Citizens and businesses depend on information and communications infrastructure to support online critical services (e.g. energy, telecommunications, healthcare). Increased cyber threats can impact greatly the provision of services and result in loss of money and reputation damage for businesses.
EU Member States and the private sector alike need to co-operate with each other if they want to effectively address these threats today. Yet, only half of the countries examined by ENISA have established such cooperation models as public–private partnerships, working groups and contact forums.
As some sectors, like finance, telecommunications, and energy are more tightly regulated than others, security requirements differ greatly across sectors and for different types of CII operators. Just a small number of countries have implemented mandatory security requirements across sectors.
ENISA points out that a few countries, especially the ones with a more decentralised CIIP approach, delegate their national risk assessment to sector-specific authorities or to operators of CIIs.
Some countries believe that market pressure will give CII operators sufficient incentives to invest in additional security measures. However, almost none of the examined Member States have implemented incentives to invest in CIIP-related security measures for operators of CII.
ENISA proposes Member States and EU Commission to:
- Conduct a thorough national risk assessment
- Establish cooperation between public and private stakeholders
- Define baseline security requirements to support CIIP development in the MS
- Implement incentives that could motivate CII operators to invest more on security measures.
“Emerging threats to critical information infrastructure constitute a clear and present danger. One which can only be mitigated by coordinated efforts. ENISA works with public as well as private stakeholders to make sure that CIIP is a priority at EU level,” said Udo Helmbrecht, Executive Director of ENISA.
Additional insight is available in a new ENISA study.