As global geopolitical conflicts intensify, submarine optical cables, Ukrainian power plants, Russian oil refineries, and even private and public civilian facilities such as airports, desalination plants, and Amazon data centers are increasingly becoming direct targets of wars and cyber attacks. This trend has led to fierce debates between private industry and governments around the world over the implementation of new security regulations and the allocation of potential defense costs.

In Germany, powerful industry associations representing private companies and municipal utilities are collectively resisting new government standards for physical protection, warning that these high compliance costs could push companies into financial ruin. Meanwhile, a new bill proposed by the New Zealand government that would impose huge fines on critical infrastructure companies and their directors for cybersecurity breaches has also encountered industry resistance.

The boundaries between national security and corporate operations are rapidly blurring. A clear signal is that the 32 member states of the North Atlantic Treaty Organization (NATO) reached an agreement last year. Under the overall framework of committing to spend 5% of their economic output on defense and security, 1.5% of it will be earmarked for non-traditional defense needs closely related to the military, including the protection of critical infrastructure and networks. The spending targets a wide range of areas, from cybersecurity and industrial capacity to the railways, bridges and ports needed for military logistics. NATO's top military adviser, Italian Navy Admiral Giuseppe Cavo Dragone, clearly pointed out that we need a broader defense concept, because modern defense is no longer limited to the military level.

To further complicate the situation, enterprises must now protect the data networks that serve as entry points to critical infrastructure. Hackers' attack methods have changed. They not only steal computer files, but also frequently target operational systems that manage core functions such as building access and factory control, attempting to cause physical damage or conduct espionage through remote manipulation. U.S. authorities have warned that hackers are trying to disrupt the U.S. drinking water system by attacking computer equipment that connects hardware and software; and earlier, valves at a Norwegian hydropower station were remotely manipulated by suspected hostile hackers.

Another huge challenge is how to sort out jurisdiction and legal responsibility for assets that cross international waters or are damaged in combat, such as undersea data cables or energy pipelines. Protection efforts are now complicated by functional turf wars between law enforcement and the military. Mark Glasser, an expert who has worked on network and infrastructure security for thirty years at the U.S. Department of Transportation and Department of Homeland Security, pointed out that private owners can invest in redundant construction, daily monitoring and repair capabilities, but only the government and military have the ability to truly deter, patrol, trace or respond to hostile state actions.

Therefore, many companies have called on the government to further clarify the degree of protection it will provide and provide financial subsidies to help private companies maintain these private assets that are both in the public interest. Currently, most governments do not provide companies with additional incentives to invest in safety beyond statutory minimum flexibility requirements. Faced with the severe situation, the CEO of the Port of Long Beach, California launched a cyber defense operations center in May this year to respond to tens of thousands of cyber attacks every day that seriously threaten computer systems and networked devices.

In response to this global threat, regulatory policies are tightening at an accelerated pace. The European Union has passed new regulations aimed at reducing security vulnerabilities across countries. At the same time, the UK has also proposed new legislation in an attempt to increase penalties for intentional damage to undersea facilities, updating archaic legal provisions that have been in place since the first telegraph cables were laid in the 19th century.