3- Cyber Terrorism and Greek Defence Strategy

Georgios X. Protopapas

1 Introduction
In the age of globalization and Information technology the use of internet has rapidly
increased influencing the functioning of governmental and private bodies. The
individuals and communities worldwide connect and communicate through the
internet. The number of internet users increased significantly between 2000 and 2010:
from 360 million to over 2 billion people.
The cyberspace, which based on extensive computer networks, has become one of the
key elements of modern society. The information systems are particularly important for
all global cyber transactions at the international and national levels. They cover a large
spectrum of public and private activities related to the economy, banking and finance,
transport and energy, utilities, health, food supply and communications. The critical in
frastructures are an integral part of wide computer networks vulnerable to cyber attacks.
Cyber terrorism is an asymmetric threat that causes serious anxiety to states, regional
and international organizations and military alliances. The disruption or damage of
critical infrastructure is the main objective of cyber terrorists who can easily acquire
the necessary inexpensive know-how and technology. The cyber threat is shifting to the
masses and the possibilities for cyber attacks are greater than ever before.
This paper focuses on sensitive issues of cyber defence and cyber terrorism and analyses
the advantages and disadvantages based on three parameters: a) the relation between
cyber terrorism - critical infrastructure and the response of the USA and NATO to cyber
attacks, as a superpower and a powerful military alliance, respectively, b) the policies of
the European Union could be designed to avert cyber attacks and c) the cyber defence of
Greece, a medium-sized European Union member state aspiring to establish a National
Cyber Defence Authority.
The definition of cyber terrorism and critical infrastructures is of great importance
because it can help understand how they change the structures of conventional
warfare. The major powers attempt to control the complex cyber space by monitoring
programmes and methods of the advanced information technology. The USA and
NATO are facing the risk for a large-scale cyber terrorism attack that could damage

93
 !

Se c t i o n II: C y b e r T h r e a t s to C r i t ic a l I n f r a s t r u c t u r e

their critical infrastructures provoking havoc and panic. At the same time, twenty-seven
member states of the European Union m ust agree on a collective and well coordinated
cyber defence strategy. The European Commission has proposed concrete initiatives
for the fight against cyber attacks and the protection of European critical infrastruc
ture. The exercise Cyber Europe 2010 is considered a dynamic test of the European
Unions preparedness exposing useful considerations and conclusions. The Greek cyber
exercise POMASTIS 2010 is also considered a significant effort by Greek authorities.
The main objective of the exercise was to detect gaps and vulnerabilities in the cyber
space domain. The existing cyber security mechanism is vast and complex consisting of
dozens of ministries and directorates with overlapping duties and activities.
This paper focuses on the necessity for cooperation between the engaged actors,
governments and private companies at the international and national level. The faceless
enemy of cyber terrorism demands an effective cyber defence strategy.

2 Cyber Terrorism And Critical Infrastructure

Cyber attacks, networks and information cause complex problems that can extend to the
field of national security" and public policy. A large scale cyber attack could cause vital
damage to critical infrastructures of the USA and the member states of the European
Union. Cyber terrorism is an asymmetrical and dangerous threat to the national security
exposing vulnerabilities of and gaps in coordination. It can be defined as the use of
computer network tools to shut down critical national infrastructures or to coerce or
intimidate a government or civilian population (J. A. Lewis: 2002). According to James
A. Lewis the premise of cyber terrorism is that as nations and critical infrastructure
became more dependent on computer networks for their operation, new vulnerabilities
are created - a massive electronic Achilles heel. A hostile nation or group could exploit
these vulnerabilities to penetrate a poorly secured computer network and disrupt or
even shut down critical functions (J. A. Lewis: 2002).
| A successful cyber terrorism action could destroy important elements of the critical in
frastructures s control system inciting large numbers of casualties or mass disruption.
The US Minister of Defence Leon Panetta, former director of the CIA, stated to the
Senate Armed Services Committee that the next Pearl Harbor we confront could very
well be a cyber attack that cripples our power systems, our grid, our security systems, our
financial systems, our governmental systems. Its going to take both defensive measures
as well as aggressive measures to deal with that (Murline A: 2011).
Critical infrastructures can be composed of physical and information technology
nil facilities, networks, services and assets which play a vital role in the health, safety
security or economic well-being of citizens or the effective functioning of governments
(EC/COM-2004).
Critical infrastructures include a wide range of services and facilities (EU/COM-2004):
Energy (installations and networks, electrical power, oil and gas production, storage
facilities and refineries, transmission and distribution system). Communications
G e o r g io s X . P r o t o p a p a s : C y b e r T e r r o r is m and G r e e k D e f e n c e St r a t e g y

