Ensuring Compliance with the EU CER Directive: Protecting Critical Fiber Optic Infrastructure
The European Union’s cybersecurity directive (NIS2) became legally binding across all EU member states on October 17, 2024. On the same day, member states were also required to outline measures for implementing the Critical Entities Resilience (CER) Directive, which takes effect in January 2025. Operators of critical fiber optic networks must adapt to ensure compliance.
This article explores how thorough risk analysis, proactive risk-reduction strategies, and continuous effectiveness checks are pivotal to meeting these directives.
Key technologies like fiber integrity monitoring and physical threat detection will be examined, alongside real-world applications in wind farms and pipelines. The article will also outline how these solutions can extend to sectors such as perimeter security, offering actionable insights for operators to strengthen their infrastructure resilience.
Directives Demand Change
The CER Directive has been adopted by the European Union (EU) to enhance the resilience of critical infrastructure and entities that provide essential services. The directive was adopted in December 2022, requiring member states to enact national legislation before coming into effect in October 2024. The previous Critical Infrastructure Directive (2008) is now superseded as the new CER Directive reflects the evolving security landscape characterized by increased cyber threats, climate change impacts, and geopolitical tensions.
To fully address the resilience of those entities that are critical for the proper functioning of the internal market, the directive creates an overarching framework that addresses the resilience of critical entities in respect of all hazards, whether natural or man-made, accidental or intentional.
The directive applies to essential services broadly grouped into 10 key sectors, including energy, transport, banking, health, water supply, and digital infrastructure –ensuring these entities can withstand and recover from a wide range of disruptions. Its scope includes both physical and digital risks, emphasizing a holistic approach to resilience.
Key to the CER Directive is the requirement for member states to identify “critical entities” based on their significance to the functioning of society and the economy. These entities must conduct risk assessments, implement security measures, and report significant incidents to the relevant authorities.
The directive aligns closely with the EU’s Network and Information Security Directive (NIS2), ensuring an integrated approach to both physical and cybersecurity.
NIS2 is the EU-wide legislation on cybersecurity that provides legal requirements to enhance the overall level of cybersecurity within the EU. Coming into force in 2023 (member states had until October 2024 to transpose the directive into law), NIS2 replaces the earlier 2016 rules to reflect increased digitization and evolving cybersecurity threats.
By expanding the scope of the cybersecurity rules to new sectors and entities, NIS2 further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
Among its provisions, NIS2 mandates that member states have a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority. Similar to the CER directive, NIS2 promotes a culture of security across information-centric sectors that are vital for economies and society in general such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.
Fiber Optics are Critical to Infrastructure
Clearly, with the nature and amount of data they carry, fiber optic networks must be considered to be critical infrastructure for the purposes of both directives. This means that operators of these networks must embrace new measures and implement comprehensive risk management processes.
Primarily, this involves conducting thorough risk assessments, planning and executing risk-reducing measures, and regularly confirming their effectiveness. Wherever measures are found to be inadequate, additional steps must be taken to minimize any impact upon the economy or society.
Fiber Integrity: The physical integrity of the fiber is of prime importance, along with controlling access to the cable itself. Operators must be able to detect and localize fiber damage and / or breaks, and other incidents that could negatively impact operation. Many operators use an optical network monitoring system on their dark and lit fiber optic links. As well as assessing damage, the ONMSi system can also assess overall fiber health and monitor for degradation over time.
Maintaining fiber integrity also requires operators to restrict access to cables and identify any breaches. For this, passive, maintenance-free sensors are often used to monitor access points, manholes and distribution boxes to alert operators about any access – legitimate or unplanned / unauthorized. This approach to access monitoring can be implemented with the same fiber monitoring system and many consider this to be essential to meet the requirements of the directives.
Threat Detection: Ideally, potential breaches of any critical infrastructure will be detected before the cable is reached. Another area is of interest is physical threat detection for critical infrastructure. This entails real-time detection, notification, and location of threats, third party interference, perimeter intrusions, and anomalies anywhere along the infrastructure.
Fiber optic sensing technologies such as Distributed Acoustic Sensing (DAS) are valuable due to their ability to differentiate between various types of disturbances, such as mechanical or manual digging near cables. Additionally, DAS can be used for virtual fencing or to provide proximity alerts that will detect people or vehicles approaching infrastructure.
DAS technology is essential in ensuring regulatory compliance and operational security, mitigating the risk of accidental damage or deliberate third-party interference by identifying and pinpointing threats.
Besides the physical security, operators must be mindful of data integrity and network availability as well. While fiber optics cannot be ‘eavesdropped’ in the same way that copper cables can, there are still risks to data being disrupted or networks rendered unavailable. For any data network, accurate timing of clock signals and synchronization throughout the network are critical to ensure basic functioning and operation. Any disruption to the Precision Timing Protocol (PTP), or the timing (clock) information it distributes, can lead to data loss, disrupting a network and rendering it unavailable.
