This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an . . .
This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an overview of national security law in the United States as it pertains to information security.

It is easy to think of "national security" as meaning the security provided by military and intelligence gathering capabilities, and in certain specific legal contexts, that specific definition is both accurate and complete [1]. But as the threat of terrorism became clear, even before the attacks of September 11, 2001 national security came to mean, in additional to national defense, the protection of the public and private sector facilities essential to delivering the goods and services that maintain the quality of life in the United States, or as officially defined, the nation's "critical infrastructure." [2] Executive Order No. 13231 [3] , entitled, Critical Infrastructure Protection in the Information Age, issued by the President five weeks after the September 11, 2001 attacks, addressed itself to the information technology systems that form part of the nations' critical infrastructure. The Executive Order noted that information technology had "changed the way business is transacted, government operates, and national defense is conducted. Those three functions now depend on an interdependent network of critical information infrastructures." The order went on to authorize "continuous efforts to secure information systems for critical infrastructure." As we begin the discussion of the law in this area, it is useful to understand that the information technology we are talking about operates in three general arenas: (1) the business environment, (2) the environment for the delivery of government services, and (3) national defense.

The link for this article located at SecurityFocus is no longer available.