Critical infrastructure encompasses more business sectors than is commonly understood, which governments must recognize in efforts to strengthen national security, as attacks on privately held, often unregulated critical infrastructure operators pose growing risks for societies.

There has been a notable rise in attacks on critical infrastructure, including a doubling of attacks on some segments of society’s core assets, and predictions are for the rise in attacks to continue, driven by a multitude of motivations, including nation state conflict, greed, and extremist ideologies.

Our adversaries don’t care who runs critical infrastructure. If they can get in through the weakest link—and [if] that’s a small municipal authority or a private vendor—that’s what they’re going to target. — U.S. Rep. Chris Deluzio

To arrive at an appropriate security response considering the risks, critical infrastructure operators need to be inclusive and strategic in their approach, starting with a willingness to conduct an honest self-assessment.

Critical infrastructure security is not a solution that can be implemented, it is a process that must be nurtured, requiring money and commitment. By governments, certainly, but it also requires private sector operators to make investments in security. It is necessary for all operators to look across their enterprise and ask, ‘do I have the right skills and expertise and capabilities to start this program?"

There is typically a complicated division of responsibility for protecting critical infrastructure facilities and enhancing security requires better cooperation at every level, including between government agencies and private business.

The security of nations and citizens are at stake. Given today’s threat environment, the world requires greater government and private sector attention to security issues and persistent investment in solutions—and it requires collaboration between the two entities.