Vulnerability Assessment
    Security Audits 
      Maritime Cyber Security
        2 min read

        EU Wants to Secure Subsea Infrastructure, But Agreement Looks Far Off


        Featured Image

        In response to the sabotage of the Nord Stream gas pipeline, the protection of critical maritime infrastructure has gained a newfound priority in the EU.

        The surface of the Baltic boils from a gas leak from the ruptured Nord Stream pipeline complex

        Undersea cables and pipelines play a vital role in European economies, and failure or sabotage can trigger serious impacts.

        Despite its critical importance, the security of subsea infrastructure has yet to be figured out. An increase in natural disasters, technical failures and terrorist attacks are but a few of the threats. The fact that the maritime critical infrastructure straddles national borders adds to the complexity of ensuring security.

        This is part of the challenge facing the EU’s need to secure its critical infrastructure. After the Nord Stream pipeline sabotage, the European Commission (EC) President Ursula von Leyen presented a five-point plan focused on enhancing the bloc’s preparedness and response to threats to its critical infrastructure.

        Part of Ursula’s recommendations included carrying out stress tests, especially for infrastructure related to energy supply, subsea digital cables and electricity grids.

        The effort would augment the ongoing process of updating the EU’s 2008 critical infrastructure directive. The revised directive, the Critical Entities Resilience (CER) directive, is expected to come into force in 2024 and cover 11 risk areas, including natural disasters, terrorist attacks and public health emergencies such as the recent Covid-19 pandemic.

        Metis Insights: Yemen's Failed Truce

        However, according to new information that emerged last week, some of the EU’s member countries are opposed to key parts of the plan.

        On the proposal to have common responses to incidents related to critical infrastructure, France has argued that this should be made voluntary. Similarly, in feedback to the EC’s proposal for prioritization of cross-border infrastructure, Germany argued that the decision should left to each member state.

        On the other hand, Finland emphasized relying on trusted vendors for protection of subsea cable systems, not national or regional authorities.

        Additionally, Italy, the Netherlands, Poland, Sweden, Slovakia and France all have concerns about sharing information about critical infrastructure. They argue there would be disastrous consequences if such information were intercepted. The reluctance is primarily on sharing information related to undersea cables.

        The EC’s proposal on stress tests also came under criticism. Denmark, Ireland, Poland and the Netherlands all seek more clarification on what ‘stress test’ would entail. The consensus among most EU members is that the stress tests should be voluntary.

        Commenting on EU members’ feedback to EC plan on strengthening the resilience of critical infrastructure, Prof. Christian Bueger, a maritime security researcher based at University of Copenhagen, pondered whether the EU would ever find an appropriate solution to the protection of critical maritime infrastructure.

        "There is little prospect at the moment. Hardly a shared understanding of what is critical about infrastructures, the prevalence of national protectionism and distrust between member states. Perhaps a focus on those infrastructures that are international and connect Europe would help,” said Prof. Bueger.

        Source: Maritime Executive