Interview about new CIIP initiative
In January 2016 GFCE members Spain, Switzerland, Norway and the Netherlands formally launched the Critical Information Infrastructure Protection (CIIP) Initiative. The aim is to support the development of CIIP capabilities, especially in developing countries. This initiative is set up in partnership with the Meridian Community, a group of CIIP policymakers from 50 countries, many of whom meeting regularly during annual Meridian conferences.
Interview with Mr. Ricardo Mor Solá, current chairman of the Meridian Community and Ambassador-at-large for Cybersecurity in Spain.
What are the greatest current threats to our critical information infrastructure?
Mr Mor Solá: In my view, cyberattacks against electricity distribution systems are those that may have strongest impact on the public opinion when dealing with the protection of energy infrastructure. For instance, the most recent cyberattack on electricity infrastructure caused a power blackout in Ukraine on 23 December 2015. This blackout, which affected large parts of western Ukraine, is believed to be the first example of a power outage deliberately caused by a hacking attack. It is of crucial importance that policy makers are aware of the need for security of information systems and networks that support ICT-enabled infrastructures. They should also know what they can do to enhance their security.
Why is global cooperation so important in the protection of critical information infrastructure?
Mr Mor Solá: Global cooperation is extremely important in CIIP. Many economies are highly integrated and depend on cross-border critical infrastructure, such as roads, telecommunications, energy and rail systems. Owners and operators of critical infrastructure, as well as local and regional emergency management agencies, have traditionally focused on protecting their facilities and jurisdictions. Increasingly, they recognize that they must look beyond their own operations and borders, given the interdependencies among governments, first responders and critical infrastructure owners and operators.
This common understanding was also highlighted at the GFCE international kick-off meeting held in November 2015 in The Hague. International cooperation framed for protecting CII is underlined in many multilateral agreements and bilateral MoUs. Nevertheless, the recognition that this growing technological interdependence relies on a complex network of CII components is not new. For example, engaging in international cooperation to secure CII was already an element included in the resolution adopted by the UN General Assembly in January 2004 aimed at creating a global culture of cybersecurity and the protection of CII.
What do you hope to achieve with this initiative?
Mr Mor Solá: The aim of this new initiative is to support policy makers with responsibility for CIIP to understand the implications and consequences of cybersecurity issues and to maintain an awareness of current developments. It is also intended to raise awareness of the importance of CIIP as a vital component of Cyber Security, and assist CIIP policy makers to make a persuasive case for the adequate allocation of appropriate resources. The initiative is targeted to leverage the CIIP policy making expertise and knowledge of the Meridian community for the benefit of a broader audience to help develop CIIP capabilities, particularly in developing countries. We want to share with participants joining this initiative the need to promote a culture of security of critical infrastructure among all actors involved, private and public, as a means of promoting the protection of ICT-enabled critical infrastructure. We hope to raise awareness about the risk to information systems and networks that support critical infrastructure; the policies, practices, measures and procedures available to address those risks; and the need for their adoption and implementation.
How can non-Meridian countries benefit by joining this initiative?
Mr Mor Solá: Country participants of this initiative will automatically get access to the Meridian community. This means access to Meridian conferences, and eventually the Meridian portal (CIIP best practices, CIIP directory with expert contacts, etc.). GFCE members who are already part of the Meridian community are encouraged to participate in this initiative to improve knowledge sharing within Meridian. To cater to the needs of developing countries the initiative will broker special sponsor or ‘Buddy’ relationships with current Meridian community members. This would include a special workshop day directly preceding the Meridian conference to establish a baseline of CIIP knowledge. The 12th Meridian conference will take place in Mexico this year.
What deliverables can be expected of this initiative?
Mr Mor Solá: During 2016-2017, the content of this initiative is expected to be delivered in various ways including periodic topical seminars and workshops (possibly online), building upon the accumulated results and outputs of the various sessions at Meridian conferences over the past 11 years; organising specific workshops aimed at establishing a baseline of CIIP knowledge for developing countries; tool-kits or learning materials (virtual or physical) tailored to specific CIIP issues; initiating or collaborating on research into specific CIIP relevant topics; and, inter alia, creation of good practice guidelines on aspects of CIIP.
Click here for more information about the CIIP initiative.
GFCE members who are interested to participate in this initiative are invited to contact the GFCE secretariat.