Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
topics:infrastructure [2026/03/18 10:42] admintopics:infrastructure [2026/04/20 13:09] (current) vso_vso
Line 1: Line 1:
-<WRAP catbadge blue>General Topics</WRAP>+<WRAP catbadge slate>Technology and Infrastructure</WRAP>
  
-====== Critical Infrastructure ======+====== Critical infrastructure ======
  
 <WRAP meta> <WRAP meta>
 lead-authors: Vitaliy Soloviy lead-authors: Vitaliy Soloviy
 contributors: Klaus Kubeczko contributors: Klaus Kubeczko
-reviewers: [Names]+reviewers:
 version: 1.0 version: 1.0
 updated: 17 March 2026 updated: 17 March 2026
 sensitivity: low sensitivity: low
 +ai-use: Claude Sonnet 4.6 (Anthropic) was used for topic structuring, writing, reference verification, and formatting; reviewed by Vitaliy Soloviy, 17 March 2026
 +status: draft
 </WRAP> </WRAP>
  
Line 15: Line 17:
 Critical infrastructure refers to systems and assets whose disruption would significantly affect public safety, security, or economic continuity. Electricity grids sit at the core of this category — most other critical systems depend on them, and their growing complexity under smart grid transitions introduces new vulnerabilities alongside new capabilities. Critical infrastructure refers to systems and assets whose disruption would significantly affect public safety, security, or economic continuity. Electricity grids sit at the core of this category — most other critical systems depend on them, and their growing complexity under smart grid transitions introduces new vulnerabilities alongside new capabilities.
 </WRAP> </WRAP>
 +
  
 ===== Why this matters ===== ===== Why this matters =====
  
-Electricity is the infrastructure that underlies most other critical infrastructure. Hospitals, water treatment, communications, and transport all depend on reliable power. As grids become more digitalised and distributed, the attack surface expands — cyberattacks, extreme weather events, and cascading failures across interconnected systems all pose risks that conventional grid design did not anticipate. Protecting electricity infrastructure is therefore not just a technical challenge but a governance one, requiring coordination across regulatory, operational, and security domains.<sup>1,2</sup>+Electricity is the infrastructure that underlies most other critical infrastructure. Hospitals, water treatment, communications, and transport all depend on reliable power. As grids become more digitalised and distributed, the attack surface expands — cyberattacks, extreme weather events, and cascading failures across interconnected systems all pose risks that conventional grid design did not anticipate. Protecting electricity infrastructure is therefore not just a technical challenge but a governance one, requiring coordination across regulatory, operational, and security domains.
  
 <WRAP callout> <WRAP callout>
-Digitalisation makes new forms of grid coordination possible — and introduces new vulnerabilities that did not exist in analogue systems.+Digitalisation makes new forms of grid coordination possible but also introduces new vulnerabilities that did not exist in analogue systems.
 </WRAP> </WRAP>
  
-===== A shared definition =====+===== Shared definitions =====
  
-The EU Directive on the Resilience of Critical Entities (CER, 2022/2557) defines critical infrastructure as infrastructure essential to the maintenance of vital societal functions, economic activity, public health, safety, or security, whose disruption would have significant cross-sectoral effects. Energy — including electricity generation, transmission, and distribution — is explicitly listed as a critical sector.<sup>1</sup>+The EU Directive on the Resilience of Critical Entities (CER, 2022/2557) defines critical infrastructure as infrastructure essential to the maintenance of vital societal functions, economic activity, public health, safety, or security, whose disruption would have significant cross-sectoral effects. Energy — including electricity generation, transmission, and distribution — is explicitly listed as a critical sector.((European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2557 on the resilience of critical entities. //Official Journal of the European Union//, L 333, 164–198. https://eur-lex.europa.eu/eli/dir/2022/2557/oj))
  
-Within that framework, electricity grids carry additional specificities: they are highly interconnected, failures can cascade across large geographic areas, and increasing digitalisation ties grid reliability to cybersecurity in ways that earlier regulatory frameworks did not address. The EU NIS2 Directive (2022/2555) responds to this by establishing binding cybersecurity obligations for energy operators as essential entities.<sup>2</sup>+Within that framework, electricity grids carry additional specificities: they are highly interconnected, failures can cascade across large geographic areas, and increasing digitalisation ties grid reliability to cybersecurity in ways that earlier regulatory frameworks did not address. The EU NIS2 Directive (2022/2555) responds to this by establishing binding cybersecurity obligations for energy operators as essential entities.((European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2 Directive). //Official Journal of the European Union//, L 333, 80–152. https://eur-lex.europa.eu/eli/dir/2022/2555/oj))
  
 ===== Perspectives ===== ===== Perspectives =====
  
-Critical infrastructure protection involves different roles and responsibilities depending on who you focus on, what systems are at stake, and what governance frameworks apply.+Critical infrastructure protection involves different roles and responsibilities depending on who is responsible, what systems are at stake, and what governance frameworks apply.
  
