U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats

NCJ Number
James A. Lewis
Date Published
December 2002
12 pages
This article examines the threat posed by cyber-terrorism and cyber attacks on critical infrastructure in the United States.
The premise behind cyber-terrorism and attacks is that as nations begin to become more dependent on computer networks and more critical infrastructure is based on computer networks, a great deal of societal harm can be levied by attacking these computer systems. This paper explores the vulnerability of our computer networks and critical infrastructure and finds that the assumption of significant vulnerability is wrong. Four main areas are assessed to uncover the United States’ vulnerability to cyber-terrorism: (1) the historical context of cyber-warfare and cyber-terrorism, which includes 80 years of strategic thought about attacks on critical civil infrastructure; (2) the potential threat of cyber-terrorism is estimated by examining the routine, periodical malfunctions involving our infrastructure and computer networks, such as power outages and communications disruptions; (3) the dependence of our infrastructure on computer networks and the redundancy present in our systems; and (4) cyber threats must be placed in a political context to understand the motivations and likely success of terrorists. A review of these main elements leads the author to conclude that cyber attacks and cyber-terrorism are an increasing threat to American businesses, but that the vulnerability of our critical infrastructure is overblown. Upon close assessment, the author concludes that the Nation’s critical infrastructure is widely distributed, diverse, and redundant, making it less vulnerable to cyber attacks. Moreover, cyber attacks in this environment are less effective and desirable than physical attacks, making the latter more of a salient threat than that of cyber-terrorism.