Business opportunities in the European High North (EHN) are accompanied by the danger of cyber-threats, especially to critical infrastructures which in these Arctic regions become “extra critical” because of the harsh environmental climatic conditions and remoteness of distances. Critical infrastructures (CI) in the EHN are crucial for numerous sectors, such as the energy sector which is completely depended on digitalization, internet and computers’ commands. Such a new condition of extra criticality should also include human security concerns to avoid human disasters. An effective legal framework under “exceptionally critically infrastructure conditions” (ECIC) for this technology is important not only in terms of national legislation, but also in view of a regional, international and global networks character. This paper links for the first time, law, internet and cybersecurity, environment and society in a global human security dimension in a multi-regulatory contextual analysis. The aim is to trace the legal framework for response to a cyber-attack to critical infrastructure in the energy sector and takes Norway as a case study because this country is highly dependent on cyber technology and on critical infrastructures. The question of research is: using a human security focus in the case of cyber-threats under ECIC in the EHN, what ways can an assessment recommend to improve international, and regional law? Five analytical tasks are undertaken: 1) the concept of critical infrastructure vulnerability to cyber-attacks under “exceptionally critically infrastructure conditions” (ECIC) in the EHN with focus on the energy sector is explained in connection to the notion of human security, 2) a backdrop of regional and international collaboration is followed, 3) a trajectory of multilevel contextual analysis of the different sources of law and policy applicable to cyber-threats to CI is outlined, and 4) an examination of cooperation under the North Atlantic Treaty Organization (NATO).