A comprehensive threat picture for enterprises

As a part of the security-political task Critical Infrastructure Protection Economic aspects and risk analysis (part 1)

Josef H. Bogensperger


A discontinuance of energy, data or materials flow immediately leads to a considerable disturbance of the overall system. This highly effective and complex infrastructure is on the one hand the backbone of our economic system, and on the other hand it is the weak spot of our economic community. Thus, Critical Infrastructure Protection (CIP) is an important task of precautionary security policy. The topic Critical Infrastructure Protection was picked up on a European level in 2004 for the first time, and as a first step implemented with the project European Programme on Critical Infrastructure Protection - EPCIP in the framework of European security policy.

The general objective of EPCIP is an improvement of CIP within the EU. On 12th January 2009 the Guideline 2008/114/EG “Determination and Designation of European Critical Infrastructure and Assessment of the Necessity to Improve their Protection” entered into force. This guideline is focussed on the energy and transport sectors. Since then this document was refined with a working paper titled “New Approach to the European Programme for Critical Infrastructure Protection” from 8th August 2013. The recommended steps were divided into three focal points:

- Precautionary measures of protection (prevention) include risk analyses (on the basis of a threat picture) and security-technological monitoring systems and/or access rights and authorizations;

- Measures for improving crisis coverage (preparedness) including the generating of crisis plans, training the staff members, and crisis exercises;

- Interdisciplinary cooperation in order to early recognise threat potentials (response).

The objective of CIP is providing all vital services. Critical EU infrastructure include assets and systems (or parts of them) which are located in a member state and which are necessary for preserving and running vital functions such as health, security, economic and social well-being of people, and the discontinuance and/or destruction of which have relevant influence on the member state in the stated sense. For this reason it is the objective of the EU to provide a high degree of CIP as well as to raise failsafe performance and refractiveness (resilience), thus minimizing the consequences of the loss of services for society as a whole. In this part of the essay the author gives summary of the topic “CIP” and compares it with the approaches described in the ÖNORM. After that he tries to demonstrate the effects of great loss events on the substantial economic ratios of an enterprise. Finally he closes this first part with observations about risk analysis.