Legislative Framework

Transcription

1 Legislative Framework forcip in Austria Sylvia Mayer Federal Agency for State Protection and Counter Terrorism

2 Damage of 21 transmission masts

3 Development in Europe andaustria EU, 2005: EPCIP(European Program for Critical Infrastructure Protection) Austria, 2005: Resolution of the National Council (CIP as part of the Enhanced Security Provision) Austria, 2008: APCIP(Austrian Programfor Critical Infrastructure Protection) APCIP Master Plan EU, 2008: EU-Directive Austria, 2014: second release of APCIP Austria, 2016: Provincial Program on Critical Infrastructure Protection

4 Legislative framework of CIP in Europe EU Directive 2008/114/EC On the identification and designation of European critical infrastructures and the assessment of the need to improve their protection European Program on CIP All-hazards approach, countering threats from terrorism as a priority European procedure for the identification and designation of European critical infrastructures (ECIs) Processes to deal with transboundary cross-sector effects resulting from interdependencies between interconnected infrastructures Security Liaison Officers should be identified for all designated ECIs in order to facilitate cooperation and communication Information sharing should take place in an environment of trust and security

5 Legislative framework of CIP in Austria Austrian Program on Critical Infrastructure Protection (APCIP) Definition Asset, system or part thereof, which is essentialfor the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact as a result of the failure to maintain those functions; Main Principles Public Private Partnership Resilience Subsidiarity and voluntary commitmentofprivate industry All-hazard-approach Operator based approach

6 Competencesin Austria Federal Chancellery Federal Ministry of the Interior Security Policy Center International Cooperation and Implementation on thestrategic Level Federal Agency for State Protection and Counter Terrorism Implementation on theoperational Level Federal Armed Forces Assistance Operation

7 Security Police Act Preventive Protection of Legal Interests Catalogue of critical services Single point of Contact Early Warning System Encrypted communication& secure information exchange Interviews & Consultation Risk Analysis

8 Security Police Act Preventive Protection of Legal Interests Security Check / Vetting Possibility of screening the critical infrastructure personnel with access to classified information, which can be used to harm the population Addressing Insider Threat

9 CriminalCode Definition of Critical Infrastructure Stricter sanctions if CI affected Theft Damage/Destruction Cyber-Attacks

10 Federal Law on Security ofnetwork and Information Systems SPoC Single Point of Contact Strategic NIS-Authority Federal Chancellery Operative NIS-Authority Ministry of the Interior Operative NIS-Authority Minstry of Defence E-CERT National CERT CSIRT Sector Health CSIRT Sector Transport

11 Questions?