The European Parliament on Tuesday (22 November) almost unanimously approved legislation which aims to improve the security of physical and digital infrastructure in Europe.
Ever since the first gas leaks on the Nord Stream 2 pipeline in the Baltic Sea were detected in the early hours of 26 September, the vulnerability of Europe’s critical systems has been at the centre of political attention.
And with 595 votes in favour and only 17 against, the so-called Directive on the Resilience of Critical Entities (CER) is that rare legislative file almost all political groups in Brussels agree on.
Most in Europe suspect the Nord Stream gas leaks resulted from an attack perpetrated by Russia.
“There’s a map somewhere in Russia pinpointing hospitals, power plants and water supply as targets,” EU commissioner Ylva Johansson said, addressing the parliament in Strasbourg ahead of the vote.
She also quoted Andrey Gurulyov, a Russian state Duma representative who, shortly after Russia launched 100 missiles to disable Ukrainian electricity infrastructure, said that without electricity, “the city of Kyiv will be swimming in shit.”
“How calculating, how callous, how cold-hearted can you be? To call on national TV to freeze, starve and terrorise civilians into submission,” Johansson said.
EU security services have not officially linked the Kremlin to the leaks, and Russian authorities have repeatedly denied responsibility. But attacks on EU infrastructure keep happening.
In October, unknown perpetrators paralysed rail traffic in north Germany by cutting optic communication cables, which disrupted rail links to the Netherlands and Denmark. Finnish authorities also recently warned cyber attacks on its energy infrastructure are increasing.
To ensure governments are prepared against a wide range of new risks, the CER directive now tasks all 27 EU members to update their national security strategies and do stress tests of the critical infrastructure to identify weak points.
Until now, EU rules only covered energy and transportation systems. The new directive is expanded to include eleven sectors, including all digital infrastructure, banking and financial services, healthcare and water treatment facilities, public administration, and potential space programmes.
The law is expected to come into force at the beginning of next year. After that, it will take nearly two years to transpose it to national laws, but commissioner for home affairs Johansson called on member states to start updating national securities strategies immediately.
“And we cannot afford to waste a single moment. Rockets have already fallen on European soil,” Johansson said. “Let’s build up our preparedness now.”
