Download Locations

• U.S. Department of State

Summary

The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nation's critical infrastructures to "cyber" attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks and the subsequent impact on the communications, finance, and transportation services, physical protections of critical infrastructures is receiving greater attention. Following the events of September 11, the Bush Administration released two relevant Executive Orders (EOs). EO 13228, signed October 8, 2001 established the Office of Homeland Security. Among its duties, the Office shall "coordinate efforts to protect the United States and its critical infrastructure from the consequences of terrorist attacks." EO 13231, signed October 16, stated the Bush Administration's policy and objectives for protecting the nation's information infrastructure. These are similar to those stated in PDD-63 and assumed continuation of many PDD-63 activities. E.O. 13231, however, focused entirely on information systems. E.O. 13231 also established the President's Critical Infrastructure Protection Board. The mission of the Board is to "recommend and coordinate programs for protecting information systems for critical infrastructures." On November 22, 2002, Congress passed legislation creating a Department of Homeland Security. The Department consolidates into a single department a number of offices and agencies responsible for implementing various aspects of homeland security. One of the directorates created by the legislation is responsible for Information Analysis and Infrastructure Protection. While the creation of a new department affects some consolidation, dispersed and overlapping responsibilities in the area of critical infrastructure protection remains an issue. Other issues include protections for information shared between the government and the private sector, privacy versus protection, costs and the need to set priorities, and whether or not the federal government will need to employ more direct incentives to achieve an adequate level of protection by the private sector.

XML