Author: Neil Walker

Ukraine's experience in critical infrastructure protection is increasingly shaping European thinking on resilience and preparedness

Agency News, Industry News
As part of the celebration of the first anniversary of the presentation of the EU Preparedness Union Strategy by the European Union, an EU conference on emergency preparedness, organized by the EU in Emergencies initiative, was held in Brussels (Kingdom of Belgium). The event became a platform for discussing achievements during the year of implementation of the Preparedness Strategy, as well as for exchanging experiences and discussing future challenges.
Vasyl Ananyev, a specialist in the Department of Critical Infrastructure Protection of the State Special Communications Administration, spoke during a session of experts on civil-military cooperation about the role of critical infrastructure protection in ensuring Ukraine's resilience.
“Resilience must be implemented at all levels, and a culture of preparedness should be strengthened in all our societies. The discussion clearly demonstrated that Ukraine’s experience is not only about the resilience of our nation — it is increasingly shaping the European approach to preparedness and resilience,” the State Special Communications Service specialist concluded.
Vasyl Ananyev thanked EU in Emergencies for its continued support for Ukraine and the opportunity to present our country’s experience in protecting critical infrastructure in the face of full-scale war and continuous air strikes on civilian infrastructure.
The two-day conference in Brussels on the occasion of the first anniversary of the EU Preparedness Strategy brought together government representatives, civil protection experts, military, private sector leaders and partners from across Europe. The participants of the event paid special attention to the lessons learned from Russia's military aggression against Ukraine, and also summed up the annual results of the implementation of the Union's Readiness Strategy.
Recall that in March last year, the European Union presented the EU Readiness Strategy, which contains plans for preventing and responding to new threats and challenges in the world.
[source: Vasyl Ananyev, News OKI Defense]
Leave a comment

Beyond Compliance: Conceptual and Implementation Cycles in Critical Infrastructure Protection

