Changes: Information technology

Revision as of 06:26, 19 February 2017

“

The newest innovations, which we label information technologies, have begun to alter the manner in which we do business and create value, often in ways not readily foreseeable even five years ago.

”

-- Alan Greenspan Chairman, Federal Reserve Board May 6, 1999, quoted in

The Emerging Digital Economy II, at 1.

Definitions

Information technology is:

“

any system or subsystem of hardware and/or software whose purpose is acquiring, processing, storing or communicating information or data.^[1]

”

“

[a] discrete set of electronic information resources organized for collecting, processing, maintaining, using, sharing, disseminating, or dispositioning information.^[2]

”

“

[t]he art and applied sciences that deal with data and information. Examples are capture, representation, processing, security, transfer, interchange, presentation, management, organization, storage, and retrieval of data and information.^[3]

”

“

[a]ny equipment, or interconnected system(s) or subsystem(s) of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources.^[4]

”

“

[a]ny equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.^[5]

”

“

(A) with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use — (i) of that equipment; or (ii) of that equipment to a significant extent in the performance of a service or the furnishing of a product;

(B) includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but

(C) does not include any equipment acquired by a federal contractor incidental to a federal contract.^[6]

”

Overview

Information technology (IT) is widely recognized as the engine that drives the U.S. economy, giving industry a competitive advantage in global markets, enabling the federal government to provide better services to its citizens, and facilitating greater productivity as a nation. IT is revolutionizing society as profoundly as mechanical technology did in creating the industrial revolution. As a result, we are increasingly dependent for society’s everyday functioning on electronic ways to gather, store, manipulate, retrieve, transmit, and use information.

Information technology has become pervasive in every way — from our phones and other small devices to our enterprise networks to the infrastructure that runs our economy.

The U.S. Government is the world’s largest consumer of information technology, spending over $76 billion annually on more than 10,000 different systems.

Security issues

This increasing dependence on information technology is creating a need to improve the confidentiality and integrity of electronic information, i.e., its security, so that computer and communications systems are less vulnerable to intentional and accidental error or misuse. As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from the disruption or failure of these networks has also increased.

“

An attack involving IT can take different forms. The IT itself can be the target. Or, a terrorist can either launch or exacerbate an attack by exploiting the IT infrastructure, or use IT to interfere with attempts to achieve a timely response. Thus, IT is both a target and a weapon. Likewise, IT also has a major role in counterterrorism — it can prevent, detect, and mitigate terrorist attacks.^[7]

”

"When an element of the IT infrastructure is directly targeted, the goal is to destroy a sufficient amount of IT-based capability to have a significant impact, and the longer that impact persists, the more successful it is from the terrorist's point of view. . . . Irrecoverable loss of critical operating data and essential records on a large scale would likely result in catastrophic and irreversible damage to the U.S. economy. However, most major businesses already have disaster-recovery plans in place that include the backup of their data in a variety of distributed and well-protected locations (and in many cases, they augment backups of data with backup computing and communications facilities)."^[8]

Securing the national critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. The most significant cyberthreats to the nation are fundamentally different from those posed by the “script kiddies” or virus writers who traditionally have plagued Internet users.

Today, the Internet has a significant role in enabling the communications, monitoring, operations, and business systems underlying many of the nation's critical infrastructures. Cyberattacks are increasing in frequency and impact. Adversaries seeking to disrupt the nation's critical infrastructures are driven by different motives and view cyberspace as a possible means to have much greater impact, such as causing harm to people or widespread economic damage.

“

Information technology is the sine qua non of both globalization and power — the locomotive on each track. It is integrating the world economy and spreading freedom, while at the same time becoming increasingly crucial to military and other forms of national power. Information technology thus accounts both for power and the process that softens and smooths power.^[9]

”

Although to date no cyberattack has had a significant impact on our nation's critical infrastructures, previous attacks have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful attack might include serious economic consequences through impacts on major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruptions that impede the response and communication capabilities of first responders in crisis situations.

