Page 100 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 100
SECTION II: CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION
4 Why the South East European Countries Need to
Reconsider CIP and CIIP in the World of AI
The explosion of technological development, even without AI, urges political leadership,
strategists and security experts from SEE to reconsider CI and CII. The complexity and un-
predictability of the interconnected and interdependent security environment filled with the
AI systems race have dramatically stimulated the evolution of the classic approach to the clas-
sification of CI and CII (European Commission, 2020). There are several reasons why SEE
countries need to reconsider their approach to CIP and CIIP.
Defining what is considered as CI and CII is an unfinished job. Defining and designating what
is considered CI or CII is important in the operational (security) context, as well as in the
context of the law (The U.S. Congress, 1988, p 54). The concept helps to provide a framework
for better protection and regulation. The Internet of Things (IoT) trend is changing the reality
we know very fast (Bur, 2017). This is reflected in how we understand security and how we
approach protection. Hence electrical and nuclear power plants, chemical factories, and the
finance, health, food, and transport industries, along with government agencies, rightfully
deserve the “critical” designation. Nevertheless, there are other industries and services that
enable these critical infrastructure organizations to properly function. Incapacitating these
“enablers” could either slow down or prevent the effective functioning of the designated criti-
cal infrastructures. Therefore, in a world of constant and rapid technological change, minimiz-
ing vulnerabilities is a never-ending story (Ismail, 2018).
The alleged interference of Russian proxies in the US election is the best argument for this
thesis. After the 2016 presidential election in the US, the US Department of Homeland Se-
curity (DHS) designated elections systems as part of the US nation’s critical infrastructure.
At the time of the designation, then-DHS Secretary Jeh Johnson observed, “Given the vital
role elections play in this country, it is clear that certain systems and assets of election infra-
structure meet the definition of critical infrastructure, in fact, and in law” (The U.S. Election
Commission, 2017). Critical infrastructure is a DHS designation established by the Patriot
Act and given to “systems and assets, whether physical or virtual, so vital to the United States
that the incapacity or destruction of such systems and assets would have a debilitating impact
on security, national economic security, national public health or safety, or any combination
of those matters” (Patriot Act, 2001, Sec. 1016(e)). When the US DHS was established in
2002 and designated as the agency responsible for CIP, the institution developed the National
Infrastructure Protection Plan (NIPP). In addition to this, US Presidential Policy Directive 21
established the Federal Government’s “strategic imperatives” in its approach to the nation’s
critical infrastructure. Although these documents were established in a different time, none
of them mentioned the electoral system as critical infrastructure (The US Election Assistance
Commission, 2017a).
Knowledge is changing fast. Fuller estimated that up to 1900, human knowledge doubled ap-
proximately every century (Fuller, (1982). According to him, by 1945 it was doubling every
25 years, and by 1982 it was doubling every 12-13 months. Citing IBM, Marc Rosenberg
estimates that in 2020 human knowledge will be doubling every 12 hours (Rosenberg, 2013).
Thus, creativity in exploiting different tools for achieving different ends is constantly evolv-
ing. Terrorists surprised us during the 9/11 attacks and have literally “hacked” the security
concepts and understanding of homeland security. This was in terms of actors that could
100
