Critical Infrastructure and a Cyberattack Presidential Decision Directive 21 (PDD-21) identifies 16 critical infrastructures. PDD-21 lays out the national policy to maintain secure, functioning and resilient critical infrastructure. Select a critical infrastructure sector from the list below and discuss the impact that a cyberattack could have on that system or service: Communication Sector (voice communications, digital communications, or navigation) Energy Sector (electric power grid) Water and Wastewater Systems Sector (water supply or sewage) Healthcare and Public Health Sector (hospitals) Transportation Systems Sector (rail or air) Financial Services Sector (banking ) It is the third and fourth order effects from the cyberattack on the chosen critical infrastructure that shows the far reaching and devastating effect of a cyberattack. To demonstrate the interconnectedness of critical infrastructure, explain the cascading effects on other critical infrastructure. Then, discuss the measures DHS has taken to ensure resiliency of the selected infrastructure and the measures that need to be implemented in the future. The Critical Infrastructure and a Cyberattack assignment Must be three to four pages in length (excluding the title and reference pages) and formatted according to APA style as outlined in the Ashford Writing Center. Must include an introductory paragraph with a succinct thesis statement. The thesis must be in both the introduction and the conclusion. Must use at least three scholarly sources or official government sources in addition to the course text. *Must thoroughly explains the cascading effects on other critical infrastructure. *Must thoroughly discusses the measures DHS has taken to ensure resiliency of the selected infrastructure and the measures that need to be implemented in the future. *This assignment must display meticulous comprehension and organization of syntax and mechanics, such as spelling and grammar. Written work contains no errors and is very easy to understand. *The use of transition words is a must. Reference: Text Kamien, D. (Ed.). (2012). The McGraw-Hill homeland security handbook: Strategic guidance for a coordinated approach to effective security and emergency management (2nd ed.). New York, NY: McGraw-Hill. Chapter 2: The Terrorist Threat to Surface Transportation: The Challenge of Securing Public Places Chapter 15: The Necessity of Interagency Collaboration Chapter 20: Critical Infrastructure and Interdependency Revisited Chapter 31: Role of Corporate Security Chapter 32: Corporate Emergency Management Chapter 34: Building a Resilient Nation Article U.S. Department of Homeland Security. (2014). Fiscal years 2014-2018 strategic plan. Retrieved from http://www.dhs.gov/sites/default/files/publications/FY14-18%20Strategic%20Plan.PDF Mission 4: Safeguard and Secure Cyberspace This resource provides current information on the Department of Homeland Security Mission 4: Safeguard and Secure Cyberspace. Web Pages U.S. Department of Homeland Security. (2015, October 27). Critical infrastructure sectors. Retrieved from http://www.dhs.gov/critical-infrastructure-sectors This website is the official website for the Department of Homeland Security and addresses the specific mission to enforce and administer our immigration laws. You will need to review this website prior to completing Discussion 1. Accessibility Statement Privacy Policy U.S. Department of Homeland Security. (2015, January 8). Safeguard and secure cyberspace. Retrieved from http://www.dhs.gov/safeguard-and-secure-cyberspace This website is the official website for the Department of Homeland Security and addresses the specific mission to safeguard and secure cyberspace. You will need to review this website prior to completing Discussion 1. Recommended Resources Text Kamien, D. (Ed.). (2012). The McGraw-Hill homeland security handbook: Strategic guidance for a coordinated approach to effective security and emergency management (2nd ed.). New York, NY: McGraw-Hill. Chapter 21: Homeland Security for Drinking Water and Wastewater Utilities Chapter 22: Civil Aviation Security: On the Ground and In the Air Chapter 35: The Community Resilience System: Operationalizing a Whole Community Approach Chapter 36: Collaboration Not Isolation: A Joint Approach to Business Continuity and Resilience Article North American Electric Reliability Council. (2004, July 13). Technical analysis of the August 14, 2003 blackout: What happened, why, and what did we learn? Retrieved from http://www.nerc.com/docs/docs/blackout/NERC_Final_Blackout_Report_07_13_04.pdf This article provides an example of the vulnerability of one critical infrastructure sector and will help with the successful completion of the Critical Infrastructure and a Cyberattack assignment. Chapter Books for this AssignmentCHAPTER 21 461 HOMELAND SECURITY FOR DRINKING WATER AND WASTEWATER UTILITIES Stanley States, Ph.D. Director of Water Quality and ProductionPittsburgh Water and Sewer Authority Water utilities, both drinking water and wastewater, provide essential services to the public on a 24/7/365 basis. They are designed with a great deal of redundancy to help ensure uninterrupted service. Despite these efforts, utilities are potentially subject to interruptions resulting from a variety of emergencies. Natural disasters (e.g., hurricanes, blizzards, earthquakes, tornadoes, flooding) and major accidents (fires, explosions, electrical