Difference between revisions of "Cross-cutting Criteria"

From CIPedia
Jump to navigation Jump to search
 
(19 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
==Definitions==
 
==Definitions==
 
=== European Definitions ===
 
=== European Definitions ===
==== Council Directive 2008/114/EC ====
+
==== [[EU|Council Directive 2008/114/EC]] ====
<big>Cross-cutting criteria may refer to <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>:
+
Cross-cutting criteria may refer to <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>:
 
# casualties criterion (assessed in terms of the potential number of fatalities or injuries);  
 
# casualties criterion (assessed in terms of the potential number of fatalities or injuries);  
 
# economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);  
 
# economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);  
 
# public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).  
 
# public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).  
</big>
+
<br />
  
 
=== National Definitions ===
 
=== National Definitions ===
==== Luxembourg ====
+
==== [[Luxembourg]] ====
{{definition|Critères intersectoriels: le nombre de victimes (nombre potentiel de morts ou de blessés); l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement); l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}} Les seuils des critères intersectoriels sont fondés sur la gravité de l'impact de l'arrêt ou de la destruction d'une infrastructure donnée. <br />
+
{{definition|Critères intersectoriels: <br/>- le nombre de victimes (nombre potentiel de morts ou de blessés); <br/>- l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement); <br/>- l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}}Equals: the [[EU|Council Directive 2008/114/EC]] criteria definition <br /><br />
 +
 
 +
==== [[Netherlands]] ====
 +
Since April 2015, The Netherlands recognises <ref>[https://www.nctv.nl/actueel/nieuws/kabinet-versterkt-crisisbeheersing.aspx?cp=126&cs=59950 Voortgangsbrief nationale veiligheid 9 april 2015]</ref> two categories in criticality of critical infrastructure:<br />
 +
Category A: at least impact on one of the following four impact categories:
 +
# economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income
 +
# physical impact: > 10.000 deaths, severely injured or chronically ill
 +
# social-psychological impact: > 1 million persons are emotionally affected or experience serious societal survivability problems (fear, anger, disturbance)
 +
# cascade impact: this disruption causes failure of minimal two other (critical) sectors
 +
 
 +
Category B: at least impact on one of the following three impact categories:
 +
# economic impact: > 5.000 million euro costs and damages, or 1.0% decrease in real income
 +
# physical impact: > 1.000 deaths, severely injured or chronically ill
 +
# social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems
 +
<br />
 +
 
 +
==== [[Qatar]] ====
 +
Criteria for being critical are:
 +
# Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
 +
# Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
 +
# Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in <ref name=Qatar>[http://www.motc.gov.qa/sites/default/files/national_cyber_security_strategy.pdf QATAR National Cyber Security Strategy (May 2014)]</ref> <ref name=Q2>[http://www.ictqatar.qa/ar/cyber-security/national-cyber-security-strategy الاستراتيجية الوطنية للأمن السيبراني QATAR National Cyber Security Strategy - Arabic version (May 2014)]</ref>.  
 +
<br />
 +
 
 +
==See also==
 +
* [[Criticality Scale]]
  
  
Line 18: Line 42:
  
 
[[Category:Consequence]]
 
[[Category:Consequence]]
{{#set:defined by=EU}}
+
{{#set:defined by=EU|defined by=Luxembourg|defined by=Netherlands|defined by=Qatar}}
 +
{{#set: Showmainpage=Yes}}

Latest revision as of 00:35, 29 June 2019

Definitions

European Definitions

Council Directive 2008/114/EC

Cross-cutting criteria may refer to [1]:

  1. casualties criterion (assessed in terms of the potential number of fatalities or injuries);
  2. economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);
  3. public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).


National Definitions

Luxembourg

Critères intersectoriels:
- le nombre de victimes (nombre potentiel de morts ou de blessés);
- l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement);
- l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). [2]

Equals: the Council Directive 2008/114/EC criteria definition

Netherlands

Since April 2015, The Netherlands recognises [3] two categories in criticality of critical infrastructure:
Category A: at least impact on one of the following four impact categories:

  1. economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income
  2. physical impact: > 10.000 deaths, severely injured or chronically ill
  3. social-psychological impact: > 1 million persons are emotionally affected or experience serious societal survivability problems (fear, anger, disturbance)
  4. cascade impact: this disruption causes failure of minimal two other (critical) sectors

Category B: at least impact on one of the following three impact categories:

  1. economic impact: > 5.000 million euro costs and damages, or 1.0% decrease in real income
  2. physical impact: > 1.000 deaths, severely injured or chronically ill
  3. social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems


Qatar

Criteria for being critical are:

  1. Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
  2. Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
  3. Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [4] [5].


See also


Notes