and Information Technology (telecommunications, broadcasting systems, software,

hardware and networks). Finance (e.g. banking, securities and investment). Health
care (hospitals, blood supply facilities, laboratories and pharmaceuticals, search and
rescue, emergency services). Food (safety, production means, wholesale distribution
and food industry). Water (dams, storage, treatment and networks). Transport (airports,
ports, intermodal facilities, railway and mass transit networks, traffic control systems).
Production storage and transport of dangerous goods (chemical, biological, radiological
and nuclear materials). Government (services, facilities, information networks, assets
and key national sites and monuments).
The criteria for defining critical infrastructure could be characterized by three following
factors (EC-COM-2004): a) scope - how the loss of a critical infrastructure element is
rated by the extent of the geographic area, b) magnitude - the degree of the impact or
loss can be assessed as none, minimal, moderate or major. The criteria which could be
used to assess potential magnitude are: Public impact, (economic, environmental, in
terdependency) and c) Effects of time: at what point the loss of an element could have a
serious impact.
The field of cyber security is of great importance for the global defence society. The
increasing dependency on technology has increased the vulnerability to it and inter
connectivity has exacerbated the existing security threats (Symposium CACI- USNI:
2010). According to Joseph S Nye the cyber space is a perfect example of a broader
trend. The largest powers are unlikely to be able to dominate this domain as much as
they have others like sea, air or space. While they have greater resources, they also have
greater vulnerabilities, and at this stage in the development of the technology, offense
dominates defence in cyberspace. The United States, Russia, Britain, France, and China
have greater capacity than other state and non-state actors, but it makes little sense to
speak of dominance in cyber space. If anything, dependence on complex cyber systems
for support of military and economic activities creates new vulnerabilities in large states
that can be exploited by non state actors (J. S. Nye: 2011).
The governmental and private bodies are becoming more vulnerable to cyber attacks.
The cyber space is becoming a force multiplier by combining the risk to cyberspace with
the possibility of risks through cyber space (M. Dunn Cavelty: 2011). According to this
view the protective capacity of space is obliterated and the enemy has a faceless and
remote entity and the threat becomes quasi universal because it is now everywhere (M.
Dunn Cavelty: 2011).
The protection of American critical infrastructures is an imperative priority of the USA
administration. The Department of Defence (DoD) recently released (July 2011) a report
titled Department of Defence Strategy for Operating in Cyber Space proposing five
strategic initiatives for the protection of cyber space (US DoD Defence Strategy: 2011):
- Strategic Initiative 1: Treat cyber space as an operational domain to organize, train,
and equip so that DoD can take full advantage of cyberspaces potential.
- Strategic Initiative 2: Employ new defence operating concepts to protect DoD
networks and systems.

