The IT Law Wiki
Register
Advertisement
The newest innovations, which we label information technologies, have begun to alter the manner in which we do business and create value, often in ways not readily foreseeable even five years ago.
-- Alan Greenspan Chairman, Federal Reserve Board May 6, 1999, quoted in
The Emerging Digital Economy II, at 1.

Definitions[]

Information technology is:

any system or subsystem of hardware and/or software whose purpose is acquiring, processing, storing or communicating information or data.[1]
[a] discrete set of electronic information resources organized for collecting, processing, maintaining, using, sharing, disseminating, or dispositioning information.[2]
[t]he art and applied sciences that deal with data and information. Examples are capture, representation, processing, security, transfer, interchange, presentation, management, organization, storage, and retrieval of data and information.[3]
[a]ny equipment, or interconnected system(s) or subsystem(s) of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources.[4]
[a]ny equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.[5]
(A) with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use — (i) of that equipment; or (ii) of that equipment to a significant extent in the performance of a service or the furnishing of a product;

(B) includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but

(C) does not include any equipment acquired by a federal contractor incidental to a federal contract.[6]

Overview[]

Information technology (IT) is widely recognized as the engine that drives the U.S. economy, giving industry a competitive advantage in global markets, enabling the federal government to provide better services to its citizens, and facilitating greater productivity as a nation. IT is revolutionizing society as profoundly as mechanical technology did in creating the industrial revolution. As a result, we are increasingly dependent for society’s everyday functioning on electronic ways to gather, store, manipulate, retrieve, transmit, and use information.

Information technology has become pervasive in every way — from our phones and other small devices to our enterprise networks to the infrastructure that runs our economy.

The U.S. Government is the world’s largest consumer of information technology, spending over $76 billion annually on more than 10,000 different systems.

Security issues[]

This increasing dependence on information technology is creating a need to improve the confidentiality and integrity of electronic information, i.e., its security, so that computer and communications systems are less vulnerable to intentional and accidental error or misuse. As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from the disruption or failure of these networks has also increased.

An attack involving IT can take different forms. The IT itself can be the target. Or, a terrorist can either launch or exacerbate an attack by exploiting the IT infrastructure, or use IT to interfere with attempts to achieve a timely response. Thus, IT is both a target and a weapon. Likewise, IT also has a major role in counterterrorism — it can prevent, detect, and mitigate terrorist attacks.[7]

"When an element of the IT infrastructure is directly targeted, the goal is to destroy a sufficient amount of IT-based capability to have a significant impact, and the longer that impact persists, the more successful it is from the terrorist's point of view. . . . Irrecoverable loss of critical operating data and essential records on a large scale would likely result in catastrophic and irreversible damage to the U.S. economy. However, most major businesses already have disaster-recovery plans in place that include the backup of their data in a variety of distributed and well-protected locations (and in many cases, they augment backups of data with backup computing and communications facilities)."[8]

Securing the national critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. The most significant cyberthreats to the nation are fundamentally different from those posed by the “script kiddies” or virus writers who traditionally have plagued Internet users.

Today, the Internet has a significant role in enabling the communications, monitoring, operations, and business systems underlying many of the nation's critical infrastructures. Cyberattacks are increasing in frequency and impact. Adversaries seeking to disrupt the nation's critical infrastructures are driven by different motives and view cyberspace as a possible means to have much greater impact, such as causing harm to people or widespread economic damage.

Information technology is the sine qua non of both globalization and power — the locomotive on each track. It is integrating the world economy and spreading freedom, while at the same time becoming increasingly crucial to military and other forms of national power. Information technology thus accounts both for power and the process that softens and smooths power.[9]

Although to date no cyberattack has had a significant impact on our nation's critical infrastructures, previous attacks have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful attack might include serious economic consequences through impacts on major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruptions that impede the response and communication capabilities of first responders in crisis situations.

[T]he ways in which IT can be damaged fall into three categories. A system or network can become:
  • Unavailable. That is, using the system or network at all becomes very difficult or impossible. The e-mail does not go through, or the computer simply freezes, or response time becomes intolerably long.
  • Corrupted. That is, the system or network continues to operate, but under some circumstances of operation, it does not provide accurate results or information when one would normally expect. Alteration of data, for example, could have this effect.
  • Compromised. That is, someone with bad intentions gains access to some or all of the capabilities of the system or network or the information available through it. The threat is that such a person could use privileged information or system control to further his or her malign purposes.[10]

References[]

  1. Final Report of the Defense Science Board Task Force on Department of Defense Policies and Procedures for the Acquisition of Information Technology, at 25.
  2. Cybersecurity A Primer for State Utility Regulators, App. B.
  3. American National Standard Dictionary of Information Technology (ANSDIT); NISTIR 8074, Vol. 2, Annex A, at 41.
  4. Executive Office of the President, Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, at 173 (Ver. 1.0) (Nov. 10, 2009) (full-text).
  5. 36 C.F.R. §1194.4.
  6. 40 U.S.C. §1401(3); id. §11101(6).
  7. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities, at 2.
  8. Id. at 16.
  9. David C. Gompert, "Right Makes Might: Freedom and Power in the Information Age" 5 (National Defense Univ. 1998).
  10. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities, at 13.

See also[]

Advertisement