This publication and the abstract below was published by The Wilson Center in November 2017. ICIT strongly encourages you to visit the The Wilson Center Publication Library to search for additional information security resources which are freely available.

A Comparative Study: The Approach to Critical Infrastructure Protection in the U.S., E.U., and China

The US Presidential Policy Directive 21 (“Critical Infrastructure Security and Resilience”) defines critical infrastructure as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating
impact on security, national economic security, national public health or safety, or any combination of those matters.”2 The U.S. is currently working toward identifying sectors that are truly critical based on the impact they have on the public. Today it recognizes 16 critical infrastructure sectors and assigns responsibility for protecting them to specific government agencies. For example, DHS is responsible for ten of the 16 sectors. The Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD) is responsible for coordinating critical infrastructure protection at the national-level.

In 2013, Presidential Executive Order 13636 (“Improving Critical Infrastructure Cybersecurity”) tasked the U.S. National Institute of Standards and Technology (NIST) to lead the development of a framework to minimize cybersecurity risks to critical infrastructure, seeking feedback from public and private sector stakeholders and incorporating industry best practices to the fullest extent possible. Over a one-year period, NIST managed open workshops and consultations, coordinated numerous iterations of the standard, and led active partnership between the government and the private sector.