National Legal Frameworks for the Protection of Critical Digital Infrastructure in the Age of Global Cyber Threats
Keywords:
Critical Digital Infrastructure, Cybersecurity Law, National Legal Frameworks, Global Cyber Threats, Digital Governance, Critical Infrastructure ProtectionAbstract
The rapid escalation of global cyber threats has placed critical digital infrastructure at the center of national security concerns. Critical digital infrastructure - including financial systems, energy networks, telecommunications, healthcare platforms, and government information systems - has become increasingly vulnerable to sophisticated cyber attacks that transcend national borders. This study was undertaken to examine the adequacy of national legal frameworks in protecting critical digital infrastructure in the contemporary cyber threat environment. The research addresses a significant legal problem: the growing gap between the pace of technological advancement and the capacity of existing legal regimes to effectively prevent, mitigate, and respond to large-scale cyber threats. By building upon existing scholarship on cybersecurity law and critical infrastructure protection, this study seeks to provide a systematic legal analysis of national strategies and regulatory approaches in the digital era. This research employs a normative juridical method combined with a doctrinal legal analysis. Primary legal materials include national cybersecurity statutes, regulations on critical infrastructure protection, data protection laws, and relevant international legal instruments. Secondary materials consist of academic literature, policy reports, and comparative legal studies on cybersecurity governance. A comparative approach is used to examine selected national legal frameworks and identify common regulatory patterns, institutional arrangements, and enforcement mechanisms. The study also analyzes policy documents and official guidelines to assess how legal norms are translated into operational cybersecurity strategies. The findings indicate that while many states have adopted legal frameworks recognizing critical digital infrastructure as a strategic national asset, significant inconsistencies remain in regulatory scope, institutional coordination, and enforcement capacity. Most national frameworks emphasize preventive measures, such as risk assessment and incident reporting obligations, but lack comprehensive legal mechanisms for cross-sector coordination and international cooperation. The research confirms that existing laws partially address cybersecurity risks but are often reactive rather than anticipatory, limiting their effectiveness against rapidly evolving global cyber threats. The originality of this study lies in its integrated legal analysis of national cybersecurity frameworks through the lens of critical digital infrastructure protection. By linking legal norms, institutional design, and strategic objectives, the research contributes to a deeper understanding of how law can function as a proactive instrument of cyber resilience. The findings offer practical insights for policymakers and legal scholars and suggest future research directions, including the harmonization of national laws and the development of transnational legal mechanisms for critical infrastructure protection
References
[1] Kello, L. (2017). The Virtual Weapon and International Order. New Haven, CT: Yale University Press.
[2] DeNardis, L. (2020). The Internet in Everything: Freedom and Security in a World with No Off Switch. New Haven, CT: Yale University Press.
[3] Dunn Cavelty, M. (2008). Cyber-Security and Threat Politics: US Efforts to Secure the Information Age. London: Routledge. Available: https://www.routledge.com/Cyber-Security-and-Threat-Politics-US-Efforts-to-Secure-the-Information-Age/Dunn/p/book/9780415569880
[4] Carr, M. (2016). US Power and the Internet in International Relations: The Irony of the Information Age. London: Palgrave Macmillan.
[5] Shackelford, S. J. (2014). Toward cyber peace: Managing cybersecurity risk through cooperation. American University Law Review, 62(5), 1273-1336.
[6] Hathaway, O. A., Crootof, R., Levitz, P., Nix, H., Nowlan, A., Perdue, W., & Spiegel, J. (2012). The law of cyber-attack. California Law Review, 100(4), 817-885.
[7] Goldsmith, J., & Wu, T. (2006). Who Controls the Internet? Illusions of a Borderless World. Oxford: Oxford University Press.
[8] OECD. (2019). Recommendation of the Council on Digital Security of Critical Activities, OECD/LEGAL/0456. Available: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0456
[9] European Parliament and Council. (2022). Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). Available: https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng
[10] UNODC. (2013). Comprehensive Study on Cybercrime. Available: https://www.unodc.org/unodc/en/organized-crime/comprehensive-study-on-cybercrime.html
[11] Klimburg, A. (2017). The Darkening Web: The War for Cyberspace. New York: Penguin Press.
[12] Mueller, M. (2017). Will the Internet Fragment? Sovereignty, Globalization, and Cyberspace. Cambridge: Polity Press.
[13] von Solms, R., & van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97-102.
[14] ASEAN Secretariat. (2021). ASEAN Cybersecurity Cooperation Strategy 2021-2025. Jakarta: ASEAN.
[15] Cyber Security Agency of Singapore. (2018). Cybersecurity Act 2018. Available: https://www.csa.gov.sg/legislation/cybersecurity-act/
[16] White House. (2013). Presidential Policy Directive 21: Critical Infrastructure Security and Resilience. Available: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
[17] Brenner, S. W. (2010). Cybercrime: Criminal Threats from Cyberspace. Santa Barbara: Praeger.
[18] Koops, B. J. (2010). Ten dimensions of technology regulation. Tilburg Law Review, 15(2), 309-324.
[19] Floridi, L. (2014). The Fourth Revolution: How the Infosphere Is Reshaping Human Reality. Oxford: Oxford University Press.
[20] World Economic Forum. (2023). Global Cybersecurity Outlook 2023. Geneva: World Economic Forum.
[21] McConville, M., & Chui, W. H. (Eds.). (2017). Research Methods for Law. Edinburgh: Edinburgh University Press.
[22] Hutchinson, T. (2010). Researching and Writing in Law. Pyrmont: Lawbook Co.
[23] Booth, A., Sutton, A., & Papaioannou, D. (2016). Systematic Approaches to a Successful Literature Review. London: Sage.
[24] Republic of Indonesia. (2024). Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions.
[25] Republic of Indonesia. (2019). Government Regulation Number 71 of 2019 on Electronic System and Transaction Operation.
[26] Republic of Indonesia. (2022). Law Number 27 of 2022 on Personal Data Protection.
[27] Republic of Indonesia. (2021). Presidential Regulation Number 28 of 2021 concerning the National Cyber and Crypto Agency.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Jurnal Hukum Siber dan Regulasi Teknologi

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.








