Talk:U.S. critical infrastructure protection
This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
The contents of the National Infrastructure Protection Plan page were merged into U.S. critical infrastructure protection on 26 November 2023. For the contribution history and old versions of the redirected page, please see its history; for the discussion at that location, see its talk page. |
Untitled
editThis page was substantially different than the alleged copyright infraction. It was in the midst of being edited further when it was flagged. Further paraphrasing is required.
A Temp page has been generated with editing of the orignal text that should fix the problems noted.
Cycle looks like straight process
editHow oes it close and repeat? Midgley 03:12, 4 April 2006 (UTC)
The cycle is a continuous process that can end and begin at regular or irregular intervals.FrankWilliams 20:22, 13 April 2006 (UTC)
Page needs rewriting
editThis article is, partly, in need of re-writing. Several sections are not very encyclopedic at all, with a constant use of the first person (especially "we") and opinions written as if they were lifted from a third grader's persuasive essay on the subject.
First of all whoever wrote the above statements should sign their discussions. Second, I don't think a third grader has any notions of the subject which are highly complex. Third, why not contribute and fix that which you think is broken. Not personal just business. FrankWilliams 15:37, 27 October 2006 (UTC)
US Centric and lots of waffle
editThe article makes statements as though they apply to the whole world when they only apply to the US. "In order to establish just such a partnership, PDD-63, mandated the formation of a national structure for critical infrastructure protection" - which national strucure? There are other countries in the world... Also the section entitled "The Importance of CIP" is mostly waffle with little substance Giles.hogben 14:28, 14 August 2007 (UTC)
The article is about the U.S. CIP initiative not the entire world. No, the article does not insinuate that it applies to the whole world. It very clear says that this is a U.S. initiative. It uses examples that has world implications such as "Terrorism". If you read the article carefully the national structure is definted as all the agencies; Federal and State, that participate in the CIP initiative. If by "waffle" you mean equivocally, yes this is true. There are many possible reasons for the importance of the program. The paragraph gives very good examples. Thanks for your constructive criticism in making this article better. FrankWilliams 13:16, 15 August 2007 (UTC)
But the article is entitled Critical Infrastructure Protection - maybe you should change the title to US Critical Infrastructure Protection. We have similar programmes in Europe too under the same name. See [1] [2] Giles.hogben 13:42, 31 October 2007 (UTC)
Lets WP:AGF! I note this topic is driven by presidential decree so I suppose many aspects will remain ambiguous and obviously US-centric. I came here looking for some clarification of the various infrastructure categories, and noted it could do with reworking, as it has the potential to be a very helpful and significant piece... Frank, if you want some constructive criticism:
- change the use of the 1st person to 3rd person (e.g. 'threats to our critical infrastructure...'), drop the amateur dramatics ('the military has been at the forefront of monitoring and warning of potential dangers since the founding of the country.') and take out the Powerpoint language
- remove the jargon. For example, para 1, section: 'Phase 1 Example in the Real World' is all unexplained acronyms and jargon, not encyclopedic at all.
- cut, cut, cut it to about half the size. Section: "Infrastructure Sectors" appears to duplicate "Sectors", whose constituents are probably already in WP somewhere. Section: "The Importance of CIP" probably has duplicates of events already documented elsewhere, and could be merged into the intro once they've been linked & extracted. Do the Phase-by-phase descriptions really help to further describe what's going on beyond the bulleted sections before? Etc...
- Add useful links where jargon is necessary
- Right now it reads more like a process than an object. What will folks come looking for? ... I'd like some pointers or a linked list of what Crit.Infr. is, and is not. What info in the public domain. What is contentious - e.g. how does it tie in to the claims of pork-barrel politics and hot-dog stands being given grants under [Areas Security Initiative grants]? Does it relate to other programs or other foreign national systems?
- And how does it relate to other WP articles such as Public infrastructure??
- Use verifiable references. Private course material isn't encyclopedic or verifiable and is probably copyright. If its not in the public domain then it shouldn't be here
- Add some links - a few relevant DHS pages or documents would be helpful
- Add citations - e.g. "Most experts expect the frequency and severity of critical infrastructure incidents..."
I'd be bold myself, but I suspect that I would end up drastically restructuring the article - some of the editors here might prefer to have a go first and do a better job than I. Though I'm willing to help. Ephebi 15:22, 16 August 2007 (UTC)
Lets WP:AGF! I note this topic is driven by presidential decree so I suppose many aspects will remain ambiguous and obviously US-centric. I came here looking for some clarification of the various infrastructure categories, and noted it could do with reworking, as it has the potential to be a very helpful and significant piece...
