Difference between revisions of "Critical Infrastructure"

From CIPedia
Jump to navigation Jump to search
(National Definitions)
(Definitions)
Line 28: Line 28:
 
==== France ====
 
==== France ====
 
{{definition| Vital infrastructure: any establishment, facility or structure for which the damage, unavailability or destruction as a result of a malicious action, a sabotage or terrorism action could directly or indirectly:
 
{{definition| Vital infrastructure: any establishment, facility or structure for which the damage, unavailability or destruction as a result of a malicious action, a sabotage or terrorism action could directly or indirectly:
* if its activity is difficultly substitutable or replaceable, severely burden the war potential or economic potential, the national security or the survivability of the nation  
+
- if its activity is difficultly substitutable or replaceable, severely burden the war potential or economic potential, the national security or the survivability of the nation  
* or to seriously affect the population’s health or life<ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref>.}}
+
- or to seriously affect the population’s health or life<ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref>.}}
 
(Original in French) Point d’importance vitale (PIV): tout établissement, installation ou ouvrage dont le dommage ou l’indisponibilité ou la destruction par suite d’un acte de malveillance, de sabotage ou de terrorisme risquerait, directement ou indirectement:
 
(Original in French) Point d’importance vitale (PIV): tout établissement, installation ou ouvrage dont le dommage ou l’indisponibilité ou la destruction par suite d’un acte de malveillance, de sabotage ou de terrorisme risquerait, directement ou indirectement:
 
* si son activité est difficilement substituable ou remplaçable, d’obérer gravement le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la nation,
 
* si son activité est difficilement substituable ou remplaçable, d’obérer gravement le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la nation,
Line 73: Line 73:
  
 
<big>The standard notes that a [[failure]] or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant [[impact]] on public security and have other wide ranging [[impact|impacts]].</big>
 
<big>The standard notes that a [[failure]] or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant [[impact]] on public security and have other wide ranging [[impact|impacts]].</big>
 
  
 
==See also==
 
==See also==

Revision as of 12:25, 23 September 2014

While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a critical infrastructure to the society or the debilitating effect in the case of disruption. Another common characteristic is that they are complex in their structure, which makes the issue of dependencies an important topic.

Definitions

European Definitions

Council Directive 2008/114/EC

An asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions [1]


Other International Definitions

NATO CEP / EAPC

Critical Infrastructure is those facilities, services and information systems which are so vital to nations that their incapacity or destruction would have a debilitating impact on national security, national economy, public health and safety and the effective functioning of the government. [2].

UNISDR

UNISDR refers to "Critical facilities" as

the primary physical structures, technical facilities and systems which are socially, economically or operationally essential to the functioning of a society or community, both in routine circumstances and in the extreme circumstances of an emergency [3].

Critical facilities are considered as elements of the infrastructure that support essential services in a society.


National Definitions

Australia

Critical infrastructures are those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security[4].

In this context, significant means an event or incident that puts at risk public safety and confidence, threatens our economic security, harms Australia’s international competitiveness, or impedes the continuity of government and its services.

Belgium

A critical infrastructure is an installation, system or part thereof, of federal interest, which is essential for the maintenance of vital societal functions, health, safety, security, economic or societal well-being of people, and which, if disrupted or destroyed, would have a significant impact.[5]

France

 Vital infrastructure: any establishment, facility or structure for which the damage, unavailability or destruction as a result of a malicious action, a sabotage or terrorism action could directly or indirectly:

- if its activity is difficultly substitutable or replaceable, severely burden the war potential or economic potential, the national security or the survivability of the nation

- or to seriously affect the population’s health or life[6].

(Original in French) Point d’importance vitale (PIV): tout établissement, installation ou ouvrage dont le dommage ou l’indisponibilité ou la destruction par suite d’un acte de malveillance, de sabotage ou de terrorisme risquerait, directement ou indirectement:

  • si son activité est difficilement substituable ou remplaçable, d’obérer gravement le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la nation,
  • ou de mettre gravement en cause la santé ou la vie de la population.

