Critical Infrastructure

From CIPedia
Revision as of 13:08, 20 February 2015 by Eluiijf (talk | contribs)
Jump to navigation Jump to search

While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a CI to the society or the debilitating effect in the case of disruption. Another common characteristic of CI is that they are complex in their structure, which makes the issue of dependencies and common cause failure an important topic to society.


Definitions

European Definitions

Council Directive 2008/114/EC

An asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions [1]


Other International Definitions

NATO CEP / EAPC

Critical Infrastructure is those facilities, services and information systems which are so vital to nations that their incapacity or destruction would have a debilitating impact on national security, national economy, public health and safety and the effective functioning of the government. [2].

UNISDR

UNISDR refers to "Critical facilities" as

the primary physical structures, technical facilities and systems which are socially, economically or operationally essential to the functioning of a society or community, both in routine circumstances and in the extreme circumstances of an emergency [3].

Critical facilities are considered as elements of the infrastructure that support essential services in a society.


National Definitions

Australia

Critical infrastructures are those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security[4].

In this context, significant means an event or incident that puts at risk public safety and confidence, threatens our economic security, harms Australia’s international competitiveness, or impedes the continuity of government and its services.

Belgium

A critical infrastructure is an installation, system or part thereof, of federal interest, which is essential for the maintenance of vital societal functions, health, safety, security, economic or societal well-being of people, and which, if disrupted or destroyed, would have a significant impact.[5]


France

Vital infrastructure is any establishment, facility or structure for which the damage, unavailability or destruction as a result of a malicious action, a sabotage or terrorism action could directly or indirectly: if its activity is difficultly substitutable or replaceable, severely burden the war potential or economic potential, the national security or the survivability of the nation, or to seriously affect the population’s health or life.

The French original version is:

Point d’importance vitale (PIV): tout établissement, installation ou ouvrage dont le dommage ou l’indisponibilité ou la destruction par suite d’un acte de malveillance, de sabotage ou de terrorisme risquerait, directement ou indirectement: si son activité est difficilement substituable ou remplaçable, d’obérer gravement le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la nation, ou de mettre gravement en cause la santé ou la vie de la population. [6].

The French government doesn’t use the notion of “criticality” but the notion of “vitality” with the meaning of essential service or infrastructure.

Germany

Critical infrastructures (CI) are organizational and physical structures and facilities of such vital importance to a nation's society and economy that their failure or degradation would result in sustained supply shortages, significant disruptions of public safety and security, or other dramatic consequences[7].

The German language definition is:

Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit oder andere dramatische Folgen eintreten würden.[8].


Jamaica

Critical infrastructures include systems and assets, whether physical or virtual, so critical that the incapacitation or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination thereof. [9]

This may include water and sewage networks, agriculture, health systems, emergency services, information technology and telecommunications, banking and finance, energy (electrical and wind generated), transportation (air, road, port), postal and shipping entities.

Kenya

Critical infrastructures describe assets that are essential for the functioning of a society and economy. (e.g., electrical grid, telecommunications,water supply).[10]


Netherlands

Critical infrastructures (Dutch: Vitale Infrastructuur) refers to products, services and the accompanying processes that, in the event of disruption or failure, could cause major social disturbance.[11]

The Dutch language version is:

Vitale Infrastructuur: Producten, diensten en de onderliggende processen die, als zij uitvallen, maatschappelijke ontwrichting kunnen veroorzaken. [12]

"This could be in the form of tremendous casualties and severe economic damage, or in terms of an extremely lengthy recovery period and a lack of any readily available viable alternatives, while we depend on these products and services. Because the consequences of this critical infrastructure – or parts thereof – could be so dire for large segments of the Dutch population, extra attention must be given to its protection. Accordingly, this protection is designed to prevent disruption and concerns the protection against technical-organisational failings, overloading, and extreme natural phenomena or intentional or unintentional human action."(In Dutch: "Dat kan zijn omdat er sprake is van veel slachtoffers en grote economische schade, dan wel wanneer herstel zeer lang gaat duren en er geen reële alternatieven voorhanden zijn, terwijl deze producten en diensten niet gemist kunnen worden."

Poland

A critical infrastructure shall be understood as systems and mutually bound functional objects contained therein, including constructions, facilities, installations and services of key importance for the security of the state and its citizens, as well as serving to ensure efficient functioning of public administration authorities, institutions and enterprises.[13]


Spain

The strategic infrastructures (that is, those that supply essential services) the functioning of which is necessary and does not allow alternative solutions, reason why their disruption or destruction would have serious impact on essential services.[14]


United Kingdom (UK)

The United Kingdom (UK) defines national infrastructure as:

those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends [15].

In the approach of the UK, infrastructure is categorised according to its value or “criticality” and the impact of its loss. This categorisation is done using the Government “Criticality Scale”, which assigns categories for different degrees of severity of impact.

Not everything within a national infrastructure sector is “critical”. Within the sectors there are certain “critical” elements of infrastructure, the loss or compromise of which would have a major detrimental impact on the availability or integrity of essential services, leading to severe economic or social consequences or to loss of life. These “critical” assets make up the nation's critical national infrastructure (CNI) and are referred to individually as “infrastructure assets”. Infrastructure assets may be physical (e.g. sites, installations, pieces of equipment) or logical (e.g. information networks, systems).

USA

Systems and assets, whether physical or virtual, so vital services to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [16]


Standard Definition

ISO/IEC TR 27019:2013

Organizations and facilities that are essential for the functioning of society and the economy as a whole [17].

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.


Other Definitions

International Risk Governance Council (IRCG)

Critical infrastructures are the systems and facilities by which essential services are supplied [18].

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.


See also

History

European Council COM(2006)787

Those assets or parts thereof which are essential for the maintenance of critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people. [19]

Notes

  1. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
  2. [NATO EAPC(SCEPC) lexicon.]
  3. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  4. Critical Infrastructure Resilience Strategy, 2010
  5. Service Public Fédéral Intérieur/Federale Overheidsdienst Binnenlandse Zaken F./N. 2011-1799; C-2011/00399 (2011)
  6. INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
  7. http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/CIP-Strategy.pdf National Strategy for Critical Infrastructure Protection(CIP Strategy), BMI 17 June 2009.
  8. http://www.bmi.bund.de/SharedDocs/Downloads/DE/Broschueren/2009/kritis.pdf Nationale Strategie zum Schutz Kritischer Infrastrukturen(KRITIS-Strategie)), BMI 17 June 2009.
  9. Jamaica's National Cyber Security Strategy
  10. Kenya's National Cyber Security Strategy
  11. Bijlage bij Kamerstuk 26643 nr. 75 Rapportage Bescherming Vitale Infrastructuur
  12. De Nationaal Coördinator Terrorismebestrijding (2004)
  13. Polish Government Centre for Security (2013)
  14. CNPIC
  15. Centre for the Protection of National Infrastructure (CPNI)
  16. §1016(e) of the USA Patriot Act of 2001 (42 U.S.C. §5195c(e))
  17. ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.
  18. IRCG webpage on CI
  19. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Critical_Infrastructure&oldid=1974"