U.S. critical infrastructure protection

This was updated on December 17, 2003, by President George W. Bush through Homeland Security Presidential Directive HSPD-7 for Critical Infrastructure Identification, Prioritization, and Protection.

The federal government has developed a standardized description of critical infrastructure, in order to facilitate monitoring and preparation for disabling events.

One such example occurred in September 1995 where a Russian national allegedly masterminded the break-in of Citicorp's electronic funds transfer system and was ordered to stand trial in the United States.

[9] As an example, capabilities within the information and communication sector have enabled the United States to reshape its government and business processes, while becoming increasingly software driven.

Traditional and non-traditional threats include equipment failures, human error, weather and natural causes, physical attacks, and cyber-attacks.

An increased risk of the collapse of these critical infrastructure points can lead to, and in most cases have led to, drastic decreases in access to water, food, medical attention, and electricity.

They focus on improving the capability to detect and warn of impending attacks on, and system failures within, the critical elements of the national infrastructure.

[16] The Atlanta Public Safety Training Center, also known as, “Cop City” is one of the many examples of critical infrastructure created to try and serve the purpose of protecting the civilian populations.

This form of critical infrastructure is one that works indirectly as the project aims to train current and incoming police officers and combat units.

[18][19] As much as protestors are speaking up and out about the environmental destruction and negative effects of infrastructure, there are many laws and policies going into place that make it harder to exercise one’s free speech.

As a result, multiple states have deployed “Anti-Protest” laws to prevent the disruption of pipeline construction and any development of projects considered to be critical infrastructure and necessary for the advancement of the country.

The latest version of the plan was produced in 2013 [27] The NIPP's goals are to protect critical infrastructure and key resources and ensure resiliency.

The NIPP is based on the model laid out in the 1998 Presidential Decision Directive-63, which identified critical sectors of the economy and tasked relevant government agencies to work with them on sharing information and on strengthening responses to attack.

Commentators note that these initiatives started directly after the collapse of the Cold War, raising the concern that this was simply a diversion of the military-industrial complex away from a funding area which was shrinking and into a richer previously civilian arena.

The Urban Areas Security Initiative grant program has been particularly controversial, with the 2006 infrastructure list covering 77,000 assets, including a popcorn factory and a hot dog stand.

[31] While well-intentioned, some of the results have also been questioned regarding claims of poorly designed and intrusive security theater that distracts attention and money from more pressing issues or creates damaging side effects.

In order to better understand this, and ultimately direct effort more productively, a Risk Management and Analysis Office was recently created in the National Protection and Programs directorate at the Department of Homeland Security.

DoD was also responsible for identifying and monitoring the national and international infrastructure requirements of industry and other government agencies, all of which needed to be included in the protection planning.

Other DoD responsibilities for CIP included assessing the potential impact on military operations that would result from the loss or compromise of infrastructure service.

There were also requirements for monitoring DoD operations, detecting and responding to infrastructure incidents, and providing department indications and warnings as part of the national process.

In response to the requirements identified in PDD-63, DoD categorized its own critical assets by sector, in a manner similar to the national CIP organization.

A synopsis of the six phases are: Effective management of the CIP life cycle ensures that protection activities can be coordinated and reconciled among all DoD sectors.

Phase 1 determines what assets are important, and identifies their vulnerabilities, and dependencies so that decision makers have the information they need to make effective risk management choices.

These actions are designed to minimize the operational impact of the loss of a critical asset, facilitate incident response, and quickly restore the infrastructure service.

During the Mitigation phase, DoD critical asset owners, DoD installations, and Sector Chief Infrastructure Assurance Officers, or CIAOs, work with the National Military Command Center (NMCC) and the Joint Task Force-Computer Network Operations (JTF-CNO) to develop, train for, and exercise mitigation responses for various scenarios.

When there is a warning, emergency, or infrastructure incident, the critical asset owners, installations, and Sector CIAOs initiate mitigation actions to sustain service to the DoD.

When event threats or consequences continue to escalate, the NMCC directs mitigation actions by sector to ensure a coordinated response across the DoD.

For example, during the 9/11 attacks on the World Trade Center and Pentagon, all non-military airplanes were grounded over the United States to prevent further incidents.

JTF-CNO also requests and coordinates any support or assistance from other Federal agencies and civilian organizations during incidents affecting a DoD network.

This includes notifying affected Sector Chief Infrastructure Assurance Officers, or CIAOs, in the initial notice and status reporting.