“

[T]he ways in which IT can be damaged fall into three categories. A system or network can become:

Unavailable. That is, using the system or network at all becomes very difficult or impossible. The e-mail does not go through, or the computer simply freezes, or response time becomes intolerably long.
Corrupted. That is, the system or network continues to operate, but under some circumstances of operation, it does not provide accurate results or information when one would normally expect. Alteration of data, for example, could have this effect.
Compromised. That is, someone with bad intentions gains access to some or all of the capabilities of the system or network or the information available through it. The threat is that such a person could use privileged information or system control to further his or her malign purposes.^[10]

”

References

↑ Final Report of the Defense Science Board Task Force on Department of Defense Policies and Procedures for the Acquisition of Information Technology, at 25.
↑ Cybersecurity A Primer for State Utility Regulators, App. B.
↑ American National Standard Dictionary of Information Technology (ANSDIT).
↑ Executive Office of the President, Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, at 173 (Ver. 1.0) (Nov. 10, 2009) (full-text).
↑ 36 C.F.R. §1194.4.
↑ 40 U.S.C. §1401(3); id. §11101(6).
↑ Information Technology for Counterterrorism: Immediate Actions and Future Possibilities, at 2.
↑ Id. at 16.
↑ David C. Gompert, "Right Makes Might: Freedom and Power in the Information Age" 5 (National Defense Univ. 1998).
↑ Information Technology for Counterterrorism: Immediate Actions and Future Possibilities, at 13.