Frank, if you want some constructive criticism:
- change the use of the 1st person to 3rd person (e.g. 'threats to
ourcritical infrastructure...'), drop the amateur dramatics ('the military has been at the forefront of monitoring and warning of potential dangers since the founding of the country.') and take out the Powerpoint language
- change the use of the 1st person to 3rd person (e.g. 'threats to
Response: Ok, on 1st vs. 3rd person. amateur dramatics??? (sounds like a personal attack; but I'll assume good faith). The statement about the military was intended to be just a fact. Powerpoint language?? Not sure what you mean; no example given.
- remove the jargon. For example, para 1, section: 'Phase 1 Example in the Real World' is all unexplained acronyms and jargon, not encyclopedic at all.
Response: Ok, agree (we/me) should explain all acronyms.
- cut, cut, cut it to about half the size. Section: "Infrastructure Sectors" appears to duplicate "Sectors", whose constituents are probably already in WP somewhere. Section: "The Importance of CIP" probably has duplicates of events already documented elsewhere, and could be merged into the intro once they've been linked & extracted. Do the Phase-by-phase descriptions really help to further describe what's going on beyond the bulleted sections before? Etc...
Response: No, the sectors are not duplicate. "Infrastructure Sectors" are the National sectors. The "Sectors" paragraph are sectors that are protected by DOD specifically. I agree there is overlap but they do differ. If there are duplicates of events they may need to be deleted unless they are making a point in the paragraph itself. The "bulleted sections" were intended as a summary of the 6 phases. Each of the phase by phase descriptions were intended to go into more depth about each phase. Again, agree there is some overlap; but I'm assuming not everyone want to read the entire article so the summation "bulleted" part is there just before the detailed descriptions.
- Add useful links where jargon is necessary
Response: Agree
- Right now it reads more like a process than an object. What will folks come looking for? ... I'd like some pointers or a linked list of what Crit.Infr. is, and is not. What info in the public domain. What is contentious - e.g. how does it tie in to the claims of pork-barrel politics and hot-dog stands being given grants under [Areas Security Initiative grants]? Does it relate to other programs or other foreign national systems?
Response: Well, the CIP is a process. I don't know of any links or pointers but I agree some could be useful if someone wants to added them.
- And how does it relate to other WP articles such as Public infrastructure??
Response: Not sure, I don't have a detailed list of what WP articles are out there. Certainly appropriate ones should be listed in the "See Also" section.
- Use verifiable references. Private course material isn't encyclopedic or verifiable and is probably copyright. If its not in the public domain then it shouldn't be here
Response: The course material is was NOT private and is attainable. But, I also disagree even if it were. Private course material can be encyclopedic. Verifiability can be ascertained through many avenues and not necessarily just thorough the source, especially if the information happens to be true.
- Add some links - a few relevant DHS pages or documents would be helpful
Response: Agree more links would helpful (see above). DHS is not an acronym I'm familiar with; didn't you just accuse me of using acronyms without definitions :)
- Add citations - e.g. "Most experts expect the frequency and severity of critical infrastructure incidents..."
