Content deleted Content added
MudricMina (talk | contribs) m →External links: added relevant external links |
|||
| (97 intermediate revisions by 70 users not shown) | |||
Line 1:
{{
{{More citations needed|date=June 2023}}
{{Short description|Infrastructure important to national security}}
{{Use mdy dates|date = March 2019}}
{{Public Infrastructure}}
'''Critical infrastructure''', or '''critical national infrastructure''' ('''CNI''') in the UK, describes [[infrastructure]] considered essential by [[government]]s for the functioning of a society and economy and deserving of special protection for [[national security]].<ref>{{Cite journal |last=Tarter |first=Alex |date=2015 |title=Securing Critical Infrastructure |url=https://www.jstor.org/stable/26354541 |journal=The Military Engineer |volume=107 |issue=697 |pages=74–75 |issn=0026-3982}}</ref> Critical infrastructure has traditionally been viewed as under the scope of government due to its strategic importance, yet there's an observable trend towards its privatization, raising discussions about how the [[private sector]] can contribute to these essential services.<ref>{{Cite journal |last=De Bruijne |first=Mark |last2=Van Eeten |first2=Michel |date=2007 |title=Systems that Should Have Failed: Critical Infrastructure Protection in an Institutionally Fragmented Environment |url=https://onlinelibrary.wiley.com/doi/10.1111/j.1468-5973.2007.00501.x |journal=Journal of Contingencies and Crisis Management |language=en |volume=15 |issue=1 |pages=18–29 |doi=10.1111/j.1468-5973.2007.00501.x |issn=0966-0879}}</ref>
==Items==
Most commonly associated with the term are [[assets]] and facilities for:
* [[Shelter (building)|Shelter]]; [[Heating]] (e.g. [[natural gas]], [[fuel oil]], [[district heating]]);
* [[
* [[Education]], skills development and technology transfer / basic subsistence and unemployment rate statistics;
* [[Water supply]] (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices));
* [[Public health]] (hospitals, ambulances);
* [[Transportation]] systems (fuel supply, railway network, airports, harbours, inland shipping);
* [[
* [[Electricity generation]], transmission and distribution; (e.g. [[natural gas]], [[fuel oil]], [[coal]], [[nuclear power]])
** [[Renewable energy]], which are naturally replenished on a human timescale, such as sunlight, wind, rain, tides, waves, and geothermal heat.
* [[Telecommunication]]; coordination for successful operations
* [[Economic sector]]; [[Goods and services]] and [[financial services]] (banking, [[Clearing (finance)|clearing]]);
==Protection programmes{{anchor|Protection}}==
===Canada ===
The Canadian Federal Government identifies the following 10 Critical Infrastructure Sectors as a way to classify essential assets.<ref>{{Cite web|url=https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/2021-ctn-pln-crtcl-nfrstrctr/index-en.aspx|title = National Cross Sector Forum 2021-2023 Action Plan for Critical Infrastructure|date = May 26, 2021}}</ref> <ref>{{Cite web|url=https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/srtg-crtcl-nfrstrctr/index-en.aspx|title = National Strategy for Critical Infrastructure|date = December 21, 2018}}</ref>
# Energy & Utilities: Electricity providers; off-shore/on-shore oil & gas; coal supplies, natural gas providers; home fuel oil; gas station supplies; alternative energy suppliers (wind, solar, other)
# Information and Communication Technology: Broadcast Media; telecommunication providers (landlines, cell phones, internet, wifi); Postal services;
# Finance: Banking services, government finance/aid departments; taxation
# Health: Public health & wellness programs, hospital/clinic facilities; blood & blood products
# Food: Food supply chains; food inspectors; import/export programs; grocery stores; Agri & Acqua culture; farmers markets
# Water: Water supply & protection; wastewater management; fisheries & ocean protection programs
# Transportation: Roads, bridges, railways, aviation/airports; shipping & ports; transit
# Safety: Emergency responders; public safety programs
# Government: Military; Continuity of governance
# Manufacturing: Industry, economic development
===European Union===
{{main|European Programme for Critical Infrastructure Protection}}
It has proposed a list of European critical infrastructures based upon inputs by its member states.
Each designated European Critical Infrastructures (ECI) will have to have an Operator Security Plan (OSP) covering the identification of important assets, a risk analysis based on major threat scenarios and the vulnerability of each asset, and the identification, selection and prioritisation of counter-measures and procedures.
