Legal Design and Cyber Resilience: A Comparative Study of Cybersecurity Frameworks for Critical Infrastructure in Five Jurisdictions
DOI:
https://doi.org/10.61978/legalis.v3i4.1121Keywords:
Cybersecurity Law, Critical Infrastructure, Incident Reporting, OT/ICS Security, Regulatory Comparison, National CSIRT, Cyber ResilienceAbstract
Cyber threats targeting critical infrastructure, particularly Operational Technology (OT) and Industrial Control Systems (ICS), have escalated globally in both frequency and severity, prompting nations to implement legal frameworks mandating risk management and incident reporting. This study provides a comparative analysis of cybersecurity regulations across five jurisdictions: the European Union, United States, Australia, Singapore, and Indonesia. It aims to evaluate how legal design, reporting obligations, and institutional coordination influence cyber risk outcomes. Using panel data from 2020 to 2025, this research employs Difference-in-Differences and fixed effects models to assess the relationship between regulatory adoption and indicators such as OT ransomware activity and ICS threat block rates. Legal variables include the implementation status of NIS2, CIRCIA, SOCI/SLACIP, the Cybersecurity Act (SG), and Perpres 82/2022 (ID). Outcome data are drawn from Dragos and Kaspersky ICS-CERT reports. The results indicate that jurisdictions with rapid reporting mandates (12–24h), standardized frameworks (NIST CSF), and strong institutional oversight demonstrate improved cyber resilience. For example, ransomware trends decline in Australia and the EU post-regulation, while malicious block rates increase in Singapore and Indonesia. However, compliance burdens and fragmented oversight reduce regulatory efficacy, especially in less coordinated systems like the US. The study concludes that successful cybersecurity governance depends on the alignment of legal mandates, operational feasibility, and institutional capability. For developing countries like Indonesia, enhancing cross-sector CSIRT capacity, aligning with global standards, and streamlining regulatory requirements are critical for improving national cyber resilience.
References
Abrahams, T. O., Ewuga, S. K., Dawodu, S. O., Adegbite, A. O., & Hassan, A. O. (2024). A Review of Cybersecurity Strategies in Modern Organizations: Examining the Evolution and Effectiveness of Cybersecurity Measures for Data Protection. Computer Science & It Research Journal, 5(1), 1–25. https://doi.org/10.51594/csitrj.v5i1.699 DOI: https://doi.org/10.51594/csitrj.v5i1.699
Adegbite, A. O., Akinwolemiwa, D. I., Uwaoma, P. U., Kaggwa, S., Akindote, O. J., & Dawodu, S. O. (2023). Review of Cybersecurity Strategies in Protecting National Infrastructure: Perspectives From the Usa. Computer Science & It Research Journal, 4(3), 200–219. https://doi.org/10.51594/csitrj.v4i3.658 DOI: https://doi.org/10.51594/csitrj.v4i3.658
Ballreich, F. L., Volkamer, M., Müllmann, D., Berens, B., Häußler, E. M., & Renaud, K. (2023). Encouraging Organisational Information Security Incident Reporting. 224–236. https://doi.org/10.1145/3617072.3617098 DOI: https://doi.org/10.1145/3617072.3617098
Chen, N., Chou, P.-W., Li, J.-S., & Liu, I. (2024). A Case Study of Network-Based Intrusion Detection System Deployment in Industrial Control Systems With Network Isolation. Proceedings of International Conference on Artificial Life and Robotics, 29, 30–33. https://doi.org/10.5954/icarob.2024.os1-5 DOI: https://doi.org/10.5954/ICAROB.2024.OS1-5
Colburn, D., Finkelhor, D., & Turner, H. A. (2023). Help-Seeking From Websites and Police in the Aftermath of Technology-Facilitated Victimization. Journal of Interpersonal Violence, 38(21–22), 11642–11665. https://doi.org/10.1177/08862605231186156 DOI: https://doi.org/10.1177/08862605231186156
