Critical infrastructure

Overview
Critical infrastructures are physical or virtual systems and assets so vital to the nation that their incapacitation or destruction would:


 * cause catastrophic health effects or mass casualties comparable to those from the use of weapons of mass destruction,
 * impair Federal departments and agencies’ abilities to perform essential missions or ensure the public’s health and safety,
 * undermine State and local government capacities to maintain order and deliver minimum essential public services,
 * damage the private sector’s capability to ensure the orderly functioning of the economy . . . ,
 * have a negative effect on the economy through the cascading disruption of other critical infrastructure,
 * or undermine the public’s morale and confidence in our national economic and political institutions.

Definition
The statutory definition of critical infrastructure is given in the USA PATRIOT Act. It is: “systems and assets. . . so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.”

Critical infrastructure sectors
There are 18 critical infrastructure sectors: agriculture and food, banking and finance, chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, government facilities, information technology, national monuments and icons, nuclear reactors, materials and waste, postal and shipping, public health and health care, transportation systems, and water. These systems and assets are essential to the operations of the economy and the government.

Cyberspace is their nervous system &mdash; the control system of our country. Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow the critical infrastructures to work. The healthy functioning of cyberspace is essential to the U.S. economy and national security.

Disruptions
Disruptions can be caused by any number of factors: poor design, operator error, physical destruction due to natural causes, (earthquakes, lightning strikes, etc.) or physical destruction due to intentional human actions (theft, arson, terrorist attack, etc.). Disruption of any infrastructure is always inconvenient and can be costly and even life-threatening. Major disruptions could lead to major losses and affect national security, the economy, and the public good.

Over the years, operators of these critical infrastructures have taken measures to guard against, and to quickly respond to, many of these threats, primarily to improve reliability and safety. However, the terrorist attacks of September 11, and the subsequent anthrax attacks, demonstrated the need to reexamine protections in light of the terrorist threat, as part of an overall critical infrastructure protection policy.

Threats
The U.S. government has identified multiple sources of threats to our nation’s critical infrastructure, including foreign nation states engaged in information warfare, domestic criminals, hackers, virus writers, and disgruntled employees working within an organization. In addition, there is concern about the growing vulnerabilities to our nation as the design, manufacture, and service of information technology have moved overseas. For example, according to media reports, technology has been shipped to the United States from foreign countries with viruses on the storage devices.

All critical infrastructures are increasingly dependent on information and communications. The most important impact and vulnerability for this sector is the increasing interdependency of the Public Telephone Network (PTN) and the Internet. The Internet depends heavily on the PTN. The PTN, in turn, depends on electrical power for operations and on telephone lines and fiber optic cables that often run along transportation routes. The PTN is increasingly software driven, and remotely managed and maintained through computer networks. Deregulation of the telecommunications industry has had a markedly increase the number of access points, increasing opportunities for attacks.

U.S. authorities are concerned about the prospect of combined physical and cyber attacks, which could have devastating consequences. For example, a cyber attack could disable a security system in order to facilitate a physical attack.