Page 103 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 103
METODI HADJI-JANEV: HYPER THREATS TO CRITICAL INFRASTRUCTURES IN THE REGION OF SOUTH-EASTERN EUROPE:
A WAKE-UP CALL FOR SOUTH-EASTERN EUROPEAN LEADERSHIP
AI systems will eventually be implemented and will drastically change the approach to CIP
and CIIP. Although AI applications and systems are, to a certain degree, science fiction in the
SEE CI and CII, SEE strategists need to begin to develop concepts that will embrace AI in
the process of CIP and CIIP. Many have already argued that AI will profoundly change the
organizational planning and coordination of security. The AI systems’ ability to fix disruption
of decision-making processes by their enormous speed of development and their ability to
learn fast and adapt is a desire for more efficient and up-to-date CIP and CIIP. Fitzgerald’s
example is relevant in this context: “Using AI or machine learning to determine network
baselines, even as those baselines shift, allows Chief Information Officers - (CIOs) to iden-
tify model breaches based on abnormal user behaviour”. The US Department of Homeland
Security has piloted AI tools for detecting cyber-network intrusions and malicious activities
as a replacement for human intelligence and a quest for more efficient protection of its CII
(Berteau, 2018).
Given the Euro-Atlantic agenda of all of the SEE countries, it is important to mention that
both the EU and NATO have recognized the potential of AI and have decided to tackle this
issue. In 2018 the European Commission put forward a European Approach to Artificial In-
telligence and Robotics (The European Commission, 2018). It deals with the technological,
ethical, legal and socio-economic aspects to boost the EU’s research and industrial capacity
and to put AI at the service of European citizens and the economy. The EU believes that an
“anticipatory approach is needed to deal with AI’s transformation of the labour market. It is
necessary to modernize Europe’s education and training systems, including up-skilling and
re-skilling European citizens” (The European Commission, 2018). Although the EU does not
consider AI in a security context, some of its Member States have already developed strate-
gies (the French one being the most notable) (Villani, 2018), and the EU believes that new
legal and ethical questions should also be considered.
NATO has not dedicated a special summit to the issue. However, the Allied Command Trans-
formation has initiated a series of debates and has considered the willingness, ability, and
means to deploy cutting-edge technologies, AI chief among them (NATO ACT, 2019). While
it is true that all of the SEE countries follow either EU or NATO guidance in the security
context, there are two issues for the SEE states in the context of CIP and CIIP: first, there are
no EU or NATO guiding standards for these infrastructures, and second, the protection itself
depends on the Member State’s capabilities.
The strategic and operational approach to CIP and CIIP and cybersecurity strategies may
be outdated and needs improvement. Rapid change and development in security as well as in
technology unequivocally dictates that the current approach, both from the security aspect to
CIP and CIIP and in national cybersecurity strategies, needs an update. While it is true that
there are strategies in place that cover CIP or CIIP in all the SEE countries, there are two chal-
lenging facts that require attention.
Firstly, strategic approaches among the stakeholders differ, and when put into practice, i.e. op-
erationalized, they give different results and outcomes on the ground (when effective protec-
tion needs to be implemented in terms of procedures, tactics, and techniques). Regardless of
the different views on whether the EU Common Security and Defence Policy is a competing
framework for NATO membership of the SEE countries, one thing that is clear is that NATO
integration dominated changes in the SEE defence sector (Valášek, 2018). On the other hand,
103
