vide better communications support to critical government functions during emergencies.4 That provided an important basis for an expanding set of activities associated with national security and emergency preparedness (NS/EP) communications. The rise of the Internet has introduced new elements—systems, applications, and players—into the conceptualization of critical information infrastructure and policy options for its protection.

Issues in the protection of critical information infrastructure were the focus of an October 2001 symposium and subsequent discussions by the Committee on Critical Information Infrastructure Protection and the Law, which form the basis of this report. Twenty-four speakers presented topics ranging from information sharing to legal issues (see Appendix B for the agenda and speakers). The quotations (and attributed ideas) from participants in the symposium that are included in this report illustrate the wide range of perspectives and concerns that complicate policy making when it comes to critical information infrastructure protection (CIIP).


The President’s Commission on Critical Infrastructure Protection (PCCIP) was created in 1996 to assess the physical and cyberthreats to the nation’s critical infrastructures and to develop a strategy to protect them.5 Certain infrastructures—telecommunications, electric power, gas and oil storage and transportation, banking and finance, transportation, water supply, emergency services, and government services—were deemed so critical that their “incapacity or destruction would have a debilitating impact on the defense and economic security”6 of the United States. Box 1.1 provides an overview of the key critical infrastructure protection (CIP) activities over the past several years. Early efforts were dominated by a focus on national security, emergency preparedness, and law enforcement, although from the beginning outreach to industry was attempted. Because of the private ownership of critical infrastructures and the prominence of private parties in the use of these infrastructures, forming public-private partnerships was thought to be one of the keys to CIP progress. The leadership role was assigned to the Critical Infrastructure Assurance Office (CIAO), although its placement within the Department of Commerce (with limited resources and authority) resulted in programs that


Information about the presidential memorandum signed on August 21, 1963, to establish the NCS is available online at <>.


President’s Commission on Critical Infrastructure Protection. 1997. Critical Foundations. Washington, D.C.


Ibid., p. 19.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement