1 Standardisation for security and protection of the citizens Dr. Alois J. Sieber, HoU, European Commission Joint Research CentreJRC IPSC, Ispra, Italy List of Content Where do I come from? Why does the European Commission underline the needs for standardisation? In which areas has the EC already efforts in standardisation? Way ahead 2 3 Where does the JRC fit in the European Commission? President José Manuel Barroso 27 Commission Members Commissioner Máire Geoghegan-Quinn Research, Innovation and Science Joint Research Centre (JRC) Research DG (RTD) 4 The Mission of the Joint Research Centre … is to provide customer-driven scientific and technical support for the conception, development, implementation and monitoring of EU policies. As a service of the European Commission, the JRC functions as a reference centre of science and technology for the Union. Close to the policy-making process, it serves the common interest of the Member States, while being independent of special interests, whether private or national. 5 Our Structure: 7 Institutes in 5 Member States IRMM - Geel, Belgium Institute for Reference Materials and Measurements ITU - Karlsruhe, Germany Institute for Transuranium Elements IE - Petten, The Netherlands – Ispra, Italy Institute for Energy IPSC - Ispra, Italy Institute for the Protection and Security of the Citizen IES - Ispra, Italy Institute for Environment and Sustainability IHCP - Ispra, Italy Institute for Health and Consumer Protection IPTS - Seville, Spain Institute for Prospective Technological Studies ~ 2750 staff ~ 330 M€/y budget (+ 40 M€/y competitive income) 6 EU Grand Challenges and Security Energy & climate change Public health / consumer protection Knowledge and innovation society Crises Management / natural disasters Sustainability & Growth Sustainable production & consumption Safety & Security Nuclear Safety and security Natural resources & agriculture Fight against terror & organized crime 7 8 EUROPE 2020 A strategy for smart, sustainable and inclusive growth (COM/2010/2020) states Initiative by President José Manuel BARROSO Steering the process Commission is proposing five measurable EU targets for 2020 in order to steer the process: for employment for research & innovation for climate change and energy for education for combating poverty 9 Seven flagship initiatives to catalyze process 10 Flagship initiative: “Innovation Union” – Based on improved framework conditions for innovation like setting up interoperable standards Flagship initiative: “Resource efficient Europe” – To use regulation building performance standards Flagship initiative: “An industrial policy for globalization era” – To develop a horizontal approach to industrial policy combining policy instruments (e. g. “smart” regulations, modernized public procurement, competition rules and standard setting) In preparation In early 2011, the Commission will present a Communication accompanied by a legislative proposal on standardisation, which will inter alia cover the ICT sector, in order to speed up and modernise standard-setting to enable interoperability and foster innovation in fastmoving global markets. This will be combined with a multi-annual programme to anticipate new standardisation needs and integration of standards into R&D projects in the research Framework Programme. 11 The challenge A Report on the future of European standardization (2010/2051(INI)) by the Committee on the Internal Market and Consumer Protection underlines “the need to improve mutual awareness and cooperation between standardisers, innovators, academia and the research communities” and “the inclusion of new knowledge in standards, in particular from publicly funded research and innovation programmes” in order to promote innovation and competitiveness. 12 Integrated Approach 13 Ref.: STAIR New Approach: Scenario Based 14 Improving Awareness & Visibility of Security 15 Aviation Security - Overview 16 EC develops legally binding standards for aviation security screening equipment (e.g. detection performance, operational use, training of staff) Cooperation with Technical experts from MS (Regulatory Committee) (incl. Technical Task Force of ECAC (European Civil Aviation Conference (UN-body on civil aviation in Europe)) Aviation Industry (Advisory Board) More frequently meetings of joint special WGs of MS and industry, reporting to Regulatory Committee International Cooperation, e.g. USA (Joint Committee under the EU-US Air Transport Agreement ), QUAD-group, joint seminars, framework of ICAO Procedure Agreement on Regulatory Committee level, adoption by European Commission, laid down in European Commission regulation (EU) No 185/2010: common basic standards on aviation security Non-sensitive: published in Official Journal Sensitive or classified: Commission Decision 774 not published Aviation Security - Look ahead 17 EC is considering to develop generic guidelines for canine detection based on the experience in the aviation security EC appreciate future subjects related to standardisation such as: the aligning of EC policies on the use of security scanners (body scanners) liquids screening equipment In the future and in the context of the EU CBRN Action Plan it is planned to carry out similar activities as in Internal Security, in particular on sampling, detection, etc. [2]: ECAC: European Civil Aviation Conference Internal Security / Detection – Running 18 The ‘Action Plan on Enhancing the security of Explosives of 2008’ recommends to develop minimum detection standards based on relevant detection scenarios and threat assessment relevant scenarios are currently being developed by an expert working group (representative of MS, supported by a network of experts for the detection of explosives) CEN standardisation work (funded by EC) has been provided over the last few years in a couple of areas, such as: critical infrastructure protection, Biosafety / biosecurity, security of drinking water ERN-CIP project (lead by