95
S e c tio n II: C y b e r T h r e a t s to C ritic a l In fra s tru c tu re

- Strategic Initiative 3: Partner with other U.S. government departments and agencies
and the private sector to enable a whole-of-government cyber security strategy
- Strategic Initiative 4: Build robust relationships with U.S. allies and international
partners to strengthen collective cyber security.
- Strategic Initiative 5: Leverage the nations ingenuity through an exceptional cyber
workforce and rapid technological innovation.
Cyber terrorism does not exclude NATO and its critical infrastructures that are playing
an essential role in the accomplishment of peacekeeping and military operations. NATO
is not concerned only with its own cyber defence but also with the security of member
states. During the 2002 Prague Summit NATO established the NATO Computer Incident
Response Capability (NCIRC). The mission of the NCIRC was to detect and prevent
computer viruses and intrusions into computers systems of the Atlantic Alliance. In
January 2008, the decision-makers approved the formation NATO Cyber Defence
Policy and as a result two bodies were created (J. McGee: 2011): a) The Cooperation
Cyber Defence Center of Excellence (CCDCoE), based in Tallinn, Estonia. The mission
of CCDCoE is to provide cyber doctrine and concepts, training workshops, research,
insight on previous incidents, and advice concerning current attacks, b) The Cyber
Defence Management Authority (CDMA), responsible for initiating and coordinating
responses to cyber attacks against allied member states and NATO itself. It is considered
an important step in NATO Cyber Defence because it helps member states improve their
own cyber security.
Broadly speaking, the cyber security should become the front line against cybers attack
and the national government could offer the resources required for the establishment
of a powerful cyber defence strategy. The USA, NATO and the European Union have
accepted that their critical infrastructures are vulnerable to large scale cyber attacks.

3 European Cyber Strategy: Practice and Priorities

The cyber defence is considered to be one of most important priorities for European
Unions policy in the years to come. Europe is using an advanced internet network and
millions of citizens have daily access to online activities. The governmental and private
agencies make use of the multiplied applications of internet. However the cyberspace
appears to be vulnerable and Estonias case proved that the security gap exists when
cyber raiders hit the tiny Baltic state on May 2007. After the attack, the websites of the
government, political parties, media and business communities were temporarily shut
down.
The. European Union has adopted policies for the protection of the internet. Cyber
security is a essential for the safeguarding of computer networks and critical infra
structures. The cyber security also involves a piece of information that can prevent the
penetration and malicious damage or disruption (J.A Lewis: 2006).
The five strategic objectives for internal security of the European Union entail the
protection of cyberspace from hackers and cyber terrorists. The European Union Internal
 G e o r g io s X . P r o t q p a p a s : C y b e r T e r r o r is m and G r e e k D e f e n c e St r a t e g y

f :. '
I. . I if
!if

Security Strategy in Action has already proposed steps for collective cooperation in the
next three years in order to fight and prevent the cybercrime (EC -COM2010). The
Objective 3 with title Raise levels of security for citizens and businesses in cyberspace
recognizes the security IT networks as a fundamental factor for the well-functioning of
the information society and recommends the three following actions (EC-COM2010):
Build law enforcement and judiciary capacities: By 2013, the EU will create a cybercrime
centre through which member states and EU institutions will have an opportunity
to acquire operational and analytical capacity for conducting investigations and for
cooperation with international partners. The aim of the cybercrime centre will be the
improvement of evaluation and monitoring of the existing prevention and investigation
measures. At the national level, the police, judges, prosecutors and forensic investigators
of the member states should follow common standards in investigating and prosecuting
cybercrime offences. In cooperation with Eurojust, CEPOL and Europol, the member
States must develop their national cybercrime awareness and training capacities in order
to establish centres of excellence at the national level or in a partnership with other
member states.
- Work with the industry to empower and protect citizens: All member states should
encourage the reporting of cybercrime incidents by their citizens. The evaluation
of certain information is considered an initial vital element for a cybercrime
/ alert
platform. The member states should ensure that their citizens will have direct access
to the guidance on cyber threats and the basic precautions that need to be taken.
In 2013, the European Commission plans to establish a real-time control pool of
shared resources and best practices among the member states and the industry.
The European Public-Private Partnership for Resilience (EP3R) should play a
leading role in ensuring an increased cooperation between the public and private
sector. Moreover EP3R should cultivate interactions with international partners to
strengthen the global risk management of IT networks.
- Improve capability for dealing with cyber attacks. The strategy of prevention,
detection and direct response to cyber attacks could be accomplished by means of
the following policies: a) every member state and EU institutions should establish
a well-functioning CERT (Computer Emergency Response Team) by 2012, b)
member states should establish a network with their/national governmental CETRs
in order to increase Europes preparedness and c) member states in cooperation
with ENISA should implement national the contingency plans and carry out regular
national and European exercises for incident response and disaster recovery.
The European Unions preparedness for and response to a large-scale cyber attack was
tested during the Cyber Europe 2010 exercise which was carried out under the aegis
of the European Network and Information Security Agency (ENISA). According to
the Cyber Europe 2010 Evaluation Report the exercise was a first key step towards the
strengthening of the Europes cyber defen ce and was of vital importance for the common
goal to combat potential online threats to essential infrastructure, so ensuring that
businesses and citizens feel safe and secure online (Cyber - Europe 2010- Evaluation
Report 2011). The central control - the Exercise Control (EXCON), based in Athens,

