Why the European Commission is taking steps to strengthen the resilience of EU critical infrastructure

On September 26th, sudden drops in pressure were observed in the natural gas pipeline Nord Stream 2 before undersea leaks were detected in the Baltic Sea. Shortly thereafter, leaks were also detected for Nord Stream 1.

While the pipelines are not currently facilitating gas flows from Russia to Europe, they were filled with natural gas which has leaked into the Baltic, creating an operational hazard for vessels in the area.

Seismologists in Sweden and Denmark registered two powerful blasts the day before in the vicinity of the leaks.

On September 29,  NATO issued a statement saying the leaks were the result of deliberate sabotage and stating that attacks on allies’ critical infrastructure would be met with a “united and determined response.”

Other investigations are underway to ascertain the cause of the explosions and responsible parties.

Operational threats against energy infrastructure

European critical entities are more interconnected and interdependent, which makes them stronger and more efficient but also more vulnerable in case of an incident.

What the Nord Stream events highlight is the fact that European critical infrastructure can be a potential target for those seeking to precipitate disruptions and undermine energy security on the continent. This is according to Trevor Howe, senior operational resilience consultant at Interos.

”This threat is made particularly dangerous amid EU Member States’ efforts to prepare for the winter season without Russian natural gas,” he wrote, pointing out that Europe’s energy infrastructure is also exposed to cyber threats.

”Companies can better-understand their risk exposure to physical and digital infrastructure attacks by gaining greater visibility into their third parties’ risk posture,” continued Howe.

”Additionally, entities should implement risk management programs, conduct internal reviews to assess their own security posture, prepare and test resilience plans for likely scenarios, and strengthen collaboration with stakeholders in their respective industries to better manage risk in their supply chains.”

EC’s 5-point plan

The European Commission is proposing a series of steps to strengthen the resilience of EU critical infrastructure.

Russia’s war of aggression against Ukraine has brought new risks, physical and cyber-attacks, often combined as a hybrid threat, it pointed out in a statement.

Whiel the EU already has the recently-agreed Directive on the resilience of critical infrastructure (CER Directive) and the Revised Directive on the security of network and information system (NIS2 Directive), the application of the new rules must be accelerated, urge commissioners.

The draft Recommendation aims at maximising and accelerating the work to protect critical infrastructure in three priority areas: preparedness, response and international cooperation. 

Commissioner for Home Affairs, Ylva Johansson said: ”In view of fast-evolving threats, with Russia’s war of aggression against Ukraine, the sabotage of Nord Stream and the German rail network – it’s clear we need to accelerate our work to protect our infrastructure.

”With the threats we see today, we need to accelerate the application of the new rules and intensify our work with additional measures and closer cooperation.”

Commissioner for Internal Market, Thierry Breton added: ”The geopolitical reality pushes us to strengthen the resilience of European critical infrastructure in all dimensions, cyber and physical.

”The two new directives, NIS2 and CER are 2 sides of the same coin that we want to achieve even faster.”