Critical Infrastructures: Background, Policy, and Implementation

The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed. The national security community has been concerned for sometime about the vulnerability of critical infrastructure to both physical and cyber attack. In May 1998, President Clinton released Presidential Decision Directive No. 63. While the Directive called for both physical and cyber protection from both manmade and natural events, implementation focused on cyber protection against manmade cyber events i.e. computer hackers. However, given the physical damage caused by the September 11 attacks, physical protections of critical infrastructures has received increased attention. Following the events of September 11, the Bush Administration released Executive Order 13228, signed October 8, 2001, establishing the Office of Homeland Security. In November 2002, Congress passed legislation creating a Department of Homeland Security. Among its responsibilities is overall coordination of critical infrastructure protection activities. In December 2003, the Bush Administration released Homeland Security Presidential Directive 7, reiterating and expanding upon infrastructure protection policy and responsibilities. In June 2006, the Bush Administration released its National Infrastructure Protection Plan. This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights five issues of Congressional concern identifying critical assets assessing vulnerabilities and risks allocating resources information sharing and, regulation.