e-Seminar on auditing the critical information infrastructure was held on 24 April

On 24 April 2025, e-Seminar “Mission Critical – Auditing the Critical Information Infrastructure” took place and was accessible to all members of the International Organisation of Supreme Audit Institutions (INTOSAI). More than 200 participants from 46 different countries took part in the e-Seminar.

Participants gained valuable insights into the auditing of critical infrastructure through engaging presentations by distinguished keynote speakers and experts from SAIs. These sessions highlighted following.

• Cyber attacks are increasing across all CII sectors — resilience is not optional.
• Supply chain security is vital — not just IT, but every connected component matters.
• Emerging technologies will reshape the cybersecurity threat landscape — right now, post-quantum computing is keeping CII defenders up at night even more than AI.
• The human factor is still the weakest link — “zero trust“ needs real implementation, not just buzzwords.
• Legacy systems and tech in CII may present serious long-term risks.
• Cloud contracts deserve special attention.
• Standards and frameworks must evolve to match fast-moving technologies while allowing for adaptability. In Europe, smooth NIS2 implementation is needed to empower cybersecurity and resilience of CII.
• Good governance and coordination, the bread and butter of SAIs, is essential also in CII — especially in complex, cross-sector, and multi-level systems.
• Supreme Audit Institutions can investigate entities’ risk management, business continuity planning but also play a role in assessing whether investments into CII are efficient and whether risk tolerance levels are appropriate and justified.

All relevant materials from the e-Seminar are available here including the report, presentations and videos.

.