My current class in my master's program is Critical Infrastructure Protection. I wasn't sleeping well before I found this thread.
Ooooh. Oh! I got a FUN one for you then. HSPD-7. K. Just to give anyone else a little jump in.. (and feel free to correct me. I'm only involved partially in one of these.. your background on the subject as a whole dwarfs mine).
Critical Infrastructure, depending on what it is, falls under the privvie of either Dept of Treasury, Transport, Interior, DoJ, EPA, Human Services. (I know I'm missing one or two.) Each of those have independent assets and rules & regs. As it is, getting those networks InfoSec compliant is a G-D NIGHTMARE. (*coughs* DoE. Pointing at you, big guy. *coughs*) You then.. have the entities of which these departments govern and regulate.. PRIVATIZED. We can't keep 2,000,000 barrels of oil out of the Gulf of Mexico, you really think we're going to get BP to spend X of millions of dollars to be protected against a 1% possibility that's always evolving? Good luck! I'm cheering for you! ..namely because if you succeed, I succeed. ..sorta.. ..sometimes..