1
Standardisation
for
security and protection of
the citizens
Dr. Alois J. Sieber, HoU,
European Commission
Joint Research CentreJRC
IPSC, Ispra, Italy
List of Content
Where do I come from?
Why does the European Commission underline the
needs for standardisation?
In which areas has the EC already efforts in
standardisation?
Way ahead
2
3
Where does the JRC fit
in the European Commission?
President José Manuel Barroso
27 Commission Members
Commissioner
Máire Geoghegan-Quinn
Research, Innovation and Science
Joint Research Centre (JRC)
Research DG (RTD)
4
The Mission of the Joint Research Centre
… is to provide customer-driven scientific and technical support for
the conception, development, implementation and monitoring of EU
policies.
As a service of the European Commission, the JRC functions as a
reference centre of science and technology for the Union.
Close to the policy-making process, it serves
the common interest of the Member States,
while being independent of special interests,
whether private or national.
5
Our Structure: 7 Institutes in 5 Member States
IRMM - Geel, Belgium
Institute for Reference Materials and Measurements
ITU - Karlsruhe, Germany
Institute for Transuranium Elements
IE - Petten, The Netherlands – Ispra, Italy
Institute for Energy
IPSC - Ispra, Italy
Institute for the Protection and Security of the Citizen
IES - Ispra, Italy
Institute for Environment and Sustainability
IHCP - Ispra, Italy
Institute for Health and Consumer Protection
IPTS - Seville, Spain
Institute for Prospective Technological Studies
~ 2750 staff
~ 330 M€/y budget (+ 40 M€/y competitive income)
6
EU Grand Challenges and Security
Energy & climate
change
Public health /
consumer
protection
Knowledge and
innovation
society
Crises
Management /
natural disasters
Sustainability
&
Growth
Sustainable
production &
consumption
Safety
&
Security
Nuclear Safety
and security
Natural
resources &
agriculture
Fight against
terror &
organized crime
7
8
EUROPE 2020
A strategy for smart, sustainable and
inclusive growth (COM/2010/2020) states
Initiative by President José Manuel BARROSO
Steering the process
Commission is proposing five measurable EU targets for
2020 in order to steer the process:
for employment
for research & innovation
for climate change and energy
for education
for combating poverty
9
Seven flagship initiatives to catalyze process
10
Flagship initiative: “Innovation Union”
– Based on improved framework conditions for innovation like
setting up interoperable standards
Flagship initiative: “Resource efficient Europe”
– To use regulation building performance standards
Flagship initiative: “An industrial policy for globalization
era”
– To develop a horizontal approach to industrial policy
combining policy instruments (e. g. “smart” regulations,
modernized public procurement, competition rules and
standard setting)
In preparation
In early 2011, the Commission will present a Communication
accompanied by a legislative proposal on standardisation,
which will inter alia cover the ICT sector, in order
to speed up and modernise standard-setting to
enable interoperability and foster innovation in fastmoving global markets.
This will be combined with a multi-annual programme to
anticipate new standardisation needs and integration
of standards into R&D projects in the research
Framework Programme.
11
The challenge
A Report on the future of European standardization
(2010/2051(INI)) by the Committee on the Internal Market and
Consumer Protection underlines
“the need to improve mutual awareness and cooperation
between standardisers, innovators, academia and the
research communities” and
“the inclusion of new knowledge in standards, in particular
from publicly funded research and innovation programmes”
in order to promote innovation and competitiveness.
12
Integrated Approach
13
Ref.: STAIR
New Approach: Scenario Based
14
Improving Awareness & Visibility of Security
15
Aviation Security - Overview
16

EC develops legally binding standards for aviation security screening
equipment (e.g. detection performance, operational use, training of staff)

Cooperation with





Technical experts from MS (Regulatory Committee) (incl. Technical Task Force of
ECAC (European Civil Aviation Conference (UN-body on civil aviation in Europe))
Aviation Industry (Advisory Board)
More frequently meetings of joint special WGs of MS and industry, reporting to
Regulatory Committee
International Cooperation, e.g. USA (Joint Committee under the EU-US Air Transport
Agreement ), QUAD-group, joint seminars, framework of ICAO
Procedure
Agreement on Regulatory Committee level,
 adoption by European Commission, laid down in European Commission
regulation (EU) No 185/2010: common basic standards on aviation security



Non-sensitive: published in Official Journal
Sensitive or classified: Commission Decision 774 not published
Aviation Security - Look ahead
17

EC is considering to develop generic guidelines for canine
detection based on the experience in the aviation security

EC appreciate future subjects related to standardisation such
as:


the aligning of EC policies on the use of security scanners (body
scanners)

liquids screening equipment
In the future and in the context of the EU CBRN Action Plan it
is planned to carry out similar activities as in Internal Security,
in particular on sampling, detection, etc.
[2]: ECAC: European Civil Aviation Conference
Internal Security / Detection – Running
18

The ‘Action Plan on Enhancing the security of Explosives of 2008’ recommends
to develop minimum detection standards based on relevant detection scenarios
and threat assessment

relevant scenarios are currently being developed by an expert working group
(representative of MS, supported by a network of experts for the detection of
explosives)

CEN standardisation work (funded by EC) has been provided over the last few
years in a couple of areas, such as:
 critical infrastructure protection,
Biosafety / biosecurity,
 security of drinking water


