ENISA issued methodologies for the identification of Critical Information Infrastructure (CII) services in communication networks.
This study provides state of the art methodologies, and suggests possible improvements that would allow Member States (MS) and operators of CIIs to protect themselves from future threats and challenges. Decision makers in MS, using ENISA’s methodologies, will be able to:
- define critical sectors and services supported by electronic communication networks
- identify CIIs assets and services supporting critical services, especially regarding internal and external interdependencies
- foster baseline security guidelines to ensure the resilience of critical networks assets and services
- closely cooperate with critical infrastructure assets owners and operators which should be involved in any related initiative in the security and resilience of these assets.
Critical Information Infrastructure plays a vital role for the well-functioning of society and economy. A cyber attack or an outage affecting these infrastructures could have cascading effects on large part of the population. Identifying these critical components is fundamental for ensuring their availability and avoiding repercussions on the life of European citizens.
Currently a significant number of Member States lack a structured methodology regarding the identification of critical network assets. This can pose severe risks on the availability and resilience of the supported services.
Moreover, based on the findings of the survey, the discussion with stakeholders and the analysis of the different approaches already in place, other challenges include:
- the lack of a detailed list of critical services which should be tailored per Member State
- criticality criteria for the identification of critical assets, which is a challenging process especially regarding internal and external interdependencies
- effective collaboration between public sector and the private sector is fundamental in identifying and protecting CII assets and services and should start from asset identification.
ENISA’s Executive Director commented: “With the increasing reliance on communication networks, identifying Critical Information Infrastructures is the first step in protecting European networks. Effective collaboration between the public and private sector is fundamental in achieving this goal.”