power grid failures, equipment failures, accidental contamination) have impacted utilities for years. While water systems have always been susceptible to emergencies caused by human activities, ranging from simple vandalism to thefts and incidents perpetrated by disgruntled insiders (e.g., employees, contractors), the attacks of September 11, 2001, increased awareness of the possibility of a public utility being targeted by terrorists. As with most industries, drinking water and wastewater companies typically have limited money, staff, and time to prepare for emergencies. Utilities also have a number of other requirements that compete for limited resources. These include dealing with aging infrastructure and responding to ever more stringent federal, state, and local regulations intended to protect the health and safety of the communities served. For drinking water systems the overarching regulation is the federal Safe Drinking Water Act and its continually evolving amendments governing the chemical, microbiological, and radiological quality of drinking water. For wastewater systems the primary regulation is the federal Water Pollution Control Act (Clean Water Act), which limits the public health and environmental impacts of the treated liquid effluent ultimately discharged to receiving streams and the waste biosolids disposed of in landfills. Drinking water and wastewater utilities must also respond to newly discovered public health and environmental contaminants such as the trace concentrations of pharmaceuticals, personal care products, and endocrine disruptors that have been detected in wastewater plant effluents, surface and ground waters, and even drinking water supplies in recent years. Security and emergency preparedness needs are just one of a number of concerns for the water industry. 462 Prior to the attacks of September 11, 2011, most emergency planning at utilities focused on accidents, equipment failures, and the specific natural disasters that are most likely to occur in a given water systems location. In the several year period immediately following 9/11, the emphasis on emergency planning for utilities shifted to incidents initiated by humans. In fact, the federal Bioterrorism Act of 2002 mandated that all U.S. drinking water utilities serving more than 3,300 persons conduct a formal vulnerability assessment to identify intentional acts to which a specific water system might be vulnerable. This regulation also required drinking water utilities to update their emergency response plans to include man-made events identified in the vulnerability assessment. The major hurricanes of 2005 (Katrina and Rita) redirected attention to vulnerabilities associated with natural disasters and refocused water utility emergency preparedness efforts to an all hazards approach. Several factors contribute to the difficulty experienced by water utilities in devoting money, staff, and time to security and emergency preparedness. First of all, there are relatively few regulations actually mandating that utilities devote significant resources to this area. In most states, the primary regulatory agency responsible for overseeing the activities of drinking water and wastewater utilities is usually the state department of environmental protection, environmental resources, or public health. These agencies typically require utilities to develop and maintain emergency response plans (ERPs) and associated operations and maintenance plans (O&M plans). As mentioned, the federal government, under the Bioterrorism Act of 2002, required drinking water systems (but not wastewater systems) to conduct formal vulnerability assessments and then to develop ERPs to include man-made events. Other than these requirements, there are few regulations across the United States requiring specific actions by utilities in the areas of security and emergency planning.CHAPTER 22 489 CIVIL AVIATION SECURITY: ON THE GROUND AND IN THE AIR Rafi Ron CEO, New Age Security Solutions (NASS) Robert Faber Former Senior Oversight Counsel, House Transportation Committee THE PSYCHOLOGICAL BATTLE OF AVIATION SECURITY Terrorism can be thought of as the use of violence, or the threat of violence to exert influence over large segments of the civilian population to bring about change or create fear. Why do governments devote a disproportionate share of their resources to protect aviation as a potential target? With vulnerabilities in other transportation modes as well as stationary venues, what accounts for the persistent interest in airplanes and airports? The answer is likely found in the nature of the aviation experience itself and the value terrorists place on elevating their status in the eyes of their peers and rivals. Airplane travel by definition is the transportation mode of choice to meet the time-sensitive needs of an increasingly fast-paced, just-in-time culture. It therefore enjoys greater prestige as a mode of travel and delivery and consequently as a target. Passengers who travel by air, for both business and leisure, are more likely to be opinion leaders and frequently have higher incomes than the populace at largea status itself not lost on terrorist organizations. 490 To be sure, terrorists are also busy targeting trains (Madrid 2004), buses (London 2005), ships (Yemen 2000), and public gatherings (repeatedly). But destroying a plane is the gold standard by which terrorists are measured. This is in part because of the effort that has been undertaken to make air travel secure. Terrorists who can penetrate the aviation security system feel they have accomplished more than less secure targets. But perhaps more fundamentally, air travel adds extra emotional potential. It embodies an additional element of drama, so compelling in a media-driven culture. A certain percentage of passengers on all flights are afraid of flying in the first place; therefore, tensions begin at an elevated level. People are well aware they uniquely lack control of their environment on an airplane. Quite independent of terrorist intentions, air passengers depend on the expertise and judgment of hundreds of people to ensure a safe flight: pilots, mechanics, air traffic controllers, etc. Terrorists have the potential to enhance the drama and attract attention to their cause when they target aircraft. They can easily draw out a threat to aviation over a period of hours, preying on the inherent fear of an aviation passengers sense of vulnerability. If the terrorists choose, they have time to force travelers, media, governments, and the public to watch and agonize over the pending disaster. All of these factors feed the fundamental goals of the terrorists: to raise their status among their peers and rivals by grabbing the worlds attention and forcing decision makers to consider their policies and positions. In the terrorists world, enhancing the respect for their family, tribe, or organization is the highest aspiration in this life and many believe self-sacrifice will bring their ultimate reward in the hereafter. Such goals are more attractive than wealth or convenience or integrity. They have succeeded if others respect them. It makes no difference whether it is brought about by admiration or fear; either one enhances their status. Their only fear is failure and the resulting dishonor. PRE9/11 HISTORY Aviation hijackings began as early as the 1930s, remaining a rare occurrence through the 1950s. For the most part, they were not carried out by terrorists. They were the activities of criminals or people seeking political asylum. In the United States, little attention was given to the threat until the 1960s when an international trend of hijacking airplanes to Cuba developed, including a couple of flights from U.S. airspace. Few of these flights resulted in personal injuries.CHAPTER 35 825 THE COMMUNITY RESILIENCE SYSTEM: OPERATIONALIZING A WHOLE COMMUNITY APPROACH M. J. Plodinec Community and Regional Resilience Institute INTRODUCTION The Federal Emergency Management Agency (FEMA) has promulgated a new doctrineA Whole Community Approach to Emergency Managementto serve as a foundation for increasing individual preparedness and engaging with members of the community as vital partners in enhancing the resiliency and security of our Nation.1 When successfully implemented, such an approach has tremendous potential for leveraging resources and energy in the private and nonprofit sectors to enhance the resilience of communities. However, while emergency managers are being encouraged to use this new approach, there is little practical experience in this country to guide them. Further, a Whole Community approach calls on emergency managers to employ skills that may have been seldom needed in the past. Most importantly, they are required to establish relationships and forge partnerships with others in the communityto move from command-and-control to collaboration. Even if equipped with the proper skills, the emergency manager simply may not know who appropriate partners are. 826 In late 2011, the Community and Regional Resilience Institute (CARRI) initiated pilot testing of its Community Resilience System and process. This is one of the first (and certainly the most ambitious) effort to implement a Whole Community approach in the United States. This marks the culmination of a four-year-long effort involving over 200 community leaders; federal, state, local, and tribal representatives; researchers; and members of the financial and insurance communities. It is already offering some important lessons learned to emergency managers in terms of how to implement a Whole Community approach. In this chapter, we first describe what a Whole Community approach entails. We then introduce the Community Resilience System (CRS) and process. The CRS process has been based both on lessons learned from previous disasters (e.g., Hurricane Katrina) and on advice from community leaders. We describe in detail the first two steps, forming the leadership team and assessing the community. We then describe the initial pilot testing of the CRS. We close with some general guidance for emergency managers looking to implement a Whole Community approach in their own communities, including some observations based on initial pilot testing. WHOLE COMMUNITY APPROACHES Whole Community approaches to emergency management are already in use in the United Kingdom, the Netherlands, and elsewhere.2 The basic premise behind any Whole Community approach is relatively simple. If the whole community is going to be impacted by a disaster, then the whole community should be involved in planning to respond to and recover from disruptive events. As the United States has moved toward an all-hazards/maximum of maximums approach to emergency management planning, it has become increasingly clear that most local governments do not