Critical infrastructure

Items

Most commonly associated with the term are assets and facilities for:

• Shelter; Heating (e.g. natural gas, fuel oil, district heating);
• Agriculture, food production and distribution;
• Education, skills development and technology transfer / basic subsistence and unemployment rate statistics;
• Water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices));
• Public health (hospitals, ambulances);
• Transportation systems (fuel supply, railway network, airports, harbours, inland shipping);
• Security services (police, military).
• Electricity generation, transmission and distribution; (e.g. natural gas, fuel oil, coal, nuclear power)
  • Renewable energy, which are naturally replenished on a human timescale, such as sunlight, wind, rain, tides, waves, and geothermal heat.
• Telecommunication; coordination for successful operations
• Economic sector; Goods and services and financial services (banking, clearing);

Protection programmes{{anchor|Protection}}

Canada

The Canadian Federal Government identifies the following 10 Critical Infrastructure Sectors as a way to classify essential assets.

1. Energy & Utilities: Electricity providers; off-shore/on-shore oil & gas; coal supplies, natural gas providers; home fuel oil; gas station supplies; alternative energy suppliers (wind, solar, other)
2. Information and Communication Technology: Broadcast Media; telecommunication providers (landlines, cell phones, internet, wifi); Postal services;
3. Finance: Banking services, government finance/aid departments; taxation
4. Health: Public health & wellness programs, hospital/clinic facilities; blood & blood products
5. Food: Food supply chains; food inspectors; import/export programs; grocery stores; Agri & Aqua culture; farmers markets
6. Water: Water supply & protection; wastewater management; fisheries & ocean protection programs
7. Transportation: Roads, bridges, railways, aviation/airports; shipping & ports; transit
8. Safety: Emergency responders; public safety programs
9. Government: Military; Continuity of governance
10. Manufacturing: Industry, economic development

European Union

Main article: European Programme for Critical Infrastructure Protection

European Programme for Critical Infrastructure Protection (EPCIP) refers to the doctrine or specific programs created as a result of the European Commission's directive EU COM(2006) 786 which designates European critical infrastructure that, in case of fault, incident, or attack, could impact both the country where it is hosted and at least one other European Member State. Member states are obliged to adopt the 2006 directive into their national statutes.

It has proposed a list of European critical infrastructures based upon inputs by its member states. Each designated European Critical Infrastructures (ECI) will have to have an Operator Security Plan (OSP) covering the identification of important assets, a risk analysis based on major threat scenarios and the vulnerability of each asset, and the identification, selection and prioritisation of counter-measures and procedures.

Germany

The German critical-infrastructure protection programme KRITIS is coordinated by the Federal Ministry of the Interior. Some of its special agencies like the German Federal Office for Information Security or the Federal Office of Civil Protection and Disaster Assistance BBK deliver the respective content, e.g., about IT systems.

Singapore

In Singapore, critical infrastructures are mandated under the Protected Areas and Protected Places Act. In 2017, the Infrastructure Protection Act was passed in Parliament, which provides for the protection of certain areas, places and other premises in Singapore against security risks. It came into force in 2018.

United Kingdom

In the UK, the National Protective Security Authority (NPSA) provides information, personnel and physical security advice to the businesses and organizations which make up the UK's national infrastructure, helping to reduce its vulnerability to terrorism and other threats.

It can call on resources from other government departments and agencies, including MI5, the National Cyber Security Centre (NCSC) and other government departments responsible for national infrastructure sectors.

United States

Main article: U.S. critical infrastructure protection

The U.S. has had a wide-reaching critical infrastructure protection program in place since 1996. Its Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."

In 2014 the NIST Cybersecurity Framework was published, and quickly became a popular set of guidelines, despite the significant costs of full compliance.

