A few days ago I hosted an interesting seminar in the House of Lords on “Tackling Transmission of Healthcare-Associated Infections”.  The purpose of this was to bring together policy-makers on the subject from within the Department of Health, representatives from the voluntary sector and involved service users, researchers and legal experts, front-line NHS practitioners, and a number of Parliamentary colleagues to discuss what has been achieved and what are likely to be challenges in the future.

There were some interesting points made in the discussion, such as the need to empower patients to challenge doctors and nurses about whether they have washed their hands, and some excellent comments such as “Anyone who doubts Darwin should look at how pathogens respond to antibiotics”.

However, I was particularly pleased to hear a contribution from Sandra Barrow, the leader of the Department of Health’s Healthcare Associated Infection (HCAI) Technology Programme.  She described how the Programme is aiming to speed up the process of identifying useful technological innovations that can help deal with HCAIs, encouraging front-line NHS staff to work with industry to develop innovations, and then fast-tracking the evaluation process so that innovations can be utilised more rapidly.

The Programme recognises that small and medium-sized enterprises (SMEs) will often provide the most innovative ideas, but may also face the greatest difficulty in getting their ideas developed and adopted in the NHS.  The Programme has involved workshops involving 500 frontline NHS staff and a road show engaging with a similar number of SMEs to identify the most promising technologies for reducing and preventing HCAIs.  Several hundred ideas and products emerged from this process which have then been assessed by an expert panel to identify a short-list of products that are being evaluated in eight showcase hospitals.

The ideas emerging include innovative air disinfection technology, new infection detection techniques and the use of nano-technology to provide anti-bacterial protection layers for surfaces.

What excited me about this was the way it recognised that SMEs are a key engine for innovation and the way in which emerging innovations were being rapidly appraised and assessed for early adoption.

The approach being taken, like the INSTINCT programme designed to harness new innovative technologies to address challenges in counter-terrorism, demonstrates how Government can work with industry, especially SMEs, to make the best of British scientific ideas.

Scott Charney, the Microsoft Vice President in charge of Trustworthy Computing, is speaking today at the RSA Conference in San Francisco.  He is re-stating both Microsoft’s commitment to “End-to-End Trust” but also the need for business, government and the public to work together to ensure that those using the internet are safe and secure.

The message is an important one: responsibility for internet security has to be shared.  The House of Lords Committee on Personal Internet Security, on which I sat, reported nearly three years ago and used a road transport analogy to make the point: safe road use requires responsible behaviour by drivers and pedestrians, but cars need to have safety features embodied in them, roads themselves need to be well-maintained and properly lit, there need to be laws regulating safe behaviour on the roads (speed limits etc) and those laws need to be properly enforced.

If anything the message has become even more important since our Committee reported.  More and more commercial and personal interactions take place on line.  Social networking sites are booming and an increasing proportion of commerce is conducted via the internet.

The threats to security have also become more pronounced.  The threats are no longer from isolated individuals, but from organised crime and it is also becoming abundantly apparent that some nation states are operating in the same way to infiltrate commercial and government networks for their own purposes.

And the technology itself is developing.  Cloud computing is becoming the norm and this presents its own challenges.  Certainly, this has raised the issue of security for many people (although it is not automatically a given that the security of data held in a cloud is necessarily worse than if it is held on your own servers, particularly if it turns out that they are inadequately protected).

So how do we move forward?

Partnership is certainly essential.  Governments have to work together in setting an international framework for collaboration and for law enforcement.  And at a national level they must also work with IT service providers and with business in general.

But above all, the individual user must be at the heart of all this.  Sensible security arrangements that make sense to the individual have to be devised.  It needs to be acknowledged that most individual users of the internet, whether they are trying to do their weekly shopping or organise their social lives, are rushed and busy.  Moreover, they are not technological experts.  They have inadequate levels of knowledge, so an error message or system alert that makes sense to an IT professional will probably be gibberish to most of us.

And critical to all of this is the need for robust identity management.

Surely, it is not too much to ask that people can feel confident that their personal details are secure, that they can communicate with others secure in the knowledge that the person or organisation with which they are communicating is who it says it is, and that when they are asked to identify themselves they need reveal no more about themselves than is necessary for the transaction concerned.

If today’s discussions at the RSA Conference take us further towards those objectives, we will be making real progress and we can all feel more hopeful that a trusted and secure internet environment is being built.

