Page 119 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 119
ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ: CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK
2018; Hern, 2019) and its own ties with the Russian government (Cadwalladr, Graham-Harri-
son, 2018), and as the primary goal of the campaign, which used data breaches to spam voters,
was political, it could be argued that the incident was a case of cyberterrorism. However, it
would be hard to prove.
At the end of this section, we need to point out that we have not been able to find a single
reference to an example of cyberterrorism in the literature available for analysis. However,
we have come across the following opinions: “There has not been so far a single recorded
instance of cyber-terrorism” (Argomaniz et al., 2016: p 80, cited in Pierozzi, 2018: p 1) and
“although cyberterrorist attacks have not yet materialized, increased level of “know-how” in
ICTs will arguably make them more likely to occur” (UNOTC, UN CTED and Interpol, 2018:
p 22). This puts before us the analytical challenge of considering and articulating our research
topic. We can conclude that cyber threats pose a tremendous and significant threat to critical
infrastructure, but so far, no cases of cyberterrorism have been officially recorded, i.e. it is
difficult to prove that a particular cyber act is an act of terrorism. This does not mean that the
danger does not exist and that it will not occur soon, and therefore, it should be researched.
3 A Strategic and Normative Framework for the
Protection of Critical Infrastructure at the EU Level
st
The EU began to develop critical infrastructure protection in the early part of the 21 century
– generally speaking, as a reaction/influence – for three major reasons. The first significant
reason is the response to the 9/11terrorist attacks in the United States in 2001, and the follow-
up to the US example of the strategic and normative regulation of the area (the Americans rep-
resent the global leaders in developing new concepts for strengthening resilience and protect-
ing critical infrastructure). The second reason is a response to terrorist attacks in Europe, in
Madrid (2004) and London (2005), where elements of critical infrastructure, as in the case of
9/11, were used to carry out the attacks. The third reason is the impact of the older EU Mem-
ber States, which developed and put in order the subject matter decades ago in their respective
legislations. So, due to both external and internal impulses, EU experts began to regulate the
subject matter for the sake of the EU itself, in cooperation with the Member States, and then
with other organizations and countries. The following section provides an overview of the
strategic and normative acts, as well as particularly significant programmes for the develop-
ment of this area at EU level.
The first EU security strategy, adopted in 2003 under the title European Security Strategy:
A Secure Europe in a Better World, mentions infrastructure in a section on the dependency
and vulnerability of Europe in the transport, energy, information and other sectors (Council
of the European Union, 2003). The next security strategy, Internal Security Strategy for the
European Union: Towards a European Security Model from 2010, which is primarily focused
on internal security, mentions critical infrastructure only once, in the sense of protecting it in
order to ensure a high quality of life in Europe (European Council, 2010). In the first Cyber-
security Strategy of the European Union: An Open, Safe and Secure Cyberspace from 2013,
considerable attention was paid to the need to protect critical infrastructure and critical infor-
mation infrastructure from all threats, including cyberterrorism (European Commission and
High Representative of the European Union for Foreign Affairs and Security Policy, 2013).
In the strategy document A Global Strategy for the European Union’s Foreign And Security
119
