS particularly welcomes that the evaluation of the 2008 Directive will be conducted in view of evolving terrorist threat scenarios, including insider threats, use of drones, and hybrid threats, which are common challenges to the different kinds of CI. Whilst insider threats and drones have proven to considerably weaken and circumvent existing CIP measures, we also witness that the frequency of large-scale cyberattacks on CI increased tremendously. The assessment of these risks and means to enhance resilience against them and their human-cyber interface (human acts that allow a cyberattack to take place) is crucial when evaluating the 2008 Directive and creating future OSPs.
Whilst the steps mentioned in the roadmap are all important and necessary, CoESS recommends that the evaluation should go further, so as to assess other factors when creating common approaches for CIP.
First, enhanced resilience starts with the introduction of procurement quality guidelines for contracting private security companies (PSCs) for CIP tasks. Too often, security providers are chosen based on price-criteria only. CoESS supports procurers in identifying quality criteria, mainly by providing a best value manual entitled “Buying Quality Private Security Services”, produced in conjunction with its Social Partner UNI Europa, and with financial support from the European Commission. The guide can be downloaded on www.securebestvalue.org.
CoESS further advocates that explicit roles and responsibilities for protecting CI should be allocated, and that common risk assessment standards should be adopted. Security should be built into the design and operation of CI in order to reduce security costs as well as improve security effectiveness, and not be added on as an afterthought. For the transport sector, CoESS has produced specific recommendations in our Transport Security Report.
Importantly, CoESS stresses that the role of PSCs has to be recognised in relevant related policies, legislations and guidelines, which should include the promotion of public-private partnerships in CIP. PSCs can play an important role in enhancing resilience of CI, as they are usually the first line of response for most of the threats and current modus operandi of terrorists. Consequently, it is crucial that the private security sector be consulted at the very early stages of conceptualisation of approaches and possible resilience strategies. Further information on our recommendations can be found in the CoESS White Paper on Critical Infrastructure Security and Protection.
The views and opinions expressed here are entirely those of the author(s) and do not reflect the official opinion of the European Commission. The Commission cannot guarantee the accuracy of the information contained in them. Neither the Commission, nor any person acting on the Commission’s behalf, may be held responsible for the content or the information posted here. Views and opinions that violate the Commission’s feedback rules will be removed from the site.