DRAFT recommendations Energy & Security and Resilience- BSPYF’24

Enhancing the Resilience and Security of the Baltic Sea Region’s Energy Infrastructure1. To enhance the resilience of energy infrastructure, the involved actors should establishdedicated security measures and monitoring to assess vulnerabilities and protect critical sitesfrom hybrid threats. Government and private institutions must empowe r themselves to protecttheir resources and operations effectively.2. By addressing the hurdles posed by outdated systems, the involved actors can maintain asecure and resilient infrastructure and take a holistic view of security by investing in researc hand development together with the private sector.3. Conducting scenario -based training for various types of attacks with like -minded partnersallows for knowledge exchange and continuous improvement of preparedness through public -private partnerships.4. Strengthen the resilience and protection of maritime infrastructure and ensure rapidresponse to threats through improved coordination between public and private sectors bydeveloping a unified regional strategy for audits.RecommendationsWorkinggroup:EnhancingtheResilienceandSecurityoftheBalticSeaRegion’sEnergyInfrastructureWhatstrategiescanbeimplementedtoimprovetheresilienceoftheBalticSeaRegion’senergyinfrastructureagainstcyberthreatsandphysicalattacks?InwhatwayscantheBalticSeaRegionleveragetechnologicalinnovationtoensureasecureandstableenergysupply?(hybridwarfare,cybersecurity)Keywords:sustainableenergy,cyberthreats,(non)-likemindedpartners,competitiveness1.Toenhancetheresilienceofenergyinfrastructure,theinvolvedactorsshouldestablishdedicatedsecuritymeasuresandmonitoringtoassessvulnerabilitiesandprotectcriticalsitesfromhybridthreats.Governmentandprivateinstitutionsmustempowerthemselvestoprotecttheirresourcesandoperationseffectively.2.Byaddressingthehurdlesposedbyoutdatedsystems,theinvolvedactorscanmaintainasecureandresilientinfrastructureandtakeaholisticviewofsecuritybyinvestinginresearchanddevelopmenttogetherwiththeprivatesector.3.Conductingscenario-basedtrainingforvarioustypesofattackswithlike-mindedpartnersallowsforknowledgeexchangeandcontinuousimprovementofpreparednessthroughpublic-privatepartnerships.4.Strengthentheresilienceandprotectionofmaritimeinfrastructureandensurerapidresponsetothreatsthroughimprovedcoordinationbetweenpublicandprivatesectorsbydevelopingaunifiedregionalstrategyforaudits.Selection:Topic1:AwarenesscreationandmonitoringToenhancetheresilienceofenergyinfrastructure,theinvolvedactorsshouldestablishdedicatedsecuritymeasuresandmonitoringtoassessvulnerabilitiesandprotectcriticalsitesfromhybridthreats.Governmentandprivateinstitutionsmustempowerthemselvestoprotecttheirresourcesandoperationseffectively.prioritisecybersecuritybyinvestingineducationandtrainingfortheiremployees.1.Increaseimportanceofthecybersecuritysectorwithineachcountrybymeansofcreatingmonitoringcenterswhichcouldassessthelevelofvulnerabilitytotheattackofthespecificenergyinfrastructuresites.Governmentinstitutionsandcompaniesthataretargetedbypotentialsabotageshouldenhanceawarenessofthecurrentsecuritysituationandempowerthemselvestoprotecttheirresourcesandoperationseffectively.2.Investineducationandtrainingofthepublicsectoremployeestoincreaseawarenessabouttheriskofcyberattacksandbeingabletoactagainstthemorminimizetheirimpact.Increaseawarenessoftheeffectsofdisruptivemeasuresondemocracyandinfrastructure.IncreasethecoherenceandresilienceofcollectivepoliciesagainstapotentialaggressorandhybridthreatInordertomaximisecooperationonsecurityissues,byimplementingshore-sharingapproach,processorientedthinking(protectionoftheentiresupplylineoritsvulnerablesegment)ratherthanprocess-orientedthinking(defenceofspecificinfrastructureelementsakintooperationsonland)andunifiedcoastaldefencepolicy.