97
Se c t io n : C y b e r T h r e a t s to C r i t i c a l In f r a s t r u c t u r e

gave direction and guidance to the participants. Based on the findings of the exercise it
can be concluded that the cyber test was useful for the member states and their public
bodies (Cyber Europe 2010- Evaluation Report 2011). The executive director of the
ENISA, Dr. Udo Helmbrecht, stated that the Cyber Europe 2010 exercise was the first
successful cyber stress test for Europe. It fully m et its objectives to test Europes readiness
to face online threats to essential critical infrastructure used by citizens, governments
and businesses. We will work closely with member states to identify and implement the
lessons learnt from this exercise. We also encourage member states to continue their
efforts in the area of exercises, both at national and pan European levels. ENISA will
strongly support their efforts (Cyber Europe - Interim Finding: 2010). The purpose of
the Cyber Europe 2010 exercise was to help the member states of the European Union to
restore their communication using alternative connections. The exercise was considered
very successful as member states managed to restore the communication networks earlier
than the time provided the scenario. The member states managed to communicate about
a wide variety of issues and they showed that harmonization could lead to a more secure
and well-organized communication among the member states (Cyber Europe - Interim
Finding: 2010).
The quick and collective response and the detection of cyber attacks traces would
enhance the effectiveness of the cyber defence strategy. Computer Emergency Response
Teams (CERTs) and Computer Security Incident Response Teams could develop and
cooperate at the international level and not only at the national level (A. Guinchard:
2011). Moreover, according to Audrey Guinchard technical detection will have to
be combined with adequate legal reporting. W hen it comes to cyber crime, reliable
reporting mechanisms are not always available (A. Guinchard: 2011).
However it is of great importance to underline the absence of the private sector from
Cyber Europe 2010. The threat of cyber attack comprises the public and private sectors
which should face the cyber terrorism with a coordinated strategy. Future exercises should
include the private sector so the cyber attack scenario would resemble the real situation
more (Cyber - Europe 2010- Evaluation Report 2011). In mid 2011 a series of cyber
intrusion have been reported in corporations such as Citibank, Sony, Google, Lockheed
Martin and Northrop Grumman. The cyber threat landscape has a wide spectrum of
users and receivers who cover public and private bodies. The ability to pose a cyber threat
is shifting to the masses as more people have managed to have access to inexpensive
technology and the internet. Persons with a very basic knowledge of computer could buy
hacking tools and manuals online. Furthermore markets which specialize in stolen credit
cards, personal data or identities are easily accessed (V. Sarkisian: 2011).

