Are Wars Blurring Lines Between Corporate and National Security?

by Anika Shah - Technology
0 comments

Governments and NATO allies are redefining national defense to include the protection of civilian critical infrastructure, such as subsea cables and power grids. According to the Wall Street Journal, this shift integrates private-sector assets into national security strategies, sparking disputes over funding, liability, and the blurring line between military and civilian defense.

Why is critical infrastructure becoming a primary military target?

State actors now target civilian systems to cause physical disruption and espionage. Hackers increasingly target not just computer files to steal information but also systems managing vital functions like building access and factory control, remotely causing physical damage or enabling espionage.

In April, U.S. authorities warned that Iranian hackers were trying to disrupt American drinking-water systems by targeting computer equipment that connects hardware with software. A year earlier, suspected Russian hackers remotely manipulated valves on a Norwegian hydroelectric dam.

Other high-priority targets include:

  • Subsea Cables: Assets that cross international waters.
  • Energy Grids: Ukrainian power stations.
  • Logistics Hubs: Airports and ports, including the Port of Long Beach, which launched a cyber-defense operations center in May to thwart tens of thousands of cyberattacks daily, which jeopardize computer systems and all equipment connected to them.

How is NATO integrating civilian assets into defense spending?

The 32 member nations of the North Atlantic Treaty Organization (NATO) last year agreed that as part of a pact to spend 5% of economic output on defense and security, 1.5% would go to military-adjacent needs including protecting critical infrastructure and networks. According to Italian Adm. Giuseppe Cavo Dragone, NATO’s top military adviser, “We need a wide concept of defense — defense is no longer just military.”

Spending targets range from cybersecurity and industrial capacity to railroads, bridges and ports needed for military logistics.

What regulations are governments using to force private sector security?

Governments are moving from voluntary guidelines to mandatory requirements with financial penalties. The EU adopted new regulations requiring countries to reduce vulnerabilities.

Other nations are targeting specific vulnerabilities:

  • United Kingdom: New laws proposed in the U.K. now “seek to increase penalties for subsea sabotage, updating codes that date to when telegraph cables were first laid in the 19th century.”
  • New Zealand: The government has faced resistance from industry groups over a proposal to fine critical-infrastructure companies and their directors for cybersecurity breaches.
  • Germany: Powerful associations representing private companies and municipal utilities have pushed back against new standards for physical protection, warning they could spell financial ruin.

Who pays for the protection of public-good assets?

A growing conflict exists between governments that demand resilience and the private companies that own the assets. Industry groups in Germany warn that mandatory physical protection standards could lead to financial ruin. Many companies argue that while they can invest in redundancy, monitoring, and repair capacity, only governments and militaries can really deter, patrol, attribute, or respond to hostile state activity.

Giuseppe Cavo Dragone Issues Stark Warning During High Stakes NATO Defense Meeting

Marc Glasser, who worked on cybersecurity and infrastructure security for three decades at the U.S. Department of Homeland Security and the Department of Transportation, notes that companies say they need greater clarity from governments on what protections they will provide and subsidies to help them defend privately owned assets that provide a public good. Most governments don’t provide incentives for companies to invest more than the minimum legal resilience requirements.

Comparing Global Regulatory Approaches

Region Primary Mechanism Target Focus Enforcement Method
European Union New regulations Reduce vulnerabilities Mandatory requirements
United Kingdom Proposed laws Subsea sabotage Increased penalties
New Zealand Proposal Critical-infrastructure Fines for companies/directors
United States Warnings Drinking-water systems Public alerts

FAQ: Critical Infrastructure Security

What is a “military-adjacent” asset?

These are needs including protecting critical infrastructure and networks, such as railroads, bridges, and ports needed for military logistics.

Comparing Global Regulatory Approaches

Why are subsea cables so vulnerable?

Another challenge will be parsing jurisdictions and liability for assets that cross international waters or are damaged in combat.

Can a cyberattack cause physical damage?

Yes. Hackers target systems managing vital functions, remotely causing physical damage.

Related Posts

Leave a Comment