Understanding the challenge
Terrorism as a major threat to CIs
CIs have faced previous exposures to hazards including natural calamities, technical difficulties, and criminal activities, and the protection of CI as a separate policy was after the repercussions of the 9/11 occurrence (Bogdanoski et al.2013, p. 8). Over the past years, terrorists have increased their interest in CIs as a means of promoting their activities further. For instance, in 2002, members of the Al-Qaida looked to establish weaknesses in the United States on both public and private activities (Taylor et al.2014, p. 17). A computer that had information pertaining to dam analysis was discovered in Afghanistan facilitated the United States National Infrastructure Protection Center to send a warning bulletin. No sector has managed to escape activities by terrorist attackers (Taylor et al.2014, p. 18). For example, in the transport sector recently, Metro and Brussels airports were attacked by ISIL operations. In this incidence, thirty-two people lost their lives. The energy sector has also had its own fair share of terrorist attacks manipulated by the Al-Qaida (Bogdanoski et al.2013, p. 15). In other cases, attackers have tried launch attacks on infrastructure consisting of dangerous materials. The recent discovery has shown that the new generation of terrorists will familiarize themselves with ICT (Rollins, 2007, p. 8). Although cyber terrorist’s attacks are yet to take place, it is likely to provide a perfect channel for terrorists to develop attacks on various infrastructures (Bogdanoski et al.2013, p. 8). The increased know-how in ICT makes it inevitable for these attacks to take place. If the government and the relevant sectors leave the issue an unaddressed, it could impact international peace and security.
CIs as a soft target
Soft targets are mostly associated with places where large masses gather, while hard targets refer to those places that have enough security guarded by military or armed individuals. Soft target makes it easy for terrorists to strike (Bogdanoski et al.2013, p. 8). However, soft targets do not always have to entail those sports with many people. Recently, the relevant bodies have re-defined the aspect by arguing that using the two terms separately fails to address the overall protection policies in the fight against terrorism adequately (Taylor et al.2014, p. 7).
The specific threats to CIs
Terrorist attacks towards CIs could take multiple dimensions. The threats depend on their nature, the place of origin, and how they take place (Taylor et al.2014, p. 7). The identification and understanding of the attacks likely to take place within the CIs form the grounds of the first step as a means of formulating adequate strategies as protection measures.
Physical versus cyber threats
Physical threats aim at destroying and infrastructure and weakening its operations. One such attack entails the use of explosives (Rollins, 2007, p. 6). To the attackers, the aim is to gain partial or total destruction of the infrastructure. The attackers could also systems to misbehave. Although cyber threats differ from physical ones, the aims at achieving the same outcome (Bogdanoski et al2013, p. 6). Cyber threats consist of the following: Manipulation of systems and information by the use of malware that exploits weaknesses in software and hardware essential for the running of CIs (Taylor et al. 2014, p. 6). They could also interrupt the functions of crucial systems such as DoS. The launch of ransomware causes harm to the systems.
Internal versus external threats
Many times the CIs focus more on the external threats and give less consideration to the internal ones. When one compares the external actors who use unacceptable means to gain access, insiders have more advantage (Rollins, 2007, p. 8). Insider actors consist of employees, suppliers, and the company at large. Insider perpetrators mostly act as informants. They have the advantage of observing most of the processes in the organization.
Isolated versus various attacks
Threats against CIs could take place remotely and irregularly to cause harm to the infrastructure within the same sector, for example, nuclear power plants owned by a single individual within the same geographical place (Taylor et al.2014, p. 17). One could relate the same with a CI cyber-attack like those that take place for industrial espionage where the attack is more like a campaign. For example, the “LURID” attack in 2011 targeted the ICT system of individuals including diplomatic activities and other government agencies (Rolllins, 2007, p. 8). The establishment of trends within the same occurrence requires effective analytical tools and information processing from a variety of uninformed sources. Many cyber-attacks remain concealed as the operators are reluctant to make them known. The knowledge of identification of such attacks early provides a better platform to make those attacks known, and allow the authority to share the information. Information sharing on such attacks allows for effective intervention and predicts others against likely victims (Taylor et al.2013, p. 6).
