The Public Eye with Eric Chabrow

Defining Critical Infrastructure

It Can Consist of Data, Voice, Video but Must Be Vital

How should critical information infrastructure be defined?

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

The term is used all of the time, and we know that about 85 percent of the nation's critical information infrastructure is owned by the private sector.

Helping determine the role government should have over the critical infrastructure is something that shouldn't be left solely to lawmakers. 

Draft legislation circulating on Capitol Hill tales a stab at defining the term (see Draft Bill Eyes Strong DHS Role in Cybersecurity). A critical infrastructure information system, the draft says, means "any physical or virtual information system, no matter where such system exists, that controls, processes, transmits, receives or stores electronic information in any form, including data, voice or video, that is vital to the functioning of critical infrastructure or owned or operated by or on behalf of a state or local government."

Critical infrastructure (and the IT that helps support it) controls the likes of the nation's electricity, natural gas and oil generation and distribution, food production and allocation, public health, water supply, telecommunications and transportation.

The draft legislation also characterizes critical infrastructure as meaning any facility or function that, by the way of cyber vulnerability, destruction, disruption or unauthorized access would result in one or more of the following:

  • Loss of thousand of lives.
  • Major economic disruption, including the immediate failure of, or loss of confidence in, a major financial market; sustained disruption of financial systems that would lead to long-term catastrophic economic damage to the United States.
  • Mass evacuations of a major population center for longer than 30 days.
  • Severe degradation of national security or national security capabilities, including intelligence and defense functions, but excluding military facilities.

You probably knew all of this. But understanding the definition is merely the beginning.

Congress could take action soon to grant the federal government specific responsibilities to safeguard the mostly privately owned critical infrastructure, tasks that some believe is beyond its legal right. Getting involved to help determine the role government should have over the critical infrastructure, one way or another, is something that shouldn't be left solely to lawmakers.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.