Industry News
By Michael Kolatchev, Principal, Rossnova Solutions & Lina Kolesnikova, Senior consultant, Rossnova Solutions, Belgium
Protection of critical infrastructure (CI) is a core national security responsibility that cannot be ensured by any single actor and therefore requires sustained national-level coordination. As a result, it has become a strategic public policy priority in many states. Although CI protection involves multiple public and private stakeholders, international practice confirms the central role of the state in providing strategic direction, ensuring policy coherence, and integrating security considerations, particularly in response to hybrid threats and malicious activities.
Given the systemic and cross-sectoral nature of CI-related risks, the state typically acts as the principal coordinator by establishing governance structures, adopting national strategies, defining mandatory security and resilience requirements, and overseeing their implementation. Effective CI protection enhances resilience, deterrence, and strategic stability by reducing vulnerabilities to disruption and coercion, while avoiding unnecessary centralisation of operational functions.
CI protection cannot be achieved through a single decision or strategy. Resource, expertise, and time constraints, combined with evolving infrastructures, societal needs, and threat landscapes, render one-off approaches insufficient. CI protection should therefore be understood as an iterative and adaptive process rather than a fixed objective. National CI frameworks usually require several years to develop and should allow for periodic updates, for example every three to five years, enabling continuity within a coherent framework.
Such an approach requires continuous coordination, information sharing, and education of stakeholders and society. Static measures, including legislation or information websites alone, are insufficient. Information on requirements and planned changes must remain accessible, current, and actively communicated. Ultimately, effective CI protection depends on the feasibility of objectives and strategies relative to national preparedness and, critically, on people. Responsible behaviour and long-term cultural change among key stakeholders and society are essential to sustainable CI protection.
Cycles in the Development of CIP
Experience across jurisdictions suggests that the development of critical infrastructure protection (CIP) can be structured around two interrelated cycles: a strategic conceptualization cycle and a practical implementation cycle. Their iterative interaction enables continuous adaptation of CIP systems and alignment between strategic objectives and operational outcomes.
The conceptualization cycle covers the formulation, review, and adjustment of CIP strategy. Over time, strategies typically become more refined and aligned with implementation capacities. Maintaining consistency between strategic ambitions and available resources is essential, as persistent misalignment may undermine institutional credibility and stakeholder trust.
A key output of conceptualization is an effective legal and regulatory framework. Legislation should be treated as an integral component of CIP strategy and a tool for its enforcement. The choice of legislative model — umbrella or sector-specific — should reflect institutional maturity and stakeholder compliance capacity. Given the dynamic threat environment, legal frameworks must allow regular adaptation without requiring comprehensive redesign, balancing stability with flexibility.
Conceptualization of the CIP Strategy
The conceptualization of a critical infrastructure protection (CIP) strategy can be understood as an iterative process in which each cycle produces answers to a set of core strategic questions. Where necessary, these answers are formalised through legal and regulatory instruments in order to ensure implementation and accountability. Together, these questions define the key dimensions of CIP strategy development:
• What?
• Who?
• How?
• When?
These dimensions structure strategic decision-making and link policy objectives with governance, operational capabilities, and timelines.
Dimension Key Question Strategic Focus
C.1.1 - What? 
Definition of what constitutes critical infrastructure, including sectors, assets, functions, and services. Identification of protection objectives and priorities, including the balance between protection and resilience. Determination of system boundaries, external dependencies, and relevant threat categories.
C.1.2 - Who?
Allocation of roles and responsibilities among state authorities, regulators, operators, and other stakeholders, including responsibility for strategy development, implementation, coordination, oversight, and effectiveness assessment.
C.1.3 - How?
Selection of protection approaches and instruments, including risk assessment methods, security and resilience measures, operational readiness requirements, coordination mechanisms, and capacity-building. Assessment of the ability of the state and operators to implement these measures.
C.1.4 - When?
Establishment of timelines for strategic decisions, implementation phases, entry into force of requirements, evaluation cycles, and periodic review and adjustment of the strategy and regulatory framework.
Taken together, these dimensions ensure that CIP strategies are not limited to declarative objectives, but are grounded in governance structures, operational feasibility, and temporal discipline — factors that are essential for managing systemic security risks and maintaining strategic stability.
One of the key techniques useful in both formulating the concept and verifying its coherence and feasibility is backward planning and dependency analysis. It starts from the end – imagine, the objective is achieved – and analyses what that future looks like, how that future must function, who does what, etc. Then the analysis goes further backwards finding which necessary components of the future should become available and by when, etc.
Outcomes of Conceptualization and link to Implementation
The outcome of conceptualization is typically formalised in a roadmap defining strategic objectives, timelines, and means. Each conceptualization cycle may encompass multiple implementation cycles aimed at building and sustaining CIP capabilities. This approach enables anticipation of future requirements while ensuring alignment between near-term actions and long-term objectives.
Given evolving threats and constraints, both conceptual and implementation frameworks must adapt over time. Legal and regulatory instruments should therefore support adjustment without undermining legal certainty—an essential requirement in a national security context.
Implementation Cycles
Implementation cycles translate strategic intent into operational reality and provide the feedback necessary for subsequent refinement of the CIP strategy. Multiple implementation cycles may be executed within a single conceptualization cycle, allowing strategic priorities to be pursued through phased, resource-constrained actions.
Each implementation cycle can be structured around four core processes:
• Planning – identification of priority sectors, assets, functions, risks, and acceptable disruption thresholds; development of policies, procedures, response plans, performance indicators, and resource allocation mechanisms.
• Implementation – execution of technical, organisational, and administrative measures, including security enhancements, monitoring, training, redundancy development, exercises, and testing.
• Verification and Evaluation – assessment of effectiveness and compliance through audits, monitoring, testing, exercises, and incident analysis; identification of gaps, deficiencies, and deviations from planned outcomes.
• Improvement and Adaptation – implementation of corrective and preventive actions, adjustment of plans and architectures, scaling of effective solutions, and incorporation of lessons learned into subsequent cycles.
Each implementation cycle is time-bound, reflecting budgetary and resource constraints, while the operation of the protection system itself remains continuous. The use of multiple, iterative cycles enables earlier learning, timely scaling of successful measures, and adjustment of strategy in response to evolving threats.
At the same time, the adaptive capacity of implementation cycles is fundamentally shaped by the objectives, priorities, and boundaries defined during conceptualization. In this sense, conceptualization serves as a strategic constraint and enabler for operational flexibility, directly influencing the effectiveness of CIP as an instrument of national security and resilience.
Wrapping up and drawing from experience
The conceptualization cycle plays a decisive role in defining the objectives, principles, architecture, and core mechanisms of critical infrastructure (CI) protection. Each cycle results in an agreed set of strategic objectives and a corresponding strategy for their achievement, while establishing the parameters that guide subsequent implementation cycles.
Within this process, the definition of objectives — the “what” dimension (C.1.1) — is of central importance. Objectives are rarely fixed at the outset and may be revised multiple times within a single cycle based on analysis across the remaining dimensions: “who” (C.1.2), “how” (C.1.3), and “when” (C.1.4), which reflect governance structures, available instruments, and temporal constraints. As a result, conceptualization typically proceeds through iterative adjustments that align strategic intent with feasibility and capacity.
This iterative logic enhances strategic coherence and realism, reducing the risk of setting objectives that are unattainable or disproportionate to available resources—a common source of failure in national security policy design.
Drawing on international practice, several core recommendations can be identified for the development of CI protection systems:
Conceptualization cycle
• Clearly define the scope of protection, prioritising critical functions and services and accounting for cascading and cross-border dependencies.
• Establish a clear allocation of roles and responsibilities among state authorities, operators, and other stakeholders, supported by central coordination.
• Develop a realistic strategy aligned with national capabilities, resources, and an adaptive legal and regulatory framework.
Implementation cycles
• Apply phased, time-bound implementation with achievable objectives and measurable outcomes.
• Ensure coordination mechanisms capable of operating in both routine and crisis conditions.
• Institutionalise regular testing and exercises as a core element of resilience and readiness.
Cross-cutting principles
• Embed continuous feedback and improvement through the integration of implementation results into governance and strategic review.
• Maintain transparency and predictability of requirements while avoiding excessive or purely formal regulation.
• Prioritise resilient and reliable operation over formal compliance, treating day-to-day system performance as the primary measure of effectiveness.
While international experience provides valuable guidance, its effectiveness depends on careful adaptation to national legal frameworks, institutional arrangements, infrastructure maturity, and resource constraints. In a security context, successful CI protection is achieved not through replication of external models, but through the disciplined translation of international best practices into nationally viable strategies.
Policy Implications and Initial Steps  
As initial steps toward the development of a national concept and legal framework for critical infrastructure (CI) protection, states should adopt a risk-governance–driven approach grounded in an explicit understanding of the evolving threat environment. Priority actions include:
• conducting a systematic inventory of infrastructures, functions, and services based on their criticality, interdependencies, and potential national-level impact under diverse threat scenarios;
• assessing maturity and readiness of key operators and public authorities to manage risks arising from cyber, physical, hybrid, and systemic disruptions;
• defining core principles and strategic priorities for CI protection that reflect national risk tolerance, security objectives, and available capabilities and resources;
• defining (estimating) the pace of continuous CIP build-up as the country and the society can realistically afford, with, for example, 3-or 5-year iterations;
• developing a framework concept and roadmap that enable phased implementation and adaptive responses to changing threat dynamics;
• initiating preparation or adaptation of legal and regulatory instruments designed to support continuous risk assessment, feedback, and periodic revision of requirements.
Together, these steps provide the institutional and analytical foundation for integrating CI protection into broader national security risk governance and resilience planning, while staying realistic and adequate to individual country situation, balancing the “would” with the “could”.
Leave a comment

