This article examines contemporary challenges in protecting critical infrastructure, driven by the rapid growth of “hybrid” cyber-physical attacks and chronic gaps in intelligence sharing between strategic analysts and field response teams. The study aims to analyze existing legal and regulatory frameworks in the United States and the European Union, assess the technological capabilities of a “digital twin” of CNI assets, and identify key barriers to translating threat analyses into on-site operational actions. The relevance of this work is underscored by statistics from Europol, KnowBe4, Check Point, and NERC reporting hundreds of millions of cyberattacks and thousands of physical incidents per year, as well as high-profile cases such as Colonial Pipeline and Moore County, which exposed critical communication failures between the intelligence community and asset operators. The novelty of the research lies in an interdisciplinary comparison of the paradigms of problem-oriented policing, intelligence-led policing, and the all-hazards approach with current technological and regulatory realities, including ISA/IEC 62443 standards, the Zero Trust protocol, and the STIX 2.1 format for alert exchange. Thus, the main technical and legal barriers to bringing intelligence data into field operations have been pinpointed, and the efficacy of a sync exchange approach has been demonstrated through cases from the Port of Rotterdam, Capital Shield program, and Cyberabwehr Bayern, where timely delivery of analytics saw average response times go from days to hours. It proposes unifying procedures and exchange protocols as a foundation for increased coordination among varied services in critical infrastructure protection. This work will benefit developers of state security infrastructure, cyber and physical protection specialists, and fusion-center analysts.

critical infrastructure, hybrid threats, intelligence data, field response, legal and regulatory frameworks, digital twin, Zero Trust, STIX 2.1, intelligence-led policing

L. O’Carroll, “Russia using criminal networks to drive increase in sabotage acts, says Europol,” The Guardian, Mar. 18, 2025. https://www.theguardian.com/technology/2025/mar/18/russia-criminal-networks-drive-increase-sabotage-europol (accessed Apr. 10, 2025).

A. Ribeiro and A. Ribeiro, “Critical infrastructure faces 30 percent surge in cyber attacks, KnowBe4 report highlights,” Industrial Cyber, Aug. 28, 2024. https://industrialcyber.co/critical-infrastructure/critical-infrastructure-faces-30-percent-surge-in-cyber-attacks-knowbe4-report-highlights/ (accessed Apr. 11, 2025).

S. Dareen and S. Vallari, “Cyberattacks on US utilities surged 70% this year, says Check Point,” Reuters, Sep. 11, 2024. Accessed: Apr. 12, 2025. [Online]. Available: https://www.reuters.com/technology/cybersecurity/cyberattacks-us-utilities-surged-70-this-year-says-check-point-2024-09-11/

L. Kearney, “US electric grid growing more vulnerable to cyberattacks, regulator says,” Reuters, Apr. 04, 2024. Accessed: Apr. 14, 2025. [Online]. Available: https://www.reuters.com/technology/cybersecurity/us-electric-grid-growing-more-vulnerable-cyberattacks-regulator-says-2024-04-04/

S. Schwartz, “CISA left in the dark during Colonial Pipeline’s initial response,” Cybersecurity Dive, May 12, 2021. https://www.cybersecuritydive.com/news/colonial-pipeline-ransomware-cisa-senate-hearing/600029/ (accessed Apr. 15, 2025).

S. Bernstein, “North Carolina electric grid shooter ‘knew exactly what they were doing,’ sheriff says,” Reuters, Dec. 06, 2022. Accessed: Apr. 16, 2025. [Online]. Available: https://www.reuters.com/world/us/attack-north-carolina-electric-grid-new-level-threat-governor-says-2022-12-05/

“Electric Grid Security and Resilience: Establishing a Baseline for Adversarial Threats,” 2016. Available: https://www.energy.gov/sites/prod/files/2017/01/f34/Electric%20Grid%20Security%20and%20Resilience--Establishing%20a%20Baseline%20for%20Adversarial%20Threats.pdf

M. Peterson, “Intelligence-Led Policing: The New Intelligence Architecture,” Bureau of Justice Assistance. Accessed: Apr. 17, 2025. [Online]. Available: https://www.ojp.gov/pdffiles1/bja/210681.pdf

R. Singel, “Feds Tout New Domestic Intelligence Centers,” Wired, Mar. 20, 2008. https://www.wired.com/2008/03/feds-tout-new-d/ (accessed Apr. 19, 2025).