The third question this morning in the House of Lords Question Time managed to cover astrology, alternative medicine, the views of Prince Charles, mumbo jumbo and quackery, provoked an intervention from the Astronomer Royal and from myself on psychotherapists and so-called “Schools” of psychotherapy and other therapies.

The question and the subsequent supplementaries demonstrated concerns from all parts of the House that alternative therapists need to be regulated in order to protect the public from unscrupulous practitioners and highlighted the importance of better understanding of real (as opposed to pseudo) science by the public and young people in particular.

The full exchanges were as follows:

“Alternative Medicine: Astrologers

Question

11.21 am

Asked By Lord Taverne

To ask Her Majesty’s Government whether, following their proposals to regulate practitioners of alternative medicine, they plan to regulate astrologers.

Baroness Thornton: No, my Lords, the Government have no plans to regulate astrologers.

Lord Taverne: My Lords, I declare an interest as chairman of the charity Sense About Science. The forms of alternative medicine which the Government propose to regulate have as much scientific basis as astrology. As official regulation is likely to give such practices a spurious scientific reliability and respectability, is it not unfair to leave out astrologers? More seriously, will the Government note that august bodies of proper scientists—the Medical Research Council, the Royal College of Pathologists, the Academy of Royal Medical Colleges and other eminent professional bodies—strongly oppose the proposed regulation? Will the Government ignore the assiduous lobbying for pseudoscience from Clarence House?

Baroness Thornton: My Lords, I am aware that the noble Lord is making a wider and serious point about alternative therapies. At present there is no statutory regulatory system in the United Kingdom to govern the practice of complementary and alternative medicine, with the exception of chiropractitioners and osteopaths who are regulated by statute. We are undertaking a consultation exercise to determine whether and, if so, how to regulate the practitioners of acupuncture, herbal medicine and traditional Chinese medicine. The Science and Technology Committee of this House suggested that we should address that issue. No other complementary therapies, including medical astrology, are within the scope of this consultation and we have no proposals to regulate in any of these other groups.

Baroness Pitkeathley: My Lords, I declare an interest as chair of the Council for Healthcare Regulatory Excellence. I remind the House and the noble Lord who asked the Question that the purpose of regulation is to protect the public, and that is what we try to do. However, in order to help me do my job better, can my noble friend give me a definition of medical astrology?

Baroness Thornton: My Lords, medical astrology is traditionally known as iatromathematics and is an ancient medical system associated with various parts of the body, diseases and drugs and the influence of the sun, moon, planets and the 12 astrological signs. For example—I did the research on this issue myself—the noble Lord, Lord Taverne, and I share the same birth sign, Libra, which apparently rules excretory functions through the kidneys and skin. I could go on about lumbar regions but noble Lords will get the picture. I am happy to say that the underlying basis for medical astrology is considered to be a pseudoscience and superstition as there is no scientific basis for its core beliefs. The Government remain neutral on this issue.

Earl Howe: My Lords, does the Minister share my view that this is an uncharacteristically flippant Question from the noble Lord, Lord Taverne? Does she accept that statutory regulation is not a badge of rank but exists, as the noble Baroness, Lady Pitkeathley, has just said, to safeguard the public? The key regulatory bodies—the Health Professions Council and the Medicines and Healthcare products Regulatory Agency—have both concluded that acupuncture and herbal medicine practitioners should be subject to statutory regulation.

Baroness Thornton: The noble Earl is quite correct and I concur with him that this is a very serious matter. Although we do not specifically promote or endorse the use of complementary or alternative medicine, we have to appreciate that a high proportion of the population actually uses these medicines, and our concern, as my noble friend said, is to protect patients. Responsible complementary practitioners adhere to codes of ethics, know the limits of their competence and make appropriate referral of patients to orthodox practitioners where there is potential risk to their health and well-being. However, the noble Earl is completely correct—we have to look to how best to safeguard patients in respect of those complementary medicines such as acupuncture and Chinese herbal medicines that have the potential to cause harm. Therefore we need to take serious action to make sure they are regulated in the correct fashion.

Baroness Tonge: My Lords, I confess to being an Aquarian, and share my birth date with Copernicus and my Auntie Ivy, although I have to say that my Auntie Ivy had much more influence on me than my birth sign. However, on a more serious note, does the Minister agree that the popularity of mumbo-jumbo such as astrology and many forms of alternative medicine is due to the fact that people have very little scientific education at school? Will she say what this Government, in their 10 years in power, have done to further education in science and mathematics?

