Trust and vulnerabilities in the Information Infrastructure

The Information Infrastructure (i.e. the ubiquitous infrastructure for electronic data exchange) is progressively occupying a crucial role in society. It interrelates business, government, citizens and other infrastructures among themselves, constituting an unavoidable underlying connectivity element. This requires an exacting reliance to be placed on the services provided by and over the Information Infrastructure. But this reliance is currently based on little knowledge about the risks and liabilities entailed. The Information Infrastructure crosses national borders and traditional jurisdictions. Nobody is in charge of it as a whole, technically or administratively. Therefore, clear concerns arise when information assets are the object of transactions through the Information Infrastructure – assets that can be violated in their confidentiality, integrity, availability or privacy, and so provoking securityor safety-relevant consequences. This situation needs (at least) elucidation at two levels: enabling of trust among interacting actors, and mastering of the vulnerabilities emerging from the development of the Information Infrastructure as a complex, large, unbounded system-of-systems.