A. Allen, “The All Hazards Approach To Emergency Planning, Explained” AlertMedia, Jan. 09, 2019. https://www.alertmedia.com/blog/all-hazards-approach/ (accessed Apr. 20, 2025).

“National Security Memorandum on Critical Infrastructure Security and Resilience | CISA,” CISA. https://www.cisa.gov/national-security-memorandum-critical-infrastructure-security-and-resilience (accessed Apr. 21, 2025).

“2024 JCDC Priorities,” CISA. https://www.cisa.gov/topics/partnerships-and-collaboration/joint-cyber-defense-collaborative/2024-jcdc-priorities (accessed Apr. 21, 2025).

Directive - 2022/2557. 2022. Accessed: Apr. 22, 2025. [Online]. Available: https://eur-lex.europa.eu/eli/dir/2022/2557/oj/eng

“Europol Programming Document,” Europol, 2024. Accessed: Apr. 24, 2025. [Online]. Available: https://www.europol.europa.eu/cms/sites/default/files/documents/Europol_Programming_Document_2024-2026.pdf

“Global Digital Twin Market Size & Share Report,” Grand View Research, 2023. https://www.grandviewresearch.com/industry-analysis/digital-twin-market (accessed Apr. 26, 2025).

International Society of Automation, “ISA/IEC 62443 Series of Standards,” ISA, 2024. https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards (accessed Apr. 27, 2025).

“What Is Zero Trust Security?” Spiceworks, Oct. 22, 2021. https://www.spiceworks.com/it-security/network-security/articles/zero-trust-security/#lg=1&slide=0 (accessed Apr. 28, 2025).

A. Chuvakin, “Reading the Mandiant M-Trends 2024,” Medium, May 2024. https://medium.com/anton-on-security/reading-the-mandiant-m-trends-2024-acb3208add80 (accessed Apr. 30, 2025).

“Dragos’s 8th Annual OT Cybersecurity Year in Review Is Now Available,” Dragos, Feb. 25, 2025. https://www.dragos.com/blog/dragos-8th-annual-ot-cybersecurity-year-in-review-is-now-available/ (accessed May 01, 2025).

I. H. Sarker, H. Janicke, A. Mohsin, A. Gill, and L. Maglaras, “Explainable AI for cybersecurity automation, intelligence and trustworthiness in digital twin: Methods, taxonomy, challenges and prospects,” ICT express, vol. 10, no. 4, May 2024, doi: https://doi.org/10.1016/j.icte.2024.05.007.

“State and Local Cybersecurity Grant Program,” CISA. https://www.cisa.gov/cybergrants/slcgp (accessed May 02, 2025).

“Avy’s VTOL-in-a-box,” Avy, 2024. https://avy.eu/technology (accessed May 02, 2025).

R. O’Dwyer, “Digital port data exchange trial reduces Rotterdam idle time by 30%,” Smart Maritime Network, Jun. 03, 2020. https://smartmaritimenetwork.com/2020/06/03/digital-port-data-exchange-trial-reduces-rotterdam-idle-time-by-30 (accessed May 03, 2025).

“National Capital Region Threat Intelligence Consortium,” HSEMA. https://hsema.dc.gov/DCFC (accessed May 05, 2025).

J. V. Cuffar, “OIG-24-62,” Office of Inspector General, Sep. 2024. Accessed: May 06, 2025. [Online]. Available: https://www.oig.dhs.gov/sites/default/files/assets/2024-09/OIG-24-62-Sep24.pdf

J. Herrmann, “Cybersicherheit in Bayern 2022,” Bayern, 2023. Accessed: May 06, 2025. [Online]. Available: https://www.stmi.bayern.de/assets/stmi/sus/datensicherheit/brosch%C3%BCre_cybersicherheit_in_bayern_2022.pdf

“Cybersecurity situation is tense to critical,” Bayern Innovativ, 2024. https://www.bayern-innovativ.de/en/emagazine/detail/en/page/cybersecurity-situation-is-tense-to-critical (accessed May 07, 2025).