Mr. Peter Gattinesi
Senior Scientist
European Reference Network for Critical Infrastructure Protection (ERNCIP) project
Joint Research Centre
European Commission


Peter Gattinesi works on ERNCIP at the Joint Research Centre, which is the European Commission’s in-house science service. ERNCIP was established to improve the capabilities in the EU for testing CIP-related security solutions. Peter’s role is to facilitate the activities of ERNCIP’s networks of experts, created to address specific testing capability gaps or issues in CIP thematic areas, as prioritised by the Member States and the Commission. Currently, ERNCIP thematic areas cover explosive detection, video analytics, biometrics, water contamination, structural resistance to explosives, and to seismic activity, radiological threats, and industrial control systems. Experts are recruited from research facilities, infrastructure operators, government authorities, the security industry, and academia across Europe. Peter was previously the head of the CIP team in the Home Office, leading the UK team during European Council negotiations on the establishment of the European Programme for CIP (EPCIP), which included the EPCIP Directive. Prior to that, Peter had an extensive career in business change in Barclays Bank.

Presentation: Challenges for the common testing of CIP security solutions in the EU

Critical Infrastructure Protection (CIP) depends on technological security solutions, in the form of detectors, sensors, materials protecting against explosives, resilient design, or new technologies such as biometrics for identification. For the EU, this affects policy on two levels. First, it is a reasonable expectation that the quality of CIP security solutions is equivalent across all Member States. Second, the EU would benefit from a stronger single market for such solutions.

Consequently, international or European standards for CIP security solutions are required, accompanied by common test methodologies and, possibly, harmonised certification schemes. Currently, this is not the case. European security standards are rare, and for some themes, there are no standards at all. The lack of standards is an obstacle to establishing common testing methodologies, and also to a stronger EU security market; manufacturers may have to test in each country where they sell their products. Few security solutions are certified at the European level, making it difficult for operators to assess the quality of security products on the market, thereby compromising the quality of security solutions in the EU.

This paper discusses these challenges, drawing especially on the experiences of the European Reference Network for Critical Infrastructure Protection (ERNCIP),, a European Commission Joint Research Centre project that interacts with over 120 CIP-related organisations in Europe.