Page 96 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 96

SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        hance the functioning and efficiency of goods and services across healthcare, transportation,
        and financial services, and to significantly improve business efficiency. However, the trend of
        weaponizing AI systems, and the intent to use them for strategic, political and military pur-
        poses, among others, raises great concerns in the context of CIP and CIIP. The ability of AI
        to collect and process massive data and supersede human cognitive and physical limitations
        (from decision-making to real physical actions) has already stimulated ethical, moral, legal
        and serious security debates around the globe. AI systems and applications are thus challeng-
        ing the existing standards and principles of law based on human limitations and performance
        capabilities. At the same time, AI applications and systems are becoming a new threat and
        attack vector for CI and CII. Potential malfunctioning or errors based on the algorithm insuffi-
        ciencies or unpredicted assumptions during deep learning processes can cause threats beyond
        the AI employer’s imagination. The ability to hack the algorithms or feed AI with misinforma-
        tion in an interconnected and interdependent world is making AI a perfect attack avenue for
        both state and non-state actors with malicious agendas.

        While debates about the implications of AI are becoming more frequent around the world, the
        subject is rarely discussed during SEE-based security forums. This article therefore intends to
        stimulate debate about AI applications in the SEE security context, and more specifically in
        the CIP and CIIP context. It briefly addresses the changing security environment and explains
        how threats to SEE security have evolved from conventional through unconventional and
        cyber-based to hybrid-based threats. The main argument throughout the article is that the AI
        race in the security and defence sector is giving a whole new dimension to geostrategic com-
        petition, and that this race is elevating asymmetric, cyber and hybrid-based threats to a whole
        new hyper-threat level. After explaining the hyper threats, the article provides reasons why
        the SEE leadership needs to consider these threats in the context of CIP and CIIP. Finally, it
        provides some recommendations that must be considered for better CIP and CIIP in the world
        of hyper threats.


        2  The Security Environment has Changed and is
             Changing Fast


        Intensified globalization, technological development, and the return of geopolitics shape the
        security reality in the region of SEE (Lachert, 2019). All these changes in SEE reflect the
        framework of CIP and CIIP. The transition after the Cold War, among other things, in the
        security sector has urged SEE to move from the massive defence type of organization to a
        crisis management approach and protection of critical infrastructures (Hadji-Janev & Jova-
        novski, 2013). Nestled under Euro-Atlantic integration processes, the armed forces followed
        NATO-led transition and integration, while the remainder of the security sectors (law enforce-
        ment and internal affairs including crisis management, disaster, and protection) transitioned
        under the EU framework, leading to transition and integration. To be able to cope effectively
        with the emerging security trends (predominantly coming from non-state actors), western
        democracies have introduced (and SEE countries have followed) the critical infrastructure
        protection concept (CIP) (Cyber edu, 2007) or the critical information infrastructure concept
        (CIIP) (Willke, 2007). These concepts were supposed to replace the robust and inert defence
        systems with a more federated type of approach to security, shared between the public and
        private sectors.



       96
   91   92   93   94   95   96   97   98   99   100   101