Europe's vulnerable lifelines
Mario Eisenhut
"Navigating Trust and Commitment: Anchoring Your Success with Responsibility and Reliability"
Europe's vulnerable lifelines
A reliable power supply is taken for granted in the Federal Republic of Germany and other European countries, and a reliable distribution of energy requires secure systems at all voltage levels to guarantee it.
At the same time, these lifelines are a particularly vulnerable infrastructure in our high-tech world, because they depend to an increasing extent on electricity being always available. Since even short disruptions can have serious consequences, solutions for comprehensive supply security are needed.
From one second to the next, darkness reigns in Germany. On a winter's day, the lights go out all over the country - and in Europe, the power grids collapse due to the lack of load: Power plants shut down, gas stations stop working, people are stuck in elevators and subways. This horror scenario is pure fiction, but a widespread power blackout lasting several days would also be a disaster.
According to a study by the Office of Technology Assessment at the German Parliament (TAB), which analyzed the consequences of a blackout for Germany back in 2011, the authors came to a disturbing conclusion: a long-lasting, widespread power blackout would paralyze all critical infrastructures, i.e., the significant supply systems; a collapse of the entire society could hardly be prevented.
After just a few days, it would no longer be possible to supply the population in the affected area with essential goods and services.
"What surprised us most was the low level of risk awareness in society despite the high potential for danger and disaster," said the head of the study, emphasizing, "Many areas of critical infrastructure are not sufficiently prepared for such a situation. There is still a need for action here."
The vulnerable industrial societies
The power supply is the Achilles' heel of high-tech societies. Almost all areas of life and work depend on electrically powered devices, control, and regulation systems.
During the digital transformation, which is accompanied by a fourth industrial revolution, a secure power supply is becoming more than ever the lifeline for all areas of society, from everyday communication via smartphone to complex corporate and production processes.
Even localized and temporary power outages highlight the vulnerability of the modern world. In August 2003, for example, poorly maintained power lines in the northeastern United States and parts of Canada led to a blackout that lasted several days and affected more than 50 million people. And in November 2006 in Germany, when the then transmission system operator E.ON switched off an important high-voltage line across the River Ems to allow a cruise ship to pass through, the lights went out in large parts of Europe for just under 2 hours. These blackouts show the importance of power supply for industrialized societies and how vulnerable it is at the same time.
Short blackouts, big damage
Major blackouts are very rare in Germany, where the quality of the power supply is among the best in the world. According to the German Federal Network Agency, German consumers were without power for an average of 12.7 minutes in 2015, and who would be surprised that in 2021, electricity consumers in Germany were repeatedly disconnected from the grid for an average of 12.7 minutes. This is shown in the Statista graphic based on data from the Federal Network Agency. At 2.4 minutes, the outages in the low-voltage grid were still significantly lower than in the medium-voltage grid. Typical consumers in the low-voltage network are households and commercial enterprises, while medium-voltage supplies industrial companies and smaller power plants, for example.
According to the Council of European Energy Regulators (CEER), similar values were achieved in Switzerland with 13 minutes of interruption in 2014 and in Denmark, where the downtime was only 11.6 minutes. In France, on the other hand, there was no power for 50.2 minutes in the same period.
The power supply in the USA is much more susceptible to disruptions. Due to outdated power grids and extreme weather events, outages of 2 hours are not uncommon there. Even short blackouts can cause serious economic damage. Just a few seconds without power or even slight voltage fluctuations - brownouts or surges - are enough to bring entire production processes to a standstill.
In sensitive industries such as semiconductors or metal production, plant downtimes can cause millions of euros in damage.
Based on the "Value of Lost Load" indicator, which describes the level of regional value added per kWh of electricity on an annual average, the Hamburg Institute of International Economics has estimated the economic damage of a power blackout for German cities and districts. According to this, Berlin would suffer losses of around 23 million euros if the power failed there for 1 hour at midday.
How the EU responds to crises and builds resilience
The EU is working on several fronts to improve its crisis response capacity and resilience to future challenges.
Addressing future emergencies
The European Union has faced numerous crises throughout its history and has made gradual policy and institutional changes to improve its ability to cope with future emergencies.
What is resilience?
Resilience stands not only for the ability to overcome challenges, but also for the ability to manage change in a sustainable, fair, and democratic manner.