These have identified a number of critical infrastructures and responsible agencies:

1. Agriculture and food – Departments of Agriculture and Health and Human Services
2. Water – Environmental Protection Agency
3. Public Health – Department of Health and Human Services
4. Emergency Services – Department of Homeland Security
5. Government – Department of Homeland Security
6. Defense Industrial Base – Department of Defense
7. Information and Telecommunications – Department of Commerce
8. Energy – Department of Energy
9. Transportation and Shipping – Department of Transportation
10. Banking and Finance – Department of the Treasury
11. Chemical Industry and Hazardous Materials – Department of Homeland Security
12. Post – Department of Homeland Security
13. National monuments and icons - Department of the Interior
14. Critical manufacturing - Department of Homeland Security (14th sector announced March 3, 2008; recorded April 30, 2008)

National Infrastructure Protection Plan

The National Infrastructure Protection Plan (NIPP) defines critical infrastructure sector in the US. Presidential Policy Directive 21 (PPD-21), issued in February 2013 entitled Critical Infrastructure Security and Resilience mandated an update to the NIPP. This revision of the plan established the following 16 critical infrastructure sectors:

1. Chemical
2. Commercial facilities
3. Communications
4. Critical manufacturing
5. Dams
6. Defense industrial base
7. Emergency services
8. Energy
9. Financial services
10. Food and agriculture
11. Government facilities
12. Healthcare and public health
13. Information technology
14. Nuclear reactors, materials, and waste
15. Transportation systems
16. Water and wastewater systems

National Monuments and Icons along with the postal and shipping sector were removed in 2013 update to the NIPP. The 2013 version of the NIPP has faced criticism for lacking viable risk measures. The plan assigns the following agencies sector-specific coordination responsibilities:

; Department of Homeland Security

• Chemical
• Commercial facilities
• Communications
• Critical manufacturing
• Dams
• Emergency services
• Government facilities (jointly with General Services Administration)
• Information technology
• Nuclear reactors, materials, and waste
• Transportation systems (jointly with Department of Transportation)

; Department of Defense

• Defense industrial base

; Department of Energy

• Energy

; Department of the Treasury

• Financial services

; Department of Agriculture

• Food and agriculture

; General Services Administration

• Government facilities (jointly with Department of Homeland Security)

; Department of Health and Human Services

• Healthcare and Public Health

; Department of Transportation

• Transportation systems (jointly with Department of Homeland Security)

; Environmental Protection Agency

• Water and wastewater systems

State-level legislation

Several U.S. states have passed "critical infrastructure" bills, promoted by the American Legislative Exchange Council (ALEC), to criminalize protests against the fossil fuel industry. In May 2017, Oklahoma passed legislation which created felony penalties for trespassing on land considered critical infrastructure, including oil and gas pipelines, or conspiring to do so; ALEC introduced a version of the bill as a model act and encouraged other states to adopt it. In June 2020, West Virginia passed the Critical Infrastructure Protection Act, which created felony penalties for protests against oil and gas facilities.

Stress testing

Critical infrastructure (CI) such as highways, railways, electric power networks, dams, port facilities, major gas pipelines or oil refineries are exposed to multiple natural and human-induced hazards and stressors, including earthquakes, landslides, floods, tsunami, wildfires, climate change effects or explosions. These stressors and abrupt events can cause failures and losses, and hence, can interrupt essential services for the society and the economy. Therefore, CI owners and operators need to identify and quantify the risks posed by the CIs due to different stressors, in order to define mitigation strategies and improve the resilience of the CIs. Stress tests are advanced and standardised tools for hazard and risk assessment of CIs, that include both low-probability high-consequence (LP-HC) events and so-called extreme or rare events, as well as the systematic application of these new tools to classes of CI.

Stress testing is the process of assessing the ability of a CI to maintain a certain level of functionality under unfavourable conditions, while stress tests consider LP-HC events, which are not always accounted for in the design and risk assessment procedures, commonly adopted by public authorities or industrial stakeholders. A multilevel stress test methodology for CI has been developed in the framework of the European research project STREST, consisting of four phases:

Phase 1: Preassessment, during which the data available on the CI (risk context) and on the phenomena of interest (hazard context) are collected. The goal and objectives, the time frame, the stress test level and the total costs of the stress test are defined.

Phase 2: Assessment, during which the stress test at the component and the system scope is performed, including fragility and risk analysis of the CIs for the stressors defined in Phase 1. The stress test can result in three outcomes: Pass, Partly Pass and Fail, based on the comparison of the quantified risks to acceptable risk exposure levels and a penalty system.

