Page 102 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 102

SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        to SEE cyberspace or CII in the region of SEE will need an update (Follath & Stark, 2009).
        The disappointment of the Ukrainians in 2016 in US-supplied drones (Stewart, 2016), or the
        ransomware or supply chain-based attacks on key personnel that manage CIP or CIIP, are just
        some of the examples of how the threat vectors evolve. However, wait for it; the biggest, the
        fastest, the unexpected, something which goes beyond is yet to come.

        Artificial intelligence applications turned into systems are a threat to CI and CII. The United
        States Department of Defence (DoD) has forged innovative uses for AI in defence and secu-
        rity. Initially, AI was used to assess the readiness of military vehicles or to identify insurgent
        targets. Today, these efforts have shifted into a higher gear under a US strategic initiative
        focused on harnessing AI to advance security and prosperity (HPC, 2019). At the same time,
        these advantages have started to become a liability.

        It is true that currently most of the digitalized supervisory of the CIP or CII in the SEE countries
        is separated from the internet. Nevertheless, the Stuxnet incident proved that this separation is
        not a solution. Analyzing potential threats from Russia to the US electric power grid as CI, Ian
        Fitzgerald observed that security experts can no longer rely on traditional methods of intrusion
        detection (Fitzgerald, 2019). Giving the example of a coordinated cyber attack from staging
        targets (smaller companies or a start-up that at some point work for the energy sector) to the
        designated attack targets (companies that generate, distribute and transmit electricity), he argued
        that traditional cybersecurity can eventually be hacked. His argument was that AI systems need
        to replace humans. While this is possible, the potential to hack these systems is open.

        For example, the US Army uses facial recognition to train AI. However, assessing potential
        vulnerabilities has, at the same time, pushed the US Army to seek solutions. Backdoors into
        facial recognition AI platforms, specifically, are a real worry, as if they were compromised it
        could set off a chain reaction in which AI learning could be corrupted (Osborne, 2020).

        On the other hand, some of the emerging strategic actors in the region of SEE, such as China
        or Russia, are heavily involved in this race. Its challenge straddles the boundaries of ethics
        and legality to security and existential issues and challenges. It is already known that China
        has less ethical and legal sensitivity in trading security for privacy. China’s determination to
        become a world leader by 2030 is no longer a secret (Triolo et al., 2018). In this line, China
        has already proved skilful in using the private sector to achieve strategic ends via cyberspace.
        China’s efforts to develop complex sensor networks in the private sector with disrupting po-
        tential for the military domain raise concerns in the context of CIP and CIIP for two reasons
        (Jans, 2018). Firstly, because as in the context of nuclear, chemical and biological weapons,
        these means (weapons) are desirable to terrorists. Secondly, there are no technical and legal
        standards for AI systems such as heavy regulations of the nuclear, chemical and biological
        sectors. Russia also wants to exploit the disruptive potential of AI. The Russian President,
        Vladimir Putin, has already declared that the competition is ongoing by saying: “Whoever
        becomes the leader in this sphere will become the ruler of the world.” A swarm-based attack
        led by an AI system starting from staging targets (small companies based in SEE, and related
        to both the defence industrial complex in the US and acting as a service provider for a critical
        sector in SEE) is inevitable. Moreover, in this interconnected and interdependent world, the
        existing allied platforms that utilize AI to protect CI or CII could become a problem and a li-
        ability to the SEE CI and CII, which leads us to the next important reason for considering AI
        as a source of a “hyper” threats to SEE CI and CII.



       102
   97   98   99   100   101   102   103   104   105   106   107