Download Locations

• Open CRS (User submitted)

Summary

The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for sometime about the vulnerability of critical infrastructure to both physical and cyber attack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both manmade and natural events, implementation focused on cyber protection against manmade cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks, physical protections of critical infrastructures is receiving increased attention. Following the events of September 11, the Bush Administration released two relevant Executive Orders (EOs). EO 13228, signed October 8, 2001, established the Office of Homeland Security. Among its duties, the Office shall "coordinate efforts to protect the United States and its critical infrastructure from the consequences of terrorist attacks." EO 13231, signed October 16, stated the Bush Administration's policy and objectives for protecting the nation's information infrastructure and established the President's Critical Infrastructure Protection Board chaired by a Special Advisor to the President for Cybersecurity (both of which were later abolished by an amending executive order). More recently (December 17, 2003), the Bush Administration released Homeland Security Presidential Directive 7, reiterating and expanding upon infrastructure protection policy and responsibilities which remain relatively unchanged through two Administrations. Congress passed legislation in 2002 creating a Department of Homeland Security, consolidating into a single department a number of offices and agencies responsible for implementing various aspects of homeland security. Even so, infrastructure protection activities remain spread out between various directorates and agencies within the Department, including the Information Analysis and Infrastructure Protection Directorate and the Transportation Security Administration. Issues in critical infrastructure protection include how to integrate cyber and physical protection; mechanisms for sharing information between the government, the private sector, and the public; the need to set priorities; and, whether or not the federal government will need to employ more direct incentives to achieve an adequate level of protection by the private sector and states. This report will be updated as warranted.

XML