Protecting critical infrastructure from cyber threats is difficult and complex. News headlines abound with reports that show how critical infrastructure—ranging from voting machines to steel mills—have become increasingly vulnerable to cyber operations from state and sophisticated nonstate actors. As critical infrastructure becomes increasingly entangled with the Internet and as new tactics, techniques, and procedures rapidly proliferate and evolve, governments and businesses alike must contend with a mutating threat environment that may put sensitive and highly important critical infrastructure assets in serious jeopardy. The vulnerabilities of critical infrastructure, which provide vital services and functions to societies, may pose a particularly tempting way for states to asymmetrically project power during an armed conflict or other crisis. Recent tensions between Russia and Ukraine have provided a useful test bed to consider how cyber-threat actors could couple cyber-based operations with movements of traditional military forces.
"The Tallinn Manual 2.0 on Nation-State Cyber Operations Affecting Critical Infrastructure,"
American University National Security Law Brief,
Available at: https://digitalcommons.wcl.american.edu/nslb/vol13/iss1/1