THE EUROPEAN – SECURITY AND DEFENCE UNION
Growing, challenging risks make evident that the EU needs a comprehensive security approach
A governance platform for fighting security threats in a time of transformation by Joseph A. Ghattas, Vice President, European Public Sector, CA Technologies, Paris
The European Union (EU) as a whole as well as its individual members face growing, challenging risks such as the increasing numbers of people seeking asylum, environmental disasters, terrorism, growing rates of cybercrime, cyber-attacks and increasingly interdependent critical information infrastructures. To cope with them, security and safety authorities on all levels must strengthen their collaboration and execute towards a common strategy. However, to achieve this a new quality of governance is necessary to plan, build and act on the fundamental steps to transform security and safety authorities into a new, more agile architecture. A critical success factor for this transformation will be a governance platform to accelerate the implementation of new functions and ensure operational excellence while mitigating risks and delivering verifiable value to the citizen.
A plead for a comprehensive governance platform As stated in the objective 3 of the Communication from the Commission entitled “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, security of IT networks is one essential factor for a well-functioning information society”. The rapid development and application of new information technologies has also created new forms of criminal activity. Cybercrime is a global phenomenon causing significant damage to the EU internal market. While the very structure of the internet knows no boundaries, jurisdiction for prosecuting cybercrime still stops at national borders. Member States need to pool their efforts at EU level. The High Tech Crime Centre at Europol already plays an important coordinating role for law enforcement, but further action is needed.” A governance platform has to be an integrated solution that gives key stakeholders a real-time view into their organisation’s initiatives, resources and investments. It empowers them to improve decision-making, engage all government organisations − by bridging the gap between strategic planning and execution − and extend portfolio management across the administration. This platform not only improves governance practices and minimises risks, it also helps maintaining and extending the ability of action.
Striving for efficient use of resources The right governance platform creates a single source of the truth through which all requirements can be evaluated, prioritised and managed. This would give security authorities visi-
42
bility in how resources should be used efficiently. Though there will be always some kind of unpredictability. Therefore it is impossible to achieve effective governance, security portfolio planning and risk management without seeing exactly how much and what type of work resources are allocated to. With such a solution it will be much easier to capture, classify, evaluate, and approve all the sources of a certain demand, so work can be prioritized and resources get allocated to the highest-risk threats.
How to conduct strategic planning Generally, a government’s goal should be to create a strategic plan to respond to all validated threats and safety demands and prepare for potential new threats. A comprehensive governance platform would enable such a strategic planning by: • Enabling the setting of strategic goals • Helping to identify investment areas • Creating an ongoing roadmap for transformation • Aligning administration portfolios with the government strategic and operational initiatives As an example, securing critical information infrastructures such as electricity generation, financial services, telecommunications and others requires a strategic approach to ensure effective operational coordination of all homeland security and cyber security organizations in the EU and its neighbors. To achieve this, capabilities and capacities as well as different skills and equipment have to be evaluated prior to handling critical situations. With that, all participating institutions would benefit as gaps and overlaps could be identified early and countermeasures could be taken proactively.
What the EU and Member States should achieve To execute on a common strategy, the EU and its members would need to increase their efforts on collaboration, eliminate redundancies and share best practices to bring optimal results from the most valuable asset − the staff. Another aspect of building a comprehensive security architecture is the evaluation of risks and investments associated to specific projects, missions or services. For security authorities contributing to a superordinate strategic plan, it is not enough to believe that its projects and services provide value. In fact, they must be able to effectively demonstrate that timelines and budget targets are met. However, even the best project plans are often derailed by unexpected risks and unresolved
