Page 136 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 136

SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        cies provide the vectors for the transmission of risks, vulnerabilities and threats, not just those
        stemming from the security environment, but also those created through interactions between
        the infrastructures or infrastructure components, leading to complexity and unanticipated sys-
        tem behaviours (Keating et al, 2014).

        The Covid-19 pandemic of 2020, especially, has highlighted the interdependencies of several
        categories of critical infrastructure, with the inadequacy of the critical health infrastructures
        and the attendant emergency measures having an impact on most facets of social life and the
        economy, which can be conceptualized as transport infrastructure, food supply infrastructure,
        financial infrastructure and so on, as well as the cross-border impact of infrastructure disrup-
        tion, either partial or total. It has also highlighted the potential of physical, cyber, or supply
        chain attacks on health infrastructure to disrupt the normal functioning of society and to ag-
        gravate ongoing crises.

        The ambiguity and uncertainty of complex systems constitutes a challenge for owners/opera-
        tors and for state authorities. The materialization of an event which leads to a crisis can lead to
        disruptions propagating throughout an entire system, in ways both expected and unexpected,
        due to the “fortuitous alignment of breakages” and other factors enabling rapid transmission
        (Pescaroli & Alexander, 2016). These factors include a lack of system adaptability, insuffi-
        cient margins, lack of substitution in resources, lack of flexibility, lack of reserves, and often
        stem not from system failure, but from the results of desired efficiencies and costs savings.
        The resulting phenomenon leads to the prolongation and aggravation of crises, as well as to
        unexpected escalations and other interactions, both within national borders, and also beyond
        them (Pescaroli & Alexander, 2016).

        Critical infrastructure is naturally vulnerable to deliberate disruption. Terrorists may themselves
        use an intuitive or even a professional version of criticality theory to plan their actions so they
        can generate the maximum impact (short, medium and long-term) with the least costs or few-
        est risks of failure. The targeting of critical infrastructure is also becoming a preferred activity
        of state-sponsored actors, as a means of hybrid warfare disrupting both civilian and military
        infrastructure, and placing pressures on the target society’s economy, civil society and politics.
        It therefore becomes a supremely useful means of coercion against a rival or an adversary, who
        must act to reduce the vulnerability to these methods. This may serve as a preamble to a clas-
        sic conventional military conflict, or as a strategy to avoid conventional warfare and an armed
        response through plausible deniability and measures below the threshold of war.

        The SEE region features several characteristics, from a CI point of view, which impact the
        security environment:
        •  A heterogeneity of state entities when it comes to resources, government capacity and
           membership in CIP-relevant international organizations (the EU, NATO etc.);
        •  In the case of former Communist nations, a lack of basic infrastructure for modern eco-
           nomic processes, and the advanced decay of the existing, often extensive, infrastructure,
           which is often nearing the end of its planned lifespan;
        •  A weaker institutional capacity, with low levels of trust and social capital, affecting the
           positive cooperation between state authorities and local communities or between busi-
           ness organizations (the majority or plurality of CI operators) and the authorities;
        •  A drive for catch-up growth which prioritizes speed over security, and leads to differenc-
           es in the rates of advancement between profit and efficiency-oriented actors and security-
           oriented authorities. The CI inventory develops more rapidly than the state capacity to

       136
   131   132   133   134   135   136   137   138   139   140   141