ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ:  CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
                                      COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK

            This brings us to the final limitation, also partly related to the subtitle, which represents a di-
            chotomy in the implementation of official policies and operational activities from Brussels to
            South-Eastern Europe and back. Countries in the EU and those seeking full membership are
            aligned with Brussels’ guidelines in the area of protection of critical infrastructure and the is-
            sue of cooperation in the prevention and fight against terrorism. The challenge is that although
            Brussels (where all Member States are represented in the development of policies adopted in
            Brussels) sets development guidelines in both areas, it cannot affect the implementation of
            Member States’ national policies, much less those of non-members. As critical infrastructure
            and the issues of preventing and combating terrorism are areas of national security in each
            country, the countries themselves decide on their level of cooperation with other countries and
            with Brussels. Concerning Brussels itself, the multiple capital city, although both organiza-
            tions (the EU and NATO) are based in Brussels and have their own policies and coordination
            mechanisms for critical infrastructure protection, we have pragmatically decided to consider
            only activities that come from the European Union, because the role of NATO is much smaller
            in this area. Likewise, we consider this area to be a predominantly civil matter, and we will
            consider it as such. We do not dispute the position and role of armed forces in the protection of
            critical infrastructure, but we also place that outside the scope of our interest in this research.
            So, when we mention Brussels, we mean the activities of the European Union.

            This paper is divided into several sections. First, we introduced the foundational concepts,
            set specific relationships, and explained the research framework. The following section sum-
            marizes the indicators of cyber threats against critical infrastructure. This is followed by a
            section dedicated to the EU, outlining the strategic and normative framework of the critical
            infrastructure protection area, with particular reference to threats of terrorism. The section
            is accompanied by the same overview for the Republic of Croatia. Next, we analyze the
            operational level of protection of critical infrastructure at the EU level, which will be pre-
            sented through the cross-sectoral activities of professional communities dealing with critical
            infrastructure and counter-terrorism, to determine their links and cooperation. The same will
            be done for the Republic of Croatia. In the Conclusion, we will summarize the research find-
            ings and propose specific recommendations for improving cooperation and protecting critical
            infrastructure from terrorism.


            2  Cyber Threats to Critical Infrastructure


            Cyber threats are threats of disruptions and attacks towards IT infrastructure. The European
            Union Agency for Network and Information Security (ENISA), in its Threat Landscape Re-
            port from 2018, identified 15 main cyber threats in the world: malware (malicious software
            designed to cause intentional damage to IT infrastructure – viruses, worms, spyware, Trojan
            horses); web-based attacks (through web systems such as browsers, extensions, websites and
            web services); web application attacks (using weaknesses in web services and applications);
            phishing (defrauding information by posing as a legitimate company and sending emails and
            messages with a malicious attachment, URL, etc.); disturbed denial of service – DDoS attack
            (disruption to the regular traffic of a server, service or network by overwhelming it with in-
            ternet traffic); spam (flooding users with unsolicited emails or messages); botnets (connected
            devices that are running bots, i.e. software applications that run automated tasks like DDoS
            attacks); data breaches (successful outcomes of cyber threats as leakage or exposure of data);
            insider threat (within a company or organization); physical manipulation/damage/theft/loss


                                                                                    115