Phase 3: Decision, during which the results of the stress test are analyzed according to the goal and objectives defined in Phase 1. Critical events (events that most likely cause the exceedance of a given level of loss) and risk mitigation strategies are identified.

Phase 4: Report, during which the stress test outcome and risk mitigation guidelines based on the findings established in Phase 3 are formulated and presented to the stakeholders.

This stress-testing methodology has been demonstrated to six CIs in Europe at component and system level: an oil refinery and petrochemical plant in Milazzo, Italy; a conceptual alpine earth-fill dam in Switzerland; the Baku–Tbilisi–Ceyhan pipeline in Turkey; part of the Gasunie national gas storage and distribution network in the Netherlands; the port infrastructure of Thessaloniki, Greece; and an industrial district in the region of Tuscany, Italy. The outcome of the stress testing included the definition of critical components and events and risk mitigation strategies, which are formulated and reported to stakeholders.

Critical Maritime Infrastructure

Critical maritime infrastructure (CMI) refers to maritime-based systems within sectors whose disruption would have serious economic, security, environmental or societal consequences which includes shipping, energy, communications, fishing and biodiversity (nearly 99% of transoceanic digital communications are carried by undersea fiber-optic cables which makes the global submarine cable network critical for modern global infrastructure). CMI is defined through political and strategic assessments rather than technical criteria alone and varies across states and regions. Its transnational character with infrastructure spanning multiple maritime jurisdictions complicates governance and protection while recent incidents involving subsea cables and pipelines have underscored CMI’s vulnerability to hybrid threats and its growing geopolitical significance.

Legal and Regulatory Frameworks Governing CMI

Maritime infrastructure is governed by a combination of international law, sector-specific regimes and national legislation that operates within a fragmented legal environment defined by maritime zones rather than unified territorial sovereignty. The core legal framework is the United Nations Convention on the Law of the Sea (UNCLOS), which divides ocean space into zones with different rights and obligations that shapes how maritime infrastructure is regulated and operated while balancing coastal state authority with freedoms of navigation and communication. Since the mid-twentieth century, states have expanded regulatory authority through functional territorialization without establishing full sovereignty. In parallel, maritime security concerns have introduced additional governance layers addressing crime, environmental harm and infrastructure protection that has resulted in a hybrid regulatory order combining legal rules, security practices and technical management.

International Governance of CMI

International governance of maritime infrastructure operates through a decentralized system shaped by historical power shifts and institutional plurality. Rather than a unified global regime, governance has developed as an issue-specific system in which authority emerges through negotiations, norms and interaction among states, international organizations and transnational actors. Since the implementation of UNCLOS, governance has been marked by institutional overlap and regime complexity which enables flexibility but also creates coordination challenges and jurisdictional ambiguity. These arrangements reflect uneven power relations and are increasingly strained by technological change which leads to reliance on informal coordination and adaptive practices rather than comprehensive treaty reform.

Geographic Distribution of CMI in Regions

Maritime infrastructure is distributed across fluid ocean spaces shaped by currents, mobility and ecological processes which make fixed regional boundaries difficult to apply. Open-ocean areas demonstrate how infrastructure and management must adapt to shifting spatial conditions. Ocean basins have historically structured maritime connectivity by producing uneven patterns of ports and shipping routes that reflect long-term commercial, biological and cultural exchange rather than national borders. More recently, infrastructure has clustered within global ocean regions formed through political, economic and security practices. Institutional regionalization (including the UNEP Regional Seas Programme) further influences infrastructure development, while geographic scholarship emphasizes the three-dimensional nature of maritime regions spanning surface waters, the water column and the seabed.

