![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/TOC-Subject-Sample-2021-Politics-International-Relations.jpg"})
Abstract
Critical infrastructure protection (CIP) constitutes a paradigmatic as well as challenging case for EU security governance, which has received limited academic attention to date. This article draws on a heuristic framework to survey the EU's capacities to ‘meta-govern’, that is, to stimulate and steer governance efforts across multiple sectoral and political divides, in this complex issue area. The main part of the paper assesses the European Programme for Critical Infrastructure Protection (EPCIP), which comprises a variety of policy instruments and initiatives, on this basis. It is shown that the attempt of an authoritative regulation of European critical infrastructures has remained narrow and of questionable effectiveness. Scientific networks have developed more dynamically, while the participation of private companies and corresponding EU financial instruments are yet to show their potential. Finally, the EU's organizational capacity in CIP suffers from a lack of coordination structures in the European Commission, but also needs to take the scarcely known Joint Research Centre (JRC) into account. The conclusions highlight the barriers to comprehensive governance of as well as large research gaps on European critical infrastructure policies.
Acknowledgements
The author would like to thank Jakob Lewander and Sara Norrevik for their research assistance.
Notes on contributors
Raphael Bossong is a lecturer at the European University Viadrina, Frankfurt(O) and a researcher at the Institute for Peace Research and Security Policy at the University of Hamburg. He holds a BA in Social and Political Sciences from the University of Cambridge and a MA and PhD in International Relations from the LSE. His research, which contributed to several EU-funded research projects, focuses on the intersection between EU crisis management, internal and external security policy, and public administration.
Notes
1. As touched upon in the empirical analysis, this framing even excludes EU efforts in the area of critical information infrastructure protection (CIIP).
2. For instance, one may explore whether transgovernmental networks, which is a significant feature in police and criminal justice cooperation, migration policy, and civil protection, are equally prominent in the European Programme on Critical Infrastructure Protection.
3. This is in slight distinction to Baker and Stoke who list discourses under the category of nodality.
4. National governments can draw on wider range of assets and incentives, such as land, permits, or tax credits.
5. The exclusion of cyber-security from ECI, which also features a clear transnational rationale, is discussed below.
6. In 2010, DG Tren was split up into DG Move and DG Energy, as discussed in section 3.4.
7. The study that is referred to in the cited Commission working paper (Citation2012a) has not been published, but was made available to the author upon request.
8. According to the technical study, only Slovenia and Bulgaria cited the EU Directive as an important reference for corresponding national regulatory frameworks. The lack of specific on-site monitoring mechanisms for the Directive – as exist, for instance, in the case of EU aviation security – further accentuated the lack of baseline data, which would be necessary for a sound impact assessment.
9. A news report by the 2011 Polish Presidency briefly notes that the network normally meets twice a year and includes a mix of member state and Commission representatives see http://rcb.gov.pl/eng/?p=393.
10. See, for instance, http://www.warp.gov.uk/.
11. The reluctance of private companies to share such information may be due to the fear of liability claims as well as the need to defend the company's reputation (including against private competitors). These problems are aggravated in the case of international information sharing, whereby the circle of recipients is wider and potentially less trust-worthy.
12. http://www.micie.eu/.
14. The network is managed by the Commission's technical Joint Research Centre that is discussed further below under the category on organizational capacity.
15. From the perspective of EU studies, its influence is likely to be conditioned by the prevalence of deliberating modes of interaction, dependence of policy-makers (Haverkamp 2009), and the inherent level of uncertainty in security scenarios. But it is also possible that other international organizations (e.g. ISO) or global technological leaders (e.g. top US research institutes) dominate in this area.
16. www.ecns.eu.
17. These projects were identified from a total of 226 FP7 security research projects. This does not include the large number of projects on cyber-security and critical information infrastructure protection, which are financed under a different heading in FP7 and add up to several hundred million Euros, see http://cordis.europa.eu/fp7/ict/programme/challenge1_en.html.
18. Despite considerable amounts of promotional material on FP7 security research, I could not identify showcase examples for such transfers or applications. Contrasting cases are US awards or competitions in response to specific technological security challenges (most famous in the case of DARPA).
19. At the time of writing, the European Internal Security Fund has been approved by COREPER, but held up by member states negotiations on the full financial perspective.
21. On occasion, the Coordinator has discussed CIP in his periodic reports on the implementation of the EU's counterterrorism strategy. However, his role is already contested in core areas of responsibility, namely police and criminal justice cooperation, so that he cannot be expected to take a lead in CIP.
23. In the area of critical information infrastructures, the European Network and Information Security Agency (ENISA) has taken on a more substantial role in recent years. Yet its peripheral location and narrow advisory mandate arguably do not destine ENISA as a future lead agency on CIP from a systemic perspective.
25. This institute constitutes one branch of the spatially dispersed JRC and is based in Ispra, Italy.