Enhancing Digital Barriers for Essential Infrastructure Systems

Enhancing Digital Barriers for Essential Infrastructure Systems

In the digitally dominant era, the communications sector and other critical infrastructures have become pinnacles of societal functionality. These sectors, which include energy, water, healthcare, telecommunications, transportation, and financial services, play a crucial role in shaping modern societies.

Recognising the importance of these infrastructures, both the United States and Europe have taken significant strides in enhancing their cybersecurity.

**United States**

The Cybersecurity and Infrastructure Security Agency (CISA), established under the Cybersecurity Information Sharing Act (CISA) of 2015, is a central federal agency responsible for critical infrastructure cybersecurity. However, this law is set to expire in September 2025. A new Executive Order issued on June 6, 2025, updates cybersecurity priorities around securing software supply chains, quantum cryptography, AI, and IoT devices while continuing to focus sanctions on foreign cyber threat actors targeting U.S. infrastructure.

The Executive Order mandates the adoption of post-quantum cryptography (PQC) standards with deadlines including product category listings by December 1, 2025, and Transport Layer Security 1.3 upgrade by 2030. It also integrates AI-driven cybersecurity threat detection and vulnerability management across federal agencies to scale defenses and incident reporting by November 1, 2025.

The U.S. framework combines regulatory mandates with cybersecurity executive directives and ongoing collaboration between agencies like Homeland Security, NSA, Commerce, and Defense to strengthen national cyber defense.

**Europe**

Europe’s cybersecurity framework is anchored in the EU Cybersecurity Act (2019), which established the European Cybersecurity Certification Framework (ECCF). This framework sets common cybersecurity requirements and provides certification mechanisms to enhance trust and security of digital products and services across member states.

At the member state level, Germany exemplifies the approach with its IT Security Act 2.0 (effective May 2023). This act imposes minimum security standards for critical infrastructure operators, constitutes reporting and information-sharing obligations with the Federal Office for Information Security (BSI), which acts as a national cybersecurity authority and information sharing and analysis center (ISAC), and defines critical infrastructure sectors (including telecom, under which space infrastructure could be included), and mandates proactive threat identification and coordination.

The governance model in Europe blends EU-wide legislation and certification with national law enforcement and coordination bodies like Germany’s BSI, emphasising both regulatory compliance and active cybersecurity management.

In both regions, the focus is on securing critical infrastructures through legislation that evolves with emerging technologies like quantum computing and AI, while emphasising coordination, certification, and information sharing as pillars of cybersecurity governance.

Additional strategies include the use of blockchain technology to provide a secure way to store and share data across networks, the adoption of Intrusion Detection and Prevention Systems (IDPS) to monitor network or system activities, and the use of Virtual Private Networks (VPNs) to encrypt data transferred between IoT devices.

Moreover, legislators need to adopt a forward-looking approach, legislating with not just present conditions in mind but also a potential future full of as yet unidentified threats and challenges. Ethical guidelines must be established legislatively to regulate the adoption and use of AI and ML within the cybersecurity apparatus.

Ensuring the resilience of critical infrastructures against potential threats, such as natural disasters, cyber-attacks, or systemic failures, is a paramount concern for modern nations. The blend of advancing technology and prudent legislation promises not just robustness but resilience, enabling us to adapt swiftly to new and emerging challenges indefinitely.

1. The United States has mandated the adoption of post-quantum cryptography (PQC) standards, with deadlines including product category listings by December 1, 2025, as part of their efforts to secure critical infrastructures, focusing on emerging technologies like quantum cryptography and AI.
2. Europe's cybersecurity framework, established under the EU Cybersecurity Act (2019), sets common cybersecurity requirements and provides certification mechanisms for digital products and services across member states, demonstrating a proactive approach to cybersecurity and data-and-cloud-computing issues.
3. Both United States and European frameworks prioritize network security by employing technologies such as blockchain, Intrusion Detection and Prevention Systems (IDPS), and Virtual Private Networks (VPNs) to encrypt data and enhance security.
4. To address future challenges and unidentified threats, it's essential for legislators to establish ethical guidelines legislatively to regulate the adoption and use of AI and ML within the cybersecurity apparatus, ensuring a resilient and adaptive cybersecurity landscape in the digital era.

Read also: