Critical Infrastructure

From CIPedia
Revision as of 23:03, 22 June 2015 by Eluiijf (talk | contribs)
Jump to navigation Jump to search

While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a CI to the society or the debilitating effect in the case of disruption. Another common characteristic of CI is that they are complex in their structure, which makes the issue of dependencies and common cause failure an important topic to society.


Definitions

European Definitions

Council Directive 2008/114/EC

An asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions. [1]


Other International Definitions

ITU-T

Critical Infrastructure the key systems, services and functions whose disruption or destruction would have a debilitating impact on public health and safety, commerce, and national security, or any combination of these. [2]


NATO

CCD-CoE (Tallinn manual)
Physical or virtual systems and assets under the jurisdiction of a State that are so vital that their incapacitation or destruction may debilitate a State’s security, economy, public health or safety, or the environment. [3]


CEP / EAPC
Critical Infrastructure is those facilities, services and information systems which are so vital to nations that their incapacity or destruction would have a debilitating impact on national security, national economy, public health and safety and the effective functioning of the government. [4]


UNISDR

UNISDR refers to "Critical facilities" as

the primary physical structures, technical facilities and systems which are socially, economically or operationally essential to the functioning of a society or community, both in routine circumstances and in the extreme circumstances of an emergency. [5]

Critical facilities are considered as elements of the infrastructure that support essential services in a society.


National Definitions

Australia

Critical infrastructures are those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security. [6]

In this context, significant means an event or incident that puts at risk public safety and confidence, threatens our economic security, harms Australia’s international competitiveness, or impedes the continuity of government and its services.

Austria

Critical infrastructures are those infrastructures or parts thereof which are of crucial importance for ensuring important social functions. Their failure or destruction has severe effects on the health, security or the economic and social wellbeing of the population or the functioning of governmental institutions. [7]



Belgium

Kritieke infrastructuur is een installatie, systeem of een deel daarvan, van federal belang, dat van essentieel belang is voor het behoud van vitale maatschappelijke functies, de gezondheid, de veiligheid, de beveiliging, de economische welvaart of het maatschappelijk welzijn, en waarvan de verstoring van de werking of de vernietiging een aanzienlijke weerslag zou hebben doordat die functies ontregeld zouden raken. [8]

Infrastructure critique: installation, système ou partie de celuici, d’intérêt fédéral, qui est indispensable au maintien des fonctions vitales de la société, de la santé, de la sûreté, de la sécurité et du bien-être économique ou social des citoyens, et dont l’interruption du fonctionnement ou la destruction aurait une incidence significative du fait de la défaillance de ces fonctions. [9]

A critical infrastructure is an installation, system or part thereof, of federal interest, which is essential for the maintenance of vital societal functions, health, safety, security, economic or societal well-being of people, and which, if disrupted or destroyed, would have a significant impact. [10]



Brazil

Infraestruturas Críticas: instalações, serviços, bens e sistemas que, se forem interrompidos ou destruídos, provocarão sério impacto social, econômico, político, internacional ou à segurança do Estado e da sociedade. [11]
Critical infrastructure are the installations, services or assets that if destroyed, disrupted or incapacitated will have a debilitating impact on security, the national economy, national public health and safety. [12]



Canada

Critical infrastructure refers to processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government.
Ensemble des processus, des systèmes, des installations, des technologies, des réseaux, des biens et des services nécessaires pour assurer la santé, la sûreté, la sécurité ou le bien-être économique des Canadiens ainsi que le fonctionnement efficace du gouvernement. [13]

Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence.

Colombia

Infraestructura crítica: Es el conjunto de computadores, sistemas computacionales, redes de telecomunicaciones, datos e información, cuya destrucción o interferencia puede debilitar o impactar en la seguridad de la economía, salud pública, o la combinación de ellas, en una nación. [14]

Critical Infrastructure is the set of computers, computer systems, telecommunication networks, data and information, the destruction or interference may weaken or impact the safety of the economy, public health, or combination thereof, of a nation (this defines the CII).

Czech Republic

Systems and services whose unfunctionality or wrong functionality would result in a serious impact on state security, its economy, public administration and in the end on provision of the basic daily needs of population. [15]

Systémy a služby, jejichž nefunkčnost nebo špatná funkčnost by měla závažný dopad na bezpečnost státu, jeho ekonomiku, veřejnou správu a v důsledku na zabezpečení základních životních potřeb obyvatelstva.

Finland

Critical infrastructure refers to the structures and functions which are indispensable for the vital functions of society. They comprise physical facilities and structures as well as electronic functions and services. [16]



France

Vital infrastructure is any establishment, facility or structure for which the damage, unavailability or destruction as a result of a malicious action, a sabotage or terrorism action could directly or indirectly: if its activity is difficultly substitutable or replaceable, severely burden the war potential or economic potential, the national security or the survivability of the nation, or to seriously affect the population’s health or life.

The French original version is:

Point d’importance vitale (PIV): tout établissement, installation ou ouvrage dont le dommage ou l’indisponibilité ou la destruction par suite d’un acte de malveillance, de sabotage ou de terrorisme risquerait, directement ou indirectement: si son activité est difficilement substituable ou remplaçable, d’obérer gravement le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la nation, ou de mettre gravement en cause la santé ou la vie de la population. [17]

The French government doesn’t use the notion of “criticality” but the notion of “vitality” with the meaning of essential service or infrastructure.

Germany

Critical infrastructures (CI) are organizational and physical structures and facilities of such vital importance to a nation's society and economy that their failure or degradation would result in sustained supply shortages, significant disruptions of public safety and security, or other dramatic consequences. [18]

The German language definition is:

Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit oder andere dramatische Folgen eintreten würden. [19]



Jamaica

Critical infrastructures include systems and assets, whether physical or virtual, so critical that the incapacitation or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination thereof. [20]

This may include water and sewage networks, agriculture, health systems, emergency services, information technology and telecommunications, banking and finance, energy (electrical and wind generated), transportation (air, road, port), postal and shipping entities.

Japan

Critical infrastructures are the basis of people’s social lives and economic activities formed by businesses that provide services which are extremely difficult to be substituted by others if its function is suspended, deteriorated or become unavailable, it could have significant impacts on people’s social lives and economic activities. [21]



Kenya

Critical infrastructures describe assets that are essential for the functioning of a society and economy. (e.g., electrical grid, telecommunications,water supply). [22]



Latvia

Critical infrastructure is the objects, systems, or their parts in Latvia, which are important in providing the performance of functions essential to society, as well as for ensuring the protection of human health, security, economic or social welfare, whose destruction or malfunctioning may significantly influence the performance of state functions. [23]

The critical infrastructure of information technology is protected in order to ensure the performance of basic functions essential to the state and society.

Montenegro

Kritična infrastruktura – se odnosi na imovinu, sisteme, usluge ili njihov dio, čijim bi se prekidom rada ili uništenjem, ugrozile ključne društvene funkcije: zdravlje, mir, bezbjednost, ekonomsko i socijalno blagostanje ili normalno funkcionisanje države. [24]
Critical infrastructure relates to property, systems, services, or part thereof, which would be an interruption of service or destruction, threaten key social functions: health, peace, security, economic and social well-being or the normal functioning of the state (equals the EU definition).


Netherlands

Critical infrastructures (Dutch: Vitale Infrastructuur) refers to products, services and the accompanying processes that, in the event of disruption or failure, could cause major social disturbance. [25]

The Dutch language version is:

Vitale Infrastructuur zijn producten, diensten en de onderliggende processen die, als zij uitvallen, maatschappelijke ontwrichting kunnen veroorzaken. [26]

"This could be in the form of tremendous casualties and severe economic damage, or in terms of an extremely lengthy recovery period and a lack of any readily available viable alternatives, while we depend on these products and services. Because the consequences of this critical infrastructure – or parts thereof – could be so dire for large segments of the Dutch population, extra attention must be given to its protection. Accordingly, this protection is designed to prevent disruption and concerns the protection against technical-organisational failings, overloading, and extreme natural phenomena or intentional or unintentional human action."(In Dutch: "Dat kan zijn omdat er sprake is van veel slachtoffers en grote economische schade, dan wel wanneer herstel zeer lang gaat duren en er geen reële alternatieven voorhanden zijn, terwijl deze producten en diensten niet gemist kunnen worden."

