Facing the threats to electronic commerce

Presidential Decision Directive 63 concerning critical infrastructure protection, was signed on May 22, 1998. This order created a Presidential Commission charged with formulating policy recommendations to the President on measures to protect the critical infrastructures of the USA from cyber‐based attack. These initiatives were advanced in the Bush Administration with Executive Order 13231 – Critical Infrastructure Protection in the Information Age, October 16, 2001. Critical infrastructures are defined as those that are so vital that their incapacity or destruction would have a debilitating impact on the defence or economic security of the country. Among these are finance and banking, and telecommunications, the pillars of commerce and the nascent electronic commerce (e‐commerce) industry. Subsequent to this, the new century began with the publication of Defending America’s Cyberspace: The National Plan for Information Systems Protection, the distributed denial of service attacks on Yahoo!, and other major sites, and the hundreds of millions of dollars in damage due to the Code Red and Nimda viruses. One month after the publication of The National Strategy to Secure Cyberspace was distributed for comments (September 2002), the core domain name system root servers were attacked. In spite of these events, the reality is that market forces will continue to fuel the interest in e‐commerce regardless of concerns over security. Additionally, it will also remain difficult to encourage private sector openness and investment in security solutions in the absence of a major commercial catastrophe even in the face of rising customer expectations in service, security, and privacy. This paper explores these issues as they affect e‐commerce and suggests strategies to limit the potential impact of the array of threats facing critical infrastructures and e‐commerce. In doing so the paper discusses the importance of e‐commerce, the critical infrastructures, the threats to e‐commerce, and policies for protecting the organizations’ e‐commerce operations.