have the resources needed to both respond to and recover from disaster.3 By involving all sectors of the community in planning, all of the resources that would be used for response and recovery in the communitywhether belonging to the local government, nonprofit organizations, private business, or even individuals and neighborhoodscan be used more efficiently and effectively.CHAPTER 36 847 COLLABORATION NOT ISOLATION: A JOINT APPROACH TO BUSINESS CONTINUITY AND RESILIENCE Richard Stones CSyp FSyI High-profile terrorist events, dramatic disasters, and major industrial accidents all focus the mind into thinking that this is what all threats look like. The reality for the majority of businesses in the UK, however, is very different; it is the most mundane of events, the accidents that happened because somebody forgot to do what their procedure told them to do, or because they thought they could bypass a policy and do something another way, that presents a more realistic risk. The one thing you can be sure of when operating in this manner is that when it goes wrong, and it does, it costs money if youre lucky and life if youre not. The UK business population comprises 95 percent subject matter experts, a group for whom the luxury of the corporate security advisor, the dedicated risk manager, or the occupational health and safety manager are a mere aspiration. More often this is a function performed by some other member of the workforce, who probably pulls in this extra work at home as an addition to their day job. These are the people that owners trust and depend upon to protect their businesses, and it is down to the goodwill of the workers that this usually is the case. Is this good? Is it best practice and could it be done better? Yes and no. Yes, because these people are generally the more trusted members of your workforce; they care about the business and take pride in the importance of their additional role But no, because it is not necessarily a best practice, and it could be done betterbut for many businesses, it has to do. But also no, as in many cases, although well intentioned, these people are not adequately trained to the level necessary to protect the business; as people familiar with risk with recognise it is often the insignificant overlooked issues that result in the major incidents. 848 The irony in all of this is that in many cases these SMEs are sometimes called upon by your business to support that last-minute order that has just come in or they may be already supplying the most insignificant of components that serve to complete your businesses product. They are insignificant until they are not there. Then what? It is only when they are taken out by disaster, man-made or natural, that you, as bigger businesses, begin to consider the what-if factor, or as I like to call it the WIF (pronounced wiff): What if we had done this to prevent that? Events over the last decade have served to galvanise our thoughts to the real possibility, and consequence, of disaster, and yet we still see car production halted by one of the worlds largest car manufacturers as a result of their continuity strategy failing to consider the potential loss of a supplier, or in the UK, like all other countries, we regularly see businesses large and small being displaced and their function stopping as a result of flood, fire, chemical spillages, and other unforeseen disasters. The problem, however, is, as mentioned, that these people are at the end of, or form an integral part of, your supply chain. Have you considered this in your business continuity plans? Before you all rush off to check, let me save you a job. You havent, or at least not in the detail necessary to maintain your own organisations functionality and continuity. Why? Its simple really; the business continuity plan didnt require the people writing it to consider this possibility. Many will argue that Im wrong and that this is an integral part of the process of risk mitigation. So why, as the local copper, do I see displaced businesses struggle after an accidental fire, after a burglary, or the multitude of other incidents, not disasters, that disrupt normal working? Ten years ago as an Acting Inspector at a local police station in north Nottinghamshire I asked myself the very same question. My wife, a dentist, rang me to tell me that our dental practice in North Derbyshire had been broken into. Several hours later, after berating colleagues in the neighbouring police force, I sat at my desk and considered the approach that I had taken and then thought about my own force. Were we any better? Probably not. Could we be? Without doubt. Are we now? Yes. Why? Collaboration, not isolation. CHAPTER 2 21 THE TERRORIST THREAT TO SURFACE TRANSPORTATION: THE CHALLENGE OF SECURING PUBLIC PLACES Brian Michael Jenkins Director of the National Transportation Security Center at the Mineta Transportation Institute INTRODUCTION The discovery of notes in Osama bin Ladens compound indicating that the terrorist leader was contemplating attacking trains in the United States on the tenth anniversary of September 11 underscores the continuing terrorist threat to public surface transportation. Public surface transportationtrains and stations, buses and bus depots, even groups of people waiting at bus stopsoffers terrorists an attractive target: easy access and easy escape, concentrations of people in confined environments that enable an