Ebook: Critical Infrastructure Protection Against Hybrid Warfare Security Related Challenges

This book contains the results recommendations best-practices of the NATO Advanced Research Workshop (ARW) “Critical Infrastructure Protection Against Hybrid Warfare Security Related Challenges” organized by the Atlantic Treaty Association in partnership with the Swedish Atlantic Council and held in Stockholm from 18–20 May 2016. This ARW has also received strong organizational support from The Norwegian Atlantic Committee, the Atlantic Council of Finland, The Danish Atlantic Treaty Association and the Icelandic Atlantic Council.

By addressing non-traditional threats like cyber-attacks, terrorism and attacks on energy supply that defy national borders, international experts provide interesting examples to counter new emerging security challenges affecting the security of the modern infrastructure. Furthermore, in this book opportunities for public-private partnerships in NATO Member and Partner countries within the context of hybrid warfare are identified.

Hybrid conflicts are characterized by the involvement of multi-layered efforts intended to undermine the functioning of a state and polarize its society. This entails, therefore, that military action alone cannot address these problems. These irregular threats put NATO in complex terrain, where common agreement for intervention is difficult to find. With regard to this, one objective of this NATO ARW has therefore been helping and supporting NATO in this field by developing a set of tools to deter and defend against adversaries waging hybrid warfare.

With the intervention of experts from the whole transatlantic region, the workshop provided a unique forum to address together two critical issues at the same time: the protection of Critical Infrastructure and the hybrid warfare related-challenges for the Alliance, which have been identified as a security priority for Sweden, the partner country set to host this ARW and also a NATO Enhanced Opportunity Partner (EOP).

The workshop resulted in being an excellent setting for experts and stakeholders from government, academia and the private sector for the exchange of information and best practices.

In dedicated panels, the workshop addressed the current state of Critical Infrastructure Protection (CIP) and the emerging challenges in the region due to the Hybrid Warfare. The increasing relevance of this region owing to the Russian role in the Northern area, and the related consequences for the alliance, have also been deeply analysed. A dedicated panel, international experts and NATO representatives have thoroughly examined the potential value of NATO in CIP and in countering non-traditional threats at large.

In conclusion, the ARW provided a key strategic forum for information sharing and contributed to identifying common solutions against major hazards and challenges, namely cyber-attack, terrorist attack on energy supply, men-made disasters, information warfare and maritime security risks. All of these threats are indeed cross-border, with a strong potential adverse effects on human safety and health.

Alessandro Niglia

Social Media has become a terrorist's best ally and worst enemy. In the aftermath of an attack on critical infrastructure, terrorist organizations take credit and celebrate the attacks, an effect that becomes raw and powerful to all social media users. In response to an attack, the majority of social media users give their sympathy, prayers and support to victims of an attack. This report analyzes the potential power that social media can have with resilience building by showing ways governments can educate and disseminate information in a cost-effective and timely manner to all parts of the world. This report uses real case studies and data compiled from different events to better support its thesis.

Critical infrastructures are essential to all states and any attacks on critical infrastructure can cripple the economy of the state or even harm the lives of its citizens. Advanced developed states have developed cyber programmes, with a specific few having created offensive cyber capabilities. When we live in a world of constant threat of cyber-attacks, countries need to adapt CBMs so as to avoid misunderstandings and create transparency. In this report we will discuss the importance of cyber security, showcase a possible scenario between two countries and figure out what is next for the OSCE in the field of critical infrastructure protection.

The Smart Grids combine and integrate the now ubiquitous computational capabilities with the traditional power grid. This integration will lead to a considerable increase of efficiency and reliability of energy distribution among the consumers (domestic or industrial environment). This objective is achieved by distributing thousands (and/or millions) of interconnected sensors and smart electronic devices on the network. This feature is the strength and the weakness of the Smart Grids, in fact every single device connected to the Smart Grids will be a potential entry point to further attacks on the entire network.

Western countries today are focused on enhancing their own societal resilience – building the capacity of their societies to anticipate, preempt and resolve disruptive challenges to their critical functions. Resilience begins at home and is foremost a task for national governments. Yet growing interdependencies mean that few of the critical infrastructures that sustain the societal functions of open societies are limited to the national borders of a particular society. Moreover, those infrastructures, and the connections they bring with other societies, are susceptible to disruption, whether through natural disasters, potentially catastrophic terrorism, networked threats or disruptive hybrid attacks. This means that traditional notions of territorial security must be supplemented with actions to address flow security – protecting the links that bind societies to one another. These challenges, in turn, will require greater shared resilience. Understanding the need for greater shared resilience also leads to consideration of how countries might be able to project resilience forward to neighboring countries that are weaker or more susceptible to disruptions that can ripple back to their interdependent partners.

Open Source Intelligence (OSINT) has now begun a common practice for many corporate security departments to gather strategic and operational intelligence for the protection of tangible and intangible assets, as well as for the mitigation of threats. OSINT is now evolving into a new era of real-time processing of enormous amount of heterogeneous data (Big Data) that could provide new valuable tools for the protection of critical infrastructures.

Critical infrastructure protection – the global evolving need when it comes to ensuring security – is perceived differently from one country to another. The difference come from the country's specific development features and its geographic location. While both the EU and NATO focus on developing an integrative approach, impediments to that come from the member states' perceptions pose specific risks and opportunities. This paper offers a case study of Romania's energy sector building up on the critical infrastructure protection, looking at the broad, but key items that the sector considers. Considering the current geopolitical balance in the Central and Eastern European region, Romania's case is showing the pitfalls for securing the Eastern frontier of both NATO of the EU.

Daesh – the so-called Islamic State – is already using chemical weapons in Iraq and Syria. With considerable access to funding and territory, Daesh is now seeking to acquire a broader Chemical, Biological, Radiological and Nuclear (CBRN) arsenal. The group certainly has the motivation to employ a CBRN device in Europe or North America – not least because it would fit its media strategy. In sum, the risk that Daesh carries out acts of CBRN terrorism is growing. This contribution addresses the threat and concludes with some thoughts on how to sharpen Euro-Atlantic responses.

This contribution develops a worst case scenario of a synchronized assault on strategic energy and information infrastructure in Sweden. It highlights the need to consider “unthinkable” scenarios in contingency planning to minimize the damage a major comprehensive disruption could cause. The challenge consists in having to handle the simultaneous impact of critical infrastructure disruptions while ensuring the effective flow of information between the state and society. The extreme scenario is developed on the basis of real incidents that have affected Sweden in the past few years.

The threat of influence campaigns and information influence activities cannot be handled with a stove pipe perspective. Certain state actors who conduct influence campaigns have the capacity of their entire society at their disposal. An attack can be directed against any sector of our society. The threat of an attack is only effective if there are vulnerabilities in our society that can be exploited. To protect us from this type of threat, we also need to use a comprehensive society approach – integrate all parts of the society to identify and counter information influence activities.

This paper focuses on the role of the NATO Strategic Communication Centre of Excellence in countering propaganda in the cyber space. The Russia-Ukraine conflict will be taken as a case study and examples of how to use social media in this framework will be also provided.

Physical and Cybersecurity are converging. This convergence has created a new security threat that both public and private organizations are struggling to combat. Nowadays, an interruption in a network can impact not just online operations, but also the physical operations of an organization. To address this issue, Vitrociset begun to treat both cyber and physical security as one and has developed a unified response for Critical National Infrastructure protection against Hybrid attacks.

In a world where terrorism, organized crime, illegal immigrants and thefts have become constant on a global level in every aspect of transportation, the transport sector has not been spared. Recent terrorist activities points out that ports, as a major and initial point of maritime transport, are still not attractive targets for this type of illegal activity. Nevertheless, it is necessary to apply preventative measures to reduce the opportunities of a terrorist attack within the entire transport sector. Most studies concerning the shipping industry are pointing out the fact that ships can be used as a tool for planned terrorist attacks, especially when they are in a port. Accordingly, a series of measures and regulations, relevant to the implementation and application of an appropriate system to protect ships and ports internationally, have been adopted. One of these measures is International Code of Security of Ships and Ports (ISPS code). The purpose of this paper is to emphasize the importance of a common approach of coordination and standardization of ISPS application in ports, and making it efficient on a regional level. Furthermore, its intention is to highlight the direct and indirect impact that may arise from the illegal activities, which could result in negative modal shift whose realization is one of the priorities of the European Union.

Old and unsupported firmware represents a serious threat to infrastructure security. Infrastructures are very complex scenarios in which hundreds of devices operate. Each hardware device is managed by a firmware that is in charge also of managing communication with the global platform manager. Old and unsupported firmware are easily exploitable and in some cases they can lead to gain access to the platform manager, compromising the entire infrastructure security.

Three elements are seen important for this debate:

– NATO needs capabilities to fulfil its missions. The defence and security industry is the primary provider for these capabilities and in the context of the declining defence budgets, the North Atlantic Council launched the Framework for NATO-Industry Engagement.

– NATO needs better dialogue and cooperation inside the enterprise, and between NATO, nations and industry. The monopsony of the nations as the sole customers for the defence industry, which they also regulate, protect and promote, sometime challenges the idea that industry is inherently driven by, and has to generate profit. These apparently contradictory drivers would justify additional efforts to identify the points of significantly converging interests for NATO, nations and industry.

– If and when crises occur, NATO, nations and industry are ‘in the same boat’. NATO resilience builds upon Allies' resilience, which these days means increasingly industry's resilience. Moreover, when referring to critical infrastructure protection, more often than not industry is the critical infrastructure.

The Euro-Atlantic Community views resilience as an important concept for guiding anticipatory capacity building in the face of varied and complex security threats. The next step is to examine the notion of ‘forward resilience’, a more dynamic concept that recognizes key interdependencies amongst allies, partners and neighbors. In this paper we argue that the ‘capacity to cooperate’ must be a central feature of forward resilience as a shared endeavor. The capacity to cooperate – quickly, effortlessly and to mutual benefit – seems so obvious that it is taken-for-granted by allies and partners. But in an expanded NATO and European Union which must work closely together, with instability in the surrounding neighborhoods, and in the face of a legacy of cooperation failures, we must study the essential factors that increase nations' capacity for transboundary cooperation before, and during, a major security incident.