Critical Infrastructure
While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a CI to the society or the debilitating effect in the case of disruption. Another common characteristic of CI is that they are complex in their structure, which makes the issue of dependencies and common cause failure an important topic to society.
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
Other International Definitions
NATO CEP / EAPC
UNISDR
UNISDR refers to "Critical facilities" as
Critical facilities are considered as elements of the infrastructure that support essential services in a society.
National Definitions
Australia
In this context, significant means an event or incident that puts at risk public safety and confidence, threatens our economic security, harms Australia’s international competitiveness, or impedes the continuity of government and its services.
Austria
Belgium
Finland
France
The French original version is:
The French government doesn’t use the notion of “criticality” but the notion of “vitality” with the meaning of essential service or infrastructure.
Germany
The German language definition is:
Jamaica
This may include water and sewage networks, agriculture, health systems, emergency services, information technology and telecommunications, banking and finance, energy (electrical and wind generated), transportation (air, road, port), postal and shipping entities.
Kenya
Latvia
The critical infrastructure of information technology is protected in order to ensure the performance of basic functions essential to the state and society.
Netherlands
The Dutch language version is:
"This could be in the form of tremendous casualties and severe economic damage, or in terms of an extremely lengthy recovery period and a lack of any readily available viable alternatives, while we depend on these products and services. Because the consequences of this critical infrastructure – or parts thereof – could be so dire for large segments of the Dutch population, extra attention must be given to its protection. Accordingly, this protection is designed to prevent disruption and concerns the protection against technical-organisational failings, overloading, and extreme natural phenomena or intentional or unintentional human action."(In Dutch: "Dat kan zijn omdat er sprake is van veel slachtoffers en grote economische schade, dan wel wanneer herstel zeer lang gaat duren en er geen reële alternatieven voorhanden zijn, terwijl deze producten en diensten niet gemist kunnen worden."
New Zealand
For instance, electricity generation, gas production, telecommunications, water supply etc.
Norway
Critical infrastructure: The functioning of the society is highly dependent on a variety of physical and technical infrastructures. In case of a severe failure of these infrastructures, the society is not able to maintain the supply of goods and services. As the population is dependent on these infrastructures (ref. socio-critical functions), they may be referred to as critical for society.
Poland
Spain
Switzerland
United Kingdom (UK)
The United Kingdom (UK) defines national infrastructure as:
In the approach of the UK, infrastructure is categorised according to its value or “criticality” and the impact of its loss. This categorisation is done using the Government “Criticality Scale”, which assigns categories for different degrees of severity of impact.
Not everything within a national infrastructure sector is “critical”. Within the sectors there are certain “critical” elements of infrastructure, the loss or compromise of which would have a major detrimental impact on the availability or integrity of essential services, leading to severe economic or social consequences or to loss of life. These “critical” assets make up the nation's critical national infrastructure (CNI) and are referred to individually as “infrastructure assets”. Infrastructure assets may be physical (e.g. sites, installations, pieces of equipment) or logical (e.g. information networks, systems).
United States
Standard Definition
ISO/IEC TR 27019:2013
The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.
Other Definitions
International Risk Governance Council (IRCG)
The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.
See also
History
European Council COM(2006)787
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ NATO EAPC(SCEPC) lexicon.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ Critical Infrastructure Resilience Strategy, 2010
- ↑ Austrian Cyber Security Strategy, FFederal Chancellery of the Republic of Austria, Vienna, 2013
- ↑ Service Public Fédéral Intérieur/Federale Overheidsdienst Binnenlandse Zaken F./N. 2011-1799; C-2011/00399 (2011)
- ↑ Finlands' Cyber Security Strategy
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ National Strategy for Critical Infrastructure Protection(CIP Strategy), BMI 17 June 2009.
- ↑ Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie)), BMI 17 June 2009.
- ↑ Jamaica's National Cyber Security Strategy
- ↑ Kenya's National Cyber Security Strategy
- ↑ CYBER SECURITY STRATEGY OF LATVIA 2014–2018
- ↑ Bijlage bij Kamerstuk 26643 nr. 75 Rapportage Bescherming Vitale Infrastructuur
- ↑ De Nationaal Coördinator Terrorismebestrijding (2004)
- ↑ New Zealand’s Cyber Security Strategy (2011)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Polish Government Centre for Security (2013)
- ↑ CNPIC
- ↑ National strategy for the protection of Switzerland against cyber risks (2012)
- ↑ Centre for the Protection of National Infrastructure (CPNI)
- ↑ §1016(e) of the United States Patriot Act of 2001 (42 U.S.C. §5195c(e))
- ↑ ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.
- ↑ IRCG webpage on CI
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.