Critical Infrastructure

From CIPedia
Revision as of 17:13, 12 April 2015 by Eluiijf (talk | contribs) (Belgium)
Jump to navigation Jump to search

While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a CI to the society or the debilitating effect in the case of disruption. Another common characteristic of CI is that they are complex in their structure, which makes the issue of dependencies and common cause failure an important topic to society.


Definitions

European Definitions

Council Directive 2008/114/EC

An asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions [1]


Other International Definitions

NATO CEP / EAPC

Critical Infrastructure is those facilities, services and information systems which are so vital to nations that their incapacity or destruction would have a debilitating impact on national security, national economy, public health and safety and the effective functioning of the government. [2].

UNISDR

UNISDR refers to "Critical facilities" as

the primary physical structures, technical facilities and systems which are socially, economically or operationally essential to the functioning of a society or community, both in routine circumstances and in the extreme circumstances of an emergency [3].

Critical facilities are considered as elements of the infrastructure that support essential services in a society.


National Definitions

Australia

Critical infrastructures are those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security[4].

In this context, significant means an event or incident that puts at risk public safety and confidence, threatens our economic security, harms Australia’s international competitiveness, or impedes the continuity of government and its services.

Austria

Critical infrastructures are those infrastructures or parts thereof which are of crucial importance for ensuring important social functions. Their failure or destruction has severe effects on the health, security or the economic and social wellbeing of the population or the functioning of governmental institutions.[5]



Belgium

A critical infrastructure is an installation, system or part thereof, of federal interest, which is essential for the maintenance of vital societal functions, health, safety, security, economic or societal well-being of people, and which, if disrupted or destroyed, would have a significant impact.[6]



Colombia

Infraestructura crítica: Es el conjunto de computadores, sistemas computacionales, redes de telecomunicaciones, datos e información, cuya destrucción o interferencia puede debilitar o impactar en la seguridad de la economía, salud pública, o la combinación de ellas, en una nación.[7]

Critical Infrastructure is the set of computers, computer systems, telecommunication networks, data and information, the destruction or interference may weaken or impact the safety of the economy, public health, or combination thereof, of a nation (this defines the CII).

Finland

Critical infrastructure refers to the structures and functions which are indispensable for the vital functions of society. They comprise physical facilities and structures as well as electronic functions and services.[8]




France

Vital infrastructure is any establishment, facility or structure for which the damage, unavailability or destruction as a result of a malicious action, a sabotage or terrorism action could directly or indirectly: if its activity is difficultly substitutable or replaceable, severely burden the war potential or economic potential, the national security or the survivability of the nation, or to seriously affect the population’s health or life.

The French original version is:

Point d’importance vitale (PIV): tout établissement, installation ou ouvrage dont le dommage ou l’indisponibilité ou la destruction par suite d’un acte de malveillance, de sabotage ou de terrorisme risquerait, directement ou indirectement: si son activité est difficilement substituable ou remplaçable, d’obérer gravement le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la nation, ou de mettre gravement en cause la santé ou la vie de la population. [9].

The French government doesn’t use the notion of “criticality” but the notion of “vitality” with the meaning of essential service or infrastructure.


Germany

Critical infrastructures (CI) are organizational and physical structures and facilities of such vital importance to a nation's society and economy that their failure or degradation would result in sustained supply shortages, significant disruptions of public safety and security, or other dramatic consequences[10].

The German language definition is:

Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit oder andere dramatische Folgen eintreten würden.[11].




Jamaica

Critical infrastructures include systems and assets, whether physical or virtual, so critical that the incapacitation or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination thereof. [12]

This may include water and sewage networks, agriculture, health systems, emergency services, information technology and telecommunications, banking and finance, energy (electrical and wind generated), transportation (air, road, port), postal and shipping entities.


Kenya

Critical infrastructures describe assets that are essential for the functioning of a society and economy. (e.g., electrical grid, telecommunications,water supply).[13]




Latvia

Critical infrastructure is the objects, systems, or their parts in Latvia, which are important in providing the performance of functions essential to society, as well as for ensuring the protection of human health, security, economic or social welfare, whose destruction or malfunctioning may significantly influence the performance of state functions.[14]

The critical infrastructure of information technology is protected in order to ensure the performance of basic functions essential to the state and society.


Netherlands

Critical infrastructures (Dutch: Vitale Infrastructuur) refers to products, services and the accompanying processes that, in the event of disruption or failure, could cause major social disturbance.[15]

The Dutch language version is:

Vitale Infrastructuur: Producten, diensten en de onderliggende processen die, als zij uitvallen, maatschappelijke ontwrichting kunnen veroorzaken. [16]

"This could be in the form of tremendous casualties and severe economic damage, or in terms of an extremely lengthy recovery period and a lack of any readily available viable alternatives, while we depend on these products and services. Because the consequences of this critical infrastructure – or parts thereof – could be so dire for large segments of the Dutch population, extra attention must be given to its protection. Accordingly, this protection is designed to prevent disruption and concerns the protection against technical-organisational failings, overloading, and extreme natural phenomena or intentional or unintentional human action."(In Dutch: "Dat kan zijn omdat er sprake is van veel slachtoffers en grote economische schade, dan wel wanneer herstel zeer lang gaat duren en er geen reële alternatieven voorhanden zijn, terwijl deze producten en diensten niet gemist kunnen worden."

New Zealand

National Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy.[17]

For instance, electricity generation, gas production, telecommunications, water supply etc.


Norway

Kritisk infrastruktur: Samfunnets funksjonsdyktighet er svært avhengig av en rekke fysiske og tekniske infrastrukturer. Ved alvorlig svikt i disse infrastrukturene er samfunnet ikke i stand til å opprettholde de leveranser av varer og tjenester som befolkningen er avhengig av (jf. samfunnskritiske funksjoner). Disse infrastrukturene kan omtales som kritiske for samfunnet.[18]

Critical infrastructure: The functioning of the society is highly dependent on a variety of physical and technical infrastructures. In case of a severe failure of these infrastructures, the society is not able to maintain the supply of goods and services. As the population is dependent on these infrastructures (ref. socio-critical functions), they may be referred to as critical for society.


Poland

A critical infrastructure shall be understood as systems and mutually bound functional objects contained therein, including constructions, facilities, installations and services of key importance for the security of the state and its citizens, as well as serving to ensure efficient functioning of public administration authorities, institutions and enterprises.[19]



Republic of Trinidad & Tobago

Critical infrastructure means computer systems, devices, networks, computer programs, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, defence or international relations of the State; or provision of services directly related to national or economic security, banking and financial services, communications infrastructure, national public health and safety, public transportation, public key infrastructure or any combination of those matters.[20]

Note: this actually is a definition of CII.

Spain

The strategic infrastructures (that is, those that supply essential services) the functioning of which is necessary and does not allow alternative solutions, reason why their disruption or destruction would have serious impact on essential services.[21]




Switzerland

Critical infrastructure refers to infrastructure whose disruption, failure or destruction would have serious implications for society, the private sector and the state.[22]




United Kingdom (UK)

The United Kingdom (UK) defines national infrastructure as:

those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends [23].

In the approach of the UK, infrastructure is categorised according to its value or “criticality” and the impact of its loss. This categorisation is done using the Government “Criticality Scale”, which assigns categories for different degrees of severity of impact.

Not everything within a national infrastructure sector is “critical”. Within the sectors there are certain “critical” elements of infrastructure, the loss or compromise of which would have a major detrimental impact on the availability or integrity of essential services, leading to severe economic or social consequences or to loss of life. These “critical” assets make up the nation's critical national infrastructure (CNI) and are referred to individually as “infrastructure assets”. Infrastructure assets may be physical (e.g. sites, installations, pieces of equipment) or logical (e.g. information networks, systems).


United States

Systems and assets, whether physical or virtual, so vital services to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [24]




Standard Definition

ISO/IEC TR 27019:2013

Organizations and facilities that are essential for the functioning of society and the economy as a whole [25].

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.


Other Definitions

International Risk Governance Council (IRCG)

Critical infrastructures are the systems and facilities by which essential services are supplied [26].

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.


See also

History

European Council COM(2006)787

Those assets or parts thereof which are essential for the maintenance of critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people. [27]

Notes

  1. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
  2. NATO EAPC(SCEPC) lexicon.
  3. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  4. Critical Infrastructure Resilience Strategy, 2010
  5. Austrian Cyber Security Strategy, FFederal Chancellery of the Republic of Austria, Vienna, 2013
  6. Service Public Fédéral Intérieur/Federale Overheidsdienst Binnenlandse Zaken F./N. 2011-1799; C-2011/00399 (2011)
  7. Conpes 3510 (Resolución CRC 2258 de 2009)
  8. Finlands' Cyber Security Strategy
  9. INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
  10. National Strategy for Critical Infrastructure Protection(CIP Strategy), BMI 17 June 2009.
  11. Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie)), BMI 17 June 2009.
  12. Jamaica's National Cyber Security Strategy
  13. Kenya's National Cyber Security Strategy
  14. CYBER SECURITY STRATEGY OF LATVIA 2014–2018
  15. Bijlage bij Kamerstuk 26643 nr. 75 Rapportage Bescherming Vitale Infrastructuur
  16. De Nationaal Coördinator Terrorismebestrijding (2004)
  17. New Zealand’s Cyber Security Strategy (2011)
  18. Nasjonal strategi for informasjonssikkerhet (2012)
  19. Polish Government Centre for Security (2013)
  20. Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
  21. CNPIC
  22. National strategy for the protection of Switzerland against cyber risks (2012)
  23. Centre for the Protection of National Infrastructure (CPNI)
  24. §1016(e) of the United States Patriot Act of 2001 (42 U.S.C. §5195c(e))
  25. ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.
  26. IRCG webpage on CI
  27. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Critical_Infrastructure&oldid=2239"