I'd be bold myself, but I suspect that I would end up drastically restructuring the article - some of the editors here might prefer to have a go first and do a better job than I. Though I'm willing to help. Ephebi 15:22, 16 August 2007 (UTC)
Response: Thanks for your comments and suggestions. They have been better and more informative then others. FrankWilliams 13:47, 17 August 2007 (UTC)
---
Frank, I have re-inserted my earlier comments - its not WP etiquette to edit other's entries on the talk page. Not only does it destroy the record but it also makes it hard for others to follow the thread - and I do hope that other editors see this and act on it as well, as WP is a collaborative project. PS: the mysterious DHS = US Department of Homeland Security, and they have published lots of literature about this topic, but I thought you'd know that Ephebi 15:54, 17 August 2007 (UTC)
- I have reworked the wording in the Overview section and tweaked the section/subsection headers. Although there are fewer words I don't believe I have removed any content. Ephebi 22:12, 28 August 2007 (UTC)
The importance of CIP
editHaving examples is no bad thing but this section is referencing a 12-year old hack on Citicorp's infrastructure with no broad infrastructure impact and only a fairly small financial sum involved (comparatively speaking!). I don't see it as a relevant example of an infrastructure threat. I think Titan Rain is a better example to use, as this is fairly-well documented and is a relevant as a hostile attack that spanned several sectors and networks with potentailly significant consequences. Ephebi 13:57, 29 August 2007 (UTC)
Hacking the financial sector is major threat as money is at the heart of everything done. Stopping or deviating funds can have major consequences throughout the infrastructure. I agree that this particular example was not that noteworthy in of itself however it does exemplify that the financial sector is vulnerable (if a 12 year old can hack a major financial institution) what does this say for well paid and motivated professional hackers? Perhaps the citicorp paragraph needs to be expanded to say these things. I also agree that the Titan Rain examples may also be beneficial in being added as a paragraph. Thanks FrankWilliams 14:31, 29 August 2007 (UTC)
- Finding a good example from the financial sector is tricky - resilience in Wall St's terms means avoiding a crisis of confidence/contagion and making sure that clearing & settlement can still function by keeping the key central systems and counter-parties available. The Citigroup example doesn't reflect this, its just a hack with very local consequences. Even after 9/11 the loss of several important counter-parties caused Wall St to shut down for nearly a week but this damage was, to the best of my knowledge, contained within the immediate finance sector. Titan Rain came to mind as a real example of a broad-based hostile hack, but there may be others which are in the public domain Ephebi 17:07, 29 August 2007 (UTC)
- I haven't sorted out a good example yet, but have managed to source the relationship between HSPD-7 & PDD-63, & reference the wierd security grant stories which I added in a 'Controvosy' sub-heading. I hope this article now presents itself in a better context. It could still do with a bit of tidying up, with some of the prose moving from 1st person plural to 3rd person, but I'm running out of time at the moment. Ephebi 12:18, 31 August 2007 (UTC)
I think that this page needs to be rewritten from scratch, and that it needs to stick to the science, engineering, and history (non-political I hope), of policy initiatives. Because CIP as an issue (at least in the US) really emerged after Y2K and 911, may be that would be a good starting point for an updated presentation of issues. I am willing to take a crack at a re-write if others are willing to help. It makes sense, for example, to have subsections on specific critical sectors - defined in a way that allows people from different countries to contribute.
David Mussington, 13 April 2008 —Preceding unsigned comment added by 71.178.45.88 (talk) 14:22, 13 April 2008 (UTC)
Other perspectives: EU
editGents, I would like to add a section to the CIP page to explain what's going on on the other side of the ocean. This would give a more balanced view on CIP around the world. I would keep it as a separate section, but I would rephrease some of the other paragraphs so it is clear we are talking about US. An example is the "Sectors" section. I will work on this in the next few weeks, any comment and suggestion are welcome. —Preceding unsigned comment added by Andrea.rigoni (talk • contribs) 16:57, 29 May 2008 (UTC)
- the article Critical infrastructure already been developing as a synopsis of other European countries' approaches. Suggest they remain there, and, for readability, that this article retains its primarily US focus based on the Presidential decrees that created it Ephebi (talk) 19:34, 19 July 2008 (UTC)
- Ephebi, as stated before by other editors, CIP is not a US only program, there are many other countries with completely different approaches. I do not find appropriate to talk mainly of US approach on a page that talks about CIP. I have two proposals: a) we rename this page to US CIP and we create separate pages for other geos b) we create a general introduction and then we have one paragraph describing US approach and other paragraphs describing other areas. I am more than happy to write the European one. —Preceding unsigned comment added by Andrea.rigoni (talk • contribs) 00:54, 20 November 2008 (UTC)
- I think you are misreading the previous dialogue and mis-attributing comments to me. However, at the time of the discussion above CIP was primarily a US-only term and had been for a decade or more. (I do appreciate this is changing, as from December 2006 the European Commission issued its directive. However directives have no force unless and until they are subsequently brought into force by European countries individually adopting it within their own legal frameworks. This happens at varying times - so perhaps you can update with the current status of adoption of the directive in the main Member States?)
