Skip to content

The Definition of “Critical Infrastructure”

2016 October 12
by Jason Nairn, CPP, CISSP

The term “critical infrastructure”, like “homeland security”, is broad and ambiguous.  A deconstruction of phrase is not particularly helpful, as it generates more questions like “what is meant by ‘critical'” and ‘what qualifies as ‘infrastructure'”?  The USA PATRIOT Act defines “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters” (USA Patriot Act of 2001 (42 U.S.C. §5195c(e)).  This consequence-based definition is referenced in National Infrastructure Protection Plan as well.  This definition, while helpful, does little to demystify critical infrastructure as a concept.

In 2003, a large scale blackout was experienced by much of the Northeastern United States.  Obviously, the electrical system is critical infrastructure according to the definition provided above.  But given the reported cause of the Blackout, software, human factors and system deficiencies, these systems may also meet the definition of critical infrastructure.  Their failure certainly had a debilitating impact on security, economy, public health and safety.  So where does the critical infrastructure begin?  Since much of our infrastructure is systems within systems, which parts are critical?  The definition provides little granularity for those that care about the protection of critical systems.

At the core, the USA PATRIOT Act definition is inadequate to describe the role of critical infrastructure in society, which is a better way of thinking about critical infrastructure and key resources.  At the most basic level, the definition of critical infrastructure is systems that we build to reduce our dependence on, and the effects of, the natural world.  The best definition of critical infrastructure is to describe what the phrase means, and what the characteristics of CRITICAL Infrastructure are.  These characteristics include the fact that most critical infrastructure are themselves systems or networks, or are critical components of systems or networks.  These are interdependent with other infrastructure and their criticality is self-organized.  Critical infrastructure is often reliant on other infrastructure and therefore it tends to organize itself into scale-free networks with critical nodes and links to other infrastructure.

I propose the following foundational definition of critical infrastructure:

Critical infrastructure are interdependent, organized systems that are essential for supporting and sustaining communities and their separation from the natural world.

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS

Anti-Bot Tool *