TRENDING:

The Public Eye with Eric Chabrow

Defining Critical Infrastructure

It Can Consist of Data, Voice, Video but Must Be Vital Eric Chabrow (GovInfoSecurity) • December 5, 2011    

How should critical information infrastructure be defined?

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

The term is used all of the time, and we know that about 85 percent of the nation's critical information infrastructure is owned by the private sector.

Draft legislation circulating on Capitol Hill tales a stab at defining the term (see Draft Bill Eyes Strong DHS Role in Cybersecurity). A critical infrastructure information system, the draft says, means "any physical or virtual information system, no matter where such system exists, that controls, processes, transmits, receives or stores electronic information in any form, including data, voice or video, that is vital to the functioning of critical infrastructure or owned or operated by or on behalf of a state or local government."

Critical infrastructure (and the IT that helps support it) controls the likes of the nation's electricity, natural gas and oil generation and distribution, food production and allocation, public health, water supply, telecommunications and transportation.

The draft legislation also characterizes critical infrastructure as meaning any facility or function that, by the way of cyber vulnerability, destruction, disruption or unauthorized access would result in one or more of the following:

  • Loss of thousand of lives.
  • Major economic disruption, including the immediate failure of, or loss of confidence in, a major financial market; sustained disruption of financial systems that would lead to long-term catastrophic economic damage to the United States.
  • Mass evacuations of a major population center for longer than 30 days.
  • Severe degradation of national security or national security capabilities, including intelligence and defense functions, but excluding military facilities.

You probably knew all of this. But understanding the definition is merely the beginning.

Congress could take action soon to grant the federal government specific responsibilities to safeguard the mostly privately owned critical infrastructure, tasks that some believe is beyond its legal right. Getting involved to help determine the role government should have over the critical infrastructure, one way or another, is something that shouldn't be left solely to lawmakers.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.