U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Information Assurance and Critical Infrastructure Protection

NCJ Number
194518
Date Published
2001
Length
7 pages
Annotation
This document describes the recent increase of the number and sophistication of attacks on information infrastructure in the last decade and provides recommendations to overcome this problem.
Abstract
Security breaches, theft of proprietary information, privacy risk, financial fraud, and sabotage of data or networks are emerging threats in the new information age. Governments and businesses often overlook the risks associated with electronic systems and have not made sufficient investment in information assurance products and services. Information Assurance (IA) is the information operations that protect and defend information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Engineering practices and technology cannot produce systems that are totally immune to attack, but risks can be reduced. Most network and system operators don’t have the technical expertise or resources to defend against attacks and minimize damage. Information security and critical infrastructure protection practices and policies are underdeveloped, poorly disseminated, and erratically followed. Some recommendations for government action are made to overcome these shortcomings. The first is to fund demonstration programs on several of the infrastructure domains such as air traffic control, power grid, telecommunications, banking, and medical and emergency services. Second, research and development programs should be funded to address the key issues as identified annually by key government councils such as the Chief Information Officers (CIO) Council. The third recommendation is to identify, support, and reward internal and cross-agency initiatives to build a stronger Federal security infrastructure and adequately “capitalize” this effort. The fourth is to foster cooperative research with allies and coalition partners.