OSCE promotes marine transport security and relevant Convention implementation

Agency News, Industry News, Transport sector
The OSCE Programme Office in Astana co-organized a practical seminar on inspection of higher educational institutions and maritime training centres of Kazakhstan in co-operation with the Committee of Railway and Water Transport of the Ministry of Transport and with the support of the Kazakhstan Maritime Academy of the Kazakh-British Technical University. The main goal of the seminar was to strengthen oversight of inspection and accreditation of higher educational institutions and maritime training centres in Kazakhstan, in line with the International Convention on Standards of Training, Certification, and Watchkeeping for Seafarers (STCW).
Maritime safety begins long before a vessel leaves port, it starts in the classroom, where future seafarers are trained to meet international standards. The STCW sets globally accepted minimum standards for the training, certification, and competence of seafarers, ensuring that ships are operated safely worldwide. Before STCW, standards varied widely between countries, creating risks to maritime safety and uneven levels of crew competence. The Convention also plays a key role in protecting the marine environment, as competent seafarers are better equipped to prevent pollution and respond effectively to environmental emergencies.
The seminar focused on the strict STCW requirements governing seafarer training, including curriculum development, teaching methodologies, assessment processes, and institutional facilities. Participants gained a comprehensive understanding of how inspections are conducted, the methodologies used for evaluation, and the specific criteria applied during accreditation.
Through in-depth discussions and practical guidance delivered by an international expert, the seminar helped to identify areas for improvement and support the Ministry’s efforts to modernize and adapt its national framework, where needed. This initiative represents an important step toward modernizing national inspection systems, strengthening compliance with international standards, and enhancing maritime safety and environmental protection.
Leave a comment

OSCE and Kazakhstan Strengthen Co-operation on Emergency Management and Disaster Risk Reduction

Agency News, Industry News
The Head of the OSCE Programme Office in Astana, Ambassador Alexey Rogov, met with Deputy Minister for Emergency Situations, Batyrbek Abdyshev, at the Ministry's Crisis Management Center to review joint achievements and chart future co-operation in disaster risk reduction and emergency response.
The discussions highlighted the tangible results of the partnership between the OSCE Programme Office in Astana and the Ministry for Emergency Situations. Through the partnership, two critical digital tools have been successfully implemented: the Digital Safety Passport and Interactive Maps sub-systems. These innovations have been integrated into the Ministry's geographic information system (GIS ES), substantially enhancing the country's capacity to forecast and monitor emergency situations.
Deputy Minister Abdyshev congratulated Ambassador Rogov on his recent appointment and expressed appreciation for the Office’s continued support. He emphasized that initiatives on future co-operation are discussed on working and higher levels, and highly relevant to the Ministry’s strategic priorities, particularly noting strong interest in the planned capacity-building seminars on satellite imagery interpretation and the programme to certify Caspian Sea divers according to international standards.
During discussions, the Ministry shared insights into its expanding operational capabilities, including conducting an average of eight drone operations daily – the highest volume among all State agencies, and provided practical examples of their use in rescue and monitoring scenarios as well as the integrated use of Artificial Intelligence. The Ministry’s technical expertise in unmanned aerial systems has positioned it as a resource for other government bodies requiring complex drone-assisted operations.
The sides also addressed emerging security challenges linked to climate change, with the Ministry actively monitoring global patterns in the frequency and intensity of natural disasters.
Ambassador Rogov noted that the partnership demonstrates how international co-operation can deliver practical tools that enhance public safety and strengthen institutional capacity in emergency management. He reaffirmed the OSCE's commitment to supporting Kazakhstan's efforts to further modernize its civil protection systems and build resilience against emerging challenges.
Looking ahead, both sides outlined priority areas for future co-operation in the coming years, including automated monitoring systems for natural hazards, research on glacial and landslide-dammed lakes, seismic hazard assessment, and detailed seismic zoning maps. These priorities will form the basis of a multi-year co-operation framework to be developed in the coming period.
The Office will continue implementation of planned activities, including upcoming capacity-building seminars and technical assistance programmes.
The initiatives, implemented in close co-operation with the Ministry for Emergency Situations, underscore Kazakhstan’s commitment to strengthening its emergency management systems and demonstrates the country's dedication to adopting innovative digital solutions and international good practices in civil protection and disaster risk reduction.
Leave a comment

CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols

Cyber Security CII sector, Industry News
CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can’t Authenticate. This guidance highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:
1. What motivates owners and operators to secure communication, and
2. What barriers prevent successful adoption from design through deployment and operations.
Legacy OT protocols lack strong protections against data alteration, device impersonation, and unauthorized access, making critical infrastructure vulnerable to cyber threats. Securing these protocols requires solutions that are practical for current operators as well as cyber experts. Based on the research conducted, CISA provides recommendations for how owners and operators can avoid the negative experiences of their peers, as well as recommendations to OT manufacturers to drive sustainable, more usable capabilities.
For OT Owners and Operators:
• Learn why message signing is the foundation for secure OT communication and when encryption is essential.
• Discover practical strategies for phased adoption of secure protocols to minimize operational risk.
• Identify which OT communications should be prioritized for enhanced security and resilience.
• Explore ways to simplify secure workflows and key management for easier implementation.
For Manufacturers:
• Gain insights from customer research to reduce customer friction and deliver more usable, secure products.
• Explore actionable recommendations to address cost and complexity barriers to secure communication.
• Learn how usability metrics like deployment time and ease of integration can differentiate your solutions and accelerate adoption.
CISA encourages critical infrastructure organizations and OT manufacturers to review and implement the recommendations in this guidance.
Leave a comment

Ignitis Gamyba Allocates €1.1 Million in Humanitarian Aid for Ukraine’s Critical Infrastructure

Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector
From September 2024 to this October, Ignitis Gamyba allocated €1.1 million in humanitarian aid to support the restoration of Ukraine’s war‑damaged energy infrastructure. According to the European Commission, this is the largest logistical operation it has ever coordinated.
In just over a year, 145 lorries loaded with equipment were dispatched from the Vilnius TE‑3 Combined Heat and Power Plant. According to the company’s calculations, a total of 2,681 tonnes of equipment have been allocated for humanitarian aid.
“In this challenging period, as Ukraine experiences continued russian aggression and the destruction of its energy infrastructure, we remain firmly committed to supporting the Ukrainian people. Lithuania’s initiative to relocate a full thermal power plant, with a combined heat and electricity capacity of nearly 1,000 MW, to Ukraine through the EU Civil Protection Mechanism is a powerful example of solidarity and cooperation. A thermal power plant of this size can provide heating for approximately half of Vilnius households. This support is necessary to rebuild the energy sector, which is vital to the daily lives of Ukrainians. I am sincerely grateful to all the countries, companies and institutions involved in this massive project. This operation only became possible through the efforts of all of our partners,” says Minister of Energy Žygimantas Vaičiūnas.
The principal activities of Ignitis Gamyba’s TE‑3 were suspended in 2015 due to high operating costs and an assessment that operation of the power units would not have a significant impact on the stability of the electric power system.
“For more than 30 years, this power plant provided heating for roughly half of Vilnius households. Now it is no longer being used, but the equipment we preserved and kept operational was able to contribute to restoring vital functions in Ukraine,” said Ignitis Group CEO Darius Maikštėnas.
The transfer of equipment was officially confirmed on 15 July 2024, following the signing of a support agreement between Ignitis Gamyba and the electricity distribution network operator in Ukraine. For security reasons, more detailed information about the aid being provided, including the exact names of the equipment as well as the power plants it will be going to, cannot be disclosed.
Leave a comment

