CRS – Cybersecurity: Critical Infrastructure Authoritative Reports and Resources, Rita Tehan, Information Research Specialist, April 21, 2017.
“Cybersecurity: Critical Infrastructure Authoritative Reports and Resources Congressional Research Service Summary Critical infrastructure is defined in the USA PATRIOT Act (P.L. 107-56, §1016(e)) as“ systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.” Presidential Decision Directive 63, or PDD-63,identified activities whose critical infrastructures should be protected: information and communications; banking and finance; water supply; aviation, highways, mass transit, pipelines, rail, and waterborne commerce; emergency and law enforcement services; emergency, fire, and continuity of government services; public health services; electric power, oil and gas production;and storage. In addition, the PDD identified four activities in which the federal government controls the critical infrastructure: (1) internal security and federal law enforcement; (2) foreign intelligence; (3) foreign affairs; and (4) national defense.In February 2013, the Obama Administration issued PPD-21, Critical Infrastructure Security and Resilience, which superseded HSPD-7 issued during the George W.Bush Administration.PPD-21 made no major changes in policy, roles and responsibilities, or programs, but did order an evaluation of the existing public-private partnership model, the identification of baseline data and system requirements for efficient information exchange, and the development of a situational awareness capability. PPD-21 also called for an update of the National Infrastructure Protection Plan, and a new Research and Development Plan for Critical Infrastructure,to be updated every four years.This report serves as a starting point for congressional staff assigned to cover cybersecurity issues as they relate to critical infrastructure. Much is written about protecting U.S. critical infrastructure, and this CRS report directs the reader to authoritative sources that address many of the most prominent issues. The annotated descriptions of these sources are listed in reverse chronological order with an emphasis on material published in the past several years. The report includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources.”