Project 101: Enhance CBRN Critical Infrastructure Protection and (Cyber) Security in South-East, Eastern Europe, Central Asia and Middle East

Context

Major industrial accidents, such as the Chernobyl Nuclear Disaster (Ukraine, 1986), the Bhopal Gas Tragedy (India, 1984), or the Beirut Explosion (Lebanon, 2020), demonstrate the major, long-term public health, environmental and economic risks of such incidents at CBRN facilities. 

Additionally, Russia’s full-scale invasion of Ukraine has highlighted the risks when CBRN facilities come under attack, and how this can be used for terroristic or extortion purposes. Furthermore, the risk of disastrous incidents is increasing as rogue states, criminal enterprises and terroristic groups are becoming ever more sophisticated and aggressive in hacking operational systems at CBRN facilities.

Overall objective

This project aims to strengthen and enhance protection and security measures for national CBRN Critical Infrastructure facilities and practices in the SEEE, CA and ME partner countries, to minimise consequences of attacks and breaches at such facilities. 

Specific objectives

• To strengthen horizontal coordination between different state organisations responsible for protection and security of CBRN facilities.
• To enhance risk assessment of CBRN Critical Infrastructure facilities.
• To enhance physical and (cyber-)security capabilities and capacities.
• To stimulate exchange of best practices and networking. 

Concrete activities

• Establish policy, methodologies, guidelines and protocols on identification and classification of components of National CBRN Critical Infrastructure.
• Develop risk assessment tools and perform pilot assessments in each partner country of a CBRN Critical Infrastructure facility.
• Formulate guide on general design of physical protection, (cyber) security and operational systems.
• Develop decision-making framework on how to respond to protection and security, including cyberthreats.
• Identify equipment and software needs for upgrading physical protection and (cyber) security and operational systems.
• Provide practical trainings and exercises on protection, operational security, including cybersecurity.
• Foster networking of national and regional CBRN critical infrastructure protection and security.
• Stimulate sharing of good practices based on relevant EU and partner countries institution’s experiences. 

Expected results

• Elaboration of inventories for:
  • Existing or potentially considered facilities and practices of CBRN Critical Infrastructure.
  • Capacities, resources, needs and relevant regulations to ensure protection and security of CBRN Critical Infrastructure.
• Elaboration and/or enhancement of methodological capabilities for:
  • Identification of facilities and practices as components of national CBRN Critical Infrastructure.
  • Assessment of risks of CBRN Critical Infrastructure facilities and practices.
  • Design of Protection and Security Systems for CBRN Critical infrastructure facilities and practices.
  • Response to protection and (cyber)security threats to CBRN facilities and practices.
• Fulfilment of country-specific and domain specific CBRN risk assessments.
• Enhanced competences and inter-agency cooperation of state actors responsible for general security, cyber security and physical protection of national CBRN critical infrastructure facilities and practices through trainings and exercises.
• Enhanced regional and interregional cooperation through exchange of best practices workshops, regional and interregional table-top exercises and transfer of EU best practices on measures of protection of CBRN Critical Infrastructure.

Achievements

• Finalisation of OSINT-based national reports: draft reports using open-source intelligence were completed for all partner countries to establish baseline assessments.
• Completion of the State-of-the-Art analysis: an overview of existing international organisations, training centres, and initiatives was compiled to identify resources P101 can leverage.
• Successful conduct of consultation visits: targeted visits in about 10 countries helped validate findings and align activities with national priorities.
• Establishment of expert teams and coordination structures: a team of EU and regional experts was formed, alongside coordination mechanisms to guide implementation.
• Early engagement with national stakeholders and regional partners: collaboration began with focal points, competent authorities, and regional actors to support project rollout.