Cyber Defence Library

Regulating Cross-Border Dependencies of Critical Information Infrastructure

Regulating Cross-Border Dependencies of Critical Information Infrastructure

One of the least explored areas of cyber vulnerabilities concerns cross-border dependencies of critical information infrastructure. The provision of vital services such as banking or telecommunications is increasingly reliant on information infrastructure which may be located in another country or have a critical dependency on information systems outside of a country’s jurisdiction. This trend is expected to continue alongside globalisation and technologically-driven business practices.

There is a growing awareness of the vulnerability contained in such dependency, but so far no generally established approach to address it. This study therefore aims to respond to two needs. It will first identify the existing state of knowledge in academic and security research about critical infrastructure dependencies on information infrastructure beyond national territory. Secondly, it will identify the state of awareness as well as any existing nationally employed strategic, legal and regulatory tools to remedy risks that arise from such dependencies.

The study bases on a review of existing research handling cross-border dependencies, existing national legal, policy and strategy instruments, and soft law instruments by international organisations. Particular national approaches were sought by a survey carried out among national crisis management authorities in October 2014.