Page 127 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 127
ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ: CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK
proprietary and intelligence data that is not arranged in such a way as to enable the rapid and
efficient flow of critical information to critical infrastructure operators.
Relating to the protection of critical infrastructure in cyberspace, the National Cyber Security
Strategy reveals many things by which we can see that we still do not have a system in place
to protect critical infrastructure, although we do strive towards it. However, the first signifi-
cant step in the formation of a future system can be made; namely, by enacting the Act on the
Cyber Security of the Key Service Operators and Digital Services Providers, identifying Key
Service Operators and Digital Services Providers, and establishing new bodies (a National
Cyber Security Council and an Operational Technical Coordination for Cyber Security) and
connecting them to the bodies responsible for national cyberspace protection activities, and
thus to critical infrastructure. In this domain, in the years ahead, it will be necessary to elabo-
rate procedures and the effective cooperation of all actors.
It should be noted that in 2017, the National Security Strategy of the Republic of Croatia
stated that “documents defining the policies and methodologies for managing critical infra-
structure and limited national assets will be produced and will clearly determine which parts
must remain majority state-owned, thereby making it impossible to compromise vital func-
tions of importance to the state and the population in cases of business instability” (Croatian
Parliament, 2017a). This has not been done, and according to the current state of affairs, we
have not found any information that this is being done. Besides, this and the Strategy men-
tioned above highlight the importance and need for public-private partnerships in the field of
critical infrastructure protection. It does exist, but not as an organized and coordinated activity
by the state; it just comes down to individual case studies.
In connection with the construction of a critical infrastructure protection system, high-quality
direction is given by the 2017 Homeland Security System Act, which was adopted to put the
National Security Strategy into practice in the part related to the establishment of a homeland
security system and related security risk management, crisis management and critical infra-
structure management. The Act makes key provisions to ensure the harmonized implementa-
tion of all regulations governing the security measures and procedures of national importance,
in particular, the protection of critical infrastructure (Croatian Parliament, 2017b). Neverthe-
less, this has not materialized in the three years since the law was passed, just as most of the
provisions of the 2013 Critical Protection Act have not been implemented.
Finally, we have another interesting remark to make. Although all the actors in charge of coor-
dinating critical infrastructure protection activities are located in the same Ministry (Ministry
of the Interior), albeit in different organizational units, they do not have the kind of coopera-
tion that would be expected by looking through the prism of critical infrastructure. This is
very similar to the cooperation challenges we have seen at the EU level.
The Republic of Croatia has a high-quality strategic and normative framework for critical
infrastructure protection, but it lacks a certain set of regulations that it has committed itself
to draft. Most of all, it lacks a system with clear competencies, procedures and mutual re-
sponsibilities of all actors in these processes. We can also cite these remarks for the observed
countries in South-Eastern Europe.
127
