Critical infrastructure: Difference between revisions

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Critical infrastructure" – news · newspapers · books · scholar · JSTOR (June 2023) (Learn how and when to remove this message)

Infrastructure
Grand Coulee Dam
Assets and facilities Airports Bridges Broadband Canals Coastal management Critical infrastructure Dams Electricity Energy Hazardous waste Hospitals Irrigation schemes Levees Lighthouses Parks Pipeline transport Ports Mass transit Public housing State schools Public spaces Rail Roads Sewage treatment Sewerage Sluices Solid waste Telecommunication Utilities Water supply Weirs
Concepts Asset management Appropriation Lindahl tax Build–operate–transfer Design–bid–build Design–build Earmark European green infrastructure Fixed cost Engineering contracts Externality Government debt Green infrastructure Life-cycle assessment Maintenance Monopoly Property tax Public–private partnership Public capital Public finance Public good Public sector Renovation Replacement (upgrade) Spillover Supply chain Taxation
Issues and ideas Air traffic control Brownfield Carbon footprint Containerization Congestion pricing Ecotax Ethanol fuel Fuel tax Groundwater High-speed rail Hybrid vehicles Land-use planning Mobile data terminal Pork barrel Rapid bus transit Recycling Renewables Reverse osmosis Smart grid Smart growth Stormwater Urban sprawl Traffic congestion Transit-oriented development Fuel efficiency Waste-to-energy Weatherization Wireless technology
Fields of study Architecture Chemical engineering Civil Electrical Mechanical engineering Public economics Public policy Urban planning
Examples Akashi Kaikyō Bridge Trans-Alaska pipeline Autobahn Bicycle parking station Brazilian energy independence Brooklyn Bridge Channel Tunnel Chicago wastewater China's high-speed rail Curtiba rapid bus transit Cycling infrastructure (history, safety) Danish wind-power British offshore wind-power Nuclear power in France Solar power in Germany Hoover Dam Hong Kong Int'l Airport Intercity Express Interstate highways Jamnagar Refinery Kansai Int'l Airport Levee Offshore wind port Panama Canal Port of Shanghai San Francisco Bay Bridge Three Gorges Dam Shinkansen Spanish high-speed rail French TGV rail Spanish autovias and autopistas Transcontinental Railroad Power transmission in the USA Wind farm
Category Engineering portal
v t e

Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security.^[1] Critical infrastructure has traditionally been viewed as under the scope of government due to its strategic importance, yet there's an observable trend towards its privatization, raising discussions about how the private sector can contribute to these essential services.^[2]

Most commonly associated with the term are assets and facilities for:

• Shelter; Heating (e.g. natural gas, fuel oil, district heating);
• Agriculture, food production and distribution;
• Education, skills development and technology transfer / basic subsistence and unemployment rate statistics;
• Water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices));
• Public health (hospitals, ambulances);
• Transportation systems (fuel supply, railway network, airports, harbours, inland shipping);
• Security services (police, military).
• Electricity generation, transmission and distribution; (e.g. natural gas, fuel oil, coal, nuclear power)
  • Renewable energy, which are naturally replenished on a human timescale, such as sunlight, wind, rain, tides, waves, and geothermal heat.
• Telecommunication; coordination for successful operations
• Economic sector; Goods and services and financial services (banking, clearing);

The Canadian Federal Government identifies the following 10 Critical Infrastructure Sectors as a way to classify essential assets.^{[3] [4]}

1. Energy & Utilities: Electricity providers; off-shore/on-shore oil & gas; coal supplies, natural gas providers; home fuel oil; gas station supplies; alternative energy suppliers (wind, solar, other)
2. Information and Communication Technology: Broadcast Media; telecommunication providers (landlines, cell phones, internet, wifi); Postal services;
3. Finance: Banking services, government finance/aid departments; taxation
4. Health: Public health & wellness programs, hospital/clinic facilities; blood & blood products
5. Food: Food supply chains; food inspectors; import/export programs; grocery stores; Agri & Acqua culture; farmers markets
6. Water: Water supply & protection; wastewater management; fisheries & ocean protection programs
7. Transportation: Roads, bridges, railways, aviation/airports; shipping & ports; transit
8. Safety: Emergency responders; public safety programs
9. Government: Military; Continuity of governance
10. Manufacturing: Industry, economic development