 <WRAP perspectives> <WRAP perspectives>
 ==== Actors and stakeholders ==== ==== Actors and stakeholders ====
  
-Responsibility for critical infrastructure protection is distributed across multiple actors — grid operators, national regulators, cybersecurity agencies, emergency services, and government ministries — who rarely share a single chain of command. Coordination among them before, during, and after disruptions is as important as the technical measures each actor takes individually. In practice, information sharing across these groups remains uneven, and the boundary between operator responsibility and state responsibility is often contested.<sup>1</sup>+Responsibility for critical infrastructure protection is distributed across multiple actors — grid operators, national regulators, cybersecurity agencies, emergency services, and government ministries — who rarely share a single chain of command. Coordination among them before, during, and after disruptions is as important as the technical measures each actor takes individually. In practice, information sharing across these groups remains uneven, and the boundary between operator responsibility and state responsibility is often contested.((European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2557 on the resilience of critical entities. //Official Journal of the European Union//, L 333, 164–198. https://eur-lex.europa.eu/eli/dir/2022/2557/oj))
  
-**European Union — CER Directive implementation:** Member states are required to identify critical entities, assess their risks, and ensure they have resilience plans in place. Implementation pace has varied considerably across the EU, with most member states missing the October 2024 transposition deadline.<sup>1</sup>+<WRAP case> 
 +**European Union -- CER Directive implementation** \\ 
 +Member states are required to identify critical entities, assess their risks, and ensure they have resilience plans in place. Implementation pace has varied considerably across the EU, with most member states missing the October 2024 transposition deadline.((European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2557 on the resilience of critical entities. //Official Journal of the European Union//, L 333, 164–198. https://eur-lex.europa.eu/eli/dir/2022/2557/oj)) 
 +</WRAP>
  
 ==== Technologies and infrastructure ==== ==== Technologies and infrastructure ====
  
-The interdependence of electricity grids with telecommunications, water, transport, and digital systems means that a failure in one can propagate across others. Smart grid technologies improve situational awareness and operational flexibility, but also expand the digital attack surface. Cybersecurity measures for operational technology — SCADA systems, distribution management platforms, smart meters — are increasingly treated as integral to grid design rather than as an add-on.<sup>2,3</sup>+The interdependence of electricity grids with telecommunications, water, transport, and digital systems means that a failure in one can propagate across others. Smart grid technologies improve situational awareness and operational flexibility, but also expand the digital attack surface. Cybersecurity measures for operational technology — SCADA systems, distribution management platforms, smart meters — are increasingly treated as integral to grid design rather than as an add-on.((European Commission ISGAN WG6 and ETIP-SNET. (2022). //Flexibility for resilience: How can flexibility support power grids resilience?// Publications Office of the European Union. https://op.europa.eu/en/publication-detail/-/publication/54d9c702-dc9c-11ec-a534-01aa75ed71a1))
  
-**EU — NIS2 and energy operators:** Under NIS2, electricity generators, transmission and distribution operators above defined size thresholds must implement risk management measures, report significant incidents within 2472 hours, and demonstrate supply chain security.<sup>2</sup>+<WRAP case> 
 +**European Union -- NIS2 and energy operators** \\ 
 +Under NIS2, electricity generators, transmission and distribution operators above defined size thresholds must implement risk management measures, report significant incidents within 24 to 72 hours, and demonstrate supply chain security.((European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union. //Official Journal of the European Union//, L 333, 80–152. https://eur-lex.europa.eu/eli/dir/2022/2555/oj)) 
 +</WRAP>
  
 ==== Institutional structures ==== ==== Institutional structures ====
  
-Regulatory frameworks for critical infrastructure protection have traditionally focused on physical security. The growing digital dimension has prompted a shift toward integrated cyber-physical governance, but the institutional architecture — who regulates what, at which level — varies significantly across jurisdictions. Cross-border interdependencies add a further layer, as a disruption in one country's grid can affect neighbours sharing the same synchronous zone.<sup>1,3</sup>+Regulatory frameworks for critical infrastructure protection have traditionally focused on physical security. The growing digital dimension has prompted a shift toward integrated cyber-physical governance, but the institutional architecture varies significantly across jurisdictions. Cross-border interdependencies add a further layer, as a disruption in one country's grid can affect neighbours sharing the same synchronous zone.((European Commission ISGAN WG6 and ETIP-SNET. (2022). //Flexibility for resilience: How can flexibility support power grids resilience?// Publications Office of the European Union. https://op.europa.eu/en/publication-detail/-/publication/54d9c702-dc9c-11ec-a534-01aa75ed71a1))
  
