ENISA: How critical is a critical information infrastructure?
February 2015 by ENISA
ENISA issues methodologies for the identification of Critical Information Infrastructure (CII) services in communication networks.
This study provides state of the art methodologies, and suggests possible improvements that would allow Member States (MS) and operators of CIIs to protect themselves from future threats and challenges. Decision makers in MS, using ENISA’s methodologies, will be able to:
define critical sectors and services supported by electronic communication networks
identify CIIs assets and services supporting critical services, especially regarding internal and external interdependencies
foster baseline security guidelines to ensure the resilience of critical networks assets and services
closely cooperate with critical infrastructure assets owners and operators which should be involved in any related initiative in the security and resilience of these assets.
Critical Information Infrastructure plays a vital role for the well-functioning of society and economy. A cyber-attack or an outage affecting these infrastructures could have cascading effects on large part of the population. Identifying these critical components is fundamental for ensuring their availability and avoiding repercussions on the life of European citizens.
Currently a significant number of Member States lack a structured methodology regarding the identification of critical network assets. This can pose severe risks on the availability and resilience of the supported services. Moreover, based on the findings of the survey, the discussion with stakeholders and the analysis of the different approaches already in place, other challenges include:
the lack of a detailed list of critical services which should be tailored per Member State
criticality criteria for the identification of critical assets, which is a challenging process especially regarding internal and external interdependencies
effective collaboration between public sector and the private sector is fundamental in identifying and protecting CII assets and services and should start from asset identification.
ENISA’s Executive Director commented: “With the increasing reliance on communication networks, identifying Critical Information Infrastructures is the first step in protecting European networks. Effective collaboration between the public and private sector is fundamental in achieving this goal.”
In 2015 ENISA will continue fostering security and resilience of the European networks. This year the focus will be on assessing critical communication networks, links and components. Furthermore the Agency will continue to promote the engagement of the network operations community, via the INFRASEC - Internet infrastructure security and resilience reference group, workshops and other awareness activities.