National Academies Press: OpenBook
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

Critical Information Infrastructure Protection and the Law

AN OVERVIEW OF KEY ISSUES

Committee on Critical Information Infrastructure Protection and the Law

Computer Science and Telecommunications Board

NATIONAL ACADEMY OF ENGINEERING

NATIONAL RESEARCLH COUNCIL OF THE NATIONAL ACADEMIES

Stewart D. Personick and Cynthia A. Patterson, Editors

THE NATIONAL ACADEMIES PRESS
Washington, D.C. www.nap.edu

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

THE NATIONAL ACADEMIES PRESS
500 Fifth Street, N.W. Washington, DC 20001

NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.

Support for this project was provided by the National Academy of Engineering. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsor.

International Standard Book Number 0-309-08878-X (book)

International Standard Book Number 0-309-50637-9 (PDF)

Copies of this report are available from the
National Academies Press,
500 Fifth Street, N.W., Lockbox 285, Washington, D.C.20055, (800) 624-6242 or (202) 334-3313 in the Washington metropolitan area. Internet, http://www.nap.edu

Copyright 2003 by the National Academy of Sciences. All rights reserved.

Printed in the United States of America

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

THE NATIONAL ACADEMIES

Advisers to the Nation on Science, Engineering, and Medicine

The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Bruce M. Alberts is president of the National Academy of Sciences.

The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Wm. A. Wulf is president of the National Academy of Engineering.

The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine.

The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce M. Alberts and Dr. Wm. A. Wulf are chair and vice chair, respectively, of the National Research Council.

www.national-academies.org

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

COMMITTEE ON CRITICAL INFORMATION INFRASTRUCTURE PROTECTION AND THE LAW

STEWART D. PERSONICK,

Drexel University,

Chair

MICHAEL COLLINS,

Lockheed Martin

WILLIAM J. COOK,

Freeborn & Peters

DEBORAH HURLEY,

Harvard University

DANIEL SCHUTZER,

Emerging Technologies, Citigroup

W. DAVID SINCOSKIE,

Telcordia Technologies

RICHARD R. VERMA,

Council on Foreign Relations

MARC J. ZWILLINGER,

Sonnenschein Nath & Rosenthal

Staff

CYNTHIA A. PATTERSON, Study Director and Program Officer

MARJORY S. BLUMENTHAL, Director

D.C. DRAKE, Senior Project Assistant

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

DAVID D. CLARK,

Massachusetts Institute of Technology,

Chair

ERIC BENHAMOU,

3Com Corporation

DAVID BORTH,

Motorola Labs

JOHN M. CIOFFI,

Stanford University

ELAINE COHEN,

University of Utah

W. BRUCE CROFT,

University of Massachusetts at Amherst

THOMAS E. DARCIE,

University of Victoria

JOSEPH FARRELL,

University of California at Berkeley

JOAN FEIGENBAUM,

Yale University

WENDY KELLOGG,

IBM Thomas J. Watson Research Center

BUTLER W. LAMPSON,

Microsoft Corporation

DAVID LIDDLE,

U.S. Venture Partners

TOM M. MITCHELL,

Carnegie Mellon University

HECTOR GARCIA MOLINA,

Stanford University

DAVID A. PATTERSON,

University of California at Berkeley

HENRY (HANK) PERRITT,

Chicago-Kent College of Law

DANIEL PIKE,

GCI Cable and Entertainment

ERIC SCHMIDT,

Google, Inc.

FRED SCHNEIDER,

Cornell University

BURTON SMITH,

Cray Inc.

LEE SPROULL,

New York University

WILLIAM STEAD,

Vanderbilt University

JEANNETTE M. WING,

Carnegie Mellon University

MARJORY S. BLUMENTHAL, Executive Director

KRISTEN BATCH, Research Associate

JENNIFER BISHOP, Senior Project Assistant

JANET BRISCOE, Administrative Officer

DAVID DRAKE, Senior Project Assistant

JON EISENBERG, Senior Program Officer

RENEE HAWKINS, Financial Associate

PHIL HILLIARD, Research Associate

MARGARET MARSH HUYNH, Senior Project Assistant

ALAN S. INOUYE, Senior Program Officer

HERBERT S. LIN, Senior Scientist

LYNETTE I. MILLETT, Program Officer

DAVID PADGHAM, Research Associate

CYNTHIA A. PATTERSON, Program Officer

JANICE SABUDA, Senior Project Assistant

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

BRANDYE WILLIAMS, Staff Assistant

STEVEN WOO, Dissemination Officer

For more information on CSTB, see its Web site at <http://www.cstb.org>; write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20418; call at (202) 334-2605; or e-mail the CSTB at cstb@nas.edu.

