For many years before the 9/11 attacks, I read articles saying, in essence, it's a matter of when, not if, we will have an unimaginably destructive attack on US soil. But when it came, and even in spite of the somewhat smaller scale attacks preceding it, we were utterly unprepared.

Creating an atmosphere of dread is useless IF the goal is to protect against a cyber Pearl Harbor. And whether or not that is Panetta's goal, it should be the goal of both government and private sector facilities and utilities to prevent such a crippling attack.

So far, everything I have read or heard on this depends on more or less sweeping generalities to make the point. It seems to me that for starters we ought to make a complete cyber-infrastructure inventory. To refer to just one of the vulnerabilities highlighted in this article, certainly, critical systems should not be connected via the highly insecure internet. Do we have any idea how many are?

There is no way to plan against such an attack if no one knows exactly where our vulnerabilities lie. I can't even make a personal to-do list for my day tomorrow if I have no idea what needs doing. I have to look around, take stock, determine what is fine as is and what needs attention.

I would not expect either government or private industry to publicize the results of such an inventory, but I would like very much to know that either they have accomplished it or they are going to do so post haste.