For nearly a year, federal officials have been telling anyone willing to listen that terrorists have the knowledge and equipment to carry out sophisticated information warfare attacks against targets in the United States. This declaration is usually followed by an ominous warning that a "digital Pearl Harbor" is around the corner.
Bureaucrats have used this rallying cry to play on the fear and ignorance of elected officials and the public, pushing for harsher penalties for hackers, billions of dollars in increased funding for cyber-terrorism prevention and even an antitrust exemption for organizations sharing sensitive data with one another.
And now, there are plans to bring all the governments information security organizations under the umbrella of the proposed Department of Homeland Security, an effort to improve coordination and response.
All these efforts should help improve the security of government and private networks. But a growing number of people in the security community say the threat of cyber-terrorism is remote at best.
Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board and a respected expert on combating conventional terrorism, has been the administrations point man on cyber-terrorism. Clarke has crisscrossed the country, meeting security experts, state and federal officials, and private-sector executives to warn of imminent danger from overseas.
To Clarke, it is a question of when, not if, foreign terrorists launch a large-scale attack on U.S. networks.
"We have the role of playing Paul Revere and waking people up," Clarke said last month at the Black Hat security conference in Las Vegas. "Were going to spend $20 billion on security in fiscal 2004 through 2006. If a cyber-war comes—and come it will—we want to be prepared. Why does it always have to be we do a great job after were hit?"
Of particular concern to Clarke and others in the Bush administration is the possibility of attacks on the nations electric power grid and other utilities or on the banking and financial system. Bringing down the computers that control a water filtration plant, for example, could have disastrous consequences, they warn.
And while no one disputes these claims, some security experts say such attacks are unlikely.