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

NATIONAL ACADEMY OF ENGINEERING PROGRAM COMMITTEE

PETER STAUDHAMMER,

TRW Inc.,

Chair

RODICA A. BARANESCU,

International Truck & Engine Corporation

CORALE L. BRIERLEY,

Brierley Consultancy LLC

PALLAB K. CHATTERJEE,

i2 Technologies

WOODIE C. FLOWERS,

Massachusetts Institute of Technology

GORDON E. FORWARD,

TXI

RENATO FUCHS,

Transkaryotic Therapies, Inc.

MARTIN E. GLICKSMAN,

Rensselaer Polytechnic Institute

THOMAS E. GRAEDEL,

Yale University

BRUCE HAJEK,

University of Illinois

GEORGE M. HORNBERGER,

University of Virginia

KENNETH H. KELLER,

University of Minnesota

MARGARET A. LEMONE,

National Center for Atmospheric Research

RICHARD J. LIPTON,

Georgia Institute of Technology

EUGENE MEIERAN,

Intel Corporation

FREDERICK G. POHLAND,

University of Pittsburgh

C. PAUL ROBINSON,

Sandia National Laboratories

FRIEDER SEIBLE,

University of California, San Diego

LAURENCE C. SEIFERT,

AT&T Corporation

CHRIS G. WHIPPLE,

Environ, Inc.

Ex Officio Members

GEORGE M.C. FISHER,

Eastman Kodak Company,

NAE Chair

SHEILA WIDNALL,

Massachusetts Institute of Technology,

NAE Vice President

WM. A. WULF,

National Academy of Engineering,

President

Staff

PROCTOR REID,

National Academy of Engineering,

Associate Director,

Program Office

JACK FRITZ,

National Academy of Engineering,

Senior Program Officer,

Program Office

Page viii Cite
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
This page in the original is blank.
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

PREFACE

Critical infrastructure protection emerged as a national concern in the late 1990s. The establishment in 1996 of the President’s Commission on Critical Infrastructure Protection (PCCIP), its 1997 report Critical Foundations: Protecting America’s Infrastructures, and the issuance in 1998 of Presidential Decision Directive 63 and the establishment of the Critical Infrastructure Assurance Office (CIAO) promoted awareness of critical infrastructure issues. Among the many forms of critical infrastructure—such as transportation, energy, and water—the information infrastructure, which combines computing and communications systems, stands out as important in its own right and as a crosscutting factor in all other infrastructures. Like power, information infrastructure is a critical infrastructure that all other critical infrastructures depend upon. The Bush administration’s review of critical infrastructure protection activities, the tragic events of September 11, and the new national focus on homeland security in general (and cyberterrorism in particular) signal a need for broader reflection, as well as action, on these issues. Progress, however, will require the development of a clear legal framework, in addition to focusing on the technology and current business practices in the public and private sectors.

The National Academy of Engineering asked the Computer Science and Telecommunications Board to organize a symposium to illuminate the range of legal issues and the range of perspectives on issues associated with protection of the critical information infrastructure. CSTB convened the Committee on Critical Information Infrastructure Protection

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

and the Law (see Appendix A for committee biographies) to undertake the project, asking it to focus on information sharing and liability. While previous CSTB efforts addressed technical, procedural, and policy aspects of [information] security and crisis management, this project emphasizes the role of the law as a barrier to or a facilitator of progress.

The committee met in June 2001 to plan a 2-day symposium, which was held October 22-23, 2001 (the agenda is listed in Appendix B). The committee met again in December 2001 to plan the structure and format of this summary report, which evolved through the end of 2002.

The attacks of September 11, 2001, had a major impact on this project. The tragic events forced some expected participants to cancel their travel, while other initially reluctant parties became willing to participate. The subject matter of the symposium became even more relevant to participants who were not speakers, and the tone and subject matter of presentations and discussions were tailored to and colored by the attacks. As a result, the symposium was larger than anticipated. The discussions were less abstract or hypothetical and more rooted in various realities. Concerns that were expressed at the symposium about issues such as privacy rights and the legal and business risks of sharing information appeared to some committee members to be surprisingly muted. Law enforcement representatives at the symposium expressed a surprising willingness to share information in ways that might impair their ability to prosecute suspected criminals and terrorists, in exchange for improving the ability of the broader community to prevent attacks. The committee does not know if this is a short-lived, politically correct retrenchment or a permanent shift to a new balance of the trade-offs associated with these complex issues.

