Page 96 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 96
SECTION II: CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION
hance the functioning and efficiency of goods and services across healthcare, transportation,
and financial services, and to significantly improve business efficiency. However, the trend of
weaponizing AI systems, and the intent to use them for strategic, political and military pur-
poses, among others, raises great concerns in the context of CIP and CIIP. The ability of AI
to collect and process massive data and supersede human cognitive and physical limitations
(from decision-making to real physical actions) has already stimulated ethical, moral, legal
and serious security debates around the globe. AI systems and applications are thus challeng-
ing the existing standards and principles of law based on human limitations and performance
capabilities. At the same time, AI applications and systems are becoming a new threat and
attack vector for CI and CII. Potential malfunctioning or errors based on the algorithm insuffi-
ciencies or unpredicted assumptions during deep learning processes can cause threats beyond
the AI employer’s imagination. The ability to hack the algorithms or feed AI with misinforma-
tion in an interconnected and interdependent world is making AI a perfect attack avenue for
both state and non-state actors with malicious agendas.
While debates about the implications of AI are becoming more frequent around the world, the
subject is rarely discussed during SEE-based security forums. This article therefore intends to
stimulate debate about AI applications in the SEE security context, and more specifically in
the CIP and CIIP context. It briefly addresses the changing security environment and explains
how threats to SEE security have evolved from conventional through unconventional and
cyber-based to hybrid-based threats. The main argument throughout the article is that the AI
race in the security and defence sector is giving a whole new dimension to geostrategic com-
petition, and that this race is elevating asymmetric, cyber and hybrid-based threats to a whole
new hyper-threat level. After explaining the hyper threats, the article provides reasons why
the SEE leadership needs to consider these threats in the context of CIP and CIIP. Finally, it
provides some recommendations that must be considered for better CIP and CIIP in the world
of hyper threats.
2 The Security Environment has Changed and is
Changing Fast
Intensified globalization, technological development, and the return of geopolitics shape the
security reality in the region of SEE (Lachert, 2019). All these changes in SEE reflect the
framework of CIP and CIIP. The transition after the Cold War, among other things, in the
security sector has urged SEE to move from the massive defence type of organization to a
crisis management approach and protection of critical infrastructures (Hadji-Janev & Jova-
novski, 2013). Nestled under Euro-Atlantic integration processes, the armed forces followed
NATO-led transition and integration, while the remainder of the security sectors (law enforce-
ment and internal affairs including crisis management, disaster, and protection) transitioned
under the EU framework, leading to transition and integration. To be able to cope effectively
with the emerging security trends (predominantly coming from non-state actors), western
democracies have introduced (and SEE countries have followed) the critical infrastructure
protection concept (CIP) (Cyber edu, 2007) or the critical information infrastructure concept
(CIIP) (Willke, 2007). These concepts were supposed to replace the robust and inert defence
systems with a more federated type of approach to security, shared between the public and
private sectors.
96
