Protecting critical infrastructure

Measures to eliminate any significant vulnerability to both physical and cyber attacks on critical infrastructures, including especially electronic and cyber-based systems. Since the targets of attacks on critical infrastructure will include both facilities in the economy and those in the government, the elimination of potential vulnerability requires a closely coordinated effort of both the public and the private sector.

The improved protection, including secure dissemination and information handling systems, of industry trade secrets and other confidential business data, law enforcement information and evidentiary material, classified national security information, unclassified material disclosing vulnerabilities of privately owned infrastructures and apparently innocuous information that, in the aggregate, it is unwise to disclose.

National defense, public safety, economic prosperity, and quality of life have long depended on the efficient delivery of essential services -- energy, banking and finance, transportation, vital human services, and telecommunications. The rapid growth and integration of the telecommunications infrastructure has made all of these sectors interdependent, and in the process, created unprecedented risks of cyber-attacks.

Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private. Most critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failures, human error, weather and other natural causes, and physical and cyber attacks. Addressing these vulnerabilities will necessarily require flexible, evolutionary approaches that span both the public and private sectors, and protect both domestic and international security.

On February 27, 1998, US Attorney General Janet Reno addressed the Conference on Critical Infrastructure Protection, held at Lawrence Livermore Laboratories, in Livermore, California, to announce the formation of the National Infrastructure Protection Center (NIPC) at FBI Headquarters in Washington, D.C. The Center is a joint government and private sector partnership, including representatives from the relevant agencies of federal, state, and local governments, and the private sector, to address the daunting challenge of protecting the critical infrastructures on which the nation depends. The NIPC is designated as the national focal point for threat assessment, warning, investigation, and response to attacks on the critical infrastructures.

Economies are increasingly reliant upon interdependent and cyber-supported infrastructures. Non-traditional attacks on infrastructure and information systems may be capable of significantly harming both military and economic infrastructure.