Baroness Thornton: We have done a great deal for further education in science and mathematics, although that is not exactly what this Question was about. I agree with the noble Baroness that of course people often turn to things like medical astrology because they do not understand the basis of whatever ailment it is they are looking at, and that can be a risky thing to do. However, I simply do not accept this Government have not put a significant amount of investment into mathematics and science in our schools.

Baroness McIntosh of Hudnall: My Lords—

Lord Rees of Ludlow: My Lords—

The Minister of State, Department of Energy and Climate Change (Lord Hunt of Kings Heath): My Lords, we have not heard from the Cross Benches yet.

Lord Rees of Ludlow: My Lords, I declare an interest as Astronomer Royal, and therefore as someone who could enhance his income hugely by becoming an astrologer and offering horoscopes. Does the Minister agree that, even though were we in India it might be appropriate to regulate astrology because government ministers there, one is told, are heavily guided by it, in this country to do so might imply that the problem has rather more seriousness that it really deserves?

Baroness Thornton: The noble Lord is completely correct.

Baroness McIntosh of Hudnall: My Lords, does my noble friend agree that we should indeed have no truck with pseudoscience? As it happens, I have some sympathy with the point that the noble Baroness, Lady Tonge, raised about the teaching of science and mathematics. None the less, there are, as Hamlet observed,

“more things in heaven and earth … than are dreamt of in your philosophy”,

and some very respectable branches of medicine were once alternative in their day. Therefore, it is important that we keep an eye on the things in which people invest confidence, and make sure, as my noble friend Lady Pitkeathley observed, that they do not cause harm.

Baroness Thornton: My noble friend is right. Complementary and alternative medicine therapies have proven to be effective, cost-effective and safe. Decisions about which treatments to commission and fund, for example, are the responsibility of the NHS locally, and indeed primary care trusts often have their own policies about funding complementary medicine such as osteopathy or chiropractic. Indeed, we are funding research into complementary therapies, for example in the care of cancer patients.

Lord Harris of Haringey: My Lords, I speak to the Minister as a fellow Libran. Is she satisfied with the quality of regulation of therapies such as psychotherapy? Is it still the case that anyone can set themselves up as a college of psychotherapy or any other therapy, and offer diplomas and apparent validation to practitioners whose skills may be negligible?

Baroness Thornton: My noble friend raises an important point, which the House has discussed in the past year. I had a huge postbag about that; I was inundated by suggestions from psychotherapists of all different kinds on this issue. My noble friend is quite right that there is an issue, and the department is looking at it.”

I have a confession to make.  At least once a day I read Iain Dale’s blog.  Sometimes I find it amusing and sometimes I find it interesting, particularly as a means of understanding the modern Conservative mindset.  Occasionally, of course, I read it as an antidote to low blood pressure.

Today, he had a good rant with “This Pseudo-Fascist Plan Must be Scrapped“.  This relates to the proposals on communications data and the need to preserve these for law enforcement purposes.

Reading the rant, I was surprised – not at its tone (Iain Dale is renowned for giving good rant), but at what I naively assumed was the factual trigger for the rant.  It sounded as though the Government was pressing ahead with legislation on this with a view to getting it passed this side of a General Election.  I was surprised for two reasons: first, that I had missed the announcement; and second, I had understood that this was not what was intended.

However, such was my faith in Iain Dale that I have only just got round to checking the facts.

And what did I find?  The entire rant was based on absolutely nothing.

The Government has NOT announced that it is pressing ahead with legislation.  All it has done is publish the results of its consultation exercise on the issue.  And sensible commentators (not Iain Dale) have recognised that the plans have been shelved.  The idea of a single Government database had in any event been dropped months ago.

I have two warnings for Iain Dale.

First, if he gets himself this worked up about something that ISN’T happening, he will need to be on heavy-duty tranquillisers long before we get into a General Election campaign.

And second, as I have pointed out before, there is a real and serious issue here that any Government must address.  As I said before the consultation was launched:

“At present, telephone companies keep data on their subscribers who make telephone calls, who they connect to and for how long.  They do this, so that they can bill people.  For many years, it has been possible for the police to access this data as part of their investigations into crime.  To do so, they have to get proper authorisation, certifying that accessing the data is proportionate to the crime being investigated and each case has to be considered individually.  The data can be used as evidence in Court and does not involve tapping the call and listening to the content.  Many trials rely on this evidence for criminals to be convicted – there is a murder trial under way at the moment where the crucial evidence is which mobile phones contacted each other just prior to and immediately after the murder took place.

