A month ago, I wrote a column in which I highlighted the significant increase in the scale and severity of malicious cyberattacks globally from criminals, hackers and foreign intelligence services. I said that the threats to cyber security were organised and transnational with no respect for geographical borders.

In my article, I implied that Malta should establish a national cyber security centre to deal with this burgeoning threat, inadvertently having missed the news that, in line with EU council directives on the protection of critical infrastructure assets and on the protection of network and information systems applicable to all EU member states, Malta had already set up the “Malta Critical Infrastructure Protection Directorate” (CIP Directorate) to do precisely this.

I apologise to my readers for having misled them. Such is the importance of this issue that I have no hesitation in returning to the subject this week – if only to set the record straight.

The CIP Directorate forms an essential part of the Ministry for Home Affairs and National Security. It has wide-ranging and important responsibilities for general emergency preparedness, management and coordination to respond effectively to national emergencies, including cyber threats.  

This entails the CIP Directorate ensuring that Malta’s inventory of critical assets affecting national critical infrastructure and critical information assets are maintained up to date and, moreover, that the public and private operators of these vital assets prepare adequately for any cyberattack that may arise by conducting regular risk assessments of the threat, drawing up and maintaining their currency and regularly exercising their “Operator Security Plans”.

Through its cyber monitoring arm, “CSIRTMalta”, Malta’s National Computer Security Incident Response Team, the CIP Directorate actively encourages the operators of essential services to report any incidents having a significant impact on the continuity of their operations to ensure experiences are shared and timely remedial action is taken.

To be effective, the CIP Directorate has gathered under its aegis a broad spectrum of operators responsible for critical infrastructure protection (such as the energy, telecommunications and technology, health, water, food, government, transport, emergency services and finance and industry sectors in both the public and private fields), as well as the national emergency services.

While not all the critical infrastructure sectors carry the same weight, any one of them contains critical as well as information assets the loss or compromise of which would inevitably have a major impact on the integrity of other essential services supporting Malta’s security, economic stability and citizens’ well-being. 

This directly involves the Malta CIP Directorate pooling information with public sector entities and private companies, which daily face vulnerability to cyberattacks

A Risk Management division within the CIP Directorate is responsible for ensuring the integration of risk management awareness not only within the government but, perhaps more importantly, among private critical industry and commercial entities.

This is a continuing and unending process. A good example of this was Malta’s participation five months ago in “Cyber Europe 2018”, an international cybersecurity exercise involving 900 cybersecurity specialists consisting of communications experts, local planners, monitors and players from 30 European countries.

Fifty Maltese cybersecurity and media professionals from eleven organisations participated in the exercise, which was coordinated by the CIP Directorate in collaboration with the European Union’s Agency for Network and Information Security (ENISA), the EU Cyber Security Agency and the participation of other EU member states’ entities responsible for monitoring cyberspace in their regions.        

The exercise simulated the launch of cyber and hybrid attacks on the aviation sector within EU member states (including Malta), disrupting their systems and flight operations. The exercise setting was of a normal day at Europe’s international airports when suddenly all their digital systems begin progressively to collapse. All flights are shown as cancelled on the airport monitors and more than half of flights remain grounded.

A radical group has reportedly taken control of the airport’s critical systems by means of a cyber and hybrid attack. The group has claimed responsibility for the attack and are using their propaganda channels to spread a call for action and to attract people to adopt their ideology.

Although “Cyber Europe 2018” was only a simulation exercise, it illustrated well the changing nature of warfare and the need for civilians, public bodies and private companies to be as vigilant as the military in being able to combat it. Releasing computer viruses does not risk the lives of soldiers or civilians. It requires no expensive military hardware. For the most part, the attacks are carried out by a variety of hacking units, using today’s revolution in electronics and computing to disrupt and sow discord in the cyber jungle which all advanced economies inhabit.

The exercise could as well have focussed on the power station and electricity grid or Mater Dei hospital. We have open markets and an open society. Our major infrastructure assets are government-owned: water, electricity utilities and hospitals. In the private sector, our banks, the international airport, financial services and major companies in strategic sectors are all vulnerable to the kind of disruptive hack played out in exercise “Cyber Europe 2018”. Malta is not immune and this is what the planners in the Malta CIP Directorate are there to help prevent.

The silver lining is that the European Union, including Malta, has the capacity to defend itself against these vicious threats. What we need – and the CIP Directorate is planning to provide – is modern deterrence through building resilience against cyberattack, amongothers. This means government and private sector entities being aware of the threats they face and their own vulnerabilities.

It also means the government bolstering defences in our critical national infrastructure against cyberattack by strengthening its capability to detect and defeat attacks in cyberspace. Deterrence through resilience will enable us to face adversaries with the knowledge that they cannot bring us to our knees. Knowing our strengthened resilience, any potential adversaries will be less inclined to attack or threaten us, and if they do Malta will be prepared.

All EU countries face similar challenges. Dealing with these new security dangers requires new thinking and intensified cross-border cooperation. Malta has the manpower expertise and the technological hardware to develop a plan for deterrence against crippling cyberwarfare attacks. This directly involves the Malta CIP Directorate pooling information with public sector entities and private companies, which daily face vulnerability to cyberattacks, to help them identify and protect themselves from malicious activity on their internet systems.

Through the CIP Directorate, this is exactly what Malta is doing.

This is a Times of Malta print opinion piece

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.