After all, there are many different types of potential attackers with many different possible motives. Whether they are cybercriminals interested in financial gain, countries such as Iran or China mounting cyberespionage attacks, intellectual property thieves focusing on industrial espionage, or terrorists interested more in wreaking havoc than on any particular target, no single line of defense is sufficient. Furthermore, a cyberattacker might be a country, a company, a decentralized group of hackers (potentially spanning several countries) or even a single individual.
Their potential targets are similarly varied. A single, high-value target such as a power plant may come under attack, but protecting such infrastructure is an obvious priority. The result is that such attacks are difficult to mount, and thus are likely to be relatively rare. Far more common are attacks of convenience. Just as a burglar will avoid houses with alarm signs and instead seek homes with overgrown lawns sporting piles of newspapers, cybercriminals don't really care whose money they steal. Most dangerous of all are the random terrorist attacks that are simply looking to cause mayhem.
Let's also avoid the mistake of assuming that all cybertargets are technology targets. Perhaps the most effective cyberattacks have psychological targets that outstrip the intrinsic technology value of the target. For example, an attacker may not be able to take down Hoover Dam, but what if he could hack the Mars Rover Curiosity? The result would be outrage dismay, and anger-which may in fact be the intended goal all along.
The most nefarious attack of all, however, is on the American way of life-or, to be less nationalistic, the way of life in any free country. This most dangerous attack need not even take place. If the mere threat of cyberattack causes us to reduce civil liberties for our citizens, we have lost something immensely precious. For any attackers seeking to target precisely those liberties that make free countries free, we risk Congress itself becoming their most powerful weapon.
Achieving an adequate level of cybersecurity while balancing business needs and civil liberties is therefore a complex, difficult challenge. We can only hope that our government-as well as other governments around the world-rise to the challenge in time. The alternative, we fear, is continued complacency until a single attack or cluster of attacks is so damaging, so traumatic that the entire world changes its perspective on the cyberwar in progress. Let's not forget the most valuable target for such a cyber-9/11 is our way of life itself.