The information infrastructure is increasingly under attack by cyber criminals. The number, cost, and sophistication of attacks are increasing at alarming rates. Worldwide aggregate annual damage from attacks is now measured in billions of U.S. dollars. Attacks threaten the substantial and growing reliance of commerce, governments, and the public upon the information infrastructure to conduct business, carry messages, and process information. Most significant attacks are transnational by design, with victims throughout the world.

Measures thus far adopted by the private and public sectors have not provided an adequate level of security. While new methods of attack have been accurately predicted
by experts and some large attacks have been detected in early stages, efforts to prevent or deter them have been largely unsuccessful, with increasingly damaging consequences. Information necessary to combat attacks has not been timely shared. Investigations have been slow and difficult to coordinate. Some attacks are from States that lack adequate laws governing deliberate destructive conduct. Such international cooperation as occurs is voluntary and inadequate. Some significant enhancement of defensive capabilities seems essential. Cyber crime is quintessentially transnational, and will often involve jurisdictional assertions of multiple States. Agreements on jurisdiction and enforcement must be developed to avoid conflicting claims.

The need and methods for effecting international cooperation in dealing with cyber crime and terrorism were the subject of a conference sponsored by the Hoover Institution, the Consortium for Research on Information Security and Policy (CRISP) and the Center for International Security and Cooperation (CISAC) at Stanford University on December 6-7, 1999 (the "Stanford Conference"). Members of government, industry, NGOs, and academia from many nations met at Stanford to discuss the growing problem. A clear consensus emerged that greater international cooperation is required, and considerable agreement that a multilateral treaty focused on criminal abuse of cyber systems would help build the necessary cooperative framework. (A synthesis of the Stanford Conference papers and discussion will be published by the Hoover Press.) This monograph summarizes and presents the Stanford Draft International Convention to Enhance Security from Cyber Crime and Terrorism (the "Stanford Draft" or the "Draft") and commentary on the Draft. The Draft acknowledges and builds upon the draft Convention on Cyber Crime proposed by the Council of Europe (the "COE Draft").

Societies are becoming more dependent on computer networks and therefore more vulnerable to cyber crime and terrorism. Measures to protect information systems are receiving increasing attention as the threat of attack grows and the nature of that threat is better understood. The primary purpose of this article is to determine what legal standards should govern the use of such measures and what nontechnical constraints are likely to be placed, or should be placed, on them. The article demonstrates that policing of computer networks poses a real threat to privacy, protection against self-incrimination and unwarranted searches and seizures, and the right to due process of law. Technological realities and the differences in national values and rules concerning the intrusiveness of law enforcement, protection of citizen's rights, and international cooperation can complicate the observance of these rights and allow misuse of systems set up for preventing, tracking, or punishing cyber crime. Another purpose of this article is to show that while technologies of crime and punishment are undergoing a rapid and profound evolution, the legal and normative principles discussed here will endure, because they are independent of specific technology. As such, they can provide a framework for building a global infrastructure and policy environment that can balance the needs for crime-free business, government, and personal communications, with the protection of property, privacy, and civil liberties. The article concludes that ensuring civil liberties in the course of legal and technological cooperation against cyber attacks is essential.

The end of the Cold War left the United States in the fortunate position of facing no imminent threat of global war. But it also left the United States in a strategic vacuum, with no organizing principle for its national security. This book proposes a security strategy for the 21st century based on preventing new major threats to U.S. security from emerging.

Informed by the authors' service in the Pentagon during President Clinton's first term, this book identifies six major dangers to U.S. security that have the potential to grow into threats to American interests and values as ominous as the Cold War's nuclear standoff. In chapters that cover chilling dangers ranging from Russia's implosion to the rising power of China, and from proliferation of biological weapons to cyber terrorism, the authors first recount from first hand experience the Pentagon's efforts to define and prevent dangers to U.S. security since the end of the Cold War, and then advance preventive defense strategies for the future. It argues that implementing a Preventive Defense strategy will require a revolution in the way the Pentagon does business -- a revolution that is only beginning.

In the 1990s, global concern over illicit trafficking in nuclear material to terrorists and nation-states has intensified. Two major changes are responsible: the evident new intent of terrorists to wound or kill thousands of civilians and the availability of inadequately protected "loose" nuclear materials in Russia and the newly independent former Soviet republics. These changes have made more likely attempts to acquire weapons-usable nuclear materials for terrorist use or for sale to state sponsors of terrorism. As a result, many efforts are being made to strengthen national and international standards for protection of nuclear material from theft and sabotage. One problem with current efforts is that national stnadards now vary widely. Although the Treaty on the Non-Proliferation of Nuclear Weapons (NPT) mandates that non-nuclear weapon parties accept the safeguards requirements of the International Atomic Energy Agency (IAEA) for their nuclear activities, the relevant international standards for physical protection are mostly advisory.