Red Sea Disruptions and Cascading Effects on CMI

Since November 2023, attacks on commercial shipping by the Iran-aligned Houthi movement in Yemen have disrupted maritime traffic in the Red Sea that functions as a key corridor by linking the Indian Ocean and the Mediterranean Sea via the Suez Canal. The targeting of commercial vessels has increased security risks and instability along one of the world’s most important maritime chokepoints. These disruptions have led to widespread rerouting of vessels around the Cape of Good Hope which extends voyage times and raises transportation costs with measurable impacts on global supply chains, commodity prices and shipping markets. The rerouting has also redistributed environmental pressures by reducing ship-related air pollution in the Red Sea while increasing emissions along alternative routes off southern Africa. The security situation in the Red Sea has further intensified regional and global geopolitical tensions influenced by the intersection of rival interests among Middle Eastern states and broader great-power competition which has reinforced international concerns over the protection of critical maritime infrastructure in the region.

The Economic Importance of CMI for the Blue Economy

Maritime infrastructure supports the blue economy which frames the ocean as a key driver of economic growth through activities such as shipping, fisheries, offshore energy, aquaculture and seabed resource extraction. Ports, shipping networks, offshore platforms, and subsea cables enable global trade, energy supply and access to marine resources which makes maritime infrastructure central to national economies and global economic integration. While proponents emphasize opportunities for growth, employment and innovation, critical scholarship highlights environmental risks and social tensions which includes resource enclosure and the unequal distribution of benefits associated with large-scale infrastructure development.

Environmental Protection and CMI in Marine Protected Areas

Marine protected areas (MPAs) are a key tool for marine environmental protection and increasingly shape the governance of maritime infrastructure. By restricting or regulating activities of infrastructure such as shipping, offshore energy development, fisheries and seabed installations, MPAs influence where and how infrastructure can be developed. The global expansion of large MPAs reflects growing international conservation commitments even though their design and implementation vary significantly. Research highlights tensions between conservation goals and economic or infrastructural interests because MPAs are often established in areas of low economic use that have limiting conflict with infrastructure development with potentially low reducing ecological effectiveness. At the same time, Marine spatial planning (MSP) has emerged as a key mechanism for managing interactions between conservation and infrastructure while also reflecting power imbalances and strategic considerations that includes security and geopolitical interests.

Security Threats to CMI and Blue Crime

Maritime infrastructure faces security threats from geopolitical competition, grey-zone activities and transnational organized crime, and these risks increasingly affect ports, shipping routes, offshore energy installations and subsea cables which are vulnerable to sabotage and coercive practices below the threshold of armed conflict. Blue crime (includes piracy, smuggling, trafficking, illegal fishing, and pollution) further undermines maritime infrastructure by exploiting jurisdictional complexity and limited enforcement at sea, and international responses led by the United Nations and regional organizations rely mainly on coordination and capacity-building but remain fragmented across regions and issue areas.

CMI and the Influence of Non-State Actors

Civil society, scientific institutions and Non-governmental organizations (NGOs) play a significant role in maritime infrastructure governance by producing expertise, shaping policy agendas and monitoring activities at sea. Scientific networks contribute data and assessments that inform international negotiations and regulatory frameworks in particular areas such as marine biodiversity, environmental protection and infrastructure planning beyond national jurisdiction. NGOs and activist groups influence governance through advocacy, surveillance and digital monitoring tools that increase transparency around shipping, fishing and infrastructure use while also raising concerns about power, visibility and control. Their involvement operates alongside state authority and can both challenge and reinforce existing governance arrangements in complex maritime spaces .