This existing and future EU tools and regulations to manage crises and strengthen resilience:
· Civil Protection Mechanism
· Integrated arrangements for policy response to crises
· Preparedness planning and response to public health emergencies
· Protection of network and information systems
· Critical infrastructure protection
The COVID-19 pandemic demonstrated that crises are increasingly complex and do not stop at borders. The EU and its Member States have already established cross-border cooperation and solidarity mechanisms to effectively manage crises and protect people.
However, the EU's response to crises needs to evolve. In the future, the EU must be prepared to deal with acute crises of a different nature; these could be multi-layered, hybrid in character, involve cascading effects, or occur simultaneously.
To increase its resilience to future challenges, the EU must improve cross-sector and cross-border crisis management. It must also improve crisis communication and strengthen the fight against disinformation.
In November 2021, the Council adopted conclusions on improving crisis preparedness, response capacity, and resilience to future crises. EU leaders welcomed the conclusions on December 16th 2021 and called for strengthening the EU's crisis response in an all-hazards approach and building and monitoring resilience.
Given the indispensable role of the single market for the EU, the Council stressed that crisis-related measures should be temporary, proportionate, and fully coordinated to restore the normal functioning of the single market as soon as possible, including the free movement of persons, goods, services, and capital as provided for in the treaties.
Crisis Response Mechanisms in the EU
If a crisis or disaster occurs - whether natural or man-made - the EU can use various rapid response mechanisms to provide assistance.
The EU Civil Protection Mechanism
The Union Civil Protection Mechanism coordinates the response to natural and man-made disasters at the EU level.
It aims to:
· Promote cooperation between national civil protection authorities.
· Increase public awareness of disasters and strengthen preparedness for disasters.
· Provide rapid, effective, and coordinated assistance to affected countries.
The Emergency Response Coordination Center (ERCC) is the operational heart of the Civil Protection Mechanism: it is staffed 24 hours a day, every day, and coordinates the EU response in the event of a disaster.
The Mechanism also includes a European Civil Protection Pool. This is a voluntary pool of pre-committed assistance capabilities that Member States can make immediately available for operations inside or outside the EU.
In March 2022, the Council adopted conclusions on civil protection measures in the EU in the face of climate change. As extreme weather events become more frequent and intense, ministers called for civil protection systems to be adapted to such events to make the EU more resilient to climate change.
Among the measures highlighted in the conclusions are:
· Investing in research and innovation
· Working on adequate prevention and preparedness measures
Recommended by LinkedIn
· Strengthening civil protection capacities
· Improving crisis preparedness among citizens through more information
· Encouraging the participation of citizens and volunteers in civil protection initiatives
The Integrated Crisis Policy Response (IPCR) mechanism supports rapid and coordinated policy decisions at EU level in the event of severe and complex crises, such as terrorist attacks.
Through this mechanism, the Presidency coordinates the political response to the crisis by bringing together EU institutions, affected Member States and other key stakeholders.
The IPCR mechanism is currently activated to coordinate EU action in response to the migration crisis and the COVID-19 outbreak. The Council's rapid response mechanism can be triggered either by the Presidency or by a Member State after it has invoked the solidarity clause.
European Union Solidarity Fund
The European Union Solidarity Fund was established in 2002 to respond to major natural disasters and to express European solidarity with disaster-stricken areas within Europe. Member States can apply for funding under the EU Solidarity Fund to help them cope with natural disasters such as floods, forest fires, earthquakes, storms and droughts.
In April 2020, the scope of the Solidarity Fund was expanded to include major public health emergencies as a result of the COVID-19 pandemic outbreak.
Preparedness for future health crises.
The COVID-19 pandemic demonstrated the need for coordinated EU action to respond to health crises in a timely and effective manner.
The EU has considered the lessons learned from the COVID-19 pandemic and adopted four regulations as part of the European Health Union package to improve the Union's capacity to prevent, detect, and respond rapidly to cross-border health threats.
· a new regulation on serious cross-border health threats
· revised mandates for the European Centre for Disease Prevention and Control (ECDC) and for the European Medicines Agency (EMA)
Emergency framework for medical countermeasures
In addition, the European Commission established the European Health Emergency Preparedness and Response Authority (HERA) in September 2021. HERA was created to ensure the development, production, procurement, and equitable distribution of key medical countermeasures within the EU.
Food security contingency plan
The COVID-19 pandemic outbreak demonstrated that the food chain in Europe is vulnerable to drastic supply problems. In November 2021, the Commission published a communication outlining a contingency plan to ensure food security in Europe during crisis situations.
