- The evolution of interconnection between infrastructure sectors has been accelerated by the spread of cyberspace, which has become the 'nervous system' linking them. There is no avoiding the security implications emerging at the intersection of cyberspace and infrastructure.
- As countries become more dependent on infrastructure distributed around the world, the growing complexity of interconnections makes it harder for authorities to identify what infrastructure is 'critical'.
- Improving risk management relies on using rigorous definitions of what infrastructure is 'critical', which enables more effective prioritization and protection of nodes and connection points. In this context, the ever-rising importance of data makes distinctions between 'physical' and 'information' infrastructure increasingly irrelevant.
- Societal resilience can be just as important as infrastructure resilience, and policy-makers should consider closely what levels of societal dependency on digital technologies are appropriate. Building public confidence in the security and governance of the critical infrastructure ecosystem is essential to avoid policy-making driven by reactive or narrow interests.
- Meeting these security challenges requires better shared understanding of what is critical between those who protect an organization and those who set its strategic direction. Better understanding of the economic and political incentives that guide stakeholders also reveals the scope for potential cooperation.