University of Florence – Department of Systems and Informatics
Alessandro Lazari holds a Ph.D. in Computer, Multimedia and Telecommunication Engineering at the University of Florence and He was Lecturer in Legal Informatics at the Specialization School of Law (University of Salento, Lecce, Italy). He graduated in Jurisprudence from the University of Bolongna. Alessandro is member of many research associations and scientific committee such as: the Italian Association Critical Infrastructure Protection (since January 2012 he leads the working group on “Legal issues related to drafting the Operator Security Plan”), the Integrated Mission Group for Security (TA3 – Ethics, Human Factor and Impact on Society), the Italian Chapter of The International Emergency Management Society (TIEMS) and the AIP-ITCS “Italian Computer Society”. He is currently enrolled as Scientific/Technical Project Officer at the “European Reference Network for Critical Infrastructure Protection” Project at the Joint Research Centre (European Commission).
Presentation: Beyond compliance: a case study about the Romanian approach to the implementation of the Directive 114/08/EC on European CIs
Directive 114/08 on the identification and designation of European Critical Infrastructures (ECI) and the assessment of the need to improve their protection provides a common approach for assessing those infrastructures which destruction or disruption would have a significant impact not only on the hosting Member State but also on one or more neighbouring ones. This new branch of the EU framework require Member States and its Infrastructures’ Operators to put in place new efforts in order to fulfill the goals of the Directive and, above all, the need to collaborate in order to identify and designate the ECIs and the need to draft a so-called “Operator Security Plan” for the designated infrastructures.
All the Member States have implemented this Directive, but the overall assessment gives back a very patchy snapshot: success stories and strong commitment shown by very proactive Member States contrast with examples of pure formal compliance.
The diversification of national implementation is in line with the principle of institutional autonomy; however, this substantive fragmentation in the legislation of the different Member States does not help the achievement of the goals set in the directive itself.
This paper aims at addressing the main issues of such a fragmented implementation of the Directive 114/08/EC and assessing its critical hurdles. The paper therefore searches for the reference models (previous European legislations, best practices and standards) that could be used for efficiently drafting those OSPs; and then, it studies which lessons can be learned from those Member States which deal with the protection of vital infrastructures in very effective and efficient instruments.
When discussing these issues, the paper focuses on the Romanian experience as a case study of strong commitment to the European policies. In Romania, in fact, when transposing the Directive into national law (ORDONANTA DE URGENTA 98/2010), the government has taken the opportunity to amend the National framework about CIP (extending it to 10 sectors). This choice extends the same identical model for the identification, designation and protection of both National and European CIs and implies that all the designated National Critical Infrastructures shall draft Operator Security Plans.