security
A Reference Security Management Plan for Energy Infrastructure
Prepared by the Harnser Group for the European Commission
Summer 2010
Under Contract TREN/C1/185/2009
A Reference Security Management Plan for Energy Infrastructure
Foreword
The European Union is developing its policy on critical energy infrastructures in relation to the European Programme for Critical
Infrastructure Protection (“EPCIP”) which considers measures that will enhance, where necessary, the level of protection of certain infrastructures against external threats.
The integrity of energy infrastructures and their reliable operation are key factors in ensuring the supply in energy, vital for the well-being of the citizens and the functioning of the economy.
For this reason energy infrastructure is considered as a priority for the implementation of the
EPCIP, hence the policy adopted in December 2008, under Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the need to improve their protection, has the energy sector in its scope. As one of a number of requirements, this
Directive included the creation of an Operator Security Plan for all infrastructures designated as European Critical.
The European Commission’s Directorate General for Energy tasked an external contractor to prepare a non-binding Reference Security Management Plan. This is intended to be a useful guidebook for operators of energy infrastructure Assets, systems or parts thereof, independent of its classification as European Critical or under other national category. This concentrates on malicious, human-origin threats, whilst paying attention to all related aspects of an operation.
The Reference Security Management Plan is written from the operator’s perspective, from the need to comply with existing national or international legal and technical frameworks, through to integrating good security risk management within the overall corporate
Prepared by the Harnser Group for the European Commission
Summer 2010
Under Contract TREN/C1/185/2009
A Reference Security Management Plan for Energy Infrastructure
Foreword
The European Union is developing its policy on critical energy infrastructures in relation to the European Programme for Critical
Infrastructure Protection (“EPCIP”) which considers measures that will enhance, where necessary, the level of protection of certain infrastructures against external threats.
The integrity of energy infrastructures and their reliable operation are key factors in ensuring the supply in energy, vital for the well-being of the citizens and the functioning of the economy.
For this reason energy infrastructure is considered as a priority for the implementation of the
EPCIP, hence the policy adopted in December 2008, under Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the need to improve their protection, has the energy sector in its scope. As one of a number of requirements, this
Directive included the creation of an Operator Security Plan for all infrastructures designated as European Critical.
The European Commission’s Directorate General for Energy tasked an external contractor to prepare a non-binding Reference Security Management Plan. This is intended to be a useful guidebook for operators of energy infrastructure Assets, systems or parts thereof, independent of its classification as European Critical or under other national category. This concentrates on malicious, human-origin threats, whilst paying attention to all related aspects of an operation.
The Reference Security Management Plan is written from the operator’s perspective, from the need to comply with existing national or international legal and technical frameworks, through to integrating good security risk management within the overall corporate