Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for:
- electricity generation, transmission and distribution;
- gas production, transport and distribution;
- oil and oil products production, transport and distribution;
- telecommunication;
- water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices));
- agriculture, food production and distribution;
- heating (e.g. natural gas, fuel oil, district heating);
- public health (hospitals, ambulances);
- transportation systems (fuel supply, railway network, airports, harbours, inland shipping);
- financial services (banking, clearing);
- security services (police, military).
Regional critical-infrastructure protection programmes
European Union
The European Programme for Critical Infrastructure Protection ([EPCIP]) has been laid out in EU Directives by the Commission (e.g., EU COM(2006) 786 final). It has proposed a list of European critical infrastructures based upon inputs by its Member States.
Each designated ECI will have to have an Operator Security Plan (OSP) covering the identification of important assets, a risk analysis based on major threat scenarios and the vulnerability of each asset, and the identification, selection and prioritisation of counter-measures and procedures.
Germany
The German critical-infrastructure protection programme is coordinated by the Federal Ministry of the Interior. Some of its special agencies like the German Federal Office for Information Security or the Federal Office of Civil Protection and Disaster Assistance BBK deliver the respective content, e.g., about IT systems.[2]
United Kingdom
In the UK the Centre for the Protection of National Infrastructure provides information, personnel and physical security advice to the businesses and organisations which make up the UK's national infrastructure, helping to reduce its vulnerability to terrorism and other threats.
It can call on resources from other government departments and agencies, including MI5, the Communications Electronics Security Group and other Government departments responsible for national infrastructure sectors.
United States
The USA has had a wide-reaching Critical Infrastructure Protection Program in place since 1996. Its Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitation impact on security, national economic security, national public health or safety, or any combination of those matters."
These have identified a number of critical infrastructures and responsible agencies:
- Agriculture and Food – Departments of Agriculture and Health and Human Services
- Water – Environmental Protection Agency
- Public Health – Department of Health and Human Services
- Emergency Services – Department of Homeland Security
- Government – Department of Homeland Security
- Defense Industrial Base – Department of Defense
- Information and Telecommunications – Department of Commerce
- Energy – Department of Energy
- Transportation and Shipping – Department of Transportation
- Banking and Finance – Department of the Treasury
- Chemical Industry and Hazardous Materials – Department of Homeland Security
- Post – Department of Homeland Security
- National Monuments and icons - Department of the Interior
- Critical Manufacturing - Department of Homeland Security (14th sector announced 03-Mar-2008; recorded 30-Apr-2008)
Idaho National Laboratory performs work on the nation's cyber-security infrastructure.
