D’Appolonia S.p.A.

AN ISO 9001 AND ISO 14001 CERTIFIED COMPANY

www.dappolonia.it

Critical Infrastructure Protection and interdependency issues:

industry vision within the EC framework approach

Fabio Bagnoli

D’Appolonia S.p.A.

D’Appolonia is a major Italy-based engineering company that provides multidisciplinary

engineering consulting and design services to a great variety of public and private clients

The Company has been established by Dr. Elio D’Appolonia in 1956 in Pittsburgh

(Pennsylvania), and is present in Italy since 1981

In 1983 the Italian office, headquartered in Genoa, became the independent company

D’Appolonia S.p.A.

The company since December 2011 is part of the RINA Group

Engineering Services

D’Appolonia provides engineering and management services during the whole project

life cycle:

Feasibility studies and research

Conceptual design and project specifications

Preliminary and detailed design

Physical and virtual validation

Management of suppliers and system integration

Construction management and supervision

Commissioning and support to homologation and certification

Maintenance and operation

Company Offices

The “Origins”

The European Council of June 2004 asked the Commission to prepare an

overall strategy to protect critical infrastructure. In response, the Commission

adopted on 20 October 2004 a Communication “Critical Infrastructure

Protection in the Fight Against Terrorism” putting forward clear suggestions on

what would enhance European prevention, preparedness and response to

terrorist attacks involving critical infrastructures.

The Council conclusions on “Prevention, Preparedness and Response to

Terrorist Attacks” and the “EU Solidarity Programme on the Consequences of

Terrorist Threats and Attacks” adopted by Council in December 2004 endorsed

the intention of the Commission to propose a European Programme for Critical

Infrastructure Protection (EPCIP)

The “Pillars”

European Programme for Critical Infrastructure Protection

Adoption of Directive 2008/114/EC

Financial measures to support the strategy

Critical Infrastrucutre Protection CIP

CIP requires the active participation of the owners and operators of

infrastructure, regulators, professional bodies and industry associations in

cooperation with all levels of government, and the public.

CIP is focused on the need to minimise risks to public health, safety and

confidence, ensure our economic security.

The objectives of CIP are to identify critical infrastructure, analyse

vulnerability and interdependence, and protect from, and prepare for, all

hazards.

As not all critical infrastructure can be protected from all threats,

appropriate risk management techniques should be used to determine

relative criticality, the level of protective security,

The sharing of information relating to threats and vulnerabilities will assist

governments, and owners and operators of critical infrastructure to better

manage risk.

Support to Security Projects

The Commission provides two types of funding for security-related

projects:

Operational, highly specific and policy-oriented activities are supported

by the Framework Programme on Security and Safeguarding Liberties,

which is composed of two specific programmes: Prevention,

Preparedness and Consequence Management of Terrorism and

Prevention of and Fight against Crime.

Longer-term research is supported by the Security theme, under the 7th

Framework Programme (FP7), with a budget of EUR 1.4 billion for

2007-13.

The CIPS Programme

The Prevention, Preparedness and Consequence Management of

Terrorism and other Security-related Risks (CIPS) programme is

designed to protect citizens and critical infrastructures from terrorist

attacks and other security incidents.

The EU has allocated EUR 140 million for the period 2007–13 for

operational cooperation and coordination actions (strengthening

networking, mutual confidence and understanding, developing

contingency plans, exchanging and disseminating information,

experiences and best practices

Main Areas

Prevention and Preparedness refers to measures aimed at

preventing and/or reducing risks linked to terrorism and other

security related risks.

Consequence Management refers to the coordination of measures

taken in order to react to and to reduce the impact of the effects of a

security related incident, in particular resulting from terrorist attacks

in order to ensure a smooth coordination of crisis management and

security actions.

Expected Outcome

Development of Instruments

Common Framework

Methods and techniques

Exchange and Dissemination

Main Areas

Prevention and Preparedness refers to measures aimed at

preventing and/or reducing risks linked to terrorism and other

security related risks.

Consequence Management refers to the coordination of measures

taken in order to react to and to reduce the impact of the effects of a

security related incident, in particular resulting from terrorist attacks

in order to ensure a smooth coordination of crisis management and

security actions.

Our Vision

Close cooperation with end users, public bodies and other

operators of Critical Infrastructures

Strong synergies with industries providing technologies

Definition and validation of new comprehensive methodologies for

all the analyses to be undertaken to assess threats, vulnerabilities

and risks, that could be offered to Critical Infrastructures operators

and other end users

Interdependency issues needs a consolidated security culture and a

strong multidisciplinary approach

Combination with deep competences in the involved domains

Security Culture

SECURITY APPROACH

INFORMATION

SECURITY

SECURITY RISK

MANAGEMENT

TOOLS AND

FACILITIES

PHYSICAL

SECURITY

Interdependency issue

Interdependencies among Critical Infrastructures are complex and

need to be understood since disruptions in one infrastructure can

propagate into other infrastructures.

Interdependencies between infrastructures, in fact, imply that an

impact on one infrastructure is also an impact on one or more other

interconnected infrastructures.

Focus on impact analysis within a

“multidomain” approach

Our involvement in CIPS projects

Involvement in projects in different domains

Cross fertilization among the different involved areas and their relevant

approaches

Development of new harmonised methodologies and implementation of

supporting tools to propose to our customers

Transportation sector - EUMASS Project

The EUMASS objective was the delivery of a unified and flexible solution

for risk assessment methodology to be applied by all European Mass

Transit operators.

Main goal was to achieve an integrated process composed by the audit and

risk assessment methodologies supported by a software tool.

An audit method was prepared to translate empirical evaluations into

objective inputs for the risk analysis models and to monitor them during the

system lifecycle.

A semi-quantitative risk assessment methodology was developed to

continuously evaluate the risks associated to a system and to evaluate the

effectiveness of the implemented countermeasures.

A software tool was developed to support the user along the whole

process.

Tools for operators - COBALT Project

Main aim of the COBALT is to provide CI operators and owners with an instrument which will help in defining the risk their infrastructures are subject to.

COBALT aims at providing end-users with an instrument that will help them evaluating which countermeasures are the most effective to reduce the risks a CI is subject to, from an implementation and maintenance costs point of view.

Finally COBALT aims at developing and instrument to evaluate the CI security generating a report showing the evaluated risks and the countermeasures implemented.

Urban Security – MAPEX Project

To develop a probabilistic mapping damage methodology for the assessment,

analysis and optimization of the security level of urban critical infrastructure

against external blast effects

Simplified methodologies for analyzing 3D complex urban scenarios taking into

account urban layout, building characteristics and the existing interaction against

blast.

To harmonized the outputs of the tools according to the key agents (Structural

engineers/architects/urban authorities/Security staff).

D’Appolonia S.p.A.

Headquarters:

Via San Nazaro,19

16145 Genova – Italy

Tel. +39 010 3628148 Fax +39 010 3621078

E-mail: dappolonia@dappolonia.it

Web site http://www.dappolonia.it

Rome

Milan

Viareggio

Naples

Brindisi

Palermo

Brussels

Podgorica

Beijing

Seoul

Cairo

Istanbul

St. Petersburg

Abu Dhabi