Page 125 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 125

ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ:  CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
                                      COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK

            responsibility for combating terrorism, and that the EU can help them in several areas, such
            as strengthening national capabilities; facilitating European cooperation; developing collec-
            tive capability; and promoting international partnerships. Even more important is to underline
            that in the EU Directive on Combating Terrorism – which is significant because it reinforces
            the legal framework so that conduct related to terrorism is covered more comprehensively,
            and directs the Member States in what to do about counter-terrorism cooperation – there is
            no reference to critical infrastructure protection (European Parliament and Council of the
            European Union, 2017). Thus, the key document under which the law enforcement agencies
            of the Member States, as well as the EU’s common bodies (such as Europol and Eurojust), act
            in the field of counter-terrorism does not refer them to the protection of critical infrastructure.

            Also, two additional challenges noted by Laris Gaiser should be highlighted. First, “EU mem-
            bers are pursuing fragmented policies; consequently, this has led to a significant lack of coopera-
            tion between national governments and EU institutions in setting up a coordinated emergency
            response to potential threats.” Second, “Critical Infrastructure Protection (CIP) Contact Points
            requested by EPCIP to facilitate the exchange of information and emergency management co-
            ordination financed and established by governments never reached the needed efficiency given
            that single local reference offices have been appointed following divergent approaches and
            sometimes incomparable priorities. Even the Computer Security Incident Response Teams Net-
            work just provides a forum where Member States’ National CSIRTs can cooperate, exchange
            information, and build trust” (Gaiser, 2018: pp 51-56). To this, we can add our findings that in
            individual countries, Critical Infrastructure Protection Contact Points are Ministry of Defence
            officials who do not have sufficient quality cooperation with representatives of the law enforce-
            ment agencies primarily responsible for critical infrastructure protection.

            It is also necessary to note the opinion of Filippo Pierozzi that the “EU lacked a wide-ranging
            approach to tackle cyberterrorism. While the EU has stepped up its efforts to face the terror-
            ist use of the internet, cyberterrorism is considered as a threat with a “high potential, but low
            probability” and therefore not enshrined in crisis management mechanisms” (Pierozzi, 2018:
            p 7). This explanation may be a logical answer as to why the EU has not yet developed an area
            of cooperation to protect critical infrastructure from cyberterrorism.

            All the aforementioned challenges derive from the organization and the mode of work at both
            the European Union and Member States’ agencies involved in law enforcement activities.
            Policies and lines of work that are put in place and function properly at EU level (hence the
            quality of cooperation between the Member States) are related to legal migration and integra-
            tion; irregular migration and return; the Common European Asylum System; Schengen, bor-
            ders and visas; organized crime and human trafficking; cybercrime; and counter-terrorism and
            radicalization. There a number of challenges here, but we will highlight just three of them: 1)
            no area of work deals with the protection of critical infrastructure, and so these activities are
                                                                                     3
            scattered; b) law enforcement agency cooperation is conducted based on the silo principle ,
            where activities and actors are primarily focused on their line of work; and c) there is insuf-
            ficient cooperation and coordination between the different silos, and too little focus on critical
            infrastructure protection. To conclude this section, we can point to analytical conclusions and
            empirical insights that the protection of critical infrastructure is not high on the priorities of
            the various EU bodies or the law enforcement agencies of the Member States cooperating in
            a number of security areas under the auspices of the EU.

            3    Extracting resources from within the country.

                                                                                    125
   120   121   122   123   124   125   126   127   128   129   130