The proposed measures aim to better enable the EU to cope with challenges such as extreme weather events, plant and animal health problems, or shortages of key inputs such as fertilizers, energy, and labor. For example, a European Food Security Crisis Preparedness and Response Mechanism (EFSCM) will be established, and an expert group will be set up to bring together experts from member states, relevant stakeholders, and representatives of third countries on a regular basis to ensure that the EU is fully prepared for any food supply problems.
At their December meeting, EU ministers responsible for agriculture and fisheries endorsed conclusions on the plan, recognizing the need to future-proof the European food system to be ready for potential risks and crises. All agreed that the lessons learned from the COVID-19 crisis should provide guidance on the EU's approach to possible future crises.
EU agriculture ministers held a video conference in March 2022 to discuss the risk of significant impacts on the agriculture and food sector following Russia's invasion of Ukraine. Among the measures discussed, the Commission informed ministers of its plan to activate the European Food Security Crisis Preparedness and Response Mechanism (EFSCM) to monitor the market situation.
Resilience to physical and digital risks
At its meeting on October 20-21, 2022, the European Council strongly condemned the sabotage of critical infrastructure, including the Nord Stream pipelines, and stated that the EU will collectively and resolutely address any intentional damage to critical infrastructure or other hybrid acts.
To increase the resilience of critical infrastructure, EU leaders called on member states to take urgent and effective action, work with each other, as well as with the Commission and other relevant stakeholders.
The EU is currently working on new regulations to make physical and digital critical facilities more resilient.
Protecting network and information systems
In 2016, the EU adopted the Network and Information Security (NIS) Directive, the first-ever EU-wide legislative measures to strengthen cooperation among EU countries on the critical issue of cybersecurity.
The directive established security obligations for operators of essential services in critical sectors such as hospitals, energy networks, research laboratories, and factories producing extremely important medical devices and pharmaceuticals. It also represented a critical step in strengthening cyber defense capabilities in the EU.
As part of the EU's cybersecurity strategy, the European Commission proposed a revised NIS Directive (NIS 2) in December 2020. The new proposal considers the changing threat landscape and the digital transformation of our society, accelerated by the COVID 19 crisis.
The Council and the European Parliament have reached a preliminary agreement on the new measures, which aim to ensure the strengthening of risk and security incident management and cooperation and extending the scope of the rules.
Financial Sector IT Security
On May 11, 2022, the Council and the European Parliament reached preliminary agreement on the Digital Operational Resilience Act (DORA), which aims to further strengthen the IT security of financial firms.
The DORA regulation establishes uniform requirements for the security of network and information systems. They affect:
· companies and organizations operating in the financial sector
· critical third parties providing ICT services to them.
A legal framework for digital operational resilience is established, under which all companies must ensure that they are able to withstand, respond to and recover from all types of ICT-related disruptions and threats.
The new regulations, on which preliminary agreement has been reached, will provide a very robust framework that will enhance the IT security of the financial sector to prevent and mitigate cyber threats.
Protection of critical infrastructure and facilities
The EU is working on new regulations to make critical infrastructure more resilient, robust and resistant to shocks.
From terrorist attacks and natural disasters to accidents and public health emergencies, various challenges in recent years have highlighted the need to increase the resilience of critical facilities.
Critical facilities are public or private entities that provide essential services on which the livelihood of EU citizens and the smooth functioning of the internal market depend. One of the key components of a critical facility is its infrastructure. This may include objects, facilities, equipment, networks, or systems necessary for the provision of an essential service.
The Council and the European Parliament reached political agreement on June 28, 2022, on a new directive on critical facility resilience.
The rules aim to reduce the vulnerability of critical facilities and strengthen their physical resilience. They cover a range of sectors - such as energy, transport, health, drinking water, wastewater and space, and food production, processing, and distribution - and certain central agencies of public administration.
Some provisions of the draft directive also affect the banking sector, financial market infrastructures and digital infrastructures.
Under the new rules, critical entities must identify relevant risks that may significantly affect the provision of essential services, take appropriate measures to ensure their resilience, and report incidents to the relevant authorities.
In addition, EU member states should have a strategy to strengthen the resilience of critical facilities, conduct national risk assessments, and identify critical facilities.
Critical facilities identified under the Directive would also be subject to the cyber resilience obligations set forth in the NIS-2 Directive.
EU Commission President Ursula von der Leyen has proposed that EU states conduct stress tests of critical infrastructure based on common standards. In addition, satellite surveillance should be used to detect suspicious ships. "Critical infrastructure is the new frontier of warfare. And Europe will be prepared for that," von der Leyen said.