Legacy and highly interconnected digital infrastructures—such as smart cities and Industry 4.0 systems—often lack security-by-design and are already compromised, rendering conventional preventive security paradigms insufficient. Method: This work introduces the novel “securitization of compromised systems” paradigm, integrating zero-trust architecture, runtime trusted execution environments (TEEs), adaptive access control, supply-chain risk awareness, and distributed attestation to enable continuous runtime verification, dynamic trust reconfiguration, and cross-layer coordinated recovery. Contribution/Results: Evaluated on a multi-scenario simulation platform, the framework achieves rapid detection and isolation of compromised nodes, service-level security degradation, a 42% reduction in average recovery latency, and 99.98% critical business continuity. It constitutes the first systematic runtime resilience assurance framework explicitly designed for already-compromised systems, offering a deployable security enhancement pathway for legacy and tightly coupled infrastructures.

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.