The rapid growth of Information and Communication Technologies in both size and functionality, the so-called ‘digital revolution’ taking place since the 1970’s, has lead communication networks and information systems to become the nervous system of our society and the economy.
Though this development has brought about many opportunities, it did not take place without creating new challenges. The fact that the cyber world today more than ever plays a central role in an increasing array of governmental, industrial and social processes has greatly transformed the nature of security threats. Cyberwarfare and the danger it presents to critical information infrastructures are the subject of this dinner discussion.
Recognizing the vulnerability of Critical Information Infrastructures, many States, international organisations as well as industries have taken up the process to shape systems which can provide an adequate level of protection from outside threats and malicious attacks.
The term ‘Information Infrastructure’ refers to the combination of computer networks and communication systems. It serves for a range of information management, communications and remote control functions for governments, industry and society. All critical infrastructures, such as information, finance, transportation and utilities power infrastructures to name but a few are increasingly interconnected and interdependent. The failure or disruption of one infrastructure can thus potentially negatively affect the others. Critical information infrastructures are especially vulnerable to outside threats. Unlike the real world, the virtual world does not know physical and national boundaries. Typically, to disrupt other types of critical infrastructure networks requires the application of physical force. Information infrastructures however can be targeted from anywhere in the world, conditioned only by the availability of an internet connection. The prevention and detection of threats, the response to and recovery from cyber attacks on critical information infrastructures lie therefore at the heart of this debate.
In the News
Recent examples of countries that have been subject to cyber attacks help to put this debate into context. In April 2007, Estonia’s information infrastructure became the victim of a large scale cyber attack. The attacks crippled government websites for several months. However, Estonia has not been the only country that has been targeted in recent times. Given the nature of the cyber world it is notoriously difficult to trace the attacks to their source. These events should serve as a reminder of the significance of this subject.
Actions and Initiatives
Reacting to recent turbulences in the cyber world, NATO, in its Bucharest Summit Declaration of April 2008 announced the adoption of a common Policy on Cyber Defence. The task to establish the structures and authorities to effectively respond to cyber attacks will be coordinated by NATO’s Cyber Defence Management Authority. The European Commission is also responding to these threats. The Directorate General for Information Society has announced its plan to launch a policy initiative on Critical Communication and Information Infrastructure Protection. ‘The aim is to ensure an adequate and consistent level of protective security and the resilience of critical information infrastructures throughout the European Union.’ The initiative is part of the broader framework of the European Programme for Critical Infrastructure protection (EPCIP).
General Major D’Hollander, NATO Headquarter C3 Staff
NATO’s response to threats of cyberattacks, NATO’s new cyberdefence policy and body
Andrea Servida, Deputy Head of Unit, European Commission
The announced Commission initiative on Critical Information Infrastructure protection
Andrea Rigoni, Senior Manager, Symantec, Head of EU and European Critical Infrastructure Protection
The impact of major incidents and attacks on end users and their role in CIIP
Michael Behringer, Distinguished Engineer, Cisco Systems
How CISCO faces these major threats and what action it takes to manage the riskDownload programme