2nd ERNCIP Operators Workshop

2014-05-19 09:00 to 2014-05-20 17:15
Operators Workshop

Assessment, selection & deployment of technological security solutions

On the 19-20th May 2014, the 2nd ERNCIP Operators’ Workshop took place, at the JRC premises in Ispra, Italy. It was organized by the European Reference Network for Critical Infrastructure Protection (ERNCIP). This was the second workshop, following the 1st ERNCIP Operators’ Workshop, held in Brussels on 12-13 September 2013.

Workshop’s Theme & Sessions

The work performed within the ERNCIP network aims to be a direct response to the lack of harmonised EU-wide testing or certification for CIP products and services, which is a barrier for future development and market acceptance of security solutions.

Therefore, this year’s workshop focused on the needs and practises of CI Operators regarding the assessment, selection and deployment of technological security solutions. The workshop gathered thirty-one professionals representing CI operators from several CI sectors - Energy, Information and Communication Technology (ICT), Transport and Water. The workshop facilitated the exchange among operators and sectors, and provided guidance for ERNCIP in its efforts to develop and leverage its role for the benefit of CI operators.

The workshop was structured into three closely linked sessions during which the operators interacted actively both in the flow of discussions and in the joint work on the questions posed by the three dedicated moderators (one for each session). Each session was centred on a driving question:

Session 1: (Moderator: Mr Klaus J Keus)

What are today’s challenges for operators regarding assessment, selection and deployment of technological security solutions?

Session 2: (Moderator: Dr Carmine Rizzo)

What tools are available for operators and how can these be best utilised in order to address the above challenges regarding the assessment, selection and deployment of technological security solutions?

Session 3: (Moderator: Dr Alois J Sieber)

How can the ERNCIP network help to address these challenges on an EU level?

During Session 1 and Session 2 the operators were initially divided into three sectoral working groups. The outcome of each working group was thereafter presented by a selected rapporteur (one of each working group) to all participants and followed by a discussion. This approach facilitated for discussion both on a sectoral level, but also on a horizontal level.

Session 3 addressed the outcomes from session 1 and 2 with a focus on ERNCIP’s role and took place in the form of an open discussion among all participants. In addition, during session 3, ‘green cards’ were distributed to all participants on which they could openly express any topic or suggestion. These green cards were reviewed and taken into account after the workshop by the session moderators.

Workshop Outcomes

In the following section, we summarise the main outcomes of the work performed. For more detail, please consult the Final Workshop Report compiled by the moderators.

General observations

While several challenges were identified as common to all sectors, recommendations coming from one sector need to be handled very carefully before applying them to other sectors. read more

Harmonized EU Legislation

With regards to legislation, an overall framework of existing or upcoming laws and regulations on national as well as European levels would offer the basis for a qualified assessment and would support the operators in their decision-making process, with respect to security technological solutions. read more

Cross-sectoral approach

The current work performed within the ERNCIP project was presented to the operators. The operators highlighted that the existing thematic areas appear scattered and that a clear structure linking the thematic groups on the basis of sectoral importance and relevance is missing. read more

Harmonised EU-wide Training & Certification

The workshop participants pointed out that EU-wide harmonised training for operators’ staff does not exist, nor does a certification scheme for qualified CIP personnel. There is a need to support such efforts through relevant professional education and training/ research budgets. read more

Learning from experience

Information sharing regarding threats and vulnerabilities, as well as available/needed tools and instruments, is still a huge challenge because of a missing central reliable point of trust. read more

Learning from research

Operators feel that there is not enough information available about security research efforts at EU or national level. read more

Risk Assessment

A major challenge consists in assessing risks, as well as calculating or estimating related costs. Scenario-oriented approaches, related but not limited to risk assessment, would enable a more structured process, as would new models for risk and costs estimation. Financing and related investments are challenges which have a direct impact on the business, and hence also on competiveness. read more

New concepts for CIP

The operators underline the need to link security with existing safety efforts. More specifically, the Transport sector working group presented the new concept of ‘safeurity’ as an example of a concept being developed within the rail sector and aiming at the protection of infrastructures and operations of any kind.

ERNCIP Platform

ERNCIP’s role

ERNCIP should build on the very positive feedback from this workshop (the second in a series) and launch a systematic outreach initiative to operators. This might include information meetings at national level facilitated by authorities in the Member States. read more


This article summarizes the findings as presented by the moderators (Klaus Keus, Carmine Rizzo and Alois Sieber) and the ERNCIP Office in the official workshop report of the 2nd ERNCIP Operators’ Workshop. The previous version of this article has been published on the European CIIP Newsletter (ECN).

Add to My Calendar