Since April 2015, The Netherlands recognises [27] two categories in criticality of critical infrastructure:
Category A: at least impact on one of the following four impact categories:

  1. economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income
  2. physical impact: > 10.000 deaths, severely injured or chronically ill
  3. social-psychological impact: > 1 million persons are emotionally affected or experience serious societal survivability problems (fear, anger, disturbance)
  4. cascade impact: this disruption causes failure of minimal two other (critical) sectors

Category B: at least impact on one of the following three impact categories:

  1. economic impact: > 5.000 million euro costs and damages, or 1.0% decrease in real income
  2. physical impact: > 1.000 deaths, severely injured or chronically ill
  3. social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems

General Security and Intelligence Service (AIVD)
Sectoren en delen van de infrastructuur die zo vitaal (van wezenlijk belang) zijn voor de Nederlandse samenleving dat uitval of ernstige verstoring ervan grote maatschappelijke schade tot gevolg kan hebben. [28]




New Zealand

National Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. [29]

For instance, electricity generation, gas production, telecommunications, water supply etc.

Norway

Kritisk infrastruktur er de anlegg og systemer som er helt nødvendige for å opprettholde samfunnets kritiske funksjoner som igjen dekker samfunnets grunnleggende behov og befolkningens trygghetsfølelse (NOU 6:2006, s. 31).
Critical infrastructure is the construction and systems essential to maintain society's critical features which covers society's basic needs and population's sense of security. [30]

Society’s functional ability is highly dependent on a number of physical and technical infrastructures. In the event of a failure in these infrastructures, society will be unable to maintain the supply of goods and services on which the population depends (cf. critical societal functions). These infrastructures can be described as critical to society. [31]

Poland

A critical infrastructure shall be understood as systems and mutually bound functional objects contained therein, including constructions, facilities, installations and services of key importance for the security of the state and its citizens, as well as serving to ensure efficient functioning of public administration authorities, institutions and enterprises. [32]



Qatar

Physical assets, systems or installations, which if disrupted, compromised, or destroyed, would have a serious impact on the health, safety, security, or economic well-being of Qatar or the effective functioning of the Qatari government. [33] [34]



Republic of Slovenia

Kritična infrastruktura državnega pomena v Republiki Sloveniji obsega tiste zmogljivosti in storitve, ki so ključnega pomena za državo in bi prekinitev njihovega delovanja ali njihovo uničenje pomembno vplivalo in imelo resne posledice na nacionalno varnost, gospodarstvo, ključne družbene funkcije, zdravje, varnost in zaščito ter družbeno blaginjo. [35]
(equals the EU definition)



Republic of Trinidad & Tobago

Critical infrastructure means computer systems, devices, networks, computer programs, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, defence or international relations of the State; or provision of services directly related to national or economic security, banking and financial services, communications infrastructure, national public health and safety, public transportation, public key infrastructure or any combination of those matters. [36]

Note: this actually is a definition of CII.

Spain

The strategic infrastructures (that is, those that supply essential services) the functioning of which is necessary and does not allow alternative solutions, reason why their disruption or destruction would have serious impact on essential services. [37]



Sweden

Critical Infrastructure means those assets, systems or parts thereof located in the EU Member States which are essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions. (equals the EU definition) [38]



Switzerland

Critical infrastructure refers to infrastructure whose disruption, failure or destruction would have serious implications for society, the private sector and the state. [39]



United Kingdom (UK)

The United Kingdom (UK) defines national infrastructure as:

those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends. [40]

In the approach of the UK, infrastructure is categorised according to its value or “criticality” and the impact of its loss. This categorisation is done using the Government “Criticality Scale”, which assigns categories for different degrees of severity of impact.

Not everything within a national infrastructure sector is “critical”. Within the sectors there are certain “critical” elements of infrastructure, the loss or compromise of which would have a major detrimental impact on the availability or integrity of essential services, leading to severe economic or social consequences or to loss of life. These “critical” assets make up the nation's critical national infrastructure (CNI) and are referred to individually as “infrastructure assets”. Infrastructure assets may be physical (e.g. sites, installations, pieces of equipment) or logical (e.g. information networks, systems).

United States

Systems and assets, whether physical or virtual, so vital services to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [41]



Standard Definition

ISO/IEC TR 27019:2013

Organizations and facilities that are essential for the functioning of society and the economy as a whole. [42]

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.


Other Definitions

International Risk Governance Council (IRCG)

Critical infrastructures are the systems and facilities by which essential services are supplied [43].