(combinewith1stoneofelias)Topic2:Emergencypreparednessandreaction,updatingdigitalinfrastructureByaddressingthehurdlesofoutdatedsystems,theinvolvedactorscanmaintainasecureandresilientinfrastructureandtakeaholisticviewonsecurity.Conductingscenario-basedtrainingofvarioustypesofattackswithlike-mindedpartnersallowsforknowledgeexchangeandacontinuousimprovementofpreparednessthroughpublic-privatepartnerships.3.Createsafetyguidelineswithinthegovernmentstructuresabouthowtoactwhenacyberattackissuspectedor/andwhenitisalreadyhappening,especiallyconcerningthemostimportantandvulnerableinfrastructureinthecountry.4.Investindomesticdataanalysissystemswhichwouldallowforthedigitalizationoftheenergysupplyanddemand,therefore,allowingformoreefficientandsustainableenergyflowsintheregionandensuringstabilityofthesupply.1.Legacy(IT)Infrastructure:Organizationsmustaddressoutdatedsystemsandsoftwarevulnerabilities,whichposesignificantriskstotheiroperations.Overcomingintegrationchallengesandenhancingflexibilityandscalabilityareessentialformaintainingasecureandresilientinfrastructure.ConductScenario-BasedTrainingandExchangeBestPractices:Performscenario-basedexercisestosimulateresponsestovarioustypesofattacksonenergyinfrastructure.Exchangeknowledgeandbestpracticeswithotherregionsandactorstocontinuouslyimprovepreparednessandresponsestrategies.IncorporateAllAspectsofSecurity:Takeaholisticviewofsecuritythatincludespolitico-military,economic-environmental,andhumandimensions.Thisapproachensuresthatenergysecuritystrategiesarerobustandaddressallpotentialvulnerabilitiesandthreats.PublicPrivatePartnerships:Clearlydefiningtherolesandresponsibilitiesbetweenpublicentitiesandprivatecompaniesiscrucial.Introducingfinancialincentivesandregulatoryframeworkswillencourageprivatesectorinvestmentinadvancedcybersecurityandphysicalsecuritymeasures,fosteringamorerobustsecuritypostureacrossindustries.Topic3:Offshore/BalticInfrastructure+Topic5:Military/DefenseStrengthenresilienceandprotectionofmaritimeinfrastructure,andensurerapidresponsetothreatsthroughimprovedcoordinationbetweenpublicandprivatesectors,bythedevelopmentofaunifiedregionalstrategyforaudits.Establishaspecializedregionalworkinggroupledbyexpertcountriestoaddressenergyinfrastructurethreatsinreal-time,collaboratewithNATOfortraining,anddevelopaunifiedregionalstrategyforaudits,threatdetection,surveillance,andpublic-privatepartnerships,witheachcountryadaptingtheplantoitsnationalcontext.Elias1.Governmentinstitutionsandcompaniesthataretargetedbypotentialsabotageshouldenhanceawarenessofthecurrentsecuritysituationandempowerthemselvestoprotecttheirresourcesandoperationseffectively.2.Increaseawarenessoftheeffectsofdisruptivemeasuresondemocracyandinfrastructure.3.Strengthenresilienceandprotectionofmaritimeinfrastructure,andensurerapidresponsetothreatsthroughimprovedcoordinationbetweenpublicandprivatesectors,whileconsideringtheconditionsofdifferentmaritimeregions.Seealso:●https://www.zeit.de/2024/32/russische-spionage-agenten-sicherheit-schutzmassnahmen-bundeskriminalamt(ZEITistarenownednewspaperfromGermany)●https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/wirtschafts-wissenschaftsschutz/2023-30-06-sicherheitshinweis-6.pdf?__blob=publicationFile&v=12(PublicationbytheFederalOfficefortheProtectionoftheConstitution)Jan1.IncreasethecoherenceandresilienceofcollectivepoliciesagainstapotentialaggressorandhybridthreatInordertomaximisecooperationonsecurityissues,byimplementingshore-sharingapproach,processorientedthinking(protectionoftheentiresupplylineoritsvulnerablesegment)ratherthanprocess-orientedthinking(defenceofspecificinfrastructureelementsakintooperationsonland)andunifiedcoastaldefencepolicy.(combinewith1stoneofelias)2.Tosecurestableandsecureenergysupplyitisessentialtoconsiderescalatingtheuseofunmannedaerialvehicles(UAVs)forminecountermeasuresandanti-submarinewarfare.EmbracingUAVstoenhancetheoperationalawarenessandconductsurveillance,particularlyincoordinationwithalliedunits,ispivotalfordetectingRussianhybridactivities,includingthoseoftheRussianshadowfleet.Lena-creatingcommonenergysecurityplan⇒strongerthroughbeingunited-aligningwiththeEUCommonForeignandSecurityStrategyandtheStrategicCompass-workingtogetherwithallmultinationalavailableforums(NATO,OSCE,EU,OECD)-lessstrategicdependencefromoutsideactors-afterendoftheUkrainewar,trytoreturntoadialogueformatwithRussia-takeacomprehensiveoutlookonsecurity,incorporatingallaspectsofsecurity(politico-military,economic-environmental,andhuman)-exchangewithotheractors/regiononbestmethods-workonact-out-scenarios⇒howtobestreacttoanattack1.IncorporateAllAspectsofSecurity:Takeaholisticviewofsecuritythatincludespolitico-military,economic-environmental,andhumandimensions.Thisapproachensuresthatenergysecuritystrategiesarerobustandaddressallpotentialvulnerabilitiesandthreats.2.ConductScenario-BasedTrainingandExchangeBestPractices:Performscenario-basedexercisestosimulateresponsestovarioustypesofattacksonenergyinfrastructure.Exchangeknowledgeandbestpracticeswithotherregionsandactorstocontinuouslyimprovepreparednessandresponsestrategies.Tobias1.RecommendstheBalticSeaStatestosupporttheEuropeanwindturbinemarket,throughjointfundingofBalticSeawindprojects,thatensureEuropeancompetitivenessandeconomicsecurity.2.FurtherstrengthentheeffortstopreventthemonopolyofunlikemindedpartnersintheEuropeanEnergymarket,throughtheEUforeignsubsidiesregulation,toensurethesecurityintegrityoftheBalticenergygrid.Abel1.Legacy(IT)Infrastructurea.OutdatedSystemsandSoftwareVulnerabilities:b.IntegrationChallenges:c.LimitedFlexibilityandScalability2.PublicPrivatePartnershipsa.RoleClarification:Clearlydefinetherolesandresponsibilitiesofbothpublicentitiesandprivatecompaniesb.IncentivesforPrivateSector:Introducefinancialincentivesandregulatoryframeworksthatencourageprivatecompaniestoinvestinadvancedcybersecurityandphysicalsecuritymeasures.c.InvestmentinnewcompaniesAddressingthematter1.Legacy(IT)Infrastructure:Organizationsmustaddressoutdatedsystemsandsoftwarevulnerabilities,whichposesignificantriskstotheiroperations.Overcomingintegrationchallengesandenhancingflexibilityandscalabilityareessentialformaintainingasecureandresilientinfrastructure.2.PublicPrivatePartnerships:Clearlydefiningtherolesandresponsibilitiesbetweenpublicentitiesandprivatecompaniesiscrucial.Introducingfinancialincentivesandregulatoryframeworkswillencourageprivatesectorinvestmentinadvancedcybersecurityandphysicalsecuritymeasures,fosteringamorerobustsecuritypostureacrossindustries.Pola1.Increaseimportanceofthecybersecuritysectorwithineachcountrybymeansofcreatingmonitoringcenterswhichcouldassesthelevelofvulnerabilitytotheattackofthespecificenergyinfrastructuresites.2.Investineducationandtrainingofthepublicsectoremployeestoincreaseawarenessabouttheriskofcyberattacksandbeingabletoactagainstthemorminimizetheirimpact.3.Createsafetyguidelineswithinthegovernmentstructuresabouthowtoactwhenacyberattackissuspectedor/andwhenitisalreadyhappening,especiallyconcerningthemostimportantandvulnerableinfrastructureinthecountry.4.Investindomesticdataanalysissystemswhichwouldallowforthedigitalizationoftheenergysupplyanddemand,therefore,allowingformoreefficientandsustainableenergyflowsintheregionandensuringstabilityofthesupply.Līga:Formationofaspecializedsmallregionalsub-division/workinggroupwiththeprimaryobjectiveofaddressingthreatsregardingenergyinfrastructureandrespondinginrealtime,aswellasworkingcloselywithinternationalpartnerslikeNATO,tobenefitfromspecializedtrainingandensurepeakperformance.Specificsegmentsofthisworkinggroupcouldbeledbycountriesthathaveprovenexpertise,andhavethebesttrackrecordsandpracticalknowledgeinparticularfieldsthroughreal-lifeexperienceinspecificfields.Alongsidethesecountries,thewholeworkinggroup/division(allBalticSeaRegioncountries)developlong-termguidelinesandastrategyforunifiedapproachforregionalcooperationandcoordination.Indevelopingtheplan,theexpertiseandbestpracticalexperiencesofcountriesaretakenintoaccountandformulatedtobebroadlyappliedacrosstheentireregion.Theoverallstrategyaddressesareassuchas:●auditsonsecuritysystems●threatdetectionandresponsesystems●surveillanceandmonitoring(drones,sensorsetc)●international(NATOsub-divisions&others)andregionalcooperation●stafftrainingandjoint/simulationexercises●researchanddevelopmentcollaboration(creationofinnovativeenergytechnologiesandimplementationetc)●public-privatepartnerships(collaborationbetweengovernmentagenciesandprivatesector)amongothersBasedonthecompletedstrategy,eachcountryformulatesitsownspecificplanthatincorporatesitsspecificnationalcontext.Establishaspecializedregionalworkinggroupledbyexpertcountriestoaddressenergyinfrastructurethreatsinreal-time,collaboratewithNATOfortraining,anddevelopaunifiedstrategyforaudits,threatdetection,surveillance,andpublic-privatepartnerships,witheachcountryadaptingtheplantoitsnationalcontext.Establishaspecializedregionalworkinggroupledbyexpertcountriestoaddressenergyinfrastructurethreatsinreal-time,collaboratewithNATOfortraining,anddevelopaunifiedstrategyforaudits,threatdetection,surveillance,andpublic-privatepartnerships,witheachcountryadaptingtheplantoitsnationalcontext.Recommendation1:InordertoimprovetheresilienceoftheBalticSeaRegion’senergyinfrastructureagainstcyberthreatsandphysicalattacksthegovernmentsshouldtakeintoaccountthepotentialofrecenttechnologicaladvancementsintheareaandattempttoincreasetheircapacitiesintermsofcybersecurity.Consideringcyber-attacksonenergyinfrastructureincountriessuchasUkraine,andtherisingpossibilityofsuchincidentshappeningintheBalticcountriesfromamongothers,theRussianFederation,thereisaneedtoputimportanceonthefieldofcybersecurityandimplementsomeoftheenhancementmeasuresontheindividualstatelevel.Theseshouldincludethefollowingmeasures:1)IncreasingimportanceofthecybersecuritysectorwithineachcountrybymeansofcreatingseparatedepartmentsforexamplewithintheMinistryofInteriorAffairs.Withinthesedepartmentsmonitoringcentrescouldbesetupandresearchdoneconcerningthelevelofvulnerabilitytotheattackofthespecificenergyinfrastructuresite.2)Investingineducationandtrainingofthevariouspublicsectoremployeestobeawareoftheriskofcyberattacksandbeingabletoactagainstitorbeingabletominimizetheirimpacts.3)Creatingsafetyguidelineswithinthegovernmentstructuresabouthowtoactwhenacyberattackissuspectedtobeconductedor/andwhenitisalreadyhappening,especiallyconcerningthemostimportantandvulnerableinfrastructureinthecountry.Asthelevelofcybersecuritymeasuresdiffersbetweenthecountries,inadditiontotheabove-mentionedpoliciesthatshouldbedoneonthelevelofindividualcountries,thereisaneedforregion-widecollaborationinthisarea.NotonlywouldthistypeofalliancestrengthentherelationshipbetweentheBalticSeaRegion’scountries,butalsoitcouldinrealityenhancethesecurityofthewholeregion,positivelyimpactingthesecurityoftheNATOandEUmember-states.Thisisduetothefactthateachcountryfromtheregionhastheirownstrengthswhichshouldbesharedforthebenefitofregionalsafety.Therefore,thefollowingmeasuresareproposed:1)Asthemonitoringcentresintheindividualcountriesare/willbecreated,thecountriesfromtheregionshouldbeabletoswiftlyreceiveandsendinformationthatcouldbeconcerningtheirpartners.ThissystemcouldbebasedonsimilaronescreatedontheEUlevelinregardtoforexamplemigration.2)Allthecountriescouldinvestinthecreationofawidespreadpubliccampaign,whichwillnotonlyraiseawarenessofthecybersecuritythreatsamongthecitizens.Thiswouldresultin,ontheonehand,mitigatedrisksofindividualsfromthecountriesbeinginvoluntarilyinvolvedinthecyberattackagainstthestateinfrastructurebutalsopromoteCounciloftheBalticSeaRegionStatesamongcitizens.3)Furthermore,tocoordinatetheactionsandsharenewinformationregardingpossiblethreatsoremergingtechnologiesinthemosteffectiveway,regularmeetingsaboutthistopicshouldbeestablishedbetweentheBalticSeaRegioncountryofficials.Recommendation2:BalticSeaRegioncanleveragetechnologicalinnovationtoensureasecureandstableenergysupplybypromotingsustainablesolutionsandcreatingrenewableenergyhubs.ThisisacrucialstepinregainingtheindependenceoftheBalticSeaRegionintermsofenergy,andatthesametimefollowingtheclimatechange-relatedregulations,thusnotaffectingtheenvironmentinanegativeway.Therefore,thiscanbedonethroughthecooperationbetweentheregionalpartners,astheyarelocatedinawaythatsupportsthecreationofcommonenergyhubsconsistingofforexamplewindfarms.Furthermore,thecooperationshouldincludeanexchangeofinformationandpractices,thatwouldallowcertaincountriesfromtheregiontoincreasetheiruseofrenewableenergyandlimittheextractionofgasandcoal.Thereforethefollowingstepsshouldbetaken:1)Investingindomesticdataanalysissystemswouldallowforthedigitalizationoftheenergysupplyanddemand,therefore,allowingformoreefficientandsustainableenergyflowsintheregion.2)Digitalizationanddatasharingconcerningenergyflowsarealsocrucialinregardstomitigatingtherisksoflong-termblackoutsintheemergencysituation,thus,ensuringthestabilityofsupplyinthecountries.