From the Editor
The Journal of Critical Infrastructure Policy Editorial Board welcomes submissions throughout the year for upcoming editions. The Board believes that protecting and building critical infrastructure resilience must remain a first order national priority. It is also necessary to increase community resilience to large-scale infrastructure failures. While the pathways are different, in both instances, the National Academies’ resilience definition applies: “the ability to prepare and plan for, absorb, recover from, and more successfully adapt to adverse events.” Achieving these complex missions will require reinvigorated policy development, planning and investment in the years to come.
Critical infrastructure (CI) refers to the national sectors identified in US Presidential Policy Directive 21 (Feb, 2013) and cross-sector CI functions defined by the US Department of Homeland Security (Apr, 2019). They include: Energy and Power, Information and Cyber-Technology, Transportation Systems, Communications, Healthcare and Public Health, Financial Services, Critical Manufacturing, Emergency Services, Food and Agriculture, Water and Wastewater Systems, Nuclear Reactors, Chemical Facilities, Dams, Government Facilities, the Defense Industrial Base and Commercial Facilities. Each sector is considered so vital that its incapacitation would have a debilitating effect on the country’s security, economic viability, public health and safety or other devastating outcomes.
Only fourteen million people and few systems were connected to the internet in 1993. During the intervening years, web-based and digital systems have proliferated to the point where they are now the primary drivers of CI operation. Breakdowns in relatively isolated infrastructure systems have demonstrated that even small disruptions can have major consequences. CI is comprised of systems and systems of systems that are highly complex, interconnected and sometimes unplanned - and they are evolving at exponential rates. Impairment in one sector can cascade into multiple sector shutdowns leading to serious societal consequences. Each sector encompasses an array of physical assets and organizations as well as important cyberspace components. These factors can present unforeseen built-in vulnerabilities, and accidents are likely to be experienced as systems become more complex, opaque and interactive.
The premises underlying America’s national security have also profoundly changed since September 11, 2001. Substantial advances to protect the Nation have been made by the Department of Homeland Security and the US Intelligence Community. Among existing and emergent threats, none are more challenging than changes in the security environment for CI. Many threats are attributable to the widespread proliferation of disruptive technologies. The US Government Accountability Office (Jul 2018) has enumerated a growing number of cyberattacks aimed at exploiting or incapacitating pivotal infrastructure systems. They involve daily incursion attempts by both state- and non-state actors. CI is also vulnerable to physical attack by adversaries, including the asymmetric warfare planning of many nations and sophisticated terrorist and criminal organizations. The most serious consequences are likely to follow an electromagnetic pulse (EMP) caused by high altitude detonation of a small nuclear device lofted by a missile, balloon or other means above the continental US.
CI is also vulnerable to the cascading effects of extreme weather, other climate change impacts and natural hazards. This is attributable to the fact that infrastructure systems connect with other systems, e.g. electric power or communications. For example, many local water systems rely on overhead tanks filled with electric pumps. Should a massive hurricane cause regional power and fuel shortages, water supply may be sharply curtailed. Lack of water causes the degradation of hospital functions more rapidly than any other infrastructure sector, with 67-99 percent impairment after 2 hours (National Infrastructure Advisory Council, 2016). There is growing recognition that space weather, particularly a solar coronal mass ejection (CME) hitting Earth, poses a significant threat to the electronic components of CI systems.
From a policy research perspective, CI policy has been relatively “under studied.” Depending on how it is defined, US critical infrastructure policy incorporates almost 25 years of federal, state and local policy-making, tracing back to the 106th Congress. It is bracketed by a Clinton Executive Order establishing a President’s Commission on Critical Infrastructure Protection (Jul, 1996) and a Trump Executive Order on Coordinating National Resilience to Electromagnetic Pulses (Mar, 2019). This concentrated period of policy-development is predated by years of broader disaster-related and national security policy.
Despite its relatively recent vintage, the critical infrastructure policy arena is exceedingly complex. CI policy needs to be predicated on systems-level technical judgements regarding risk, vulnerabilities, response options and strategies. Many critical assets are controlled by private entities, with a range of ownership and operating models. The ability to formulate cohesive policy is influenced by local and state responsibilities and jurisdictional prerogatives, technological change, the legal and regulatory provisions for individual sectors, market forces and mechanisms, a diverse stakeholder mix at each governmental level and the manner in which critical infrastructure resiliency interacts with other homeland security and disaster recovery priorities at the local and state levels.
Ideally, the best position for a contemporary nation to be in would be to have maximally secure, protected and resilient infrastructure as well as a population that is fully prepared to endure in the event of large-scale infrastructure collapse; what some refer to as a “culture of resilience.” In present circumstances, it is essential that incisive thinking and concerted action occur on both fronts.
It is clear that opportunities for significant inroads exist in maximizing the resilience of critical infrastructure at the federal, state and local levels. In addition to upgrading the security of these infrastructures, substantial inroads are possible in coupling resilience goals with economic development, business efficiency and international competitiveness.
JCIP will be an objective source of information and analysis on the critical infrastructure policy arena as well as policy impacting community resilience during infrastructure lapses. On behalf of all of those involved with the Journal, we look forward to publishing the insights of scholars, professionals, practitioners and other contributors who wish to participate in this endeavor.
Richard M. Krieg, PhD
Texas State University