Executive Office of the President, Office of Science and Technology Policy, Cybernation: The American Infrastructure in the Information Age: A Technical Primer on Risks and Reliability (Apr. 1, 1997) (full-text).
This report seeks to promote a common understanding of the network [reliability]] challenge in the technical and policy communities in private industry, public utilities, and government at ail levels. The efforts of these diverse players will be necessary to effectively respond to this long-term challenge.
The automation — or cybernation — of the domestic infrastructure of the United States, in the transportation, finance, energy, and telecommunications sectors, which has been building for decades, has accelerated dramatically in recent years as advances in computers and information networks open up new possibilities for improved service, lower cost, and greater efficiency. As a result, the United States has become a wired nation, a condition with implications that are not fully understood.
The importance to the nation of infrastructure services makes attention to the reliability of their underlying information networks a necessity. The question is whether the marketplace will adequately anticipate and mitigate reliability deficiencies, or whether the nation will have to endure a major infrastructure problem in order to mobilize and act.
The infrastructure of the United States has historically been very reliable. For most Americans, infrastructure disruptions have been more a nuisance than a nightmare. However, nothing guarantees that future disruptions will be similarly limited in national impact as past disruptions.
- Infrastructure services are becoming increasingly dependent on complex information networks which are potentially vulnerable to failure or disruption.
- The business environment is changing with deregulation, downsizing, increasing competition, and the entry of new companies into the market for providing infrastructure services.
- Infrastructure information networks are potentially becoming more accessible even as computer intrusions, already quite common, become increasingly sophisticated.
Network failures can be classified in terms of their causes and the mechanisms by which they are manifested.
- Causes range from natural phenomena such as weather, natural disasters, and other acts of God to deliberate destructive acts by persons intent on doing damage.
- Mechanisms range from chain reactions, in which small faults propagate and result in widespread disruptions, to the direct, independent failure of key components that in themselves represent major disruptions.
From a technical standpoint, it is not practical to focus exclusively on any one reliability threat. Like the interactions of prescription drugs, the remedy for one problem can interfere with the remedy for another. A holistic methodology for making the unavoidable tradeoffs is called for.
- Develop an analytical understanding of the specific reliability, vulnerability, and threat environment.
- Establish a system engineering process which treats reliability as a primary parameter.
- Maintain constant vigilance and continual learning to enhance reliability.
Neither the private sector nor the government can completely address infrastructure reliability alone. Developing consensus on the problem, as well as finding effective long term solutions, will require the sustained engagement of industry, utilities, the public, and government at all levels.
Areas for increased public policy attention include:
- Achieving consensus on what the minimum levels of reliability should be, what the threats are, what risks are acceptable, what protective measures should be taken, and how the costs should be met.
- Enhancing government/industry cooperation for identifying and characterizing reliability challenges, from weather and natural disaster prediction to intelligence collection on the threat of hostile attack.
- Focusing government and industry on the joint development of technical standards and methods to measure and certify reliability.
- Enhancing Federal/State government interaction to ensure consistent and appropriate attention is placed on infrastructure reliability. Defining the government research and development investment portfolio for network reliability. Working with other countries to develop compatible international legal regimes in cyberspace. Clarifying missions, responsibilities, and authorities of Federal Departments and Agencies in cyberspace.