And once a bot has gotten a foothold on a computer inside your network, it has free run of your network, and often free run leaving your network and attacking other computers. This is a particular problem with workers who use laptops on open Internet connections, like at hotels and coffee bars. While the laptop is outside the firewall, it might be infected. Once it's brought back to work and plugged into the corporate network within the firewall, there's nothing stopping it from propagating infection throughout the entire, supposedly secured network.

I've only talked about two tactics in a cyberwar attack: a distributed denial of service attack and the use of botnets. There are many other attack vectors our enemies can use including buffer overflows, dangling pointers, format string bugs, shell meta-character exploits, SQL injection, code injection, directory traversal, time-of-check-to-time-of-use bugs, symlink races, cross-site scripting and cross-site request forgery in Web applications, privilege escalation, and more.

So far, we've discussed the economic damage a cyberattack can wreak upon us. But there's the potential of physical damage as well. More and more of our critical systems rely on computing technology and more and more of that technology has an Internet connection -- effectively linking everything to the bad guys with mere milliseconds in traversal time.

The Airbus Concurrent Engineering system uses PTC's Internet-enabled software and maintenance services on all existing aircraft programs. Imagine what could happen if the maintenance records were tampered with by an intruder.

This stuff is real. In 2006, a hacker took control of the University of Washington Medical Center's internal network and downloaded admissions records for 4,000 heart patients. The hacker gained entrance through a Linux system running in the hospital's pathology department. The attacker claims he only downloaded the records, but imagine the damage that could have been done had he changed records, modifying medications or dosages. At this point, lives come into balance.

In 2007, an attack against the office of the U.S. Secretary of Defense penetrated the network and managed to steal sensitive U.S. defense information. In 2006, Jeanson James Ancheta peformed distributed denial of service and hacking attacks against the Naval Air Warfare Center in China Lake and the Defense Information Systems Agency.

And in May, 2008, the General Accounting Office of the United States Government issued a report decrying the Tennessee Valley Authority's cyber-security. The TVA operates 11 coal-fired fossil plants, 8 combustion turbine plants, 3 nuclear plants, and a hydroelectric system that includes 29 hydroelectric dams and one pumped storage facility in the southeast U.S. The TVA is the nation's largest public power company.

According to testimony before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, Committee on Homeland Security, House of Representatives, the TVA did not fully implement appropriate security practices to secure the control systems used to operate its critical infrastructures. It's almost mind-boggling to consider the sort of critical infrastructure damage and threat to public safety a cyberattack could cause were it to compromise any of the TVA's facilities.