From Battlefield to Boardroom: Military-Grade Cyber Resilience Redefines Critical Infrastructure Protection

When the lights go out in a city, it’s rarely just a technical glitch. Behind the scenes, the battle for control over critical infrastructure is increasingly fought in cyberspace – and the strategies being deployed are starting to look a lot like military operations. At the 23rd ICT Security Forum in Rome, Nicola Mugnato, CTO and co-founder of Gyala, unveiled how battle-tested cyber resilience tactics from the armed forces are now being weaponized to safeguard Europe’s most vital civilian systems under the new NIS2 directive.

Military Lessons, Civilian Stakes

The NIS2 directive was born out of necessity. Its predecessor, NIS1, left too much room for interpretation, resulting in fragmented protections across Europe. NIS2 is different: it spells out exactly which sectors and organizations must comply, from energy grids to water utilities and central government agencies. In Italy, this has been codified in law, with clear obligations for everything from major hospitals to small-town administrations.

But the challenge is not just about ticking compliance boxes. As Mugnato explained, civilian infrastructure is now as complex - and as vulnerable - as anything on the military front. In the IT world, centralization and standardized policies are the norm. But in the OT (Operational Technology) domain - think power plants or water treatment facilities - systems are distributed, independent, and often run by operators with little cyber expertise. Add in the complexity of third-party vendors, some of whom are global giants with their own impenetrable policies, and the risk landscape grows exponentially.

The Command Structure of Cyber Defense

In military operations, the local commander is king. The same logic now applies to civilian critical infrastructure. While the Chief Information Security Officer (CISO) retains oversight and liaises with national authorities, it’s the plant manager - the “captain of the ship” - who must make snap decisions when a cyber incident hits. This distributed governance model means resilience can’t be outsourced to a distant SOC; it must be embedded in the very fabric of the facility.

Gyala’s Agger platform, originally developed for the Italian Navy and Army, embodies this philosophy. It equips each site with automated detection, defense, and self-healing capabilities - even when cut off from central command. Agents installed on local systems monitor, block, and restore processes in real time, while network probes sniff out anomalies. Crucially, these tools are customizable to the unique demands of each installation, whether it’s running modern Linux servers or aging Windows XP machines still common in industrial automation.

Resilience by Design, Not by Default

The key takeaway: real-world cyber resilience is not about fancy dashboards or regulatory checklists. It’s about empowering frontline operators - military or civilian - to maintain control, continuity, and safety, even when the digital bullets start flying. As Europe’s critical infrastructure faces mounting threats, the future of cybersecurity may well depend on how quickly we can translate battlefield experience into boardroom reality.