From the taxonomy of threats to the definition of energy security

In numerous definitions of energy security, an approach, which emphasises the importance of continuity of supply dominates. It takes into account the need for diversification and signals the necessity to protect the environment and keep energy costs under control. Noticeably, energy security is not only an issue of the state in strategic dimension, but it also embraces the management issues that can be comprehensively described through a classical, multi-level management approach using: strategic and operational levels. Furthermore, security in the dimension of needs is a response to threats. Therefore, the taxonomy of threats concerning the energy sector facilities may be useful in defining energy security in terms of management. This article is an attempt to define the features of energy security as a response to threats, within strategic, operational and tactical dimensions. The proposed herein approach aims to manage energy security in the scope of a diagnosis, an assessment, and taking action, as well as monitoring the current state.


INTRODUCTION
The definition of energy security in the Energy Law states that it is the state of the economy that covers current and long-term demand for fuels and energy in a technical and economically justified dimensions, while preserving environmental protection requirements [27, art.3 pkt 16]. In the draft on Poland's Energy Policy until 2040, an added explanation states that ... this means current and future-oriented guaranteeing the security of raw materials supply, generation, transmission and distribution, that is, a full energy chain [18,6]. In the author's opinion, such a general definition is adequate for the strategic level of country policy formulation in the 20-year forecast. It reflects essential elements of security, that is, the importance of continuity of supply and future prospects as well as consideration of technical, economic and environmental conditions. It also confirms the complexity of the problem for which only a general definition can be both concise and correct.
Energy security is a multidimensional issue. The energy sector essentially includes companies from the fuel and energy sectors, which deal with the supply of fossil fuels (oil, gas and coal), their processing into energy, heat and transport fuels, and then distribution to final consumers. Each of the functions: generation, transmission and distribution is carried out according to the specification and conditions that reflect the size of production, technical and technological issues and logistics. Therefore, the detailed concept of energy security, understood as covering the demand of consumers for fuels and energy, will likewise be more diverse. Because the structural and organisational complexity of the fuel and energy system overlaps with various threats and risks, which for the security, seen from the perspective of dynamic processes, are management challenges -from the national and administrative perspective. The most important challenge is to ensure the effectiveness of activities that limit the risks and minimise the effects of incidents and crises. Security as a state of confidence and risk-free 2(p14) is associated with the elimination and reduction of risks. It is natural to reach for risk management methodologies as well as experiences and practices in the field of crisis management 2 .

ENERGY SECURITY AND MANAGEMENT
In the model approach to energy security presented in this article, which is based on hazard analysis, one can differentiate a method of conduct depending on the level of assessment and time perspective, indicating the strategic and operational levels 3 .
In the energy sector, the strategic level covers a time perspective exceeding 15 years. Nowadays, in most areas of economic activity, such a long economic forecast is risky, because of global economic and technological megatrends; the period of strategic planning is gradually shortening. In the fuels and energy sector, where costly technical infrastructure, whose life cycle is several dozen years, it is essentially still common to plan for at least 15 2 The scope of crisis management is regulated by the specified Act [28]. 3 In the literature, the management is divided into three levels of planning, .for example [26,170] indicates the following perspectives for formulating goals in planning: strategic level -for long-term goals, lasting three to five years; tactical level -for medium-term goals, from three to five years; operational level -for short-term goals, up to a year. Similarly [7,[206][207][208][209], indicates about strategic, tactical and operational plans in the organisation, he also draws attention to plans: long-term, medium-term, short-term, which coincide with the previous classification, adding plans: actions and responses. In the presented approach, the division into two levels was assumed, namely, strategic and operational, which is also confirmed in the literature, for example [25,265].

