Search for a command to run...
Europe’s critical infrastructure (CI) is facing an increasingly hostile threat environment from a variety of different actors. Russian hybrid operations, sabotage against energy and communications systems, and the vulnerabilities in increasingly interconnected systems highlight the importance of the topic. Recent attacks on European CI such as attacks on undersea cables in the Baltic Sea or incidents such as drone incursions into EU and NATO airspace highlight that protection as an inherent goal is unachievable. Instead, the goal should be to create resilient systems that can absorb and recover from disruptions. The policy brief identifies two main clusters of challenges: 1) Systemic challenges; and 2) Operational challenges. Systemic challenges stem from divergent threat perceptions, limited awareness of CI related risks, and different levels of hybrid and geopolitical threats. Operational challenges, however, include uneven implementation of the CER and NIS2 Directives, fragmented national CI frameworks, underdeveloped PPPs, limited resources, and a lack of investment in CI resiliency planning. The policy brief identifies several key lessons, where examined states have found creative or efficient solutions to the challenges previously identified. It is clear the CI resilience depends on early and continuous involvement of CI operators in policy planning, and a strong trust-based information sharing process between different actors. Only through these two aspects is it possible to create workable and efficient national policy frameworks, where CI operators are willing to fully engage. High threat awareness seems to correlate with better resilience practices, as demonstrated by the cases of Finland, the Baltic States, and Ukraine where holistic or whole-of-society approaches form the basis of CI governance. In these systems, there is strong civil-military coordination, as well as regional cooperation models to continuously strengthen systems. Furthermore, experience from the Western Balkans and Eastern Partnership countries shows that institutional fragmentation, weak PPPs, and resource constraints can be mitigated through EU support, regional collaboration, and phased implementation strategies. Finally, the brief highlights that CI resilience is a EU-level issue. Resilience continues to be a shared vulnerability and a shared opportunity at the same time. 11 different recommendations are presented to different actors. Some of the priorities include harmonising incident reporting across directives; expanding EU-NATO cooperation; supporting candidate countries through technical assistance and capacity building; developing regional early-warning mechanisms; and promoting cross-border risk assessments and joint preparedness exercises.