- To answer your question I wouldn't have a problem if we create a disambiguation page or a pointer to CIP from Critical Infrastructure Protection (USA). However before making an EU version we should check on the terminology used here, as CIP would be technically the wrong term to use in a European context. The European directive is for the "European Programme for Critical Infrastructure Protection" (EPCIP) for "European Critical Infrastructures" (ECI), which is a subtly different terminology. National governments within the EU take that directive and use different terms and contextualise it slightly differently. If you are going to write a detailed article about the European policy from the directive then I favour using the Commission's term: European Programme for Critical Infrastructure Protection. But I'd also favour including a {See also} link to the transatlantic equivalent at the top of each article. Ephebi (talk) 00:32, 21 November 2008 (UTC)
- The only remark I have is that despite it is true that we use different terms in US and in Europe, CIP and CIIP are widely used in literature and in Political Agendas. My suggestion is to keep the original title CIP, add an introduction that explains exactly what you stated above and then create a separate EPCIP page, that I am happy to write based on my knowledge of the European Program, directive and the various Member states initiatives. Andrea.rigoni (talk) 15.24, 21 November 2008 (CET) —Preceding undated comment was added at 14:25, 21 November 2008 (UTC).
- I have modifed the lead para and created a stub EPCIP - would you like to expand on the link provided to EPCIP? Thanks, Ephebi (talk) 22:20, 21 November 2008 (UTC)
Ephebi, thanks for creating a stub. As proponents of European CIP advocates are now finally jumping on this bandwagon since I first started this article 3 years ago I think its a good idea to have a European version since they now have such a program. I'd like to keep this article U.S. based as that was my intent from the incept.
Material in section on infrastructure sectors is outdated
editThe content of this article does not include discussion of Presidential Policy Directive (PDD) 21, released February 12, 2013, Presidential Policy Directive: Critical Infrastructure Security and Resilience.[1] In a section of the directive titled Designated Critical Infrastructure Sectors and Sector-Specific Agencies, the White House identifies critical infrastructure sectors and their corresponding sector-specific agencies (SSAs):
This directive identifies 16 critical infrastructure sectors and designates associated Federal SSAs. In some cases co-SSAs are designated where those departments share the roles and responsibilities of the SSA. The Secretary of Homeland Security shall periodically evaluate the need for and approve changes to critical infrastructure sectors and shall consult with the Assistant to the President for Homeland Security and Counterterrorism before changing a critical infrastructure sector or a designated SSA for that sector. The sectors and SSAs are as follows:
Chemical: Sector-Specific Agency: Department of Homeland Security
Commercial Facilities: Sector-Specific Agency: Department of Homeland Security
Communications: Sector-Specific Agency: Department of Homeland Security
Critical Manufacturing: Sector-Specific Agency: Department of Homeland Security
Dams: Sector-Specific Agency: Department of Homeland Security
Defense Industrial Base: Sector-Specific Agency: Department of Defense
Emergency Services: Sector-Specific Agency: Department of Homeland Security
Energy: Sector-Specific Agency: Department of Energy
Financial Services: Sector-Specific Agency: Department of the Treasury
Food and Agriculture: Co-Sector-Specific Agencies: U.S. Department of Agriculture and Department of Health and Human Services
Government Facilities: Co-Sector-Specific Agencies: Department of Homeland Security and General Services Administration
Healthcare and Public Health: Sector-Specific Agency: Department of Health and Human Services
Information Technology: Sector-Specific Agency: Department of Homeland Security
Nuclear Reactors, Materials, and Waste: Sector-Specific Agency: Department of Homeland Security
Transportation Systems: Co-Sector-Specific Agencies: Department of Homeland Security and Department of Transportation
Water and Wastewater Systems:
Sector-Specific Agency: Environmental Protection Agency[2]
This material should appear in the section on infrastructure sectors in this article in place of the outdated material in that section.
References
edit- ^ White House, 2013, Presidential Policy Directive: Critical Infrastructure Security and Resilience (Presidential Policy Directive 21). Retrieved from http://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
- ^ White House, 2013, Presidential Policy Directive: Critical Infrastructure Security and Resilience (Presidential Policy Directive 21), "Designated Critical Infrastructure Sectors" section. Retrieved from http://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
Proposed merge of National Infrastructure Protection Plan into U.S. critical infrastructure protection
editalready covered in U.S._critical_infrastructure_protection#National_Infrastructure_Assurance_Plan_/_National_Infrastructure_Protection_Plan fgnievinski (talk) 18:46, 6 March 2023 (UTC)
- Merger complete. Klbrain (talk) 11:03, 26 November 2023 (UTC)
Outdated Information
editThis article should be updated to ensure the reference and information conveyed are up-to-date and reflective of the current critical infrastructure protection programs throughout the US government. Lindseywb18 (talk) 17:03, 17 January 2024 (UTC)