Washington International Law Journal


As the global community focuses on detecting and fighting terrorism, defense strategists have identified the vulnerability of certain cybersystems. Traditional methods of defense and warfare, however, often do not apply to new technologies. Thus the cybercommunity is developing new standards for protecting computer resources against terrorist attack. From the perspective of national governments, much attention has been paid to the importance of secure "critical infrastructure." This category of computer-dependent resources includes sectors vital to the smooth and orderly operation of public society, such as transportation, communications, and food production. These sectors are becoming increasingly dependent on computers to function, and the majority of critical infrastructure is owned by the private sector. This relationship between the public's interest in critical infrastructure and the interests of the private sector raises questions about how to balance the public and private interests in a cyberterror protection plan. While governments have an interest in ensuring the security of critical infrastructure, they are reluctant to directly regulate privately-owned businesses. Since the late 1990s, the United States has been developing methods to secure infrastructure through public-private information-sharing partnerships, and has successfully taken steps to respect corporate privacy in the process. Conversely, Australia is in the early stages of developing a national strategy for critical infrastructure protection, and the government has faced corporate resistance to developing an information-sharing security network. In comparing the cybersecurity situation in Australia to that in the United States, the Australian government should follow many of the steps that have made the U.S. process such a success to date. In particular, it should adopt similar corporate privacy protection policies for information shared with the government for critical infrastructure protection purposes, and should emphasize the development of public-private co-regulation of critical infrastructure. While the United States has not yet reached complete cybersecurity, its extra years of experience should inform the development of Australian policymaking.

First Page