European Programme for Critical Infrastructure Protection (EPCIP) refers to the doctrine or specific programs created as a result of the European Commission's directive EU COM(2006) 786 which designates European critical infrastructure that, in case of fault, incident, or attack, could impact both the country where it is hosted and at least one other European Member State. Member states are obliged to adopt the 2006 directive into their national statutes.

It has proposed a list of European critical infrastructures based upon inputs by its member states. Each designated European Critical Infrastructures (ECI) will have to have an Operator Security Plan (OSP) covering the identification of important assets, a risk analysis based on major threat scenarios and the vulnerability of each asset, and the identification, selection and prioritisation of counter-measures and procedures.

The German critical-infrastructure protection programme KRITIS is coordinated by the Federal Ministry of the Interior. Some of its special agencies like the German Federal Office for Information Security or the Federal Office of Civil Protection and Disaster Assistance BBK deliver the respective content, e.g., about IT systems.^[5]

In Singapore, critical infrastructures are mandated under the Protected Areas and Protected Places Act.^[6] In 2017, the Infrastructure Protection Act was passed in Parliament, which provides for the protection of certain areas, places and other premises in Singapore against security risks.^[7] It came into force in 2018.^[8][9]

In the UK, the National Protective Security Authority (NPSA) provides information, personnel and physical security advice to the businesses and organizations which make up the UK's national infrastructure, helping to reduce its vulnerability to terrorism and other threats.

It can call on resources from other government departments and agencies, including MI5, the National Cyber Security Centre (NCSC) and other government departments responsible for national infrastructure sectors.

The U.S. has had a wide-reaching critical infrastructure protection program in place since 1996. Its Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."

In 2014 the NIST Cybersecurity Framework was published, and quickly became a popular set of guidelines, despite the significant costs of full compliance.^[10]

These have identified a number of critical infrastructures and responsible agencies:

1. Agriculture and food – Departments of Agriculture and Health and Human Services
2. Water – Environmental Protection Agency
3. Public Health – Department of Health and Human Services
4. Emergency Services – Department of Homeland Security
5. Government – Department of Homeland Security
6. Defense Industrial Base – Department of Defense
7. Information and Telecommunications – Department of Commerce
8. Energy – Department of Energy
9. Transportation and Shipping – Department of Transportation
10. Banking and Finance – Department of the Treasury
11. Chemical Industry and Hazardous Materials – Department of Homeland Security
12. Post – Department of Homeland Security
13. National monuments and icons - Department of the Interior
14. Critical manufacturing - Department of Homeland Security (14th sector announced March 3, 2008; recorded April 30, 2008)

The National Infrastructure Protection Plan (NIPP) defines critical infrastructure sector in the US. Presidential Policy Directive 21 (PPD-21),^[11] issued in February 2013 entitled Critical Infrastructure Security and Resilience mandated an update to the NIPP. This revision of the plan established the following 16 critical infrastructure sectors:

1. Chemical
2. Commercial facilities
3. Communications
4. Critical manufacturing
5. Dams
6. Defense industrial base
7. Emergency services
8. Energy
9. Financial services
10. Food and agriculture
11. Government facilities
12. Healthcare and public health
13. Information technology
14. Nuclear reactors, materials, and waste
15. Transportation systems
16. Water and wastewater systems

National Monuments and Icons along with the postal and shipping sector were removed in 2013 update to the NIPP. The 2013 version of the NIPP has faced criticism for lacking viable risk measures.^[12][13] The plan assigns the following agencies sector-specific coordination responsibilities:

Department of Homeland Security

• Chemical
• Commercial facilities
• Communications
• Critical manufacturing
• Dams
• Emergency services
• Government facilities (jointly with General Services Administration)
• Information technology
• Nuclear reactors, materials, and waste
• Transportation systems (jointly with Department of Transportation)

Department of Defense

• Defense industrial base

Department of Energy

• Energy

Department of the Treasury

• Financial services

Department of Agriculture

• Food and agriculture

General Services Administration

• Government facilities (jointly with Department of Homeland Security)

Department of Health and Human Services

• Healthcare and Public Health

Department of Transportation

• Transportation systems (jointly with Department of Homeland Security)

Environmental Protection Agency

• Water and wastewater systems

Several U.S. states have passed "critical infrastructure" bills, promoted by the American Legislative Exchange Council (ALEC), to criminalize protests against the fossil fuel industry.^[14] In May 2017, Oklahoma passed legislation which created felony penalties for trespassing on land considered critical infrastructure, including oil and gas pipelines, or conspiring to do so; ALEC introduced a version of the bill as a model act and encouraged other states to adopt it.^[15] In June 2020, West Virginia passed the Critical Infrastructure Protection Act, which created felony penalties for protests against oil and gas facilities.^[16]

Critical infrastructure (CI) such as highways, railways, electric power networks, dams, port facilities, major gas pipelines or oil refineries are exposed to multiple natural and human-induced hazards and stressors, including earthquakes, landslides, floods, tsunami, wildfires, climate change effects or explosions. These stressors and abrupt events can cause failures and losses, and hence, can interrupt essential services for the society and the economy.^[17] Therefore, CI owners and operators need to identify and quantify the risks posed by the CIs due to different stressors, in order to define mitigation strategies^[18] and improve the resilience of the CIs.^[19][20] Stress tests are advanced and standardised tools for hazard and risk assessment of CIs, that include both low-probability high-consequence (LP-HC) events and so-called extreme or rare events, as well as the systematic application of these new tools to classes of CI.

Stress testing is the process of assessing the ability of a CI to maintain a certain level of functionality under unfavourable conditions, while stress tests consider LP-HC events, which are not always accounted for in the design and risk assessment procedures, commonly adopted by public authorities or industrial stakeholders. A multilevel stress test methodology for CI has been developed in the framework of the European research project STREST,^[21] consisting of four phases:^[22]

Phase 1: Preassessment, during which the data available on the CI (risk context) and on the phenomena of interest (hazard context) are collected. The goal and objectives, the time frame, the stress test level and the total costs of the stress test are defined.

Phase 2: Assessment, during which the stress test at the component and the system scope is performed, including fragility^[23] and risk^[24] analysis of the CIs for the stressors defined in Phase 1. The stress test can result in three outcomes: Pass, Partly Pass and Fail, based on the comparison of the quantified risks to acceptable risk exposure levels and a penalty system.

Phase 3: Decision, during which the results of the stress test are analyzed according to the goal and objectives defined in Phase 1. Critical events (events that most likely cause the exceedance of a given level of loss) and risk mitigation strategies are identified.

Phase 4: Report, during which the stress test outcome and risk mitigation guidelines based on the findings established in Phase 3 are formulated and presented to the stakeholders.

This stress-testing methodology has been demonstrated to six CIs in Europe at component and system level:^[25] an oil refinery and petrochemical plant in Milazzo, Italy; a conceptual alpine earth-fill dam in Switzerland; the Baku–Tbilisi–Ceyhan pipeline in Turkey; part of the Gasunie national gas storage and distribution network in the Netherlands; the port infrastructure of Thessaloniki, Greece; and an industrial district in the region of Tuscany, Italy. The outcome of the stress testing included the definition of critical components and events and risk mitigation strategies, which are formulated and reported to stakeholders.

• Industrial antiterrorism
• Infrastructure
• Infrastructure security
• Civil defense
• Paramilitary

• Infracritical: comparison of US and international definitions of infrastructure
• Digital Watch - Critical Infrastructure