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

Agency News, Cyber Security CII sector, Industry News
In December 2025, a malicious cyber actor(s) targeted and compromised operational technology (OT) and industrial control systems (ICS) in Poland’s Energy Sector—specifically renewable energy plants, a combined heat and power plant, and a manufacturing sector company—in a cyber incident. The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS.
A malicious cyber actor(s) gained initial access in this incident through vulnerable internet-facing edge devices, subsequently deploying wiper malware and causing damage to remote terminal units (RTUs). The malicious cyber activity caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices. While the affected renewable energy systems continued production, the system operator could not control or monitor them according to their intended design.
CERT Polska’s incident report highlights:
- Vulnerable edge devices remain a prime target for threat actors.
  - As indicated by CISA’s Binding Operational Directive (BOD) 26-02: Mitigating Risk From End-of-Support Edge Devices, end-of-support edge devices pose significant risks.
- OT devices without firmware verification can be permanently damaged.
  - Operators should prioritize updates that allow firmware verification when available; if updates are not immediately feasible, ensure that cyber incident response plans account for inoperative OT devices to mitigate prolonged outages.
- Threat actors leveraged default credentials, a vulnerability not limited to specific vendors, to pivot onto the HMI and RTUs.
  - Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future.
CISA and the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (DOE CESER) urge OT asset owners and operators to review the following resources for more information about the malicious activity and mitigations:
- CERT Polska’s Energy Sector Incident Report - 29 December 2025.
- CISA’s joint fact sheet with FBI, EPA, and DOE Primary Mitigations to Reduce Cyber Threats to Operational Technology.
- DOE’s Energy Threat Analysis Center’s threat advisories.
Leave a comment

€113 million in EU funding allocated to strengthen the resilience of Baltic and Polish electricity grids

Agency News, Industry News, Power/Energy/Oil & Gas sector
The European Commission has allocated €113 million in funding from Connecting Europe Facility (CEF) for critical Synchronisation infrastructure protection implemented by the transmission system operators of Lithuania, Estonia, Latvia and Poland. The implementation of wider range of projects aimed at ensuring energy security against potential cyber and physical threats began on February 9 last year, following the successful synchronization of the Baltic States with the Continental European electricity network.
“Having successfully completed the synchronization project, the Baltic States and Poland continue to invest in energy independence and security. We are grateful to the European Commission for supporting our ambition to make the Baltic Sea region a model for strengthening the security and resilience of critical energy infrastructure across Europe. This funding is the result of our consistent efforts and sets a new precedent, as until now the European Union had no dedicated financing for the protection of critical energy infrastructure. By consistently applying the lessons learned from Ukrainian energy specialists, we are expanding the scope of protection for our critical energy infrastructure projects. We plan to apply for further funding for resilience projects and are actively working to ensure that a long-term EU-level instrument for financing critical energy infrastructure protection is established,” – said Žygimantas Vaičiūnas, Minister of Energy of the Republic of Lithuania.
The protection of critical energy infrastructure is being financed on the EU level for the first time. These possibilities have been empowered due to the implementation of the synchronization project by the Baltic States and Poland. Lithuania together with Estonia, Latvia and Poland is targeting the long-term legal and financial instruments for the financing of the critical energy infrastructure within the EU. Currently the legal instruments are under review, it is expected and the efforts are pursued the initiative to be properly aligned also during the negotiations of Multiannual Financial Framework for 2028-2034.
“We launched the resilience programme just over a year ago, and we have already made significant progress in many areas: we have procured and are installing drone neutralization solutions, implemented initial protection measures for substation equipment, designed and prepared to build physical barriers – materials for which were tested at Lithuanian Armed Forces training grounds – and introduced measures to ensure rapid restoration of damaged infrastructure. We continue to raise the level of cybersecurity. By sharing information and insights with partners in the Baltic States and Poland, working with universities and security experts, and learning from Ukraine’s experience, we are constantly looking for ways to supplement and improve existing solutions,” said Litgrid CEO Rokas Masiulis.
The critical infrastructure protection projects implemented by the Baltic and Polish transmission system operators – Litgrid, AST, Elering, and PSE – as part of the Baltic synchronization effort will be financed through the Connecting Europe Facility (CEF).
The projects will receive up to the maximum possible co financing rate of 50% of eligible costs. Funding for projects in Lithuania amounts to €22 million.
Litgrid’s energy infrastructure resilience programme includes strengthening the physical protection of critical facilities, establishing emergency and crisis reserves for transmission network equipment, installing electronic security systems, deploying unmanned aerial vehicle detection and neutralization systems, enhancing perimeter protection, and preparing to operate under critical conditions.
Litgrid is implementing 13 projects under the resilience programme, comprising more than 150 measures deployed across various transmission network facilities. The programme is continuously reviewed based on threat assessments and new technological solutions.
On February 8, 2025, the Baltic States disconnected from the Russia controlled IPS/UPS electricity system, and on February 9 successfully synchronized their electricity systems with the Continental European synchronous area. Synchronization with Continental Europe enables the Baltic States to operate their electricity systems in close cooperation with other Continental European countries, ensuring stable and reliable frequency regulation, thereby strengthening energy independence and enhancing energy security across the region. The Baltic States joined the Continental European network, which serves more than 400 million consumers in 26 countries.
Leave a comment