Techniques such as high-precision timing analysis and synchronization verification can prevent this loss of data and disruption of the network itself, thus minimizing failure risks and ensuring the reliability of critical communication systems. This verification is crucial for maintaining the integrity of modern communication networks, including 5G.
Critical Infrastructure in Real-Life Scenarios
Renewable energy installations, such as wind farms, are providing an ever-increasing level of electrical power. This will only increase in the future, making these facilities a crucial component of energy infrastructure. Ensuring the reliability and efficient operation of these installations is paramount, and fiber sensing technology is instrumental in day-to-day operation.
Using the unique properties of optical fibers, operators can detect changes in temperature, strain, and acoustic vibration (sound) along the length of a fiber. With these fibers already integrated into the infrastructure of wind farms the structural health and operating conditions can be continuously monitored remotely.
By requirement, turbines are located where wind is consistent – either remote onshore locations or, increasingly, offshore where they have to endure waves, tidal forces, tectonic activity, and corrosive saltwater. In either scenario they are connected to the main national power grid through array cables and export cables which are critical for getting energy to where it is needed. Techniques such as Distributed Strain Sensing (DSS) and Distributed Acoustic Temperature Sensing (DTS), or a combined temperature and strain measurement (DTSS,) monitor changes in strain and temperature to provide valuable data on the structural integrity of these cables, often allowing a repair or remedial action to be effected before a complete failure occurs.
By utilising fiber already embedded into or bonded onto those cables, DSS, DTS or DTSS can be used to monitor cable integrity, detecting issues such as depth of burial changes for underground cables, stress and strain due to movement or icing, mechanical damage, or thermal anomalies. Understanding cable temperature is also critical to optimise cable power transfer, too much power and you risk overheating and potentially melting cables, so operators use DTS to calculate the Real Time Thermal Rating (RTTR) of cables which enables them to maximise/optimise power transfer while preserving the operational life of the cables.
Offshore turbine power cables are also subject to some unique risks such as damage from ship’s anchors or fishing trawlers. Distributed Acoustic Sensing (DAS) can detect threats in the environment around infrastructure, like disturbances caused by fishing gear or ship anchors, providing proximity warnings and identifying potential risks. As this is done in real-time, operators can take immediate action to mitigate the impact, such as intercepting or rerouting vessels or triggering an investigation to identify which vessel was in the areas so that any damage claims can be made against the operator, cable repairs at sea can be a costly thing.
With the continuous data available on the condition of the turbines, cables and other aspects of the power infrastructure, operators can see change as soon as it happens and track any degradations over time. This allows operators to predict when and where maintenance is needed, preventing unexpected failures, reducing downtime and saving the significant costs associated with total failure.
Pipelines are equally critical in transporting energy in the form of a liquid or gas. Given the volatile nature of these substances, ensuring the safety and integrity of pipelines is paramount. Here also, fiber sensing technology offers unparalleled capabilities for real-time monitoring and early detection of potential issues. Recognizing the benefits of this technology, it has become mandatory to include fiber sensing for new pipelines and in some cases retrofitting the technology to existing infrastructure.
By embedding fiber optic cables nearby or attaching them to pipelines, operators can continuously monitor the structural health and operational conditions of these critical assets. A huge advantage of fiber sensing technology is the ability to detect leaks at an early stage using either DAS or DTS depending on what the pipeline is transporting. In some cases, a mix of both is used.
Unlike traditional inspections that require personnel and equipment to be transported to remote and often inhospitable regions, fiber sensing can be performed remotely. Additionally, fiber sensing is less likely to miss a small leak in the way that an engineer could.
Similar to power cables, fiber sensing can monitor any changes to the structural integrity of pipelines due to environmental factors, operational pressures, and aging infrastructure. It can also use DAS to detect unauthorized activities such as digging or tampering, thereby preventing sabotage and theft.
Regular monitoring and maintenance based on fiber sensing data can significantly extend the lifespan of pipelines. By identifying and addressing potential issues early, operators can prevent the deterioration of pipeline materials and ensure their long-term integrity. This proactive approach not only enhances safety but also maximizes the return on investment for pipeline infrastructure.
Conclusion
Fiber sensing technology is continually evolving, with constant innovation enhancing capabilities and increasing sensitivity. Most recently, technologies such as DAS have enabled even greater sensitivity and accuracy in detecting changes along pipelines and cables. Now, operators can differentiate between various types of disturbances, such as vehicle movements, manual versus mechanical digging, and leaks, offering a very comprehensive monitoring solution.
Fiber sensing technology is transforming the way we monitor and maintain remotely located energy infrastructure. Its ability to provide real-time, continuous data on the condition of assets offers significant advantages in terms of safety, efficiency, and cost-effectiveness.
As fiber sensing continues to advance, operators can expect even greater improvements in energy infrastructure monitoring and management thereby ensuring the integrity and longevity of critical infrastructure, safeguarding both the environment and their investments.
Douglas Clague, Solutions Marketing Manager - Fiber Optic Field Test – VIAVI Solutions.
