The private sector’s vital role in the protection of critical infrastructure

The private sector’s vital role in the protection of critical infrastructure

National governments and international organizations are increasingly identifying strategies to protect Critical Energy Infrastructure (CEI). This creates a window of opportunity for private business risk consultancies and security firms to provide strategic services.

The protection of Critical Energy Infrastructure (CEI) is an increasingly delicate and complex issue at the international level.

The connection between energy infrastructure in unstable countries and the end-user poses serious problems in securing energy supplies. Thus, in case of supply disruption, direct and indirect effects may be experienced in several countries, affecting private and public sector actors.

CEI are vital for national economies and require robust protection from a range of evolving threats ranging from cyber attacks to natural disasters and man-made accidents. These risks and threats linked to CEI are increasingly being discussed among various regional and global IGOs.

Increase in IGO frameworks

Through the Directive COM(2006) 786, the European Commission set out the principles of the European Program for Critical Infrastructure Protection (EPCIP), which aim to improve the security of the European CEI. With this directive, all European Member States were obliged to incorporate the EPCIP into their national statutes.

In 2008, Council Directive 2008/114 established that all members were also responsible for identifying critical infrastructure in their territory in two specific sectors: energy and transport.

This entailed preparing an Operator Security Plan (OPS) to make sure that the necessary protective measures were in place. In addition, each member state was in charge of appointing a security liaison officer to facilitate cooperation and communication with the authorities on the risks concerning European Critical Infrastructure (ECI).

Therefore, this directive emphasizes the EU Commission’s role in guaranteeing adequate critical infrastructure protection. Similarly, other international organizations such as the International Energy Agency (IEA) and the Organization for Security and Cooperation in Europe (OSCE) are developing projects and sharing best practices in this field.

Furthermore, NATO is also interested in playing a role in the protection of CEI. NATO created the Emerging Security Challenges Division (ESCD) in August 2010 to counter a growing range of non-conventional risks.  Its scope is to provide NATO with a “Strategic Analysis Capability” to monitor and predict international changes that could affect the security of the alliance.

CEIs are increasingly attractive targets for terrorists. Consequently, during the 2008 NATO Bucharest Summit, the alliance formulated a strategic report titled “NATO’s Role in Energy Security,” which identifies the key areas where NATO could contribute. These areas include information and intelligence fusion and sharing, projecting stability, advancing international and regional cooperation, supporting consequence management, and supporting the protection of critical infrastructure.

Focus on CEI offers substantial private sector opportunities

Increased international and intergovernmental attention to the protection of CEI provides opportunities for the private sector. Over the last two decades, there has been a considerable increase in the number of private sector companies providing risk consultancy and private security services to clients with regional and global CEI interests.

While some firms focus primarily on physical and assets’ security – both on land and sea – others are specializing in cyber-security and intelligence services. This wide range of competencies offers private actors the possibility to support the public sector in the protection of CEI in three fundamental ways.

Firstly, private sector consultancy companies inform public actors. With a high-level of operational expertise in the protection of clients’ infrastructure, these firms can play an essential advisory role in identifying CEI, while understanding operators’ needs.

Indeed, private companies, operating alongside those directly responsible for the delivery of energy supplies, develop an unparalleled knowledge of macro and micro issues that affect the day-to-day operations of CEI operators. As such, risk management and security actors have the potential to be among the most resourceful advisers to governments and international organizations planning to strengthen and enhance their CEI policies.

Secondly, private consultancies may also be involved in geographically extensive and direct operational support in regard to NATO and EU operations. Given the nature of the assets to be protected and the global aspect of operations, international organizations and military alliances are not designed to provide protection to single operators on a global scale.

Political and operational restraints limit the actual scope of international risk management plans carried out by public actors. In light of this consideration, the coordination between the private and public sectors is likely to become essential in ensuring truly global coverage, which could range from safeguarding industries and pipelines to ensuring the safety of personnel in highly dynamic risk areas.

Lastly, private risk consultancies may also be used by public authorities to obtain critical insights into the commercial implications inherent in CEI protection. Given the fact that a slice of CEI operators are private or semi-private actors, risk management and security companies may potentially provide public decision makers with detailed reports concerning the commercial implication of the protective services in question. This, in turn, raises market awareness of the public sector and enables it to adopt measures which compliment the specific needs of each operator.

Recommendations concerning public-private cooperation vis-à-vis the protection of CEI cannot be taken as a monolithic set of action points. Instead, recommendations need to be adapted to specific cases, such as in the case of EU, NATO and national governments. This process can potentially be facilitated by the organization of high-level workshops and conferences aimed at bridging the gap between private companies and public actors.

After all, information sharing is a critical to building functional, project-specific cooperation within a precise institutional framework.

This article has been co-written with Alessandro Niglia

Alessandro Niglia is the Program Manager at the Atlantic Treaty Association, focusing on International & European Affairs. As Co-Director of the NATO Advanced Research Workshop “The Protection of Critical Energy Infrastructure Against Emerging Security Challenges”, he is now finalizing a publication by collecting best-practices and recommendations for NATO Member and Partner Countries in the field of Energy Security. He is also a Candidate Fellow at the NATO Energy Security Center of Excellence in Lithuania.

About Author

Riccardo Dugulin

Riccardo Dugulin is an analyst at Drum Cussac, a global business risk consultancy. He specializes in supporting international organizations and large corporations operating in emerging markets by providing them with critical risk management intelligence. His regions of expertise are the Near East, the Gulf, North Africa and Continental Europe. He previously worked as project manager for a French medical assistance company. He gained field experience in the Middle East having worked for leading think tanks in Dubai and Beirut. Riccardo holds a Master in International Affairs from the Sciences Po – Paris and a Bachelor in Middle Eastern Studies from the same university. Follow him on Twitter @RiccardoDugulin.