The information technology infrastructure (IT infrastructure) is the
|“||seamless fabric of interconnected computing and storage systems, mobile devices, software, wired and wireless networks, and related technologies.||”|
|“||[d]ata, information, processes, organizational interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities.||”|
In less than two decades, advances in information and communications technologies have revolutionized government, scientific, educational, and commercial infrastructures. Powerful personal computers, high-bandwidth and wireless networking technologies, and the widespread use of the Internet have transformed stand-alone systems and predominantly closed networks into a virtually seamless fabric of today's "information technology (IT) infrastructure." This infrastructure provides for the processing, transmission, and storage of vast amounts of vital information used in virtually every facet of society.
The types of devices that can connect to this vast IT infrastructure have multiplied to include not only fixed wired devices but mobile wireless ones. A growing percentage of access is through always-on connections, and users and organizations are increasingly interconnected across physical and logical networks, organizational boundaries, and national borders. As the fabric of connectivity has broadened, the volume of electronic information exchanged through what is popularly known as “cyberspace” has grown dramatically and expanded beyond traditional traffic to include multimedia data, process control signals, and other forms of data. New applications and services that use IT infrastructure capabilities are constantly emerging.
The IT infrastructure enables Federal agencies to routinely interact with each other as well as with industry, private citizens, state and local governments, and the governments of other nations. As the IT infrastructure has broadened to global scale, the volume of electronic information exchanged through what is popularly known as “cyberspace” has grown dramatically and new applications and services proliferate.
The IT infrastructure has become an integral part of the critical infrastructures of many nations. The IT infrastructure’s interconnected computers, servers, storage devices, routers, switches, and wireline, wireless, and hybrid links increasingly support the functioning of such critical capabilities as power grids, emergency communications systems, financial systems, and air-traffic-control networks. While the vast majority of the critical infrastructures (including the IT components of those infrastructures) are owned and operated by the private sector, ensuring their operational stability and security is vital to national, homeland, and economic security interests.
In addition to its underlying role in critical infrastructures, the IT infrastructure enables large-scale processes throughout a national economy, facilitating complex interactions among systems of systems across global networks. Their split-second interactions propel innovation in industrial design and manufacturing, e-commerce, communications, and many other economic sectors. The IT infrastructure provides for the processing, transmission, and storage of vast amounts of vital information used in every domain of society, and it enables government agencies to rapidly interact with each other as well as with industry, private citizens, state and local governments, and the governments of other nations.
The risks associated with current and anticipated vulnerabilities of, threats to, and attacks against the IT infrastructure make it likely that the security issues of the IT infrastructure will only intensify over the next decade. Key areas for concern include:
- The increasing complexity of IT systems and networks, which will present mounting security challenges for both the developers and consumers.
- The evolving nature of the telecommunications infrastructure, as the traditional telephone system and IT networks converge into a more unified architecture.
- The expanding wireless connectivity to individual computers and networks, which increases their exposure to attack. In hybrid or all-wireless network environments, the traditional defensive approach of “securing the perimeter” is not effective because it is increasingly difficult to determine the physical and logical boundaries of networks.
- The increasing interconnectivity and accessibility of (and consequently, risk to) computer-based systems that are critical to the nationl economy, including supply chain management systems, financial sector networks, and distributed control systems for factories and utilities.
- The breadth and increasingly global nature of the IT supply chain, which will increase opportunities for subversion by adversaries, both foreign and domestic.
- Federal Plan for Cyber Security and Information Assurance Research and Development, "Cover letter."
- Defense Acquisition University, Glossary, at B-87 (13th ed. Nov. 2009) (full-text).