The French government doesn’t use the notion of “criticality” but the notion of “vitality” with the meaning of essential service or infrastructure.

Germany

Critical infrastructures are organisations and facilities of major importance for society whose failure or impairment would cause a sustained shortage of supplies, significant disruptions to public order, safety and security or other dramatic consequences [7].

The German language definition is:

Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit oder andere dramatische Folgen eintreten würden.[8].


Netherlands

Critical infrastructures (Dutch: Vitale Infrastructuur) refers to products, services and the accompanying processes that, in the event of disruption or failure, could cause major social disturbance.[9]

The Dutch language version is:

Vitale Infrastructuur: Producten, diensten en de onderliggende processen die, als zij uitvallen, maatschappelijke ontwrichting kunnen veroorzaken. [10]

"This could be in the form of tremendous casualties and severe economic damage, or in terms of an extremely lengthy recovery period and a lack of any readily available viable alternatives, while we depend on these products and services. Because the consequences of this critical infrastructure – or parts thereof – could be so dire for large segments of the Dutch population, extra attention must be given to its protection. Accordingly, this protection is designed to prevent disruption and concerns the protection against technical-organisational failings, overloading, and extreme natural phenomena or intentional or unintentional human action."(In Dutch: "Dat kan zijn omdat er sprake is van veel slachtoffers en grote economische schade, dan wel wanneer herstel zeer lang gaat duren en er geen reële alternatieven voorhanden zijn, terwijl deze producten en diensten niet gemist kunnen worden."

Poland

A critical infrastructure shall be understood as systems and mutually bound functional objects contained therein, including constructions, facilities, installations and services of key importance for the security of the state and its citizens, as well as serving to ensure efficient functioning of public administration authorities, institutions and enterprises.[11]

United Kingdom (UK)

The United Kingdom (UK) defines national infrastructure as:

those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends [12].

In the approach of the UK, infrastructure is categorised according to its value or “criticality” and the impact of its loss. This categorisation is done using the Government “Criticality Scale”, which assigns categories for different degrees of severity of impact.

Not everything within a national infrastructure sector is “critical”. Within the sectors there are certain “critical” elements of infrastructure, the loss or compromise of which would have a major detrimental impact on the availability or integrity of essential services, leading to severe economic or social consequences or to loss of life. These “critical” assets make up the nation's critical national infrastructure (CNI) and are referred to individually as “infrastructure assets”. Infrastructure assets may be physical (e.g. sites, installations, pieces of equipment) or logical (e.g. information networks, systems).

USA

Systems and assets, whether physical or virtual, so vital services to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [13]

Standard Definition

ISO/IEC TR 27019:2013

Organizations and facilities that are essential for the functioning of society and the economy as a whole [14].

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.

See also

History

COM(2006)787

Those assets or parts thereof which are essential for the maintenance of critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people. [15]


Notes

  1. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
  2. [NATO EAPC(SCEPC) lexicon.]
  3. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  4. Critical Infrastructure Resilience Strategy, 2010
  5. Service Public Fédéral Intérieur (2011)
  6. INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
  7. Unpublished working glossary of UP KRITIS and BSI, 2014
  8. http://www.bbk.bund.de/DE/AufgabenundAusstattung/KritischeInfrastrukturen/kritischeinfrastrukturen_node.html (from BSI KRITIS website)
  9. Bijlage bij Kamerstuk 26643 nr. 75 Rapportage Bescherming Vitale Infrastructuur
  10. De Nationaal Coördinator Terrorismebestrijding (2004)
  11. Polish Government Centre for Security (2013)
  12. Centre for the Protection of National Infrastructure (CPNI)
  13. §1016(e) of the USA Patriot Act of 2001 (42 U.S.C. §5195c(e))
  14. ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.
  15. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Critical_Infrastructure&oldid=1526"