75.
years in advance. More so, the governmental strategic documents are in principle related to plans for a period exceeding 20 years [14], [18], [19] and in such a perspective, the demand for fuels and energy as well as energy mix 4 are forecasted, the strategic directions of the sector's development are indicated 5 , including specific investments, for example, new generation capacities, development of the nuclear program, etc.
Management at the operational level is characterised by a five-year planning forecast. In addition to executing management responsibilities, the problems of continuity of supply, contracting and maintenance of fuel reserves, management of technical infrastructure, and forecasting of energy and fuel demand are considered. Operational management from the perspective of an organisation, that is an enterprise, includes standard management of current activities, including actions in a crisis response mode when sudden disturbances occur.

Contracts
The increase in fuel prices Administration An environmental requirement that involves investment Technique Technical failures, accidents The energy sector is one of the most important critical infrastructure systems, that is, the system of energy supply, energy raw materials and fuels. Critical infrastructure operators in the scope of security arising from the provisions of the Act on Crisis Management [28] and the National Critical Infrastructure Protection Program [20], for which the Government Centre for Security is responsible, are required to: -prepare and implement, in accordance with the anticipated threats, plans for the protection of critical infrastructure and maintenance of own reserve systems, ensuring security and maintaining the functioning of this infrastructure until its full restoration, -appoint a person responsible for maintaining contacts with relevant entities in the area of critical infrastructure protection, -immediately forward information on terrorist threats to critical infrastructure to the head of the Internal Security Agency -cooperate in creating and implementing the program [20,16].
In protection plans, it is necessary to estimate the risk of disruption of the critical infrastructure system caused by destruction or disruption of critical infrastructure (collecting information necessary to identify threats, determining the consequences of disruption of critical infrastructure and determining the sensitivity of critical infrastructure system [20,19]. The Critical Infrastructure approach involves a new way on crisis management in Poland resulting from the separation of key services that are generally delivered using several critical infrastructure systems. The description of a key service contained in the Act on cybersecurity stresses the importance for maintaining critical social or economic activity, but does not define it explicitly, and refers to the list of key services [4, art. 2 pkt 16]. The list of key service providers in the fuel and energy sector includes electricity (generation, transmission and distribution); petroleum (refining, production and distribution of fuels, transmission and storage); gas (suppliers, processors, distribution, transmission, storage, LNG system operators) [12,19].