-**EU — NIS2 and CER as parallel frameworks:** NIS2 governs cybersecurity obligations while the CER Directive addresses physical resilience of critical entities. Together they form a dual-track framework, though coordination between the two remains a work in progress at both EU and national levels.<sup>1,2</sup>+<WRAP case> 
 +**European Union -- NIS2 and CER as parallel frameworks** \\ 
 +NIS2 governs cybersecurity obligations while the CER Directive addresses physical resilience of critical entities. Together they form a dual-track framework, though coordination between the two remains a work in progress at both EU and national levels.((European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2557. https://eur-lex.europa.eu/eli/dir/2022/2557/oj)) 
 +</WRAP>
  
 </WRAP> </WRAP>
  
-===== Related topics =====+===== Distinctions and overlaps =====
  
-{{tag>Resilience network_-_grid Digitalisation Operator}}+<WRAP distinction> 
 +**Critical infrastructure vs resilience**\\ 
 +Resilience describes a system's capacity to absorb, adapt to, and recover from disruptions; critical infrastructure protection is the governance and technical effort to maintain that capacity in systems whose failure would have cascading societal effects. The two concepts are closely related — resilience is the goal, critical infrastructure protection is the practice — but they belong to different analytical frames. See the [[topics:resilience|Resilience]] topic. 
 +</WRAP> 
 + 
 +<WRAP distinction> 
 +**Physical security vs cybersecurity**\\ 
 +Conventional critical infrastructure protection focused on physical threats — natural disasters, sabotage, physical attack. Digitalisation adds a distinct attack vector: cyber intrusions targeting operational technology can cause physical effects without any physical access. Current frameworks (NIS2, CER) treat these as complementary rather than separate, but operational integration across the two domains remains uneven. 
 +</WRAP> 
 + 
 +===== Related topics =====
  
-===== References =====+[[topics:resilience|Resilience]] · [[topics:grid|Grid]] · [[topics:digitalisation|Digitalisation]] · [[topics:operator|Operator]] · [[topics:grid_edge|Grid edge]]
  
-<sup>1</sup> European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2557 on the resilience of critical entities (CER Directive). //Official Journal of the European Union//, L 333, 164–198. https://eur-lex.europa.eu/eli/dir/2022/2557/oj+===== Topic notes =====
  
-<sup>2</sup> European Parliament and Council of the European Union(2022). Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2 Directive). //Official Journal of the European Union//, L 333, 80–152. https://eur-lex.europa.eu/eli/dir/2022/2555/oj+Formatting pass 26 March 2026Changes: catbadge corrected; duplicate status lines removed from catbadge; status field added to meta; AI statement moved from bottom of page to ai-use field in meta; superscript footnote references converted to inline DokuWiki footnotes; case examples wrapped in WRAP case blocks; insight block added (152 chars); section heading corrected to Shared definitions; Distinctions section added; tag-based Related topics converted to direct links; References heading removed.
  
-<sup>3</sup> European Commission / ISGAN WG6 & ETIP-SNET(2022). //Flexibility for resilienceHow can flexibility support power grids resilience?// Publications Office of the European Unionhttps://op.europa.eu/en/publication-detail/-/publication/54d9c702-dc9c-11ec-a534-01aa75ed71a1+Should be integrated into broader infrastructure topic. 
 +@@GAP@@ Non-EU institutional case needed. 
 +@@GAP@@ Technical case neededadd a case illustrating a specific cyber-physical vulnerability or resilience measure at the grid level, with technical specificity. 
 +@@GAP@@ Non-EU case neededadd a case showing how critical infrastructure governance is structured in a non-European context (e.gUS NERC CIP standards, or a national framework in Asia or Latin America). 
 +@@GAP@@ Both non-EU case gaps noted in Perspectives need filling before in-review status.
  
-----+~~DISCUSSION|Discussion — logged-in users only~~
  
-//AI statement: Claude Sonnet 4.6 (Anthropic) assisted with topic structuring, writing, reference verification, and formatting; reviewed by Vitaliy Soloviy, 17.03.2026.//