Joseph A. Ghattas, Paris
Growing, challenging risks make evident that the EU needs a comprehensive security approach A governance platform for fighting security threats in a time of transformation
by Joseph A. Ghattas, Vice President, European Public Sector, CA Technologies, Paris
The European Union (EU) as a whole as well as its individual members face growing, challenging risks such as the increasing numbers of people seeking asylum, environmental disasters, terrorism, growing rates of cybercrime, cyber-attacks and increasingly interdependent critical information infrastructu - res. To cope with them, security and safety authorities on all levels must strengthen their collaboration and execute towards a common strategy. However, to achieve this a new quality of governance is necessary to plan, build and act on the fundamental steps to transform security and safety authorities into a new, more agile architecture. A critical success factor for this transformation will be a governance platform to accelerate the implementation of new functions and ensure operational excellence while mitigating risks and delivering verifiable value to the citizen.
A plead for a comprehensive governance platform As stated in the objective 3 of the Communication from the Commission entitled “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, security of IT networks is one essential factor for a well-functioning infor - mation society”. The rapid development and application of new information technologies has also created new forms of cri minal activity. Cybercrime is a global phenomenon causing significant damage to the EU internal market. While the very structure of the internet knows no boundaries, jurisdiction for prosecuting cybercrime still stops at national borders. Member States need to pool their efforts at EU level. The High Tech Crime Centre at Europol already plays an important coordinating role for law enforcement, but further action is needed.” A governance platform has to be an integrated solution that gives key stakeholders a real-time view into their organisation’s initiatives, resources and investments. It empowers them to improve decision-making, engage all government organisations − by bridging the gap between strategic planning and execution − and extend portfolio management across the administration. This platform not only improves governance practices and minimises risks, it also helps maintaining and extending the ability of action.
Striving for efficient use of resources The right governance platform creates a single source of the truth through which all requirements can be evaluated, prioritised and managed. This would give security authorities visi - bility in how resources should be used efficiently. Though there will be always some kind of unpredictability. Therefore it is impossible to achieve effective governance, security portfolio planning and risk management without seeing exactly how much and what type of work resources are allocated to. With such a solution it will be much easier to capture, classify, evaluate, and approve all the sources of a certain demand, so work can be prioritized and resources get allocated to the highest-risk threats.
How to conduct strategic planning Generally, a government’s goal should be to create a strategic plan to respond to all validated threats and safety demands and prepare for potential new threats. A comprehensive go ver - nance platform would enable such a strategic planning by: • Enabling the setting of strategic goals • Helping to identify investment areas • Creating an ongoing roadmap for transformation • Aligning administration portfolios with the government strategic and operational initiatives As an example, securing critical information infrastructures such as electricity generation, financial services, telecommunications and others requires a strategic approach to ensure effective operational coordination of all homeland security and cyber security organizations in the EU and its neighbors. To achieve this, capabilities and capacities as well as different skills and equipment have to be evaluated prior to handling critical situations. With that, all participating institutions would benefit as gaps and overlaps could be identified early and countermeasures could be taken proactively.
What the EU and Member States should achieve To execute on a common strategy, the EU and its members would need to increase their efforts on collaboration, eliminate redundancies and share best practices to bring optimal results from the most valuable asset − the staff. Another aspect of building a comprehensive security architecture is the evaluation of risks and investments associated to specific projects, missions or services. For security authorities contributing to a superordinate strategic plan, it is not enough to believe that its projects and services provide value. In fact, they must be able to effectively demonstrate that timelines and budget targets are met. However, even the best project plans are often derailed by unexpected risks and unresolved
issues. With the right project governance in place risks are captured, evaluated and scored, to focus mainly on those with the highest impact and probability.
The EU needs a commonly agreed security budget... Having cost, time and risk controls in place, the EU and its members will be able to adjust financial planning for all investments related to a common EU security architecture, whether they are individual services, shared services or simply assets.
These controls become even more important when requirements change over time. A good example is the increasing organised internet-based crime and cyber attacks. To counter this trend it is essential to have the right intelligence in place and to know on what level different security organisations across the EU can and should cooperate. A good starting point would be to have a commonly agreed security portfolio with a clear understanding of who is contri - buting to what. Based on a comprehensive governance platform it should be easy to achieve such a security portfolio mana gement for each and every contributing organisation allowing them to centrally manage the entire transformation at every key stage, including: • Defining the strategy and goals both in organisational and technological terms • Mapping the current and target state post-transformation • Establishing a transition plan and identifying the resources and costs involved • Managing the execution of transformation projects • Monitoring and reviewing progress both at a project and program level.
... to be prepared on new threats Fundamentally, how the EU and its Member States manage the planning and execution of the transformation of their security and safety authorities will have a direct impact on its success in facing new types of threats. An integrated Project and Portfolio Management approach will not only provide the insight and control needed to drive complex transformation programs, but will also crucially provide the flexibility to adjust plans as external and internal conditions dictate. With the right governance solution, security authorities can become true security service providers embedded in an EU security architecture.