With respect to critical information and communication technologies (ICT), nations most often declare their national critical infrastructure to include telecommunication services and in some cases critical services offered by key Internet Service Providers (ISP). This paper debates whether nations, their policy-makers, legislation and regulation largely overlook and fail to properly govern the full set of ICT elements and services critical to the functioning of their nation. The related societal and economical risk, however, needs to be closely mitigated, managed and governed. Legal and regulatory obligations to increase the ICT resilience may sometimes encourage this process.