Technical assistance to the European investment Bank (EIB) to support its efforts to step up its contribution to Europe’s security under a new major initiative – European Security Initiative (ESI). The Bank is required to demonstrate EUR 2 billion per year of security related investments over the next three years (2018 – 2020) in key sectors such as energy, transport, water supply, health, financial institutions and markets infrastructure. The security related investments will cover various areas, including increased resilience and protection of critical infrastructure and essential services, protection of public spaces and increasing security of citizens at local level, support for Member States national authorities to face new technological challenges (such as blockchain, cryptocurrencies, AI), upgrading cyber and IT forensics capacity for both private and public actors, facilitation of exchange of best practices among security actors, investment to increase security of access at borders and infrastructure to support cross border cooperation among competent authorities (police, judicial, customs).
As part of its assistance to EIB we proposed an approach for identifying cybersecurity related investments for each project type in different sectors, prepared a report showing cybersecurity related components of investment projects and their costs, define the most suitable metrics, and default values of cybersecurity related investments for each project type in different sectors, and prepared a comprehensive report based on findings and conclusions.
Based on the outputs of the Assignments, the Bank will prepare a Guidance Note for Security Investments (‘Guidance Note’), which will serve as a tool for project promoters to assess which projects and which components of them will contribute to improve security at very early stages of project development. In this way, the Assignment is expected to allow project promoters to prioritize investments in terms of their contributions to improving security on a systematic basis. Besides being benefit of use for project promoters, it is expected that the Guidance Note will be useful for the financial institutions and other third parties.
The services we provided included undertaking a review of the Bank’s sectoral Notes that establish which types of cybersecurity related investments are eligible on the basis of the sectoral lending policies, refining the thinking/approach outlined in the Notes, based on the Service Provider’s experience in cybersecurity and propose an alternative approach if appropriate, quantifying cybersecurity related investments for each project type in different sectors and provide a methodology that could be applicable also to other financiers and project promoters, and confirm quantified figures through a targeted project promoter engagement, which will be managed by the Bank and by one or two other potential financing institution.