Monday, March 10, 2014
Tweet[IWS] CRS: CRITICAL INFRASTRUCTURES: BACKGROUND, POLICY, AND IMPLEMENTATION [21 February 2014]
IWS Documented News Service
_______________________________
Institute for Workplace Studies----------------- Professor Samuel B. Bacharach
School of Industrial & Labor Relations-------- Director, Institute for Workplace Studies
Cornell University
16 East 34th Street, 4th floor---------------------- Stuart Basefsky
New York, NY 10016 -------------------------------Director, IWS News Bureau
________________________________________________________________________
Congressional Research Service (CRS)
Critical Infrastructures: Background, Policy, and Implementation
John D. Moteff, Specialist in Science and Technology Policy
February 21, 2014
http://www.fas.org/sgp/crs/homesec/RL30153.pdf
[full-text, 39 pages]
Summary
The nation’s health, wealth, and security rely on the production and distribution of certain goods
and services. The array of physical assets, functions, and systems across which these goods and
services move are called critical infrastructures (e.g., electricity, the power plants that generate it,
and the electric grid upon which it is distributed).
The national security community has been concerned for some time about the vulnerability of
critical infrastructure to both physical and cyberattack. In May 1998, President Clinton released
Presidential Decision Directive No. 63. The Directive set up groups within the federal
government to develop and implement plans that would protect government-operated
infrastructures and called for a dialogue between government and the private sector to develop a
National Infrastructure Assurance Plan that would protect all of the nation’s critical
infrastructures by the year 2003. While the Directive called for both physical and cyber protection
from both man-made and natural events, implementation focused on cyber protection against
man-made cyber events (i.e., computer hackers). Following the destruction and disruptions
caused by the September 11 terrorist attacks in 2001, the nation directed increased attention
toward physical protection of critical infrastructures. Over the intervening years, policy,
programs, and legislation related to physical security of critical infrastructure have stabilized to a
large extent. However, current legislative activity has refocused on cybersecurity of critical
infrastructure.
This report discusses in more detail the evolution of a national critical infrastructure policy and
the institutional structures established to implement it. The report highlights two primary issues
confronting Congress going forward, both in the context of cybersecurity: information sharing
and regulation.
Contents
Introduction ...................................................................................................................................... 1
Federal Critical Infrastructure Protection Policy: In Brief............................................................... 2
The President’s Commission on Critical Infrastructure Protection ................................................. 3
Presidential Decision Directive No. 63 ............................................................................................ 4
Restructuring by the Bush Administration ....................................................................................... 7
Pre-September 11 ...................................................................................................................... 7
Post-September 11 ..................................................................................................................... 8
The Obama Administration ............................................................................................................ 12
Department of Homeland Security ................................................................................................ 14
Initial Establishment ................................................................................................................ 14
Second Stage Review Reorganization ..................................................................................... 16
Post-Katrina Emergency Management Reform Act of 2006 ................................................... 16
Policy Implementation ................................................................................................................... 17
Government-Sector Coordination............................................................................................ 17
Appointment of the National Infrastructure Advisory Council ............................................... 20
Internal Agency Plans .............................................................................................................. 20
National Critical Infrastructure Plan ........................................................................................ 22
Information Sharing and Analysis Center (ISAC) ................................................................... 24
Identifying Critical Assets, Assessing Vulnerability and Risk, and Prioritizing Protective Measures ......................... 26
Cybersecurity Framework ....................................................................................................... 28
Issues and Discussion .................................................................................................................... 28
Information Sharing ................................................................................................................. 28
Regulation................................................................................................................................ 30
Tables
Table 1. Lead Agencies per PDD-63................................................................................................ 4
Table 2. Current Lead Agency Assignments .................................................................................. 18
Table 3. NIPP 2013: Guiding Tenets and Call to Action ............................................................... 25
Table A-1. Funding for the Infrastructure Protection and Information Security Program ............. 34
Appendixes
Appendix. Funding for Critical Infrastructure ............................................................................... 32
Contacts
Author Contact Information........................................................................................................... 36
________________________________________________________________________
This information is provided to subscribers, friends, faculty, students and alumni of the School of Industrial & Labor Relations (ILR). It is a service of the Institute for Workplace Studies (IWS) in New York City. Stuart Basefsky is responsible for the selection of the contents which is intended to keep researchers, companies, workers, and governments aware of the latest information related to ILR disciplines as it becomes available for the purposes of research, understanding and debate. The content does not reflect the opinions or positions of Cornell University, the School of Industrial & Labor Relations, or that of Mr. Basefsky and should not be construed as such. The service is unique in that it provides the original source documentation, via links, behind the news and research of the day. Use of the information provided is unrestricted. However, it is requested that users acknowledge that the information was found via the IWS Documented News Service.