Introduction

One may wonder why national security should be discussed in the context of InfoSec. There are several reasons for this, as noted below:

National security obviously affects government agencies; however, it also affects individuals and businesses of every size and type. This also includes other nation-states, and thus foreign governments, as well as foreign businesses and citizens from other nations. It also affects global corporations such as IWC.

In today's global marketplace and global information environment, what happens in one nation often affects what happens in other nations. In this age of information warfare, one has many examples of national security affecting other nations and businesses: the defacing of government and business Web sites and denial of service attacks between the Chinese in mainland China and those on Taiwan; the Israeli—Arab incidents; and the Serb—NATO incidents, just to name a few.

If national security is affected, businesses are affected. One can look to World War II and see the bombing of industrial plants—commercial businesses—by the Allied and Axis powers. In any incident, police action, or war where a nation's security is adversely affected, the businesses of that nation are also adversely affected. Therefore, it is obvious that in any conflicts between nations where at least one of the nations is information dependent, attacks will be made against telecommunications systems, Web sites, Internet accesses, and the like. These are for the most part nongovernment systems.

Furthermore, in today's global, competitive marketplace, economic power is being emphasized more than military power. Therefore, in order for an adversary to weaken a nation, the adversary would undoubtedly attack the economic might of a nation—its economic might is derived from its businesses, So, virus attacks, denial of service attacks, theft of sensitive information, placing misinformation on corporate networks, and such are very likely to be used.

In every modern nation and especially information-based nations of the world, corporations are under contract to research, design, develop, and produce weapons that can be used for the protection of the nation-state. In today's modern, information-based nations, there are literally thousands of universities and corporations under contract to government agencies. In the U.S., there are over 800,000 industry personnel with security clearance working in over 11,000 contractor facilities. There are over 11 million classified documents, most of which reside on computers.^[2] These businesses may exist solely to develop products for government agencies, or they may be producing products for government agencies and also products for commercial use. They may be accomplishing these projects using the same information systems and application programs, and even the same information. Corporations carry out many of the current government-sponsored research projects under contract. These not only can and will be used to assist government agencies, but also eventually can be used by businesses. The research into information-based defensive weapons is of such a nature.

A cyber-attack on a corporation can also be viewed as an attack against national security. Nations are preparing to attack other nations' information infrastructures, which are generally private businesses.

The modern world is rapidly becoming one integrated supply chain. Corporations for government agencies, other corporations that may be involved in the defense industry or for commercial businesses and customers are producing products. Some of these may even be of a foreign nature. This inter-relationship means that what may happen to one corporation or nation, may adversely impact other corporations on a global scale. And since these modern corporations are information dependent and information based, InfoSec plays an important role. One just has to look at the devastating earthquake in Kobe, Japan, and its affect on worldwide supply of chips, to see this global dependency.

^[2]See http://www.dss.mil/sec/index.htm.