COMMENTARY-- One of the problems in dealing with the issue of cybersecurity, especially when it comes to cyberterrorism, is assessing the actual risk--which is vastly different from the potential risk.

In this regard, I am reminded of a cautionary tale from the Cold War.

Beginning in 1957 and continuing into the Kennedy Administration, Washington was concerned that a "missile gap" existed between the Soviet Union and the United States.

This was based on intelligence estimates that the USSR possessed more nuclear warheads than the U.S. did. The fear was that the USSR could launch an attack large enough to make it impossible for the U.S. to effectively retaliate.

This gave the Soviets a significant advantage across a number of fronts, even if an actual attack wasn't in the USSR's plans. Needless to say, the threat provoked a tremendous response from the defense establishment. (Read: Spending of tax dollars.) But most Americans, including our elected decision makers, had no way to assess whether the threat was real. Given the secret nature of security programs and the limitations of intelligence gathering, we just had to accept our leaders' assurances.

At the end of the Cold War, Americans learned the missile gap had never existed. We discovered that U.S. estimates of the Soviet arsenal were significantly overstated and that, if anything, the Soviets were more afraid of our first-strike capabilities than we were of theirs.

While there are doubtless threats to the U.S. technology infrastructure--as well as to our individual computers and home/business networks--it's important not to overstate that risk. On the other hand, I think it's fair to bet we're so under-protected that any near-term steps we take, no matter how severe, still won't be overreaching. But let's make sure that as we protect ourselves, we protect against a wide variety of everyday threats as well as the extraordinary ones of the bin Laden era.

In my previous column, I described the landscape that is leading to the great network lockdown of 2002. In this column, instead of looking at what is, I'd like to hazard some predictions as to what will take place in the coming year or so. Here are my best guesses.

• More emphasis will be placed on security in all quarters, but we are still some distance from a real security breakthrough. I have a deep concern that security issues will never be solved, at least on a broad scale. The question will become one of how well trained, well equipped, and determined the potential hacker or cyberterrorist is. Security problems are, I believe, here to stay.

• People at the RSA conference this week laughed when presidential advisor Richard Clarke mentioned Bill Gates's "trustworthy computing" initiative at Microsoft. "Let's not just laugh and be cynical about (Gates's) promise," Clarke said. "Let's instead say to Bill Gates, 'You are right, and we are going to hold you to it.'" My hope--and I won't bet on it--is that Microsoft will make things as hard for hackers and other criminals as it has for business competitors.

• The Internet may end up being significantly reengineered and users may give up anonymity--which is different than privacy--in order to create an electronic trail for hacking attempts. We can also do this for spam--an idea that should be wildly popular.

• I'm very concerned about linking cyberattacks to a bullets-and-bombs response. Wouldn't it just be like those crafty Iraqis to make it look like an attack they staged had originated in Iran--perhaps prompting renewed bombing, or worse? I don't want to see the president of the United States begin a televised address to the nation with the word, "Oops."

• We need a way to encourage companies to share information, so we can develop better security techniques and gather meaningful statistics. The trend is toward hushing cybercrime as a way to hide technical vulnerabilities and protect customer confidence. That's understandable, but it's also counterproductive.

Part of me thinks there should be lots more attacks than there are, if only of the lone-nut variety. Thankfully, this hasn't happened. And while we can never be truly prepared--whatever that means--there is much work we can do to provide a necessary level of protection.

But, in the end, it's hard to accurately judge. Especially when we are talking about the potential for state-sponsored cyberattacks. Maybe the threat isn't as real as we think. Or perhaps it's much worse. Either way, one thing is certain: We're vulnerable, and this weakness has opened to the world's evildoers a window of opportunity--a window that needs to be closed.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.