Nidhi Singh
Cyberattacks against critical infrastructure (CI) have evolved from isolated incidents to coordinated campaigns by both state and non-state actors. Cyber threats have become increasingly sophisticated and frequent, particularly those that leverage artificial intelligence (AI). Technologists have noted that AI-powered cyberattacks can bypass traditional defenses, with recent breakout times as short as fifty-one seconds, illustrating the rapid evolution of these threats.[1] These advancements are further exacerbated by China’s increasing offensive cyber capabilities that pose rising threats to CIs, thereby shrinking response windows and making real-time defense capabilities essential.
A closed-door discussion titled “Safeguarding Cybersecurity of Critical Infrastructure” was organized at the Global Technology Summit 2025, co-hosted by Carnegie India and the Ministry of External Affairs, Government of India. The event brought together cybersecurity experts from Australia, Germany, the Netherlands, and France, along with industry leaders, legal experts, academics, and senior Indian policymakers. The discussion aimed to identify vulnerabilities in CI protection, discuss ways to enhance national cybersecurity resilience through international cooperation for incident response, and deliberate coordination required between government, the private sector, and international partners for protecting CI. Based on the discussion, this essay outlines four key challenges: varying definitions of CI across countries, gaps in international cooperation for norm enforcement, difficulties in public-private information sharing, and vulnerabilities in the hardware supply chain.
Inconsistencies in the definition of CI across countries persist because each nation prioritizes and protects different sectors based on its own frameworks and threat perceptions. This creates challenges for a coordinated crisis response, as illustrated during the 2017 NotPetya attack. When the attack stopped container transport at Rotterdam’s port, city authorities struggled to respond effectively because Maersk’s APM Terminals, despite being vital to port operations, was not classified as CI. This definitional gap prevented national support mobilization and delayed crisis coordination. While this example illustrates challenges for national responses, it poses an even greater challenge at the international level, where varying definitions of CI could hinder aligned threat assessment, mutual aid, and collective response efforts.
No comments:
Post a Comment