Ben Lane, CIPRE event manager, met with David Luengo, Managing Director of Indra’s Brussels office, who spoke on behalf of the Aerospace, Security and Defence Industries Association of Europe (ASD), in his capacity as Chairman of the Security Business Unit (SBU) which he has headed since 2019.
ASD (www.asd-europe.org/) is the voice of the Aerospace, Security and Defence industries of Europe. With twenty-five major companies and 25 National Associations as members, the overall representation adds up to more than 4,000 companies across 21 European countries.
Ben Lane:
Thank you for joining us today for our 15-minute CIPRE interview. We will kick start off with the first broad question. Please provide a brief background on ASD Europe and its involvement in the critical infrastructure sector.
David Luengo:
ASD Europe is an association of national associations and prime companies that works toward achieving common objectives at the European level. The industries ASD represents are active in four sectors: civil aviation, defence, and civil security. Our companies are also involved in the space domain, which is represented by ASD’s sister association Eurospace. ASD, in a nutshell, is a forum to exchange information, ideas, initiatives, and activities between technology providers across their domains of operation.
When it comes to critical infrastructure, ASD is also a place for technology providers to jointly develop their understanding of the operators’ practices. As an example, digitalisation will enormously increase the interdependence of critical infrastructures. The energy sector, the transport sector, airports, ports, all the different critical infrastructures, together form the backbone of Europe’s economy and society. When new digital technologies are introduced, the network gains size and density. It is critical for technology providers to understand the operational challenges these changes imply. ASD is a platform to that end, which in turns allow technology providers to better help operators.
When we talk about the security of critical infrastructures, we must consider the security of the whole network. Because operators are now much more connected across national borders, European solutions are required. Which is why ASD is trying to create common practices and to deliver solutions at a European level. Adopting a European viewpoint is vital and ASD’s raison d’être.
ASD also works on how to tackle the many challenges we have ahead. In today’s geopolitical context, hybrid warfare has become a reality, and the protection of critical infrastructures against hybrid threats has become essential. So, we need to put more effort into the system. This means also increased and streamlined European funding for security, and incentives for European collaboration in the field. Ultimately, ASD’s purpose is to help technology providers to deliver projects which are useful for operators.
Ben Lane:
Thank you – great answer, some of which we will be discussing at CIPRE 2024 in Madrid. In your opinion what are the main changes in threats against critical infrastructures that ASD and its members are seeing?
David Luengo:
In our view, the advent of hybrid threats represents the most important change. Ten years ago, the main manmade threat to critical infrastructure was terrorism. Today, we have moved into the age of hybrid warfare, where the main threat to critical infrastructure is malicious action by State or state-sponsored actors. The digital component of hybrid attacks is of particular concern, although there are also threats against physical infrastructure.
We know about the Nord Stream pipelines sabotage, or about the Russian sponsored attacks taking place across Europe. But I would say the main challenge we have today are cyber-attacks. We need a common policy on this matter, not just regulation, but also incentives to build knowledge, so we can gain better insights into different scenarios, anticipate threats more effectively, improve our threat analysis, share information to respond to those threats, and recover in case of incidents.
Finally, we must not forget that natural disasters are also increasing in frequency and scale. It is true that they have always been on our radar screen, but climate change will bring them to a completely new level that necessitates very important adaptation measures.
Ben Lane:
Thank you. How are the latest NIS2 and CER directives impacting ASD members and technology providers? What is your view on this subject?
David Luengo:
If we want a balanced level across Europe in terms of capacity, best practices and secure infrastructure, I think it is vital to have a common regulation that is put into practice by all operators. So, the NIS2 directive, in my view, must respond to the protection of common interests, the protection of consumers and the protection of operators. It’s the same for the Critical Entities Resilience (CER). When investing in a network of critical infrastructures, which will be increasingly interdependent, increasingly used for public services, for the public good, then regulation is vital.
We need to update these regulations and incentivise the adoption of new systems, of new technologies, of new capacities, and knowledge. I want to see regulation as a good thing for the security market, as it urges us to think about better solutions; how to improve the service that we provide to our customers; how to improve the use of new technologies. So, this is a good thing for ASD members as technology providers. And it should be a good thing for operators of critical infrastructure.
The main point is to undertake this work collaboratively. We need to work at the European level, between operators and providers at a European level throughout the interconnected network. This means the European institutions should play a key role in helping manage the use of technology, creating collaboration, and in helping to produce better solutions.
Ben Lane:
Thank you. Finally, are there any regulations or standards or even changes to standards and regulations that ASD would like to see?
David Luengo:
The way I see it, standards are a way for us all to mature the market. Standards should not block innovation, but rather help provide better and more transparent conditions to the market in terms of use, in terms of developing technologies.
During the past 10 years, the EU was successful in creating the Connecting Europe facility, for example, to provide incentives to develop trans-European networks for Energy, Transport, and the digital domain.
It is common sense to include a security layer in these existing instruments, and to develop a European security financial instrument which could support the development of this security component of the trans-European networks.
Cyber-attacks are frequent and becoming the new normal. We need to address this collaboratively. Promoting new EU incentives to tackle this security challenge is one of the key priorities.
Ben Lane:
Okay, great. Throughout that interview you used the word collaboration, and this is an especially important word, particularly now. Without collaboration, nothing is going to happen effectively. Hence, the CIPRE conference in Madrid is vital because it is about collaborating, discussing, and networking with key people from across the sectors to understand how to move forward.
David Luengo:
Absolutely.
Ben Lane:
Thank you and we look forward to seeing you in Madrid in November for another edition of CIPRE.