Skip to main content

Protecting critical infrastructure from cyber-attacks

The Information Security Office of the Government of the Republic of Slovenia, in cooperation with Microsoft, the Euro-Atlantic Council of Slovenia and the Faculty of Social Sciences of the University of Ljubljana, held a series of four events dedicated to different sectors of critical infrastructure in 2021 – water, energy, health and finances.

We presented the results on July 26 in New York, on the sidelines of the UN debate on the future of international law, norms and responsible behavior of states in cyber space. The published report takes a comprehensive and multi-stakeholder approach to the cyber security of critical infrastructure by:

  • providing valuable insights that highlight the importance of protecting critical infrastructure from cyber-attacks,
  • building on the legislative experience of the European Union, which made this area a priority with the revised Network and Information Security Directive (NIS2),
  • bringing perspectives from technology providers who protect their customers from sophisticated cybercriminals daily,
  • incorporating the views of individuals working for critical infrastructure providers who may see cyber security as a burden and identifies ways to promote understanding and build support among these organizations,
  • exploring areas where governments and industry need to work together to optimize responses, such as scenario-based exercises,
  • facilitating bridges between practitioners and lawmakers.

As critical infrastructure providers are increasingly becoming targets of cyber campaigns, and the attackers are often transnational actors, it is crucial that we establish international cyber security norms and strengthen systems security. Thus, the key recommendations from the report are:

  • Focus on coordinated and effective regulation.
  • Increase information sharing and capacity building.
  • Demand accountability from malicious actors.
  • Enhance intersectoral and governmental cooperation.
  • Strengthen cyber security and cyber resilience awareness.

The Report is available on the link below.