Page 104 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 104
SECTION II: CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION
the general security sector (law-enforcement), including a focus on CIP and CIIP, has been
driven by the EU CSE framework and other relevant EU policies. Even now, put into the con-
text of AI, as we have seen, the EU is refraining from considering the security implications of
AI, while NATO debates are more open to exploring the effects of AI systems, including as a
weapon. Although this may not look important at first glance when operationalizing different
standardizations, and different legal approaches producing different prioritizations, risk as-
sessment matrices, structures, and legal frameworks, this type of difference is well known in
the fight against terrorism vs. global war on terrorism, as well as in the cyber domain.
Secondly, most of the current crisis management postures (usually leading the CIP and CIIP)
have arguably proved incapable in practice. Specifically, EU and NATO integration has
helped the SEE countries to migrate from a total defence concept to a crisis (emergency)
management concept under the democratic construct. The problem, however, is that recent
natural disasters and migrant crises have shown that the crisis management sectors in most
of the SEE countries rely heavily on the defence sector (the armed forces to be more precise)
(Pirovska, 2018). This means that in many cases and to a certain degree these sectors have
been developed on paper or just because the “EU and NATO told us so”.
The changed security reality, with the geopolitics heavily in place and the world of AI systems
capable of raising asymmetric, cyber and hybrid threats to a new hyper level, urges the SEE
leadership to seriously reconsider the CIP and CIIP sectors.
5 Some Recommendations for a Better CIP and CIIP
Approach in the World of Hyper Threats
To effectively cope with the ongoing trend of hyper threats, the SEE leadership needs to start
talking openly about AI systems and the geopolitical interplay in the context of effective CIP
and CIIP. Understanding the strategic importance of defence in the changed security environ-
ment, the new EU Commission President, for example, has urged for a “geopolitical commis-
sion” and “technological sovereignty” for the Union in strategic sectors (Koenig, 2019). More
than 30 countries around the world have already published their national AI strategies (Dut-
ton, 2018). Following behind what other EU and NATO members did may have been accept-
able in the past, but not anymore. Both internal EU fatigue and the unfinished (and now even
more complicated) business of integration on the one hand and the NATO internal struggle on
the other (Rizzo, 2020), are leaving no other options for the SEE leaders.
A strategic update and, consequently, profound changes in the SEE organizational, operation-
al and cooperation framework in the context of CIP and CIIP may be inevitable. On 14 No-
vember 2019, the EU Institute for Security Studies (EUISS) and the Finnish Presidency of the
Council of the EU co-organized a conference in Brussels on EU-NATO relations and Artificial
Intelligence, where experts concluded that while “the exact impact” of AI “…remains unclear,
there was consensus that AI-enabled systems would inevitably transform defence across the
board” (The EU Institute for Security Studies, 2019). Furthermore, given that national de-
fence and security is not the main driver of the development of AI, there are concerns about
the erosion of the national military and security ability to maintain its technological edge and
ensure the uptake of its concerns by civilian developers. The former US Secretary of Defence,
James Mattis, during the announcement of the US National Defence Strategy, underlined that
104
