I don't have a particular recommendation other than that we base decisions on as much hard data as possible. We need to carefully look at all the options and all their ramifications in making our decisions.
While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality.
While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.
Further, the next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal.
Cyber terrorism could also become more attractive as the real and virtual worlds become more closely coupled, with automobiles, appliances, and other devices attached to the Internet.
Everyone is a proponent of strong encryption.
The concern is over what will happen as strong encryption becomes commonplace with all digital communications and stored data. Right now the use of encryption isn't all that widespread, but that state of affairs is expected to change rapidly.
If we take as given that critical infrastructures are vulnerable to a cyber terrorist attack, then the question becomes whether there are actors with the capability and motivation to carry out such an operation.
Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons.
We have never really had absolute privacy with our records or our electronic communications - government agencies have always been able to gain access with appropriate court orders.
I favor strategies that encourage industry to include some sort of key recovery capability in their systems which would also address user requirements for access.
I think most organizations have an interest in key recovery, at least with respect to stored data.
With those people, I'm very far apart, because I believe that government access to communications and stored records is valuable when done under tightly controlled conditions which protect legitimate privacy interests.
Generally I'm against regulation.
I prefer leaving things to the market as much as possible.
However, leaving everything to the market is not necessarily good for society.