Publication

This paper addresses the protection of infrastructure systems subject to attacks on their information subsystems. The paper develops a conceptual framework, focusing on the types of infrastructure systems, possible strategies for their protection and the nature and scale of the attack. Subsequently, the paper identifies three components of a protection strategy: preventing attacks, limiting the damage in an attack and rapid reconstitution following an attack. The paper concludes with a discussion of public and private responsibilities for infrastructure protection. The paper takes a perspective of minimizing government intervention in privately owned infrastructure systems.