It is a devastating prospect. Terrorists electronically break into the computers that control the water supply of a large American city, open and close valves to contaminate the water with untreated sewage or toxic chemicals, and then release it in a devastating flood. As the emergency services struggle to respond, the terrorists strike again, shutting down the telephone network and electrical power grid with just a few mouse clicks. Businesses are paralysed, hospitals are overwhelmed and roads are gridlocked as people try to flee.
This kind of scenario is invoked by doom-mongers who insist that stepping up physical security since the September 11th attacks is not enough. Road-blocks and soldiers around power stations cannot prevent digital terrorism. “Until we secure our cyber-infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives,” Lamar Smith, a Texas congressman, told a judiciary committee in February. He ended with his catchphrase: “A mouse can be just as dangerous as a bullet or a bomb.” Is he right?
It is true that utility companies and other operators of critical infrastructure are increasingly connected to the Internet. But just because an electricity company's customers can pay their bills online, it does not necessarily follow that the company's critical control systems are vulnerable to attack. Control systems are usually kept entirely separate from other systems, for good reason. They tend to be obscure, old-fashioned systems that are incompatible with Internet technology anyhow. Even authorised users require specialist knowledge to operate them. And telecoms firms, hospitals and businesses usually have contingency plans to deal with power failures or flooding.
A simulation carried out in August by the United States Naval War College in conjunction with Gartner, a consultancy, concluded that an “electronic Pearl Harbour” attack on America's critical infrastructure could indeed cause serious disruption, but would first need five years of preparation and $200m of funding. There are far simpler and less costly ways to attack critical infrastructure, from hoax phone calls to truck bombs and hijacked airliners.
On September 18th Richard Clarke, America's cyber-security tsar, unveiled his long-awaited blueprint for securing critical infrastructure from digital attacks. It was a bit of a damp squib, making no firm recommendations and proposing no new regulation or legislation. But its lily-livered approach might, in fact, be the right one. When a risk has been overstated, inaction may be the best policy.
It is difficult to avoid comparisons with the “millennium bug” and the predictions of widespread computer chaos arising from the change of date to the year 2000. Then, as now, the alarm was sounded by technology vendors and consultants, who stood to gain from scare-mongering. But Ross Anderson, a computer scientist at Cambridge University, prefers to draw an analogy with the environmental lobby. Like eco-warriors, he observes, those in the security industry——be they vendors trying to boost sales, academics chasing grants, or politicians looking for bigger budgets——have a built-in incentive to overstate the risks.
Economist; 10/26/2002, Vol. 365 Issue 8296, p19, 3/4p, 1c
注(1):本文选自Economist;10/26/2002, p19, 3/4p, 1c;
注(2):本文习题命题模仿对象1999年真题text 2 (1,2,3,5)和2001年真题text 5第3题(4);
1. We learn from the first paragraph that ____________.
[A] terrorists could plunge a large American city into chaos through electronic attack
[B] American people have no experience in dealing with terrorists
[C] the computer systems of utility companies are rather vulnerable
[D] the response of emergency services is far from satisfactory
2. Speaking of the doom-mongers, the author implies that_____________.
[A] their worries are quite reasonable
一级建造师二级建造师消防工程师造价工程师土建职称房地产经纪人公路检测工程师建筑八大员注册建筑师二级造价师监理工程师咨询工程师房地产估价师 城乡规划师结构工程师岩土工程师安全工程师设备监理师环境影响评价土地登记代理公路造价师公路监理师化工工程师暖通工程师给排水工程师计量工程师