We are at risk. Increasingly, America depends on computers. They control power delivery, communications, aviation, and financial services. They are used to store vital information, from medical records to business plans to criminal records. Although we trust them, they are vulnerable to the effects of poor design and insufficient quality control, to accident, and perhaps most alarmingly, to deliberate attack. The modern thief can steal more with a computer than with a gun. Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.
Computers at Risk was also one of the first reports to suggest that networking between computers would dramatically worsen the cybersecurity situation by enabling problems to propagate electronically and by enlarging the set of potential attackers—and indeed this is exactly what has taken place.
In 1997, the President’s Commission on Critical Infrastructure Protection noted:4
[T]he right command sent over a network to a power generating station’s control computer could be just as devastating as a backpack full of explosives, and the perpetrator would be more difficult to identify and apprehend….
[Furthermore,] the rapid growth of a computer-literate population ensures that increasing millions of people around the world possess the skills necessary to conduct such an attack. The wide adoption of common protocols for system interconnection and the availability of “hacker tool” libraries make their task easier.
While the possibility of chemical, biological, and even nuclear weapons falling into the hands of terrorists adds a new and frightening dimension to physical attacks, such weapons are difficult to acquire. In contrast, the resources necessary to conduct a cyber attack have shifted in the past few years from the arcane to the commonplace. A personal computer and a telephone connection to an Internet Service Provider anywhere in the world are enough to cause harm….
The Commission has not discovered an immediate threat sufficient to warrant a fear of imminent national crisis. However, we are convinced that our vulnerabilities are increasing steadily, that the means to exploit those weaknesses are readily available and that the costs associated with an effective attack continue to drop. What is more, the investments required to improve the situation—now still relatively modest—will rise if we procrastinate.
President’s Commission on Critical Infrastructure Protection, Critical Foundations: Protecting America’s Infrastructures, October 1997; available at www.fas.org/sgp/library/pccip.pdf.