CEN just published two CEN workshop agreements: CWA 18028:2023 and CWA 18024:2023. These documents were developed by CEN/Workshop IPCI (Improvement of information processing in crisis management of critical infrastructures for computer assisted data gathering, display and reporting) based on the results of a standardization gap analysis and resulting pre-standardization activities promoted by STRATEGY project funded under the EU Horizon 2020 program.
Both CWAs are available for free download in the CEN-CENELEC CWA download area. Their aim is to address existing standardization gaps that were identified through desk research and consultation with end-users, to improve crisis management and the resilience of critical infrastructures. The documents have also been recently included in the standardization section of the EC-JRC Critical Infrastructure Resilience Newsletter issued in November 2023.
More specifically, CEN/CWA 18028:2023 aims to improve standardized formats and protocols for electronic messages transmitted during crises involving critical infrastructures. This CWA specifies a mechanism for defining the meaning of all data contained in an electronic message, including data from sensors, with a semantic layer implemented as a namespace compatible with the currently applicable references analyzed also in the document.
The use of this semantic layer will enable command-and-control centres to add new types of sensors which can be automatically recognized by the system, thus reducing the delays and costs for adopting new detection technologies. Additionally, CEN/CWA 18028:2023 evaluates the suitability of OASIS EDXL-CAP and EDXL-SitRep standards for the automatic processing of information and generation of situational reports during a crisis, considering the aspects of information exchange in CEN/CWA 17356:2018 and the information required to support the operational needs of responders.
The second CWA, CEN/CWA 18024:2023, aims to close the existing gaps in incidents that affect critical infrastructures (CI) are reported to competent authorities or any other interested party. It does so by defining the standardized content for the information to be displayed in different incident report types: for instance, data related with the identification of the user and the incident, incident description, the risks and impacts on the affected CI and interconnected ones, and the actions to reduce the impacts and restore the services and the resources used. The CWA also includes, in the informative Annex A, a template structure for the information and examples for three report types.
The use of standardized and structured information for notification and reporting will improve situational awareness, thus allowing a more efficient response and the restoration of essential services, particularly in case of cross-border crises when sometimes different approaches may cause confusion or conflict among responders. CWA 18024:2023 is being considered as the basis for a future European Standard, that could be a supporting tool for all EU Member States to convergently implement Directive 2557/2022 -article 15 Incident reporting.
The CWAs were developed by CEN/WS IPCI with the participation of more than 40 stakeholders from command-and-control centres, academia, research institutes, industries, critical infrastructures’ operators, thematically related EU R&I projects, international consortia and first responders from several EU Member States. Besides the broad participation and consensus among relevant actors in critical infrastructure resilience, both documents were tested and evaluated in Table-Top Exercises and Full-Scale Exercises organized within STRATEGY project, providing valuable input for the drafting of these CEN deliverables.