Critical Infrastructure Protections: The 9/11 Commission Report and Congressional Response

Many of the recommendations made in the 9/11 Commission's report dealt indirectly with critical infrastructure protection, especially as the goals of critical infrastructure protection have evolved to include countering the type of attack that occurred on September 11. However, relatively few of the recommendations addressed critical infrastructure protection specifically. Those that did called for using a systematic risk management approach for setting priorities and allocating resources for critical infrastructure protection. None of these recommendations advocated a change in the direction of, or the organizational structures that have evolved to implement, existing infrastructure protection policies. Nevertheless, the Commission's recommendations could speed up implementation in some areas, given the attention and renewed urgency expressed by the Commission. Two bills were introduced as legislative vehicles for enacting some or many of the Commission recommendations ( S. 2845 and H.R. 10 ). Like the Commission's recommendations, the language in these two bills, and the subsequent Intelligence Reform and Terrorism Prevention Act of 2004 ( P.L. 108-458 ), for the most part, strengthen or reinforce existing policy and organization associated with critical infrastructure protection. For a more detailed discussion of national policy regarding critical infrastructure protection, including its evolution, implementation, and continuing issues, see CRS Report RL30153 , Critical Infrastructures: Background, Policy, and Implementation . For a discussion on the use of risk management techniques in the context of critical infrastructure protection, see CRS Report RL32561 , Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities, and Consequences . This report will be updated as appropriate.