CERIS workshop on Infrastructure Resilience: Addressing CER requirements through research

 

Strengthening the resilience of critical infrastructure has increasing importance for the EU thus the European Commission organised a workshop in the framework of the CERIS to discuss how EU security research may contributes to this goal. Close to 40 representatives of infrastructure operators, Member States’ authorities, policymakers and researchers met on 16 November 2023 in Brussels to discuss the achievements and future needs regarding the resilience of critical entities since the entry into force of the Critical Entities Resilience (CER) Directive in January 2023.

The event was opened by a keynote speech of Max Brandt from the Counter-Terrorism Unit of DG HOME, European Commission. Mr Brandt underlined the importance of the CER Directive and the need for the active engagement and involvement of Member States in the dedicated EU security research projects. He underlined that the deadline for Member States to transpose the CER directive is coming up in Autumn 2024. This will be the first marker of the Directive’s immediate success, as well as a good indicator as to the challenges faced with regard to complying with the provisions of the CER Directive.

The first panel of this event focused on the operators’ perspectives on research in the field of Critical Entities Resilience, in which Representatives from DTEK, the Finnish Meteorological Institute, Rina Services and SINTEF discussed the following issues: In contrast to the pre-event character of risk management, leading to prevention and mitigation, critical infrastructure resilience also focuses on the response and the rapidity of recovery during and after the event. In other words, unwanted events and surprises are anticipated to occur, as prevention and mitigation are not always sufficient. In the new CER Directive, the risk landscape is expanded, and a common methodology is needed for resilience management. A standardised baseline for assessing critical infrastructure resilience is needed, and research can greatly contribute here. Importantly, it was also noted that awareness raising work needs to be carried out, as many small operators of infrastructures are not aware that they should be classified as Critical Entities. Furthermore, a clear collaborative emergency plan and clear responsibilities need to be defined for moments of crises.

During the second panel, experts discussed security research for Critical Entity Resilience from the point of view of public authorities. Here, panelists coming from Fraunhofer FKIE, the French administration, UNDRR and KEMEA evoked the need for collaborative information management and for standardising tools which can be used to guide implementation of security measures at national and local level. All stakeholders should be involved in the guide on what constitutes resilient infrastructure and how to create a more effective collaboration. Representatives from NATO indicated that civilian and military experts meet twice a year at national level to discuss what the research priorities should be and create subsequent activities. Experts also discussed the dichotomy between the need to have low technical readiness level (TRL) projects which allow for forward-looking research, and the need to have more mature, higher TRL projects which offer tangible results to operators and practitioners to exploit.

The last panel of the event organised by the Joint Research Centreof the European Commission, discussed the transition from the European Research Network for Critical Infrastructure Protection (ERNCIP) to the European Network for Critical Entities Resilience (ENCER). Experts coming from HT Nuclear, the European Risk and Resilience Institute, INTRASTESS Demokritos and the Municipality of Barreiro in Portugal underlined that the new ENCER should involve experts from all critical infrastructure stakeholder communities (e.g. scientists, operators and legislators) and make full use of the ERNCIP achievements. Experts should be asked to work on specific elements identified in the CER Directive (e.g., framework for identifying critical entities, common risk assessment) but also on ad-hoc research. A suggestion was made to structure ENCER in such a way that it is able to support infrastructure resilience as a service. A cross-sectoral collaboration among the ENCER working groups should be established, considering the interdependency of sectors. Among the research projects, competitiveness should be replaced by more collaboration, as the uptake of even high TRL projects is still a challenge.

This CERIS workshop allowed for the latest policy and research developments in the field of critical infrastructure protection while providing an outlook of upcoming requirements of the CER Directive and the important role of security research in ensuring its implementation.