Due to the advancement of information and communications technologies, most modern critical infrastructure operates electronically. Malevolent forces could exploit any weaknesses or vulnerabilities in the devices and equipment that comprise these critical infrastructure systems to launch cyberattacks that adversely affect the society and its national security. For instance, cyber incidents targeting lifeline sectors-such as electricity, water supply, and transportation-may not simply lead to inconvenience and financial losses for people and businesses, they can also cause social turmoil, disruption of military operations, and human casualties or fatalities. For these reasons, most countries regard the cyber defense of critical infrastructure systems and assets as a top priority, and they are undertaking extensive efforts to enhance their critical infrastructure security and resilience (CISR) posture.
The North Atlantic Treaty Organization identifies cyberattacks against critical infrastructure as a possible instability situation, defined as a future event significant enough to reach the threshold requiring the Alliance to use military forces. As national and societal functions rely heavily on information technology, improving cybersecurity has become a significant element of member states’ efforts to enhance national CISR. Similarly, NATO has identified the important link between cybersecurity and the Alliance’sability to fulfill its core tasks. At the Warsaw Summit in 2016, NATO officially recognized cyberspace as a domain of operations in which the Alliance must “defend itself as effectively as it does in the air, on land, and at sea. “At Warsaw, the Allies also pledged to strengthen and enhance the cyber defenses of national networks and critical infrastructure as a matter of priority, highlighting that NATO as an organization is only as strong as its weakest link. NATO now serves as a venue in which Allies can consult on cyber defense issues, share information on cyber threats, exchange best practices, and coordinate activities including education, training, and exercises.
Depending on its scale and severity, a cyberattack against a NATO member state’s critical infrastructure could be regarded in the same way as an armed attack that would justify the targeted country’s right to self-defense. A destructive cyberattack also could lead Allies to invoke Article 5 of the Washington Treaty-the mutual defense clause that states an attack against one Ally is an attack against all Allies-though such a decision would be taken by the North Atlantic Council on a case-by- case basis. In response to the evolving cyber threat landscape, NATO’s stance against cyberattacks was further extended at the Brussels Summit in 2021, where Allied leaders recognized that the impact of cumulative, malicious cyber activities could amount to an armed attack. The term cumulative implies several lower-impact cyberattacks by the same adversary over time could be as destructive as a single, massive cyberattack. Regarding cyber operations against adversaries, NATO doctrine introduces a concept known as Sovereign Cyber Effects Provided Voluntarily by Allies, a mechanism that allows individual member states to support voluntarily other Allies’ offensive cyber capabilities in the case of armedconflicts, and outlines the procedures for defensive cyber operations, including self-defense and collective defense.
Although NATO is taking steps to improve its collective ability to defend against and respond to cyberattacks against Allied critical infrastructure, it should be kept in mind that individual member states form the first line of defense. Thus, enhancing cyber defense capabilities and enhancing CISR policies and procedures are the primary responsibilities of each Ally. With these objectives in mind, this chapter aims to provide an overview of the major cybersecurity issues surrounding critical infrastructure with a special focus on industrial control systems (ICS). Based on this understanding, the chapter will offer best practices and tools for critical infrastructure stakeholders, owners, and operators to protect their systems and enhance security and resilience against cyberattacks.
Views: 2
