Naslov
Beyond Physical Threats: Cyber-attacks on Critical Infrastructure as a Challenge of Changing Security Environment – Overview of Cyber-security legislation and implementation in SEE Countries

Autori
Cesarec, Ivana

Izvornik
Annals of disaster risk sciences (2584-4873) 3 (2020), 1; 8, 13

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, prikaz, stručni

Ključne riječi
Cybersecurity, Legislation, SEE countries, NIS directive, CIP

Sažetak
States, organizations and individuals are becoming targets of both individual and state- sponsored cyber-attacks, by those who recognize the impact of disrupting security systems and effect to people and governments. Wide range of critical infrastructure sectors are reliant on industrial control systems for monitoring processes and controlling physical devices and for that reason, physical connected devices that support industrial processes are becoming more vulnerable. Not all critical infrastructure operators in all sectors are adequately prepared to manage protection (and raise resilience) effectively across both cyber and physical environments. Additionally there are few challenges in implementation of protection measures, such as lack of collaboration between private and public sector and low levels of awareness on existence of national key legislation. From supranational aspect, in relation to this papers topic, the European Union has took first concrete step in defense to cyber threats in 2016 with „Directive on security of network and information systems“ (NIS Directive) by prescribing Member States to adopt more rigid cyber- security standards. The aim of directive is to improve the deterrent and increase the EU’s defenses and reactions to cyber attacks by expanding the cyber security capacity, increasing collaboration at an EU level and introducing measures to prevent risk and handle cyber incidents. Yet, not all Member States share the same capacities for achieving the highest level of cyber-security. They need to continuously work on enhancing the capability of defense against cyber threats as increased risk to state institutions information and communication systems but also the critical infrastructure objects. In Southeast Europe there are few additional challenges – some countries even don't have designated critical infrastructures and they are only perceived through physical prism ; non- EU countries are not obligated to follow requirements of European Union and its legislation, and there are interdependencies and transboundary cross- sector effects that needs to be taken in consideration. Critical infrastructure Protection is the primary area of action, and for some of SEE countries (like the Republic of Croatia) the implementation of cyber security provisions just complements comprehensive activities which are focused on physical protection. This paper will analyze few segments of how SEE countries cope with new security challenges and on which level are they prepared for cyber-attacks and threats: 1. Which security mechanisms they use ; 2. The existing legislation (Acts, Strategies, Plan of Action, etc.) related to cyber threats in correlation with strategic critical infrastructure protection documents. Analysis will have two perspectives: from EU member states and from non-EU member states point of view. The aim of research is to have an overall picture of efforts in region regarding cyber- security as possibility for improvement thorough cooperation, organizational measures, etc. providing also some recommendations to reduce the gap in the level of cybersecurity development with other regions of EU.

Izvorni jezik
Engleski

Znanstvena područja
Informacijske i komunikacijske znanosti, Sigurnosne i obrambene znanosti, Interdisciplinarne društvene znanosti

POVEZANOST RADA