This report discusses the proposed Cyber Security Information Act of 2000 (H.R. 4246), which is intended to remove barriers to information sharing between government and private industry in order to better address threats to the nation's critical infrastructure. The concern over cyber threats is well placed. While the explosive growth in interconnectivity has contributed immeasurably to the nation's economy and well being, it also presents significant risks to our nation's computer systems and to the critical operations and infrastructures they support, including telecommunications, finance, power distribution, emergency services, law enforcement, national defense, and other government services. Accordingly, government officials are increasingly concerned about attacks from individuals and groups with malicious intentions, such as terrorists and nations engaging in information warfare. Nevertheless, because the federal government does not own all of our nation's critical infrastructures, it is limited in what it can do to protect these assets, and solutions must be tallored sector by sector, through partnerships with sector representatives that address threats, vulnerabilities, and possible response strategies.

Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000

All critical infrastructures are increasingly dependent on the information infrastructure for information management, communications, and control functions. Protection of the critical information infrastructure (CIIP), therefore, is of prime concern. To help with this step, the National Academy of Engineering asked the NRC to assess the various legal issues associated with CIIP. These issues include incentives and disincentives for information sharing between the public and private sectors, and the role of FOIA and antitrust laws as a barrier or facilitator to progress. The report also provides a preliminary analysis of the role of criminal law, liability law, and the establishment of best practices, in encouraging various stakeholders to secure their computer systems and networks.