Greetings from Col. Attila Ferenc Varga, PhD.
Head of department of the MOD Department of Defense Administration, Hungary
3rd International Conference on Central European Critical Infrastructure Protection
“Kinetic and cyber tools in the critical infrastructure protection”
Dear Professors, fellow Researchers, Participants and Guests,
I respectfully welcome you at the International Conference on Central European Critical Infrastructure Protection, being either on the spot, or following this event by video-teleconference.
It is my great honour to greet you on behalf of the Hungarian Ministry of Defence, which, within its competence and capacity, also plays an important role in critical infrastructure protection.
Contemporary societies can be examined as complex systems, in which individual systems and their subsystems are interdependent and in close interaction. A possible change in any system can have a potential effect on the other systems that may cause a chain reaction. It also means that if a malfunction of a system occurs – would it be caused intentionally, accidentally, or due to omission -, it can generate a series of harmful effects on the systems’ systems. As a result of all these, indispensable components of the system insuring critical social tasks may become totally or partially inoperable, and therefore, preventive and increased protection of them is necessary in order to guarantee their operational safety and continuity. The totality of these planning, coordinating and defending tasks can be called critical infrastructure protection.
The national legal background of the critical infrastructure protection in Hungary, which is based on a European Union’s directive, was created in 2012. Since then, the detection and designation of critical infrastructure systems and their components, as well as the creation of their full protection, and also to guarantee their operational safety have become possible.
We have to pay attention not only to the adaptation of the EU’s rules, but to other obligations originated from our NATO membership, as well. It can be realised that due to the spread of hybrid warfare in our modern age, non-conventional and non-military tools are increasingly emphasised, compared to conventional military tools, and military objectives can easily be reached by the combination of these non-conventional and non-military tools, because of the interconnection and interdependency of the systems. By using unlimited warfare tools, the politics, the economy, the healthcare system, the culture and the cyber space may also become the scene of the fight.
It means that, in order to counter possible sources of conflicts, threats and attacks, the combination of military and non-military tools, the capacity of the governmental and civil organizations and other forms of „national power” must be used. To prepare ourselves for the future conflicts, the physical and cyber protection of the system components must be enhanced, and we must increase their resilience, as complete as possible, against any attacks.
At this point, it is important to clarify what we exactly mean under hybrid threat, and what does hybrid warfare mean, since critical infrastructures are highly endangered by non-conventional attacks carried out by hybrid threat’s perpetrators.
From defence administration point of view, we can declare that hybrid threat is, although not new, but quite complex, highly coordinated or even synchronized application of different civil and military capabilities, forces, tools, procedures and techniques, in order to reach a precisely determined goal. I believe that hybrid warfare can be efficient because tools are extremely widespread and threats or even attacks seem to be coming from separate locations and direction, however, these threats or attacks are carried out in a planned, synchronised and focused manner. This is the way, how hybrid threats or attacks can cause unusual, novel, challenging situation for the attacked opponent, although those methods have already been applied also in earlier times.
We must realize a general tendency that critical infrastructures have become primary potential targets that can be attacked by armed and non-armed (for example cyber) tools and methods during hybrid warfare. Both NATO and EU believe that the most effective method against hybrid warfare is strengthening of national resilience. Resilience is the ability of a society to protect itself by a combined application of civil and military efforts against any negative impacts on its security, and also to be able to restore the operability of the systems and subsystems in a very short time.
According to the Allies’ opinion, creating, maintaining and strengthening of the resilience is one of the central pillars of the collective defence, however, it is first and foremost a national responsibility. This national responsibility was also emphasized consistently in NATO doctrines and in other related documents declaring that increased resilience of member states can decrease the vulnerability of NATO, as a whole, and coordination of these member states’ activities at allied level is essential.
Examining several parts of strengthening national resilience, we can experience that there is a significant coincidence between protection of critical infrastructure and the tasks of maintaining national resilience. Both of them have the objective to ensure and strengthen the operational safety, the operational continuity and the resilience of the critical infrastructures of a country (for example transport, energy, healthcare, info-communication infrastructures). In general, the difference between them is that critical infrastructure protection is based on sectors and aiming to strengthen the protection across a special sector’s logic and professional background, on the other hand, national resilience can rather be interpreted in a “whole-of-nation” context and appears to be a cross-sectoral strategy.
Also, the National Security Strategy of Hungary mentions hybrid threats as extremely important security risks and declares that the response must be coordinated and based on the close cooperation of the national bodies. Although reaching the national resilience is estimated latest by 2030 by the National Security Strategy, the Government has already decided on the development of a “whole-of-government” approach in defence administration as the first step towards an overarching national resilience.
The experiences of COVID-19 pandemic confirmed that critical infrastructure protection has a significant importance in any major crises, even in the most different ones. Moreover, this task has appeared in a way that not only the operational capability and continuity of vital infrastructures has to be ensured in a coordinated manner, but in total, the operational capability of the whole country. We could see, how a primarily healthcare threat has become a severe economic problem and then a social problem all over the world. This process has also proved the interconnection and interdependency of different sectors.
So, one of the biggest questions in front of us is: how can we make critical infrastructure protection more effective? What kind of measures we have to take in order to promote operational capability?
In my opinion, from an effective defence point of view, it is essential to improve detecting and surveillance capability to explore possible threats. Second, critical infrastructure operators have to be made interested in investing into their own systems, procedures and manpower, in order to be equal partners of governmental agencies and authorities. And thirdly, we must continuously train ourselves to be prepared for taking appropriate and effective actions countering possible attacks threatening our critical infrastructure.
This conference is an excellent event to discuss all these issues, to promote better understanding and cooperation in this very important subject.
With all these in mind, I wish you fruitful discussions, effective work and useful experiences during the conference.
Thank you for your attention.