The way issues are framed determines much about how they are managed and decided. We noted in the introduction to this volume that the domain of critical infrastructure protection is no exception. Since the issue surfaced in the early 1990s, public and business leaders have directed the public's attention toward critical infrastructures, rather than, say, essential services; toward protection of those infrastructures, rather than assurance of the services these infrastructures deliver. The widespread adoption of the terminology of critical infrastructure protection focused scarce attention on basic protective measures, such as erecting better perimeter controls around sensitive areas, checking for redundancy in cable routing, and avoiding collocation of several sensitive systems and potential single points of failure. Taking such protective measures was an obvious first step after the abrupt realization, forced by the attacks of Sept-ember 11, 2001, that our society was remarkably vulnerable to predatory action.
Disaster and emergency management communities, however, describe their core concerns differently. They would emphasize mitigation of potential disasters by building away from hazardous areas; prevention of emergencies through prudent management or maintenance; response to disasters by mobilizing emergency fire, medical, police, and rescue crews to help people in dire need; and recovery of disaster zones through clean up of damaged areas, restoration of services, relocation, and rebuilding.
Despite the valuable contributions of both these approaches, they obscure an important dimension of essential service assurance: reliable and continuous operations of large technical systems at times of extreme stress during natural disasters such as hurricanes Katrina or Rita, technological disasters, such as the U.S. and Canada blackout of August 2003, or terrorist attack, such as those of September 11, 2001.