Page 157 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 157
ANDREJ ILIEV, FERDINAND ODZAKOV: HISTORICAL AND LEGAL ASPECTS OF CYBER ATTACKS ON CRITICAL INFRASTRUCTURE
3 Legal Aspects of Cyber-Attacks on Critical
Infrastructure
Bearing in mind the historical development and perspectives of cyber warfare, what we know
so far is that the EU, together with NATO, have developed a cyber security strategy, over past
few years all the NATO and EU members have developed their own national cyber security
strategies that are in coordination with the European Commission and EU legislation and
norms for NATO member states (Appazov, 2014: pp 38-42).
From the point of view of international law, the Estonian cyberattack can be described as an
‘unjust’ cyber-attack. Seen from the perspective of jus ad bellum, the attack lacked a sufficient
just cause, and was not undertaken in any meaningful sense as a last resort. From the perspec-
tive of the just conduct of hostilities – jus in bello – the attack was utterly indiscriminate and
disproportionate in its threat of harm, at least, when compared either to the harm Russia or
its citizens were allegedly suffering, or to any legitimate military objective that might have
otherwise been under consideration. The cyber attack on Estonia led NATO to establish Co-
operative Cyber Defense Centre of Excellence (CCD COE) in Estonia in May 2008, with a
staff of 30 specialists. It became operational in August 2008 and is part of a NATO network
of thirteen accredited Centres of Excellence dedicated to training representatives from NATO
member countries on “technically sophisticated aspects of NATO operations” (NATO Coop-
erative Cyber Defence Centre of Excellence,2018). The CCD COE focus is on coordinating
cyber defence, and establishing policies for aiding allies during cross-jurisdictional attacks.
The European Union (EU) strategy for cyber security is based on five principles that will be
priorities for the future of the EU. The EU’s official stance emphasizes that cyber security is
just as important as security in physical space. In accordance with the official text of the EU
cyber strategy, the most important five principles are the following:
• Achieving cyber resilience;
• Reducing cybercrime;
• Developing a cyber defence policy and capabilities related to the Common Security and
Defence Policy (CSDP);
• Developing industrial and technological resources for cyber security, and
• Establishing a coherent international cyberspace policy for the EU, and promoting core
EU values (European Commission, 2013: pp 4-5).
During 2016 the EU-NATO collaboration began to take shape. At a summit in Warsaw, the
Presidents of the European Council, the European Commission and NATO’s Secretary Gen-
eral signed a Joint Declaration for better security cooperation between the institutions. The
Joint Declaration emphasized seven categories for cooperation between NATO and the EU.
Two were directly applicable to cyber defence: countering hybrid threats, and cyber security
and defence (EU-NATO cooperation – Factsheet, 2019).
The last decade’s developments in digital information technology have dramatically increased
interdependencies between the critical infrastructures. Energy infrastructure provides essen-
tial fuel to all other critical infrastructure sectors, as without energy, none of them can operate
properly. In turn, it depends on other critical infrastructure sectors, such as communications
and information technology. The image above provides a simplified illustration of the inter-
dependencies between 16 critical infrastructure sectors, including the four critical sectors (i.e.
157
