The biggest security risk may not be inside your company: supply chains and post-quantum cryptography are changing the rules for protecting critical infrastructure

21. mája 2026

Until recently, the security of critical infrastructure was associated mainly with the protection of physical facilities, energy sources, or state systems. Today, however, it is increasingly clear that the real vulnerability often lies outside the organisation itself: in its supply chains, technology partners, and external services.

Modern critical infrastructure is no longer made up of isolated entities. It is an interconnected ecosystem in which energy companies depend on cloud solutions, hospitals on IT vendors and telecommunications operators, banks on software platforms, and industrial enterprises on logistics and data services.


This leads to a fundamental fact: the security of every organisation today is only as strong as the weakest partner in its chain.


The supply chain as the fastest-growing attack vector against critical infrastructure


Supply chain attacks are among the most significant trends in the field of cyber threats. Attackers are increasingly choosing not to target the end organisation directly, but instead use less-protected suppliers as their entry point. In practice, this may involve a single compromised software update, misused remote access, or an insufficiently secured integration interface. The consequence, however, may not be an incident affecting just one company, but a cascading effect across the entire sector.


For many companies, a fundamental realisation is that even if they do not formally fall under critical infrastructure regulation, they may be an inseparable part of it – and therefore part of its risk profile.


“Security is no longer an individual attribute of a single organisation, but a shared attribute of the entire ecosystem of partners and suppliers,” points out Tibor Straka, President of the Critical Infrastructure Association of the Slovak Republic.


Post-quantum cryptography: the challenge of the coming decade


Another fundamental, yet still under-discussed topic enters into this dynamic: the rise of quantum technologies and the need to transition to post-quantum cryptography.


Although quantum computers are not yet in mass commercial deployment, the expert community has long been warning about the strategic risk that is already emerging in the area of data protection. The phenomenon known as “harvest now, decrypt later” means that encrypted data can be collected today with the aim of decrypting it in the future, once quantum systems reach sufficient capability.


This fundamentally changes the perspective on the long-term confidentiality of information. Sensitive contracts, technical documentation, strategic communications, or operational data of infrastructure systems may be compromised with a time lag that many organisations are not yet prepared to acknowledge. Post-quantum cryptography is therefore not an academic topic of the future, but is gradually becoming part of the real security strategies of states and technology leaders. It is a topic whose importance will grow significantly in the coming years, and which therefore requires systematic attention already today.


From individual security to shared resilience


The growing interconnection of threats shows that the resilience of critical infrastructure can no longer be viewed in isolation. Risks are not limited to individual organisations but naturally spread across supply, technology, and operational links. This development is changing the very nature of security: from internal risk management it is becoming a question of the connections and dependencies among the individual actors of critical infrastructure.


Critical infrastructure is an interconnected system, whether we like it or not. A single weak point can affect another part of the system, and the consequences may be fundamental,” adds Tibor Straka, President of the Critical Infrastructure Association of the Slovak Republic.


Cooperation within the critical infrastructure ecosystem


In this context, a need is taking shape in Slovakia for a coordinated approach to building the resilience of critical infrastructure, connecting expert, technological, and security capacities. This role is taken on by the Critical Infrastructure Association of the Slovak Republic, which provides not only expert backing, but also a practical space for addressing the real challenges that arise at the intersection of technology, security, and the operation of critical systems.



At a time when risks are shifting across supply chains and technological changes such as the rise of post-quantum cryptography are altering the basic assumptions of digital security, the importance of a coordinated approach to the protection of critical infrastructure is naturally growing. Let us pay attention to it. It concerns us all.

3. júla 2026
Another article in the series in which we present the essential services of critical infrastructure under Act No. 367/2024 Coll. on Critical Infrastructure. 
3. júla 2026
Ďalší článok zo série, v ktorej predstavujeme základné služby kritickej infraštruktúry podľa zákona č. 367/2024 Z. z. o kritickej infraštruktúre.
30. júna 2026
The strategic partnership between the Critical Infrastructure Association of the Slovak Republic and the Indian government organization Centre for Development of Telematics (C-DOT) has generated significant media attention in India as well. The topic of cooperation in quantum technologies, digital security, and critical infrastructure protection has appeared in several Indian media outlets and on professional platforms.
30. júna 2026
Strategické partnerstvo medzi Asociáciou kritickej infraštruktúry Slovenskej republiky a indickou vládnou organizáciou Centre for Development of Telematics (C-DOT) vyvolalo výrazný mediálny ohlas aj v Indii. Téma spolupráce v oblasti kvantových technológií, digitálnej bezpečnosti a ochrany kritickej infraštruktúry sa objavila vo viacerých indických médiách a na odborných platformách.
25. júna 2026
The Slovak Republic and the Republic of India are expanding cooperation in the field of digital security and advanced cryptographic technologies. On the occasion of the visit of the Prime Minister of the Republic of India, Narendra Modi, to Slovakia, the Critical Infrastructure Association of the Slovak Republic (AKI SR) and the Indian government organization Centre for Development of Telematics (C-DOT) signed a Memorandum of Understanding, which establishes a foundation for the joint development and implementation of quantum-safe technologies and the protection of critical infrastructure.
25. júna 2026
Slovenská republika a Indická republika rozširujú spoluprácu v oblasti digitálnej bezpečnosti a pokročilých kryptografických technológií. Asociácia kritickej infraštruktúry Slovenskej republiky (AKI SR) a indická vládna organizácia Centre for Development of Telematics (C-DOT) podpísali pri príležitosti návštevy predsedu vlády Indickej republiky Narendru Modiho na Slovensku Memorandum o porozumení, ktoré vytvára základ pre spoločný vývoj a implementáciu kvantovo bezpečných technológií a ochranu kritickej infraštruktúry.
24. júna 2026
The recent disruption to rail operations in Germany, which was related to a problem in the GSM-R communication system, is an important warning for the whole of Europe. It shows that the security and continuity of critical infrastructure today does not depend only on physical assets, tracks, stations, vehicles, or technical equipment. Equally important are communication, data, control, and information systems, without which safe and reliable operations cannot be ensured.
24. júna 2026
Nedávny výpadok železničnej prevádzky v Nemecku, ktorý súvisel s problémom v komunikačnom systéme GSM-R, je dôležitým upozornením pre celú Európu. Ukazuje, že bezpečnosť a kontinuita kritickej infraštruktúry dnes nezávisí iba od fyzických objektov, tratí, staníc, vozidiel alebo technických zariadení. Rovnako dôležité sú komunikačné, dátové, riadiace a informačné systémy, bez ktorých nie je možné zabezpečiť bezpečnú a spoľahlivú prevádzku.
22. júna 2026
The Ministry of Economy of the Slovak Republic and the Critical Infrastructure Association of the Slovak Republic signed a Memorandum of Cooperation on Monday, 22 June 2026, with the aim of strengthening cooperation in the field of resilience of the critical infrastructure of the Slovak Republic and ensuring the continuity of the provision of essential services.
22. júna 2026
Ministerstvo hospodárstva Slovenskej republiky a Asociácia kritickej infraštruktúry Slovenskej republiky podpísali v pondelok 22. júna 2026 Memorandum o spolupráci, ktorého cieľom je posilnenie spolupráce v oblasti odolnosti kritickej infraštruktúry Slovenskej republiky a zabezpečovania kontinuity poskytovania základných služieb.