References

References

1. Tarter, Alex. (2015). "Securing Critical Infrastructure". The Military Engineer.
2. (2007). "Systems that Should Have Failed: Critical Infrastructure Protection in an Institutionally Fragmented Environment". Journal of Contingencies and Crisis Management.
3. (2023-09-01). "Critical maritime infrastructure protection: What's the trouble?". Marine Policy.
4. (May 26, 2021). "National Cross Sector Forum 2021-2023 Action Plan for Critical Infrastructure".
5. (December 21, 2018). "National Strategy for Critical Infrastructure".
6. "''Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie)''".
7. (31 December 2013). "Protected Areas and Protected Places Act - Singapore Statutes Online". Government of Singapore.
8. (2 October 2017). "Infrastructure Protection Act 2017 - Singapore Statutes Online".
9. (14 March 2019). "Infrastructure Protection Act". Singapore Police Force.
10. "Protecting Infrastructure". Ministry of Home Affairs.
11. (March 30, 2016). "NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds".
12. (2013-02-12). "Presidential Policy Directive -- Critical Infrastructure Security and Resilience".
13. White, R.. (February 13, 2014). "Towards a Unified Homeland Security Strategy: An Asset Vulnerability Model".
14. Kahan, J. (February 4, 2015). "Resilience Redux: Buzzword or Basis for Homeland Security".
15. (January 12, 2021). "In Wake of Capitol Riot, GOP Legislatures 'Rebrand' Old Anti-BLM Protest Laws". [[The Intercept]].
16. Brown, Alleen. (May 23, 2019). "Pipeline Opponents Strike Back Against Anti-Protest Laws". [[The Intercept]].
17. Brown, Alleen. (June 7, 2020). "A Powerful Petrochemical Lobbying Group Advanced Anti-Protest Legislation in the Midst of the Pandemic". [[The Intercept]].
18. (2016-05-01). "Critical infrastructure, panarchies and the vulnerability paths of cascading disasters". Natural Hazards.
19. (March 2019). "Including seismic risk mitigation measures into the Levelized Cost Of Electricity in enhanced geothermal systems for optimal siting". Applied Energy.
20. (June 2014). "Changing the resilience paradigm". Nature Climate Change.
21. (April 2020). "Resilience assessment framework for critical infrastructure in a multi-hazard environment: Case study on transport assets". Science of the Total Environment.
22. "STREST-Harmonized approach to stress tests for critical infrastructures against natural hazards. Funded from the European Union's Seventh Framework Programme FP7/2007-2013, under grant agreement no. 603389. Project Coordinator: Domenico Giardini; Project Manager: Arnaud Mignan, ETH Zurich".
23. (2020-03-01). "Risk-Based Multilevel Methodology to Stress Test Critical Infrastructure Systems". Journal of Infrastructure Systems.
24. (2014). "SYNER-G: Typology Definition and Fragility Functions for Physical Elements at Seismic Risk". Springer Netherlands.
25. (2014). "SYNER-G: Systemic Seismic Vulnerability and Risk Assessment of Complex Urban, Utility, Lifeline Systems and Critical Facilities". Springer Netherlands.
26. (2020). "A risk-based multi-level stress test methodology: application to six critical non-nuclear infrastructures in Europe". Natural Hazards.
27. (2023-09-01). "Critical maritime infrastructure protection: What's the trouble?". Marine Policy.
28. (2021-07-03). "Protecting hidden infrastructure: The security politics of the global submarine data cable network". Contemporary Security Policy.
29. (2025). "Defending Maritime Assets: Approaches to Critical Infrastructure Protection". Springer Netherlands.
30. Bederman, David J.. (2012-11-01). "The Sea". Oxford University Press.
31. Tanaka, Yoshifumi. (2004). "Zonal and Integrated Management Approaches to Ocean Governance: Reflections on a Dual Approach in International Law of the Sea.". The International Journal of Marine and Coastal Law.
32. Steinberg, Philip E.. (1999). "Lines of Division, Lines of Connection: Stewardship in the World Ocean". Geographical Review.
33. Lambach, Daniel. (2022-07-14). "The Territorialization of the Global Commons: Evidence From Ocean Governance". Politics and Governance.
34. Bueger, Christian. (2022-06-06). "Security". Routledge.
35. Koh, Tommy T. B.. (1987). "The Origins of the 1982 Convention on the Law of the Sea". Malaya Law Review.
36. Nye, J. S.. (1975-01-01). "Ocean rule making from a world politics perspective". Ocean Development & International Law.
