Critical Infrastructure
While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a CI to the society or the debilitating effect in the case of disruption. Another common characteristic of CI is that they are complex in their structure, which makes the issue of dependencies and common cause failure an important topic to society.
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Australia
- 1.3.2 Austria
- 1.3.3 Belgium
- 1.3.4 Brazil
- 1.3.5 Canada
- 1.3.6 Colombia
- 1.3.7 Czech Republic
- 1.3.8 Finland
- 1.3.9 France
- 1.3.10 Germany
- 1.3.11 Jamaica
- 1.3.12 Japan
- 1.3.13 Kenya
- 1.3.14 Latvia
- 1.3.15 Netherlands
- 1.3.16 New Zealand
- 1.3.17 Norway
- 1.3.18 Poland
- 1.3.19 Republic of Trinidad & Tobago
- 1.3.20 Spain
- 1.3.21 Switzerland
- 1.3.22 United Kingdom (UK)
- 1.3.23 United States
- 1.4 Standard Definition
- 1.5 Other Definitions
- 2 See also
- 3 History
- 4 Notes
Definitions
European Definitions
Council Directive 2008/114/EC
Other International Definitions
NATO CEP / EAPC
UNISDR
UNISDR refers to "Critical facilities" as
Critical facilities are considered as elements of the infrastructure that support essential services in a society.
National Definitions
Australia
In this context, significant means an event or incident that puts at risk public safety and confidence, threatens our economic security, harms Australia’s international competitiveness, or impedes the continuity of government and its services.
Austria
Belgium
Brazil
Canada
Ensemble des processus, des systèmes, des installations, des technologies, des réseaux, des biens et des services nécessaires pour assurer la santé, la sûreté, la sécurité ou le bien-être économique des Canadiens ainsi que le fonctionnement efficace du gouvernement. [8]
Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence.
Colombia
Critical Infrastructure is the set of computers, computer systems, telecommunication networks, data and information, the destruction or interference may weaken or impact the safety of the economy, public health, or combination thereof, of a nation (this defines the CII).
Czech Republic
Systémy a služby, jejichž nefunkčnost nebo špatná funkčnost by měla závažný dopad na bezpečnost státu, jeho ekonomiku, veřejnou správu a v důsledku na zabezpečení základních životních potřeb obyvatelstva.
Finland
France
The French original version is:
The French government doesn’t use the notion of “criticality” but the notion of “vitality” with the meaning of essential service or infrastructure.
Germany
The German language definition is:
Jamaica
This may include water and sewage networks, agriculture, health systems, emergency services, information technology and telecommunications, banking and finance, energy (electrical and wind generated), transportation (air, road, port), postal and shipping entities.
Japan
Kenya
Latvia
The critical infrastructure of information technology is protected in order to ensure the performance of basic functions essential to the state and society.
Netherlands
Ministry of Security and Justice 2015
Since April 2015, The Netherlands recognises [19] two categories in criticality of critical infrastructure:
Category A: at least impact on one of the following four impact categories:
- economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income
- physical impact: > 10.000 deaths, severely injured or chronically ill
- social-psychological impact: > 1 million persons are emotionally affected or experience serious societal survivability problems (fear, anger, disturbance)
- cascade impact: this disruption causes failure of minimal two other (critical) sectors
Category B: at least impact on one of the following three impact categories:
- economic impact: > 5.000 million euro costs and damages, or 1.0% decrease in real income
- physical impact: > 1.000 deaths, severely injured or chronically ill
- social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems
Ministry of Security and Justice 2005
The Dutch language version is:
"This could be in the form of tremendous casualties and severe economic damage, or in terms of an extremely lengthy recovery period and a lack of any readily available viable alternatives, while we depend on these products and services. Because the consequences of this critical infrastructure – or parts thereof – could be so dire for large segments of the Dutch population, extra attention must be given to its protection. Accordingly, this protection is designed to prevent disruption and concerns the protection against technical-organisational failings, overloading, and extreme natural phenomena or intentional or unintentional human action."(In Dutch: "Dat kan zijn omdat er sprake is van veel slachtoffers en grote economische schade, dan wel wanneer herstel zeer lang gaat duren en er geen reële alternatieven voorhanden zijn, terwijl deze producten en diensten niet gemist kunnen worden."