Delgado, M. F., Esenarro, D., Regalado, F. F. J., & Reátegui, M. D. (2021). Methodology Based on the NIST Cybersecurity Framework as a Proposal for Cybersecurity Management in Government Organizations. 3c Tic Cuadernos De Desarrollo Aplicados a Las Tic, 10(2), 123–141. https://doi.org/10.17993/3ctic.2021.102.123-141 DOI: https://doi.org/10.17993/3ctic.2021.102.123-141
Dubois, E., & Tatar, U. (2022). Mitigating Global Cyber Risk Through Bridging the National Incident Response Capacity Gap. International Conference on Cyber Warfare and Security, 17(1), 527–531. https://doi.org/10.34190/iccws.17.1.66 DOI: https://doi.org/10.34190/iccws.17.1.66
Huang, K., Madnick, S., Choucri, N., & Fang, Z. (2021). A Systematic Framework to Understand Transnational Governance for Cybersecurity Risks From Digital Trade. Global Policy, 12(5), 625–638. https://doi.org/10.1111/1758-5899.13014 DOI: https://doi.org/10.1111/1758-5899.13014
Javed, A. R., Ahmed, W., Alazab, M., Jalil, Z., Kifayat, K., & Gadekallu, T. R. (2022). A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions. Ieee Access, 10, 11065–11089. https://doi.org/10.1109/access.2022.3142508 DOI: https://doi.org/10.1109/ACCESS.2022.3142508
Kaczmarski, K., Pasha, A., Inusah, A.-H. S., Li, X., & Qiao, S. (2024). Organizational Resilience and Its Implications for Healthcare Workers in the COVID-19 Pandemic: A Literature Review. https://doi.org/10.1101/2024.10.10.24315244 DOI: https://doi.org/10.1101/2024.10.10.24315244
Kondlo, A., Leenen, L., & Vuuren, J. J. v. (2022). An Ontological Model for a National Cyber-Attack Response in South Africa. European Conference on Cyber Warfare and Security, 21(1), 130–149. https://doi.org/10.34190/eccws.21.1.213 DOI: https://doi.org/10.34190/eccws.21.1.213
Roos, L. E., Knight, E. L., Beauchamp, K. G., Berkman, E. T., Faraday, K., Hyslop, K., & Fisher, P. A. (2017). Acute Stress Impairs Inhibitory Control Based on Individual Differences in Parasympathetic Nervous System Activity. Biological Psychology, 125, 58–63. https://doi.org/10.1016/j.biopsycho.2017.03.004 DOI: https://doi.org/10.1016/j.biopsycho.2017.03.004
Sarkies, M., Bowles, K., Skinner, E. H., Haas, R., Mitchell, D., O’Brien, L., May, K., Ghaly, M., Ho, M., & Haines, T. (2016). Do Daily Ward Interviews Improve Measurement of Hospital Quality and Safety Indicators? A Prospective Observational Study. Journal of Evaluation in Clinical Practice, 22(5), 792–798. https://doi.org/10.1111/jep.12543 DOI: https://doi.org/10.1111/jep.12543
TARHAN, K. (2023). Historical Development of Cybersecurity Studies: A Literature Review and Its Place in Security Studies. Przegląd Strategiczny, 15, 393–414. https://doi.org/10.14746/ps.2022.1.23 DOI: https://doi.org/10.14746/ps.2022.1.23
Tumkevič, A. (2017). Cybersecurity in Central Eastern Europe: From Identifying Risks to Countering Threats. Baltic Journal of Political Science, 5(5), 73. https://doi.org/10.15388/bjps.2016.5.10337 DOI: https://doi.org/10.15388/BJPS.2016.5.10337
Tvaronavičienė, M., Plėta, T., Casa, S. D., & Latvys, J. (2020). Cyber Security Management of Critical Energy Infrastructure in National Cybersecurity Strategies: Cases of USA, UK, France, Estonia and Lithuania. Insights Into Regional Development, 2(4), 802–813. https://doi.org/10.9770/ird.2020.2.4(6) DOI: https://doi.org/10.9770/IRD.2020.2.4(6)
Wallis, T., Johnson, C., & Khamis, M. (2021). 634 Views No Files Have Yet Been Downloaded. 0 Citations See All Citations Reviewed Article Interorganizational Cooperation in Supply Chain Cybersecurity: A Cross-Industry Study of the Effectiveness of the UK Implementation of the NIS Directive. Information & Security an International Journal, 48, 36–68. https://doi.org/10.11610/isij.4812 DOI: https://doi.org/10.11610/isij.4812
Zhang, S., Zeng, G., Yang, X., & Lin, Z. (2024). Potential Impacts of Reduced Winter Kara Sea Ice on the Dipole Pattern of Cold Surge Frequency Over the Tropical Western Pacific. Environmental Research Letters, 19(6), 064047. https://doi.org/10.1088/1748-9326/ad4c7f DOI: https://doi.org/10.1088/1748-9326/ad4c7f
