Page 115 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 115
ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ: CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK
This brings us to the final limitation, also partly related to the subtitle, which represents a di-
chotomy in the implementation of official policies and operational activities from Brussels to
South-Eastern Europe and back. Countries in the EU and those seeking full membership are
aligned with Brussels’ guidelines in the area of protection of critical infrastructure and the is-
sue of cooperation in the prevention and fight against terrorism. The challenge is that although
Brussels (where all Member States are represented in the development of policies adopted in
Brussels) sets development guidelines in both areas, it cannot affect the implementation of
Member States’ national policies, much less those of non-members. As critical infrastructure
and the issues of preventing and combating terrorism are areas of national security in each
country, the countries themselves decide on their level of cooperation with other countries and
with Brussels. Concerning Brussels itself, the multiple capital city, although both organiza-
tions (the EU and NATO) are based in Brussels and have their own policies and coordination
mechanisms for critical infrastructure protection, we have pragmatically decided to consider
only activities that come from the European Union, because the role of NATO is much smaller
in this area. Likewise, we consider this area to be a predominantly civil matter, and we will
consider it as such. We do not dispute the position and role of armed forces in the protection of
critical infrastructure, but we also place that outside the scope of our interest in this research.
So, when we mention Brussels, we mean the activities of the European Union.
This paper is divided into several sections. First, we introduced the foundational concepts,
set specific relationships, and explained the research framework. The following section sum-
marizes the indicators of cyber threats against critical infrastructure. This is followed by a
section dedicated to the EU, outlining the strategic and normative framework of the critical
infrastructure protection area, with particular reference to threats of terrorism. The section
is accompanied by the same overview for the Republic of Croatia. Next, we analyze the
operational level of protection of critical infrastructure at the EU level, which will be pre-
sented through the cross-sectoral activities of professional communities dealing with critical
infrastructure and counter-terrorism, to determine their links and cooperation. The same will
be done for the Republic of Croatia. In the Conclusion, we will summarize the research find-
ings and propose specific recommendations for improving cooperation and protecting critical
infrastructure from terrorism.
2 Cyber Threats to Critical Infrastructure
Cyber threats are threats of disruptions and attacks towards IT infrastructure. The European
Union Agency for Network and Information Security (ENISA), in its Threat Landscape Re-
port from 2018, identified 15 main cyber threats in the world: malware (malicious software
designed to cause intentional damage to IT infrastructure – viruses, worms, spyware, Trojan
horses); web-based attacks (through web systems such as browsers, extensions, websites and
web services); web application attacks (using weaknesses in web services and applications);
phishing (defrauding information by posing as a legitimate company and sending emails and
messages with a malicious attachment, URL, etc.); disturbed denial of service – DDoS attack
(disruption to the regular traffic of a server, service or network by overwhelming it with in-
ternet traffic); spam (flooding users with unsolicited emails or messages); botnets (connected
devices that are running bots, i.e. software applications that run automated tasks like DDoS
attacks); data breaches (successful outcomes of cyber threats as leakage or exposure of data);
insider threat (within a company or organization); physical manipulation/damage/theft/loss
115