Last week, our sister think tank the Security and Defence Agenda (SDA) held an event on “Critical Infrastructure Protection in the cyber age“. Critical infrastructures include all necessary facilities a country needs to take care of its citizens, ranging from government websites and banking services, to air traffic control and the supply of energy.
As critical infrastructures become increasingly reliant on connectivity to the internet, they are at risk of becoming targets for malicious attacks, often state sponsored. As Jason Healey, Director of the Cyber Statecraft Initiative at the Atlantic Council recently stated:
What concerns us is “the internet of things” –connecting things made of steel and concrete to the internet. Because once those are connected to the internet, then a cyber-attack will not only destroy ones and zeroes, but things of steel and concrete, and when they break, people will die.
During the SDA’s event, we asked several questions to two CIP (Critical Infrastructure Protection) experts: Michael Daniel, Special Assistant to the US President and Cybersecurity Coordinator, and Sigrid Johannisse, Advisor on cyber security in the Cabinet of Neelie Kroes, European Commissioner for the Digital Agenda.
First, we asked Michael Daniel how big the threat of cyber-attacks on critical infrastructures currently is:
So the threat is real and although for the moment it is difficult for hackers or malicious actors to inflict their intended damage at the time and place of their choosing, Michael Daniel expects that this will become easier over time. We put the same question to Sigrid Johannisse, but with a specific focus on critical infrastructures in the EU:
The Network and Innovation Security (NIS) Directive requires EU member states to put in place cyber defence capabilities. In March the European Parliament voted in favour of the Directive, meaning that it will now have to be implemented at member state level. Secondly, we asked both experts where they think the threat of cyber-attacks mainly comes from: individual hackers or state-sponsored attackers? And which governments form the biggest threat?
What do YOU think? Are countries investing enough in developing their cyber defence capabilities? Will attacks on critical infrastructures replace conventional warfare in the future? And how can countries work together in protecting their critical infrastructures? Leave your thoughts and comments in the form below, and we will take them to policy-makers for their reaction!