attack to achieve the high body counts terrorists seek, and confined environments that can enhance the effects of explosives and unconventional weapons. This poses enormous challenges for security. THE THREAT IS REAL The terrorist threat to public surface transportation is real. While terrorists remain obsessed with attacking commercial aviation, they regard surface transportation as a killing field. Between September 11, 2001 and December 31, 2011, terrorists carried out 75 attacks on airliners and airports worldwide, causing 157 deaths. During the same period, terrorists carried out nearly 1,804 attacks on surface transportation, most of them against bus and train targets, killing more than 3,900 people. (This does not include attacks in war zones like Afghanistan and Iraq.)1 22 While terrorists recently have attacked aviation targets less often, they have been attacking surface transportation more frequently. Between 1970 and 1979, terrorists carried out a total of 15 surface transportation attacks that caused fatalities. (Only incidents with fatalities are included to avoid apparent increases that are due solely to better reporting.) The number grew to 43 attacks with fatalities in the 1980s, 281 in the 1990s, and 465 in the decade between 2000 and 2009. Many of these attacks involved a few fatalities and did not make headline news, but 11 of them since 9/11 resulted in 50 or more deaths, and three of the attacks (including one carried out by a deranged arsonist) each killed nearly 200 people. The total number of fatalities in these 14 attacks is the approximate equivalent of the fatalities in seven major airline crashes. One can imagine the furor that would have resulted if seven commercial airliners had been brought down by terrorists after 9/11. The West is not immune. Most of the attacks have occurred in developing countries like India, but there have been attacks on trains and buses in France, Spain, the United Kingdom, Russia, and Japan. Further terrorist plots against surface transportation targets have been uncovered and foiled in the United Kingdom, Germany, Spain, Italy, and Australia. Attacks on surface transportation could also occur in the United States. Since 9/11, there have been seven reported terrorist plots involving attacks on trains in the United States. Authorities reportedly uncovered a plot in 2003 to release poison gas in New Yorks subways. In 2004, New York police infiltrated a plot by two men to bomb a mid-Manhattan subway station. In 2006, a terrorist plot was uncovered in Lebanon to blow up train tunnels under the Hudson River. Bryant Vinas, a homegrown recruit to al Qaeda, offered terrorists his assistance in attacking the Long Island Railroad where he once worked, and in 2009, authorities uncovered a mature plot to bomb New Yorks subways. Faisal Shazad, the Time Square bomber, initially planned to follow up that attack with a bombing at New Yorks Grand Central Station. In 2010, Farooque Ahmed was arrested in an FBI sting operation for planning to bomb Washingtons Metro stations.2CHAPTER 15 323 THE NECESSITY OF INTERAGENCY COLLABORATION Steven Pugh Captain, United States Air Force INTRODUCTION One of the principal, and most accelerated, changes in recent U.S. history is the nations reliance on information technology. Five decades ago, the impact of digital infrastructure on our way of life was essentially nonexistent. Today, the United States digital infrastructure has become a strategic national asset. Pundits have warned of adversarial hackers who could infiltrate and shutdown critical Industrial Control Systems (ICS) such as water treatment facilities, power grids, or even nuclear power stationstheir warnings are not without merit. A whole-of-government approach must be used to confront and thwart these new, advanced threats. The domain of cyberspace is unique for the Department of Homeland Security (DHS) because it is the only main mission area that is man-made. It is also the newest of the mission areas. Additionally, cyberspace enables or supports all other mission areas with which DHS has been charged. Another unique aspect is that cyberspace literally permeates all facets of the government, not just DHS. Because of this unique characteristic, the success of DHS is intimately tied with its ability and capacity to work effectively with other departments and agenciesknown as interagency collaboration. In addition to the broad nature of cyberspace, the scope of knowledge required to secure and defend cyberspace, and the scale of the Internet, make developing a solution challenging. Some of the problems within cyberspace are simply too broad for one department to take on singlehandedly. Fortunately, as Mr. Stanton from Johns- Hopkins University writes, Cyberspace lends itself to such collaboration between government and private actors (Stanton, 2008). To avert digital disaster, a comprehensive solution must be achieved. An attacker needs only one vulnerability to gain access to a digital network and wreck havoc. 