On December 17, 2003, the 2003 Homeland Security Presidential Directive established a policy to assist federal departments and agencies to identify U.S. critical infrastructure sectors and resources to protect them from exploitation. The term “critical infrastructure” in the USA PATRIOT Act of 2001, in particular, includes the following critical infrastructure sector and resources: chemical; emergency services; information technology; postal and shipping; telecommunications; and transportation systems (including buses, flights, ships, ground systems, rail systems, and pipeline systems).
Recently, countries besides the United States have developed networks to deal with threats to critical infrastructures. For example, on February 25, 2005, a new research network of universities and private sector businesses was formed to assist in protecting Australia’s critical infrastructures. Called the Research Network for a Secure Australia (RNSA), the Network’s function is to advance research in IT security, physical infrastructure security, and surveillance—with the objective of thwarting terrorists and cyberterrorists in their plots by sharing critical information. The universities in the Network include the University of Melbourne, the Australia Defence Force Academy, and Queensland University.
Despite the many recent legal and network-sharing actions that the United States and other countries have taken to make their critical infrastructures safer, problems in the critical infrastructures continue to exist and are reported in the media. For example, on February 16, 2005, a media report said that two of Canada’s most important electricity generation plants have security that is so weak that terrorists would have very little trouble invading the plants and causing major problems. In particular, the Manic-5 and Robert Bourassa hydroelectric plants in the remote James Bay area—linked to a series of huge dams supplying power to the northeastern part of the United States and parts of Canada—had no security guards when television reporters arrived on-site. Even worse, a team of television reporters was able to gain access to the Robert Bourassa plant through an open door; the reporters were able to make their way to control panels without being confronted.
Also, during the 12 months ending in April 2004, the Office for Civil Nuclear Safety (OCNS), affiliated with the United Kingdom’s Atomic Energy Authority, said that it found more than 40 security incidents, including eight it classified as failures that could have led to very undesirable consequences. The security failures in the report included such items as carelessness of confidential online document handling—resulting in confidential files landing in public arenas and security guards at nuclear plants not responding to intruder alarms when, in fact, a break-and-enter exploit was in progress.
Kirkup, J. Security Lapses at Nuclear Plants Spark Terror Fears. [Online, February 16, 2005.] Scotsman.com Website. http://news.scotsman.com/uk.cfm?id=176262005; Reuters. Security Lacking at Major Canada Power Plants-TV. [Online, February 16, 2005.] Metro Website. http://www.metronews.ca/reuters_national.asp?id=56498; Riley, J. Network to Research Protection. [Online, February 25, 2005.] News Limited Website. http://australianit .news.com.au/articles/0,7204,12366219% 5E15306%5E%5Enbv%5E,00.html.