The Presidential Policy Directive (PPD) on Critical Infrastructure and Resilience (PPD-21) of 2013 states the following in its Introduction:
The Nation’s critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical space and cyberspace, and governance constructs that involve multilevel authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient.
The National Infrastructure Protection Plan (NIPP) of 2013 states:
The United States benefits from and depends upon a global network of infrastructure that enables the Nation’s security and way of life. The distributed nature and interconnectedness of these assets, systems, and networks create a complex environment in which the risks the Nation faces are not distinctly contained within its borders (e.g. Hurricane Sandy’s fuel shortage illustration of interdependencies and complexities of infrastructure systems).
Simply put and as stated in the opening sentence of the Introduction of PPD-21, “The Nation’s critical infrastructure provides the essential services that underpin American society.” Through a cascading effect, the 16 critical infrastructure sectors identified, one way or another are interconnected to the everyday life and sustainability of commerce in society.
According to PPD-21, “It is the policy of the United States to strengthen the security and resiliency of its critical infrastructure against both physical and cyber threats.” For the sake of brevity, I will only identify the three strategic imperatives underpinning the Federal approach. They are:
Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience;
Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and
Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure.
Resilience, as defined in PPD-21, is the:
…ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions… [It] includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.” Having accurate information and analysis about risk is essential to achieving resilience. Resilient infrastructure assets, systems, and networks must also be robust, agile, and adaptable. Mitigation, response, and recovery activities contribute to strengthening critical infrastructure resilience.