General Security and Intelligence Service (AIVD)
New Zealand
For instance, electricity generation, gas production, telecommunications, water supply etc.
Norway
Critical infrastructure: The functioning of the society is highly dependent on a variety of physical and technical infrastructures. In case of a severe failure of these infrastructures, the society is not able to maintain the supply of goods and services. As the population is dependent on these infrastructures (ref. socio-critical functions), they may be referred to as critical for society.
Poland
Republic of Trinidad & Tobago
Note: this actually is a definition of CII.
Spain
Switzerland
United Kingdom (UK)
The United Kingdom (UK) defines national infrastructure as:
In the approach of the UK, infrastructure is categorised according to its value or “criticality” and the impact of its loss. This categorisation is done using the Government “Criticality Scale”, which assigns categories for different degrees of severity of impact.
Not everything within a national infrastructure sector is “critical”. Within the sectors there are certain “critical” elements of infrastructure, the loss or compromise of which would have a major detrimental impact on the availability or integrity of essential services, leading to severe economic or social consequences or to loss of life. These “critical” assets make up the nation's critical national infrastructure (CNI) and are referred to individually as “infrastructure assets”. Infrastructure assets may be physical (e.g. sites, installations, pieces of equipment) or logical (e.g. information networks, systems).
United States
Standard Definition
ISO/IEC TR 27019:2013
The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.
Other Definitions
International Risk Governance Council (IRCG)
The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.
Ontario (Canada)
See also
History
European Council COM(2006)787
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ NATO EAPC(SCEPC) lexicon.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ Critical Infrastructure Resilience Strategy, 2010
- ↑ Austrian Cyber Security Strategy, FFederal Chancellery of the Republic of Austria, Vienna, 2013
- ↑ Service Public Fédéral Intérieur/Federale Overheidsdienst Binnenlandse Zaken F./N. 2011-1799; C-2011/00399 (2011)
- ↑ [http://www.gsma.com/latinamerica/mobile-telecommunications-networks-for-the-2014- world-cup/ Emilio Tissato Nakamura, Jadir Antonio da Silva, José Manuel Martin Rios et al., ‘Mobile Telecommunications Networks for the 2014 World Cup’, GSM Association (2011)]
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Conpes 3510 (Resolución CRC 2258 de 2009)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Finlands' Cyber Security Strategy
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ National Strategy for Critical Infrastructure Protection(CIP Strategy), BMI 17 June 2009.
- ↑ Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie)), BMI 17 June 2009.
- ↑ Jamaica's National Cyber Security Strategy
- ↑ The Information Security Policy Council, The Second Action Plan on Information Security Measures for Critical Infrastructures, Japan (2009)
- ↑ Kenya's National Cyber Security Strategy
- ↑ CYBER SECURITY STRATEGY OF LATVIA 2014–2018
- ↑ https://www.nctv.nl/actueel/nieuws/kabinet-versterkt-crisisbeheersing.aspx?cp=126&cs=59950 Voortgangsbrief nationale veiligheid 9 april 2015
- ↑ Bijlage bij Kamerstuk 26643 nr. 75 Rapportage Bescherming Vitale Infrastructuur
- ↑ De Nationaal Coördinator Terrorismebestrijding (2004)
- ↑ General Security and Intelligence Service
- ↑ New Zealand’s Cyber Security Strategy (2011)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Polish Government Centre for Security (2013)
- ↑ Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
- ↑ CNPIC
- ↑ National strategy for the protection of Switzerland against cyber risks (2012)
- ↑ Centre for the Protection of National Infrastructure (CPNI)
- ↑ §1016(e) of the United States Patriot Act of 2001 (42 U.S.C. §5195c(e))
- ↑ ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.
- ↑ IRCG webpage on CI
- ↑ 33.0 33.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.