You often hear politicians and business leaders talking about how vital it is to adequately protect the critical parts of the national infrastructure. They describe the CNI as both the backbone and the lifeblood of the country, and claim that any disruption, damage or destruction to all or any significant part of the CNI could potentially result in grave consequences for the functioning not just of government, but for the economy and society too. But what exactly do they meant by the term CNI? Moreover, what makes some elements of the infrastructure more critical than others?
There are numerous definitions of what constitutes the critical national infrastructure, but the one most often quoted is Baroness Scotland’s before parliament:
“[The CNI is] those assets, services or systems that support the economic, political and social life of the United Kingdom, whose importance is such that any loss or compromise would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the government.”
So how does the government and private enterprise protect our vital services and systems? How are the ‘critical elements’ of the CNI protected? Which policies protect the nine key areas of our national infrastructure - communications, emergency services, energy, finance, food, government, health, transport and water?
National Security Strategy
The UK Government's National Security Strategy sets out the key strategic choices that have to be addressed to ensure the UK's security and resilience against acts of terrorism and hostile acts in UK cyberspace. The Government published ‘The National Security Strategy’ and ‘The Strategic Defence and Security Review’ in 2010 in which it set out the Government’s priorities in responding to threats against our national security, and increasingly threats to our CNI. The reports sets out the 15 priority risk types that the government has identified: four of these critical areas were identified as the most important threats to national security over the next five years and classified as Tier One risks: international terrorism, attacks on UK cyberspace, international military crises and a major accident or natural hazard, such as an influenza pandemic or severe flooding.
Strategic Defence and Security Review
The Strategic Defence and Security Review sets out how the objectives of the National Security Strategy are to be pursued. These include:
- ensuring that our key counter-terrorist capabilities are maintained and in some areas enhanced, whilst remaining cost-effective in a period of economic decline
- developing a transformative programme for cyber security, which addresses threats from states, criminals and terrorists, whilst seizing the opportunities provided by cyber space for the nation’s future prosperity and for advancing our security interests?
Counter terrorism strategy
The UK Government's counter terrorism strategy (known as CONTEST) aims to reduce the risk from international terrorism so that people can go about their business freely and with confidence. Developing and delivering CONTEST involves stakeholders from across government departments, the emergency services, voluntary organisations, the business sector and partners from across the world. The overall strategy is divided into four principal strands: Prevent, Pursue, Protect and Prepare, and is aimed at reducing the country’s vulnerability to threat.
Cyber Security Strategy
The UK’s new Cyber Security Strategy was published in November 2011. It sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life through building a more trusted and resilient digital environment, in which the partnership between the public and private sector is crucial.
National Risk Register
The most significant emergencies that the United Kingdom and its citizens could face over the next five years are monitored by Government through the National Risk Assessment (NRA). The private and confidential assessment is conducted annually, and draws on expertise from a wide range of departments and agencies of government. The National Risk Register (NRR) is the version that the public sees. The NRA and NRR capture events which could result in significant harm to human welfare: casualties, damage to property, essential services and disruption to everyday life. The risks cover three broad categories: natural events, major accidents and malicious attacks.
Resilience of infrastructure from natural hazards
The Civil Contingencies Secretariat within the Cabinet Office has developed a cross-sector Critical Infrastructure Resilience Programme (CIRP), with the aim of improving the resilience of critical infrastructure and essential services to severe disruption from natural hazards. The process, timetable and expectations for the programme are detailed in its Strategic Framework and Policy statement.