Draft NIST Guidelines Rethink Cybersecurity for the AI Era

Agency News, Cyber Security CII sector, Industry News
Artificial intelligence (AI) is impacting many organizations’ activities, and cybersecurity is no exception. For anyone interested in the opportunities and risks at the intersection of cybersecurity and AI, the National Institute of Standards and Technology (NIST) has released a preliminary draft of its Cyber AI Profile.
The publication, whose full title is the Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), offers guidelines for using the NIST Cybersecurity Framework (CSF 2.0) to accelerate the secure adoption of AI. The profile helps organizations think about how to strategically adopt AI while addressing emerging cybersecurity risks that stem from AI’s rapid advance.
“Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI’s advancement,” said Barbara Cuthill, one of the profile’s authors.
The draft resulted from a yearlong effort on the part of NIST cybersecurity and AI experts. Over that time, more than 6,500 individuals have joined the community of interest to contribute to NIST’s development of the profile. After releasing an initial concept paper in February 2025, conducting a workshop the following April, and hosting a series of community of interest meetings in the summer, NIST is now releasing the preliminary draft of the profile for a 45-day public comment period.
The Cyber AI Profile centers on three focus areas:
- Securing AI systems: identifying cybersecurity challenges when integrating AI into organizational ecosystems and infrastructure
- Conducting AI-enabled cyber defense: identifying opportunities to use AI to enhance cybersecurity, and understanding challenges when leveraging AI to support defensive operations
- Thwarting AI-enabled cyberattacks: building resilience to protect against new AI-enabled threats
“The three focus areas reflect the fact that AI is entering organizations’ awareness in different ways,” Cuthill said. “But ultimately every organization will have to deal with all three.”
The Cyber AI Profile can help organizations use the CSF to crystallize their cybersecurity goals with respect to AI and CSF 2.0. The profile offers insights to help organizations understand, examine and address the cybersecurity concerns related to AI and thoughtfully integrate AI into their cybersecurity strategies.
NIST uses the term “community profile” to describe the application of CSF 2.0 to address shared interests and goals among organizations. The Cyber AI Profile joins other community profiles that NIST has created for the manufacturing, financial and telecommunications communities, among others.
The preliminary draft release is intended to seek feedback from the public to inform an initial public draft, which Cuthill says will further refine the profile and include mapping of additional relevant resources to the CSF. Following the 45-day comment period, NIST plans to develop the initial public draft for release in 2026.
When finalized, the profile will help organizations incorporate AI into their cybersecurity planning by suggesting key actions to prioritize, highlighting special considerations from specific parts of the CSF when considering AI, and providing mappings to other NIST resources, including the AI Risk Management Framework.
Cuthill said the authors hope to continue developing the profile as a tool that will prove useful to the community.
“The Cyber AI Profile is all about enabling organizations to gain confidence on their AI journey,” she said. “We hope it will help them feel equipped to have conversations about how their cybersecurity environment will change with AI and to augment what they are already doing with their cybersecurity programs.”
Leave a comment

Lessons from Ukraine: What Critical Infrastructure Protection Professionals Should Learn About Information Warfare

