Andrew Liaropoulos (PhD)
(RIEAS Senior Analyst, Lecturer at the Department of International & European Studies, University of Piraeus)
Greece is facing nowadays various challenges.
The government debt crisis, political instability, high unemployment rates and the need to control the illegal immigration flows, pose without doubt great security concerns to Greece.Nevertheless, there is also another national threat that is rapid, asymmetric, complicated and involves cyberspace. Cyber threats are a growing menace, spreading to all industry sectors that rely on Information and Communication Technology (ICT) systems.
In the globalized world of internet communications, cyber-conflicts cross national borders, are hard to trace and affect both civilian and military networks. Militaries, terrorist groups and even individuals, now have the capability to launch cyber-attacks, not only against military networks, but also against critical infrastructures that depend on computer networks. Over the past years, private and public communications were disrupted, banking systems were manipulated and even military communication systems were destroyed.
The lack of an international legal framework that defines the use of force in cyberspace, operational difficulties in deterring and attributing cyber-attacks, as well as the asymmetric dimension of cyber-attacks, pose without a doubt, great pressure on every facet of security. Cyber-attacks come in many different forms, and their destructive potential is limited only by the creativity and skill of the attackers behind them.
The cyber-conflict battlefield is comprised of many components that include the Internet and all things that connect from a computer to the Internet. This would include: web servers, enterprise information systems, client server systems, communication links, network equipment, and the computers in businesses and homes.
The terrain also encompasses information systems like the electrical grids, telecommunication systems, and various corporate and military robotics systems. Attacks on computer networks that involve power plants, water supply stations, communications hubs, and commercial infrastructure facilities are high on the security agenda.
To effectively sustain a coherent approach of cyber-security, a national strategy, enforceable at a national level and compatible at the international level, should exist. Network societies are vulnerable, and in common with the past, states need to adjust and meet the security needs of their citizens. Greece cannot escape this reality, but should follow the example of other countries that have reacted to the emerging threats of cyberspace.
In 2009 the UK announced its programme for cyber-security within its larger National Security Strategy (NSS) with the formation of two new bodies, the Office of Cyber-Security (OCS) of the Cabinet Office and the Cyber-Security Operations Centre (CSOC). Likewise, France declared cyber-security as one of the four key national threats and created in 2009 the Agency for National Information Security (ANSSI). A major task for this agency is to develop a legal framework regarding the control of offensive and defensive cyber means.
The Greek government, in partnership with the private sector, should form a strategic plan that has to include the following:
- Participate in the international organizations that debate the establishment of an internationally agreed ‘road map’ on the use of cyberspace.
- Cooperate with the companies that own and/or manage the critical infrastructure and ensure that key data systems are safe and resilient.
- Establish a partnership with the private sector and share information on cyber-threats.
- Organize an international summit and bring together international ‘cyber-specialists’ in order to promote the better management of cyber-risks.
- Foster a strong partnership between the intelligence service, the military and the police force, regarding cyber-security.
- Build a culture that understands the risks of cyberspace, but at the same time enable citizen to use an open and interoperable cyberspace, by promoting cyber-security skills. Increase public awareness of how individuals can protect their own data, and promote cyber-security education and training.
- Improve communication between policy-makers, IT-experts and business leaders on cyber-security issues.
- Enhance attribution capabilities by investing in new technologies, and establishing rules and standards.
- Establish an independent ‘Cyber Security Center’ that would function as a point of contact of all the above initiatives.