The EU, we are told by Euractiv has stepped up efforts to protect itself against terrorism. Attacks on infrastructure such as transport, energy and communication have the potential to be highly disruptive. Therefore, the EU wants to co-ordinate efforts in member states and reassure the public that efficient alert and information systems are in place to protect the main elements of critical infrastructure.
Critical infrastructures, says the EU commission, "consist of those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or the effective functioning of governments in the member states. Critical infrastructures extend across many sectors of the economy, including banking and finance, transport and distribution, energy, utilities, health, food supply and communications, as well as key government services."
"Because of the private ownership of major elements of critical infrastructure any security and control measures will (almost by definition) require the involvement of both private and public interests. National authorities will often have sole competence in the area. There is, however, often a level of transnational interdependence involved, which makes it clear that the EU should also play a certain co-ordinating role."
So there we are – this is none of the commission’s business but, since there is "often a level of transnational interdependence involved", the commission is going to get involved anyway.
This is the sort of thing – reproduced verbatim – is what is being churned out in our name. The presumption is colossal – implying that the EU has any capabilities in this field, when it is totally reliant on member states for any specific action.
Anyhow, the EU proudly informs us that the Critical Infrastructure Warning Information Network (CIWIN) and the European Network and Information Security Agency (ENISA) are in the process of being set up, the latter being one of the agencies agreed in Brussels in December 2001. This one will have its seat in Heraklion (Greece).
ENISA's mission is "to assist the Community in ensuring particularly high levels of network and information security". The Agency will therefore "contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, consequently contributing to the smooth functioning of the internal market."
The magic words are, of course, the "internal market" and it on that rests its somewhat spurious legal authority to act. And the main way the agency is going to work is by "the development of standards for products and services" on Network and Information Society – harmonisation by any other name.
Where sectorial standards do not exist "or international norms have not yet been established, the European Committee for Standardization (CEN) and other relevant standardisation organisations should propose uniform security sectorial and adapted standards for all the various branches and sectors interested." Such standards should be also proposed at an international level through ISO in order to establish a proper level playing field in this respect.
The sheer arrogance of this presumption is breath-taking. The European Programme for Critical Infrastructure Protection, says the Commission, is demanding that the Commission produce an annual communication to take stock of progress made and the challenges ahead. As if this thing was a human being?
The "programme" is says, will integrate the various analyses and measures across the different sectors of the economy. Member state governments will develop and maintain databases of significant critical infrastructure on a national basis and will be responsible for developing, validating and auditing relevant plans to ensure continuity of services in case of an attack under their jurisdictions.
And all because, we are told, "Europeans expect critical infrastructures to function, regardless of which organisations own or operate the component parts. They expect member states and the EU to play a leadership role in ensuring this happens."
Funny thing though, apart from the zombies in Brussels, I have never yet heard anyone suggest that the EU should play "a leadership role" in ensuring the functioning of our "critical infrastructures". I wonder where they got that from?