Meanwhile, responses to September 11 continued to unfold throughout the period in which this report was drafted, greatly complicating the task of describing contemporary conditions and prospects. The dynamism of the situation would make any report with concrete recommendations obsolete before it was published. Against this backdrop, the committee chose to highlight enduring observations, focusing on two issues that could potentially facilitate critical information infrastructure protection efforts—information sharing and the liability of unsecured systems and networks. The committee sought to summarize the debate surrounding use of the Freedom of Information Act (FOIA), antitrust, and liability laws that lie at the heart of critical information infrastructure protection, attempting to maintain that focus in the face of substantial blurring between those issues and the larger set of homeland security issues facing the country. The content of this report reflects the issues identified at the symposium and during subsequent deliberations by the committee. The value of the

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

report lies in its integration of a very diverse set of perspectives to provide a roadmap and stimulus for future more focused and in-depth inquiries.

The committee is particularly grateful to Wm. A. Wulf, whose commitment to addressing the problems posed by critical infrastructure protection (CIP) and whose recognition that the law presents challenges and opportunities in that arena helped to shape this project. His engagement with members of the National Academy of Engineering (NAE), among them John Harris, and with its program committee provided most of the project’s funding.

The committee thanks the symposium participants (see Appendix B for a list of speakers) as well as the many people who responded to its requests for briefings and discussions. Lee Zeichner and Timothy Nagle provided informed discussion on how to frame the project. The committee appreciates the thoughtful comments received from the reviewers of this report. These comments were instrumental in helping the committee to sharpen and improve the report.

The chairman and the entire committee wish to express their deep appreciation for the herculean efforts of the study director, Cynthia Patterson, and the project assistant, David Drake, who performed the lion’s share of the work required to organize and run the symposium, to create this report, and to shepherd it through the necessary review and revision processes. We would also like to express our deep appreciation for the guidance, leadership, encouragement, and advice provided to us by Marjory Blumenthal, the director of the Computer Science and Telecommunications Board of the NRC.

Stewart D. Personick, Chair

Committee on Critical Information Infrastructure Protection and the Law

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
This page in the original is blank.
Page xiii Cite
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

ACKNOWLEDGMENT OF REVIEWERS

This report was reviewed by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s (NRC’s) Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the authors and the NRC in making the published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The contents of the review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their participation in the review of this report:

Kent Alexander, Emory University;

David A. Balto, White & Case LLP;

Stanley M. Besen, Charles River Associates;

Nicholas M. Donofrio, IBM Corporation;

Marc D. Goodman, Decision Strategies;

John C. Klensin, AT&T Labs;

David J. Loundy, DePaul University College of Commerce;

Alan B. Morrison, Stanford Law School;

Robert Murphy, Congressional Budget Office;

Debra Pearlstein, Weil, Gotshal & Manges LLP;

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×

Abraham D. Sofaer, Stanford University; and

Suzanne Spaulding, American Bar Association’s Standing Committee on Law and National Security.

Although the reviewers listed above provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by Chris Sprigman of King & Spalding LLP. Appointed by the National Research Council, he was responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.

Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R1
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R2
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R3
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R4
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R5
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R6
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R7
Page viii Cite
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R8
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R9
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R10
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R11
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R12
Page xiii Cite
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R13
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R14
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R15
Suggested Citation:"Front Matter." National Research Council and National Academy of Engineering. 2003. Critical Information Infrastructure Protection and the Law: An Overview of Key Issues. Washington, DC: The National Academies Press. doi: 10.17226/10685.
×
Page R16
Next: Executive Summary »
Critical Information Infrastructure Protection and the Law: An Overview of Key Issues Get This Book
×
Buy Paperback | $45.00 Buy Ebook | $35.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

All critical infrastructures are increasingly dependent on the information infrastructure for information management, communications, and control functions. Protection of the critical information infrastructure (CIIP), therefore, is of prime concern. To help with this step, the National Academy of Engineering asked the NRC to assess the various legal issues associated with CIIP. These issues include incentives and disincentives for information sharing between the public and private sectors, and the role of FOIA and antitrust laws as a barrier or facilitator to progress. The report also provides a preliminary analysis of the role of criminal law, liability law, and the establishment of best practices, in encouraging various stakeholders to secure their computer systems and networks.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!