324 In a fiscally constrained environment, the nation needs to leverage as much efficiency as possible. Thomas Stanton writes, Inter-agency collaboration, important before, has become essential for program managers. Agencies must begin to pool administrative resources to jointly enhance the quality of their programs (Stanton, 2011). The idea of interagency collaboration has a solid theoretical foundation, though its execution has a rather inconsistent record of accomplishment. The lessons of past failures can show us where an organizations inability to work outside itself has led to unimaginable consequences, and yet we can easily point to overwhelming success when agencies have utilized their individual strengths by working together. We can learn from these case studies and use them as models as we move forward as a successful nation. Knowledge sharing should be among the top priorities for the government when it comes to securing our digital infrastructure. Many of our adversaries use the same tools, tactics, and techniques to silently move through our networks; agencies need to share this data so we can present a solid, unified front in the face of cyberspace adversaries. Additionally, protecting our digital infrastructure plays into the larger strategy of cyberspace deterrence. The Department of Defense publicly declared, Defending the homeland is an important part of deterrence (Department of Defense, 2011). We can effectively deny, disrupt, and minimize adversarial activity by securing our critical assets. These behaviors present a solid foundation that our government leaders rely on when discussing response actions towards an adversary for cyberspace aggression. The US commercial sector needs guidance on proper cyber-hygiene. Large companies can often afford to hire cyberspace security experts, but small businesses may not. Wars now target the will of a population in addition to military forces, and altering a persons livelihood is a quick way to erode support of military action.CHAPTER 20 437 CRITICAL INFRASTRUCTURE AND INTERDEPENDENCY REVISITED Rae Zimmerman Professor of Planning and Public Administration Director, Institute for Civil Infrastructure Systems (ICIS) Wagner Graduate School of Public Service, New York University Note: This work was originally supported by several grants, including the National Science Foundation (NSF) Cooperative Agreement No. CMS9728805 for the Institute for Civil Infrastructure Systems (ICIS) at New York University (in partnership with Cornell University, Polytechnic University of New York, and the University of Southern California); Urban Infrastructure in a Time of Crisis (grant number 0204660) and Bringing Information Technology to Infrastructure (grant number 0091482); and a grant from the U.S. Department of Homeland Security (DHS) through a subaward from the University of Southern California for the first Homeland Security Center of Excellence. The authors opinions, findings, and conclusions or recommendations are not necessarily those of NSF or DHS. CRITICAL INFRASTRUCTURE AND ITS SECURITY Infrastructure supports the economy, public health and welfare, and security in ways that are often difficult to ascertain. Interdependencies among infrastructures and other activities magnify their contribution to these sectors both positively and negatively, and are of growing concern in the infrastructure security arena. The importance of infrastructure is portrayed in a number of ways. One is the contribution of infrastructure to the gross domestic product (GDP). An estimate by the World Bank is that the GDP increases 15 percent as infrastructure capital doubles.1 Given the difficulty of estimating specific social and economic contributions of infrastructure, another overall way of assessing its contribution has been in terms of the value of infrastructure assets. U.S. assets in 2009 were valued at several trillions of dollars directly for the utilities and transportation sectors alone and a larger amount if other related sectors are included.2 These estimates of asset value or financial impacts may not take into account dependencies and interdependencies among infrastructure sectors and between these sectors and other parts of the economy, or at least do not make those relationships explicit. 438 The security of infrastructure has become a major objective of national policy. Since the mid-1990s or earlier these policies have been reflected in regulations, guidelines, executive orders, reports, legislation, plans, and strategies. Infrastructure security in general evolved out of earlier concerns over protecting communications. That theme continues to dominate infrastructure security policy, attaining more prominence as cybersecurity has had increasing attention along with its increasing interconnections with other infrastructures. As a collection of activities and facilities, infrastructure is complex, pervasive, and thus particularly open to terrorism. To make infrastructure secure, we need to understand its interdependencies and their relationship to infrastructure vulnerabilities. Definitions: Infrastructure, Critical Infrastructure, and Interdependent Infrastructure The current term infrastructure is relatively new, dating from about the 1980s, and earlier, and the concept had to do mainly with military installations and public works.3 In 1997, the Presidents Commission on Critical Infrastructure Protection (PCCIP) adopted a definition that refers to networks, processes, synergy, and continuity to produce and distribute a continuous flow of essential goods and services.4 The concept of critical infrastructure and its interdependencies with other sectors is even more recent than the concept of infrastructure, and links infrastructure and security. Both ideas followed a national emphasis on the performance of infrastructure to