18 januari, 2023
EU Eastern Enlargement: Preparing for Current and Future Threats Through Inclusive Crisis Management and Resilient Critical Infrastructure
SCEEUS Guest Platform for Eastern Europe Policy No. 21
Russia’s invasion of Ukraine in February 2022 and the full-scale war that resulted, which will continue well into 2023, have led to a fundamental breakthrough in the readiness of the European Union to move the geographical parameters of enlargement eastwards. This geopolitical response by the EU is politically driven by an understanding that enlargement is an indirect way of stabilizing regional security. This attempt might fail, however, unless it addresses two essential elements of building and maintaining effective resilience at the state and cross-border levels. First, adequate preparation is required to react to old and novel threats based on a robust and inclusive crisis management mechanism. Second the approach should allow crisis mode operability based on the resilience of critical infrastructure in potential EU candidate states.
Introduction
Any objective assessment of the Russian aggression against Ukraine would conclude that the EU was not sufficiently prepared to prevent or respond quickly enough to the impact of the multiple crises unleashed by the war in Ukraine. The fighting has obviously had a devastating effect on Ukraine but there has also been a complex set of spillover effects on the EU’s other eastern neighbours and on the EU itself. While it is only fair to recognize that the EU has demonstrated how to adapt and establish different tools to manage the emerging crises, its response capacity was constrained by the lack of a “safety culture” in the decision-making process. In other words, in order to have solid reactive power (crisis management), it is essential to operate with strong risk assessment (anticipation) based on scenario building derived from a critical, inclusive, realistic and up-to-date praxis of risk and crisis management. If such tools have been dispensed with at the level of the EU member states, they cannot be incorporated into EU decision-making processes, including on existing and new candidate states.
While the focus of EU enlargement is on the quality of reform and transposition of the EU acquis, as well as other Copenhagen criteria, which are still important, current and future crises require more attention to security components, which should translate into efficient crisis management and resilient critical infrastructure. A greater part of political attention and financial resources must be directed towards endowing the two basic critical infrastructures – transport and energy supply – with a resilient capacity for absorption, recovery and transformation a prerequisite for flexibility. Approaches to these two policy dimensions should be proactive, ongoing in nature and based on strategic communication for accountability purposes rather than reactive, ad hoc and limited to communication to specific audiences and on a sporadic basis. These principles should be reflected in the recently launched Strategic Compass for Security and Defence, Directive on Resilience of Critical Infrastructure (CER) and Cybersecurity Directive (NIS 2), and applied to the Eastern Partnership Policy (EaP) beyond 2022. The same principles must be integrated into the enlargement process to strengthen not just democracies, but regional security.
Sound Crisis Management: An Inclusive Mechanism
Unlike their counterparts in the Western Balkans, which are mostly NATO members, the candidate states in the EaP region are recipients of security rather than providers of it. The EU should therefore be agile in using its policies to expand the geographical scope of its crisis management tools. This must be done at the level of policy and framework documents. It is not enough to discuss security issues at a high level, as proposed in the recent launch of the European Political Community, involving 44 states from across Europe. Existing platforms seem outdated in the light of current threats. The EU must make an inclusive and transnational crisis management process part of the Strategic Compass, the Eastern Partnership and the enlargement process.
Enhancing inclusiveness in crisis management could be implemented by adding a cross-border dimension (transnational) to the four pillars of the strategic compass: act, secure, invest and partner. Under the act pillar, defence-related exercises or mission deployments must consider potential developments in the countries of the EaP region that belong to the enlargement process in both the north (Ukraine and Moldova) and the east of the Black Sea (Georgia). The secure pillar, responsible for anticipation or risk assessment, should integrate the intelligence work of the EU (Single Intelligence and Analysis Capability) and the assessment of threats to and vulnerabilities of the EaP region, with a focus on the sources of threats (Russia, Belarus) and autocratic-leaning states within and beyond the region (Azerbaijan, Turkey, Iran and China). Similarly, distinctive knowledge of the region should be infused into the activities of the future hybrid toolbox and cyber diplomatic toolbox, and of response teams. Reviews of the invest pillar should include filling gaps related to the critical military and civilian capabilities of EU member states based on candidate states’ vulnerabilities, which can be identified by increasing defence and intelligence coordination. When it comes to the partner pillar, the EU can specify that tailored partnerships with eastern neighbours (mainly enlargement policy participants) should involve building inclusive crisis management capacities to deal with current and future threats.
In order to make crisis management more inclusive and therefore transnational in the context of enlargement, the EU should give permanent status to the participation of candidate states in Integrated Political Crisis Response (IPCR), along with the EU institutions and member states. This engagement would prepare candidate states to address, identify and report crises while they are still at the incubation stage.