4 Greek Cyber Defence: Problems and Prospects

The case of cyber defence in Greece started in 1999 when the m inister of National
Defence decided to establish an Office for War Information which was placed in
Hellenic National Defence Staff. The fist cyber solders were experts in information
technology. Since then many officers and military staff have been trained and
G e o r g io s X . P r o t o p a p a s : C y b e r T e r r o r is m and G r e e k D e f e n c e St r a t e g y

managed to create a specialized force. We could assume that after eleven years the
field of cyber defence has been developed and dozens of ministries have been tasked
with the security of computer systems raising legitimate questions for the level of
responsiveness and harm onization in the event of large-scale cyber attacks (E,
Stavrakakis: 2011).
In July 2011, a team of hackers named Real Democracy Reverse Engineering attacked
the website of the Greek Parliament. O ther major targets of attacks were the M inistry
of National Defence and other Greek ministries. The Cyber Crime Unit considered
the appearance of a group with the code name Anonymous which heralded a series
of attacks on the websites of different public bodies to be a significant threat. The
vast public cyber security umbrella which is responsible for the prevention of cyber
attacks includes the following agencies:
Hellenic National Defence General Staff: Directorate of Information/School of
Information Systems Security, D epartm ent of Comm unications/Departm ent for
the Security of Communications, D epartm ent of Comm unications/Department of
Inform ation Warfare, Directorate of Cyber Defence. The Hellenic National Defence
General Staff is a national security authority responsible for issuing national security
regulations in cooperation with the National Intelligence Service. The plan addresses
the security of classified, sensitive national information and applies to all public
bodies and agencies. The D epartm ent for Security of Information Systems serves
as a security' coordination centre for incident responses while the Departm ent for
Communications Security serves as a technical adviser of the National Certification
Authority for Security.
1. National Intelligence Service (NIS): It is characterized as the Authority of
International Security (INFOSEC) and it ensures the security of national
communications and inform ation technology systems. Moreover the NIS is
responsible for the certification of classified material of national communica
tions. It was designated as the National Authority for the Protection of Cyber
Attacks and prevents cyber attacks against communication networks, storage
facilities and information systems.
2. National Computer Emergency Response Team: In accordance with the
decisions of the Governmental Council for Foreign Policy and National Defence,
the National Computer Emergency Response Team coordinates the activities
of intelligence services related to the collection and disposal of information. It
cooperates with the D epartm ent of Military Intelligence and intelligence staffs
supervised by it. Moreover the National Computer Emergency Response Team
collaborates with the Departm ent of Military Intelligence on the issue of drafting
regulations, certification systems, prevention and treatm ent of cyber attacks.
3. Hellenic Police: The Forensic Division provides technical support to law
enforcement authorities, while the Cyber Crime Unit is responsible for inter
rogations and investigations.
4. General Secretariat of Communications of the M inistry of Infrastructure,
Transport and Networks: It collaborates with the Directorate of Banking
S e c t io n II: C y b e r T h r e a t s to C r it ic a l I n f r a s t r u c t u r e

