The IT Law Wiki


The White House, Executive Order 13231, Critical Infrastructure Protection in the Information Age (Oct. 2001) (full-text), as amended by Executive Order 13286 (Feb. 28, 2003).


This Executive Order established the President’s Critical Infrastructure Protection Board to coordinate cyber-related federal efforts and programs associated with protecting our nation’s critical infrastructures. The Executive Order tasked the board with recommending policies and coordinating programs for protecting critical infrastructure protection (CIP)-related information systems. The Special Advisor to the President for Cyberspace Security chaired the board.

This Executive Order provides specific policy direction to ensure the protection of information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems. It recognizes the important role that networked information systems (critical information infrastructure) play in supporting all aspects of our civil society and economy, and the increasing degree to which other critical infrastructure sectors have become dependent on such systems.

It formally establishes as U.S. policy the need to protect against disruption of the operation of these systems and to ensure that any disruptions that do occur are infrequent, of minimal duration, manageable, and cause the least damage possible. This Executive Order specifically calls for the implementation of the policy to include "a voluntary public-private partnership, involving corporate and nongovernmental organizations." This Executive Order also reaffirms existing authorities and responsibilities assigned to various executive branch agencies and interagency committees to ensure the security and integrity of Federal information systems generally and of national security information systems in particular.

The Executive Order established ten standing committees to support the board's work on a wide range of critical information. According to EO 13231, the board's responsibilities were to recommend policies and coordinate programs for protecting information systems for critical infrastructures, including emergency preparedness communications and the physical assets that support such systems. The Special Advisor reported to the Assistant to the President for National Security Affairs and to the Assistant to the President for Homeland Security and coordinated with the Assistant to the President for Economic Policy on issues relating to private-sector systems and economic effects and with the Director of OMB on issues relating to budgets and the security of federal computer systems.

The Executive Order emphasized the importance of CIP and the information sharing and analysis centers (ISACs), but did not identify any additional requirements for agencies to protect their critical infrastructures or suggested additional activities for the ISACs.

The Executive Order also established the National Infrastructure Advisory Council.