Critical Infrastructures: Background, Policy, and Implementation

The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures. Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to cyber attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events i.e. computer hackers. PDD-63 was a Clinton Administration policy document. Following the events of September 11, the Bush Administration released two relevant Executive Orders EOs. EO 13228, signed October 8, 2001 established the Office of Homeland Security. Among its duties, the Office shall coordinate efforts to protect the United States and its critical infrastructure from the consequences of terrorist attacks. EO 13231 Critical Infrastructure Protection in the Information Age, signed October 16, stated the Bush Administrations policy and objectives for protecting the nations information infrastructure. These are similar to those stated in PDD-63 and assumes continuation of many PDD-63 activities. E.O. 13231, however, focuses entirely on information systems.