and financial institutions.22 Large and small companies alike rely on computers to manage payroll, track inventory and sales, and perform research and development. Every stage of the distribution of food and energy relies on IT. Western societies have spent years building this information infrastructure in ways that are interoperable, easy to access, and easy to use.23 Yet this open philosophy is also the Achilles heel of the system.
Protecting an information infrastructure is an even more difficult proposition than securing all of a nation’s ports or power plants simultaneously against unwanted intruders. An analogy to locating a cyber attacker amidst all the normal transborder data flows would be like picking out a single person with more luggage than usual from the thousands of passengers that pass through JFK Airport daily. Or instead of a single person, being alert to more Polish citizens than normal, though it is unclear exactly why they are there, if they are even really Polish, and what their intentions are. As computer systems become more prevalent, sophisticated, and interconnected, society is becoming increasingly vulnerable to poor system design, accidents, and cyber attacks. The global reach and interconnection of computer networks multiplies these system vulnerabilities.24
The U.S. Response to the Global Threat of Cyber Attacks
The scale and importance of IW both as an offensive weapon and defensive quagmire is highlighted by the President’s Commission on Critical Infrastructure Protection. The report noted that in 2002, 19 million individuals had the knowledge
22 IT has four major elements: (1) the Internet; (2) the conventional telecommunications infrastructure; (3) embedded/real-time computing; and (4) dedicate computing devices. The ways in which IT can be damaged falls into three categories: (a) network unavailable; (b) network corrupted (does not provide accurate results or information when one would normally expect); (c) network compromised (person has gained privileged information for malign purposes). Id.
23 Joyner, supra note 15 at 865.
24 Computers at Risk: Safe Computing in the Information Age, National Research Council, 1991.