[CII] "critical infrastructure"

[tvest at eyeconomics.com]

On Nov 26, 2009, at 7:58 AM, bmanning at vacation.karoshi.com wrote:

>
> 	I occasionally get confused.  Is there a common understanding
> 	of the term "Critical Internet Infrastructure"?
>
> 	Or are we all talking past each other?
>
--bill

Hello all,

In practice, "critical infrastructure" (CI) is not defined based  
primarily on intrinsic features, but rather almost exclusively on  
extrinsic/contextual considerations. CI is the union of (a) the set of  
things that contemporary (enterprise/local/national) emergency and  
security planners are paid to harden and/or make redundant in the  
event that bad things happen, and (b) the cumulative set of things  
that were in-sourced, nationalized and/or militarized in response to  
past bad events.

Implicitly, (a) makes CI highly contingent on the scope of individual/ 
professional interests and responsibilities, and (b) makes the set of  
current CI -- what's included, what's excluded -- somewhat arbitrary.

It might be interesting to try to identify common features and/or  
transitive dependencies across the superset of CI, e.g., as a possible  
method for rank ordering levels of criticality, but I suspect that  
achieving consensus on such a ranked list would be a bit tricky. That  
said, even a non-converging conversation about broad CI issues  
involving lots of different CI stakeholders might help to illuminate  
cross-cutting issues and inform local relative priorities.

Bottom line: the goal of collectively developing a baseline, "clean  
slate" definition of critical infrastructure could be quite useful,  
but the value is unlikely to come from success in that narrow goal,  
but rather in the discussion itself.

Tom Vest

P.S. A day may come when I am a bot, but it is not this day.