But – and this seems to have passed the pundits by – technology is changing.  Telecoms companies (both fixed line and mobile operators) are building new networks based on VoIP technology.  This is cheaper and more flexible and - critically – does not require detailed call-by-call billing.  The data on which so many trials now rely will soon cease to exist.  The Government is therefore quite rightly going to consult on what can be done to capture this information and allow it to be used in criminal investigations where necessary.

It is not about giving the police more powers to pry into people’s personal lives.  It is about not losing vital material that is currently used to catch criminals.

And, of course, new forms of communication are being created all the time (eg. on social networking sites and chat facilities built into on-line gaming).  Should the police have powers to find out who is communicating with who in these new ways?  That’s what the consultation is about.  It is not some monstrous new assault on civil liberties.  It is allowing a sensible debate about how existing powers should be modified to reflect the changes in technology.”

Unless Iain Dale wants to see the police having to fight serious criminals with even less information available to them than they have at the moment, this is a nettle that is going to have to be grabbed.

Even though Parliament isn’t sitting, each week Hansard publishes the written answers to Parliamentary questions tabled before the recess started and whose answers have finally emerged from the civil service sausage machine and been signed off by the relevant Minister.  I have just caught up with the latest list, which includes the answer to the question I tabled five or six weeks ago on electromagnetic pulses (EMP) and the National Security Strategy.

My question followed on from a scary briefing I had attended on the threat of EMP attacks on the critical national infrastructure.  (Some comments have suggested that the briefing was scare-mongering rather than scary, although I remain convinced – as subsequent discussions I have had with people who know about the subject have confirmed – that the subject has real substance and should be taken seriously).

The answer I have received from Lord Alan West is as follows:

“The Government’s updated National Security Strategy takes into account the threat posed to UK interests, including the critical national infrastructure, by the full range of “threat actors”, a definition that includes natural hazards, as well as individuals or organisations with malign intent. The associated Cyber Security Strategy of the United Kingdom, published alongside and reflected in the National Security Strategy update, considers a number of methods of cyber attack, including those that generate high levels of power that can damage or disrupt unprotected electronics.

In addition, the Centre for the Protection of National Infrastructure (CPNI) provides advice on electronic or cyber protective security measures to the businesses and organisations that comprise the UK’s critical national infrastructure, including public utilities companies and banks. CPNI also runs a CERT service which responds to reported attacks on private sector networks.”

Reading between the lines, I take this to mean that EMP attacks (and including natural pulses emitted by the Sun) are considered as part of the Strategy and that the CPNI provides relevant advice.  I am reassured by the first part of the answer, but less convinced by the second part – I received similar-sounding answers to my questions a few years ago about the advice that the CPNI (or its then predecessor) were giving about information security.  And the big question remains: it is only advice, is anyone actually doing anything?

When the Digital Britain White Paper was published on 16th June, I raised some concerns about the White Paper’s apparent endorsement of “The Geek Squad” and “The Tech Guys”.

I have now received from Lord Stephen Carter a response to the points I made in the debate.  Unfortunately, the response slightly misses the point (by about a mile, actually).  It sets out the measures being introduced to improve the enforcement of consumer law applying to on-line transactions.  This is all good stuff – a single online complaints register for people encountering an online scam; investment in new equipment, training and staff for on-line consumer law enforcers; and a review of enforcement powers in an on-line world.  However, this is not really going to provide much reassurance for people nervous about letting an unknown person into their homes to fidedle around with their computer systems.

I have now written back to Stephen Carter – although my letter may well have arrived after his last day in office (he is one of the GOAT ministers who is resigning this month).  My letter says:

“Thank you for your letter of 8th July.  I am grateful for the clarification you have provided on the points I raised following your statement to the House on 16th June.

 

However, I would like to come back on the second issue I raised.  This related to the need to ensure that consumers have adequate protection when dealing with suppliers, such as “The Geek Squad” or “The Tech Guys” – both specifically mentioned in “Digital Britain”.

 

In your response, you mention the measures being taken to improve enforcement of consumer law applying to on-line transactions.  Whilst these measures are valuable, they rather miss the point of my concerns.  Both “The Geek Squad” and “The Tech Guys” involve the consumer permitting individuals to access their computer equipment (and usually their homes).  Such individuals are being given a position of trust by the consumers concerned, who will assume that they are (1) honest and (2) know what they are doing.  As far as these points are concerned, it is extremely unlikely that the consumer will have the technical knowledge to understand (or indeed to be able to detect) what has been done to their equipment – that is after all why they have asked “The Geek Squad” or “The Tech Guys” to visit or to look at their equipment.

 

If you engage a security guard from a security firm, the individuals engaged are required to be registered with the Security Industry Authority and will have been vetted for criminality and there are requirements relating to their training.  Yet the activities of most security personnel will usually be visible and will normally be comprehensible to the person engaging them.  Should there not be some similar system of regulation and customer assurance of the quality of work in place for those individuals engaged by “The Geek Squad”, “The Tech Guys” or any other similar service?  If no such system is in place, most customers – who are likely not to be skilled technically – will be vulnerable to data being stolen from them, to malicious code being placed on their machines or to more traditional forms of criminality.

 

I would welcome your comments on what can be done to address this.  I am copying this letter to Lord West of Spithead (in view of the information security implications) and to Alun Michael MP (in view of his role chairing the Tripartite Internet Crime and Security Initiative).”

I will be interested to see if the civil servants get the point this time.

This morning I took part in a breakfast discussion on the Lords Terrace (over orange juice and croissants, but fortunately under cover as it was pouring with rain) with Lord Young of Graffham and Lord Razzall about what can be done to re-energise the British technology sector.  The occasion was the launch of the Micro Focus Technology Manifesto, “Making BrITain Great Again“.  It was well-attended and the Q&A session at the end was lively and could clearly have continued for much longer.

The central theme was that Britain has the potential to generate a much larger proportion of its GDP from the technology innovation-driven sector and the manifesto is designed to kick-start a debate about what can usefully be done to create an environment in which the sector can thrive, expand and create new and sustainable jobs in the UK.  The manifesto has five strands:

• increasing the supply of world-class technology talent in the UK
• harnessing the expertise and goodwill of successful leaders around the world to mentor leaders of UK-based emerging technology businesses
• changing substantially the tax incentives available to companies and individuals who want to invest in growing technology businesses in the UK
• implementing fiscal incentives for UK-based companies seeking to take forward world-leading R&D
• encouraging overseas technology companies to invest in a UK hub

I hope that the manifesto does kick-start a debate on these issues and that all the main Parties will commit to following the direction of travel indicated.  Indeed, I would hope that the core principle would be readily endorsed.  Future UK prosperity can only be sustained if the country is able to offer something significant to the world economy and that something in my view has to be that Britain is able to exploit innovation effectively and can deliver substantial value-added in technology and intellectual property.  The UK will never compete by trying to cut wage costs to Third World levels, we no longer have a heavy manufacturing base and there is a limit to how much national income that can be generated from tourism and heritage.  The only route to sustainability has to be through becoming a leading force in innovation and technology.

I remain concerned that too many young people do not see careers in technology as exciting, that too many further and higher education courses are irrelevant to the technology sector’s needs, and that for those who do emerge from further and higher education there are too few entry-level job/training opportunities.  Moreover, as a country we do not do enough to foster entrepreneurialism, nor to support investment in innovative start-ups and to support the growth of such enterprises as they develop.  The Micro Focus manifesto contains a number of suggestions as to how these issues may be addressed.  I am sure it is not definitive, but the future of the UK economy requires that this debate starts now and is taken seriously.

I have tabled a question for written answer on electromagnetic pulses and the National Security Strategy arising from the meeting I went to yesterday:

To ask Her Majesty’s Government:

 

“What consideration was given to the threat to the critical national infrastructure of a high intensity electromagnetic pulse, produced either by malign intent or as a result of solar activity, in preparing the National Security Strategy.”

Earlier today I went to a meeting (organised by the Henry Jackson Society) in one of the more remote Commons Committee Rooms chaired by James Arbuthnot MP, the Chairman of the Select Committee on Defence.  He began by intoning that we were all attending “the most important meeting you will ever go to”.  I am not sure about that, but it was undoubtedly one of the scariest I have ever attended.

It was addressed by Avi Schnurr, President of EMPACT (The EMP Awareness Coordination Taskforce) and concerned the threat of an electro-magnetic pulse that could permanently disable the electricity grid and most electrical systems.

In 1962, the United States conducted “Starfish Prime,” a nuclear weapon test over a remote region of the Pacific Ocean. The test was successful, with one unexpected result: fifteen hundred kilometers away in Hawaii streetlights burned out, TV sets and radios failed and power lines fused. This was unexpected and demonstrated that a nuclear warhead set off above the atmosphere causes an Electromagnetic Pulse, or EMP. Unlike a ground burst, an EMP blast can mean (depending on how high in the atmosphere the explosion takes place) continent-wide catastrophe, a capability potentially in the hands of any rogue nation or terror organization that can acquire a single nuclear-tipped missile.

