Critical Infrastructures, Non-state Armed Actors and the Aramco Attack
With respect to the concept and definition of the very term “critical infrastructure”, several different definitions and components of critical infrastructures can be found in official documents and statements while many common features and characteristics can also be found. For instance, the UN Security Council, in 2017, adopted the resolution 2341, titled Protection of Critical Infrastructures and Enhancement of States’ Capacities to Prevent Attacks against Critical Infrastructures, focusing on the threat of terrorist attacks against national and international critical infrastructures and urges the Member States to take necessary measures to prevent such terrorist attacks. In the UN OCT and UN CTED joint report, the critical infrastructures, as the Chair of CTITF Working Group on “Protection of Critical Infrastructure including Vulnerable Targets, Internet and Tourism Security”, INTERPOL refers to the very concept of “critical infrastructure” as the “life support system of our everyday existence, and make no distinction between cyber and physical critical infrastructures.
In accordance with the UNSC Resolution 2341, preparedness for such attacks includes “prevention, protection, mitigation, response and recovery” “with an emphasis on promoting security and resilience of critical structure” and protective measures include “public information and warning, operational coordination, intelligence and information sharing, interdiction and disruption, screening and risk management so on and so forth.iiWater infrastructures, transportation infrastructure and energy infrastructure is among the ones referred to the UNOCT, UN CTED and INTERPOL joint report and several examples such as the Brussels attack of ISIS to airport and underground, Al-Qaida attacks on oil facilities and personnel in Algeria, Iraq, Kuwait, Pakistan, Saudi Arabia and Yemen, and ISIS’ around 20 major attacks in Syria and Iraq only between 2013 and 2015 on water infrastructure are also mentioned.iii In terms of the cyber environment, manipulation of systems and data, shutting down crucial systems and limiting access to crucial systems or information via cyber-attacksiv are also a key aspect of the threat against critical infrastructures which would have serious impact on banking systems, information sharing, satellite systems and more.