CURRENT METHODS OF ENERGY SECURITY ASSESSMENTS
We shall look at currently used studies and methods of energy security assessment, taking into account the management levels. When reviewing the state of energy security, we can distinguish: -strategic plans that use: scenario analyses, modelling using energy economics tools, optimisation techniques -used in defining development scenarios, for example, according to economic criteria. They are used to assess future trends, hence, they must consider forecasts; -indicators: applicable to the general characteristics of the sector based on statistical data; characterising the market, for example, market concentration indicators. They are used for rankings and summaries as they allow for comparative assessments. They are focused on past assessments and long-term observations that allow the identification of trends and evaluate progress. As for the number of indicators themselves, B.W. Ang et al stated over 200 energy security indicators identified in the literature [1,1084]; -multidimensional assessments that take into account several dimensions of energy security. Individual dimensions are aggregated into one indicator or presented as a set, they concern technological aspects, energy and energy efficiency, economic, political, environmental ones, including emissivity (CO2); -quality indicators: related to the quality of energy supplied, for example, SAIDI and SAIFI indicators used by the transmission and distribution network operators of electricity 6 .
It should be recalled here that the market regulator, that is, the Energy Regulatory Office, is responsible for monitoring the state of the market, including recording supply disruptions and monitoring the state of energy security. In the technical dimension, it is necessary to emphasize the importance of functioning technical standards and procedures, with the role of the Office of Technical Supervision (Urząd Dozoru Technicznego) and certification and professional qualifications systems.
At the beginning of the first decade of the twentieth century, the following classification of threats (national security) was formulated: objective (political, military, economic, social, ecological), the consequences of threats (physical, psychological), sources of threats (natural, technical, political, demographic, ideological, economic, educational, psychological, cultural and other), environment (natural, social, political, economic, scientific and technical), the range of threats (global, continental, regional, local), the scale of threat (global, international, state, administrative unit), places of threats (internal, external), dynamics of development (dynamic, creeping), character of social relations (conflictual, non-conflict) [8]. B. Johansson emphasized that the energy system can be both exposed to risks (lists security of supply and demand) and can pose risks [gives three categories of risk: 1) economic and political; 2) technological; 3) environmental)] [9,200]. In the context of crisis management, due to the source of threats, one finds the following systematics of threats: of a natural characteristic, of a technical nature (accidents, technical failure, contamination, degradation, fires, disruptions, failures), socio-economic (globalisation, crime, riots), political, financial, deficit, military.
In the literature on crisis management, contemporary threats include: -natural hazards -including hazards caused by factors and forces and natural phenomena [6,83], -technical hazards -related to human activity, scientific and technical progress and the degree of civilization advancement of society [6,90], -socio-economic threats -covering such social and economic phenomena which in the existing situation of the country disturb the social order, that is, the principles of harmonious organisation and functioning of collective life [21,[23][24][25][26][27][28][29], concern the issues of production, exchange and the type of various goods in the country and their rational management, -military threats -understood as a specific system of political and military events, as a result of which the conditions for a stable state and development of the state may deteriorate, violate its sovereignty and territorial territoriality as a result of the opponent's military actions [13,616].
In addition to the listed threats, which are known, new ones are emerging. For example, external threats, which are difficult to define, Pawłowski J. describes them as follows: Nowadays we are witnessing a rapid, accelerated information potential. Modern means of reconnaissance, communication, combats, automated and computerised command systems, etc. cause revolutions in the art of war; they change the battlefield (...) it means a departure from the theory of mass, direct, destructive fights and operations of compact army groups, more sophisticated conceptual and flexibly carried out indirect (asymmetrical) and manoeuvring actions using information operations. In combination with political and military pressure, actions in cyberspace, violations of international law and norms, blackmail and economic and economic sanctions, destabilisation of the internal constitutional order, including the arousing of ethnic and nationalistic nationalisms and radicalisms, as well as secret military support and diversionary activities -sabotage -these elements make up the concept of the so-called a hybrid war or a fourth-generation armed struggle [17,[23][24].
On the other hand, threats related to climate change, without entering into the essence of the discussion as to the anthropogenic nature of these changes, are so recognised that many countries, including Poland, have developed strategies for adopting and are adapting to climate change, for example [3], [15], [16], [29].
The typology of threats to national security presented below [8, app.5], defines the classification criteria and assigns to them types of threats. Sample criteria: -subjects (political, military, economic, social, ecological), -the consequences of threats (physical, psychological), -range of threats (global, continental, regional, local), -dynamics of development (dynamic, creeping).