The standard notes that a failure or malfunction of such organizations and facilities would result in sustained supply shortfalls, make a significant impact on public security and have other wide ranging impacts.

Ontario (Canada)

Critical Infrastructure (CI): interdependent, interactive, interconnected networks of institutions, services, systems and processes that meet vital human needs, sustain the economy, protect public safety and security, and maintain continuity of and confidence in government. [44]


Infrastructure essentielle: réseaux interdépendants, interactifs et interconnectés d’institutions, de services, de systèmes et de processus qui répondent aux besoins vitaux des êtres humains, soutiennent l’économie, protègent la sécurité publique, assurent la continuité des services gouvernementaux et maintiennent la confiance du public envers le gouvernement. [44]


See also

History

European Council COM(2006)787

Those assets or parts thereof which are essential for the maintenance of critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people. [45]

Notes

  1. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
  2. ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
  3. Tallinn Manual on the International Law Applicable to Cyber Warfare (2013)
  4. NATO EAPC(SCEPC) lexicon.
  5. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  6. Critical Infrastructure Resilience Strategy, 2010
  7. Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
  8. N. 2011 — 1799 C − 2011/00399 1 JULI 2011. — Wet betreffende de beveiliging en de bescherming van de kritieke infrastructure
  9. N. 2011 — 1799 [ − 2011/00399 1er JUILLET 2011. — Loi relative à la sécurité et la protection des infrastructures critiques
  10. Service Public Fédéral Intérieur/Federale Overheidsdienst Binnenlandse Zaken F./N. 2011-1799; C-2011/00399 (2011)
  11. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Portaria Nº 45, de 8 de setembro de 2009. Gabinete de Segurança Institucional da Presidência da República.
  12. [http://www.gsma.com/latinamerica/mobile-telecommunications-networks-for-the-2014- world-cup/ Emilio Tissato Nakamura, Jadir Antonio da Silva, José Manuel Martin Rios et al., ‘Mobile Telecommunications Networks for the 2014 World Cup’, GSM Association (2011)]
  13. [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
  14. Conpes 3510 (Resolución CRC 2258 de 2009)
  15. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  16. Finlands' Cyber Security Strategy
  17. INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
  18. National Strategy for Critical Infrastructure Protection(CIP Strategy), BMI 17 June 2009.
  19. Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie)), BMI 17 June 2009.
  20. Jamaica's National Cyber Security Strategy
  21. The Information Security Policy Council, The Second Action Plan on Information Security Measures for Critical Infrastructures, Japan (2009)
  22. Kenya's National Cyber Security Strategy
  23. CYBER SECURITY STRATEGY OF LATVIA 2014–2018
  24. Strategija o bezbjednosti 2013-2017 (2012)
  25. Bijlage bij Kamerstuk 26643 nr. 75 Rapportage Bescherming Vitale Infrastructuur
  26. De Nationaal Coördinator Terrorismebestrijding (2004)
  27. https://www.nctv.nl/actueel/nieuws/kabinet-versterkt-crisisbeheersing.aspx?cp=126&cs=59950 Voortgangsbrief nationale veiligheid 9 april 2015
  28. General Security and Intelligence Service
  29. New Zealand’s Cyber Security Strategy (2011)
  30. VEILEDNING Sikkerhet i kritisk infrastruktur og kritiske samfunnsfunksjoner – modell for overordnet risikostyring
  31. Cyber Security Strategy for Norway (2012)
  32. Polish Government Centre for Security (2013)
  33. QATAR National Cyber Security Strategy (May 2014)
  34. الاستراتيجية الوطنية للأمن السيبراني QATAR NCSS - Arabic version (May 2014)
  35. [1]
  36. Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
  37. CNPIC
  38. Action Plan for the Protection of Vital Societal Functions & Critical Infrastructure, Swedish Civil Contingencies Agency (MSB) (2014).
  39. National strategy for the protection of Switzerland against cyber risks (2012)
  40. Centre for the Protection of National Infrastructure (CPNI)
  41. §1016(e) of the United States Patriot Act of 2001 (42 U.S.C. §5195c(e))
  42. ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.
  43. IRCG webpage on CI
  44. 44.0 44.1 Province of Ontario’s Emergency Management Glossary of Terms
  45. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Critical_Infrastructure&oldid=3380"