@@ Line 1: / Line 1: @@
 {{Quote|''The newest innovations, which we label information technologies, have begun to alter the manner in which we do business and create value, often in ways not readily foreseeable even five years ago.''}}
-:::::-- Alan Greenspan Chairman, Federal Reserve Board May 6, 1999, ''quoted in''
+::::::::-- Alan Greenspan Chairman, Federal Reserve Board May 6, 1999, ''quoted in''
-:::::[[The Emerging Digital Economy II]], at 1.
+::::::::[[The Emerging Digital Economy II]], at 1.
 == Definitions ==
@@ Line 9: / Line 9: @@
 {{Quote|any [[system]] or subsystem of [[hardware]] and/or [[software]] whose purpose is [[acquiring]], [[data processing|processing]], [[storing]] or [[communicating]] [[information]] or [[data]].<ref>[[Final Report of the Defense Science Board Task Force on Department of Defense Policies and Procedures for the Acquisition of Information Technology]], at 25.</ref>}}
+{{Quote|[a] discrete set of [[electronic information]] resources organized for [[Information collection|collecting]], [[Data processing|processing]], [[Maintenance|maintaining]], using, [[Information sharing|sharing]], [[Information dissemination|disseminating]], or [[disposition]]ing [[information]].<ref>[[Cybersecurity A Primer for State Utility Regulators]], App. B.</ref>}}
-{{Quote|[a]ny [[equipment]], or [[interconnect]]ed [[system]](s) or [[subsystem]](s) of equipment that is used in the automatic [[data acquisition|acquisition]], [[data storage|storage]], [[manipulation]], [[data management|management]], movement, control, [[display]], [[switching]], [[interchange]], [[data transmission|transmission]], or reception of [[data]] or [[information]] by the agency. For purposes of the preceding sentence, equipment is used by an [[executive agency]] if the equipment is used by the [[executive agency]] directly or is used by a [[contractor]] under a [[contract]] with the [[executive agency]] which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes [[computer]]s, ancillary equipment, [[software]], [[firmware]], and similar procedures, services (including support services), and related resources.<ref>[[Executive Office of the President]], Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, at 173 (Ver. 1.0) (Nov. 10, 2009) ([http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf full-text]).</ref>}}
-{{Quote|[a]ny equipment or [[interconnected]] [[system]] or [[subsystem]] of equipment, that is used in the automatic [[data acquisition|acquisition]], [[data storage|storage]], [[manipulation]], [[data management|management]], movement, control, [[display]], [[switching]], [[interchange]], [[data transmission|transmission]], or reception of [[data]] or [[information]]. The term information technology includes [[computer]]s, ancillary equipment, [[software]], [[firmware]] and similar procedures, services (including support services), and related resources.<ref>36 C.F.R. §1194.4.</ref>}}
+{{Quote|[t]he art and applied sciences that deal with [[data]] and [[information]]. Examples are [[capture]], representation, [[data processing|processing]], [[security]], [[data transfer|transfer]], [[interchange]], presentation, [[data management|management]], organization, [[storage]], and [[Data retrieval|retrieval]] of [[data]] and [[information]].<ref>[[American National Standard Dictionary of Information Technology]] ([[ANSDIT]]).</ref>}}
+{{Quote|[a]ny [[equipment]], or [[interconnect]]ed [[system]](s) or [[subsystem]](s) of equipment that is used in the automatic [[data acquisition|acquisition]], [[data storage|storage]], [[manipulation]], [[data management|management]], movement, control, [[display]], [[switching]], [[interchange]], [[data transmission|transmission]], or [[reception]] of [[data]] or [[information]] by the agency. For purposes of the preceding sentence, equipment is used by an [[executive agency]] if the equipment is used by the [[executive agency]] directly or is used by a [[contractor]] under a [[contract]] with the [[executive agency]] which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes [[computer]]s, ancillary equipment, [[software]], [[firmware]], and similar procedures, services (including support services), and related resources.<ref>[[Executive Office of the President]], Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, at 173 (Ver. 1.0) (Nov. 10, 2009) ([http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf full-text]).</ref>}}
+{{Quote|[a]ny equipment or [[interconnected]] [[system]] or [[subsystem]] of equipment, that is used in the automatic [[data acquisition|acquisition]], [[data storage|storage]], [[manipulation]], [[data management|management]], movement, control, [[display]], [[switching]], [[interchange]], [[data transmission|transmission]], or [[reception]] of [[data]] or [[information]]. The term information technology includes [[computer]]s, ancillary equipment, [[software]], [[firmware]] and similar procedures, services (including support services), and related resources.<ref>36 C.F.R. §1194.4.</ref>}}
 {{Quote|(A) with respect to an executive agency means any [[equipment]] or [[interconnect]]ed [[system]] or [[subsystem]] of equipment, used in the automatic [[data acquisition|acquisition]], [[data storage|storage]], [[data analysis|analysis]], [[evaluation]], [[manipulation]], [[data management|management]], movement, control, [[display]], [[switching]], [[interchange]], [[data transmission|transmission]], or [[reception]] of [[data]] or [[information]] by the executive agency, if the equipment is used by the executive agency directly or is used by a [[contractor]] under a [[contract]] with the executive agency that requires the use &mdash; (i) of that equipment; or (ii) of that equipment to a significant extent in the performance of a service or the furnishing of a product;
@@ Line 29: / Line 33: @@
 == Security issues ==
 This increasing dependence on information technology is creating a need to improve the [[confidentiality]] and [[integrity]] of electronic information, i.e., its [[security]], so that [[computer]] and [[communications system]]s are less [[vulnerable]] to [[intentional]] and accidental error or misuse. As the [[critical infrastructure]]s of the United States have become more and more dependent on public and private [[network]]s, the potential for widespread national impact resulting from the [[disruption]] or failure of these [[network]]s has also increased.