Supervision. It operates as the Authority of Telecommunications and shapes the

national security strategy materialising the implementation of the security of
public networks and cyber communications.
5. Bank of Greece: The Directorate of Banking Supervision adopts specific
principles, safety regulations and supervises their implementation and the
evaluation of internal control systems.
6. Directorate of Policy Planning at the Emergencies Department: It is a directorate
of the M inistry Of Justice, Transparency and Human Rights. Its main task is to
prepare the agencies for a smooth transition from peace to war.
7. General Secretariat for Public A dm inistration and E-Governance. It operates
as a Greek Authority of Certification and is responsible for the availability
of inform ation in the public adm inistration. It sets the framework for E-
Governance services.
8. General Secretariat for Inform ation Systems of the M inistry of Finance: The
Office of Information Systems Security and Data Protection and Infrastructure
is responsible for drafting the standards for plans, development and operation of
the inform ation system security and quality control.
9. The European Union presented the Greek authorities the need to adopt special
measures which could effectively protect vulnerable infrastructures. The main
disadvantage is considered to be the absence of the spirit of cooperation and
coordination. A research report concluded that (Coordinated supervision and
management of security and privacy in Greece: 2010): a) the cooperation of
various entities is not institutionalized by regulations, the communication is
based on a voluntary and ad hoc level and there is not systematic and structured
cooperation. The lack of defined channels of communication have a negative
influence on the interaction among various departments and agencies; b) col
laborative activities between the actors are not structured; c) there is not a single
regulatory framework to facilitate the coordinated cooperation of bodies; d)
the participation of numerous directorates and agencies causes insufficiency in
the coordination of control mechanisms between institutions and discourages
E-Governance and entrepreneurship in Greece.
According to the director of the Cyber Crime Unit M. Sfakianakis 52% of households
are already online, 92% of internet users are young people, however only 3 million
Greeks use Facebook on a daily base. The average daily use of the internet is 2.5
hours. Knowing that social networking attracts cyber criminals, these numbers
cause concern (Quoted in E. Stavrakakis: 2011). The establishment of a national
cyberdefence unit could augment the percentages of successful cyber defence
strategies and close the coordination gap between different agencies.
The threat of a sizeable cyber attack against the critical infrastructure is a scenario
which is examined in depth by the cyber defence authorities. As a consequence
the Hellenic National Defence General Staff organized a cyber defence exercise
PANOPTIS 2010 which took place between 18 and 20 March 2010. The main

100
G e o r g io s X . P r o t o p a p a s : C y b e r T e r r o r is m and G r e e k D e f e n c e St r a t e g y

objective of the exercise was to train participants in their response against aggressive
cyber operations which could threaten the Greek national defence. The exercise was
coordinated by the Hellenic National Defence General Staff and based on its experience
and successful participation of Greece in a similar NATO exercise (NCDEX-09). It
m ust be stressed that the participants were not familiar with the scenarios and that
the cyber attacks took place in real time (PANOPTIS: 2010). Dimitris Critzalis,
professor at the D epartm ent of Informatics at the Athens University of Economics
& Business argued that the purpose of the exercise had two essential aims: Firstly,
the establishment of cooperation among operators and specialists, secondly, the
systematic record and the study of the level of perception, knowledge and response
against cyber attacks (D.Gritzalis: 2010). The scenario of the exercise included a wide
range of targets throughout the country. The attacks were scalable, simultaneous,
mass, coordinated, repeating and directed. To make the exercise more authentic the
aims included informational and physical infrastructures. The scenario envisaged by
the existing geopolitical situation and the possibility of provocative actions against
Greece which could cause a warm episode or even a conflict with a neighbouring state
(PANOPTIS 2010).
Most of the planned attacks were successfully countered. This is a positive outcome,
since the exercise was carried out in Greece for the first time. However a number
of attacks were handled with a relatively low efficiency. However, the participants
managed to make useful conclusions that will help them adopt necessary measures in
the near future (D.Gritzalis: 2010).
The decision makers of national defence have realized that the enemy will exploit the
increased power of inform ation technology to cause extensive damage to political,
m ilitary and industrial infrastructure of the state. In January 2011, the former minister
of National Defence, E. Venizelos, requested the Directorate of Cyber Defence of the
Hellenic National Defence General Staff to prepare a report which would outline
the precondition for the foundation of the National Authority Cyber Defence. That
decision of the former m inister of Defence E. Venizelos could change the existing in
frastructure of the cyber defence policy creating an efficient and quick response of the
cyber defence unit.
The materialization of the National Authority Cyber Defence demands rapid changes
in a states legal framework. The am endm ent of the existing legal framework which
is in apparent discrepancy with the reality should be the first step. A second decision
could include the improvement of the Directorate of Cyber Defence of the Hellenic
National Defence General Staff based on the NATO member states standards. The
necessary funding for the upgrade is estimated to 2-3 million euro, a relatively small
am ount of money (M.Iliadis: 2010). Tne third and the most essential factor is for the
authorities to understand that the foundation of the National Cyber Defence Authority
requires a complex approach and cooperation with Directorate of Cyber Defence of
the Hellenic National Defence General Staff - the only experienced actor - and several
other agencies and universities, which can contribute both at the theoretical and
research levels (M.Iliadis: 2010).

