The session explored the challenge of protecting critical infrastructure – especially the digital backbone – at a time when rivals and adversaries are more willing than ever to exploit failure points and vulnerabilities. The central role of tech and the private sector was a key theme of the session.
Key takeaways:
- The threat landscape facing critical infrastructure is rapidly evolving, marked by the convergence of cyber and physical risks. State-linked actors, particularly from Russia and China, pose escalating cyber threats to essential services, leveraging tools often developed within the private sector itself. Simultaneously, climate-related disruptions and targeted physical attacks are growing in frequency and severity. In this context, data resilience has become a core priority—exemplified by Ukraine’s use of cloud pre-positioning to ensure rapid system restoration during wartime attacks. The dynamic nature of these threats demands constant vigilance, adaptability, and a forward-leaning posture in both digital and physical domains.
- Resilience is increasingly defined by redundancy, preparation, and innovation. Speakers emphasized the importance of layered infrastructure—including multiple power sources, fuel reserves, and battery backups—supported by real-time monitoring and regular crisis simulations
such as ransomware drills. Internal readiness exercises and resilient system design must be aligned with government strategies to ensure continuity. Practical innovations, like the deployment of drone-based radar during flooding, illustrate how adaptive technologies can enhance situational awareness and response in real time. The overarching message is clear:
resilience is not theoretical—it must be embedded, rehearsed, and continuously improved. - Institutional and regulatory frameworks remain a critical enabler—or obstacle—to infrastructure resilience. Fragmentation across Europe has created a patchwork of siloed regulations and burdensome reporting requirements that hinder efficient response coordination. The private sector, often acting as the first responder in cyber incidents, faces legacy vulnerabilities due to underinvestment and outdated infrastructure. Speakers called for regulatory clarity that incentivizes good practices without micromanagement, emphasizing the importance of trust and transparency between public and private actors. Ultimately, a resilient infrastructure ecosystem requires integrated planning, harmonized standards, and joint action across sectors and borders.