On 30 March 2009, the European Commission adopted a communication calling for action to protect critical information infrastructures by making the EU more prepared for and resistant to cyber attacks and disruptions.

Electronic communication services and networks provide the backbone of the European economy and are vital to citizens, businesses and governments. They are often referred to as critical information infrastructure (CIIs).

There is a 10 % to 20 % probability that telecom networks will be hit by a major breakdown in the next 10 years, with a potential global economic cost of around €193 billion. This could be caused by natural disasters, hardware failures, rupture of submarine cables (there were 50 incidents recorded in the Atlantic Ocean in 2007 alone), as well as from human actions such as terrorism or cyber attacks (such as the large-scale cyber attacks directed at Estonia in 2007), which are becoming more and more sophisticated.

As ICT networks tend to be decentralised, highly interconnected and interdependent, failures of these infrastructures could cascade and spread beyond national borders. At the moment, Member States' approaches and capacities differ widely. A low level of preparedness in one country can make others more vulnerable, while a lack of coordination reduces the effectiveness of countermeasures.

To achieve an enhanced level of awareness and preparedness throughout the EU, the European Commission's communication proposes the following set of actions:

• Preparedness and prevention: fostering cooperation, exchange of information and transfer of good policy practices between Member States via a European Forum. Establishing a European Public-Private Partnership for Resilience which will help businesses to share experience and information with public authorities. Both public and private actors should work together to ensure that adequate and consistent levels of prevention, detection, emergency and recovery measures are in place in all Member states.
• Detection and response: supporting the development of a European information sharing and alert system.
• Mitigation and recovery: stimulating stronger cooperation between the Member States via national and multinational contingency plans and regular exercises for large-scale network security incident response and disaster recovery.
• International cooperation: driving a Europe-wide debate to set EU priorities for the long term resilience and stability of the Internet, with a view to proposing principles and guidelines to be promoted internationally.
• Establishment of criteria for European critical infrastructure in the ICT sector: the criteria and approaches currently vary across Member States.

The European Commission invited the European Network and Information Security Agency (ENISA) to support this initiative by fostering a dialogue between all actors and the necessary cooperation at the European level.

Further information:

• RAPID press release - European Commission
• European Commission's communication on Critical Information Infrastructure Protection - "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" 
• Critical Information Infrastructure Protection - a new initiative in 2009