the JRC) EC supports as well the ITRAP+10 project (lead by the JRC): testing and certification of nuclear detection equipment (cooperation element with the US) Internal Security / Migration, Asylum, Borders – Running 19 for the time being: restricted work on technical or operational standards, particular work on legal / political harmonisation Asylum: framework of practical co-operation plus Eurodac and Dublin Convention, and in the Global approach to migration (Mobility Partnerships), Visa Information System (VIS), Schengen Information System (SIS), irregular immigration: Integration: framework of the Common Basic Principles (JHA Council conclusions of 19.11.2004) Borders: FRONTEX and the Schengen Border Code: ICONet (Decision 2005/267/EC), the Immigration Liaison Officers (Reg. 377/2004/EC) and the Rapid Border Intervention Teams (Reg. 863/2007) more relevant work carried out but for the time being not too interesting for industry more industry relevant discussion of technical interoperability standards in the area of EUROSUR, (very early stage) The same applies to the entry/exit and registered traveller programmes Global Supply Chain – A practical Example 20 EC: advocates a comprehensive and effective multi layered risk management approach using a range of methods and technologies commensurate to the risks associated with specific high risk consignments The testing of some Container Security Devices (Smart seals) under the EU - CHINA pilot on Smart and Secure Trade Lanes (SSTL) (involvement of UK, NL and CN Customs) has highlighted the need for common (customs) requirements, procedures and standards faced with interoperability problems when seals and reader infrastructure didn't belong to the same "family" using different communication protocols based on different international standards CONCLUSION / Way forward: modern customs administrations and the economic operators are urged to make use of new emerging technologies to enhance the security in the global supply chain Maritime and Land Transport Security – Running / Way forward Specific EU security requirements are less developed to date in the maritime security sector EU security requirements for land transport security do not exist yet it is conceivable that both sectors could follow the same approach as aviation security in setting legally binding standards 21 Conformity Assessment – Running / Way forward 22 Mutual recognition of security standards and trade partnership programmes, like AEO[1] and C-TPAT[2], with the EU main trading partners (a key element of the EU efforts to strengthen the end-to-end security of international supply chains) Aim: to enhance supply chain security and to facilitate trade through focusing on real risks and granting substantial, equal and reciprocal benefits to reliable international partners and economic operators Example: June 2010: DG Deffaa and Commissioner Bersin signed a document entitled "Final Steps Towards the Implementation of Mutual Recognition Between the United States and the European Union" Current Status: Under approval process (intended signing of the Mutual Recognition Decision is expected in early 2011) AEO and C-TPAT benefits will only be activated after successful completion of the joint validations and IT solutions foreseen in the work program, expected forEUno [1]: AEO: Authorised Economic Operator later than the 31 October 2011 [2]: C-TPAT: Customs-Trade Partnership Against Terrorism Data Protection – ISO 29100: The upcoming Data Protection Standard 23 The data protection community in Europe is following closely the elaboration of the ISO 29100 standard on data protection Expectation: an ambitious standard that protects effectively the ‘data subject’ rights Promoting concrete rights for the individuals, and a high level of privacy Safe international exchanges of data Compatible with the existing legislation in Europe (Directive 95/46/CE) Those standards are seen as extremely important in order to have secure international data flows, Accompany the current globalisation, protecting the individual rights such as data access, data correction and deletion common ground (vocabulary, concept, guidelines rules, evaluation methods …) to discuss the privacy and data protection issues EC supports the standardisation of 'privacy and security seals and labels‘ established seals in the US and emerging seals in Europe Security Standardisation Programming Mandate - Scope 24 Development of a work programme for the definition of European Standards and other standardisation deliverables in the area of SECURITY. Including protection against man-made and natural disasters Excluding Defence and Space technologies The Mandate concerns the analysis of the current security standards landscape in Europe, taking account of the legislative background, and the drawing of a security standardisation map. Security Standardisation Programming Mandate – List of Areas 25 Security of the Citizens Organised Crime Counter Terrorism Explosives CBRN Restoring security and safety in case of crisis Preparedness and planning Response Recovery Border Security Land border / Check Points Sea Border Air Border Security of infrastructures and utilities Building design Energy / Transport communication grids Surveillance Supply Chains Security Standardisation Programming Mandate – Execution of mandated Work 26 For each selected sector: identification of the specific standardisation needs and preparation of a comprehensive standardisation programme with a suitable and realistic roadmap Phase 2 Acceptance of report by EC Phase 1 Phase 0 Report: Setting up arrangements 2 months ESOs A study should identify the state of play in security standardisation, existing gaps, list a set of sectors, List the particular stakeholders needing to be involved 6 months 8 months 6 months shall execute the Standardisation Mandates on the sectors agreed with the EC afterwards Way ahead 27 Collaboration across borders User, industry, research, … 28