In the case of the 2020 EaP policy, the resilience-oriented approach is incomplete without a crisis management mechanism as a means for identifying measures to improve resilience in the fields of the economy and the rule of law, as well as security, climate change, digitization and development. The development of crisis management skills is essential to the enlargement process to avoid setbacks caused by internal democratic deficiencies or interference from external actors. Candidate states that can participate effectively in cooperation with the EU on crisis management should also benefit from the performance reward mechanism available under the Instrument for Pre-Accession Assistance (IPA).
Investing in Resilient Critical Infrastructure: Preventing the Costs of Future Crises
Unlike the “soft” and “hard” public infrastructure responsible for maintaining a healthy economy and the physical infrastructure for a modern industrial economy, critical infrastructure is crucial to the functioning of the economy and the functioning of central government. Attention should therefore be paid to strengthening the resilience of critical infrastructure. In practical terms, this means establishing preventive measures during the “design, investment and construction” stages, taking account of potential risks and threats.[1]
To put the critical infrastructure at the centre of the enlargement process, it is necessary to discuss the timetable for implementation of the proposals in the Directive on Resilience of Critical Infrastructure and the Cybersecurity Directive, both of which were published as final drafts in 2022, designed for member states. The CER requires national strategies, risk assessment, identification of critical infrastructure and reporting of incidents. Critical Entities Resilience Groups will be set up to enable regular cross-border cooperation on infrastructure in 10 sectors, including transport and energy. Complementing the wide scope of the CER, NIS 2 covers cyber-defence aspects in more detail. NIS 2 also places more obligations on EU member states regarding supervision and enforcement requirements and establishes a Cyber Crises Liaison Organization Network (EU-CyCLONe). In the context of the sabotage of Nord Stream 1 and Nord Stream 2, there is an urgency about implementing these directives. Although the CER and NIS 2 directives are meant for the EU member states, they should be open to candidate states obtaining observer status in the Critical Entities Resilience Groups and EU-CyCLONe.
EU policies on the EaP region have additional potential to boost the resilience of critical infrastructure. In 2022, revitalization of the transport infrastructure between Ukraine and Moldova helped divert Ukrainian exports to global markets. The two countries were also synchronized with European electricity transmission systems in March. In December, the EU announced investment in the construction of a seabed power cable in the Black Sea connecting Georgia to the EU grid through Romania. These developments highlight the role of critical infrastructure in the connectivity between the EU and its neighbouring participants in the enlargement process. In order to serve in times of crises, however, which seem almost certain to multiply, the EU should use its EaP policies to make critical infrastructure resilient (absorb-recover-transform). This might require certain revisions of the “Recovery, Resilience and Reform: Post-2020 Priorities for an Eastern Partnership” package (worth €2.3 billion) and other EU policies dedicated to the EaP region to channel existing investment into prevention and preparedness.
Critical infrastructures, and their physical and digital characteristics, must be seen not just as prosperity-maximizing factors in the scaling-up process, but as potential security vulnerabilities. National infrastructure, and cross-border infrastructure in particular, must be designed in such a way that allows resilience as and when necessary.
Recommendations
- Make the EU’s crisis management more inclusive in the context of enlargement. The EU should make permanent the candidate countries’ participation in Integrated Political Crisis Response (IPCR). These interactions would help to prepare the candidate countries to deal with crises at an early stage. They would also increase the EU’s anticipatory capabilities by integrating intelligence from neighbouring regions into the risk assessment process.
- Build resilient cross-border critical infrastructure as part of the accession dialogue. Gaps in critical infrastructure or weakened infrastructure cause the state to lose reliability. Making preparations so that critical infrastructure can continue to function and recover in the event of a crisis must be at the heart of the accession process. Assessments of the robustness of critical infrastructure should be carried out before and during the opening of the corresponding chapters, paying particular attention to the cross-border implications of critical infrastructure. Pre-accession funds and post-2020 investments allocated to the EaP region should serve to equip cross-border critical infrastructures with resilience capacities.
- Disseminate the EU’s crisis management and critical infrastructure policies to candidate countries. Even if not as full implementers, then at least as observers, the countries involved in the enlargement process should participate in the EU Strategic Compass, and be part of the CER groups and EU-CyCLONe initiatives. If implemented in a timely and comprehensive manner, the infusion of inclusive crisis management and resilient critical infrastructure into the (pre-)accession dialogue will improve the security environment in the EU’s eastern neighbourhood.
[1] Alessandro Lazari and Robert Mikac (eds), The External Dimension of the European Union’s Critical Infrastructure Protection Programme, CRC Press, 2022.
The Security Dilemma of the Eastward EU Enlargement