===Germany===
The German critical-infrastructure protection programme KRITIS is coordinated by the [[Federal Ministry of the Interior (Germany)|Federal Ministry of the Interior]]. Some of its special agencies like the [[German Federal Office for Information Security]] or the Federal Office of Civil Protection and Disaster Assistance BBK deliver the respective content, e.g., about [[IT systems]].<ref>{{Cite web |url=http://www.bmi.bund.de/cae/servlet/contentblob/544770/publicationFile/27031/kritis.pdf |title=''Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie)'' |access-date=September 17, 2010 |archive-url=https://web.archive.org/web/20170915024238/http://www.bmi.bund.de/cae/servlet/contentblob/544770/publicationFile/27031/kritis.pdf |archive-date=September 15, 2017 |url-status=dead }}</ref>
===Singapore===
In Singapore, critical infrastructures are mandated under the Protected Areas and Protected Places Act.<ref>{{cite web |title=Protected Areas and Protected Places Act - Singapore Statutes Online |url=https://sso.agc.gov.sg/Act-Rev/PAPPA1959/Published/20131231 |website=sso.agc.gov.sg |publisher=Government of Singapore |access-date=15 October 2022 |language=en |date=31 December 2013}}</ref> In 2017, the Infrastructure Protection Act was passed in Parliament, which provides for the protection of certain areas, places and other premises in Singapore against security risks.<ref>{{cite web |title=Infrastructure Protection Act 2017 - Singapore Statutes Online |url=https://sso.agc.gov.sg/Act/IPA2017 |website=sso.agc.gov.sg |access-date=15 October 2022 |language=en |date=2 October 2017}}</ref> It came into force in 2018.<ref>{{cite web |title=Infrastructure Protection Act |url=https://www.police.gov.sg/Advisories/Infrastructure-Protection/Infrastructure-Protection-Act |website=police.gov.sg |publisher=Singapore Police Force |access-date=15 October 2022 |language=en |date=14 March 2019}}</ref><ref>{{cite web |title=Protecting Infrastructure |url=https://www.mha.gov.sg/what-we-do/managing-security-threats/protecting-infrastructure |website=mha.gov.sg |publisher=Ministry of Home Affairs |access-date=15 October 2022 |language=en}}</ref>
===United Kingdom
{{category see also|
In the UK, the
It can call on resources from other government departments and agencies, including [[MI5]], the [[
===United States===
{{main|U.S. critical infrastructure protection}}
The U.S. has had a wide-reaching [[critical infrastructure protection]] program in place since 1996. Its [[Patriot Act]] of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
In 2014 the [[NIST Cybersecurity Framework]] was published, and quickly became a popular set of guidelines, despite the significant costs of full compliance.<ref>{{Cite web|url=https://www.darkreading.com/attacks-breaches/nist-cybersecurity-framework-adoption-hampered-by-costs-survey-finds/d/d-id/1324901|title=NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds|website=Dark Reading|date=March 30, 2016|language=en|access-date=August 2, 2016}}</ref>
These have identified a number of critical infrastructures and responsible agencies:
#
# [[Water]] – [[United States Environmental Protection Agency|Environmental Protection Agency]]
# Public Health –
# Emergency Services – [[Department of Homeland Security]]
#
# [[
# [[Information]] and [[Telecommunications]] – [[Department of Commerce]]
# [[Energy]] – [[United States Department of Energy|Department of Energy]]
# [[Transport]]ation and [[Shipping]] – [[United States Department of Transportation|Department of Transportation]]
# [[Banking]] and [[Finance]] – [[United States Department of the Treasury|Department of the Treasury]]
# [[Chemical Industry]] and [[Hazardous Material]]s –
# [[Mail|Post]] –
# [[National monument (United States)|National monuments]] and icons - [[Department of the Interior]]
# Critical
====National Infrastructure Protection Plan====
The [[National Infrastructure Protection Plan]] (NIPP) defines critical infrastructure sector in the US. Presidential Policy Directive 21 (PPD-21),<ref>{{Cite web|url=https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil|title=Presidential Policy Directive -- Critical Infrastructure Security and Resilience|date=2013-02-12|website=whitehouse.gov|language=en|access-date=2019-03-12}}</ref> issued in February 2013 entitled Critical Infrastructure Security and Resilience mandated an update to the NIPP. This revision of the plan established the following 16 critical infrastructure sectors:
# Chemical
# Commercial facilities
# Communications
# Critical manufacturing
# Dams
# Defense industrial base
# Emergency services
# Energy
# Financial services
# Food and agriculture
# Government facilities
# Healthcare and public health
# Information technology
# Nuclear reactors, materials, and waste
# Transportation systems
# Water and wastewater systems
National Monuments and Icons along with the postal and shipping sector were removed in 2013 update to the NIPP. The 2013 version of the NIPP has faced criticism for lacking viable risk measures.<ref>{{Cite web|url=https://www.hsaj.org/articles/254|title=Towards a Unified Homeland Security Strategy: An Asset Vulnerability Model|last=White|first=R.|date=February 13, 2014|website=Homeland Security Affairs|language=en-US|access-date=February 26, 2015}}</ref><ref>{{Cite web|url=https://www.hsaj.org/articles/1308|title=Resilience Redux: Buzzword or Basis for Homeland Security|last=Kahan|first=J|date=February 4, 2015|website=Homeland Security Affairs|language=en-US|access-date=February 28, 2015}}</ref> The plan assigns the following agencies sector-specific coordination responsibilities:
; [[Department of Homeland Security]]
* Chemical
* Commercial facilities
* Communications
* Critical manufacturing
* Dams
* Emergency services
* Government facilities (jointly with General Services Administration)
* Information technology
* Nuclear reactors, materials, and waste
* Transportation systems (jointly with Department of Transportation)
; Department of Defense
* Defense industrial base
; Department of Energy
* Energy
; Department of the Treasury
* Financial services
; Department of Agriculture
* Food and agriculture
; General Services Administration
* Government facilities (jointly with Department of Homeland Security)
; Department of Health and Human Services
* Healthcare and Public Health
; Department of Transportation
* Transportation systems (jointly with Department of Homeland Security)
; Environmental Protection Agency
* Water and wastewater systems
====State-level legislation====
Several U.S. states have passed "critical infrastructure" bills, promoted by the [[American Legislative Exchange Council]] (ALEC), to criminalize protests against the [[fossil fuel industry]].<ref>{{cite web|url=https://theintercept.com/2021/01/12/capitol-riot-anti-protest-blm-laws/|title=In Wake of Capitol Riot, GOP Legislatures 'Rebrand' Old Anti-BLM Protest Laws|date=January 12, 2021|access-date=February 10, 2021|work=[[The Intercept]]|first1=Alleen|last1=Brown|first2=Akela|last2=Lacy}}</ref> In May 2017, Oklahoma passed legislation which created [[felony]] penalties for [[trespass]]ing on land considered critical infrastructure, including oil and gas [[pipeline transport|pipelines]], or conspiring to do so; ALEC introduced a version of the bill as a [[model act]] and encouraged other states to adopt it.<ref>{{cite web|url=https://theintercept.com/2019/05/23/pipeline-protest-laws-louisiana-south-dakota/|title=Pipeline Opponents Strike Back Against Anti-Protest Laws|date=May 23, 2019|accessdate=February 13, 2021|work=[[The Intercept]]|first=Alleen|last=Brown}}</ref> In June 2020, West Virginia passed the Critical Infrastructure Protection Act, which created [[felony]] penalties for protests against oil and gas facilities.<ref>{{cite web|url=https://theintercept.com/2020/06/07/pipeline-petrochemical-lobbying-group-anti-protest-law/|title=A Powerful Petrochemical Lobbying Group Advanced Anti-Protest Legislation in the Midst of the Pandemic|date=June 7, 2020|accessdate=February 13, 2021|work=[[The Intercept]]|first=Alleen|last=Brown}}</ref>
==Stress testing==
