| As the Y2K, Yahoo/EBay, and countless examples of hackers and viruses attest, the information infrastructure system is extremely vulnerable. The United States is dependent upon the data this infrastructure provides for virtually every aspect of our modern life, to include the nations national security. Although the federal government was first warned about these risks in 1992 by several federally sponsored studies, has acknowledged the risk in its National Security Strategy since 1995, and was advised of the interconnected risks to the other civil infrastructures by a federally sponsored panel in 1996, no comprehensive federal information infrastructure security policy existed until after 2000. This research demonstrates that no policy existed because of the inherent complexity of the problem itself: the network structure of the IT system, pervasive software defects, and a rush-to-market mentality by IT producers. However, much of the problem lies with the organization and commitment of the federal government to address the problem: six competing policymaking processes with responsibility to produce national security IT policy and a relative paucity of funds spent on both security for the system and for security R&D. |
