Mr. Lambert,

I found that this was an excellent post that demonstrated the growing concerns of the public of a possible large scale cyber attack on the U.S. infrastructure and reasons why there has not been a lot of progress toward a security solution. Being a computer science student with a specialization in cyber security, it was refreshing to hear a realistic take on news headlines, government speeches, and corporate security flaws. In dissecting the Defense Secretarys speech at the Intrepid Sea, Air, and Space Museum in New York, you indicated that many of the horrifying scenarios described were, in fact, impossible to accomplish solely via the Internet and that most of the insecure systems were not actually connected to it. However, I do feel that there are enough critical systems that are inappropriately connected to the Internet and are vulnerable to attack that could devastate the countrys infrastructure. In looking at the damaged infrastructure on the east coast in the aftermath of hurricane Sandy, we can see just how much damage can occur from a loss of power in a relatively small area. Do you think that even though the situation involving cyber security in the nation is drastically over exaggerated and a handful of weak points exist, that there is still a significant problem in store for the nation if those weak points are not addressed?

I would say that your overall tone conveys large amounts of doubt in regards to the likelihood of a large scale cyber attack and questions the validity of statements claiming that critical systems are insecure when you focus on stories that talk about an employee at a national laboratory gets a virus on his laptop, and the press claims the laboratory was broken into, or some financial websites suffer a denial of service attack, and suddenly it becomes U.S. banks under attack. I agree that many of these scenarios are blown significantly out of proportion; however, I must also say that with the growing aggressiveness displayed by China the security holes that potentially exist should be a top priority to fix due to the potential damage that can be done if they are taken advantage of. I would even go as far as to say that they most likely do exist and the only reason that there has not been a cyber attack that has taken advantage of these flaws is that it would be perceived as an act of war or an act of terrorism. Do you think that that might be a deterrent for international forces to attack our infrastructure? Do you think that if other groups grow in technological sophistication, such as a terrorist group, that we would see a cyber attack targeting our infrastructure?