Terrorist motivation to attack CIs
The nature of CI that tends to have more heterogeneousness and separation of geographical areas and institutional framework, which they are located and run, makes it hard to establish what makes terrorist base its interest on it compared to other non-critical targets. Studies in recent years have concluded on the reasons that make CIs attractive for terrorist attacks (Bogdanoski et al.2013, p. 7). First, they appeal to them due to the value they offer to society, especially in industrialized countries like the United States. Interfering with the operations of the CI enables terrorists to maximize damage to extreme levels that would not be the case with smaller targets. At some point, the Al-Qaida members were reported to have spent a significant amount of time checking into the United States financial firms as well as international organizations (Taylor et al.2014, p. 8). The activity was encouraged by Osama bin Laden’s call to his members to hit the United States economy through every possible mean. The other fact that would make terrorists attack CI is to cut off important supplies such as power generating facilities and oil pipelines among others to show the vulnerabilities that exist in public bodies (Rollins 2007, p. 5). The third reason could come from a sense of wanting to make high publicity that would not come from targeting a low-profile initiative. They could also want to gain control of the CIs for social acceptability. For instance, the disruption of water supply infrastructure by ISIL had a benefit of improving recruitment efforts and allowed water supply to the Islamic states.
Countering terrorist threats through a human rights –compliant method
Terrorism interferes with the rule of law, protection of human rights, and their execution. Sates must protect individuals within their jurisdiction from third party interference such as terrorist acts as provided by international human rights law (Bogdanoski et al.2013, p. 8). The duty is essentially important in consideration of how the destruction of CIs would have significant consequences on the population, given the responsibility the infrastructure has in running societal operations (Taylor et al.2014, p. 6). Destruction of such infrastructures could result to detrimental human harm and undermine security and right in a healthy environment, which could result in poor living conditions. Measures ought to come in place to help prevent and eliminate threats that could interfere with national security acts such as crime violence and terrorism. Hence, the relevant institutions ought to take guidelines from the Global Counter-Terrorism Strategy (GCTS) (Rollins, 2007, p. 8). In efforts to fight terrorist activities directed to CIs, state authorities could employ measures that limit particular rights.
National strategies in reducing cybersecurity risks to CIs
States must consider improving strategies to deal with terror attacks especially the recent pre-emptied cyber-attack. Assessing, measuring risk, preparing and engaging the respective shareholders (Rollins, 2007, p. 8). In modern societies today, the protection of the CIs is an ambiguous task. The relationship between sectors allows for better options when dealing with accident cases. The interdependence allows for more coordinated, preventive, and recovery measures. The second strategy would be defining the organizational structure (Taylor et al.2014, p. 14). A measurable framework outlines guidelines for efficient management through task harmony with related policies (Rollins, 2007, p. 10). The undertakings ought to have tailoring that helps to resolve specific needs. In the case of cybersecurity, tool collection, policies, security components, safety safeguards, guidelines, uncertainties management methods, actions, training, and best practices have immense significance. Engagement with stakeholders for the establishment of national cybersecurity that recognizes the essentiality of having a proper information infrastructure is crucial (Bogdanoski et al. 2013, p. 17). The approach helps to identify the risks faced by the nation ways to prevent it from taking place. Coordination between various sectors helps to identify the areas where network and information security has weaknesses. The creation of a common National Cybersecurity Strategies would help in response to terror cyber-attacks. The NCS would provide relevant bodies with a guideline that will help in strategy development and evaluation process (Rollins, 2007, p. 16). Developing a neutral technological voluntary cybersecurity structure will promote cybersecurity practices further. Cybersecurity information sharing is another way of reducing these attacks. Employing strong protection techniques to enhance the end objective further. Understanding of repercussions that could come from infrastructure failure will make sectors to increase and promote public-private partnership. Detailed research on the various aspects will go a long way in helping the situation with cybersecurity threats (Taylor et al.2014, p. 5).
Bogdanoski, M., & Petreski, D. (2013). Cyber terrorism–global security threat. Contemporary Macedonian Defense-International Scientific Defense, Security and Peace Journal, 13(24), 59-73.
Rollins, J., & Wilson, C. (2007). Terrorist capabilities for cyberattack: Overview and Policy issues. LindenE. V.(Ed.), Focus on Terrorism, 9, 43-63.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Prentice Hall Press.