Critical infrastructure (CI) such as highways, railways, electric power networks, dams, port facilities, major gas pipelines or oil refineries are exposed to multiple natural and human-induced hazards and stressors, including [[earthquake]]s, [[landslide]]s, [[flood]]s, [[tsunami]], [[wildfire]]s, [[Global warming|climate change]] effects or [[explosion]]s. These stressors and abrupt events can cause failures and losses, and hence, can interrupt essential services for the society and the economy.<ref>{{Cite journal|last1=Pescaroli|first1=Gianluca|last2=Alexander|first2=David|date=2016-05-01|title=Critical infrastructure, panarchies and the vulnerability paths of cascading disasters|journal=Natural Hazards|language=en|volume=82|issue=1|pages=175–192|doi=10.1007/s11069-016-2186-3|issn=1573-0840|doi-access=free|bibcode=2016NatHa..82..175P }}</ref> Therefore, CI owners and operators need to identify and quantify the risks posed by the CIs due to different stressors, in order to define mitigation strategies<ref>{{Cite journal|last1=Mignan|first1=A.|last2=Karvounis|first2=D.|last3=Broccardo|first3=M.|last4=Wiemer|first4=S.|last5=Giardini|first5=D.|date=March 2019|title=Including seismic risk mitigation measures into the Levelized Cost Of Electricity in enhanced geothermal systems for optimal siting|journal=Applied Energy|language=en|volume=238|pages=831–850|doi=10.1016/j.apenergy.2019.01.109|doi-access=free|bibcode=2019ApEn..238..831M |hdl=20.500.11850/322346|hdl-access=free}}</ref> and improve the [[Resilience (engineering and construction)|resilience]] of the CIs.<ref>{{Cite journal|last1=Linkov|first1=Igor|last2=Bridges|first2=Todd|last3=Creutzig|first3=Felix|author3-link=Felix Creutzig|last4=Decker|first4=Jennifer|last5=Fox-Lent|first5=Cate|last6=Kröger|first6=Wolfgang|last7=Lambert|first7=James H.|last8=Levermann|first8=Anders|last9=Montreuil|first9=Benoit|last10=Nathwani|first10=Jatin|last11=Nyer|first11=Raymond|date=June 2014|title=Changing the resilience paradigm|journal=Nature Climate Change|language=en|volume=4|issue=6|pages=407–409|doi=10.1038/nclimate2227|bibcode=2014NatCC...4..407L|s2cid=85351884 |issn=1758-6798}}</ref><ref>{{Cite journal|last1=Argyroudis|first1=Sotirios A.|last2=Mitoulis|first2=Stergios A.|last3=Hofer|first3=Lorenzo|last4=Zanini|first4=Mariano Angelo|last5=Tubaldi|first5=Enrico|last6=Frangopol|first6=Dan M.|date=April 2020|title=Resilience assessment framework for critical infrastructure in a multi-hazard environment: Case study on transport assets|journal=Science of the Total Environment|language=en|volume=714|pages=136854|doi=10.1016/j.scitotenv.2020.136854|pmid=32018987|bibcode=2020ScTEn.714m6854A|s2cid=211036128 |url=http://epubs.surrey.ac.uk/853637/1/Argyroudis%20et%20al_manuscript_accepted.pdf}}</ref> Stress tests are advanced and standardised tools for hazard and [[risk assessment]] of CIs, that include both low-probability high-consequence (LP-HC) events and so-called extreme or [[rare events]], as well as the systematic application of these new tools to classes of CI.
Stress testing is the process of assessing the ability of a CI to maintain a certain level of functionality under unfavourable conditions, while stress tests consider LP-HC events, which are not always accounted for in the design and risk assessment procedures, commonly adopted by public authorities or industrial stakeholders. A multilevel stress test methodology for CI has been developed in the framework of the European research project STREST,<ref>{{Cite web|url=http://strest-eu.org|title=STREST-Harmonized approach to stress tests for critical infrastructures against natural hazards. Funded from the European Union's Seventh Framework Programme FP7/2007-2013, under grant agreement no. 603389. Project Coordinator: Domenico Giardini; Project Manager: Arnaud Mignan, ETH Zurich}}</ref> consisting of four phases:<ref>{{Cite journal|last1=Esposito Simona|last2=Stojadinović Božidar|last3=Babič Anže|last4=Dolšek Matjaž|last5=Iqbal Sarfraz|last6=Selva Jacopo|last7=Broccardo Marco|last8=Mignan Arnaud|last9=Giardini Domenico|date=2020-03-01|title=Risk-Based Multilevel Methodology to Stress Test Critical Infrastructure Systems|journal=Journal of Infrastructure Systems|volume=26|issue=1|pages=04019035|doi=10.1061/(ASCE)IS.1943-555X.0000520|s2cid=214354801 }}</ref>
Phase 1: ''Preassessment'', during which the data available on the CI (risk context) and on the phenomena of interest (hazard context) are collected. The goal and objectives, the time frame, the stress test level and the total costs of the stress test are defined.
