confidence—but it would not have the same impact as images of death and destruction in the streets.)
Note also that “likelihood” is not a static quantity. While it is true, all else being equal, that it is appropriate to devote resources preferentially to defending against highly likely attacks, the deployment of a defense that addresses the threat of a highly likely Attack A may well lead to a subsequent increase in the likelihood of a previously less likely Attack B. In short, terrorists may not behave in accordance with expectations that are based on static probability distributions. It is therefore very difficult to prioritize a research program for countering terrorism in the same way that one might, for example, prioritize a program for dealing with natural disasters.
How likely are terrorist attacks on the IT infrastructure or attacks using the IT infrastructure compared to terrorist attacks spreading small-pox or smuggling a stolen nuclear weapon into the United States? For obvious reasons, the committee is not in a position to make such judgments. But while the considerations discussed in this section make certain types of attack more or less likely, none of the scenarios described in Section 2.2 can be categorically excluded.
This fact argues in favor of a long-term commitment to a strategic R&D program that will contribute to the overall robustness of the telecommunications and data networks and of the platforms associated with them. Such a program would involve both fundamental research into the scientific underpinnings of information and network security as well as the development of deployable technology that would contribute to information and network security. Ultimately, the strengthening of the nation’s IT infrastructure can improve our ability to prevent, detect, respond to, and recover from terrorist attacks on the nation.13
Computer Science and Telecommunications Board, National Research Council, 1996, Computing and Communications in the Extreme: Research for Crisis Management and Other Applications, National Academy Press, Washington, D.C; Computer Science and Telecommunications Board, National Research Council, 1999, Information Technology Research for Crisis Management, National Academy Press, Washington, D.C.