Summary: The nation's computer-based critical infrastructures are at increasing risk of severe disruption. Interconnectivity increases the risk that problems affecting one system will also affect other interconnected systems. Although these problems could be caused by natural disasters, such as earthquakes, and system-inducted problems, such as the Year 2000 conversion problem, government officials are increasingly concerned about attacks from individuals and groups with malicious intentions, such as terrorists and nations engaged in information warfare. Critical systems could be disrupted, sensitive data could be read or copied, and data or processes could be tampered with. A significant concern is that terrorists or hostile foreign states could target critical systems, such as those supporting energy distribution, telecommunications, and financial services, in order to harm the public welfare. The need to strengthen computer security in both government and the private sector has been recognized over the past several years by many groups, including GAO, and several steps have been taken to address the problem. During 1996 and 1997, federal information security was addressed by the President's Commission on Critical Infrastructure Protection, which had been created to investigate the country's vulnerability to both "cyber" and physical threats. A 1998 Presidential directive recognizes that overcoming computer-based threats to the country's critical infrastructures requires new approach involving coordination and cooperation across federal agencies and among public and private sector groups and other nations.
