Rome/Vienna [ENA] A Conference in Vienna on 16th of February addressed various questions of how to separate fact from fiction when assessing cyber incidents against critical infrastructure, the division of responsibilities between the state and private sectors in protecting critical infrastructure, and what states should do to promote an open Internet, including the respect for human rights and fundamental freedoms.
The discussions brought together representatives of the OSCE’s 57 participating States, the OSCE’s Partners for Co-operation, policy-makers and business executives, as well as experts, to explore how to protect critical infrastructure by strengthening the implementation of the OSCE’s ground-breaking confidence-building measures in the area of cyber/ICT security.The White Paper on Security Policy and the Future of the Bundeswehr 2016 reports that in our globalised world, the safe, secure and free use of the cyber and information domain is a fundamental prerequisite for the activities of both the state and private individuals.
Increasing digitalisation in all walks of life and the increasing interconnectivity of individuals, organisations and states are playing a unique role in our present and future opportunities. This development has, however, made the state, society and the economy particularly vulnerable to cyber attacks. As a consequence, urgent steps are needed to protect against threats. It emphasizes the need for greater cooperation in NATO and structures at European level looking for the strengthening and the creation of an apparatus of crucial collective defense to counter the current challenges. In this direction is the decision to expand industrial cooperation by focusing on joint training of staff of the European national armies.
The cyber era began more than thirty years ago and it is useless to detail its huge benefits. Since a decade, however, it is proving to be a double-edged sword, because after the earth, the sea, the air and the extra atmospheric space cyber it became the fifth arena of possible conflicts. The first episode of its offensive use dates back to 2007, when Estonia's vital structures were paralyzed for days by a cyber attack that came, according to some sources, from Russia. Another striking event occurred in 2010 with the shutting down of many centrifuges of Iran's plant at Natanz through a cyber "worm" called "Stuxnet".
Given the importance of critical infrastructure to national and transnational security and the rapid expansion of cyberspace, it has become more and more likely that tensions will arise between States over cyber incidents involving critical infrastructure. Protecting critical infrastructure against cyber threats and attacks must be a priority for international efforts to enhance cyber stability between States and therefore prevent tension and even conflicts. A real risk of conflict and potential cyber threats is a source of growing mistrust in the international community. Moreover the cyber world is also being abused on a large scale to radicalize people leading to acts of terrorism and other forms of violent extremism.
Its use is not visible, and it is difficult to document through the media. Insiders are unknown and are sometimes are thousands of kilometers from where an attack took place: it is difficult to find a similarity to the figure of the fighters as considered by war and international humanitarian law. The international community is not prepared on the regulatory side opposite to the peculiarities of the "weapon" is problematic and cybernetic assimilation of the latter to other types of weapons. It is difficult, as we have seen, identify those responsible, be they states, non-state entities or private citizens.
In the cyber world, the borders between states become irrelevant. The international community must be positioned to give states both the platform and the instruments to co-operate to avoid tensions in cyberspace. One should keep in mind that critical infrastructures are the lifelines of States, and essential assets. They are profitable businesses and indispensable for citizens. Keeping them safe is a concern all States share. In times when governments are increasingly investing in cyber capabilities, enhancing cyber resilience is not only a national exercise: it is also a contribution to international peace and security.