101
S e c t io n II: C y b e r T h r e a t s to C r i t ic a l I n f r a s t r u c t u r e

5 Conclusion
The threat of cyber attacks requires that states and corporations, in a world that depends
on the internet more than ever, devote more resources to cyber security. Critical infra
structures are main targets of cyber terrorism which wants to disrupt or destroy physical
and information technology facilities, networks, services and assets.
The key element for a successful and effective cyber defence strategy is the cooperation,
coordination and quick response of public institutions and the private sector. The
systematic cooperation could manage to create a scientifically superior multi-disciplin
ary team that could cope with large-scale cyber attacks against the critical infrastructures
of states. The easy access to internet, the use of billion computers and the vast network
prevent a strict control of the state authorities on the internet.
Potential large scale cyber attacks have incited fear in the USA administration and the de
cision-makers of the Department of Defence who have issued a counter cyber strategy in
order to avoid the next Pearl Harbor. Although the USA as superpower has the expertise
and the technology to counter a large-scale cyber terrorism attack, it is uncertain if the
state authorities could prevent the disruption of or damage to their critical infrastruc
tures. The enemy is not a conventional enemy but a faceless and remote entity.
On the other hand, the European Union has adopted policies for the protection of
the internet. However, only the development of collective cyber defence could protect
computer networks and critical infrastructures of member states. The European Union
Internal Security Strategy in Action proposes five steps for close cooperation which
could be achieved by the member states in the near future.
Greece, a member state of the European Union, is in the process of adopting a cyber
defence strategy with the intention to protect its critical infrastructures. The level of re
sponsiveness and harmonization of numerous directorates in the event of large-scale
cyber attacks remains questionable. The foundation of a National Authority Cyber
Defence with extensive control over the cyber defence agencies seems to be the most
effective solution.
The asymmetrical threats of the 21st century, such as cyber terrorism demands a collective
and well coordinated cooperation between the USA, the European Union, NATO and the
United Nations. Only the harmonization of their capacities and strategies could prevent
large scale cyber terrorism attacks. Global digital security in the 21st century could be
examined by the following perceptions (Oliver Rolofs: 2011): a) cyber defence threats
differ greatly from the existing national security logic, because the conventional response
strategy reached its limits in this field. The lack of clarity concerning the attackers and
their motives are considered to be vital problem which limiting the response capabilities
of cyber defence; b) cyber vulnerability of m odern societies is considered to be a global
challenge which requires transnational solutions. The first step could be the establish
ment of legal and institutional instruments for international dialogue based on norms of
behaviour and confidence-building measures; c) an acceptable cyber security standard
could be achieved by close coordination and international cooperation between
countries, societies and the global economy.

-102 j
1/
G e o r g io s X . P r o t o p a p a s : C y b e r T e r r o r is m and G r e e k D e f e n c e St r a t e g y