Phase 2: ''Assessment'', during which the stress test at the component and the system scope is performed, including fragility<ref>{{Cite book|title=SYNER-G: Typology Definition and Fragility Functions for Physical Elements at Seismic Risk|date=2014|publisher=Springer Netherlands|isbn=978-94-007-7871-9|editor-last=Pitilakis|editor-first=K.|series=Geotechnical, Geological and Earthquake Engineering|volume=27|location=Dordrecht|doi=10.1007/978-94-007-7872-6|s2cid=133078584|editor-last2=Crowley|editor-first2=H.|editor-last3=Kaynia|editor-first3=A.M.}}</ref> and risk<ref>{{Cite book|title=SYNER-G: Systemic Seismic Vulnerability and Risk Assessment of Complex Urban, Utility, Lifeline Systems and Critical Facilities|date=2014|publisher=Springer Netherlands|isbn=978-94-017-8834-2|editor-last=Pitilakis|editor-first=K.|series=Geotechnical, Geological and Earthquake Engineering|volume=31|location=Dordrecht|doi=10.1007/978-94-017-8835-9|s2cid=107566163|editor-last2=Franchin|editor-first2=P.|editor-last3=Khazai|editor-first3=B.|editor-last4=Wenzel|editor-first4=H.}}</ref> analysis of the CIs for the stressors defined in Phase 1. The stress test can result in three outcomes: Pass, Partly Pass and Fail, based on the comparison of the quantified risks to acceptable risk exposure levels and a penalty system.
Phase 3: ''Decision'', during which the results of the stress test are analyzed according to the goal and objectives defined in Phase 1. Critical events (events that most likely cause the exceedance of a given level of loss) and risk mitigation strategies are identified.
Phase 4: ''Report'', during which the stress test outcome and risk mitigation guidelines based on the findings established in Phase 3 are formulated and presented to the stakeholders.
This stress-testing methodology has been demonstrated to six CIs in Europe at component and system level:<ref>{{Cite journal|last1=Argyroudis|first1=Sotirios A.|last2=Fotopoulou|first2=Stavroula|last3=Karafagka|first3=Stella|last4=Pitilakis|first4=Kyriazis|last5=Selva|first5=Jacopo|last6=Salzano|first6=Ernesto|last7=Basco|first7=Anna|last8=Crowley|first8=Helen|last9=Rodrigues|first9=Daniela|last10=Matos|first10=José P.|last11=Schleiss|first11=Anton J.|title=A risk-based multi-level stress test methodology: application to six critical non-nuclear infrastructures in Europe|journal=Natural Hazards|volume=100|issue=2|pages=595–633|language=en|doi=10.1007/s11069-019-03828-5|issn=1573-0840|year=2020|bibcode=2020NatHa.100..595A |hdl=11585/711534 |s2cid=209432723|url=http://infoscience.epfl.ch/record/275470/files/JA2002_Argyroudis_et_al-2020-Natural_Hazards.pdf}}</ref> an oil refinery and petrochemical plant in Milazzo, Italy; a conceptual alpine earth-fill dam in Switzerland; the Baku–Tbilisi–Ceyhan pipeline in Turkey; part of the Gasunie national gas storage and distribution network in the Netherlands; the port infrastructure of Thessaloniki, Greece; and an industrial district in the region of Tuscany, Italy. The outcome of the stress testing included the definition of critical components and events and risk mitigation strategies, which are formulated and reported to stakeholders.
==See also==
* [[Industrial antiterrorism]]
* [[Infrastructure]]
* [[Infrastructure security]]
* [[Civil defense]]
* [[Paramilitary]]
==References==
{{Reflist}}
==External links==
* [https://web.archive.org/web/20100213054539/http://www.infracritical.com/images/cip-sectors5.jpg Infracritical: comparison of US and international definitions of infrastructure]
* [https://dig.watch/topics/critical-infrastructure Digital Watch - Critical Infrastructure]
{{Authority control}}
[[Category:United States Department of Homeland Security]]
[[Category:Infrastructure]]
[[Category:National security]]
| |||