The National Strategy to Secure Cyberspace: Difference between revisions
| Line 25: | Line 25: | ||
* Minimize damage and recovery time from cyber attacks that do occur. | * Minimize damage and recovery time from cyber attacks that do occur. | ||
===Threat and Vulnerability=== | ===Threat and Vulnerability=== | ||
Our economy and national security are fully | |||
dependent upon information technology and | |||
the information infrastructure. At the core of | |||
the information infrastructure upon which we | |||
depend is the Internet, a system originally | |||
designed to share unclassified research among | |||
scientists who were assumed to be uninterested | |||
in abusing the network. It is that same Internet | |||
that today connects millions of other computer | |||
networks making most of the nation’s essential | |||
services and infrastructures work. These | |||
computer networks also control physical objects | |||
such as electrical transformers, trains, pipeline | |||
pumps, chemical vats, radars, and stock | |||
markets, all of which exist beyond cyberspace. | |||
A spectrum of malicious actors can and do | |||
conduct attacks against our critical information | |||
infrastructures. Of primary concern is the threat | |||
of organized cyber attacks capable of causing | |||
debilitating disruption to our Nation’s critical | |||
infrastructures, economy, or national security. | |||
The required technical sophistication to carry | |||
out such an attack is high—and partially | |||
explains the lack of a debilitating attack to date. | |||
We should not, however, be too sanguine. There | |||
have been instances where organized attackers | |||
have exploited vulnerabilities that may be | |||
indicative of more destructive capabilities. | |||
Uncertainties exist as to the intent and full | |||
technical capabilities of several observed | |||
attacks. Enhanced cyber threat analysis is | |||
needed to address long-term trends related to | |||
threats and vulnerabilities.What is known is | |||
that the attack tools and methodologies are | |||
becoming widely available, and the technical | |||
capability and sophistication of users bent on | |||
causing havoc or disruption is improving. | |||
In peacetime America’s enemies may conduct | |||
espionage on our Government, university | |||
research centers, and private companies. They | |||
may also seek to prepare for cyber strikes during | |||
a confrontation by mapping U.S. information | |||
systems, identifying key targets, and lacing our | |||
infrastructure with back doors and other means | |||
of access. In wartime or crisis, adversaries may | |||
seek to intimidate the Nation’s political leaders | |||
by attacking critical infrastructures and key | |||
economic functions or eroding public confidence | |||
in information systems. | |||
Cyber attacks on United States information | |||
networks can have serious consequences such as | |||
disrupting critical operations, causing loss of | |||
revenue and intellectual property, or loss of life. | |||
Countering such attacks requires the development | |||
of robust capabilities where they do not | |||
exist today if we are to reduce vulnerabilities | |||
and deter those with the capabilities and intent | |||
to harm our critical infrastructures. | |||
===The Government Role in Securing Cyberspace=== | |||
==Additional Notes and Highlights== | ==Additional Notes and Highlights== | ||
Revision as of 14:26, 8 September 2010
Full Title of Reference
The National Strategy to Secure Cyberspace
Full Citation
Executive Office of the President of the U.S., The National Strategy to Secure Cyberspace (2003). Online Paper. Web
Categorization
- Resource by Type: US Government Reports and Documents
Key Words
Synopsis
Strategic Objectives
Consistent with the National Strategy for Homeland Security, the strategic objectives of this National Strategy to Secure Cyberspace are to:
- Prevent cyber attacks against America’s critical infrastructures;
- Reduce national vulnerability to cyber attacks; and
- Minimize damage and recovery time from cyber attacks that do occur.
Threat and Vulnerability
Our economy and national security are fully dependent upon information technology and the information infrastructure. At the core of the information infrastructure upon which we depend is the Internet, a system originally designed to share unclassified research among scientists who were assumed to be uninterested in abusing the network. It is that same Internet that today connects millions of other computer networks making most of the nation’s essential services and infrastructures work. These computer networks also control physical objects such as electrical transformers, trains, pipeline pumps, chemical vats, radars, and stock markets, all of which exist beyond cyberspace.
A spectrum of malicious actors can and do conduct attacks against our critical information infrastructures. Of primary concern is the threat of organized cyber attacks capable of causing debilitating disruption to our Nation’s critical infrastructures, economy, or national security. The required technical sophistication to carry out such an attack is high—and partially explains the lack of a debilitating attack to date. We should not, however, be too sanguine. There have been instances where organized attackers have exploited vulnerabilities that may be indicative of more destructive capabilities.
Uncertainties exist as to the intent and full technical capabilities of several observed attacks. Enhanced cyber threat analysis is needed to address long-term trends related to threats and vulnerabilities.What is known is that the attack tools and methodologies are becoming widely available, and the technical capability and sophistication of users bent on causing havoc or disruption is improving. In peacetime America’s enemies may conduct espionage on our Government, university research centers, and private companies. They may also seek to prepare for cyber strikes during a confrontation by mapping U.S. information systems, identifying key targets, and lacing our infrastructure with back doors and other means of access. In wartime or crisis, adversaries may seek to intimidate the Nation’s political leaders by attacking critical infrastructures and key economic functions or eroding public confidence in information systems.
Cyber attacks on United States information networks can have serious consequences such as disrupting critical operations, causing loss of revenue and intellectual property, or loss of life. Countering such attacks requires the development of robust capabilities where they do not exist today if we are to reduce vulnerabilities and deter those with the capabilities and intent to harm our critical infrastructures.