With some of the world’s most unstable regional powers acquiring or already in possession of nuclear weapons, the United States Congress established the Electromagnetic Pulse (EMP) Commission, tasked with evaluating this growing threat. The Commission, based on testimony from throughout the federal government, warned that America’s current vulnerability invites attack. They concluded, remarkably, that “EMP is capable of causing catastrophe for the nation,” as “one of a small number of threats that has the potential to hold our society seriously at risk, and might result in defeat of our military forces.”

During the Cold War, the USA and the USSR relied on deterrence, but because of the threat from EMP (which could have limited their capacity to respond after a first warhead had detonated) both would have responded to a single missile in flight by a full maximum response within minutes – hence the briefcase with the codes that still follows the US President.

However, if one postulates a rogue state or a rogue group having access to a quite small nuclear device and a rocket powerful enough to send it into the upper atmosphere above the target nation or nations (perhaps launched from a boat), deterrence is no longer the answer.  The attraction for a North Korea or an Iran (and in both countries there is evidence according to Avi Schnurr that the military elites are not only aware of the potential of EMP attack but have also actively discussed it) is the comparative simplicity of delivering such an attack that would disable the United States or Europe and that it could be done stealthily.  The same attraction would also be there for terrorist groups.

And there is no question that the effect of an EMP attack could be devastating.  Electricity grids would be destroyed as transformers burnt out (and although these could be replaced the process would take years and again according to Avi Schnurr there is only one company in the world that makes the transformers on which the US electricity grid relies).  Control systems for parts of the critical infrastructure (eg the water supply) and even for vehicles would be destroyed by an EMP attack.  For a significant period the infrastructure could not function, distribution systems (eg for food) would not function, and the internet would not work.  Given the nature of modern society, social structures would break down very rapidly.

And as if the threat from a rogue state or terrorists was not enough, electromagnetic pulses can occur naturally as part of solar activity. Avi Schnurr quoted the US National Academy of Sciences as warning that solar activity can produce effects of equivalent magnitude and does so approximately every hundred years or so.  The last such massive solar surge was in 1859 and shorted out telegraph wires and caused widespread fires.  The next occasion when there might be such a surge is 2012 (although it might not be the big one, but that is when the next peak of solar activity is anticipated).

I will have to check but I don’t remember any of this being mentioned in last month’s National Security Strategy.  I can feel some Parliamentary Questions coming on …

According to the Independent this morning, the announcement of the new Cyber Security Strategy that was promised last week and that I have been calling for over the weeks (years?) will take place tomorrow.  Earlier this week I chaired a seminar on “Meeting the Threats in Cyberspace”.  One of the most impressive (worrying?) presentations was from Scott Borg of the US Cyber Consequences Unit.  His conclusions, which spell out why a fresh approach from the UK Government is so urgent, can be summarised as follows:

“Based on the work the US-CCU has already done, it is evident that the potential economic and strategic consequences of cyber-attacks are very great.  The US-CCU’s research has demonstrated that the numbers widely quoted for the costs of denial-of-service cyber-attacks lasting up to three days are actually wildly inflated.  But the US-CCU’s findings show that other types of cyber-attacks are potentially much more destructive.  Especially worrisome are the cyber-attacks that would hijack systems with false information in order to discredit the systems or do lasting physical damage.  At a corporate level, attacks of this kind have the potential to create liabilities and losses large enough to bankrupt most companies.  At a national level, attacks of this kind, directed at critical infrastructure industries, have the potential to cause hundreds of billions of dollars worth of damage and to cause thousands of deaths.

Some of the attack scenarios that would produce the most devastating consequences are now being outlined on hacker websites and at hacker conventions.  The overall patterns of cyber intrusion campaigns suggest that a number of potentially hostile groups and nation states are actively acquiring the capability to carry out such attacks.  Meanwhile, the many ways in which criminal organizations could reap huge profits from highly destructive attacks are also now being widely discussed.  This means that American corporations and American citizens need urgently to be informed, not just of their technical vulnerabilities, but of the economic and strategic consequences if those vulnerabilities are exploited.  It is only by basing our cyber-defenses on a comprehensive assessment of cyber-attack consequences that we can make sure those defenses are sensible and adequate.”