U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Critical Infrastructure Protection: Comprehensive Strategy Can Draw on Year 2000 Experiences

NCJ Number
190366
Date Published
1999
Length
55 pages
Annotation
This report summarizes findings on studies of computer security and critical infrastructure protection.
Abstract
The objectives of this report were to summarize recent findings on computer security and critical infrastructure protection and to identify preliminary lessons learned from the Year 2000 date conversion experience that could benefit critical infrastructure protection efforts. Data sources were earlier government studies on computer security and financial statement audits of 24 Federal departments and agencies. The U.S. computer-based critical infrastructures are at increasing risk of severe disruption. Interconnectivity increases the risk that problems affecting one system will also affect other interconnected systems. Government officials are increasingly concerned about attacks by individuals and groups with malicious intentions, such as terrorists and nations engaging in information warfare. These intruders could launch attacks on systems supporting energy distribution, telecommunications, and financial services, to severely damage or disrupt national defense or other operations, resulting in harm to the public welfare. The report suggested factors from the Year 2000 experience that were relevant to longer term critical infrastructure protection and that should be considered when developing a national strategy. These factors included: (1) providing high-level congressional and executive branch leadership; (2) understanding risks to computer-supported operations; (3) providing adequate technical expertise; (4) providing standard guidance; (5) establishing public-private sector relationships; (6) facilitating progress and monitoring performance; (7) developing an incident identification and coordination capability; and (8) implementing fundamental information technology management improvements. Notes, figure, abbreviations, appendixes