Who protects the information our critical infrastructure relies on?

A recent BCS Thought Leadership Debate discussed who owns the UK's critical national information infrastructure and how it is protected.

A recent BCS Thought Leadership Debate discussed who owns the UK's critical national information infrastructure and how it is protected.

The information necessary for the operation of the critical national infrastructure is widely distributed, is held by a large number of organisations and continually changes.

This means questions of who owns and protects the information are ­vital to ensure the normal functioning of the nation during times of disaster, war or attack by terrorists.

During the Cold War, there were national "key points" - nodes and facilities that were viewed as essential to national survival and would have to be protected from enemy sabotage.

That thinking led to the need for two kinds of protection: physical protection of the facility itself (including personnel security), and the ability, if attacked, to recover quickly.

Primary responsibility lay with the facility operator. The role of the state was to provide security advice and intelligence, keeping the list up to date and reinforcing physical security when needed. That is still the basic paradigm.

The government considers that there are 10 sectors of economic, political and social activity in which there are critical elements: communication, emergency services, energy, finance, food, government and public service, public safety, health, transport, and water.

Information infrastructure is regarded as a thread running through all these sectors. Different sectors have different information security features, such as the use of Scada software by utilities.

The government provides early warning of threats and technical advice through the National Infrastructure Security Co-ordination Centre, the National Technical Authority for Information Assurance, and websites such as www.itsafe.gov.uk.

The BCS debate asked whether the definition of critical information infrastructure should be restricted to "cyber-infrastructure" elements, as it was by former US president Bill Clinton when he popularised the term in relation to what were then described as information super highways.

The debate concluded that a much wider definition was needed. The information systems, control systems, protocols (not just IP but border gateway protocols, domain name systems and networks that support, facilitate or control critical global infrastructure) should thus include international aviation systems, emergency positioning systems, and satellite communications.


Information on BCS membership: www.bcs.org/membership

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest  organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats

Read more on IT risk management