The discussion begins with a conceptual framework for addressing the protection of infrastructure systems subject to attacks on their information subsystems. This includes treating the types of infrastructure systems, possible strategies for their protection, and the nature and scale of the attack. Three components of a protection strategy are identified: preventing attacks, limiting the damage in an attack, and ensuring rapid reconstitution of the target system following an attack. The paper concludes with a discussion of public and private responsibilities for infrastructure protection and the identification of a number of areas where public initiatives might be effective. These are ordered roughly in terms of the cost and difficulty of implementation. In addressing the subject, the analysis is from the perspective of minimizing government intervention in privately owned infrastructure systems.