Industry News
Information Warfare Is Infrastructure Warfare
Critical infrastructure protection has traditionally focused on tangible risks: physical sabotage, natural hazards, equipment failure and, more recently, cyberattacks and protest action. These threats remain central. However, the war in Ukraine has revealed a parallel reality that can no longer be treated as secondary. Information warfare – particularly disinformation – has become a core component of infrastructure targeting.
In Ukraine, attacks on energy, transportation, water, and communications systems were rarely isolated technical events. They were embedded within broader influence campaigns designed to shape how populations, governments, and international audiences perceive those events.
Disinformation did not simply accompany infrastructure attacks: it prepared the ground for them, magnified their effects, and prolonged their impact.
The integration of physical, cyber, and influence operations represents a shift in how critical infrastructure is contested. It challenges existing protection and resilience models, which often assume that technical restoration equates to recovery. Ukraine’s experience shows that even when systems are repaired, trust, confidence and social cohesion may remain damaged – sometimes irreversibly.
The lessons from Ukraine are not limited to armed conflict. The same techniques are increasingly applied during peacetime crises, natural disasters, industrial accidents, and political instability. For critical infrastructure professionals globally, understanding information warfare is now a prerequisite for resilience.
Disinformation as a Preparatory Tool
One of the clearest patterns observed in Ukraine was the use of disinformation well before infrastructure attacks occurred. Russian-aligned media outlets, social media networks, and proxy voices consistently promoted narratives portraying Ukrainian infrastructure as outdated, fragile, corruptly managed, or on the brink of collapse.
These narratives served several strategic purposes:
First, they normalised failure. By repeatedly asserting that infrastructure collapse was inevitable, disinformation lowered public expectations and reduced the perceived shock value of outages. When attacks occurred, they appeared to confirm preexisting beliefs rather than signal deliberate aggression.
Second, these narratives undermined institutional credibility. Infrastructure operators, regulators, and government officials were framed as incompetent or dishonest. This eroded trust before any incident took place, ensuring that official communications would be met with scepticism during crises.
Third, preparatory disinformation shaped attribution. When outages occurred, audiences were already primed to blame mismanagement or systemic decay rather than external attack. This confusion benefited the attacker by obscuring responsibility and complicating international response.
For infrastructure protection professionals, this highlights an often-overlooked warning sign: persistent, coordinated narratives questioning infrastructure reliability may indicate more than public dissatisfaction. They can be early indicators of hostile influence activity aligned with future disruption.
Exploiting the Moment of Crisis
The second phase of information warfare unfolded during active infrastructure disruptions. In Ukraine, disinformation campaigns were activated almost immediately following missile strikes, cyber incidents, or sabotage.
Within minutes, false or misleading claims appeared across multiple platforms, often repeating similar themes:
• Exaggerated estimates of outage scale and duration
• False causes, including fabricated internal failures or accidents
• Claims that authorities were concealing the truth
• Warnings of secondary threats, such as water contamination or fuel shortages
These narratives exploited a universal vulnerability: the information vacuum that emerges during fast-moving incidents. In the early stages of any infrastructure failure, details are incomplete, assessments are ongoing, and officials may hesitate to communicate prematurely. Disinformation thrives in this uncertainty.
In Ukraine, hostile narratives often outpaced official messaging, becoming the first version of events many people encountered. Once established, these narratives proved difficult to dislodge, even after accurate information became available.
The result was not merely confusion, but operational impact. Emergency services faced increased pressure due to panic-driven behaviour. Infrastructure staff were targeted by public anger fuelled by false accusations. Compliance with emergency guidance declined as trust eroded.
This pattern is not unique to Ukraine. Any infrastructure incident – whether caused by natural disaster, accident, or attack – creates similar informational vulnerabilities. The difference lies in whether adversaries are prepared to exploit them.
The Post-Incident Information Battle
Infrastructure protection often defines success as restoration of service. Ukraine’s experience demonstrates that this definition is incomplete. Information warfare continued long after power was restored, trains resumed operation, or communications networks stabilised.
Post-incident disinformation campaigns focused on delegitimising recovery efforts. Common narratives included claims that repairs were superficial, that reported restoration was fabricated, or that funds allocated for recovery were being stolen. In some cases, restored services were portrayed as unsafe or intentionally compromised.
These narratives had cumulative effects. Over time, they fostered a sense of permanent vulnerability and institutional failure. Each subsequent incident, even minor ones, triggered outsized reactions because public confidence had already been degraded.
For societies dependent on complex infrastructure systems, this erosion of trust poses a strategic risk. Public cooperation is essential during outages, conservation measures, evacuations, and recovery efforts. When trust collapses, resilience collapses with it.
Energy Infrastructure: Visibility and Vulnerability
Energy infrastructure emerged as a primary target of integrated attacks in Ukraine, both because of its strategic importance and its visibility. Power outages are immediately felt across society, making them ideal opportunities for influence operations.
Russian disinformation consistently framed energy disruptions as evidence of state failure. At the domestic level, narratives emphasised government incompetence and inevitability of collapse. Internationally, messaging warned that Ukrainian instability threatened regional energy security, aiming to undermine external support.
The combination of physical damage and narrative exploitation transformed grid attacks into broader political and psychological events. Even limited outages were portrayed as existential crises.
Globally, energy infrastructure shares these characteristics. It is highly visible, politically sensitive, and closely tied to public confidence. Whether the cause is hostile action, extreme weather, or technical failure, energy disruptions offer fertile ground for disinformation.
Resilience strategies that focus solely on redundancy and hardening overlook this reality. Narrative management – ensuring credible, timely, and transparent communication – is a critical defensive capability for the energy sector.
Transportation and Logistics: Perception Versus Reality
Transportation and logistics infrastructure played a subtler but equally important role in Ukraine’s information war. Disruptions to rail networks, ports, and supply chains were frequently exaggerated through disinformation to suggest nationwide paralysis.
In practice, many of these disruptions were localised or temporary. However, narratives portraying systemic collapse created disproportionate psychological impact. They undermined confidence in the state’s ability to function and fuelled perceptions of chaos.
This illustrates a key insight: the strategic value of infrastructure disruption lies not only in material impact, but in perceived impact. Disinformation can amplify limited damage into a crisis of legitimacy.
Transportation systems worldwide share similar vulnerabilities. They are complex, interdependent, and largely invisible until something goes wrong. When disruptions occur, public understanding is often limited, making perception easy to manipulate.
Communications Infrastructure and the Information Paradox