ERN-CIP project (lead by the JRC)

EC supports as well the ITRAP+10 project (lead by the JRC): testing and
certification of nuclear detection equipment (cooperation element with the US)
Internal Security / Migration, Asylum, Borders – Running
19

for the time being: restricted work on technical or operational standards,
particular work on legal / political harmonisation

Asylum:
framework of practical co-operation plus Eurodac and Dublin Convention, and in
the Global approach to migration (Mobility Partnerships),
 Visa Information System (VIS),
 Schengen Information System (SIS),
 irregular immigration:





Integration:


framework of the Common Basic Principles (JHA Council conclusions of 19.11.2004)
Borders:

FRONTEX and the Schengen Border Code:



ICONet (Decision 2005/267/EC),
the Immigration Liaison Officers (Reg. 377/2004/EC) and
the Rapid Border Intervention Teams (Reg. 863/2007)
more relevant work carried out but for the time being not too interesting for industry
more industry relevant discussion of technical interoperability standards in the area of
EUROSUR, (very early stage)
The same applies to the entry/exit and registered traveller programmes
Global Supply Chain – A practical Example
20

EC: advocates a comprehensive and effective multi
layered risk management approach using a range of
methods and technologies commensurate to the risks
associated with specific high risk consignments
The testing of some Container Security Devices (Smart
seals) under the EU - CHINA pilot on Smart and Secure
Trade Lanes (SSTL) (involvement of UK, NL and CN
Customs) has highlighted the need for common
(customs) requirements, procedures and standards
faced with interoperability problems when seals and
reader infrastructure didn't belong to the same "family"
using different communication protocols based on
different international standards
 CONCLUSION / Way forward:
modern customs administrations and the economic
operators are urged to make use of new emerging
technologies to enhance the security in the global
supply chain
Maritime and Land Transport Security – Running / Way
forward

Specific EU security requirements are less
developed to date in the maritime security
sector

EU security requirements for land
transport security do not exist yet

it is conceivable that both sectors could
follow the same approach as aviation
security in setting legally binding
standards
21
Conformity Assessment – Running / Way forward
22

Mutual recognition of security standards and trade
partnership programmes, like AEO[1] and C-TPAT[2], with the
EU main trading partners (a key element of the EU efforts to
strengthen the end-to-end security of international supply chains)

Aim: to enhance supply chain security and to facilitate
trade through focusing on real risks and granting
substantial, equal and reciprocal benefits to reliable
international partners and economic operators

Example: June 2010: DG Deffaa and Commissioner Bersin
signed a document entitled "Final Steps Towards the
Implementation of Mutual Recognition Between the United
States and the European Union"

Current Status: Under approval process (intended signing of the
Mutual Recognition Decision is expected in early 2011)
AEO and C-TPAT benefits will only be activated after
successful completion of the joint validations and IT
solutions foreseen in the work program, expected
forEUno
[1]: AEO:
Authorised Economic Operator
later than the 31 October 2011
[2]: C-TPAT: Customs-Trade Partnership Against Terrorism
Data Protection – ISO 29100: The upcoming Data Protection
Standard
23

The data protection community in Europe is following closely the
elaboration of the ISO 29100 standard on data protection

Expectation: an ambitious standard that protects effectively the ‘data
subject’ rights
Promoting concrete rights for the individuals, and a high level of privacy
 Safe international exchanges of data
 Compatible with the existing legislation in Europe (Directive 95/46/CE)


Those standards are seen as extremely important in order





to have secure international data flows,
Accompany the current globalisation,
protecting the individual rights such as data access, data correction and deletion
common ground (vocabulary, concept, guidelines rules, evaluation methods …) to
discuss the privacy and data protection issues
EC supports the


standardisation of 'privacy and security seals and labels‘
established seals in the US and emerging seals in Europe
Security Standardisation Programming Mandate - Scope
24


Development of a work programme for the definition of European
Standards and other standardisation deliverables in the area of
SECURITY.

Including protection against man-made and natural disasters

Excluding Defence and Space technologies
The Mandate concerns the analysis of the current security
standards landscape in Europe, taking account of

the legislative background, and

the drawing of a security standardisation map.
Security Standardisation Programming Mandate – List of
Areas
25

Security of the Citizens

Organised Crime

Counter Terrorism

Explosives

CBRN
Restoring security and safety in
case of crisis

Preparedness and planning
 Response
 Recovery


Border Security




Land border / Check Points
Sea Border
Air Border
Security of infrastructures and
utilities
 Building design
 Energy / Transport communication grids
 Surveillance
 Supply Chains
Security Standardisation Programming Mandate
– Execution of mandated Work
26
For each selected sector:
 identification of the specific
standardisation needs and
 preparation of a comprehensive
standardisation programme with
a suitable and realistic roadmap
Phase 2
Acceptance of
report by EC
Phase 1
Phase 0
Report:
Setting up
arrangements
2 months
ESOs
A study should identify
 the state of play in security
standardisation,
 existing gaps,
 list a set of sectors,
 List the particular stakeholders
needing to be involved
6 months
8 months
6 months
shall execute the Standardisation Mandates on the sectors agreed with the EC afterwards
Way ahead
27
Collaboration across borders
User, industry, research, …
28