Difference between revisions of "Cross-cutting Criteria"
Jump to navigation
Jump to search
(14 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
=== European Definitions === | === European Definitions === | ||
==== [[EU|Council Directive 2008/114/EC]] ==== | ==== [[EU|Council Directive 2008/114/EC]] ==== | ||
− | + | Cross-cutting criteria may refer to <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>: | |
# casualties criterion (assessed in terms of the potential number of fatalities or injuries); | # casualties criterion (assessed in terms of the potential number of fatalities or injuries); | ||
# economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects); | # economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects); | ||
# public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services). | # public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services). | ||
− | |||
<br /> | <br /> | ||
=== National Definitions === | === National Definitions === | ||
==== [[Luxembourg]] ==== | ==== [[Luxembourg]] ==== | ||
− | {{definition|Critères intersectoriels: le nombre de victimes (nombre potentiel de morts ou de blessés); l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement); l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}} <br /> | + | {{definition|Critères intersectoriels: <br/>- le nombre de victimes (nombre potentiel de morts ou de blessés); <br/>- l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement); <br/>- l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}}Equals: the [[EU|Council Directive 2008/114/EC]] criteria definition <br /><br /> |
+ | |||
==== [[Netherlands]] ==== | ==== [[Netherlands]] ==== | ||
− | + | Since April 2015, The Netherlands recognises <ref>[https://www.nctv.nl/actueel/nieuws/kabinet-versterkt-crisisbeheersing.aspx?cp=126&cs=59950 Voortgangsbrief nationale veiligheid 9 april 2015]</ref> two categories in criticality of critical infrastructure:<br /> | |
Category A: at least impact on one of the following four impact categories: | Category A: at least impact on one of the following four impact categories: | ||
# economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income | # economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income | ||
Line 24: | Line 24: | ||
# physical impact: > 1.000 deaths, severely injured or chronically ill | # physical impact: > 1.000 deaths, severely injured or chronically ill | ||
# social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems | # social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems | ||
− | + | <br /> | |
==== [[Qatar]] ==== | ==== [[Qatar]] ==== | ||
Line 30: | Line 30: | ||
# Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.); | # Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.); | ||
# Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and | # Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and | ||
− | # Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in <ref name=Qatar>[http://www. | + | # Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in <ref name=Qatar>[http://www.motc.gov.qa/sites/default/files/national_cyber_security_strategy.pdf QATAR National Cyber Security Strategy (May 2014)]</ref> <ref name=Q2>[http://www.ictqatar.qa/ar/cyber-security/national-cyber-security-strategy الاستراتيجية الوطنية للأمن السيبراني QATAR National Cyber Security Strategy - Arabic version (May 2014)]</ref>. |
<br /> | <br /> | ||
+ | |||
+ | ==See also== | ||
+ | * [[Criticality Scale]] | ||
+ | |||
==Notes== | ==Notes== | ||
Line 39: | Line 43: | ||
[[Category:Consequence]] | [[Category:Consequence]] | ||
{{#set:defined by=EU|defined by=Luxembourg|defined by=Netherlands|defined by=Qatar}} | {{#set:defined by=EU|defined by=Luxembourg|defined by=Netherlands|defined by=Qatar}} | ||
+ | {{#set: Showmainpage=Yes}} |
Revision as of 00:35, 29 June 2019
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
Cross-cutting criteria may refer to [1]:
- casualties criterion (assessed in terms of the potential number of fatalities or injuries);
- economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);
- public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).
National Definitions
Luxembourg
Critères intersectoriels:
- le nombre de victimes (nombre potentiel de morts ou de blessés);
- l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement);
- l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). [2]
- le nombre de victimes (nombre potentiel de morts ou de blessés);
- l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement);
- l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). [2]
Equals: the Council Directive 2008/114/EC criteria definition
Netherlands
Since April 2015, The Netherlands recognises [3] two categories in criticality of critical infrastructure:
Category A: at least impact on one of the following four impact categories:
- economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income
- physical impact: > 10.000 deaths, severely injured or chronically ill
- social-psychological impact: > 1 million persons are emotionally affected or experience serious societal survivability problems (fear, anger, disturbance)
- cascade impact: this disruption causes failure of minimal two other (critical) sectors
Category B: at least impact on one of the following three impact categories:
- economic impact: > 5.000 million euro costs and damages, or 1.0% decrease in real income
- physical impact: > 1.000 deaths, severely injured or chronically ill
- social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems
Qatar
Criteria for being critical are:
- Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
- Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
- Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [4] [5].
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008
- ↑ Voortgangsbrief nationale veiligheid 9 april 2015
- ↑ QATAR National Cyber Security Strategy (May 2014)
- ↑ الاستراتيجية الوطنية للأمن السيبراني QATAR National Cyber Security Strategy - Arabic version (May 2014)