Communications infrastructure occupies a unique position in information warfare. It is both a target and a medium.
In Ukraine, attacks on communications networks were accompanied by narratives claiming total isolation, even when partial connectivity remained. These claims intensified fear and hindered coordination, despite technical realities being more nuanced.
At the same time, intact communications networks were used to spread disinformation at scale. Social media platforms, messaging apps, and online forums became battlegrounds where narratives competed in real time.
This paradox underscores a challenge for infrastructure protection: connectivity increases both resilience and vulnerability. Robust communications enable coordination and recovery, but they also accelerate the spread of false information.
Managing this tension requires proactive planning rather than reactive moderation.
AI and the Acceleration of Influence Operations
Ukraine has also demonstrated how artificial intelligence and automation are reshaping information warfare. Disinformation campaigns increasingly rely on AI-assisted tools to generate content, translate messages, and adapt narratives rapidly.
These tools enable influence operations to:
• Respond to incidents in near real time
• Tailor messaging to specific regions or communities
• Test and refine narratives at scale
• Sustain high-volume campaigns with limited human input
For infrastructure operators and authorities, this creates a speed asymmetry. Traditional communication processes, often cautious and hierarchical, struggle to compete with automated disinformation systems optimised for velocity rather than accuracy.
As AI-enabled influence operations proliferate, the gap between incident occurrence and narrative dominance will continue to shrink.
Countering Infrastructure-Focused Disinformation: Lessons from Ukraine and the International Response
While Ukraine’s experience highlights the risks posed by coordinated information warfare, it also offers important insights into how states and institutions can respond. Over the course of the conflict, Ukraine – often with support from international partners – has developed a set of adaptive practices aimed at mitigating the impact of misinformation and disinformation surrounding critical infrastructure.
One of the most important developments has been the deliberate integration of strategic communications into infrastructure resilience and crisis management. Ukrainian authorities increasingly treated public communication as an operational necessity rather than a secondary or reputational concern. During major attacks on the energy system, for example, government officials and grid operators provided frequent, transparent updates on outages, repair timelines, and system stability – even when information was incomplete. This approach reduced uncertainty and limited the space available for hostile narratives to dominate the information environment.
Energy sector coordination has been particularly notable. Ukraine’s transmission system operator and energy ministry worked closely to ensure that technical messaging, public guidance, and security communications were aligned. Consistent terminology and shared situational awareness helped prevent contradictory statements that could be exploited by disinformation actors. Similar coordination was observed between rail operators and government authorities following attacks on transportation infrastructure, ensuring that service disruptions were explained accurately and proportionately.
Ukraine also made extensive use of trusted intermediaries. Municipal authorities, emergency services, and local infrastructure operators were empowered to communicate directly with communities, reinforcing national messaging with localised, context-specific information. This distributed communication model proved more resilient than reliance on a single centralised voice, particularly when adversaries sought to discredit national institutions.
At the international level, Ukraine benefited from intelligence and information sharing with partner governments and multilateral organisations. Early warning of coordinated disinformation campaigns – particularly those linked to major infrastructure attack waves –allowed authorities to anticipate false narratives and prepare counter-messaging in advance. Diplomatic engagement also played a role, with partner governments publicly rebutting false claims aimed at international audiences regarding Ukrainian infrastructure stability and energy security.
Cooperation with technology platforms formed another layer of response. While not eliminating disinformation, collaboration improved the identification and disruption of coordinated inauthentic behaviour, particularly during periods of intense infrastructure disruption. This included rapid takedowns of networks amplifying false claims about nationwide grid collapse or fabricated secondary hazards.
Beyond Ukraine, a broader international response is emerging. Several countries have established dedicated counter–foreign information manipulation units within national security or communications structures, many of which now explicitly include critical infrastructure within their remit. Regional organisations and alliances have expanded information-sharing mechanisms focused on disinformation trends related to energy, transportation, and emergency response, reflecting recognition that influence operations often target multiple states simultaneously.
Importantly, these efforts underscore a growing consensus: countering infrastructure-focused disinformation is not solely the responsibility of media regulators or technology companies. It requires sustained collaboration among infrastructure operators, security agencies, regulators, emergency managers, and communicators. Technical resilience and narrative resilience are increasingly understood as interdependent.
Rethinking Resilience: Practical Implications
Ukraine’s experience points to a fundamental shift in how critical infrastructure resilience must be understood.
First, disinformation should be treated as an all-hazards threat. It can amplify the impact of any disruption, regardless of cause. Risk assessments that ignore the information domain underestimate vulnerability.
Second, crisis communications must be integrated into infrastructure protection planning. Communication is not merely a public relations function; it is an operational capability that influences safety, compliance, and recovery.
Third, cross-sector collaboration is essential. Disinformation campaigns rarely target a single sector in isolation. Energy, transportation, water, communications, and government institutions are often targeted simultaneously. Information sharing across sectors improves situational awareness and response.
Fourth, leadership awareness matters. Executives, operators, and incident commanders must understand how their actions, statements, and silences can be exploited. Training should include information threat scenarios alongside technical exercises.
Finally, coordination with public authorities and international partners enhances resilience. Influence operations often operate across borders, requiring shared understanding and collective response.
Protecting the Invisible Layer
The war in Ukraine has revealed that critical infrastructure has an invisible layer: public trust, institutional credibility, and shared understanding of reality. This layer is neither purely technical nor purely social, yet it underpins the functioning of every infrastructure system.
Information warfare targets this layer directly. By manipulating perception, adversaries can turn infrastructure incidents into strategic crises without increasing physical damage.
For critical infrastructure protection professionals worldwide, the implication is clear. Resilience is not achieved solely through stronger defences or faster repairs. It also depends on the ability to recognise, anticipate, and counter hostile narratives.
Ukraine’s experience offers a stark lesson – but also an opportunity. By learning how information warfare operates in conjunction with infrastructure attacks, societies can strengthen resilience before future crises occur. The alternative is to repair systems repeatedly while the foundations of trust continue to erode.
By Natasia Kalajdziovski, PhD, Senior Fusion Threat Intelligence Analyst, SecAlliance
Leave a comment
1 2 3 66