References
1. Cyber Europe 2010- Evaluation Report, 2011 ( http://wnw.enisa.europa.eu/act/res/
cyber-europe-2010/cyber-europe-2010-report) (Retrieved 5/8/11)
2. Cyber Europe - Interim findings 2010 http://www.continuitycentral.com/news05473.
html (Retrieved 5/8/11)
3. Dunn Cavelty Myriam (2011), Cyberwar: A More Realistic Threat Assessment,
International Relations and Security Network (ISN), http://www.isn.ethz.ch/isn/
Current-Affairs/ISN Insights/Detail?lng=en&id=129766&contextid734=129766&contex
tid735=129764&tabid=129764 (Retrieved 5/8/11)
4. European Commission, Communication from the Commission to the Council and
the European Parliament, with title Critical Infrastructure Protection in the fight
against terrorism, Brussels, 20.10.2004, COM(2004) 702 final http://eur-lex.europa.eu/
LexUriServ/LexUriServ.do?uri=COM:2004:0702:FIN:EN:PDF, (Retrieved 6/8/11)
5. European Commission, Communication from the commission to the European
Parliament and the Council, with the title The EU Internal Security Strategy in Action:
Five steps towards a more secure Europe, Brussels 22.11.2010 (COM (2010) 673 final,
(http://ec.europa.eu/commission_20102014/malmstrom/archive/internal_security_
strategy_in_action_en.pdf) (Retrieved 6/8/11)
6. Gritzalis Dimitris (31/July 2010) Interview in Strategy Reports, http://www.
strategvreport.gr/?p=2716 (Retrieved 6/8/11)
7. Guinchard Audrey (2011), Between Hype and Understatement: Reassessing Cyber
Risks as a Security Strategy, Journal of Strategic Security, Volume IV Issue 2 2011, p.79
8. Iliadis Manos (15/1/2010), In Front of National Authority Cyber Defence, Greek
newspaper Investors World, p.30
9. Lewis James A (2002), Assessing the Risks of Cyber Terrorism, Cyber War and Other
Cyber Threats, Strategic and International Studies, http://csis.org/files/media/csis/
pubs/02110l_risks_of_cyberterror.pdf (Retrieved 5/8/11)
10. Lewis James A (2006), Cybersecurity and Critical Infrastructure Protection, Center
for Strategic and International Studies, http://directory.cip.management.dal.ca/
publications/Cybersecurity%20and%20Critical%20Infrastructure%20Protection.pdf
(Retrieved 5/8/11)
11. McGee Joshua (2011), NATO and Cyber Defense: A Brief Overview and Recent Events,
Center for Strategic and International Studies http://csis.org/blog/nato-and-cyber-
defense-brief-overview-and-recent-events (Retrieved 6/8/11)
12. Mulrine Anna (June 9, 2011), CIA chief Leon Panetta: The next Pearl Harbor could be
a cyberattack, international newspaper The Christian Science Monitor, http://www.
csmonitor.com/USA/Military/2011/0609/CIA-chief-Leon-Panetta-The-next-Pearl-
Harbor-could-be-a-cyberattack (Retrieved 5/8/11)
13. Nye Joseph S. (30 May 2011), Cyber Security and National Security, New Europe http://
neurope.eu/cybersecurity2011/?p=73 (Retrieved 5 /8/11)
14. PANOPTIS Cyber Exercise 2010, Greek Journal of Military Balance and Geopolitics,
No.4, June 2010, p.12

103
S e c tio n II: C y b e r T h r e a t s t o C r i t i c a l I n f r a s t r u c t u r e

15. Report: Coordinated supervision and management of security and privacy in Greece,
October 2010, http://athina.cs.unipi.gr/imerida/index.php (Retrieved 6/8/11)
16. Rolofs Oliver, Towards a new digital security culture , New Europe Special Edition
for Cyber Security, 30 May 2011, http://neurope.eu/cybersecurity2011/?p=51 (Retrieved
4/8/11)
17. Sarkisian Vartan (30 May 2011),, The Cyber-Jungle, newspaper New Europe, (http://
neurope.eu/cybersecurity2011/?p=81)
18. Stavrakakis Emmanuel (16-17 July 11), Alert in Cyber Crime Unit, Greek newspaper
Investors World, p.4
19. Symposium of CACI International Inc (CACI) and the U.S. Naval Institute (USNI)
Cyber Threats to National Security, Symposium One: Countering Challenges to the
Global Supply Chain, March, 2010, http://asymmetricthreat.net/docs/asymmetric_
threat_4_paper.pdf (Retrieved 6/8/11)
20. USA Department of Defense, Department of Defense Strategy for Operating in Cyber
Space, July 2011, http://www.defense.gov/news/d20110714cyber.pdf (Retrieved 5/8/11)

104