SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        ercive actors and the evolution of the security environment suggests growing threats to the
        region and beyond stemming from digitization, chaotic development, interdependencies and
        geopolitical dynamics.

        Certain countries within South-Eastern Europe are already applying this framework, but the
        non-EU states remain a gap in the security governance of a region whose interconnections
        are growing as a result of catch-up growth patterns, the regionalization and Europeanization
        of trade and the geopolitical initiatives required to build new infrastructure in this strategic
        region. We argue that CIP efforts will provide added value to security outcomes by increasing
        societal resilience, allocating scarce resources to the most vulnerable areas and introducing
        security by design as a principle in the building, operation and regulation of critical infra-
        structure. We conclude with a series of proposals related to CIP in South Eastern Europe,
        especially the non-EU states.


        2  Critical Infrastructure Protection


        Critical Infrastructure Protection has emerged as a comprehensive framework that offers the
        toolbox, principles and perspectives required to describe and manage a complex system of
        systems, first through an all-hazards approach and then through one based on resilience. This
        final concept is the ability of a system or asset to resist the impact of a disruptive event with
        minimum damage, minimal disruption and rapid resumption of an acceptable level of func-
        tioning so as to minimize the impact on related systems (Gheorghe et al, 2018). It began with
        the Presidential Commission on Critical Infrastructure Protection in 1998, and it was applied
        in the US and spread throughout the world, especially in the EU, as a governance mechanism
        after the September 11 attacks. The attacks proved the interdependencies of critical infrastruc-
        ture and the possibility of cascading disruptions and unexpected escalations in interconnected
        systems. At its most basic, CIP offers a philosophy for describing the operation of complex
        systems and developing methodologies to assess criticality, so that scarce security resources,
        including the attention of decision-makers within the competent authorities, can be directed
        to the areas of maximum usefulness. It is impossible to protect all critical infrastructures, all
        the time and completely. While overall societal resilience must grow, decisions must be made
        with regard to the most important infrastructures, assets and resources to protect, as these will
        also be the most likely targets for adversaries.

        2.1 Critical Infrastructure

        At the basis of the functioning of any society is an interconnected system of systems comprised
        of infrastructures, which are socio-technical systems made up of physical assets, organizations,
        communication links and governance mechanisms which produce the goods and services neces-
        sary for the functioning of society. Infrastructure taxonomies vary significantly from country to
        country, even in the EU, but generally designate energy infrastructure; railways, roads and ports;
        the chemical and nuclear industries; information and communication technology; food and wa-
        ter supplies; health, education and finance; defence capabilities; and even public administration.

        Infrastructures are critical when their destruction or disruption would cause loss of life, casu-
        alties, significant material damage, and loss to national prestige and confidence in authorities
        on the part of citizens and investors. The ANZCTC (2015) stated “CI extends across many


       134