Welcome to CI Scoop post number two. Last week, I wrote about critical infrastructure’s most basic foundations, what the term means and the National Infrastructure Protection Plan (NIPP). I’ll dive more deeply into these topics in future posts, but for today, I want to focus on a natural first question, “From where did critical infrastructure come?”
The definition of critical infrastructure has changed over time. The first formal federal definition of “critical infrastructure” was developed in 1996 when President Clinton signed Executive Order 13010. EO 13010 established a national commission on critical infrastructure. The goal of the commission was to assess the scope and nature of the vulnerabilities of, and threats to, critical infrastructures and recommend a comprehensive national policy and implementation strategy for protecting critical infrastructures from physical and cyber threats and assuring their continued operation. EO 13010 also created eight critical infrastructure “sectors.” I will discuss sectors more thoroughly in a future post, but in short, sectors are how the Department of Homeland Security (DHS) and the NIPP organize the nation’s critical infrastructure. Sectors are sections of critical infrastructure that contain entities that are similar in form and function. For example, all dams are in one sector and all emergency services are in another sector.
Two years later, in 1998, President Clinton signed Presidential Decision Directive 63 (PDD-63). PDD-63’s goal was to develop a capacity to protect the nation’s “critical infrastructure.” In addition, PDD-63 added “cyber” to the definition of critical infrastructure, formally acknowledging the role that cyber assets play in our nation’s infrastructure. Importantly, PDD-63 also designated federal agencies to lead the government’s security for specific sectors, this was the foundational concept from which Sector Specific Agencies (SSAs) stem.
Critical infrastructure was then re-defined in the Patriot Act of 2001. For reference, while this is the definition found in my first blog post, subsequent orders add important context to its exact meaning. For example, in an attempt to acknowledge that our nation’s infrastructure has many different types of components, the Homeland Security Act of 2002 added the concept of “key resources” to the critical infrastructure definition. Today, the term “critical infrastructure” is defined by both the Patriot Act and HSPD-7 as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
The number of sectors has changed over time, too. In 1996 there were only eight sectors, but in 1998 PDD-63 identified 15. Then in 2001, Executive Order 13228 reduced the number to nine. Today there are 16 sectors, and one previous sector, such as Monuments and Icons, is now a subsector of another sector. The main take-away is that DHS can change sectors, including the number of sectors and the sector to which a piece of infrastructure is assigned, but DHS has never removed the “critical infrastructure” designation once assigned.
The same pattern exists with sector specific agency assignments. These change over time. In 1998, PDD-63 assigned the 15 sectors to varying agencies and departments. By 2001, however, all nine sectors had been reassigned to the newly established Office of Homeland Security. Then in December 2003, HSPD-7 was issued by U.S. President George W. Bush to update policies intended to protect the country from terrorist attacks. This directive superseded the earlier PDD-63 (Presidential Decision Directive No. 63), which was issued by President Clinton in May of 1998. HSPD-7 assigned seven of the 13 sectors to agencies other than DHS. For example, DHS now collaborates with two other agencies to oversee the Nuclear sector. Keeping track of all of these moving pieces can be an intensive effort. For reference, we will soon release a “starting point” foundational document that will include a list of all of the current sectors and their SSAs.
Now that you have a better understanding of the history behind critical infrastructure, stay tuned for my next CI Scoop next post that will discuss sectors, SSAs, and how sectors and SSAs interact. Also, if you have topics you’d like me to explore, please feel free to pass those along for consideration.