37. Mendenhall, Elizabeth. (2019). "The Ocean Governance Regime: International Conventions and Institutions". Cambridge University Press.
38. (2020). "Regime interaction in ocean governance: problems, theories, and methods". Brill Nijhoff.
39. Mgeladze, Mariam. (2023). "UK House of Lords Inquiry: Is the UN Convention on the Law of the Sea Still Fit for Purpose?". The Journal of Territorial and Maritime Studies.
40. Ranganathan, Surabhi. (10 Dec 2020). "Decolonization and International Law: Putting the Ocean on the Map.". Journal of the History of International Law / Revue d'Histoire du Droit International.
41. Nyman, Elizabeth. (2017-08-01). "Outpaced by events: Our ageing law of the sea". International Journal of Maritime History.
42. (2019-01-01). "What is the Sargasso Sea? The problem of fixing space in a fluid ocean". Political Geography.
43. Bentley, Jerry H.. (1999-04-01). "Sea and Ocean Basins as Frameworks of Historical Analysis". Geographical Review.
44. (2025). "Introduction: Understanding Global Ocean Regions". Springer Nature Switzerland.
45. Mendenhall, Elizabeth. (2025). "The Limits of Marine Regionalism in Global Ocean Governance: The UNEP Regional Seas Programme". Springer Nature Switzerland.
46. (2020). "Handbook on the geographies of regions and territories". Edward Elgar Publishing.
47. (November 2024). "Challenges and Security Risks in the Red Sea: Impact of Houthi Attacks on Maritime Traffic". Journal of Marine Science and Engineering.
48. (2025). "Houthi's Threat on Sea Freight: Shade Light on Intertrade Between European Union and Southeast Countries". Springer Nature Switzerland.
49. Pedrozo, Raul. (2024-01-05). "Protecting the Free Flow of Commerce from Houthi Attacks off the Arabian Peninsula". International Law Studies.
50. (2025-10-17). "Disruptions in global trade routes: market reactions to the US–Houthi conflict in the consumer cyclical sector". International Journal of Development Issues.
51. (2024). "Shifts in Maritime Trade Routes as a Result of Red Sea Shipping Crisis Detected in TROPOMI NO2 Data". Geophysical Research Letters.
52. (2025). "The Political and Regional Dynamics of the Houthi Uprising in Yemen: An Analytical Perspective: The Political and Regional Dynamics of the Houthi Uprising in Yemen: An Analytical Perspective". The Journal for Interdisciplinary Middle Eastern Studies.
53. (2021-01-13). "The Ocean 100: Transnational corporations in the ocean economy". Science Advances.
54. (2020-01-24). "The Blue Acceleration: The Trajectory of Human Expansion into the Ocean". One Earth.
55. Barbesgaard, Mads. (2018-01-02). "Blue growth: savior or ocean grabbing?". The Journal of Peasant Studies.
56. Jernelöv, Arne. (2010). "The Threats from Oil Spills: Now, Then, and in the Future". Ambio.
57. (2017). "The Global Norm of Large Marine Protected Areas: Explaining variable adoption and implementation". Environmental Policy and Governance.
58. (2015). "Reinventing residual reserves in the sea: are we favouring ease of establishment over need for protection?". Aquatic Conservation: Marine and Freshwater Ecosystems.
59. (2020-12-01). "Mechanisms of power in maritime spatial planning processes in Denmark". Ocean & Coastal Management.
60. De Santo, Elizabeth M.. (2020-02-01). "Militarized marine protected areas in overseas territories: Conserving biodiversity, geopolitical positioning, and securing resources in the 21st century". Ocean & Coastal Management.
61. (2024-05-31). "Understanding Maritime Security". Oxford University Press.
62. Bueger, Christian. (2021-08-26). "Does Maritime Security Require a New United Nations Structure?".
63. Haas, Peter M.. (July 1989). "Do regimes matter? Epistemic communities and Mediterranean pollution control". International Organization.
64. (2020-12-23). "The Voice of Science on Marine Biodiversity Negotiations: A Systematic Literature Review". Frontiers in Marine Science.
65. (2023-06-01). "Making global oceans governance in/visible with Smart Earth: The case of Global Fishing Watch". Environment and Planning E: Nature and Space.
66. Lehman, Jessica. (2018-02-01). "From ships to robots: The social relations of sensing the world ocean". Social Studies of Science.
67. (September 2006). "Governance to Governmentality: Analyzing NGOs, States, and Power". International Studies Quarterly.
68. Scharenberg, Antje. (2022-08-09). "Sea changes: How ocean activism reshapes the way we see borders, sovereignty and power". The Sociological Review Magazine.