+{{Quote|An [[attack]] involving IT can take different forms. The IT itself can be the [[target]]. Or, a [[terrorist]] can either launch or exacerbate an [[attack]] by [[exploit]]ing the IT [[infrastructure]], or use IT to interfere with attempts to achieve a timely response. Thus, IT is both a [[target]] and a weapon. Likewise, IT also has a major role in [[counterterrorism]] &mdash; it can prevent, [[detect]], and [[mitigate]] [[terrorist attack]]s.<ref>[[Information Technology for Counterterrorism: Immediate Actions and Future Possibilities]], at 2.</ref>}}
+"When an element of the [[IT infrastructure]] is directly targeted, the goal is to destroy a sufficient amount of [[IT]]-based capability to have a significant impact, and the longer that impact persists, the more successful it is from the [[terrorist]]'s point of view. . . . Irrecoverable loss of critical operating [[data]] and essential [[record]]s on a large scale would likely result in catastrophic and irreversible damage to the U.S. economy. However, most major businesses already have [[disaster-recovery plan]]s in place that include the [[backup]] of their [[data]] in a variety of distributed and well-protected locations (and in many cases, they augment [[backup]]s of [[data]] with [[backup]] [[computing]] and [[communications]] facilities)."<ref>''Id.'' at 16.</ref>
 Securing the national [[critical infrastructure]]s requires protecting not only their physical systems but, just as important, the [[cyber]] portions of the [[system]]s on which they rely. The most significant [[cyberthreat]]s to the nation are fundamentally different from those posed by the “[[script kiddie]]s” or [[virus]] writers who traditionally have plagued [[Internet user]]s.
-Today, the [[Internet]] has a significant role in enabling the [[communication]]s, [[monitor]]ing, operations, and business [[system]]s underlying many of the nation’s [[critical infrastructure]]s. [[Cyberattack]]s are increasing in frequency and impact. [[Adversaries]] seeking to [[disrupt]] the nation’s [[critical infrastructure]]s are driven by different motives and view [[cyberspace]] as a possible means to have much greater impact, such as causing harm to people or widespread [[economic damage]].
+Today, the [[Internet]] has a significant role in enabling the [[communication]]s, [[monitor]]ing, operations, and business [[system]]s underlying many of the nation's [[critical infrastructure]]s. [[Cyberattack]]s are increasing in frequency and impact. [[Adversaries]] seeking to [[disrupt]] the nation's [[critical infrastructure]]s are driven by different motives and view [[cyberspace]] as a possible means to have much greater impact, such as causing harm to people or widespread [[economic damage]].
+{{Quote|Information technology is the sine qua non of both [[globalization]] and power &mdash; the locomotive on each track. It is integrating the world economy and spreading freedom, while at the same time becoming increasingly crucial to military and other forms of national power. Information technology thus accounts both for power and the [[process]] that softens and smooths power.<ref> David C. Gompert, "Right Makes Might: Freedom and Power in the Information Age" 5 (National Defense Univ. 1998).</ref>}}
+Although to date no [[cyberattack]] has had a significant impact on our nation's [[critical infrastructure]]s, previous [[attack]]s have demonstrated that extensive [[vulnerabilities]] exist in [[information system]]s and [[network]]s, with the potential for serious damage. The effects of a successful [[attack]] might include serious economic consequences through impacts on major economic and industrial sectors, threats to [[infrastructure]] elements such as electric power, and [[disruption]]s that impede the response and [[communication]] capabilities of [[first responder]]s in crisis situations.
+{{Quote|[T]he ways in which IT can be damaged fall into three categories. A [[system]] or [[network]] can become:
-Although to date no [[cyberattack]] has had a significant impact on our nation’s [[critical infrastructure]]s, previous [[attack]]s have demonstrated that extensive [[vulnerabilities]] exist in [[information system]]s and [[network]]s, with the potential for serious damage. The effects of a successful [[attack]] might include serious economic consequences through impacts on major economic and industrial sectors, threats to [[infrastructure]] elements such as electric power, and [[disruption]]s that impede the response and [[communication]] capabilities of [[first responder]]s in crisis situations.
+* '''Unavailable.''' That is, using the [[system]] or [[network]] at all becomes very difficult or impossible. The [[e-mail]] does not go through, or the [[computer]] simply [[freeze]]s, or response time becomes intolerably long.
+* '''Corrupted.''' That is, the [[system]] or [[network]] continues to operate, but under some circumstances of operation, it does not provide accurate results or [[information]] when one would normally expect. Alteration of [[data]], for example, could have this effect.
+* '''Compromised.''' That is, someone with bad intentions gains [[access]] to some or all of the capabilities of the [[system]] or [[network]] or the [[information]] available through it. The [[threat]] is that such a person could use [[privileged information]] or [[system control]] to further his or her malign purposes.<ref>[[Information Technology for Counterterrorism: Immediate Actions and Future Possibilities]], at 13.</ref>}}
 ==References==
@@ Line 42: / Line 57: @@
 == See also ==
-<div style="column-count:2;-moz-column-count:2;">
+<div style="{{column-count|2}}">
+* [[Electronic and information technology]]
 * [[Geospatial information technology]]
 * [[Health information technology]]
+* [[Information and communication technologies]]
 * [[Information Technologies for the Control of Money Laundering]]
 * [[Information Technology Agreement]]
@@ Line 65: / Line 82: @@
 * [[Information Technology Sector Baseline Risk Assessment]]
 * [[Information Technology Sector Coordinating Council]]
+* [[Information Technology Sector-Specific Plan]]
 * [[Information technology security]]
 * [[Information technology system]]