Page 159 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 159
ANDREJ ILIEV, FERDINAND ODZAKOV: HISTORICAL AND LEGAL ASPECTS OF CYBER ATTACKS ON CRITICAL INFRASTRUCTURE
• The creation of a Cyber Defence Agency that encompasses the coordinating functions
of the Coordinator, ENISA’s advisory capacity developed under the 2017 package, and
specific, core executive functions (Scheffer, 2018: pp 65-67).
During 2019, the European Commission gave its recommendations to (ENISA) for the cyber
security of modern 5G networks. This toolbox includes:
• An inventory of the types of security risks that can affect the cyber security of 5G net-
works (e.g. supply chain risk, software vulnerability risk, access control risk, risks arising
from the legal and policy framework to which suppliers of information and communica-
tions technologies equipment may be subject in third countries);
• A set of possible mitigating measures (e.g. third-party certification for hardware, software
or services, formal hardware and software tests or conformity checks, processes to ensure
access controls exist and are enforced, identifying products, services or suppliers that
are considered potentially not secure, etc.). These measures should address every type
of security risk identified in one or more Member States following the risk assessment.
The Member States of the EU, together with the European Commission, should identify
the conditions concerning the security of public networks against unauthorized access,
to be attached to general authorization and security requirements for networks and for
the purposes of commitments participating in procedures for granting rights of use of the
spectrum in 5G bands pursuant to Directive 2002/20/EC. The EU Member States should
cooperate with European Commission to develop specific security requirements that could
apply in the context of public procurement related to 5G networks. This should include
mandatory requirements to implement cyber security certification schemes in public pro-
curement, insofar as such schemes are not yet binding for all suppliers and operators. EU
Members should cooperate with the European Commission to assess the effects of this
recommendation by 1 October 2020, with a view to determining appropriate ways forward
(European Commission. Cyber security of 5G networks, 2019: pp 7-8). This assessment
should take into account the outcome of the coordinated European Union risk assessment
from cyber threats.
4 Conclusion
Critical infrastructure (CI) systems will continue to depend on information systems and
electronic data. Reliance on the power grid and telecommunications will also continue to
increase, as will the number of attack vectors and the attack surface, due to the complexity of
these systems and higher levels of connectivity due to smart networks. The security of these
systems and data is vital to public confidence and safety (Dell Annual Threat Report, 2015).
Cyber-attacks and sabotage of critical infrastructures are threats which are present both now
and in the future. In the future we will observe an increase in attacks on data brokers, physical
infrastructures, and telecommunication networks, such as global denial of service attacks on
all connected services.New forms of CI, such as social media platforms, will become a prime
target for cybercriminals(Kaspersky and Critical Infrastructure Protection, 2015). Exploitation
of existing vulnerabilities, “zero day attacks” (days without attacks), and targeted phishing
attacks will increase and continue to pose threats against critical infrastructures, owing to the
complex mix of legacy systems and new components, combined with the need to minimize
business disruption and cost, which often delays upgrades and updates. A lack of supplier
support and policies also has a significant impact on the security of CI. Employees with
159