A CYCLICAL MODEL OF ENERGY SECURITY MANAGEMENT PROCESSES
Taking into account the achievements of management and security sciences (crisis management, risk assessment), which can be an inspiration for the fuel and energy sector, it can be seen that, firstly, risk assessment methods are available and are practised in other sectors (banking, crisis management) and have been checked and standardized (ISO standards). Secondly, there is a crisis management system in Poland that is civil (public crisis management) and uses analytical and planning methods. Thirdly, there is a coherent national 79.
system of critical infrastructure protection in Poland, and its operators have planned responsibilities, taking into account the interdependence of generic systems, the importance of which is reflected in the identified key services. Therefore, it is reasonable to consider attempting to utilise crisis management methods in managing energy security.
In order to describe the approach to managing energy security in the convention of crisis management and risk management, one can assume the following assumptions: -for strategic and operational planning, consistent but different goals are defined, -the approach should be futuristic, that is, based on experience and knowledge about the past, for the assessed condition -indicate the actions to be taken, -should be a cycle 7 , which illustrates the process approach to management.
The proposed approach -a cyclical model of energy security management processes (Figure 1), is characterised by the following features: -a dynamic approach that results from reacting to a changing state of energy security and constructive -it is not enough to assess the state of security, the diagnosis should be an integral part of the management processes and the starting point for planning activities, -differentiation of planning levels, -recognises safety management as a cycle of hazard identification processes, risk assessment, action planning (including security), monitoring and systematic reviews.
As part of the cycle, coupled response cycles are implemented, it is implemented using plans, as a result of the signal from the monitoring processes.
In a model cycle of energy security management (Fig. 1), the crisis management convention was used, consisting of the sequence: hazard analysis, risk assessment, planning, response, risk monitoring, systematic review; in which strategic and operational response was distinguished. Strategic response is carried out in the cycle: risk -> response -> planning. For operational response, in the crisis management mode, the following cycle is performed: monitoring -> operational response -> planning.
National institutions and organisations involved in the cyclical model of energy security management processes (Fig. 1)  Threats: for example in the form of directories. One can successfully use existing standard catalogues, as well as analytical work, for example, the National Critical Infrastructure Protection Program, National Crisis Management Plan, Safety Status Report.
Risk: The assessment is related to the identified threats, and many normative documents are used, as well as methods and approaches, for example [10], [11], [22]. Planning: At the strategic level, it will be the country's policy (PEP 2030, PEP 2040), for enterprisesthe strategies of capital groups. The operational levels relate to the required statutory CI protection plans and rescue plans for crisis management. The operational level refers to maintenance instructions and detailed technical guidelines.
Monitoring: Includes state assessments and monitoring of the situation at the national level (uniformed services, strategic analysis offices, for example, those working on the Chancellery of the Prime Minister, or National Security Bureau, and the academic community). Enterprises operate independently, in particular by monitoring the market situation. The operational level refers to the technical efficiency of the equipment, including renovation planning.
Systematic review: Refers to the updating of planning documents. Strategic response: Has the dimension of updating plans, correcting assumptions and forecasts.
Operational response: Involves emergencies, including those requiring urgent response.
Identified risk factors can be imposed on the standard risk matrix presented in the convention of the urgency of action, which indicates the priorities of energy security measures (Fig. 2).

Fig. 2. An example of using a risk matrix to assess priorities of actions
The risks selected in the proposed convention must be subject to the analysis of risk acceptance criteria. In the classic approach to risk assessment for crisis management [22,[188][189][190][191], the category of activities is determined by the vulnerability. In the area of energy security, in particular, at the stage of creating security, an important place is the assessment of the consequences of risk materialisation and the search for an economical security optimum.

SUMMARY
In the author's opinion, the current definition of energy security, considering the supplement included in the PEP 2040 project, is sufficiently accurate (contains references to continuity of supply, time perspective, technical, economic and environmental conditions), although, overall, it does not distinguish between types of fuels and energy and does not define and therefore in no way determines the energy mix.
Looking at energy security from two perspectives, which the state is able to control: 1) continuity of supply (strategic contracts) and 2) technical infrastructure (control over operators and market regulation), it is worth adopting a point of view of the sector functioning as technical infrastructure. We can see here the evolution in crisis management, which involves the interdependence of critical infrastructure systems, expressed by key services introduced by the Cybersecurity Directive 5 . In this sense, the energy system is fundamental to other systems. Risk assessments require the extension of the viewpoint from the object and system to interdependent systems acting as cooperating and thus interdependent network structures.
The proposed descriptive definition of energy security in management terms, or rather in terms of features and actions to be taken into account includes: -component processes: hazard identification, risk assessment, planning, monitoring, review and response, -cyclical course as a response to the changing circumstances of security management as a cycle of hazard identification processes, -full scope of managementit is not enough to assess the state of security, the diagnosis is an integral part of further processes and a reference to the actions taken, -differentiation of planning levels.
The approach described is a cyclical model of energy security management processes. The presented directions of crisis management evolution also referred to as energy security, indicate that basic research in the field of interdependence of critical infrastructure systems in the perspective of security of key services delivery is gaining importance. Research is also needed in assessing the impact of supply disruptions, both economically (disruption of supply costs) and non-economically (intangible losses, as a materialisation of health threats). Such knowledge is needed to make decisions as to further actions for the identified risk, and in the risk assessment methods, it is determined by the risk management criteria.