Page 112 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 112

SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        which, if disrupted or destroyed, would have a serious impact on the health, safety, security
        or economic well-being of citizens or the effective functioning of governments” (European
        Commission, 2004: p 3). Concerning responsibility for the protection of critical infrastruc-
        ture, we will refer to the Council of the European Union’s conclusion: “The primary responsi-
        bility for protecting critical infrastructures falls on the Member States, owners, operators and
        users (users being defined as organizations that exploit and use the infrastructure for business
        and service provision purposes). Member States authorities will provide leadership and coor-
        dination in developing and implementing a nationally consistent approach to the protection
        of critical infrastructure within their jurisdictions, taking into account existing Community
        competences. The responsibility for carrying out risk and threat assessments therefore lies
        primarily with the Member States” (Council of the European Union, 2007: p 2). According
        to the above, it is evident that the states are primarily responsible for protecting critical in-
        frastructure in collaboration with owners, managers and users, while the EU can help them
        coordinate all the processes. This is an important inference for subsequent discussion.

        Critical infrastructures possess, have in place, create and/or are exposed to certain security
        risks that are significant to their functioning or to the processes they enable. These risks may
        be natural (such as earthquakes, fires, floods, storms, ageing, climate change and the like);
        technical and technological (caused by processes and components in the operation of critical
        infrastructure); or intentionally or unintentionally created by humans (such as improper han-
        dling, theft, vandalism, sabotage, espionage, terrorism). Risks created by people with intent
        are called threats and can be internal and external. Internal threats are generated within the
        system being protected, while external threats are generated by attackers not directly con-
        nected to the critical infrastructure. This study generally focuses on the threats of terrorism,
        and specifically on cyberterrorism against critical infrastructure, regardless of its origin.

        Terrorism has many definitions, but for this paper we have decided to use the following one:
        “Criminal acts intended or calculated to provoke a state of terror in the general public, a
        group of persons or particular persons for political purposes are in any circumstance unjus-
        tifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic,
        religious or any other nature that may be invoked to justify them” (United Nations, 1994).
        For cyberterrorism, we use the straightforward and broad definition of the Merriam-Webster
        dictionary (2020): “Terrorist activities intended to damage or disrupt vital computer systems.”
        Therefore, cyberterrorism in this study represents an active threat and/or attack on the IT com-
        ponents of critical infrastructure to achieve specific political goals. However, there is a need
        to differentiate cyberterrorism from other forms of cyber-attacks to critical infrastructure and
        misuse of the internet for terrorist purposes. The main challenge of cyberterrorism is to prove
        a substantial political impact of the attack and an intention to provoke coercion against a state
        or international organization for individual political decisions.

        Of all the security risks and/or threats to the functioning of critical infrastructure, terrorism is
        one of the most significant. It is essential to highlight that although it is one of the most signifi-
        cant it is by no means the most important, to avoid the logic trap of sectoral experts who claim
        that the jobs they are engaged in are more important than others. Catherine De Bolle, Execu-
        tive Director of Europol, believed that: “In 2018, terrorism continued to constitute a major
        threat to security in EU Member States” (Europol, 2019: p 4), and for the Security and Intel-
        ligence Agency of the Republic of Croatia: “Terrorism is still the most prominent and the most
        visible threat to the international security and the security of European citizens” (2018: p 10).



       112
   107   108   109   110   111   112   113   114   115   116   117