October 1, 2005
John F. Kennedy School of Government, Harvard University
Protecting infrastructure from calamity has always been important for industry, government, and society. Yet with more activities dependent on computer networks -- from banking and aviation to emergency services -- the reliability and security of information and communication systems against disasters, both natural and man-made, are in doubt. The question of protection is difficult because the majority of critical information infrastructure is privately-owned, interlinked with other firms, and crosses international borders. Evidence suggests there are currently insufficient incentives for protection to be adequately implemented. Companies internalize the costs and hope for the best; governments are loath to regulate lest they do it badly. Indeed, without really knowing the risk profile, it is not even clear what constitutes adequate protection in the first place. And, as always, it poses the question: who should pay? To understand the obstacles for protecting critical information infrastructure and to consider solutions, over 25 experts from industry, government, and academia met for the fifth annual Conference on Information Law and Policy for the Information Economy, organized by Professors Lewis M. Branscomb and Viktor...